<?php
session_start();
require "config.php";
if($_SESSION['modo'] == "user")
{
session_unset();
session_destroy();
session_start();
}
if(isset($_POST['user'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
$userreg=mysql_query("select * from staff WHERE user='$user' AND pass='$pass'") or die ("ERROR 1");
$reguser=mysql_fetch_array($userreg) or die ("ERROR, CAN NOT LOGIN");
$_SESSION['user'] = $reguser['user'];
$_SESSION['name'] = $reguser['name'];
$_SESSION['email'] = $reguser['email'];
$_SESSION['articulo'] = $reguser['articulo'];
$_SESSION['ban'] = $reguser['ban'];
$_SESSION['modo'] = "staff";
if($_SESSION['user'] == "")
{
header('Location: error.php');
}
}
elseif(!isset($_SESSION['user']))
{
header('Location: error.php');
}
$modificaultimoingreso= mysql_query("update staff set ultima='$date' where user='$_SESSION[user]'");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<script language="JavaScript" type="text/javascript">
function enviar()
{
document.departamentoselect.submit();
}
</script>
<title>Support Center - <?php echo $titulo; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><!-- default stylesheet -->
<link rel="stylesheet" type="text/css" media="all" href="index_files/index.css">
<style type="text/css">
<!--
body {
background-image: url();
margin-top: 0px;
margin-bottom: 0px;
}
-->
</style>
<link rel="stylesheet" href="index_files/style.css" type="text/css">
<!-- default javascript -->
<script language="Javascript">
function mostrarcarga()
{
document.getElementById("articulo").style.display='none';
document.getElementById("cargando").style.display='';
document.articulopost.submit();
}
</script>
<script language="Javascript" src="index_files/basejs.js" type="text/javascript"></script>
<style type="text/css">
<!--
.Estilo2 {color: #003366}
.Estilo3 {color: #000000}
.Estilo5 {color: #666666}
.Estilo9 {color: #FF0000; font-weight: bold; font-size: 10px; }
.Estilo10 {
color: #009900;
font-weight: bold;
font-size: 12px;
}
.Estilo11 {font-size: 12px; color: #009900;}
.Estilo12 {font-size: 10px}
.Estilo15 {
font-size: 16px;
color: #666666;
}
.Estilo16 {color: #FF0000}
.Estilo18 {color: #FF0000; font-weight: bold; }
.Estilo19 {
color: #009900;
font-weight: bold;
}
.Estilo20 {color: #000099}
-->
</style>
</head>
<body>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="780">
<tbody>
<tr>
<td style="background-image: url();" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="750">
<tbody>
<tr>
<td><table width="750" border="0" align="center" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td><table width="100%" border="0" cellpadding="3" cellspacing="0" background="index_files/button-right.jpg">
<tbody>
<tr>
<td class="smalltext" align="left" valign="top"><b><font color="#707070"><a href="index.php" id="navlink"></a>Support Center <img src="login_files/blueblockarrow.gif" width="8" height="8"> Admistration<img src="login_files/blueblockarrow.gif" width="8" height="8"> <a href="login-staff.php">Staff</a> </font></b></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
<tr>
<td><table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td height="1" width="10"><img src="index_files/space.gif" height="1" width="5"></td>
<td height="1" width="10"><img src="index_files/space.gif" height="1" width="1"></td>
<td height="1" width="515"><img src="index_files/space.gif" height="1" width="5"></td>
