Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-05-02 20:29:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improved the helpdesk code.

Browse Source
This commit is contained in:
Stefan Brannfjell 2014-09-06 16:10:00 +02:00
parent dac911e1d9
commit 048794a320
2 changed files with 291 additions and 326 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
admin_helpdesk.php
View File

@ -3,35 +3,28 @@ protect_page();
admin_only($user_data); admin_only($user_data);
// Declare as int // Declare as int
$view = (int)$_GET['view']; $view = (isset($_GET['view']) && (int)$_GET['view'] > 0) ? (int)$_GET['view'] : false;
if ($view){ if ($view !== false){
if (!empty($_POST['reply_text'])) { if (!empty($_POST['reply_text'])) {
sanitize($_POST['reply_text']); sanitize($_POST['reply_text']);
// Save ticket reply on database // Save ticket reply on database
$query = array( $query = array(
'tid' => $_GET['view'], 'tid' => $view,
'username'=> $_POST['username'], 'username'=> getValue($_POST['username']),
'message' => $_POST['reply_text'], 'message' => getValue($_POST['reply_text']),
'created' => time(), 'created' => time(),
); );
//Sanitize array
array_walk($query, 'array_sanitize');
$fields = '`'. implode('`, `', array_keys($query)) .'`'; $fields = '`'. implode('`, `', array_keys($query)) .'`';
$data = '\''. implode('\', \'', $query) .'\''; $data = '\''. implode('\', \'', $query) .'\'';
mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
mysql_update("UPDATE `znote_tickets` SET `status`='Staff-Reply' WHERE `id`=". $_GET['view']);
mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
mysql_update("UPDATE `znote_tickets` SET `status`='Staff-Reply' WHERE `id`='$view' LIMIT 1;");
} }
$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes((int)$_GET['view'])); $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id='$view' LIMIT 1;");
?> ?>
<h1>View Ticket #<?php echo $ticketData['id']; ?></h1> <h1>View Ticket #<?php echo $ticketData['id']; ?></h1>
<table class="znoteTable ThreadTable table table-striped"> <table class="znoteTable ThreadTable table table-striped">
<tr class="yellow"> <tr class="yellow">
<th> <th>
@ -50,9 +43,8 @@ $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addsl
</td> </td>
</tr> </tr>
</table> </table>
<?php <?php
$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". addslashes((int)$_GET['view']) ."' ORDER BY `created`;"); $replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='$view' ORDER BY `created`;");
if ($replies !== false) { if ($replies !== false) {
foreach($replies as $reply) { foreach($replies as $reply) {
?> ?>
@ -79,27 +71,19 @@ $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addsl
} }
} }
?> ?>
<form action="" method="post"> <form action="" method="post">
<input type="hidden" name="username" value="ADMIN"><br> <input type="hidden" name="username" value="ADMIN"><br>
<textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br> <textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br>
<input name="" type="submit" value="Post Reply" class="btn btn-primary"> <input name="" type="submit" value="Post Reply" class="btn btn-primary">
</form> </form>
<?php <?php
} else { } else {
?> ?>
<h1>Latest Tickets</h1> <h1>Latest Tickets</h1>
<?php <?php
$tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tickets ORDER BY creation DESC"); $tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tickets ORDER BY creation DESC");
if ($tickets !== false) { if ($tickets !== false) {
?> ?>
<table> <table>
<tr class="yellow"> <tr class="yellow">
<td>ID:</td> <td>ID:</td>
@ -114,11 +98,12 @@ $tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tick
echo '<td><a href="admin_helpdesk.php?view='. $ticket['id'] .'">'. $ticket['subject'] .'</a></td>'; echo '<td><a href="admin_helpdesk.php?view='. $ticket['id'] .'">'. $ticket['subject'] .'</a></td>';
echo '<td>'. getClock($ticket['creation'], true) .'</td>'; echo '<td>'. getClock($ticket['creation'], true) .'</td>';
echo '<td>'. $ticket['status'] .'</td>'; echo '<td>'. $ticket['status'] .'</td>';
}} echo '</tr>';
}
?> ?>
</table> </table>
<?php <?php
} else echo 'No helpdesk tickets has been submitted.';
