actions.php

本代码是为客户联系管理而做的系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: actions.php,v $
// | $Date: 2004/02/12 21:16:57 $
// | $Revision: 1.36 $
// +-------------------------------------------------------------+
// | File Details:
// | - User action handler.
// +-------------------------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);


include "./../global.php";

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "navigate";
}

############################################# UPDATE USER #############################################

if ($_REQUEST['do'] == 'update_fields') {

	if ($user['p_edit_users']) {
		
		// change email
		if (!validate_email($_REQUEST['email'])) {
			mistake("Invalid e-mail address specified ('$_REQUEST[email]').");
		}
	
		// if we are changing username or email address we need to email it
		$user_details = $db->query_return("SELECT * FROM user WHERE id = '$_REQUEST[id]'");
		if (($_REQUEST['email'] != $user_details['email']) OR ($_REQUEST['username'] != $user_details['username'])) {
			$mail = 1;
		}

		// get changed custom fields
		$db->query("SELECT * FROM user_def WHERE tech_viewable");
		$terms = array();
		while ($res = $db->row_array()) {
			if ($_REQUEST[custom_fields]["extra$res[name]"]) {
				$data = field_def_val($res, $_REQUEST['custom_fields'][$res['name']], $_REQUEST['custom_fields']["extra$res[name]"]);
			} else {
				$data = field_def_val($res, $_REQUEST['custom_fields'][$res['name']]);
			}
			$terms[] = "$res[name] = '" . mysql_escape_string($data) . "'";
		}
		if (count($terms)) {
			$terms = ', ' . join(', ',$terms);
		} else {
			$terms = '';
		}

		// are we changing the user expiration
		if ($user['p_user_expire']) {
			$expire = "
				expire_date = '" . mysql_escape_string(strtotime("$_REQUEST[yexpire_date]-$_REQUEST[mexpire_date]-$_REQUEST[dexpire_date]")) . "',
				expire_tickets = '" . mysql_escape_string($_REQUEST['expire_tickets']) . "',
			";
		} else {
			$expire = NULL;
		}
		
		// run query change
		$disabled = xss_check($_REQUEST['disabled'], 'tech');

		$db->query("
			UPDATE user SET 
			name = '" . mysql_escape_string($_REQUEST['name']) . "',
			username = '" . mysql_escape_string($_REQUEST['username']) . "',
			email = '" . mysql_escape_string($_REQUEST['email']) . "',
			disabled = '" . mysql_escape_string($disabled) . "',
			$expire
			autoresponds = '" . mysql_escape_string($_REQUEST['autoresponds']) . "',
			timezone = '" . mysql_escape_string($_REQUEST['timezone']) . "',
			timezone_dst = '" . mysql_escape_string($_REQUEST['timezone_dst']) . "'
			$terms 
			WHERE id = '$_REQUEST[id]'
		");

		$user_details = $db->query_return("SELECT * FROM user WHERE id = '$_REQUEST[id]'");
		
		// are we sending email?
		if ($mail) {
			$password = $user_details['password'];
			$passtech = 1;
			$user_details = update_user_details($user_details);
			eval(makeemaileval('message', 'BODY_newpass', $subject));
			dp_mail($user_details['email'], $subject, $message);
		}
		jump("view.php?id=$_REQUEST[id]", 'User updated.');
	} else {
		mistake("You do not have permission to edit users");
	}
}

############################################ NEW PASSWORD ############################################# 

if ($_REQUEST['do'] == 'newpass' AND $user['p_edit_users']) {

	$user_details = $db->query_return("SELECT * FROM user WHERE id = '$_REQUEST[id]'");
	if (!$db->num_rows()) {
		mistake('The user could not be found, or no user was specified.');
	}

	$password1 = make_pass(8);
	$password_cookie = md5($session[sessionid] . $password1 . uniqid(rand(),1));
	$password_url = md5($session[sessionid] . $password1 . uniqid(rand(),1));
    $password_cookie = mysql_escape_string(substr($password_cookie, 0, 8));
    $password_url = mysql_escape_string(substr($password_url, 0, 8));
	$password1 = mysql_escape_string($password1);

	$db->query("
		UPDATE user SET 
		password = '$password1', 
		password_url = '$password_url', 
		password_cookie = '$password_cookie' 
		WHERE id = '$_REQUEST[id]'
	");

	$passtech = true;
	$password = $password1;
	$user_details = update_user_details($user_details);
	eval(makeemaileval('message', 'BODY_newpass', $subject));
	dp_mail($user_details['email'], $subject, $message);

	jump("view.php?id=$_REQUEST[id]", 'New password generated.');
}

############################################# DELETE USER ############################################# 

if ($_REQUEST['do'] == 'delete') {
	if ((int)$_REQUEST['id']) {
		$res = user_delete($_REQUEST['id']);
		if ($res > 0) {
			jump('search.php', 'User deleted.');
		} elseif ($res == -1) {
			tech_nav('users');
			mistake('<B>Error:</B> You do not have permission to delete users.</P>');
		} elseif ($res == 0) {
			tech_nav('users');
			mistake('<B>Error:</B> The specified user does not exist.</P>');
		}
	} else { 
		tech_nav('users');
		mistake('<B>Error:</B> A user ID must be specified.</P>');
	}
}