quote_smart($_GET['start']) : 0; if (is_numeric($start)); else $start=0; if ($server_type) { $order_by = (isset($_GET['order_by'])) ? $sqlc->quote_smart($_GET['order_by']) : 'guid'; if (preg_match('/^[_[:lower:]]{1,10}$/', $order_by)); else $order_by = 'guid'; } else { $order_by = (isset($_GET['order_by'])) ? $sqlc->quote_smart($_GET['order_by']) : 'ticket_id'; if (preg_match('/^[_[:lower:]]{1,10}$/', $order_by)); else $order_by = 'ticket_id'; } $dir = (isset($_GET['dir'])) ? $sqlc->quote_smart($_GET['dir']) : 1; if (preg_match('/^[01]{1}$/', $dir)); else $dir=1; $order_dir = ($dir) ? 'ASC' : 'DESC'; $dir = ($dir) ? 0 : 1; //==========================$_GET and SECURE end============================= //get total number of items if($server_type) $query_1 = $sqlc->query('SELECT count(*) FROM gm_tickets'); else $query_1 = $sqlc->query('SELECT count(*) FROM character_ticket'); $all_record = $sqlc->result($query_1,0); unset($query_1); if($server_type) $query = $sqlc->query("SELECT gm_tickets.guid, gm_tickets.playerGuid, SUBSTRING_INDEX(gm_tickets.message,' ',6),`characters`.name FROM gm_tickets,`characters` WHERE gm_tickets.playerGuid = `characters`.`guid` ORDER BY $order_by $order_dir LIMIT $start, $itemperpage"); else $query = $sqlc->query("SELECT character_ticket.ticket_id, character_ticket.guid, SUBSTRING_INDEX(character_ticket.ticket_text,' ',6), `characters`.name FROM character_ticket,`characters` WHERE character_ticket.guid = `characters`.`guid` ORDER BY $order_by $order_dir LIMIT $start, $itemperpage"); $output .="

"; $output .= generate_pagination("ticket.php?action=browse_tickets&order_by=$order_by&dir=".!$dir, $all_record, $itemperpage, $start); $output .= "

"; $output .= "

"; if($user_lvl >= $action_permission['delete']) $output .=" "; if($user_lvl >= $action_permission['update']) $output .=" "; if ($server_type) $output .=" "; else $output .=" "; $output .=" "; while ($ticket = $sqlc->fetch_row($query)) { $output .= " "; if($user_lvl >= $action_permission['delete']) $output .=" "; if($user_lvl >= $action_permission['update']) $output .=" "; $output .=" "; } unset($query); unset($ticket); $output .= "

	{$lang_global['edit']}	".($order_by=='guid' ? " $\"\"$ " : "")."{$lang_ticket['id']}	".($order_by=='playerGuid' ? " $\"\"$ " : "")."{$lang_ticket['sender']}	".($order_by=='ticket_id' ? " $\"\"$ " : "")."{$lang_ticket['id']}
	{$lang_global['edit']}	$ticket[0]	".htmlentities($ticket[3])."	".htmlentities($ticket[2])." ...
"; $output .= generate_pagination("ticket.php?action=browse_tickets&order_by=$order_by&dir=".!$dir, $all_record, $itemperpage, $start); $output .= "
"; if($user_lvl >= $action_permission['delete']) makebutton($lang_ticket['del_selected_tickets'], "javascript:do_submit()\" type=\"wrn",230); $output .= "	{$lang_ticket['tot_tickets']}: $all_record