} }
include 'layout/overall/footer.php'; include 'layout/overall/footer.php';
?> ?>

68
helpdesk.php
View File

@ -1,45 +1,35 @@
<?php <?php
require_once 'engine/init.php'; require_once 'engine/init.php';
if (user_logged_in() === false) { if (user_logged_in() === false) {
header('Location: register.php'); header('Location: register.php');
} }
include 'layout/overall/header.php'; include 'layout/overall/header.php';
$view = (int)$_GET['view']; $view = (isset($_GET['view']) && (int)$_GET['view'] > 0) ? (int)$_GET['view'] : false;
if ($view) { if ($view !== false) {
if (!empty($_POST['reply_text'])) { if (!empty($_POST['reply_text'])) {
sanitize($_POST['reply_text']);
// Save ticket reply on database // Save ticket reply on database
$query = array( $query = array(
'tid' => $_GET['view'], 'tid' => $view,
'username'=> $_POST['username'], 'username'=> getValue($_POST['username']),
'message' => $_POST['reply_text'], 'message' => getValue($_POST['reply_text']),
'created' => time(), 'created' => time(),
); );
//Sanitize array
array_walk($query, 'array_sanitize');
$fields = '`'. implode('`, `', array_keys($query)) .'`'; $fields = '`'. implode('`, `', array_keys($query)) .'`';
$data = '\''. implode('\', \'', $query) .'\''; $data = '\''. implode('\', \'', $query) .'\'';
mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)"); mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
mysql_update("UPDATE `znote_tickets` SET `status`='Player-Reply' WHERE `id`=". $_GET['view']); mysql_update("UPDATE `znote_tickets` SET `status`='Player-Reply' WHERE `id`='$view' LIMIT 1;");
} }
$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id='$view' LIMIT 1;");
$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes((int)$_GET['view']));
if($ticketData['owner'] != $session_user_id) { if($ticketData['owner'] != $session_user_id) {
echo 'You can not view this ticket!'; echo 'You can not view this ticket!';
include 'layout/overall/footer.php';
die; die;
} }
?> ?>
<h1>View Ticket #<?php echo $ticketData['id']; ?></h1> <h1>View Ticket #<?php echo $ticketData['id']; ?></h1>
<table class="znoteTable ThreadTable table table-striped"> <table class="znoteTable ThreadTable table table-striped">
<tr class="yellow"> <tr class="yellow">
<th> <th>
@ -58,9 +48,8 @@ die;
</td> </td>
</tr> </tr>
</table> </table>
<?php <?php
$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". (int)$_GET['view'] ."' ORDER BY `created`;"); $replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='$view' ORDER BY `created`;");
if ($replies !== false) { if ($replies !== false) {
foreach($replies as $reply) { foreach($replies as $reply) {
?> ?>
@ -87,22 +76,16 @@ die;
} }
} }
?> ?>
<form action="" method="post"> <form action="" method="post">
<input type="hidden" name="username" value="<?php echo $ticketData['username']; ?>"><br> <input type="hidden" name="username" value="<?php echo $ticketData['username']; ?>"><br>
<textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br> <textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br>
<input name="" type="submit" value="Post Reply" class="btn btn-primary"> <input name="" type="submit" value="Post Reply" class="btn btn-primary">
</form> </form>
<?php <?php
} else { } else {
$account = mysql_select_single("SELECT name,email FROM accounts WHERE id = $session_user_id"); $account = mysql_select_single("SELECT name,email FROM accounts WHERE id = $session_user_id");
if (!empty($_POST)) {
if (empty($_POST) === false) {
// $_POST['']
$required_fields = array('username', 'email', 'subject', 'message'); $required_fields = array('username', 'email', 'subject', 'message');
foreach($_POST as $key=>$value) { foreach($_POST as $key=>$value) {
if (empty($value) && in_array($key, $required_fields) === true) { if (empty($value) && in_array($key, $required_fields) === true) {
@ -124,21 +107,18 @@ if (empty($_POST) === false) {
$errors[] = 'Captcha image verification was submitted wrong.'; $errors[] = 'Captcha image verification was submitted wrong.';
} }
} }
if (validate_ip(getIP()) === false && $config['validate_IP'] === true) { // Reversed this if, so: first check if you need to validate, then validate.
