Menu
▾
▴
helpmeict-cvs — List for automated distribution of CVS changes
You can subscribe to this list here.
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(103) |
Aug
(43) |
Sep
(2) |
Oct
(8) |
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2006 |
Jan
(32) |
Feb
|
Mar
|
Apr
(10) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(30) |
Nov
(7) |
Dec
|
| 2007 |
Jan
|
Feb
(39) |
Mar
(12) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(48) |
Oct
(6) |
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
|
Jun
(2) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Scott P. <wht...@us...> - 2007-09-08 23:56:57
|
Update of /cvsroot/helpmeict/Helpdesk/system
In directory sc8-pr-cvs17:/tmp/cvs-serv9207/system
Modified Files:
global_preferences.php lang.php message.php
Log Message:
added $_GET, $_POST, $_REQUEST sanitizing
added magic_quotes dectection
added checking existince of superglobals index's before using them 'isset' is your friend \
this removes the Undefined Index notices from these files.
fixed all undefined constants in these files. This removes the undefined constants from these files.
added globals where needed to remove the undefined variable notices from these files.
Index: message.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/system/message.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** message.php 7 Feb 2007 01:20:17 -0000 1.3
--- message.php 8 Sep 2007 23:56:50 -0000 1.4
***************
*** 29,38 ****
--- 29,42 ----
*/
+
if (strpos($_SERVER["SCRIPT_NAME"],basename(__FILE__, '.php')) !== false) {
header("location: index.php");
}
+ global $color, $bgcolor;
+
function display(&$message) {
if ($message != '') {
$color = 'blue';
+ $bgcolor = '';
if (strtoupper(substr($message,0,7)) == "WARNING") {
$color = 'black';
Index: global_preferences.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/system/global_preferences.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** global_preferences.php 11 Mar 2007 15:23:48 -0000 1.3
--- global_preferences.php 8 Sep 2007 23:56:50 -0000 1.4
***************
*** 50,54 ****
$global_prefs = Array();
foreach ($result as $pref) {
! $global_prefs[$pref[identifier]] = $pref[value];
}
--- 50,54 ----
$global_prefs = Array();
foreach ($result as $pref) {
! $global_prefs[$pref['identifier']] = $pref['value'];
}
Index: lang.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/system/lang.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** lang.php 11 Mar 2007 15:23:48 -0000 1.3
--- lang.php 8 Sep 2007 23:56:50 -0000 1.4
***************
*** 40,44 ****
global $_lang;
$_lang = $conf['default_lang'];
! if ($_SESSION['_id']) {
// Override with user's chosen settings
$user_prefs = get_user_prefs($_SESSION['_id']);
--- 40,44 ----
global $_lang;
$_lang = $conf['default_lang'];
! if (isset($_SESSION['_id'])) {
// Override with user's chosen settings
$user_prefs = get_user_prefs($_SESSION['_id']);
|
|
From: Scott P. <wht...@us...> - 2007-09-08 23:56:57
|
Update of /cvsroot/helpmeict/Helpdesk
In directory sc8-pr-cvs17:/tmp/cvs-serv9207
Modified Files:
footer.php index.php login.php problemcategories.php
sitesandusers.php
Log Message:
added $_GET, $_POST, $_REQUEST sanitizing
added magic_quotes dectection
added checking existince of superglobals index's before using them 'isset' is your friend \
this removes the Undefined Index notices from these files.
fixed all undefined constants in these files. This removes the undefined constants from these files.
added globals where needed to remove the undefined variable notices from these files.
Index: login.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/login.php,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -d -r1.11 -r1.12
*** login.php 7 Sep 2007 00:02:25 -0000 1.11
--- login.php 8 Sep 2007 23:56:50 -0000 1.12
***************
*** 43,50 ****
// Retrieve Get/Post variables
$act = $_POST['act'];
- $user = $_POST['user'];
- $password = $_POST['password'];
$domain = $_POST['domain'];
$redirect = $_POST['redirect'];
// Default action: Login
--- 43,56 ----
// Retrieve Get/Post variables
$act = $_POST['act'];
$domain = $_POST['domain'];
$redirect = $_POST['redirect'];
+ if (!get_magic_quotes_gpc()) {
+ $user = addslashes($_POST['user']);
+ $password = addslashes($_POST['password']);
+ }
+ else {
+ $user = $_POST['user'];
+ $password = $_POST['password'];
+ }
// Default action: Login
Index: footer.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/footer.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** footer.php 11 Mar 2007 16:32:12 -0000 1.5
--- footer.php 8 Sep 2007 23:56:49 -0000 1.6
***************
*** 29,33 ****
require_once 'system/db.php';
require_once 'system/lang.php';
!
// Get all navigation category name
function &navigation_categories()
--- 29,34 ----
require_once 'system/db.php';
require_once 'system/lang.php';
!
!
// Get all navigation category name
function &navigation_categories()
***************
*** 76,80 ****
// Build navigation tree
! if ($_SESSION['_username'] == '') {
// Set up sidebar links from DB
$linkcatRS = db_recordset("SELECT * FROM tbl_Link_Categories where lang='".$_lang."' ORDER BY sortorder");
--- 77,81 ----
// Build navigation tree
! if (!isset($_SESSION['_username'])) {
// Set up sidebar links from DB
$linkcatRS = db_recordset("SELECT * FROM tbl_Link_Categories where lang='".$_lang."' ORDER BY sortorder");
***************
*** 167,171 ****
foreach ($items as $item)
{
! echo ' <li><a href="'.$item['link'].'"'.($item['access_key']?' accesskey="'.$link['access_key'].'"':'').'>'.gettext($item['title']).'</a></li>'."\n";
}
?>
--- 168,178 ----
foreach ($items as $item)
{
! if(!isset($link)) {
! echo ' <li><a href="'.$item['link'].'"'.'>'.gettext($item['title']).'</a></li>'."\n";
! }
! else {
! echo ' <li><a href="'.$item['link'].'"'.($item['access_key']?' accesskey="'.$link['access_key'].'"':'').'>'.gettext($item['title']).'</a></li>'."\n";
!
! }
}
?>
***************
*** 179,183 ****
// Conditionally show the other domains this user has access to and invite them to
// jump straight to them.
! if ($_SESSION[_id]) {
if ($_SESSION['_usertype'] == 'Root') {
// Show all domains except the current one for the root user
--- 186,190 ----
// Conditionally show the other domains this user has access to and invite them to
// jump straight to them.
! if (isset($_SESSION['_id'])) {
if ($_SESSION['_usertype'] == 'Root') {
// Show all domains except the current one for the root user
***************
*** 203,207 ****
--- 210,226 ----
<div class="menulogingroup">
<form name="login" id="login" method="post" class="login" action="login.php">
+ <?php
+ if (isset($accept)) {
+ ?>
<input type="hidden" name="act" value="accept<?php echo $accept?>" />
+ <?php
+ }
+ else {
+ ?>
+
+ <input type="hidden" name="act" value="accept" />
+ <?php
+ }
+ ?>
<select name="domain" style="width:13em;">
<?php
Index: sitesandusers.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/sitesandusers.php,v
retrieving revision 1.15
retrieving revision 1.16
diff -C2 -d -r1.15 -r1.16
*** sitesandusers.php 7 Feb 2007 01:20:04 -0000 1.15
--- sitesandusers.php 8 Sep 2007 23:56:50 -0000 1.16
***************
*** 59,82 ****
require_once 'system/global_preferences.php';
require 'header.php';
!
// Language selection
set_text_domain("sitesandusers");
// Retrieve Get/Post variables
! $act = $_REQUEST['act'];
! $site = $_POST['site'];
! $sites = $_POST['sites'];
! if ($sites == '') { $sites = array(); }
! $name = $_POST['name'];
! $username = $_POST['username'];
! $password = $_POST['password'];
! $available = $_POST['available'];
! $user = $_POST['user'];
! $users = $_POST['users'];
! $usertype = $_POST['usertype'];
! $support = $_POST['support'];
! $resolve = $_POST['resolve'];
! $email = $_POST['email'];
! $oldusername = $_POST['oldusername'];
if ($conf_db['dsn']['phptype'] == 'pgsql') {
--- 59,147 ----
require_once 'system/global_preferences.php';
require 'header.php';
!
! global $act, $usertype, $message, $users;
// Language selection
set_text_domain("sitesandusers");
+ foreach($_POST as $key => $val) {
+ // scrubbing the field NAME...
+ if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
+ }
+ foreach($_GET as $key => $val) {
+ // scrubbing the field NAME...
+ if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
+ $_GET[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
+ }
+ foreach($_REQUEST as $key => $val) {
+ // scrubbing the field NAME...
+ if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
+ }
+
// Retrieve Get/Post variables
!
! if (!get_magic_quotes_gpc()) {
! if (isset($_REQUEST['act'])) {
! $act = addslashes($_REQUEST['act']);
! }
! if (isset($_POST['site'])) {
! $site = addslashes($_POST['site']);
! }
! if (isset($_POST['sites'])) {
! $sites = $_POST['sites'];
! }
! else {
! $sites = array();
! }
! if (isset($_POST['name'])) {
! $name = addslashes($_POST['name']);
! }
! if (isset($_POST['username'])) {
! $username = addslashes($_POST['username']);
! }
! if (isset($_POST['password'])) {
! $password = addslashes($_POST['password']);
! }
! if (isset($_POST['available'])) {
! $available = addslashes($_POST['available']);
! }
! if (isset($_POST['user'])) {
! $user = addslashes($_POST['user']);
! }
! if (isset($_POST['users'])) {
! $users = $_POST['users'];
! }
! if (isset($_POST['usertype'])) {
! $usertype = addslashes($_POST['usertype']);
! }
! if (isset($_POST['support'])) {
! $support = $_POST['support'];
! }
! if (isset($_POST['resolve'])) {
! $resolve = addslashes($_POST['resolve']);
! }
! if (isset($_POST['email'])) {
! $email = addslashes($_POST['email']);
! }
! if (isset($_POST['oldusername'])) {
! $oldusername = addslashes($_POST['oldusername']);
! }
! }
! else {
! $act = $_REQUEST['act'];
! $site = $_POST['site'];
! $sites = $_POST['sites'];
! if ($sites == '') { $sites = array(); }
! $name = $_POST['name'];
! $username = $_POST['username'];
! $password = $_POST['password'];
! $available = $_POST['available'];
! $user = $_POST['user'];
! $users = $_POST['users'];
! $usertype = $_POST['usertype'];
! $support = $_POST['support'];
! $resolve = $_POST['resolve'];
! $email = $_POST['email'];
! $oldusername = $_POST['oldusername'];
! }
if ($conf_db['dsn']['phptype'] == 'pgsql') {
***************
*** 129,133 ****
<div class="labelfieldpair">
<div class="name"><label for="site"><?php echo gettext('Site Name')?></label></div>
! <div class="field"><input type="text" name="site" id="site" size="35" maxlength="50" value="<?php echo $site?>" /></div>
</div>
<div class="buttonpanel">
--- 194,198 ----
<div class="labelfieldpair">
<div class="name"><label for="site"><?php echo gettext('Site Name')?></label></div>
! <div class="field"><input type="text" name="site" id="site" size="35" maxlength="50" value="" /></div>
</div>
<div class="buttonpanel">
***************
*** 187,191 ****
<div class="labelfieldpair">
<div class="name"><label for="site"><?php echo gettext('Site Name')?></label></div>
! <div class="field"><input type="text" name="site" id="site" size="35" maxlength="50" value="<?php echo $sitesRS[0][site]?>"></div>
</div>
<div class="buttonpanel">
--- 252,256 ----
<div class="labelfieldpair">
<div class="name"><label for="site"><?php echo gettext('Site Name')?></label></div>
! <div class="field"><input type="text" name="site" id="site" size="35" maxlength="50" value="<?php echo $sitesRS[0]['site']?>"></div>
</div>
<div class="buttonpanel">
***************
*** 246,254 ****
<div class="labelfieldpair">
<div class="name"><label for="site"><?php echo gettext('Name')?></label></div>
! <div class="field"><input type="text" name="name" id="name" size="35" maxlength="50" value="<?php echo $name?>" /></div>
</div>
<div class="labelfieldpair">
<div class="name"><label for="username"><?php echo gettext('Username')?></label></div>
! <div class="field"><input type="text" name="username" id="username" size="20" maxlength="20" value="<?php echo $username?>" /></div>
</div>
<div class="labelfieldpair">
--- 311,319 ----
<div class="labelfieldpair">
<div class="name"><label for="site"><?php echo gettext('Name')?></label></div>
! <div class="field"><input type="text" name="name" id="name" size="35" maxlength="50" value="" /></div>
</div>
<div class="labelfieldpair">
<div class="name"><label for="username"><?php echo gettext('Username')?></label></div>
! <div class="field"><input type="text" name="username" id="username" size="20" maxlength="20" value="" /></div>
</div>
<div class="labelfieldpair">
***************
*** 326,330 ****
db_send("DELETE FROM tbl_UserSites WHERE userid=$userrecord AND site IN ($iuds)");
}
! if ($domainsforuser[0][num] == 1) {
//echo "delete user here {$domainsforuser[0][num]}<br>\n";
$deleted_user = db_recordset("SELECT username FROM tbl_Users WHERE id=$userrecord");
--- 391,395 ----
db_send("DELETE FROM tbl_UserSites WHERE userid=$userrecord AND site IN ($iuds)");
}
! if ($domainsforuser[0]['num'] == 1) {
//echo "delete user here {$domainsforuser[0][num]}<br>\n";
$deleted_user = db_recordset("SELECT username FROM tbl_Users WHERE id=$userrecord");
***************
*** 377,383 ****
} else {
if ($resolve == 'import') {
! $userdomainsRS = db_recordset("SELECT * FROM tbl_UserDomains WHERE userid='" . $usersRS[0][id] . "' AND domain=$_SESSION[_domain]");
if (count($userdomainsRS) == 0) {
! db_send("INSERT INTO tbl_UserDomains (userid,domain,defaultflag) VALUES (" . $usersRS[0][id] . ",$_SESSION[_domain],0)");
$importedrows[] = $row;
} else {
--- 442,448 ----
} else {
if ($resolve == 'import') {
! $userdomainsRS = db_recordset("SELECT * FROM tbl_UserDomains WHERE userid='" . $usersRS[0]['id'] . "' AND domain=$_SESSION[_domain]");
if (count($userdomainsRS) == 0) {
! db_send("INSERT INTO tbl_UserDomains (userid,domain,defaultflag) VALUES (" . $usersRS[0]['id'] . ",$_SESSION[_domain],0)");
$importedrows[] = $row;
} else {
***************
*** 512,516 ****
<?php
$num_users = count($usersRS);
! if (!$users) $users=array($usersRS[0][id]);
if ($num_users == 0) {
--- 577,581 ----
<?php
$num_users = count($usersRS);
! if (!$users) $users=array($usersRS[0]['id']);
if ($num_users == 0) {
***************
*** 519,530 ****
foreach ($usersRS as $record) {
// Show as inactive if so
! if ($record[available] == '0') {
$style = ' class="inactive"';
! } elseif ($record[restricted] == '1') {
$style = ' class="restricted"';
} else {
$style = '';
}
! print (" <option value=\"${record[id]}\"${style}>${record[name]}</option>\n");
}
?>
--- 584,595 ----
foreach ($usersRS as $record) {
// Show as inactive if so
! if ($record['available'] == '0') {
$style = ' class="inactive"';
! } elseif ($record['restricted'] == '1') {
$style = ' class="restricted"';
} else {
$style = '';
}
! print (" <option value=\"${record['id']}\"${style}>${record['name']}</option>\n");
}
?>
***************
*** 548,552 ****
// Retrieve User information
! $usersRS = db_recordset("SELECT * FROM tbl_Users WHERE id=" . $users[0]);
if ($message) { display($message); }
--- 613,617 ----
// Retrieve User information
! $usersRS = db_recordset("SELECT * FROM tbl_Users WHERE id=$users[0]");
if ($message) { display($message); }
***************
*** 568,576 ****
<div class="labelfieldpair">
<div class="name"><label for="site"><?php echo gettext('Name')?></label></div>
! <div class="field"><input type="text" name="name" id="name" size="35" maxlength="50" value="<?php echo $usersRS[0][name]?>" /></div>
</div>
<div class="labelfieldpair">
<div class="name"><label for="username"><?php echo gettext('Username')?></label></div>
! <div class="field"><input type="text" name="username" id="username" size="20" maxlength="20" value="<?php echo $usersRS[0][username]?>" /></div>
</div>
<div class="labelfieldpair">
--- 633,641 ----
<div class="labelfieldpair">
<div class="name"><label for="site"><?php echo gettext('Name')?></label></div>
! <div class="field"><input type="text" name="name" id="name" size="35" maxlength="50" value="<?php echo $usersRS[0]['name']?>" /></div>
</div>
<div class="labelfieldpair">
<div class="name"><label for="username"><?php echo gettext('Username')?></label></div>
! <div class="field"><input type="text" name="username" id="username" size="20" maxlength="20" value="<?php echo $usersRS[0]['username']?>" /></div>
</div>
<div class="labelfieldpair">
***************
*** 580,584 ****
<div class="labelfieldpair">
<div class="name"><label for="email"><?php echo gettext('Email Address')?></label></div>
! <div class="field"><input type="text" name="email" id="email" size="20" maxlength="40" value="<?php echo $usersRS[0][email]?>" /></div>
</div>
<div class="buttonpanel">
--- 645,649 ----
<div class="labelfieldpair">
<div class="name"><label for="email"><?php echo gettext('Email Address')?></label></div>
! <div class="field"><input type="text" name="email" id="email" size="20" maxlength="40" value="<?php echo $usersRS[0]['email']?>" /></div>
</div>
<div class="buttonpanel">
***************
*** 634,638 ****
foreach($users as $userrecord) {
$updateuserRS = db_recordset("SELECT * FROM tbl_Users WHERE id=$userrecord;");
! db_send("UPDATE tbl_Users SET available=" . (1 - $updateuserRS[0][available]) . " WHERE id=" . $updateuserRS[0][id] . ";");
}
$act = '';
--- 699,703 ----
foreach($users as $userrecord) {
$updateuserRS = db_recordset("SELECT * FROM tbl_Users WHERE id=$userrecord;");
! db_send("UPDATE tbl_Users SET available=" . (1 - $updateuserRS[0]['available']) . " WHERE id=" . $updateuserRS[0]['id'] . ";");
}
$act = '';
***************
*** 643,647 ****
foreach($users as $userrecord) {
$updateuserRS = db_recordset("SELECT * FROM tbl_Users WHERE id=$userrecord;");
! db_send("UPDATE tbl_Users SET restricted=" . (1 - $updateuserRS[0][restricted]) . " WHERE id=" . $updateuserRS[0][id] . ";");
}
$act = '';
--- 708,712 ----
foreach($users as $userrecord) {
$updateuserRS = db_recordset("SELECT * FROM tbl_Users WHERE id=$userrecord;");
! db_send("UPDATE tbl_Users SET restricted=" . (1 - $updateuserRS[0]['restricted']) . " WHERE id=" . $updateuserRS[0]['id'] . ";");
}
$act = '';
***************
*** 716,720 ****
WHERE sortorder<$_SESSION[_usertypesortorder]
ORDER BY sortorder");
! if (!$usertype) $usertype=$usertypesRS[0][id];
if ($message) { display($message); }
--- 781,785 ----
WHERE sortorder<$_SESSION[_usertypesortorder]
ORDER BY sortorder");
! if (!$usertype) $usertype=$usertypesRS[0]['id'];
if ($message) { display($message); }
***************
*** 745,749 ****
reset($usertypesRS);
foreach ($usertypesRS as $vrecord) {
! $current = filter_records(filter_records($usersRS,'site',$record[id]),'usertype',$vrecord[id]);
$flag = TRUE;
print (" var support_${index}_$vindex = new Array('");
--- 810,814 ----
reset($usertypesRS);
foreach ($usertypesRS as $vrecord) {
! $current = filter_records(filter_records($usersRS,'site',$record['id']),'usertype',$vrecord['id']);
$flag = TRUE;
print (" var support_${index}_$vindex = new Array('");
***************
*** 757,761 ****
print ("','");
}
! print ($res_record[id] . "','" . addslashes($res_record[name]));
}
}
--- 822,826 ----
print ("','");
}
! print ($res_record['id'] . "','" . addslashes($res_record['name']));
}
}
***************
*** 861,865 ****
foreach ($sitesRS as $record) {
// Set as default if this was previously chosen
! if (count($sites) == 0 || in_array($record[id],$sites)) {$checked = ' selected="selected"';} else {$checked = '';};
print (" <option value=\"$record[id]\"$checked>$record[site]</option>\n");
}
--- 926,930 ----
foreach ($sitesRS as $record) {
// Set as default if this was previously chosen
! if (count($sites) == 0 || in_array($record['id'],$sites)) {$checked = ' selected="selected"';} else {$checked = '';};
print (" <option value=\"$record[id]\"$checked>$record[site]</option>\n");
}
***************
*** 871,875 ****
if (count($usertypesRS) == 1) {
?>
! <input type="hidden" name="usertype" id="usertype" value="<?php echo $usertypesRS[0][id]?>" />
<?php
} else {
--- 936,940 ----
if (count($usertypesRS) == 1) {
?>
! <input type="hidden" name="usertype" id="usertype" value="<?php echo $usertypesRS[0]['id']?>" />
<?php
} else {
***************
*** 888,894 ****
foreach ($usertypesRS as $record) {
// Set as default if this was previously chosen
! if ($record[id] == $usertype) { $checked = ' selected="selected"'; } else { $checked = ''; }
print " <option value=\"$record[id]\"$checked>".
