if (isset($_POST['update'])){
if ( $_POST['nacl'] == md5(AUTH_KEY.$db->get_var("select user_password from site_users where user_id = $user_id;")) ) {
$note_id = checkid($_POST['note_id']);
$call_id = checkid($_POST['call_id']);
$user_id = $_SESSION['user_id'];
if ( $user_id == $db->get_var("select note_post_user from site_notes where note_post_user = $user_id;") ) {
$note_body = trim( htmlentities($db->escape($_POST['note_body'])) );
$note_post_ip = $db->escape( $_SERVER['REMOTE_ADDR'] );
$db->query("UPDATE site_notes SET note_body='$note_body',note_post_ip='$note_post_ip' WHERE note_id=$note_id;");
header("Location: fhd_call_edit.php?call_id=$call_id");
//echo exit;
}
}else{
//not verified, warning and exit!
echo "Warning: Verification Error!
";
exit;
}
}
//
//
if (isset($_POST['add'])){
if ( $_POST['nacl'] == md5(AUTH_KEY.$db->get_var("select user_password from site_users where user_id = $user_id;")) ) {
//authentication verified, continue.
$note_relation = checkid($_POST['note_relation']);
$note_body = trim( htmlentities( $db->escape($_POST['note_body']) ) );
$note_post_date = mktime(date('n/j/y g:i a'));
$note_post_ip = $_SERVER['REMOTE_ADDR'];
$note_post_user = $_SESSION['user_id'];
$db->query("INSERT INTO site_notes(note_type,note_title,note_body,note_relation,note_post_date,note_post_ip,note_post_user) VALUES( 1,'$note_title','$note_body',$note_relation,$note_post_date,'$note_post_ip','$note_post_user');");
//$call_user = $db->get_var("select call_user from site_calls where call_id = $note_relation;");
//
if ($db->get_var("select user_msg_send from site_users where user_id = $user_id;") == 1){
$call_email = $db->get_var("select call_email from site_calls where call_id = $note_relation;");
$headers = "From:" . FROM_EMAIL . "\r\n";
$headers .="Reply-To: " . FROM_EMAIL . "\r\n";
$headers .="X-Mailer: PHP/" . phpversion() ."\r\n";
$headers .="MIME-Version: 1.0" . "\r\n";
$headers .="Content-type: text/html; charset=iso-8859-1" . "\r\n";
$subject = "Ticket [# $note_relation] Updated";
$message = "
Ticket Updated
Ticket Updated.
Ticket Number: $note_relation
Note Details: $note_body
";
mail($call_email, $subject, $message, $headers);
$mailsent = "&mailsent=yes";
}
//notify admin
mail(TO_EMAIL, $subject, $message, $headers);
//
//where to redirect...
if(isset($_SESSION['admin'])){
header("Location: fhd_call_edit.php?call_id=$note_relation");
}else{
header("Location: fhd_call_details.php?call_id=$note_relation$mailsent");
}
}else{
//not verified, warning and exit!
echo "Warning: Verification Error.
";
exit;
}
}
//
// EDIT note
//check type variable
if (isset($_GET['note_id'])) {
$note_id = checkid($_GET['note_id']);
$call_id = checkid($_GET['call_id']);
$nacl = md5(AUTH_KEY.$db->get_var("select user_password from site_users where user_id = $user_id;"));
$note_body = $db->get_var("select note_body from site_notes where note_id = $note_id;");
?>
Edit Note
escape( $_GET['action'] );
if ($action=="add") {
$call_id = checkid($_GET['call_id']);
$nacl = md5(AUTH_KEY.$db->get_var("select user_password from site_users where user_id = $user_id;"));
?>
Add Note
Login Name: " . $_SESSION['name'] . "
";
}
include("includes/footer.php");