if ($config['validate_IP'] === true && validate_ip(getIP()) === false) {
$errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).'; $errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).';
} }
} }
} }
?> ?>
<h1>Latest Tickets</h1> <h1>Latest Tickets</h1>
<?php <?php
$tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tickets WHERE owner=$session_user_id ORDER BY creation DESC"); $tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tickets WHERE owner=$session_user_id ORDER BY creation DESC");
if ($tickets !== false) { if ($tickets !== false) {
?> ?>
<table> <table>
<tr class="yellow"> <tr class="yellow">
<td>ID:</td> <td>ID:</td>
@ -153,37 +133,36 @@ $tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tick
echo '<td><a href="helpdesk.php?view='. $ticket['id'] .'">'. $ticket['subject'] .'</a></td>'; echo '<td><a href="helpdesk.php?view='. $ticket['id'] .'">'. $ticket['subject'] .'</a></td>';
echo '<td>'. getClock($ticket['creation'], true) .'</td>'; echo '<td>'. getClock($ticket['creation'], true) .'</td>';
echo '<td>'. $ticket['status'] .'</td>'; echo '<td>'. $ticket['status'] .'</td>';
}} echo '</tr>';
}
?> ?>
</table> </table>
<?php
}
?>
<h1>Helpdesk</h1> <h1>Helpdesk</h1>
<?php <?php
if (isset($_GET['success']) && empty($_GET['success'])) { if (isset($_GET['success']) && empty($_GET['success'])) {
echo 'Congratulations! Your ticket has been created. We will reply up to 24 hours.'; echo 'Congratulations! Your ticket has been created. We will reply up to 24 hours.';
} else { } else {
if (empty($_POST) === false && empty($errors) === true) { if (empty($_POST) === false && empty($errors) === true) {
if ($config['log_ip']) { if ($config['log_ip']) {
znote_visitor_insert_detailed_data(1); znote_visitor_insert_detailed_data(1);
} }
//Save ticket on database //Save ticket on database
$query = array( $query = array(
'owner' => $session_user_id, 'owner' => $session_user_id,
'username'=> $_POST['username'], 'username'=> getValue($_POST['username']),
'subject' => $_POST['subject'], 'subject' => getValue($_POST['subject']),
'message' => $_POST['message'], 'message' => getValue($_POST['message']),
'ip' => ip2long(getIP()), 'ip' => ip2long(getIP()),
'creation' => time(), 'creation' => time(),
'status' => 'Open' 'status' => 'Open'
); );
//Sanitize array
array_walk($query, 'array_sanitize');
$fields = '`'. implode('`, `', array_keys($query)) .'`'; $fields = '`'. implode('`, `', array_keys($query)) .'`';
$data = '\''. implode('\', \'', $query) .'\''; $data = '\''. implode('\', \'', $query) .'\'';
mysql_insert("INSERT INTO `znote_tickets` ($fields) VALUES ($data)"); mysql_insert("INSERT INTO `znote_tickets` ($fields) VALUES ($data)");
@ -238,6 +217,7 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
</ul> </ul>
</form> </form>
<?php <?php
}} }
}
include 'layout/overall/footer.php'; include 'layout/overall/footer.php';
?> ?>