! preg_replace($regex,$repl,$record[type]).
"</option>\n";
}
--- 953,959 ----
foreach ($usertypesRS as $record) {
// Set as default if this was previously chosen
! if ($record['id'] == $usertype) { $checked = ' selected="selected"'; } else { $checked = ''; }
print " <option value=\"$record[id]\"$checked>".
! preg_replace($regex,$repl,$record['type']).
"</option>\n";
}
***************
*** 955,959 ****
$usersRS = db_recordset($sql);
$num_users = count($usersRS);
! if (!$users) $users=array($usersRS[0][id]);
if ($num_users == 0) {
--- 1020,1024 ----
$usersRS = db_recordset($sql);
$num_users = count($usersRS);
! if (!$users) $users=array($usersRS[0]['id']);
if ($num_users == 0) {
***************
*** 962,975 ****
foreach ($usersRS as $record) {
// Set as default if this was previously chosen
! if (in_array($record[id],$users)) {$checked = ' selected="selected"';} else {$checked = '';};
// Show as inactive if so
! if ($record[available] == '0') {
$style = ' class="inactive"';
! } elseif ($record[restricted] == '1') {
$style = ' class="restricted"';
} else {
$style = '';
}
! print (" <option value=\"${record[id]}\"${checked}${style}>${record[name]}</option>\n");
}
?>
--- 1027,1040 ----
foreach ($usersRS as $record) {
// Set as default if this was previously chosen
! if (in_array($record['id'],$users)) {$checked = ' selected="selected"';} else {$checked = '';};
// Show as inactive if so
! if ($record['available'] == '0') {
$style = ' class="inactive"';
! } elseif ($record['restricted'] == '1') {
$style = ' class="restricted"';
} else {
$style = '';
}
! print (" <option value=\"${record['id']}\"${checked}${style}>${record['name']}</option>\n");
}
?>
Index: problemcategories.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/problemcategories.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** problemcategories.php 8 Sep 2007 16:12:15 -0000 1.5
--- problemcategories.php 8 Sep 2007 23:56:50 -0000 1.6
***************
*** 1,437 ****
! <?php
!
! /*
!
! problemcategroies.php
!
! Problem categorisation Admin. [Commented]
!
! Changelog:
! 2007-09-08 whtghst1: Added magic_quotes detection and santized all inputs.
! 2006-01-14 dave: Cleaned up code for v1.0 release
!
! ## PAGE CONTAINS HANDYANDY MYSQL MODS ##
! ## Copyright (C) 2005 Andy Deakin (handyandy.org.uk) ##
!
! ----
!
! Copyright (C) 2003 Central Manchester CLC
! Copyright (C) 2003 David Thorne (dav...@gm...)
!
! This program is free software; you can redistribute it and/or
! modify it under the terms of the GNU General Public License
! as published by the Free Software Foundation version 2.
!
! This program is distributed in the hope that it will be useful,
! but WITHOUT ANY WARRANTY; without even the implied warranty of
! MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
! GNU General Public License for more details.
!
! You should have received a copy of the GNU General Public License
! along with this program; if not, write to the Free Software
! Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
!
! */
!
! // Start session and populate it with data
! session_start();
!
! // Page security
! if ($_SESSION['_usertype'] != 'Administrator'
! && $_SESSION['_usertype'] != 'Domain Administrator'
! && $_SESSION['_usertype'] != 'Root') {
! require_once 'system/security.php';
! ThrowOut();
! }
!
! // Page Title
! $ptitle = 'Problem Categories';
!
! // Includes
! require_once 'system/db.php';
! require_once 'system/lang.php';
! require_once 'system/message.php';
! require 'header.php';
!
! // Language selection
! set_text_domain("problemcategories");
!
! foreach($_POST as $key => $val) {
! // scrubbing the field NAME...
! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
! $_POST[$key] = strip_tags($val);
! }
! foreach($_GET as $key => $val) {
! // scrubbing the field NAME...
! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
! $_GET[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
! }
! foreach($_REQUEST as $key => $val) {
! // scrubbing the field NAME...
! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
! $_GET[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
! }
!
! // Retrieve Get/Post variables
! if (!get_magic_quotes_gpc()) {
! $act = addslashes($_REQUEST['act']);
! $description = addslashes($_POST['description']);
! $details = addslashes($_REQUEST['details']);
! $categories = addslashes($_REQUEST['categories']);
! }
! else {
! $act = $_REQUEST['act'];
! $description = $_POST['description'];
! $details = $_REQUEST['details'];
! $categories = $_REQUEST['categories'];
! }
! // Action: Add a category to the system
! if ($act == 'addcategoryaction') {
! $act = 'addcategory';
! // Make sure the category has a name
! if ($description == '') {
! $message = gettext("CORRECTION: You must give this problem category a name.");
! } else {
! $categories = '';
! db_send("INSERT INTO tbl_ProblemCategories (description,domain) VALUES ('" . $description . "',$_SESSION[_domain])");
!
! $act = '';
! $message = gettext("NOTE: Problem category successfully added to system.");
! }
! }
!
! // Action: Request details to add a category to the system
! if ($act == 'addcategory') {
!
! if ($message) { display($message); }
! ?>
!
! <h1><?php echo gettext('Problem Category Admin')?></h1>
! <h2><?php echo gettext('Please enter the following information to add a problem category:')?></h2>
!
! <div class="block">
! <form name="mainform" method="post" action="">
! <input type="hidden" name="act" value="addcategoryaction" />
! <div class="labelfieldpair">
! <div class="name"><label for="description"><?php echo gettext('Category Name')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $description?>" /></div>
! </div>
! <div class="buttonpanel">
! <input name="submit" type="submit" id="submit" value="<?php echo gettext('Add Category')?>" />
! <input name="reset" type="reset" id="reset" value="<?php echo gettext('Reset')?>" />
! <input name="cancel" type="button" id="cancel" value="<?php echo gettext('Cancel')?>" onclick="document.location='problemcategories.php?categories=<?php echo $categories?>'" />
! </div>
! </form>
! </div>
!
! <?php
! }
!
! // Action: Edit a category
! if ($act == 'editcategoryaction') {
! $act = 'editcategory';
! // Make sure the category has a name
! if ($description == '') {
! $message = gettext("CORRECTION: You must give this problem category a name.");
! } else {
! db_send("UPDATE tbl_ProblemCategories SET description='" . $description . "' WHERE ID=$categories");
! $message = gettext("NOTE: Problem category successfully updated.");
! $act = '';
! }
! }
!
! // Action: Remove a category
! if ($act == 'removecategory') {
! db_send("UPDATE tbl_ProblemDetails SET active=0 WHERE category=$categories");
! db_send("UPDATE tbl_ProblemCategories SET active=0 WHERE id=$categories");
! $act = "";
! $categories = "";
! $message = gettext("NOTE: Problem category successfully removed.");
! }
!
! // Action: Request details to edit a category
! if ($act == 'editcategory') {
!
! // Retrieve Problem Category information
! $categoriesRS = db_recordset("SELECT * FROM tbl_ProblemCategories WHERE id=" . $categories);
!
! if ($message) { display($message); }
! ?>
!
! <h1><?php echo gettext('Problem Category Admin')?></h1>
! <h2><?php echo gettext('Please enter the following information to edit a problem category:')?></h2>
!
! <div class="block">
! <form name="mainform" method="post" action="">
! <input type="hidden" name="act" value="editcategoryaction" />
! <input type="hidden" name="categories" value="<?php echo $categories?>" />
! <div class="labelfieldpair">
! <div class="name"><label for="description"><?php echo gettext('Category Name')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $categoriesRS[0]['description']?>"></div>
! </div>
! <div class="buttonpanel">
! <input name="submit" type="submit" id="submit" value="<?php echo gettext('Submit Changes')?>" />
! <input name="reset" type="reset" id="reset" value="<?php echo gettext('Reset')?>" />
! <input name="cancel" type="button" id="cancel" value="<?php echo gettext('Cancel')?>" onclick="document.location='problemcategories.php?categories=<?php echo $categories?>'" />
! </div>
! </form>
! </div>
!
! <?php
! }
!
! // Action: Add a detail to the system
! if ($act == 'addaction') {
! $act = 'add';
! if ($description == '') {
! $message = gettext("CORRECTION: You must give this problem detail a description.");
! } else {
! $details = '';
! db_send("INSERT INTO tbl_ProblemDetails (description,category,domain) VALUES ('" . $description . "'," . $categories . ",$_SESSION[_domain])");
!
! $act = '';
! $message = gettext("NOTE: Problem detail successfully added to system.");
! }
! }
!
! // Action: Request details to add a detail to the system
! if ($act == 'add') {
!
! if ($message) { display($message); }
! ?>
!
! <h1><?php echo gettext('Problem Category Admin')?></h1>
! <h2><?php echo gettext('Please enter the following information to add a problem detail:')?></h2>
!
! <div class="block">
! <form name="mainform" method="post" action="">
! <input type="hidden" name="act" value="addaction" />
! <input type="hidden" name="categories" value="<?php echo $categories?>" />
! <input type="hidden" name="details" value="<?php echo $details?>" />
! <div class="labelfieldpair">
! <div class="name"><label for="description"><?php echo gettext('Description')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $description?>" /></div>
! </div>
! <div class="buttonpanel">
! <input name="submit" type="submit" id="submit" value="<?php echo gettext('Add Detail')?>" />
! <input name="reset" type="reset" id="reset" value="<?php echo gettext('Reset')?>" />
! <input name="cancel" type="button" id="cancel" value="<?php echo gettext('Cancel')?>" onclick="document.location='problemcategories.php?categories=<?php echo $categories?>'" />
! </div>
! </form>
! </div>
!
! <?php
! }
!
! // Action: Edit a category
! if ($act == 'editaction') {
! $act = 'edit';
! if ($description == '') {
! $message = gettext("CORRECTION: You must give this problem detail a description.");
! } else {
! db_send("UPDATE tbl_ProblemDetails SET description='" . $description . "' WHERE ID=$details");
! $message = gettext("NOTE: Problem detail successfully updated.");
! $act = '';
! }
! }
!
! // Action: Remove a category
! if ($act == 'remove') {
! $act = '';
! db_send("UPDATE tbl_ProblemDetails SET active=0 WHERE id=$details");
! $details = '';
! $message = gettext("NOTE: Problem detail successfully removed.");
! }
!
! // Action: Request details to edit a detail
! if ($act == 'edit') {
!
! // Retrieve Problem information
! $detailsRS = db_recordset("SELECT * FROM tbl_ProblemDetails WHERE id=" . $details);
!
! display($message);
! ?>
!
! <h1><?php echo gettext('Problem Category Admin')?></h1>
! <h2><?php echo gettext('Please enter the following information to edit a problem detail:')?></h2>
!
! <div class="block">
! <form name="mainform" method="post" action="">
! <input type="hidden" name="act" value="editaction" />
! <input type="hidden" name="categories" value="<?php echo $categories?>" />
! <input type="hidden" name="details" value="<?php echo $details?>" />
! <div class="labelfieldpair">
! <div class="name"><label for="description"><?php echo gettext('Description')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $detailsRS[0]['description']?>" /></div>
! </div>
! <div class="buttonpanel">
! <input name="submit" type="submit" id="submit" value="<?php echo gettext('Submit Changes')?>" />
! <input name="reset" type="reset" id="reset" value="<?php echo gettext('Reset')?>" />
! <input name="cancel" type="button" id="cancel" value="<?php echo gettext('Cancel')?>" onclick="document.location='problemcategories.php?categories=<?php echo $categories?>&details=<?php echo $details?>'" />
! </div>
! </form>
! </div>
!
! <?php
! }
!
! // Default action: Show categories and details and choose action...
! if ($act == '') {
! // Retrieve problem categories
! $categoriesRS = db_recordset("SELECT * FROM tbl_ProblemCategories WHERE domain=$_SESSION[_domain] AND active=1 ORDER BY description");
! $num_categories = count($categoriesRS);
!
! // Retrieve problem detail information
! if ($num_categories > 0)
! $details = db_recordset("SELECT * FROM tbl_ProblemDetails WHERE domain=$_SESSION[_domain] AND active=1 ORDER BY description");
! if (!$categories) $categories=$categoriesRS[0]['id'];
!
! if ($message) { display($message); }
! ?>
!
! <script language="javascript" type="text/javascript">
! //<![CDATA[
! <!--
!
! <?php
!
! /*
!
! Dynamically create a set of javascript arrays that will be used for the
! client side interface for choosing between the heirarchical mappings of
! categories and details.
!
! The arrays holds the 'children' of each top level category. By choosing
! the appropriate category using a <select> list the following SetupDetails
! function causes the details list to be rebuilt, on the fly.
!
! */
!
! if ($num_categories > 0) {
! $index = 0;
! foreach ($categoriesRS as $record) {
! $current = filter_records($details,"category",$record['id']);
! $flag = TRUE;
! print (" var problems_$index = new Array('");
! if (count($current) == 0) {
! print ("0','[No Details]");
! } else {
! foreach ($current as $res_record) {
! if ($flag) {
! $flag = FALSE;
! } else {
! print ("','");
! }
! print ($res_record['id'] . "','" . addslashes($res_record['description']));
! }
! }
! print ("');\n");
! $index++;
! }
! }
! ?>
!
! function SetupDetails () {
! var noDetails = document.mainform.categories.options.length;
! var DetailsList = document.mainform.details.options;
! var strTemp = '';
! DetailsList.length = 0;
! for (i=0;i<noDetails;i++) {
! if (document.mainform.categories.options[i].selected && eval('problems_' + i + '[0]') != '') {
! for (loop=0;loop<eval('problems_' + i + '.length')/2;loop++) {
! DetailsList[loop] = new Option(eval('problems_' + i + '[loop*2+1]'));
! DetailsList[loop].value = eval('problems_' + i + '[loop*2]');
! }
! }
! }
! DetailsList[0].selected = true;
! }
!
