From 108ccf2c3da65aceb161a8d10c32dc41c992e02d Mon Sep 17 00:00:00 2001
From: Rhuan Gonzaga <rhuangonzaga@gmail.com>
Date: Mon, 30 Jun 2014 19:47:29 -0300
Subject: [PATCH 1/7] Helpdesk System

Helpdesk System added
---
 helpdesk.php | 235 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 235 insertions(+)
 create mode 100644 helpdesk.php
diff --git a/helpdesk.php b/helpdesk.php
new file mode 100644
index 0000000..13c9818
--- /dev/null
+++ b/helpdesk.php
@@ -0,0 +1,235 @@
+<?php
+require_once 'engine/init.php';
+
+if (user_logged_in() === false) {
+	header('Location: register.php');
+}
+
+include 'layout/overall/header.php';
+
+if (isset($_GET['view'])) {
+
+	if (!empty($_POST['reply_text'])) {
+
+		// Save ticket reply on database
+		$query = array(
+			'tid'   =>	$_GET['view'],
+			'username'=>	$_POST['username'],
+			'message' =>	$_POST['reply_text'],
+			'created' =>	time(),
+		);
+		
+	$fields = '`'. implode('`, `', array_keys($query)) .'`';
+	$data = '\''. implode('\', \'', $query) .'\'';
+	mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
+	mysql_update("UPDATE `znote_tickets` SET `status`='Player-Reply' WHERE `id`=". $_GET['view']);
+
+		}
+
+$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes($_GET['view']));
+
+if($ticketData['owner'] != $session_user_id){
+echo 'You can not view this ticket!';
+die;
+}
+	?>
+<h1>View Ticket #<?php echo $ticketData['id']; ?></h1>
+
+				<table class="znoteTable ThreadTable table table-striped">
+					<tr class="yellow">
+						<th>
+							<?php 
+								echo getClock($ticketData['creation'], true); 
+							?>
+							 - Created by: 
+							 <?php 
+							 	echo $ticketData['username'];
+							 ?>
+						</th>
+					</tr>
+					<tr>
+						<td>
+							<p><?php echo nl2br($ticketData['message']); ?></p>
+						</td>
+					</tr>
+				</table>
+
+				<?php
+				$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". $_GET['view'] ."' ORDER BY `created`;");
+				if ($replies !== false) {
+					foreach($replies as $reply) {
+						?>
+						<table class="znoteTable ThreadTable table table-striped">
+							<tr class="yellow">
+								<th>
+									<?php 
+										echo getClock($reply['created'], true); 
+									?>
+									 - Posted by: 
+									 <?php 
+									 	echo $reply['username'];
+									 ?>
+								</th>
+							</tr>
+							<tr>
+								<td>
+									<p><?php echo nl2br($reply['message']); ?></p>
+								</td>
+							</tr>
+						</table>
+						<hr class="bighr">
+<?php
+					}
+					}
+?>
+					
+											<form action="" method="post">
+							<input type="hidden" name="username" value="<?php echo $ticketData['username']; ?>"><br>
+
+							<textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br>
+
+							<input name="" type="submit" value="Post Reply" class="btn btn-primary">
+						</form>
+<?php
+
+}else{ 
+
+$account = mysql_select_single("SELECT name,email FROM accounts WHERE id = $session_user_id");
+
+if (empty($_POST) === false) {
+	// $_POST['']
+	$required_fields = array('username', 'email', 'subject', 'message');
+	foreach($_POST as $key=>$value) {
+		if (empty($value) && in_array($key, $required_fields) === true) {
+			$errors[] = 'You need to fill in all fields.';
+			break 1;
+		}
+	}
+	
+	// check errors (= user exist, pass long enough
+	if (empty($errors) === true) {
+		/* Token used for cross site scripting security */
+		if (!Token::isValid($_POST['token'])) {
+			$errors[] = 'Token is invalid.';