<td height="1" width="210"><img src="index_files/space.gif" height="1" width="210"></td>
<td height="1" width="5"><img src="index_files/space.gif" height="1" width="5"></td>
</tr>
<tr>
<td height="1" width="10"> </td>
<td align="left" valign="top" width="10"><img src="index_files/space.gif" height="1" width="5"></td>
<td width="515" align="left" valign="top"><?php if(isset($_POST[departamento]))
{
$registros=mysql_query("select * from tickets WHERE departamento='$_POST[departamento]'",$conexion);
if(mysql_fetch_array($registros) > 0)
{
?>
<table width="100%" height="69" border="0" cellpadding="3" cellspacing="1">
<tbody>
<tr class="tabletitlerow" title="" onMouseOver="" onMouseOut="" onClick="" id="" style="" height="">
<td width="50" height="19" colspan="" align="center" valign="middle" class="tabletitlerow">New</td>
<td width="140" colspan="" align="center" valign="middle" class="tabletitlerow">Title </td>
<td width="91" colspan="" align="center" valign="middle" class="tabletitlerow">Autor</td>
<td width="107" align="center" valign="middle" class="tabletitlerow">Date</td>
<td width="91" align="center" valign="middle" class="tabletitlerow">Last </td>
</tr>
<?php
$registros2=mysql_query("select * from tickets WHERE departamento='$_POST[departamento]' ORDER BY leido ASC",$conexion);
while ($reg=mysql_fetch_array($registros2))
{
?>
<tr class="row1" onMouseOver="this.className='rowhighlight';" onMouseOut="this.className='row1';" bgcolor="<?php
if($reg['leido'] == 0)
{
echo "#80A9EA";
}
if($reg['leido'] == 1)
{
echo "#EDF4FF";
}
?>">
<td height="47" align="center" valign="middle" bgcolor="<?php
if($reg['leido'] == 0)
{
echo "#80A9EA";
}
if($reg['leido'] == 1)
{
echo "#EDF4FF";
}
?>">
<img src="<?php
if($reg['leido'] == 0)
{
echo "si";
}
else
{
echo "no";
}
?>.png" alt="ver.php?id=<?php echo $reg['id']; ?>" width="16" height="16">
</td>
<td align="center" valign="middle" bgcolor="<?php
if($reg['leido'] == 0)
{
echo "#80A9EA";
}
if($reg['leido'] == 1)
{
echo "#EDF4FF";
}
?>"><span class="smalltext"><a href="ver.php?id=<?php echo $reg['id']; ?>"><?php echo $reg['asunto']; ?></a></span></td>
<td align="center" valign="middle" bgcolor="<?php
if($reg['leido'] == 0)
{
echo "#80A9EA";
}
if($reg['leido'] == 1)
{
echo "#EDF4FF";
}
?>"><span class="smalltext"><?php echo $reg['user']; ?></span></td>
<td align="center" valign="middle" bgcolor="<?php
if($reg['leido'] == 0)
{
echo "#80A9EA";
}
if($reg['leido'] == 1)
{
echo "#EDF4FF";
}
?>"><span class="smalltext"><?php echo $reg['fecha']; ?></span></td>
<td align="center" valign="middle" bgcolor="<?php
if($reg['leido'] == 0)
{
echo "#80A9EA";
}
if($reg['leido'] == 1)
{
echo "#EDF4FF";
}
?>"><span class="smalltext"><?php echo $reg['ultimo']; ?></span></td>
</tr>
<?php
}
?>
</tbody>
</table>
<p>
<?php
}
else
{
?>
<p align="center" class="Estilo9 Estilo12">(There aren't any ticket)</p>
<?php
}
}
elseif (!isset($_GET[code]) && !isset($_POST['asunto']))
{?>
<p></p>
<p align="center" class="Estilo10"><img src="staff-big.png" width="128" height="128"></p>
<p align="center" class="Estilo10">Welcome to the Staff Panel , <span class="smalltext"><?php echo $_SESSION[name]; ?></span></p>
<hr>
<p align="center" class="Estilo11">To answer tickets , go to "Show Tickets". </p>
<p>
<?php
}
elseif($_GET[code] == "475648DS7E4R5Y44F1ASD2W1" && $_SESSION['articulo'] == 1)