! function mainSubmit (act) {
! var flag = true;
! if ((act == 'removecategory' || act == 'editcategory' || act == 'add') && document.mainform.categories.value == 0) {
! alert('<?php echo gettext('There are no categories on which to action your request.')?>');
! flag = false;
! }
! if (act == 'removecategory' && flag && !confirm('<?php echo gettext('Are you sure you wish to delete this problem category?')?>')) flag = false;
! if ((act == 'remove' || act == 'edit') && document.mainform.details.value == 0) {
! alert('<?php echo gettext('There are no details on which to action your request.')?>');
! flag = false;
! }
! if (act == 'remove' && flag && !confirm('<?php echo gettext('Are you sure you wish to delete this problem detail?')?>')) flag = false;
! if (flag) {
! document.mainform.act.value=act;
! document.mainform.submit();
! }
! }
!
! //-->
! //]]>
! </script>
!
! <h1><?php echo gettext('Problem Category Admin')?></h1>
! <h2><?php echo gettext('Please use the lists below to administer the categorisation of problems in this system:')?></h2>
!
! <div class="block">
! <form name="mainform" id="mainform" method="post">
! <input type="hidden" name="act" value="" />
! <div class="columnleft"> <div class="labelright">
! <label for="categories"><?php echo gettext('Categories')?></label></div>
! <div class="columnright">
! <input type="button" value="<?php echo gettext('New')?>..." onclick="mainSubmit('addcategory')" /><br />
! <input type="button" value="<?php echo gettext('Edit')?>" onclick="mainSubmit('editcategory')" /><br />
! <input type="button" value="<?php echo gettext('Delete')?>" onclick="mainSubmit('removecategory')" />
! </div>
! <div class="columnleft">
! <select name="categories" id="categories" size="10" onchange="SetupDetails()">
! <?php
! if ($num_categories == 0) {
! print (" <option value=\"0\" selected=\"selected\">[".gettext('No Categories')."]</option>\n");
! }
! foreach ($categoriesRS as $record) {
! // Set as default if this was previously chosen
! if ($record['id'] == $categories) {$checked = " selected=\"selected\"";} else {$checked = "";};
! print (" <option value=\"${record['id']}\"${checked}>${record['description']}</option>\n");
! }
! ?>
! </select>
! </div>
! </div>
! <div class="columnleft">
! <div class="columnleft"><label for="details"><?php echo gettext('Details')?></label></div><br />
! <div class="columnleft">
! <select name="details" id="details" size="10">
! <option value="0" selected="selected">[<?php echo gettext('No Details')?>]</option>
! </select>
! </div>
! <div class="columnleft">
! <input type="button" value="<?php echo gettext('New')?>..." onclick="mainSubmit('add')" />
! <br />
! <input type="button" value="<?php echo gettext('Edit')?>" onclick="mainSubmit('edit')" />
! <br />
! <input type="button" value="<?php echo gettext('Delete')?>" onclick="mainSubmit('remove')" />
! </div>
! </div>
! </form>
! <hr class="hide" />
! </div>
!
! <?php
! if ($num_categories > 0) {
! ?>
! <script language="javascript" type="text/javascript">
! //<![CDATA[
! <!--
!
! SetupDetails();
!
! //-->
! //]]>
! </script>
! <?php
! }
! }
!
! // Include
! require 'footer.php';
! ?>
--- 1,454 ----
! <?php
!
! /*
!
! problemcategroies.php
!
! Problem categorisation Admin. [Commented]
!
! Changelog:
! 2007-09-08 whtghst1: Added magic_quotes detection and santized all inputs.
! 2006-01-14 dave: Cleaned up code for v1.0 release
!
! ## PAGE CONTAINS HANDYANDY MYSQL MODS ##
! ## Copyright (C) 2005 Andy Deakin (handyandy.org.uk) ##
!
! ----
!
! Copyright (C) 2003 Central Manchester CLC
! Copyright (C) 2003 David Thorne (dav...@gm...)
!
! This program is free software; you can redistribute it and/or
! modify it under the terms of the GNU General Public License
! as published by the Free Software Foundation version 2.
!
! This program is distributed in the hope that it will be useful,
! but WITHOUT ANY WARRANTY; without even the implied warranty of
! MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
! GNU General Public License for more details.
!
! You should have received a copy of the GNU General Public License
! along with this program; if not, write to the Free Software
! Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
!
! */
!
! // Start session and populate it with data
! session_start();
!
! // Page security
! if (isset($_SESSION['_usertype'])) {
! if ($_SESSION['_usertype'] != 'Administrator'
! && $_SESSION['_usertype'] != 'Domain Administrator'
! && $_SESSION['_usertype'] != 'Root') {
! require_once 'system/security.php';
! ThrowOut();
! }
! }
! // Page Title
! $ptitle = 'Problem Categories';
!
! // Includes
! require_once 'system/db.php';
! require_once 'system/lang.php';
! require_once 'system/message.php';
! require 'header.php';
! global $act, $categories, $message, $description;
! // Language selection
! set_text_domain("problemcategories");
!
! foreach($_POST as $key => $val) {
! // scrubbing the field NAME...
! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
! $_POST[$key] = strip_tags($val);
! }
! foreach($_GET as $key => $val) {
! // scrubbing the field NAME...
! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
! $_GET[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
! }
! foreach($_REQUEST as $key => $val) {
! // scrubbing the field NAME...
! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
! $_REQUEST[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
! }
!
! // Retrieve Get/Post variables
! if (!get_magic_quotes_gpc()) {
! if (isset($_REQUEST['act'])) {
! $act = addslashes($_REQUEST['act']);
! }
! if (isset($_POST['description'])) {
! $description = addslashes($_POST['description']);
! }
! if (isset($_REQUEST['details'])) {
! $details = addslashes($_REQUEST['details']);
! }
! if (isset($_REQUEST['categories'])) {
! $categories = addslashes($_REQUEST['categories']);
! }
! }
! else {
! if (isset($_REQUEST['act'])) {
! $act = $_REQUEST['act'];
! }
! if (isset($_POST['description'])) {
! $description = $_POST['description'];
! }
! if (isset($_REQUEST['details'])) {
! $details = $_REQUEST['details'];
! }
! if (isset($_REQUEST['categories'])) {
! $categories = $_REQUEST['categories'];
! }
! }
! // Action: Add a category to the system
! if ($act == 'addcategoryaction') {
! $act = 'addcategory';
! // Make sure the category has a name
! if ($description == '') {
! $message = gettext("CORRECTION: You must give this problem category a name.");
! } else {
! $categories = '';
! db_send("INSERT INTO tbl_ProblemCategories (description,domain) VALUES ('" . $description . "',$_SESSION[_domain])");
!
! $act = '';
! $message = gettext("NOTE: Problem category successfully added to system.");
! }
! }
!
! // Action: Request details to add a category to the system
! if ($act == 'addcategory') {
!
! if ($message) { display($message); }
! ?>
!
! <h1><?php echo gettext('Problem Category Admin')?></h1>
! <h2><?php echo gettext('Please enter the following information to add a problem category:')?></h2>
!
! <div class="block">
! <form name="mainform" method="post" action="">
! <input type="hidden" name="act" value="addcategoryaction" />
! <div class="labelfieldpair">
! <div class="name"><label for="description"><?php echo gettext('Category Name')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $description?>" /></div>
! </div>
! <div class="buttonpanel">
! <input name="submit" type="submit" id="submit" value="<?php echo gettext('Add Category')?>" />
! <input name="reset" type="reset" id="reset" value="<?php echo gettext('Reset')?>" />
! <input name="cancel" type="button" id="cancel" value="<?php echo gettext('Cancel')?>" onclick="document.location='problemcategories.php?categories=<?php echo $categories?>'" />
! </div>
! </form>
! </div>
!
! <?php
! }
!
! // Action: Edit a category
! if ($act == 'editcategoryaction') {
! $act = 'editcategory';
! // Make sure the category has a name
! if ($description == '') {
! $message = gettext("CORRECTION: You must give this problem category a name.");
! } else {
! db_send("UPDATE tbl_ProblemCategories SET description='" . $description . "' WHERE ID=$categories");
! $message = gettext("NOTE: Problem category successfully updated.");
! $act = '';
! }
! }
!
! // Action: Remove a category
! if ($act == 'removecategory') {
! db_send("UPDATE tbl_ProblemDetails SET active=0 WHERE category=$categories");
! db_send("UPDATE tbl_ProblemCategories SET active=0 WHERE id=$categories");
! $act = "";
! $categories = "";
! $message = gettext("NOTE: Problem category successfully removed.");
! }
!
! // Action: Request details to edit a category
! if ($act == 'editcategory') {
!
! // Retrieve Problem Category information
! $categoriesRS = db_recordset("SELECT * FROM tbl_ProblemCategories WHERE id=" . $categories);
!
! if ($message) { display($message); }
! ?>
!
! <h1><?php echo gettext('Problem Category Admin')?></h1>
! <h2><?php echo gettext('Please enter the following information to edit a problem category:')?></h2>
!
! <div class="block">
! <form name="mainform" method="post" action="">
! <input type="hidden" name="act" value="editcategoryaction" />
! <input type="hidden" name="categories" value="<?php echo $categories?>" />
! <div class="labelfieldpair">
! <div class="name"><label for="description"><?php echo gettext('Category Name')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $categoriesRS[0]['description']?>"></div>
! </div>
! <div class="buttonpanel">
! <input name="submit" type="submit" id="submit" value="<?php echo gettext('Submit Changes')?>" />
! <input name="reset" type="reset" id="reset" value="<?php echo gettext('Reset')?>" />
! <input name="cancel" type="button" id="cancel" value="<?php echo gettext('Cancel')?>" onclick="document.location='problemcategories.php?categories=<?php echo $categories?>'" />
! </div>
! </form>
! </div>
!
! <?php
! }
!
! // Action: Add a detail to the system
! if ($act == 'addaction') {
! $act = 'add';
! if ($description == '') {
! $message = gettext("CORRECTION: You must give this problem detail a description.");
! } else {
! $details = '';
! db_send("INSERT INTO tbl_ProblemDetails (description,category,domain) VALUES ('" . $description . "'," . $categories . ",$_SESSION[_domain])");
!
! $act = '';
! $message = gettext("NOTE: Problem detail successfully added to system.");
! }
! }
!
! // Action: Request details to add a detail to the system
! if ($act == 'add') {
!
! if ($message) { display($message); }
! ?>
!
! <h1><?php echo gettext('Problem Category Admin')?></h1>
! <h2><?php echo gettext('Please enter the following information to add a problem detail:')?></h2>
!
! <div class="block">
! <form name="mainform" method="post" action="">
! <input type="hidden" name="act" value="addaction" />
! <input type="hidden" name="categories" value="<?php echo $categories?>" />
! <input type="hidden" name="details" value="<?php echo $details?>" />
! <div class="labelfieldpair">
! <div class="name"><label for="description"><?php echo gettext('Description')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $description?>" /></div>
! </div>
! <div class="buttonpanel">
! <input name="submit" type="submit" id="submit" value="<?php echo gettext('Add Detail')?>" />
! <input name="reset" type="reset" id="reset" value="<?php echo gettext('Reset')?>" />
! <input name="cancel" type="button" id="cancel" value="<?php echo gettext('Cancel')?>" onclick="document.location='problemcategories.php?categories=<?php echo $categories?>'" />
! </div>
! </form>
! </div>
!
! <?php
! }
!
! // Action: Edit a category
! if ($act == 'editaction') {
! $act = 'edit';
! if ($description == '') {
! $message = gettext("CORRECTION: You must give this problem detail a description.");
! } else {
! db_send("UPDATE tbl_ProblemDetails SET description='" . $description . "' WHERE ID=$details");
! $message = gettext("NOTE: Problem detail successfully updated.");
! $act = '';
! }
! }
!
! // Action: Remove a category
! if ($act == 'remove') {
! $act = '';
! db_send("UPDATE tbl_ProblemDetails SET active=0 WHERE id=$details");
! $details = '';
! $message = gettext("NOTE: Problem detail successfully removed.");
! }
!
! // Action: Request details to edit a detail
! if ($act == 'edit') {
!
! // Retrieve Problem information
! $detailsRS = db_recordset("SELECT * FROM tbl_ProblemDetails WHERE id=" . $details);
!
! display($message);
! ?>
!
! <h1><?php echo gettext('Problem Category Admin')?></h1>
! <h2><?php echo gettext('Please enter the following information to edit a problem detail:')?></h2>
!
! <div class="block">
! <form name="mainform" method="post" action="">
! <input type="hidden" name="act" value="editaction" />
! <input type="hidden" name="categories" value="<?php echo $categories?>" />
! <input type="hidden" name="details" value="<?php echo $details?>" />
! <div class="labelfieldpair">
! <div class="name"><label for="description"><?php echo gettext('Description')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo htmlentities($detailsRS[0]['description'])?>" /></div>
! </div>
! <div class="buttonpanel">
! <input name="submit" type="submit" id="submit" value="<?php echo gettext('Submit Changes')?>" />
! <input name="reset" type="reset" id="reset" value="<?php echo gettext('Reset')?>" />
! <input name="cancel" type="button" id="cancel" value="<?php echo gettext('Cancel')?>" onclick="document.location='problemcategories.php?categories=<?php echo $categories?>&details=<?php echo $details?>'" />
! </div>
! </form>
! </div>
!
! <?php
! }
!
! // Default action: Show categories and details and choose action...
! if ($act == '') {
! // Retrieve problem categories
! $categoriesRS = db_recordset("SELECT * FROM tbl_ProblemCategories WHERE domain=$_SESSION[_domain] AND active=1 ORDER BY description");
! $num_categories = count($categoriesRS);
!
! // Retrieve problem detail information
! if ($num_categories > 0)
! $details = db_recordset("SELECT * FROM tbl_ProblemDetails WHERE domain=$_SESSION[_domain] AND active=1 ORDER BY description");
! if (!$categories) $categories=$categoriesRS[0]['id'];
!
! if ($message) { display($message); }
! ?>
!
! <script language="javascript" type="text/javascript">
! //<![CDATA[
! <!--
!
! <?php
!
! /*
!
! Dynamically create a set of javascript arrays that will be used for the
! client side interface for choosing between the heirarchical mappings of
! categories and details.
!
! The arrays holds the 'children' of each top level category. By choosing
! the appropriate category using a <select> list the following SetupDetails
! function causes the details list to be rebuilt, on the fly.
!
! */
!
! if ($num_categories > 0) {
! $index = 0;
! foreach ($categoriesRS as $record) {
! $current = filter_records($details,"category",$record['id']);
! $flag = TRUE;
! print (" var problems_$index = new Array('");
! if (count($current) == 0) {
! print ("0','[No Details]");
! } else {
! foreach ($current as $res_record) {
! if ($flag) {
! $flag = FALSE;
! } else {
! print ("','");
! }
! print ($res_record['id'] . "','" . addslashes($res_record['description']));
! }
! }
! print ("');\n");
! $index++;
! }
! }
! ?>
!
! function SetupDetails () {
! var noDetails = document.mainform.categories.options.length;
! var DetailsList = document.mainform.details.options;
! var strTemp = '';
! DetailsList.length = 0;
! for (i=0;i<noDetails;i++) {
! if (document.mainform.categories.options[i].selected && eval('problems_' + i + '[0]') != '') {
! for (loop=0;loop<eval('problems_' + i + '.length')/2;loop++) {
! DetailsList[loop] = new Option(eval('problems_' + i + '[loop*2+1]'));
! DetailsList[loop].value = eval('problems_' + i + '[loop*2]');
! }
! }
! }
! DetailsList[0].selected = true;
! }
!
! function mainSubmit (act) {
! var flag = true;
! if ((act == 'removecategory' || act == 'editcategory' || act == 'add') && document.mainform.categories.value == 0) {
! alert('<?php echo gettext('There are no categories on which to action your request.')?>');
! flag = false;
! }
! if (act == 'removecategory' && flag && !confirm('<?php echo gettext('Are you sure you wish to delete this problem category?')?>')) flag = false;
! if ((act == 'remove' || act == 'edit') && document.mainform.details.value == 0) {
! alert('<?php echo gettext('There are no details on which to action your request.')?>');
! flag = false;
! }
! if (act == 'remove' && flag && !confirm('<?php echo gettext('Are you sure you wish to delete this problem detail?')?>')) flag = false;
! if (flag) {
! document.mainform.act.value=act;
! document.mainform.submit();
! }
! }
!
! //-->
! //]]>
! </script>
!
! <h1><?php echo gettext('Problem Category Admin')?></h1>
! <h2><?php echo gettext('Please use the lists below to administer the categorisation of problems in this system:')?></h2>
!
! <div class="block">
! <form name="mainform" id="mainform" method="post">
! <input type="hidden" name="act" value="" />
! <div class="columnleft"> <div class="labelright">
! <label for="categories"><?php echo gettext('Categories')?></label></div>
! <div class="columnright">
! <input type="button" value="<?php echo gettext('New')?>..." onclick="mainSubmit('addcategory')" /><br />
! <input type="button" value="<?php echo gettext('Edit')?>" onclick="mainSubmit('editcategory')" /><br />
! <input type="button" value="<?php echo gettext('Delete')?>" onclick="mainSubmit('removecategory')" />
! </div>
! <div class="columnleft">
! <select name="categories" id="categories" size="10" onchange="SetupDetails()">
! <?php
! if ($num_categories == 0) {
! print (" <option value=\"0\" selected=\"selected\">[".gettext('No Categories')."]</option>\n");
! }
! foreach ($categoriesRS as $record) {
! // Set as default if this was previously chosen
! if ($record['id'] == $categories) {$checked = " selected=\"selected\"";} else {$checked = "";};
! print (" <option value=\"${record['id']}\"${checked}>${record['description']}</option>\n");
! }
! ?>
! </select>
! </div>
! </div>
! <div class="columnleft">
! <div class="columnleft"><label for="details"><?php echo gettext('Details')?></label></div><br />
! <div class="columnleft">
! <select name="details" id="details" size="10">
! <option value="0" selected="selected">[<?php echo gettext('No Details')?>]</option>
! </select>
! </div>
! <div class="columnleft">
! <input type="button" value="<?php echo gettext('New')?>..." onclick="mainSubmit('add')" />
! <br />
! <input type="button" value="<?php echo gettext('Edit')?>" onclick="mainSubmit('edit')" />
! <br />
! <input type="button" value="<?php echo gettext('Delete')?>" onclick="mainSubmit('remove')" />
! </div>
! </div>
! </form>
! <hr class="hide" />
! </div>
!