+		}
+		if ($config['use_captcha']) {
+			include_once 'captcha/securimage.php';
+			$securimage = new Securimage();
+			if ($securimage->check($_POST['captcha_code']) == false) {
+			  $errors[] = 'Captcha image verification was submitted wrong.';
+			}
+		}		
+		if (validate_ip(getIP()) === false && $config['validate_IP'] === true) {
+			$errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).';
+		}
+	}
+}
+
+?>
+<h1>Latest Tickets</h1>
+
+		<?php
+
+$tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tickets WHERE owner=$session_user_id ORDER BY creation DESC");
+		if ($tickets !== false) {
+		?>
+
+<table>
+	<tr class="yellow">
+		<td>ID:</td>
+		<td>Subject:</td>
+		<td>Creation:</td>
+		<td>Status:</td>
+	</tr>
+		<?php
+		foreach ($tickets as $ticket) {
+		echo '<tr class="special">';
+		echo '<td>'. $ticket['id'] .'</td>';
+		echo '<td><a href="helpdesk.php?view='. $ticket['id'] .'">'. $ticket['subject'] .'</a></td>';
+		echo '<td>'. getClock($ticket['creation'], true) .'</td>';
+		echo '<td>'. $ticket['status'] .'</td>';
+		}}
+		?>
+</table>
+
+
+
+
+<h1>Helpdesk</h1>
+<?php
+if (isset($_GET['success']) && empty($_GET['success'])) {
+	echo 'Congratulations! Your ticket has been created. We will reply up to 24 hours.';
+} else {
+	if (empty($_POST) === false && empty($errors) === true) {
+		if ($config['log_ip']) {
+			znote_visitor_insert_detailed_data(1);
+		}
+		//Save ticket on database
+		$query = array(
+			'owner'   =>	$session_user_id,
+			'username'=>	$_POST['username'],
+			'subject' =>	$_POST['subject'],
+			'message' =>	$_POST['message'],
+			'ip'	  =>	ip2long(getIP()),
+			'creation' =>	time(),
+			'status'  =>	'Open'
+		);
+		
+	$fields = '`'. implode('`, `', array_keys($query)) .'`';
+	$data = '\''. implode('\', \'', $query) .'\'';
+	mysql_insert("INSERT INTO `znote_tickets` ($fields) VALUES ($data)");
+
+		header('Location: helpdesk.php?success');
+		exit();
+		//End register
+		
+	} else if (empty($errors) === false){
+		echo '<font color="red"><b>';
+		echo output_errors($errors);
+		echo '</b></font>';
+	}
+?>
+	<form action="" method="post">
+		<ul>
+			<li>
+				Account Name:<br>
+				<input type="text" name="username" size="40" value="<?php echo $account['name']; ?>" disabled>
+			</li>
+			<li>
+				Email:<br>
+				<input type="text" name="email" size="40" value="<?php echo $account['email']; ?>" disabled>
+			</li>
+			<li>
+				Subject:<br>
+				<input type="text" name="subject" size="40">
+			</li>
+			<li>
+				Message:<br>
+				<textarea name="message" rows="7" cols="30"></textarea>
+			</li>
+			<?php
+			if ($config['use_captcha']) {
+				?>
+				<li>
+					<b>Write the image symbols in the text field to verify that you are a human:</b>
+					<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" /><br>
+					<input type="text" name="captcha_code" size="10" maxlength="6" />
+					<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a><br><br>
+				</li>
+				<?php
+			}
+			?>
+			<?php
+				/* Form file */
+				Token::create();
+			?>
+			<li>
+				<input type="hidden" name="username" value="<?php echo $account['name']; ?>">
+				<input type="submit" value="Submit ticket">
+			</li>
+		</ul>
+	</form>
+<?php 
+}}
+include 'layout/overall/footer.php';
+?>

From 5296b44e01f5e187ee767786466dbc4106458a6b Mon Sep 17 00:00:00 2001
From: Rhuan Gonzaga <rhuangonzaga@gmail.com>
Date: Mon, 30 Jun 2014 19:48:03 -0300
Subject: [PATCH 2/7] Added Helpdesk Tables