"; } //######################################################################################################################## // DELETE TICKETS //######################################################################################################################## function delete_tickets() { global $lang_global, $characters_db, $realm_id, $server_type, $action_permission; valid_login($action_permission['delete']); if(!isset($_GET['check'])) redirect("ticket.php?error=1"); $sqlc = new SQL; $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $check = $sqlc->quote_smart($_GET['check']); $deleted_tickets = 0; for ($i=0; $iquery("DELETE FROM gm_tickets WHERE guid = '$check[$i]'"); else $query = $sqlc->query("DELETE FROM character_ticket WHERE ticket_id = '$check[$i]'"); $deleted_tickets++; } } if (0 == $deleted_tickets) redirect('ticket.php?error=3'); else redirect('ticket.php?error=2'); } //######################################################################################################################## // EDIT TICKET //######################################################################################################################## function edit_ticket() { global $lang_global, $lang_ticket, $output, $characters_db, $realm_id, $server_type, $action_permission; valid_login($action_permission['update']); if(!isset($_GET['id'])) redirect("Location: ticket.php?error=1"); $sqlc = new SQL; $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $id = $sqlc->quote_smart($_GET['id']); if(is_numeric($id)); else redirect("ticket.php?error=1"); if ($server_type) $query = $sqlc->query("SELECT gm_tickets.playerGuid, gm_tickets.message text, `characters`.name FROM gm_tickets,`characters` LEFT JOIN gm_tickets k1 ON k1.`playerGuid`=`characters`.`guid` WHERE gm_tickets.playerGuid = `characters`.`guid` AND gm_tickets.guid = '$id'"); else $query = $sqlc->query("SELECT character_ticket.guid, character_ticket.ticket_text, `characters`.name FROM character_ticket,`characters` LEFT JOIN character_ticket k1 ON k1.`guid`=`characters`.`guid` WHERE character_ticket.guid = `characters`.`guid` AND character_ticket.ticket_id = '$id'"); if ($ticket = $sqlc->fetch_row($query)) { $output .= "

{$lang_ticket['edit_reply']}

{$lang_ticket['ticket_id']}

$id

{$lang_ticket['submitted_by']}:

".htmlentities($ticket[2])."

{$lang_ticket['ticket_text']}

"; makebutton($lang_ticket['update'], "javascript:do_submit()\" type=\"wrn",130); $output .= "

"; makebutton($lang_ticket['send_ingame_mail'], "mail.php?type=ingame_mail&to=$ticket[2]",130); $output .= "

"; makebutton($lang_global['back'], "ticket.php\" type=\"def",130); $output .= "

"; $output .= "

"; } else error($lang_global['err_no_records_found']); } //######################################################################################################################## // DO EDIT TICKET //######################################################################################################################## function do_edit_ticket() { global $characters_db, $realm_id, $server_type, $action_permission; valid_login($action_permission['update']); if(empty($_POST['new_text']) || empty($_POST['id']) ) redirect("ticket.php?error=1"); $sqlc = new SQL; $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $new_text = $sqlc->quote_smart($_POST['new_text']); $id = $sqlc->quote_smart($_POST['id']); if(is_numeric($id)); else redirect("ticket.php?error=1"); if ($server_type) $query = $sqlc->query("UPDATE gm_tickets SET message='$new_text' WHERE guid = '$id'"); else $query = $sqlc->query("UPDATE character_ticket SET ticket_text='$new_text' WHERE ticket_id = '$id'"); if ($sqlc->affected_rows()) { redirect("ticket.php?error=5"); } else { redirect("ticket.php?error=6"); } } //######################################################################################################################## // MAIN //######################################################################################################################## $err = (isset($_GET['error'])) ? $_GET['error'] : NULL; $output .= "

"; $lang_ticket = lang_ticket(); switch ($err) { case 1: $output .= "

{$lang_global['empty_fields']}

"; break; case 2: $output .= "

{$lang_ticket['ticked_deleted']}

"; break; case 3: $output .= "

{$lang_ticket['ticket_not_deleted']}

"; break; case 4: $output .= "

{$lang_ticket['edit_ticked']}

"; break; case 5: $output .= "

{$lang_ticket['ticket_updated']}

"; break; case 6: $output .= "

{$lang_ticket['ticket_update_err']}

"; break; default: //no error $output .= "

{$lang_ticket['browse_tickets']}

"; } unset($err); $output .= "

"; $action = (isset($_GET['action'])) ? $_GET['action'] : NULL; switch ($action) { case "browse_tickets": browse_tickets($sqlc); break; case "delete_tickets": delete_tickets(); break; case "edit_ticket": edit_ticket(); break; case "do_edit_ticket": do_edit_ticket(); break; default: browse_tickets($sqlc); } unset($action); unset($action_permission); unset($lang_tikcet); require_once 'footer.php'; ?>