! <?php
! if ($num_categories > 0) {
! ?>
! <script language="javascript" type="text/javascript">
! //<![CDATA[
! <!--
!
! SetupDetails();
!
! //-->
! //]]>
! </script>
! <?php
! }
! }
!
! // Include
! require 'footer.php';
! ?>
Index: index.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/index.php,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -d -r1.11 -r1.12
*** index.php 7 Sep 2007 00:02:25 -0000 1.11
--- index.php 8 Sep 2007 23:56:49 -0000 1.12
***************
*** 60,64 ****
global $redirect;
!
?>
--- 60,68 ----
global $redirect;
! if (!get_magic_quotes_gpc()) {
! if(isset($_GET['redirect'])) {
! $redirect= addslashes(htmlentities(strip_tags($_GET['redirect']), ENT_QUOTES));
! }
! }
?>
***************
*** 70,74 ****
<div class="block">
<form id="login" method="post" class="login" action="login.php">
! <input name="redirect" type="hidden" value="<?php echo $_GET['redirect']; ?>" />
<div class="labelfieldpair">
<div class="name"><label for="user"><?php echo gettext("Username");?></label></div>
--- 74,78 ----
<div class="block">
<form id="login" method="post" class="login" action="login.php">
! <input name="redirect" type="hidden" value="<?php if(isset($_GET['redirect'])) {echo $_GET['redirect'];} ?>" />
<div class="labelfieldpair">
<div class="name"><label for="user"><?php echo gettext("Username");?></label></div>
|
|
From: Scott P. <wht...@us...> - 2007-09-08 16:12:19
|
Update of /cvsroot/helpmeict/Helpdesk
In directory sc8-pr-cvs17:/tmp/cvs-serv16197
Modified Files:
problemcategories.php
Log Message:
Added magic_quotes detection
Santized all $_POST, $_GET, $_REQUEST variables.
Fixed all Undefined Constants
Index: problemcategories.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/problemcategories.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** problemcategories.php 7 Feb 2007 01:20:04 -0000 1.4
--- problemcategories.php 8 Sep 2007 16:12:15 -0000 1.5
***************
*** 8,11 ****
--- 8,12 ----
Changelog:
+ 2007-09-08 whtghst1: Added magic_quotes detection and santized all inputs.
2006-01-14 dave: Cleaned up code for v1.0 release
***************
*** 56,65 ****
set_text_domain("problemcategories");
! // Retrieve Get/Post variables
! $act = $_REQUEST['act'];
! $description = $_POST['description'];
! $details = $_REQUEST['details'];
! $categories = $_REQUEST['categories'];
// Action: Add a category to the system
if ($act == 'addcategoryaction') {
--- 57,89 ----
set_text_domain("problemcategories");
! foreach($_POST as $key => $val) {
! // scrubbing the field NAME...
! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
! $_POST[$key] = strip_tags($val);
! }
! foreach($_GET as $key => $val) {
! // scrubbing the field NAME...
! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
! $_GET[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
! }
! foreach($_REQUEST as $key => $val) {
! // scrubbing the field NAME...
! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
! $_GET[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
! }
+ // Retrieve Get/Post variables
+ if (!get_magic_quotes_gpc()) {
+ $act = addslashes($_REQUEST['act']);
+ $description = addslashes($_POST['description']);
+ $details = addslashes($_REQUEST['details']);
+ $categories = addslashes($_REQUEST['categories']);
+ }
+ else {
+ $act = $_REQUEST['act'];
+ $description = $_POST['description'];
+ $details = $_REQUEST['details'];
+ $categories = $_REQUEST['categories'];
+ }
// Action: Add a category to the system
if ($act == 'addcategoryaction') {
***************
*** 144,148 ****
<div class="labelfieldpair">
<div class="name"><label for="description"><?php echo gettext('Category Name')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $categoriesRS[0][description]?>"></div>
</div>
<div class="buttonpanel">
--- 168,172 ----
<div class="labelfieldpair">
<div class="name"><label for="description"><?php echo gettext('Category Name')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $categoriesRS[0]['description']?>"></div>
</div>
<div class="buttonpanel">
***************
*** 239,243 ****
<div class="labelfieldpair">
<div class="name"><label for="description"><?php echo gettext('Description')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $detailsRS[0][description]?>" /></div>
</div>
<div class="buttonpanel">
--- 263,267 ----
<div class="labelfieldpair">
<div class="name"><label for="description"><?php echo gettext('Description')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $detailsRS[0]['description']?>" /></div>
</div>
<div class="buttonpanel">
***************
*** 261,265 ****
if ($num_categories > 0)
$details = db_recordset("SELECT * FROM tbl_ProblemDetails WHERE domain=$_SESSION[_domain] AND active=1 ORDER BY description");
! if (!$categories) $categories=$categoriesRS[0][id];
if ($message) { display($message); }
--- 285,289 ----
if ($num_categories > 0)
$details = db_recordset("SELECT * FROM tbl_ProblemDetails WHERE domain=$_SESSION[_domain] AND active=1 ORDER BY description");
! if (!$categories) $categories=$categoriesRS[0]['id'];
if ($message) { display($message); }
***************
*** 287,291 ****
$index = 0;
foreach ($categoriesRS as $record) {
! $current = filter_records($details,"category",$record[id]);
$flag = TRUE;
print (" var problems_$index = new Array('");
--- 311,315 ----
$index = 0;
foreach ($categoriesRS as $record) {
! $current = filter_records($details,"category",$record['id']);
$flag = TRUE;
print (" var problems_$index = new Array('");
***************
*** 299,303 ****
print ("','");
}
! print ($res_record[id] . "','" . addslashes($res_record[description]));
}
}
--- 323,327 ----
print ("','");
}
! print ($res_record['id'] . "','" . addslashes($res_record['description']));
}
}
***************
*** 367,372 ****
foreach ($categoriesRS as $record) {
// Set as default if this was previously chosen
! if ($record[id] == $categories) {$checked = " selected=\"selected\"";} else {$checked = "";};
! print (" <option value=\"${record[id]}\"${checked}>${record[description]}</option>\n");
}
?>
--- 391,396 ----
foreach ($categoriesRS as $record) {
// Set as default if this was previously chosen
! if ($record['id'] == $categories) {$checked = " selected=\"selected\"";} else {$checked = "";};
! print (" <option value=\"${record['id']}\"${checked}>${record['description']}</option>\n");
}
?>
|
|
From: Scott P. <wht...@us...> - 2007-09-08 05:27:12
|
Update of /cvsroot/helpmeict/Helpdesk
In directory sc8-pr-cvs17:/tmp/cvs-serv13656
Modified Files:
find.php
Log Message:
Added magic_quotes detection and added input sanitizing.
Fixed all Undefined Constants
Index: find.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/find.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -C2 -d -r1.13 -r1.14
*** find.php 7 Feb 2007 01:20:03 -0000 1.13
--- find.php 8 Sep 2007 05:27:03 -0000 1.14
***************
*** 9,12 ****
--- 9,13 ----
Changelog:
+ 2007-09-08 whtghst1: Added magic_quotes detection, sanitize all inputs, and fixed all Undefiend Constants
2006-01-14 dave: Cleaned up code for v1.0 release
2005-07-03 arne_sf: Replaced all instances of column name 'user' for table tbl_UserSites with 'userid'
***************
*** 58,84 ****
set_text_domain("find");
// Retrieve Get/Post variables
- ## There are a lot of variables here to protect!
- $act = $_REQUEST['act'];
- $id = $_REQUEST['id'];
- $orderby = $_GET['orderby'];
- $orderdir = $_GET['orderdir'];
- $page = $_GET['page'];
- $freetextscope = $_REQUEST['freetextscope'];
- $freetext = $_REQUEST['freetext'];
- $site = $_REQUEST['site'];
- $reportedby = $_REQUEST['reportedby'];
- $priority = $_REQUEST['priority'];
- $level = $_REQUEST['level'];
- $status = $_REQUEST['status'];
- $category = $_REQUEST['category'];
- $detail = $_REQUEST['detail'];
- $datefrom = $_REQUEST['datefrom'];
- $dateto = $_REQUEST['dateto'];
- $assignedto = $_REQUEST['assignedto'];
- $createdby = $_REQUEST['createdby'];
! $reset = $_REQUEST['reset'];
if ($reset == 'yes') {
// Reset remembered sql restrictions
--- 59,121 ----
set_text_domain("find");
+ foreach($_POST as $key => $val) {
+ // scrubbing the field NAME...
+ if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
+ $_POST[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
+ }
+ foreach($_GET as $key => $val) {
+ // scrubbing the field NAME...
+ if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
+ }
+
// Retrieve Get/Post variables
! ## There are a lot of variables here to protect!
! if (!get_magic_quotes_gpc()) {
!
! ## Need to do it this way because some the $_REQUEST arrays are an array of arrays do to the building of the
! ## of the multiple box's
+ $act = addslashes(htmlentities(strip_tags($_REQUEST['act']), ENT_QUOTES));
+ $id = addslashes(htmlentities(strip_tags($_REQUEST['id']), ENT_QUOTES));
+ $orderby = addslashes(htmlentities(strip_tags($_GET['orderby']), ENT_QUOTES));
+ $orderdir = addslashes(htmlentities(strip_tags($_GET['orderdir']), ENT_QUOTES));
+ $page = addslashes(htmlentities(strip_tags($_GET['page']), ENT_QUOTES));
+ $freetextscope = addslashes(htmlentities(strip_tags($_REQUEST['freetextscope']), ENT_QUOTES));
+ $freetext = addslashes(htmlentities(strip_tags($_REQUEST['freetext']), ENT_QUOTES));
+ $site = $_REQUEST['site'];
+ $reportedby = $_REQUEST['reportedby'];
+ $priority = $_REQUEST['priority'];
+ $level = $_REQUEST['level'];
+ $status = $_REQUEST['status'];
+ $category = $_REQUEST['category'];
+ $detail = $_REQUEST['detail'];
+ $datefrom = addslashes(htmlentities(strip_tags($_REQUEST['datefrom']), ENT_QUOTES));
+ $dateto = addslashes(htmlentities(strip_tags($_REQUEST['dateto']), ENT_QUOTES));
+ $assignedto = $_REQUEST['assignedto'];
+ $createdby = $_REQUEST['createdby'];
+ $reset = addslashes(htmlentities(strip_tags($_REQUEST['reset']), ENT_QUOTES));
+ }
+ else {
+ $act = htmlentities(strip_tags($_REQUEST['act']), ENT_QUOTES);
+ $id = htmlentities(strip_tags($_REQUEST['id']), ENT_QUOTES);
+ $orderby = htmlentities(strip_tags($_GET['orderby']), ENT_QUOTES);
+ $orderdir = htmlentities(strip_tags($_GET['orderdir']), ENT_QUOTES);
+ $page = htmlentities(strip_tags($_GET['page']), ENT_QUOTES);
+ $freetextscope = htmlentities(strip_tags($_REQUEST['freetextscope']), ENT_QUOTES);
+ $freetext = htmlentities(strip_tags($_REQUEST['freetext']), ENT_QUOTES);
+ $site = $_REQUEST['site'];
+ $reportedby = $_REQUEST['reportedby'];
+ $priority = $_REQUEST['priority'];
+ $level = $_REQUEST['level'];
+ $status = $_REQUEST['status'];
+ $category = $_REQUEST['category'];
+ $detail = $_REQUEST['detail'];
+ $datefrom = htmlentities(strip_tags($_REQUEST['datefrom']), ENT_QUOTES);
+ $dateto = htmlentities(strip_tags($_REQUEST['dateto']), ENT_QUOTES);
+ $assignedto = $_REQUEST['assignedto'];
+ $createdby = $_REQUEST['createdby'];
+ $reset = $_REQUEST['reset'];
+ }
if ($reset == 'yes') {
// Reset remembered sql restrictions
***************
*** 228,232 ****
foreach ($site as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 265,274 ----
foreach ($site as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 241,245 ****
foreach ($reportedby as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 283,292 ----
foreach ($reportedby as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 254,258 ****
foreach ($createdby as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 301,310 ----
foreach ($createdby as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 276,280 ****
foreach ($assignedto as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 328,337 ----
foreach ($assignedto as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 289,293 ****
foreach ($level as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 346,355 ----
foreach ($level as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 302,306 ****
foreach ($priority as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 364,373 ----
foreach ($priority as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 315,319 ****
foreach ($status as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 382,391 ----
foreach ($status as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 330,334 ****
foreach ($category as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 402,411 ----
foreach ($category as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 343,347 ****
foreach ($detail as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 420,429 ----
foreach ($detail as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 384,388 ****
if ($freetextscope != '') $field = $freetextscope;
foreach ($searchstrings as $searchstring) {
! $sql .= " AND $field ILIKE '%".addslashes($searchstring)."%'";
}
} else {
--- 466,470 ----
if ($freetextscope != '') $field = $freetextscope;
foreach ($searchstrings as $searchstring) {
! $sql .= " AND $field ILIKE '%".$searchstring."%'";
}
} else {
***************
*** 392,396 ****
$operator = 'AND';
foreach ($field as $sfield) {
! $sql .= " $operator $sfield LIKE '%".addslashes($searchstring)."%'";
$operator = 'OR';
}
--- 474,478 ----
$operator = 'AND';
foreach ($field as $sfield) {
! $sql .= " $operator $sfield LIKE '%".$searchstring."%'";
$operator = 'OR';
}
***************
*** 412,421 ****
// How many issues would be in this category
if ($is_pgsql) {
! $num_issues = $issuesRS[0][num];
} else {
$num_issues = count($issuesRS);
}
// Set page size and limit issues to that number
! $pagesize = $global_prefs[pagesize];
$num_pages = ceil($num_issues/$pagesize);
if ($is_pgsql) {
--- 494,503 ----
// How many issues would be in this category
if ($is_pgsql) {
! $num_issues = $issuesRS[0]['num'];
} else {
$num_issues = count($issuesRS);
}
// Set page size and limit issues to that number
! $pagesize = $global_prefs['pagesize'];
$num_pages = ceil($num_issues/$pagesize);
if ($is_pgsql) {
***************
*** 565,587 ****
// Show attributes
print " <tr valign=\"top\">\n";
! print " <td class=\"$class\"><a href=\"issue.php?id=${record[id]}\">${record[id]}</a></td>\n";
print " <td class=\"$class\">";
! if (strftime('%d/%m/%y',$record[createdon]) == strftime('%d/%m/%y')) {
! print strftime('%H:%M',$record[createdon]);
} else {
! print strftime('%d/%m/%y',$record[createdon]);
}
print "</td>\n";
! print " <td class=\"$class\">${record[reportedbyname]}</td>\n";
print " <td class=\"$class\">";
! print $record[assignedtoname];
print "</td>\n";
! print " <td class=\"$class\">${record[sitename]}</td>\n";
! print " <td class=\"$class\"><a href=\"issue.php?id=${record[id]}\">${record[summary]}</a></td>\n";
print " <td align=\"center\" class=\"$priority\">";
if ($record['recalled'] == 1) {
print 'Recalled';
} else {
! print $record[priorityname];
}
print "</td>\n";
--- 647,669 ----
// Show attributes
print " <tr valign=\"top\">\n";
! print " <td class=\"$class\"><a href=\"issue.php?id=${record['id']}\">${record['id']}</a></td>\n";
print " <td class=\"$class\">";
! if (strftime('%d/%m/%y',$record['createdon']) == strftime('%d/%m/%y')) {
! print strftime('%H:%M',$record['createdon']);
} else {
! print strftime('%d/%m/%y',$record['createdon']);
}
print "</td>\n";
! print " <td class=\"$class\">${record['reportedbyname']}</td>\n";
print " <td class=\"$class\">";
! print $record['assignedtoname'];
print "</td>\n";
! print " <td class=\"$class\">${record['sitename']}</td>\n";
! print " <td class=\"$class\"><a href=\"issue.php?id=${record['id']}\">${record['summary']}</a></td>\n";
print " <td align=\"center\" class=\"$priority\">";
if ($record['recalled'] == 1) {
print 'Recalled';
} else {
! print $record['priorityname'];
}
print "</td>\n";
***************
*** 692,696 ****
<?php
foreach ($sitesRS as $record) {
! print (" <option value=\"${record[id]}\">${record[site]}</option>\n");
}
?>
--- 774,778 ----
<?php
foreach ($sitesRS as $record) {
! print (" <option value=\"${record['id']}\">${record['site']}</option>\n");
}
?>
***************
*** 745,749 ****
<?php
foreach ($prioritiesRS as $record) {
! print (" <option value=\"${record[id]}\">${record[priority]}</option>\n");
}
?>
--- 827,831 ----
<?php
foreach ($prioritiesRS as $record) {
! print (" <option value=\"${record['id']}\">${record['priority']}</option>\n");
}
?>
***************
*** 757,761 ****
<?php
foreach ($levelsRS as $record) {
! print (" <option value=\"${record[id]}\">${record[level]}</option>\n");
}
?>
--- 839,843 ----
<?php
foreach ($levelsRS as $record) {
! print (" <option value=\"${record['id']}\">${record['level']}</option>\n");
}
?>
***************
*** 769,773 ****
<?php
foreach ($statusesRS as $record) {
! print (" <option value=\"${record[id]}\">${record[status]}</option>\n");
}
?>
--- 851,855 ----
<?php
foreach ($statusesRS as $record) {
! print (" <option value=\"${record['id']}\">${record['status']}</option>\n");
}
?>
***************
*** 784,788 ****
<?php
foreach ($categoriesRS as $record) {
! print (" <option value=\"${record[id]}\">${record[description]}</option>\n");
}
?>
--- 866,870 ----
<?php
foreach ($categoriesRS as $record) {
! print (" <option value=\"${record['id']}\">${record['description']}</option>\n");
}
?>
***************
*** 798,805 ****
// Create a grouped <select> list, grouping details on categories
foreach ($categoriesRS as $record) {
! print " <optgroup label=\"${record[description]}\">\n";
! $current = filter_records($detailsRS,'category',$record[id]);
foreach ($current as $recorddetail) {
! print " <option value=\"${recorddetail[id]}\">${recorddetail[description]}</option>\n";
}
print " </optgroup>\n";
--- 880,887 ----
// Create a grouped <select> list, grouping details on categories
foreach ($categoriesRS as $record) {
! print " <optgroup label=\"${record['description']}\">\n";
! $current = filter_records($detailsRS,'category',$record['id']);
foreach ($current as $recorddetail) {
! print " <option value=\"${recorddetail['id']}\">${recorddetail['description']}</option>\n";
}
print " </optgroup>\n";
|
|
From: Scott P. <wht...@us...> - 2007-09-07 22:04:30
|
Update of /cvsroot/helpmeict/Helpdesk
In directory sc8-pr-cvs17:/tmp/cvs-serv3700
Modified Files:
domains.php
Log Message:
Sanitzed all $_POST, $_GET, $_REQUEST inputs.