---
 engine/database/connect.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/engine/database/connect.php b/engine/database/connect.php
index bd4bba3..a3229e1 100644
--- a/engine/database/connect.php
+++ b/engine/database/connect.php
@@ -221,6 +221,28 @@ CREATE TABLE IF NOT EXISTS `znote_guild_wars` (
   PRIMARY KEY (`id`),
   FOREIGN KEY (`id`) REFERENCES `guild_wars` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
 ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
+CREATE TABLE IF NOT EXISTS `znote_tickets` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `owner` int(11) NOT NULL,
+  `username` varchar(32) CHARACTER SET latin1 NOT NULL,
+  `subject` text CHARACTER SET latin1 NOT NULL,
+  `message` text CHARACTER SET latin1 NOT NULL,
+  `ip` int(11) NOT NULL,
+  `creation` int(11) NOT NULL,
+  `status` varchar(20) CHARACTER SET latin1 NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
+CREATE TABLE IF NOT EXISTS `znote_tickets_replies` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `tid` int(11) NOT NULL,
+  `username` varchar(32) CHARACTER SET latin1 NOT NULL,
+  `message` text CHARACTER SET latin1 NOT NULL,
+  `created` int(11) NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
 </textarea>
 	</li>
 	<li>

From 59f2c9ffe7482fc862832431c0614efe80eec172 Mon Sep 17 00:00:00 2001
From: Rhuan Gonzaga <rhuangonzaga@gmail.com>
Date: Mon, 30 Jun 2014 19:48:32 -0300
Subject: [PATCH 3/7] Helpdesk System Admin

---
 admin_helpdesk.php | 118 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 118 insertions(+)
 create mode 100644 admin_helpdesk.php

diff --git a/admin_helpdesk.php b/admin_helpdesk.php
new file mode 100644
index 0000000..925a497
--- /dev/null
+++ b/admin_helpdesk.php
@@ -0,0 +1,118 @@
+<?php require_once 'engine/init.php'; include 'layout/overall/header.php'; 
+protect_page();
+admin_only($user_data);
+
+if (isset($_GET['view'])) {
+
+	if (!empty($_POST['reply_text'])) {
+
+		// Save ticket reply on database
+		$query = array(
+			'tid'   =>	$_GET['view'],
+			'username'=>	$_POST['username'],
+			'message' =>	$_POST['reply_text'],
+			'created' =>	time(),
+		);
+		
+	$fields = '`'. implode('`, `', array_keys($query)) .'`';
+	$data = '\''. implode('\', \'', $query) .'\'';
+	mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
+	mysql_update("UPDATE `znote_tickets` SET `status`='Staff-Reply' WHERE `id`=". $_GET['view']);
+
+		}
+
+$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes($_GET['view']));
+
+	?>
+<h1>View Ticket #<?php echo $ticketData['id']; ?></h1>
+
+				<table class="znoteTable ThreadTable table table-striped">
+					<tr class="yellow">
+						<th>
+							<?php 
+								echo getClock($ticketData['creation'], true); 
+							?>
+							 - Created by: 
+							 <?php 
+							 	echo $ticketData['username'];
+							 ?>
+						</th>
+					</tr>
+					<tr>
+						<td>
+							<p><?php echo nl2br($ticketData['message']); ?></p>
+						</td>
+					</tr>
+				</table>
+
+				<?php
+				$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". $_GET['view'] ."' ORDER BY `created`;");
+				if ($replies !== false) {
+					foreach($replies as $reply) {
+						?>
+						<table class="znoteTable ThreadTable table table-striped">
+							<tr class="yellow">
+								<th>
+									<?php 
+										echo getClock($reply['created'], true); 
+									?>
+									 - Posted by: 
+									 <?php 
+									 	echo $reply['username'];
+									 ?>
+								</th>
+							</tr>
+							<tr>
+								<td>
+									<p><?php echo nl2br($reply['message']); ?></p>
+								</td>
+							</tr>
+						</table>
+						<hr class="bighr">
+<?php
+					}
+					}
+?>
+					
+											<form action="" method="post">
+							<input type="hidden" name="username" value="ADMIN"><br>
+
+							<textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br>
+
+							<input name="" type="submit" value="Post Reply" class="btn btn-primary">
+
+						</form>
+<?php
+}else{
+?> 
+
+<h1>Latest Tickets</h1>
+
+		<?php
+
+$tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tickets ORDER BY creation DESC");
+		if ($tickets !== false) {
+		?>
+
+<table>
+	<tr class="yellow">
+		<td>ID:</td>
+		<td>Subject:</td>
+		<td>Creation:</td>
+		<td>Status:</td>
+	</tr>
+		<?php
+		foreach ($tickets as $ticket) {
+		echo '<tr class="special">';
+		echo '<td>'. $ticket['id'] .'</td>';
+		echo '<td><a href="admin_helpdesk.php?view='. $ticket['id'] .'">'. $ticket['subject'] .'</a></td>';
+		echo '<td>'. getClock($ticket['creation'], true) .'</td>';
+		echo '<td>'. $ticket['status'] .'</td>';
+		}}
+		?>
+</table>
+
+<?php
+}
+include 'layout/overall/footer.php'; 
+?>
\ No newline at end of file