Added magic_gpc detection and handling.
Fixed all undefined contstants.
Index: domains.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/domains.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** domains.php 7 Feb 2007 01:20:03 -0000 1.6
--- domains.php 7 Sep 2007 22:04:21 -0000 1.7
***************
*** 9,12 ****
--- 9,13 ----
Changelog:
+ 2007-09-07 whtghst: Added gpc_magic detection, sanitized all inputs, and fixed all undefined constants.
2006-01-14 dave: Cleaned up code for v1.0 release
2005-04-27 arne_sf: Replaced MySQL- and PostgreSQL-specific sequence
***************
*** 47,59 ****
require_once 'system/message.php';
// Set Language
set_text_domain("domains");
// Retrieve Get/Post variables
- $act = $_REQUEST['act'];
- $domain = $_POST['domain'];
- $domains = $_REQUEST['domains'];
- $defaultpriority = $_POST['defaultpriority'];
// Action: Add a domain to the system
if ($act == 'adddomainaction') {
--- 48,79 ----
require_once 'system/message.php';
+ global $act, $domain, $message;
// Set Language
set_text_domain("domains");
+ foreach($_POST as $key => $val) {
+ // scrubbing the field NAME...
+ if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
+ $_POST[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
+ }
+ foreach($_REQUEST as $key => $val) {
+ if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
+ $_REQUEST[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
+ }
+
// Retrieve Get/Post variables
+ if (!get_magic_quotes_gpc()) {
+ $act = addslashes($_REQUEST['act']);
+ $domain = addslashes($_POST['domain']);
+ $domains = addslashes($_REQUEST['domains']);
+ $defaultpriority = addslashes($_POST['defaultpriority']);
+ }
+ else {
+ $act = $_REQUEST['act'];
+ $domain = $_POST['domain'];
+ $domains = $_REQUEST['domains'];
+ $defaultpriority = $_POST['defaultpriority'];
+ }
// Action: Add a domain to the system
if ($act == 'adddomainaction') {
***************
*** 67,74 ****
$domains = '';
! if ($_SESSION[_domain] == '') {
! $_SESSION[_domain] = $domain_id;
! $_SESSION[_domainname] = $domain;
! $_SESSION[_domaincss] = '';
}
$message = 'NOTE: Domain successfully added to system.';
--- 87,94 ----
$domains = '';
! if ($_SESSION['_domain'] == '') {
! $_SESSION['_domain'] = $domain_id;
! $_SESSION['_domainname'] = $domain;
! $_SESSION['_domaincss'] = '';
}
$message = 'NOTE: Domain successfully added to system.';
***************
*** 76,80 ****
$dirname = dirname($_SERVER['PHP_SELF']);
$https = 'http'.($_SERVER['HTTPS'] ? 's' : '');
! $headertext = "Location: $https://".$_SERVER['HTTP_HOST'].$dirname.(strrpos($dirname,'/') == (strlen($dirname)-1)?'':'/').'domains.php?domains='.$_SESSION[_domain];
header($headertext);
--- 96,100 ----
$dirname = dirname($_SERVER['PHP_SELF']);
$https = 'http'.($_SERVER['HTTPS'] ? 's' : '');
! $headertext = "Location: $https://".$_SERVER['HTTP_HOST'].$dirname.(strrpos($dirname,'/') == (strlen($dirname)-1)?'':'/').'domains.php?domains='.$_SESSION['_domain'];
header($headertext);
***************
*** 112,120 ****
// If it is this domain that has been deleted, find another to set as current
if ($domains == $_SESSION['_domain']) {
! $_SESSION['_domain'] = $domainsRS[0][id];
! $_SESSION['_domainname'] = $domainsRS[0][domain];
! $_SESSION['_domaincss'] = $domainsRS[0][css];
}
! $domains = $domainsRS[0][id];
$dirname = dirname($_SERVER['PHP_SELF']);
--- 132,140 ----
// If it is this domain that has been deleted, find another to set as current
if ($domains == $_SESSION['_domain']) {
! $_SESSION['_domain'] = $domainsRS[0]['id'];
! $_SESSION['_domainname'] = $domainsRS[0]['domain'];
! $_SESSION['_domaincss'] = $domainsRS[0]['css'];
}
! $domains = $domainsRS[0]['id'];
$dirname = dirname($_SERVER['PHP_SELF']);
***************
*** 215,219 ****
<div class="labelfieldpair">
<div class="name"><label for="domain"><?php echo gettext('Domain Name')?></label></div>
! <div class="field"><input type="text" name="domain" id="domain" size="35" maxlength="50" value="<?php echo $domainsRS[0][domain]?>"></div>
</div>
<?php
--- 235,239 ----
<div class="labelfieldpair">
<div class="name"><label for="domain"><?php echo gettext('Domain Name')?></label></div>
! <div class="field"><input type="text" name="domain" id="domain" size="35" maxlength="50" value="<?php echo $domainsRS[0]['domain']?>"></div>
</div>
<?php
***************
*** 226,232 ****
<?php
foreach ($prioritiesRS as $record) {
! if ($record[id] == $domainsRS[0]['defaultpriority']) {$checked = " selected=\"selected\"";} else {$checked = "";};
! print " <option value=\"${record[id]}\"$checked>".
! preg_replace('/Ungraded/',gettext('Ungraded'),$record[priority])."</option>\n";
}
?>
--- 246,252 ----
<?php
foreach ($prioritiesRS as $record) {
! if ($record['id'] == $domainsRS[0]['defaultpriority']) {$checked = " selected=\"selected\"";} else {$checked = "";};
! print " <option value=\"${record['id']}\"$checked>".
! preg_replace('/Ungraded/',gettext('Ungraded'),$record['priority'])."</option>\n";
}
?>
***************
*** 250,254 ****
$num_domains = count($domainsRS);
! if (!$domains) $domains=$domainsRS[0][id];
if ($message) { display(gettext($message));}
?>
--- 270,274 ----
$num_domains = count($domainsRS);
! if (!$domains) $domains=$domainsRS[0]['id'];
if ($message) { display(gettext($message));}
?>
***************
*** 296,301 ****
foreach ($domainsRS as $record) {
// Set as default if it was the last to be visited.
! if ($record[id] == $domains) {$checked = " selected=\"selected\"";} else {$checked = "";};
! print (" <option value=\"${record[id]}\"${checked}>${record[domain]}</option>\n");
}
?>
--- 316,321 ----
foreach ($domainsRS as $record) {
// Set as default if it was the last to be visited.
! if ($record['id'] == $domains) {$checked = " selected=\"selected\"";} else {$checked = "";};
! print (" <option value=\"${record['id']}\"${checked}>${record['domain']}</option>\n");
}
?>
|
|
From: Scott P. <wht...@us...> - 2007-09-07 08:53:58
|
Update of /cvsroot/helpmeict/Helpdesk
In directory sc8-pr-cvs17:/tmp/cvs-serv14176
Modified Files:
issue.php
Log Message:
removed errant line left in for debuging.
Index: issue.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/issue.php,v
retrieving revision 1.39
retrieving revision 1.40
diff -C2 -d -r1.39 -r1.40
*** issue.php 7 Sep 2007 08:03:38 -0000 1.39
--- issue.php 7 Sep 2007 08:53:50 -0000 1.40
***************
*** 76,81 ****
}
- echo $_POST['selectmark'];
-
// Retrieve Get/Post variables
--- 76,79 ----
|
|
From: Scott P. <wht...@us...> - 2007-09-07 08:03:43
|
Update of /cvsroot/helpmeict/Helpdesk
In directory sc8-pr-cvs17:/tmp/cvs-serv26477
Modified Files:
issue.php
Log Message:
Fix santizing input in the issue entry to prevent XSS.
Fixes bug# 1715697
Index: issue.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/issue.php,v
retrieving revision 1.38
retrieving revision 1.39
diff -C2 -d -r1.38 -r1.39
*** issue.php 7 Sep 2007 04:28:29 -0000 1.38
--- issue.php 7 Sep 2007 08:03:38 -0000 1.39
***************
*** 8,11 ****
--- 8,12 ----
Changelog:
+ 2007-09-07 whtghst1: Fixed input sanitize to fix XSS.
2007-09-06 whtghst1: Fixed issue with Prooblem Detail changing when publishing to KB.
2007-09-06 whtghst1: Added magic_gpc_quotes detection and fixed all undefined constants errors
***************
*** 66,70 ****
--- 67,83 ----
set_text_domain("issue");
+ //Clean oall POST values
+ foreach($_POST as $key => $val) {
+ // scubbing the field NAME...
+ if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
+ if ($key != "selectremark") {
+ $_POST[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
+ }
+ }
+
+ echo $_POST['selectmark'];
+
// Retrieve Get/Post variables
+
$act = $_REQUEST['act'];
$level = $_POST['level'];
|
|
From: Scott P. <wht...@us...> - 2007-09-07 05:04:17
|
Update of /cvsroot/helpmeict/Helpdesk/system
In directory sc8-pr-cvs17:/tmp/cvs-serv17400
Modified Files:
authentication.php
Log Message:
Fixed from logging passwords in the clear.
I now have it generate an MD5 has of the password the failed.
This could be bad if someone types correct password but incorrect username.
Fixes bug report# 1718493
Index: authentication.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/system/authentication.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** authentication.php 7 Feb 2007 01:20:17 -0000 1.4
--- authentication.php 7 Sep 2007 05:04:13 -0000 1.5
***************
*** 6,9 ****
--- 6,10 ----
Changelog:
+ 2007-09-07 whtghst1: stop passwords from being logged in the clear in the database.
2006-01-14 dave: Cleaned up code for v1.0 release
2005-07-02 arne_sf: Failed login attempts are now logged on userid 0, not "-1" as before (which caused a constraint violation)
***************
*** 46,49 ****
--- 47,51 ----
// Try to find the submitted username and password combination in the
// tbl_Users database table.
+ $passwordhash = md5($password);
$sql = "SELECT id,username,name,email,root,restricted FROM tbl_Users
WHERE active=1 AND username='" . strtolower($user) . "' AND pass='" .
***************
*** 53,57 ****
if (count($result) == 0) {
//Attempt unsucessful
! makelog(0,0,"ATTEMPTED LOGIN - FAILURE","User: $user, with password: $password");
return 0;
} elseif (count($result) != 1) {
--- 55,59 ----
if (count($result) == 0) {
//Attempt unsucessful
! makelog(0,0,"ATTEMPTED LOGIN - FAILURE","User: $user, with password: ($passwordhash");
return 0;
} elseif (count($result) != 1) {
***************
*** 70,72 ****
}
! ?>
\ No newline at end of file
--- 72,74 ----
}
! ?>
|
|
From: Scott P. <wht...@us...> - 2007-09-07 04:28:32
|
Update of /cvsroot/helpmeict/Helpdesk
In directory sc8-pr-cvs17:/tmp/cvs-serv3754
Modified Files:
issue.php
Log Message:
Fixed Bug#1788000 Problem Detail changes when you publish to KB.
Index: issue.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/issue.php,v
retrieving revision 1.37
retrieving revision 1.38
diff -C2 -d -r1.37 -r1.38
*** issue.php 7 Sep 2007 03:04:24 -0000 1.37
--- issue.php 7 Sep 2007 04:28:29 -0000 1.38
***************
*** 8,11 ****
--- 8,12 ----
Changelog:
+ 2007-09-06 whtghst1: Fixed issue with Prooblem Detail changing when publishing to KB.
2007-09-06 whtghst1: Added magic_gpc_quotes detection and fixed all undefined constants errors
2006-01-14 dave: Cleaned up code for v1.0 release
***************
*** 640,644 ****
if ($acl_reload) {
! $acl = get_issue_acl($issue[0],$_SESSION[_id]);
}
--- 641,645 ----
if ($acl_reload) {
! $acl = get_issue_acl($issue[0],$_SESSION['_id']);
}
***************
*** 720,724 ****
DetailsList[0] = new Option('<?php echo gettext("Unknown");?>');
DetailsList[0].value = 0;
! if (DetailsList[0].value == <?php echo $issue[0][detail];?> && initialflag == 1) {
DetailsList[0].selected = true;
initialflag = 0;
--- 721,725 ----
DetailsList[0] = new Option('<?php echo gettext("Unknown");?>');
DetailsList[0].value = 0;
! if (DetailsList[0].value == <?php echo $issue[0]['detail'];?> && initialflag == 1) {
DetailsList[0].selected = true;
initialflag = 0;
***************
*** 1039,1043 ****
<?php } else {?>
<div class="value">
! <input type="hidden" name="details" id="details" value="0" />
<?php echo preg_replace('/Unknown/',gettext('Unknown'),$issue[0]['detailname']);?>
[<a href="find.php?act=action&reset=yes&detail%5B%5D=<?php
--- 1040,1044 ----
<?php } else {?>
<div class="value">
! <input type="hidden" name="details" id="details" value="<?php echo $issue[0]['detail'];?>" />
<?php echo preg_replace('/Unknown/',gettext('Unknown'),$issue[0]['detailname']);?>
[<a href="find.php?act=action&reset=yes&detail%5B%5D=<?php
|
|
From: Scott P. <wht...@us...> - 2007-09-07 03:04:28
|
Update of /cvsroot/helpmeict/Helpdesk
In directory sc8-pr-cvs17:/tmp/cvs-serv3692
Modified Files:
issue.php
Log Message:
Added magic_gpc detection
Cleaned up all undefined constants
Index: issue.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/issue.php,v
retrieving revision 1.36
retrieving revision 1.37
diff -C2 -d -r1.36 -r1.37
*** issue.php 11 Mar 2007 16:57:50 -0000 1.36
--- issue.php 7 Sep 2007 03:04:24 -0000 1.37
***************
*** 8,11 ****
--- 8,12 ----
Changelog:
+ 2007-09-06 whtghst1: Added magic_gpc_quotes detection and fixed all undefined constants errors
2006-01-14 dave: Cleaned up code for v1.0 release
2005-07-02 arne_sf: Replaced all instances of column name 'user'
***************
*** 70,79 ****
$oldlevelname = $_POST['oldlevelname'];
$publish = $_POST['publish'];
[...1336 lines suppressed...]
<div class="field">
<input type="checkbox" name="confidential" id="confidential" checked="checked" value="true" onclick="showConfidentiality(this,'remark','#EEEEFF')" />
! <label for="confidential"><?php echo gettext("Make this remark confidential.");?></label>
</div>
</div>
***************
*** 1437,1442 ****
<?php if ($acl['edit_remark'] || $acl['add_remark']) {?>
<div class="buttonpanel">
! <input name="submitremark" type="button" id="submitremark" value="<?php echo gettext("Submit Changes")?>" onclick="mainSubmit()" />
! <input name="resetremark" type="reset" id="resetremark" value="<?php echo gettext("Reset")?>" />
</div>
<?php }?>
--- 1454,1459 ----
<?php if ($acl['edit_remark'] || $acl['add_remark']) {?>
<div class="buttonpanel">
! <input name="submitremark" type="button" id="submitremark" value="<?php echo gettext("Submit Changes");?>" onclick="mainSubmit()" />
! <input name="resetremark" type="reset" id="resetremark" value="<?php echo gettext("Reset");?>" />
</div>
<?php }?>
|
|
From: Scott P. <wht...@us...> - 2007-09-07 00:02:33
|
Update of /cvsroot/helpmeict/Helpdesk/system
In directory sc8-pr-cvs17:/tmp/cvs-serv30400/Helpdesk/system
Modified Files:
security.php
Log Message:
Added Login form to AccessDenied() function and changed login so that the redirect works correctly.
Index: security.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/system/security.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** security.php 11 Mar 2007 16:32:12 -0000 1.5
--- security.php 7 Sep 2007 00:02:26 -0000 1.6
***************
*** 41,45 ****
// Deny access to a user - use after sidebar has been displayed
function AccessDenied() {
! global $helpdeskdb, $_lang;
// Set Language
set_text_domain("security");
--- 41,45 ----
// Deny access to a user - use after sidebar has been displayed
function AccessDenied() {
! global $helpdeskdb, $_lang , $redirect;
// Set Language
set_text_domain("security");
***************
*** 47,51 ****
print "<h1>".gettext("Access Error")."</h1>\n";
print "<h2>".gettext("Either you do not have permission to access this page or you are not currently logged in.")."</h2>\n";
! print "<div class=\"block\" align=\"center\"><p>".sprintf(gettext('Please choose another option or %slog in%s as a user who does have permission to access the page.'), '<a href="index.php?redirect='.urlencode($_SERVER["REQUEST_URI"]).'">', '</a>')."</p></div>";
// Include
--- 47,88 ----
print "<h1>".gettext("Access Error")."</h1>\n";
print "<h2>".gettext("Either you do not have permission to access this page or you are not currently logged in.")."</h2>\n";
! print "<div class=\"block\" align=\"center\"><p> Please choose another option or log in as a user who does have permission to access the page. </p></div>";
! ?>
!
! <script language="javascript" type="text/javascript" src="system/forms.js"></script>
!
! <div class="block">
! <form id="login" method="post" class="login" action="login.php">
! <input name="redirect" type="hidden" value="<?php
! $redirect = basename($_SERVER['PHP_SELF']);
! if ($_SERVER['QUERY_STRING']) { $redirect = $redirect . "?" . $_SERVER['QUERY_STRING'];}
! echo $redirect;
! ?>" />
! <div class="labelfieldpair">
! <div class="name"><label for="user"><?php echo gettext("Username");?></label></div>
! <div class="value"><input name="user" id="user" type="text" size="15" maxlength="20" value="[username]" onfocus="focusElement(this)" onblur="blurElement(this)" /></div>
! </div>
! <div class="labelfieldpair">
! <div class="name"><label for="pass"><?php echo gettext("Password");?></label></div>
! <div class="value"><input type="password" name="password" id="pass" size="15" maxlength="20" /></div>
! </div>
! <div class="labelfieldpair">
! <div class="name"> </div>
! <div class="value"><input type="submit" value="<?php echo gettext("Login"); ?>" /></div>
! </div>
! </form>
! </div>
!
! <script language="javascript" type="text/javascript">
! //<![CDATA[
! <!--
!
! document.forms.login.user.focus();
!
! //-->
! //]]>
! </script>
!
! <?php
// Include
***************
*** 53,58 ****
exit;
}
!
!
!
! ?>
\ No newline at end of file
--- 90,92 ----
exit;
}
! ?>
|
|
From: Scott P. <wht...@us...> - 2007-09-07 00:02:33
|
Update of /cvsroot/helpmeict/Helpdesk
In directory sc8-pr-cvs17:/tmp/cvs-serv30400/Helpdesk
Modified Files:
index.php login.php
Log Message:
Added Login form to AccessDenied() function and changed login so that the redirect works correctly.
Index: login.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/login.php,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** login.php 11 Mar 2007 16:32:12 -0000 1.10
--- login.php 7 Sep 2007 00:02:25 -0000 1.11
***************
*** 206,213 ****
$relative_url = 'unassignedissues.php';
}
- $dirname = dirname($_SERVER['PHP_SELF']);
- $relative_url = $dirname.(strrpos($dirname,'/') == (strlen($dirname)-1)?'':'/').$relative_url;
}
!
$https = 'http'.($_SERVER['HTTPS'] ? 's' : '');
$headertext = "Location: $https://".$_SERVER['HTTP_HOST'].$relative_url;
--- 206,213 ----
$relative_url = 'unassignedissues.php';
}
}
! $dirname = dirname($_SERVER['PHP_SELF']);
! $relative_url = $dirname.(strrpos($dirname,'/') == (strlen($dirname)-1)?'':'/').$relative_url;
!
$https = 'http'.($_SERVER['HTTPS'] ? 's' : '');
$headertext = "Location: $https://".$_SERVER['HTTP_HOST'].$relative_url;
Index: index.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/index.php,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** index.php 11 Mar 2007 16:32:12 -0000 1.10
--- index.php 7 Sep 2007 00:02:25 -0000 1.11
***************
*** 37,41 ****
// Version number of this release (also defined in upgrade.php)
! define(SCRIPTVERSION, '0.9.9');
// Global configuration
--- 37,41 ----
// Version number of this release (also defined in upgrade.php)
! define("SCRIPTVERSION", '0.9.9');
// Global configuration
***************
*** 59,62 ****
--- 59,64 ----
set_text_domain("index");
+ global $redirect;
+
?>
|
|
From: David T. <mmm...@us...> - 2007-03-11 16:57:58
|
Update of /cvsroot/helpmeict/Helpdesk/share/themes/blue/css In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv20407/share/themes/blue/css Modified Files: common.css Log Message: Minor Index: common.css =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/share/themes/blue/css/common.css,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** common.css 11 Mar 2007 15:23:48 -0000 1.3 --- common.css 11 Mar 2007 16:57:51 -0000 1.4 *************** *** 180,181 **** --- 180,190 ---- background-color: inherit !important; } + + #helpmeict form { + padding: 0px; + margin: 0px; + } + + #helpmeict .hide { + visibility: hidden; + } |
|
From: David T. <mmm...@us...> - 2007-03-11 16:57:58
|
Update of /cvsroot/helpmeict/Helpdesk In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv20407 Modified Files: issue.php unassignedissues.php Log Message: Minor Index: unassignedissues.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/unassignedissues.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** unassignedissues.php 7 Feb 2007 01:20:04 -0000 1.6 --- unassignedissues.php 11 Mar 2007 16:57:50 -0000 1.7 *************** *** 302,305 **** --- 302,306 ---- <?php } + // Include require 'footer.php'; Index: issue.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/issue.php,v retrieving revision 1.35 retrieving revision 1.36 diff -C2 -d -r1.35 -r1.36 *** issue.php 11 Mar 2007 15:23:48 -0000 1.35 --- issue.php 11 Mar 2007 16:57:50 -0000 1.36 *************** *** 151,168 **** } - // Action worktimer. - if ($acl['use_wrktimer']) { - if ($is_pgsql) { - require_once 'system/worktimer_pg.inc'; - } else { - require_once 'system/worktimer_mysql.inc'; - } - - if ($act == 'wrktm') { - wrktm_act(); - $act = ''; - } - } - // Action: Edit issue if ($act == 'action' && $acl['edit_issue']) { --- 151,154 ---- *************** *** 846,869 **** <?php } - if ($acl['view_wrktimer']) { - $wrktm_labels = array ( - gettext('Start Timer'), - gettext('Stop Timer'), - gettext('Restart Timer'), - gettext('Reset Timer'), - gettext('Add Time to Issue'), - gettext('The time has been copied to the "Spend Time" fields below.\n\nPlease submit the issue to finally save it with the issue.') - ); - if ($is_pgsql) { - require_once 'system/worktimer_pg.inc'; - } else { - require_once 'system/worktimer_mysql.inc'; - } - wrktm_display(); - } ?> <div class="block"> <form name="mainform" id="mainform" method="post" action="" class="login" enctype="multipart/form-data"> - <br /> <?php if ($acl['edit_issue']) {?> <input type="hidden" name="act" value="action" /> --- 832,838 ---- *************** *** 1353,1357 **** </script> <?php } ?> - <br /> <?php if ($acl['view_remarks'] || $acl['add_remark'] || $acl['edit_remark']) { if (count($issue) > 0) { --- 1322,1325 ---- |
|
From: David T. <mmm...@us...> - 2007-03-11 16:57:57
|
Update of /cvsroot/helpmeict/Helpdesk/share/themes/osx/css In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv20407/share/themes/osx/css Modified Files: common.css Log Message: Minor Index: common.css =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/share/themes/osx/css/common.css,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** common.css 11 Mar 2007 15:23:48 -0000 1.3 --- common.css 11 Mar 2007 16:57:51 -0000 1.4 *************** *** 100,101 **** --- 100,111 ---- margin: 1em 1em 1em 1em; } + + #helpmeict .hide { + visibility: hidden; + } + + #helpmeict form { + padding: 0px; + margin: 0px; + } + |
|
From: David T. <mmm...@us...> - 2007-03-11 16:57:56
|
Update of /cvsroot/helpmeict/Helpdesk/system In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv20407/system Modified Files: mail.php Log Message: Minor Index: mail.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/mail.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** mail.php 7 Feb 2007 01:20:17 -0000 1.2 --- mail.php 11 Mar 2007 16:57:52 -0000 1.3 *************** *** 54,60 **** if ($which == "verify") { ! $link = "$https://{$_SERVER['HTTP_HOST']}{$dirname}verifyemail.php?id=$message"; } else { ! $link = "$https://{$_SERVER['HTTP_HOST']}{$dirname}issue.php?id=$id"; } --- 54,60 ---- if ($which == "verify") { ! $link = "$https://{$_SERVER['SERVER_NAME']}{$dirname}verifyemail.php?id=$message"; } else { ! $link = "$https://{$_SERVER['SERVER_NAME']}{$dirname}issue.php?id=$id"; } *************** *** 96,100 **** //echo "$line<br>"; $line = str_replace('%%ISSUE%%',"$id",$line); ! $line = str_replace('%%SITEURL%%',"$https://{$_SERVER['HTTP_HOST']}/",$line); $line = str_replace('%%LINK%%',"$link",$line); $line = str_replace('%%USER%%',"$user",$line); --- 96,100 ---- //echo "$line<br>"; $line = str_replace('%%ISSUE%%',"$id",$line); ! $line = str_replace('%%SITEURL%%',"$https://{$_SERVER['SERVER_NAME']}/",$line); $line = str_replace('%%LINK%%',"$link",$line); $line = str_replace('%%USER%%',"$user",$line); |
|
From: David T. <mmm...@us...> - 2007-03-11 16:32:23
|
Update of /cvsroot/helpmeict/Helpdesk/system In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv9918/system Modified Files: db.php security.php Log Message: bug fixes Index: db.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/db.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** db.php 11 Mar 2007 15:23:48 -0000 1.3 --- db.php 11 Mar 2007 16:32:12 -0000 1.4 *************** *** 86,90 **** // Query database $data =& $helpdeskdb->getAll(filter_sql($sql)); ! // Check that result is not an error if (PEAR::isError($data)) --- 86,90 ---- // Query database $data =& $helpdeskdb->getAll(filter_sql($sql)); ! // Check that result is not an error if (PEAR::isError($data)) Index: security.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/security.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** security.php 11 Mar 2007 15:23:48 -0000 1.4 --- security.php 11 Mar 2007 16:32:12 -0000 1.5 *************** *** 27,35 **** */ // Deny a user access, and display the login sidebar function ThrowOut() { global $helpdeskdb, $_lang, $conf; - $redirect = $_SERVER["REQUEST_URI"]; - $ptitle = 'Access Error'; include "header.php"; AccessDenied(); --- 27,38 ---- */ + require_once 'system/db.php'; + require_once 'system/lang.php'; + require_once 'config/global.conf.php'; + // Deny a user access, and display the login sidebar function ThrowOut() { + session_destroy(); global $helpdeskdb, $_lang, $conf; include "header.php"; AccessDenied(); *************** *** 38,42 **** // Deny access to a user - use after sidebar has been displayed function AccessDenied() { ! global $helpdeskdb; // Set Language set_text_domain("security"); --- 41,45 ---- // Deny access to a user - use after sidebar has been displayed function AccessDenied() { ! global $helpdeskdb, $_lang; // Set Language set_text_domain("security"); *************** *** 44,51 **** print "<h1>".gettext("Access Error")."</h1>\n"; print "<h2>".gettext("Either you do not have permission to access this page or you are not currently logged in.")."</h2>\n"; ! print "<div class=\"block\" align=\"center\"><p>".gettext("Please choose another option or log in as a user who does have permission to access the page.")."</p></div>"; // Include ! require 'footer.php'; exit; } --- 47,54 ---- print "<h1>".gettext("Access Error")."</h1>\n"; print "<h2>".gettext("Either you do not have permission to access this page or you are not currently logged in.")."</h2>\n"; ! print "<div class=\"block\" align=\"center\"><p>".sprintf(gettext('Please choose another option or %slog in%s as a user who does have permission to access the page.'), '<a href="index.php?redirect='.urlencode($_SERVER["REQUEST_URI"]).'">', '</a>')."</p></div>"; // Include ! include 'footer.php'; exit; } |
|
From: David T. <mmm...@us...> - 2007-03-11 16:32:23
|
Update of /cvsroot/helpmeict/Helpdesk In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv9918 Modified Files: footer.php index.php login.php Log Message: bug fixes Index: login.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/login.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** login.php 7 Feb 2007 01:46:40 -0000 1.9 --- login.php 11 Mar 2007 16:32:12 -0000 1.10 *************** *** 58,62 **** print "<h1>".gettext('Access Error')."</h1>\n"; print "<h2>".gettext('Your username or password is incorrect.')."</h2>\n"; ! print "<div class=\"block\" align=\"center\"><p><a href=\"/index.php\">".gettext('Please try again.')."</a></p></div>"; include 'footer.php'; exit; --- 58,62 ---- print "<h1>".gettext('Access Error')."</h1>\n"; print "<h2>".gettext('Your username or password is incorrect.')."</h2>\n"; ! print "<div class=\"block\" align=\"center\"><p><a href=\"index.php\">".gettext('Please try again.')."</a></p></div>"; include 'footer.php'; exit; *************** *** 196,212 **** $_SESSION['_domainname'] = $domains[0][domain]; ! $relative_uri = $redirect; ! if ($_SESSION['_usertype'] == 'Client') { ! $relative_uri = 'myissues.php'; ! } elseif ($_SESSION['_usertype'] == 'Root') { ! $relative_uri = 'domains.php'; ! } elseif ($redirect == '') { ! $relative_uri = 'unassignedissues.php'; } - $dirname = dirname($_SERVER['PHP_SELF']); $https = 'http'.($_SERVER['HTTPS'] ? 's' : ''); ! $headertext = "Location: $https://".$_SERVER['HTTP_HOST'].$dirname. ! (strrpos($dirname,'/') == (strlen($dirname)-1)?'':'/').$relative_uri; makelog($_SESSION['_id'], $_SESSION['_domain'], 'LOGIN', --- 196,215 ---- $_SESSION['_domainname'] = $domains[0][domain]; ! $relative_url = $redirect; ! if ($relative_url == '') ! { ! if ($_SESSION['_usertype'] == 'Client') { ! $relative_url = 'myissues.php'; ! } elseif ($_SESSION['_usertype'] == 'Root') { ! $relative_url = 'domains.php'; ! } else { ! $relative_url = 'unassignedissues.php'; ! } ! $dirname = dirname($_SERVER['PHP_SELF']); ! $relative_url = $dirname.(strrpos($dirname,'/') == (strlen($dirname)-1)?'':'/').$relative_url; } $https = 'http'.($_SERVER['HTTPS'] ? 's' : ''); ! $headertext = "Location: $https://".$_SERVER['HTTP_HOST'].$relative_url; makelog($_SESSION['_id'], $_SESSION['_domain'], 'LOGIN', *************** *** 215,219 **** header($headertext); - $ptitle = 'Login'; require 'header.php'; --- 218,221 ---- *************** *** 221,237 **** ?> ! <div align="center"> ! ! <h2><?php echo gettext('Helpdesk Management Tool')?></h2> ! <br /><br /><br /><br /> ! ! <strong><?php echo gettext('You have successfully logged into the domain')?>:</strong><br /><br /> ! <h2><?php echo $domains[0][domain]?></h2><br /><br /> ! <?php echo gettext('Name')?>: <strong><?php echo $_SESSION['_name']?></strong><br /><br /><br /><br /> ! ! <a href="<?php echo $relative_uri?>"><?php echo gettext('Continue')?>...</a> ! ! <br /><br /><br /><br /> ! <br /><br /><br /><br /> <?php --- 223,233 ---- ?> ! <h1><?php echo gettext('Helpdesk Management Tool')?></h1> ! <h2><?php echo gettext('You have successfully logged into the domain')?>: <?php echo $domains[0][domain]; ?></h2> ! ! <div class="block"> ! <?php echo gettext('Name')?>: <strong><?php echo $_SESSION['_name']?></strong><br/><br/> ! <a href="<?php echo $relative_url?>"><?php echo gettext('Continue')?>...</a> ! </div> <?php Index: footer.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/footer.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** footer.php 11 Mar 2007 15:23:48 -0000 1.4 --- footer.php 11 Mar 2007 16:32:12 -0000 1.5 *************** *** 76,80 **** // Build navigation tree - if ($_SESSION['_username'] == '') { // Set up sidebar links from DB --- 76,79 ---- Index: index.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/index.php,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** index.php 7 Feb 2007 01:20:03 -0000 1.9 --- index.php 11 Mar 2007 16:32:12 -0000 1.10 *************** *** 68,72 **** <div class="block"> <form id="login" method="post" class="login" action="login.php"> ! <input name="redirect" type="hidden" value="<?php echo $redirect?>" /> <div class="labelfieldpair"> <div class="name"><label for="user"><?php echo gettext("Username");?></label></div> --- 68,72 ---- <div class="block"> <form id="login" method="post" class="login" action="login.php"> ! <input name="redirect" type="hidden" value="<?php echo $_GET['redirect']; ?>" /> <div class="labelfieldpair"> <div class="name"><label for="user"><?php echo gettext("Username");?></label></div> |
|
From: David T. <mmm...@us...> - 2007-03-11 15:23:58
|
Update of /cvsroot/helpmeict/Helpdesk/share/themes/blue In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv11591/share/themes/blue Modified Files: header Log Message: getting there... Index: header =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/share/themes/blue/header,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** header 7 Feb 2007 01:20:16 -0000 1.2 --- header 11 Mar 2007 15:23:48 -0000 1.3 *************** *** 1,3 **** --- 1,5 ---- <?php + include_once 'config/global.conf.php'; + // Print xml version line correctly print '<?xml version="1.0" encoding="utf-8"?>'; *************** *** 18,26 **** || substr_count($path,'myissues.php') || substr_count($path,'mysitesissues.php')) ! { ?> <meta http-equiv="Refresh" content="<?php echo 120; ?>"> <?php ! } ?> --- 20,28 ---- || substr_count($path,'myissues.php') || substr_count($path,'mysitesissues.php')) ! { ?> <meta http-equiv="Refresh" content="<?php echo 120; ?>"> <?php ! } ?> *************** *** 36,39 **** --- 38,44 ---- <link rel="alternate" type="application/rss+xml" href="rssfeed.php" title="Unassigned Issues Feed"> + + <!-- Page Title --> + <title><?php echo $conf['system_name'] ?></title> </head> |
|
From: David T. <mmm...@us...> - 2007-03-11 15:23:58
|