From a862bfa4dd3d28d75c7359b6ef2d1dcb63ad6110 Mon Sep 17 00:00:00 2001
From: Rhuan Gonzaga <rhuangonzaga@gmail.com>
Date: Mon, 30 Jun 2014 19:50:38 -0300
Subject: [PATCH 4/7] Added Admin Helpdesk Menu Sidebar

Added Admin Helpdesk Menu Sidebar
---
 layout/widgets/Wadmin.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/layout/widgets/Wadmin.php b/layout/widgets/Wadmin.php
index 5e032c2..a5d808f 100644
--- a/layout/widgets/Wadmin.php
+++ b/layout/widgets/Wadmin.php
@@ -17,6 +17,9 @@
 			<li>
 				<a href='admin_reports.php'>Admin Reports</a>
 			</li>
+			<li>
+				<a href='admin_helpdesk.php'>Admin Helpdesk</a>
+			</li>
 			<li>
 				<a href='admin_shop.php'>Admin Shop</a>
 			</li>

From 93c42dfe049b1165a88d538fbdeff70394db9145 Mon Sep 17 00:00:00 2001
From: Rhuan Gonzaga <rhuangonzaga@gmail.com>
Date: Mon, 30 Jun 2014 19:51:31 -0300
Subject: [PATCH 5/7] Added Helpdesk in Menu

---
 layout/menu.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/layout/menu.php b/layout/menu.php
index 15d6b2e..8097da1 100644
--- a/layout/menu.php
+++ b/layout/menu.php
@@ -8,6 +8,7 @@
 			<li><a href="market.php">Item Market</a></li>
 			<li><a href="gallery.php">Gallery</a></li>
 			<li><a href="support.php">Support</a></li>
+			<li><a href="helpdesk.php">Helpdesk</a></li>
 			<li><a href="houses.php">Houses</a></li>
 			<li><a href="deaths.php">Deaths</a></li>
 			<li><a href="killers.php">Killers</a></li>

From 4a1ba0b2c2ae1b5c23ae298adf3e38804969f8b6 Mon Sep 17 00:00:00 2001
From: Rhuan Gonzaga <rhuangonzaga@gmail.com>
Date: Tue, 1 Jul 2014 10:39:16 -0300
Subject: [PATCH 6/7] Security vulnerability

---
 admin_helpdesk.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/admin_helpdesk.php b/admin_helpdesk.php
index 925a497..9a4c27c 100644
--- a/admin_helpdesk.php
+++ b/admin_helpdesk.php
@@ -2,9 +2,12 @@
 protect_page();
 admin_only($user_data);
 