Update of /cvsroot/helpmeict/Helpdesk/system In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv11591/system Modified Files: db.php global_preferences.php lang.php security.php themes.php upgrade.0.9.2.inc.php upgrade.0.9.3.inc.php upgrade.0.9.9.inc.php upgrade.1.0.inc.php upgrade.php Log Message: getting there... Index: upgrade.0.9.3.inc.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/upgrade.0.9.3.inc.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** upgrade.0.9.3.inc.php 7 Feb 2007 01:20:18 -0000 1.2 --- upgrade.0.9.3.inc.php 11 Mar 2007 15:23:49 -0000 1.3 *************** *** 37,45 **** $qry['mysql'] = "ALTER TABLE tbl_Link_Categories ADD COLUMN lang char(5) DEFAULT 'en_UK' NOT NULL"; $qry['mssql'] = "ALTER TABLE tbl_Link_Categories ADD COLUMN lang char(5)"; ! if ($qry[$db->phptype] != "") { ! $res = $db->query($qry[$db->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $db->phptype . " not yet supported by the upgrade routine!<BR />\n"; --- 37,45 ---- $qry['mysql'] = "ALTER TABLE tbl_Link_Categories ADD COLUMN lang char(5) DEFAULT 'en_UK' NOT NULL"; $qry['mssql'] = "ALTER TABLE tbl_Link_Categories ADD COLUMN lang char(5)"; ! if ($qry[$helpdeskdb->phptype] != "") { ! $res = $helpdeskdb->query($qry[$helpdeskdb->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $helpdeskdb->phptype . " not yet supported by the upgrade routine!<BR />\n"; *************** *** 48,65 **** // First update all existing records with default value $qry = "UPDATE tbl_Link_Categories SET lang='en_UK'"; ! $res = $db->query($qry); if (!PEAR::isError($res)) { // PostgreSQL and MSSQL need a couple more ALTER TABLE's ! if ($db->phptype == 'pgsql' || $db->phptype == 'mssql') { // Set default value on the column $qry = "ALTER TABLE tbl_Link_Categories ALTER COLUMN lang SET DEFAULT 'en_UK'"; ! $res = $db->query($qry); if (!PEAR::isError($res)) { // Set column to not allow NULL $qry = "ALTER TABLE tbl_Link_Categories ALTER COLUMN lang SET NOT NULL"; ! $res = $db->query($qry); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; } else $output[] = $res->getMessage(); // Query failed --- 48,65 ---- // First update all existing records with default value $qry = "UPDATE tbl_Link_Categories SET lang='en_UK'"; ! $res = $helpdeskdb->query($qry); if (!PEAR::isError($res)) { // PostgreSQL and MSSQL need a couple more ALTER TABLE's ! if ($helpdeskdb->phptype == 'pgsql' || $helpdeskdb->phptype == 'mssql') { // Set default value on the column $qry = "ALTER TABLE tbl_Link_Categories ALTER COLUMN lang SET DEFAULT 'en_UK'"; ! $res = $helpdeskdb->query($qry); if (!PEAR::isError($res)) { // Set column to not allow NULL $qry = "ALTER TABLE tbl_Link_Categories ALTER COLUMN lang SET NOT NULL"; ! $res = $helpdeskdb->query($qry); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; } else $output[] = $res->getMessage(); // Query failed *************** *** 75,83 **** $qry['mysql'] = "ALTER TABLE tbl_News ADD COLUMN lang char(5) DEFAULT 'en_UK' NOT NULL"; $qry['mssql'] = "ALTER TABLE tbl_News ADD COLUMN lang char(5)"; ! if ($qry[$db->phptype] != "") { ! $res = $db->query($qry[$db->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $db->phptype . " not yet supported by the upgrade routine!<BR />\n"; --- 75,83 ---- $qry['mysql'] = "ALTER TABLE tbl_News ADD COLUMN lang char(5) DEFAULT 'en_UK' NOT NULL"; $qry['mssql'] = "ALTER TABLE tbl_News ADD COLUMN lang char(5)"; ! if ($qry[$helpdeskdb->phptype] != "") { ! $res = $helpdeskdb->query($qry[$helpdeskdb->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $helpdeskdb->phptype . " not yet supported by the upgrade routine!<BR />\n"; *************** *** 86,103 **** // First update all existing records with default value $qry = "UPDATE tbl_News SET lang='en_UK'"; ! $res = $db->query($qry); if (!PEAR::isError($res)) { // PostgreSQL and MSSQL need a couple more ALTER TABLE's ! if ($db->phptype == 'pgsql' || $db->phptype == 'mssql') { // Set default value on the column $qry = "ALTER TABLE tbl_News ALTER COLUMN lang SET DEFAULT 'en_UK'"; ! $res = $db->query($qry); if (!PEAR::isError($res)) { // Set column to not allow NULL $qry = "ALTER TABLE tbl_News ALTER COLUMN lang SET NOT NULL"; ! $res = $db->query($qry); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; } else $output[] = $res->getMessage(); // Query failed --- 86,103 ---- // First update all existing records with default value $qry = "UPDATE tbl_News SET lang='en_UK'"; ! $res = $helpdeskdb->query($qry); if (!PEAR::isError($res)) { // PostgreSQL and MSSQL need a couple more ALTER TABLE's ! if ($helpdeskdb->phptype == 'pgsql' || $helpdeskdb->phptype == 'mssql') { // Set default value on the column $qry = "ALTER TABLE tbl_News ALTER COLUMN lang SET DEFAULT 'en_UK'"; ! $res = $helpdeskdb->query($qry); if (!PEAR::isError($res)) { // Set column to not allow NULL $qry = "ALTER TABLE tbl_News ALTER COLUMN lang SET NOT NULL"; ! $res = $helpdeskdb->query($qry); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; } else $output[] = $res->getMessage(); // Query failed *************** *** 113,130 **** $qry['mysql'] = "ALTER TABLE tbl_News ADD COLUMN domain_id int(4)"; $qry['mssql'] = "ALTER TABLE tbl_News ADD COLUMN domain_id int4"; ! if ($qry[$db->phptype] != "") { ! $res = $db->query($qry[$db->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $db->phptype . " not yet supported by the upgrade routine!<BR />\n"; // For PostgreSQL and MSSQL we need to set default value to NULL (not needed for MySQL) ! if ($db->phptype == 'pgsql' || $db->phptype == 'mssql') { // Set default value for new 'domain_id' column in tbl_News $output[] = "Setting default value for 'domain_id' column in tbl_News ....... "; $qry = "ALTER TABLE tbl_News ALTER COLUMN domain_id SET DEFAULT NULL"; ! $res = $db->query($qry); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; } --- 113,130 ---- $qry['mysql'] = "ALTER TABLE tbl_News ADD COLUMN domain_id int(4)"; $qry['mssql'] = "ALTER TABLE tbl_News ADD COLUMN domain_id int4"; ! if ($qry[$helpdeskdb->phptype] != "") { ! $res = $helpdeskdb->query($qry[$helpdeskdb->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $helpdeskdb->phptype . " not yet supported by the upgrade routine!<BR />\n"; // For PostgreSQL and MSSQL we need to set default value to NULL (not needed for MySQL) ! if ($helpdeskdb->phptype == 'pgsql' || $helpdeskdb->phptype == 'mssql') { // Set default value for new 'domain_id' column in tbl_News $output[] = "Setting default value for 'domain_id' column in tbl_News ....... "; $qry = "ALTER TABLE tbl_News ALTER COLUMN domain_id SET DEFAULT NULL"; ! $res = $helpdeskdb->query($qry); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; } *************** *** 134,142 **** $output[] = "Re-fill tbl_News with data after adding column....... "; $qry = "SELECT id, notice FROM tbl_Domains"; ! $data =& $db->getAll($qry); foreach ($data as $row) { $qry = "INSERT INTO tbl_News (domain_id, content, frontpagepara) VALUES (" . $row['id'] . ", '" . $row['notice'] . "', '3')"; ! $res = $db->query($qry); if (PEAR::isError($res)) break; }; --- 134,142 ---- $output[] = "Re-fill tbl_News with data after adding column....... "; $qry = "SELECT id, notice FROM tbl_Domains"; ! $data =& $helpdeskdb->getAll($qry); foreach ($data as $row) { $qry = "INSERT INTO tbl_News (domain_id, content, frontpagepara) VALUES (" . $row['id'] . ", '" . $row['notice'] . "', '3')"; ! $res = $helpdeskdb->query($qry); if (PEAR::isError($res)) break; }; Index: db.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/db.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** db.php 7 Feb 2007 01:20:17 -0000 1.2 --- db.php 11 Mar 2007 15:23:48 -0000 1.3 *************** *** 57,70 **** // Connect to database ! $db =& DB::connect($conf_db['dsn'], $conf_db['options']); ! if (PEAR::isError($db)) { ! die($db->getMessage()); } // Define fetchmode to be an associative array ! $db->setFetchMode(DB_FETCHMODE_ASSOC); ! ! ! /* --- 57,68 ---- // Connect to database ! global $helpdeskdb; ! $helpdeskdb =& DB::connect($conf_db['dsn'], $conf_db['options']); ! if (PEAR::isError($helpdeskdb)) { ! die($helpdeskdb->getMessage()); } // Define fetchmode to be an associative array ! $helpdeskdb->setFetchMode(DB_FETCHMODE_ASSOC); /* *************** *** 85,91 **** { // Access database connection object ! global $db; ! // Query database ! $data =& $db->getAll(filter_sql($sql)); // Check that result is not an error --- 83,89 ---- { // Access database connection object ! global $helpdeskdb; ! // Query database ! $data =& $helpdeskdb->getAll(filter_sql($sql)); // Check that result is not an error *************** *** 120,126 **** { // Access database connection object ! global $db; // Query database ! $data =& $db->query(filter_sql($sql)); // Check that result is not an error --- 118,124 ---- { // Access database connection object ! global $helpdeskdb; // Query database ! $data =& $helpdeskdb->query(filter_sql($sql)); // Check that result is not an error *************** *** 153,159 **** { // Access database connection object ! global $db; // Get next id ! $id = $db->nextId($sequence); // Check that result is not an error if (PEAR::isError($id)) --- 151,157 ---- { // Access database connection object ! global $helpdeskdb; // Get next id ! $id = $helpdeskdb->nextId($sequence); // Check that result is not an error if (PEAR::isError($id)) Index: upgrade.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/upgrade.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** upgrade.php 7 Feb 2007 01:20:18 -0000 1.2 --- upgrade.php 11 Mar 2007 15:23:49 -0000 1.3 *************** *** 37,44 **** function rebuild_sequence($table, $field, $sequence) { ! global $db; // Find current value to synchronize sequence to ! $id =& $db->getOne("SELECT $field FROM $table ORDER BY $field DESC LIMIT 1"); // Check that result is not an error --- 37,44 ---- function rebuild_sequence($table, $field, $sequence) { ! global $helpdeskdb; // Find current value to synchronize sequence to ! $id =& $helpdeskdb->getOne("SELECT $field FROM $table ORDER BY $field DESC LIMIT 1"); // Check that result is not an error *************** *** 46,53 **** // Drop existing sequence (if it exists, otherwise ignore error and continue) ! $res = $db->dropSequence($sequence); // Rebuild sequence ! while ($db->nextId($sequence) < $id) ; --- 46,53 ---- // Drop existing sequence (if it exists, otherwise ignore error and continue) ! $res = $helpdeskdb->dropSequence($sequence); // Rebuild sequence ! while ($helpdeskdb->nextId($sequence) < $id) ; *************** *** 60,65 **** { // Update version field ! global $db; ! $res = $db->query("UPDATE tbl_System_Preferences SET value='$newversion' WHERE identifier='version'"); return $res; } --- 60,65 ---- { // Update version field ! global $helpdeskdb; ! $res = $helpdeskdb->query("UPDATE tbl_System_Preferences SET value='$newversion' WHERE identifier='version'"); return $res; } *************** *** 70,74 **** // Only continue for supported database backends ! if (in_array($db->phptype, $DBMS)) { // Determine version to upgrade to --- 70,74 ---- // Only continue for supported database backends ! if (in_array($helpdeskdb->phptype, $DBMS)) { // Determine version to upgrade to *************** *** 175,179 **** // Database backend not supported by upgrade routine, abort upgrade! $output[] = "<div class=\"maindark\"> ! <p>ERROR: Database system " . $db->phptype . " not yet supported by upgrade routine, aborting upgrade.</p>"; } --- 175,179 ---- // Database backend not supported by upgrade routine, abort upgrade! $output[] = "<div class=\"maindark\"> ! <p>ERROR: Database system " . $helpdeskdb->phptype . " not yet supported by upgrade routine, aborting upgrade.</p>"; } Index: themes.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/themes.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** themes.php 7 Feb 2007 01:20:18 -0000 1.2 --- themes.php 11 Mar 2007 15:23:48 -0000 1.3 *************** *** 48,54 **** // Ensure access to language and configuration global $_lang, $conf; - // First try your chosen language $theme = $conf['theme_dir']."/".$conf['default_theme']."/".$theme_file; if (!file_exists($theme)) { // Then try the system wide fallback languae --- 48,54 ---- // Ensure access to language and configuration global $_lang, $conf; // First try your chosen language $theme = $conf['theme_dir']."/".$conf['default_theme']."/".$theme_file; + if (!file_exists($theme)) { // Then try the system wide fallback languae Index: global_preferences.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/global_preferences.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** global_preferences.php 7 Feb 2007 01:20:17 -0000 1.2 --- global_preferences.php 11 Mar 2007 15:23:48 -0000 1.3 *************** *** 38,41 **** --- 38,43 ---- */ + require_once 'system/db.php'; + // Ensure this is called from within the index.php file (for security) if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__, '.php')) !== false) { *************** *** 45,48 **** --- 47,51 ---- // Create an associative array and populate it with the system preferences $result = db_recordset("SELECT * FROM tbl_System_Preferences"); + global $global_prefs; $global_prefs = Array(); foreach ($result as $pref) { Index: upgrade.0.9.2.inc.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/upgrade.0.9.2.inc.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** upgrade.0.9.2.inc.php 7 Feb 2007 01:20:18 -0000 1.2 --- upgrade.0.9.2.inc.php 11 Mar 2007 15:23:49 -0000 1.3 *************** *** 37,45 **** $qry['mysql'] = "ALTER TABLE tbl_Users CHANGE user username VARCHAR(20) NOT NULL DEFAULT \"\""; $qry['mssql'] = "ALTER TABLE tbl_Users RENAME COLUMN \"user\" TO username"; ! if ($qry[$db->phptype] != "") { ! $res = $db->query($qry[$db->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $db->phptype . " not yet supported by the upgrade routine!<BR />\n"; --- 37,45 ---- $qry['mysql'] = "ALTER TABLE tbl_Users CHANGE user username VARCHAR(20) NOT NULL DEFAULT \"\""; $qry['mssql'] = "ALTER TABLE tbl_Users RENAME COLUMN \"user\" TO username"; ! if ($qry[$helpdeskdb->phptype] != "") { ! $res = $helpdeskdb->query($qry[$helpdeskdb->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $helpdeskdb->phptype . " not yet supported by the upgrade routine!<BR />\n"; *************** *** 49,57 **** $qry['mysql'] = "ALTER TABLE tbl_UserSites CHANGE user userid INT(4) NOT NULL DEFAULT 0"; $qry['mssql'] = "ALTER TABLE tbl_UserSites RENAME COLUMN \"user\" TO userid"; ! if ($qry[$db->phptype] != "") { ! $res = $db->query($qry[$db->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $db->phptype . " not yet supported by the upgrade routine!<BR />\n"; --- 49,57 ---- $qry['mysql'] = "ALTER TABLE tbl_UserSites CHANGE user userid INT(4) NOT NULL DEFAULT 0"; $qry['mssql'] = "ALTER TABLE tbl_UserSites RENAME COLUMN \"user\" TO userid"; ! if ($qry[$helpdeskdb->phptype] != "") { ! $res = $helpdeskdb->query($qry[$helpdeskdb->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $helpdeskdb->phptype . " not yet supported by the upgrade routine!<BR />\n"; *************** *** 61,69 **** $qry['mysql'] = "ALTER TABLE tbl_UserDomains CHANGE user userid INT(4) NOT NULL DEFAULT 0"; $qry['mssql'] = "ALTER TABLE tbl_UserDomains RENAME COLUMN \"user\" TO userid"; ! if ($qry[$db->phptype] != "") { ! $res = $db->query($qry[$db->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $db->phptype . " not yet supported by the upgrade routine!<BR />\n"; --- 61,69 ---- $qry['mysql'] = "ALTER TABLE tbl_UserDomains CHANGE user userid INT(4) NOT NULL DEFAULT 0"; $qry['mssql'] = "ALTER TABLE tbl_UserDomains RENAME COLUMN \"user\" TO userid"; ! if ($qry[$helpdeskdb->phptype] != "") { ! $res = $helpdeskdb->query($qry[$helpdeskdb->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $helpdeskdb->phptype . " not yet supported by the upgrade routine!<BR />\n"; *************** *** 73,81 **** $qry['mysql'] = "ALTER TABLE tbl_Logs CHANGE user userid INT(4) NOT NULL DEFAULT 0"; $qry['mssql'] = "ALTER TABLE tbl_Logs RENAME COLUMN \"user\" TO userid"; ! if ($qry[$db->phptype] != "") { ! $res = $db->query($qry[$db->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $db->phptype . " not yet supported by the upgrade routine!<BR />\n"; --- 73,81 ---- $qry['mysql'] = "ALTER TABLE tbl_Logs CHANGE user userid INT(4) NOT NULL DEFAULT 0"; $qry['mssql'] = "ALTER TABLE tbl_Logs RENAME COLUMN \"user\" TO userid"; ! if ($qry[$helpdeskdb->phptype] != "") { ! $res = $helpdeskdb->query($qry[$helpdeskdb->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $helpdeskdb->phptype . " not yet supported by the upgrade routine!<BR />\n"; *************** *** 85,93 **** $qry['mysql'] = "ALTER TABLE tbl_Times CHANGE user userid INT(4) NOT NULL DEFAULT 0"; $qry['mssql'] = "ALTER TABLE tbl_Times RENAME COLUMN \"user\" TO userid"; ! if ($qry[$db->phptype] != "") { ! $res = $db->query($qry[$db->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $db->phptype . " not yet supported by the upgrade routine!