-if (isset($_GET['view'])) {
+// Declare as int
+$view = (int)$_GET['view'];
+if ($view){
 
 	if (!empty($_POST['reply_text'])) {
+	sanitize($_POST['reply_text']);
 
 		// Save ticket reply on database
 		$query = array(
@@ -13,6 +16,9 @@ if (isset($_GET['view'])) {
 			'message' =>	$_POST['reply_text'],
 			'created' =>	time(),
 		);
+
+		//Sanitize array
+		array_walk($query, 'array_sanitize');
 		
 	$fields = '`'. implode('`, `', array_keys($query)) .'`';
 	$data = '\''. implode('\', \'', $query) .'\'';
@@ -21,7 +27,7 @@ if (isset($_GET['view'])) {
 
 		}
 
-$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes($_GET['view']));
+$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes((int)$_GET['view']));
 
 	?>
 <h1>View Ticket #<?php echo $ticketData['id']; ?></h1>
@@ -46,7 +52,7 @@ $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addsl
 				</table>
 
 				<?php
-				$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". $_GET['view'] ."' ORDER BY `created`;");
+				$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". addslashes((int)$_GET['view']) ."' ORDER BY `created`;");
 				if ($replies !== false) {
 					foreach($replies as $reply) {
 						?>
@@ -115,4 +121,4 @@ $tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tick
 <?php
 }
 include 'layout/overall/footer.php'; 
-?>
\ No newline at end of file
+?>

From 790c4c576e431ef17af929d91c61ffb46ae34187 Mon Sep 17 00:00:00 2001
From: Rhuan Gonzaga <rhuangonzaga@gmail.com>
Date: Tue, 1 Jul 2014 10:41:31 -0300
Subject: [PATCH 7/7] Security vulnerability

---
 helpdesk.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/helpdesk.php b/helpdesk.php
index 13c9818..df1f22e 100644
--- a/helpdesk.php
+++ b/helpdesk.php
@@ -7,9 +7,11 @@ if (user_logged_in() === false) {
 
 include 'layout/overall/header.php';
 
-if (isset($_GET['view'])) {
+$view = (int)$_GET['view'];
+if ($view) {
 
 	if (!empty($_POST['reply_text'])) {
+	sanitize($_POST['reply_text']);
 
 		// Save ticket reply on database
 		$query = array(
@@ -18,6 +20,9 @@ if (isset($_GET['view'])) {
 			'message' =>	$_POST['reply_text'],
 			'created' =>	time(),
 		);
+
+		//Sanitize array
+		array_walk($query, 'array_sanitize');
 		
 	$fields = '`'. implode('`, `', array_keys($query)) .'`';
 	$data = '\''. implode('\', \'', $query) .'\'';
@@ -26,7 +31,7 @@ if (isset($_GET['view'])) {
 
 		}
 
-$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes($_GET['view']));
+$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes((int)$_GET['view']));
 
 if($ticketData['owner'] != $session_user_id){
 echo 'You can not view this ticket!';
@@ -55,7 +60,7 @@ die;
 				</table>
 
 				<?php
-				$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". $_GET['view'] ."' ORDER BY `created`;");
+				$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". (int)$_GET['view'] ."' ORDER BY `created`;");
 				if ($replies !== false) {
 					foreach($replies as $reply) {
 						?>
@@ -174,6 +179,10 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
 			'creation' =>	time(),
 			'status'  =>	'Open'
 		);
+
+
+		//Sanitize array
+		array_walk($query, 'array_sanitize');
 		
 	$fields = '`'. implode('`, `', array_keys($query)) .'`';
 	$data = '\''. implode('\', \'', $query) .'\'';
@@ -181,7 +190,6 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
 
 		header('Location: helpdesk.php?success');
 		exit();
-		//End register
 		
 	} else if (empty($errors) === false){
 		echo '<font color="red"><b>';

ID:	Subject:	Creation:	Status:
'. $ticket['id'] .'	'. $ticket['subject'] .'	'. getClock($ticket['creation'], true) .'	'. $ticket['status'] .'