<BR />\n"; --- 85,93 ---- $qry['mysql'] = "ALTER TABLE tbl_Times CHANGE user userid INT(4) NOT NULL DEFAULT 0"; $qry['mssql'] = "ALTER TABLE tbl_Times RENAME COLUMN \"user\" TO userid"; ! if ($qry[$helpdeskdb->phptype] != "") { ! $res = $helpdeskdb->query($qry[$helpdeskdb->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $helpdeskdb->phptype . " not yet supported by the upgrade routine!<BR />\n"; *************** *** 97,105 **** $qry['mysql'] = "ALTER TABLE tbl_EmailConfirmation CHANGE user userid INT(4) NOT NULL DEFAULT 0"; $qry['mssql'] = "ALTER TABLE tbl_EmailConfirmation RENAME COLUMN \"user\" TO userid"; ! if ($qry[$db->phptype] != "") { ! $res = $db->query($qry[$db->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $db->phptype . " not yet supported by the upgrade routine!<BR />\n"; --- 97,105 ---- $qry['mysql'] = "ALTER TABLE tbl_EmailConfirmation CHANGE user userid INT(4) NOT NULL DEFAULT 0"; $qry['mssql'] = "ALTER TABLE tbl_EmailConfirmation RENAME COLUMN \"user\" TO userid"; ! if ($qry[$helpdeskdb->phptype] != "") { ! $res = $helpdeskdb->query($qry[$helpdeskdb->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $helpdeskdb->phptype . " not yet supported by the upgrade routine!<BR />\n"; *************** *** 109,117 **** $qry['mysql'] = "ALTER TABLE tbl_User_Preferences CHANGE user userid INT(4) NOT NULL DEFAULT 0"; $qry['mssql'] = "ALTER TABLE tbl_User_Preferences RENAME COLUMN \"user\" TO userid"; ! if ($qry[$db->phptype] != "") { ! $res = $db->query($qry[$db->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $db->phptype . " not yet supported by the upgrade routine!<BR />\n"; ?> --- 109,117 ---- $qry['mysql'] = "ALTER TABLE tbl_User_Preferences CHANGE user userid INT(4) NOT NULL DEFAULT 0"; $qry['mssql'] = "ALTER TABLE tbl_User_Preferences RENAME COLUMN \"user\" TO userid"; ! if ($qry[$helpdeskdb->phptype] != "") { ! $res = $helpdeskdb->query($qry[$helpdeskdb->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $helpdeskdb->phptype . " not yet supported by the upgrade routine!<BR />\n"; ?> Index: upgrade.1.0.inc.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/upgrade.1.0.inc.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** upgrade.1.0.inc.php 7 Feb 2007 01:20:18 -0000 1.2 --- upgrade.1.0.inc.php 11 Mar 2007 15:23:49 -0000 1.3 *************** *** 40,48 **** );"; $qry['mssql'] = ""; ! if ($qry[$db->phptype] != "") { ! $res = $db->query($qry[$db->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $db->phptype . " not yet supported by the upgrade routine!<BR />\n"; ?> --- 40,48 ---- );"; $qry['mssql'] = ""; ! if ($qry[$helpdeskdb->phptype] != "") { ! $res = $helpdeskdb->query($qry[$helpdeskdb->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $helpdeskdb->phptype . " not yet supported by the upgrade routine!<BR />\n"; ?> Index: upgrade.0.9.9.inc.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/upgrade.0.9.9.inc.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** upgrade.0.9.9.inc.php 7 Feb 2007 01:20:18 -0000 1.2 --- upgrade.0.9.9.inc.php 11 Mar 2007 15:23:49 -0000 1.3 *************** *** 54,62 **** ); "; ! if ($qry[$db->phptype] != "") { ! $res = $db->query($qry[$db->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $db->phptype . " not yet supported by the upgrade routine!<BR />\n"; --- 54,62 ---- ); "; ! if ($qry[$helpdeskdb->phptype] != "") { ! $res = $helpdeskdb->query($qry[$helpdeskdb->phptype]); $output[] = (!PEAR::isError($res) ? "Success!" : $res->getMessage()) . "<BR />\n"; ! } else $output[] = "ERROR: DBMS " . $helpdeskdb->phptype . " not yet supported by the upgrade routine!<BR />\n"; *************** *** 69,73 **** 'Turn on usage of Timer', '0'); "; ! $res = $db->query($qry); if (!PEAR::isError($res)) { --- 69,73 ---- 'Turn on usage of Timer', '0'); "; ! $res = $helpdeskdb->query($qry); if (!PEAR::isError($res)) { *************** *** 83,87 **** VALUES ('wrk-timer', 'true'); "; ! $res = $db->query($qry); if (!PEAR::isError($res)) { --- 83,87 ---- VALUES ('wrk-timer', 'true'); "; ! $res = $helpdeskdb->query($qry); if (!PEAR::isError($res)) { Index: security.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/security.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** security.php 7 Feb 2007 01:47:41 -0000 1.3 --- security.php 11 Mar 2007 15:23:48 -0000 1.4 *************** *** 27,34 **** */ - require_once "system/lang.php"; - // Deny a user access, and display the login sidebar function ThrowOut() { $redirect = $_SERVER["REQUEST_URI"]; $ptitle = 'Access Error'; --- 27,33 ---- */ // Deny a user access, and display the login sidebar function ThrowOut() { + global $helpdeskdb, $_lang, $conf; $redirect = $_SERVER["REQUEST_URI"]; $ptitle = 'Access Error'; *************** *** 38,46 **** // Deny access to a user - use after sidebar has been displayed ! function AccessDenied() { // Set Language set_text_domain("security"); ! print "<<h1>".gettext("Access Error")."</h1>\n"; print "<h2>".gettext("Either you do not have permission to access this page or you are not currently logged in.")."</h2>\n"; print "<div class=\"block\" align=\"center\"><p>".gettext("Please choose another option or log in as a user who does have permission to access the page.")."</p></div>"; --- 37,46 ---- // Deny access to a user - use after sidebar has been displayed ! function AccessDenied() { ! global $helpdeskdb; // Set Language set_text_domain("security"); ! print "<h1>".gettext("Access Error")."</h1>\n"; print "<h2>".gettext("Either you do not have permission to access this page or you are not currently logged in.")."</h2>\n"; print "<div class=\"block\" align=\"center\"><p>".gettext("Please choose another option or log in as a user who does have permission to access the page.")."</p></div>"; Index: lang.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/system/lang.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** lang.php 7 Feb 2007 01:20:17 -0000 1.2 --- lang.php 11 Mar 2007 15:23:48 -0000 1.3 *************** *** 38,41 **** --- 38,42 ---- // Set language code to system wide default + global $_lang; $_lang = $conf['default_lang']; if ($_SESSION['_id']) { |
|
From: David T. <mmm...@us...> - 2007-03-11 15:23:58
|
Update of /cvsroot/helpmeict/Helpdesk In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv11591 Modified Files: footer.php issue.php newissue.php summary.php Log Message: getting there... Index: summary.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/summary.php,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** summary.php 7 Feb 2007 01:20:04 -0000 1.11 --- summary.php 11 Mar 2007 15:23:48 -0000 1.12 *************** *** 172,176 **** function run_query($fieldsx, $fieldsy, &$display) { ! global $aselects; global $afrom, $db; function maketimes($time) { --- 172,176 ---- function run_query($fieldsx, $fieldsy, &$display) { ! global $aselects; global $afrom, $helpdeskdb; function maketimes($time) { *************** *** 188,192 **** global $dateto; ! if ($db->phptype == "pgsql") { $axes = "vw_issues.{$fieldsx['id']}, vw_issues.{$fieldsy['id']}"; $names = "vw_issues.{$fieldsx['name']}, vw_issues.{$fieldsy['name']}"; --- 188,192 ---- global $dateto; ! if ($helpdeskdb->phptype == "pgsql") { $axes = "vw_issues.{$fieldsx['id']}, vw_issues.{$fieldsy['id']}"; $names = "vw_issues.{$fieldsx['name']}, vw_issues.{$fieldsy['name']}"; *************** *** 356,361 **** } ! global $db; ! return db_recordset($sql[$db->phptype]); } } --- 356,361 ---- } ! global $helpdeskdb; ! return db_recordset($sql[$helpdeskdb->phptype]); } } Index: newissue.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/newissue.php,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** newissue.php 7 Feb 2007 01:20:04 -0000 1.10 --- newissue.php 11 Mar 2007 15:23:48 -0000 1.11 *************** *** 143,152 **** } ! // Deal with adding an attachment ! if ($_FILES['attachment']['error'] == UPLOAD_ERR_OK) { ! $attachment_dir = get_attachment_dir($issue, true); ! move_uploaded_file($_FILES['attachment']['tmp_name'], $attachment_dir."/".$_FILES['attachment']['name']); } ! $act = 'thanks'; } --- 143,156 ---- } ! // Deal with adding attachments ! $attachment_dir = get_attachment_dir($issue, true); ! for ($i = 0; $i < count($_FILES['attachments']['name']); ++$i) ! { ! if ($_FILES['attachments']['name'][$i] != '' && $_FILES['attachments']['error'][$i] == UPLOAD_ERR_OK) ! { ! move_uploaded_file($_FILES['attachments']['tmp_name'][$i], $attachment_dir.'/'.$_FILES['attachments']['name'][$i]); ! } } ! $act = 'thanks'; } *************** *** 595,602 **** <label for="attachment"><?php echo gettext("Add attachment")?></label> </div> ! <div class="field"> ! <input type="file" name="attachment" /> </div> </div> <?php } --- 599,639 ---- <label for="attachment"><?php echo gettext("Add attachment")?></label> </div> ! <div class="field" id="attachments_wrapper"> ! <div id="attachments"> ! <input type="file" name="attachments[]" /> ! </div> </div> </div> + + <script language="javascript" type="text/javascript"> + //<![CDATA[ + <!-- + + function add_attachment() + { + // New file input + attachments = document.getElementById('attachments'); + var new_attachment = document.createElement('input'); + new_attachment.type = 'file'; + new_attachment.className = 'clearboth'; + new_attachment.name = 'attachments[]'; + attachments.appendChild(new_attachment); + } + + if (document.getElementById) + { + attachments_wrapper = document.getElementById('attachments_wrapper'); + + // Add link + var add_link = document.createElement('a'); + add_link.href = 'javascript: add_attachment();'; + add_link.innerHTML = 'Add Another...'; + attachments_wrapper.appendChild(add_link); + } + + //--> + //]]> + </script> + <?php } Index: issue.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/issue.php,v retrieving revision 1.34 retrieving revision 1.35 diff -C2 -d -r1.34 -r1.35 *** issue.php 7 Feb 2007 01:20:03 -0000 1.34 --- issue.php 11 Mar 2007 15:23:48 -0000 1.35 *************** *** 271,275 **** chdir($attachment_dir); unlink(urldecode($attachment)); ! $track .= "File \'".$attachment."\' removed from issue.\n"; chdir($cwd); } --- 271,275 ---- chdir($attachment_dir); unlink(urldecode($attachment)); ! $track .= "File \'".$attachment."\' removed from issue.<br />\n"; chdir($cwd); } *************** *** 300,308 **** } ! // Deal with adding an attachment ! if ($_FILES['attachment']['error'] == UPLOAD_ERR_OK) { ! $attachment_dir = get_attachment_dir($id, true); ! move_uploaded_file($_FILES['attachment']['tmp_name'], $attachment_dir."/".$_FILES['attachment']['name']); ! $track .= "File \'".$_FILES['attachment']['name']."\' attached to issue.\n"; } --- 300,312 ---- } ! // Deal with adding attachments ! $attachment_dir = get_attachment_dir($id, true); ! for ($i = 0; $i < count($_FILES['attachments']['name']); ++$i) ! { ! if ($_FILES['attachments']['name'][$i] != '' && $_FILES['attachments']['error'][$i] == UPLOAD_ERR_OK) ! { ! move_uploaded_file($_FILES['attachments']['tmp_name'][$i], $attachment_dir.'/'.$_FILES['attachments']['name'][$i]); ! $track .= "File \'".$_FILES['attachments']['name'][$i]."\' attached to issue.<br />\n"; ! } } *************** *** 1241,1245 **** <label for="attachments"><?php echo gettext("Attachments")?></label> </div> ! <div class="field"> <?php // Get a list of attachment files for this issue. --- 1245,1249 ---- <label for="attachments"><?php echo gettext("Attachments")?></label> </div> ! <div class="value"> <?php // Get a list of attachment files for this issue. *************** *** 1278,1284 **** <label for="attachment"><?php echo gettext("Add attachment")?></label> </div> ! <div class="field"> ! <input type="file" name="attachment" /> </div> </div> <?php --- 1282,1321 ---- <label for="attachment"><?php echo gettext("Add attachment")?></label> </div> ! <div class="field" id="attachments_wrapper"> ! <div id="attachments"> ! <input type="file" name="attachments[]" /> ! </div> </div> + + <script language="javascript" type="text/javascript"> + //<![CDATA[ + <!-- + + function add_attachment() + { + // New file input + attachments = document.getElementById('attachments'); + var new_attachment = document.createElement('input'); + new_attachment.type = 'file'; + new_attachment.className = 'clearboth'; + new_attachment.name = 'attachments[]'; + attachments.appendChild(new_attachment); + } + + if (document.getElementById) + { + attachments_wrapper = document.getElementById('attachments_wrapper'); + + // Add link + var add_link = document.createElement('a'); + add_link.href = 'javascript: add_attachment();'; + add_link.innerHTML = 'Add Another...'; + attachments_wrapper.appendChild(add_link); + } + + //--> + //]]> + </script> + </div> <?php Index: footer.php =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/footer.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** footer.php 7 Feb 2007 01:46:40 -0000 1.3 --- footer.php 11 Mar 2007 15:23:48 -0000 1.4 *************** *** 27,31 **** */ ! require_once 'system/global_preferences.php'; // Get all navigation category name --- 27,32 ---- */ ! require_once 'system/db.php'; ! require_once 'system/lang.php'; // Get all navigation category name *************** *** 75,78 **** --- 76,80 ---- // Build navigation tree + if ($_SESSION['_username'] == '') { // Set up sidebar links from DB *************** *** 217,220 **** --- 219,223 ---- } } + include_once 'system/global_preferences.php'; ?> </div> |
|
From: David T. <mmm...@us...> - 2007-03-11 15:23:58
|
Update of /cvsroot/helpmeict/Helpdesk/share/themes/osx/css In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv11591/share/themes/osx/css Modified Files: common.css Log Message: getting there... Index: common.css =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/share/themes/osx/css/common.css,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** common.css 7 Feb 2007 01:20:17 -0000 1.2 --- common.css 11 Mar 2007 15:23:48 -0000 1.3 *************** *** 92,95 **** --- 92,99 ---- } + #helpmeict #attachments .clearboth { + display: block; + } + #helpmeict .workspace .buttonpanel { text-align: right; |
|
From: David T. <mmm...@us...> - 2007-03-11 15:23:55
|
Update of /cvsroot/helpmeict/Helpdesk/share/themes/osx In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv11591/share/themes/osx Modified Files: header Log Message: getting there... Index: header =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/share/themes/osx/header,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** header 7 Feb 2007 01:20:17 -0000 1.2 --- header 11 Mar 2007 15:23:48 -0000 1.3 *************** *** 1,3 **** --- 1,5 ---- <?php + include_once 'config/global.conf.php'; + // Print xml version line correctly print '<?xml version="1.0" encoding="utf-8"?>'; *************** *** 9,13 **** <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> - <title>HelpMeICT</title> <!-- Page metadata --> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> --- 11,14 ---- *************** *** 19,27 **** || substr_count($path,'myissues.php') || substr_count($path,'mysitesissues.php')) ! { ?> <meta http-equiv="Refresh" content="<?php echo 120; ?>" /> <?php ! } ?> --- 20,28 ---- || substr_count($path,'myissues.php') || substr_count($path,'mysitesissues.php')) ! { ?> <meta http-equiv="Refresh" content="<?php echo 120; ?>" /> <?php ! } ?> *************** *** 37,40 **** --- 38,44 ---- <link rel="alternate" type="application/rss+xml" href="rssfeed.php" title="Unassigned Issues Feed" /> + + <!-- Page Title --> + <title><?php echo $conf['system_name'] ?></title> </head> |
|
From: David T. <mmm...@us...> - 2007-03-11 15:23:55
|
Update of /cvsroot/helpmeict/Helpdesk/share/themes/blue/css In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv11591/share/themes/blue/css Modified Files: common.css Log Message: getting there... Index: common.css =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/share/themes/blue/css/common.css,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** common.css 7 Feb 2007 01:20:16 -0000 1.2 --- common.css 11 Mar 2007 15:23:48 -0000 1.3 *************** *** 100,103 **** --- 100,107 ---- } + #helpmeict #attachments .clearboth { + display: block; + } + #helpmeict .workspace .buttonpanel { text-align: right; |
|
From: David T. <mmm...@us...> - 2007-02-07 02:07:31
|
Update of /cvsroot/helpmeict/Helpdesk/images In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv20533/images Modified Files: delete.png down.png up.png Log Message: Put these files back in (they had been corrupted at some point) Index: down.png =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/images/down.png,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 Binary files /tmp/cvsHePCvZ and /tmp/cvsR2gBdz differ Index: delete.png =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/images/delete.png,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 Binary files /tmp/cvsxqZBTY and /tmp/cvsmGmIEy differ Index: up.png =================================================================== RCS file: /cvsroot/helpmeict/Helpdesk/images/up.png,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 Binary files /tmp/cvsBl1UJ0 and /tmp/cvsgvo5xA differ |