{
?>
</p>
<p align="center" class="redtext Estilo15">Publish Article </p>
<form action="staff.php?code=475648DS7E4R5Y44F1ASD2W1" method="post" enctype='multipart/form-data' name="articulopost" id="articulopost">
<table width="475" height="152" align="center">
<tr>
<td width="71" height="25" class="swiftfieldset">Title:</td>
<td width="392"><label>
<input name="asunto" type="text" id="asunto">
</label></td>
</tr>
<tr>
<td height="45" class="swiftfieldset">Content:</td>
<td>
<textarea name="text_content" cols="60" rows="10" id="text_content"></textarea></td>
</tr>
<tr>
<td height="36" class="swiftfieldset">File: <span class="Estilo16">(optional)</span></td>
<td><input name='fileuploader' type=file class='bginput' id="fileuploader" value="">
(Max.:
<?php $valorutilizado = $filemax / 1048576; echo $valorutilizado;?> Mb )<span class="Estilo18">*</span></td>
</tr>
<tr>
<td height="34" class="swiftfieldset"><input name="Submit2" type="submit" value="Publish Article" onClick=""></td>
<td><span class="Estilo18">*</span><span class="Estilo3">If you add a file, the article can lated more. </span></td>
</tr>
</table>
</form>
<p>
<?php
}
if(isset($_POST['asunto']))
{
if (strlen($_POST[asunto]) < 4)
{
?>
<span class="Estilo18">Error:</span><span class="Estilo16"> Title is very short </span>
<?php
}
elseif (strlen($_POST[text_content]) < 10)
{
?>
<span class="Estilo18">Error:</span><span class="Estilo16"> Content is very short </span>
<?php
}
else
{
//INICIA UPLOAD FILE
if($_FILES['fileuploader']['name'] != "")
{
if($_FILES['fileuploader']['size'] < $filemax)
{
do{
$filename = rand(1,1000000) . "_" . $_FILES['fileuploader']['name'];
$filename=str_replace(" ","_",$filename);
}while(@mysql_num_rows("SELECT file from guias where file LIKE '%$filename%'") == 1);
$add = "../files/$filename";
move_uploaded_file($_FILES['fileuploader']['tmp_name'], $add) or die("ERROR1");
chmod("$add",0777) or die("ERROR2");
echo "
<span class='Estilo19'><strong>Ãxito.</strong> El artÃculo se a publicado correctamente.</span>";
}
else
{
?><span class="Estilo18">Error:</span><span class="Estilo16"> Error uploding the file. Perhaps is very high </span><?php
}
}
else
{
$filename = "";
echo "
<span class='Estilo19'><strong>Ãxito.</strong> El artÃculo se a publicado correctamente.</span>";
}
//Termina
$publcararticulo = mysql_query("INSERT into guias(id,user,file,asunto,contenido,fecha) values ('','$_SESSION[name]','$filename','$_POST[asunto]','$_POST[text_content]','$date')") or die("Error!");
?>
<script>
div = document.getElementById("cargando");
div.style.display="none";
</script>
<?php
}
}
elseif($_GET[code] == "R5A7RHE4EW7D75EW5A" && $_SESSION['ban'] == 1)
{
?>
</p>
<p align="center"> </p>
<p align="center"><span class="redtext Estilo15">Delete User</span></p>
<form name="form1" method="post" action="staff.php?code=R5A7RHE4EW7D75EW5A">
<table width="475" height="67" align="center">
<tr>
<td width="71" height="25" class="swiftfieldset">Id:</td>
<td width="392"><label>
<input name="id" type="text" id="id" size="15">
</label></td>
</tr>
<tr>
<td height="34" class="swiftfieldset"><input name="Submit22" type="submit" value="Delete User" onClick=""></td>
<td> </td>
</tr>
</table>
</form>
<p align="center">
<?php if(isset($_POST[id]))
{
if(strlen($_POST[id]) > 0 )
{
//Funcion Borrrar
mysql_query("delete from usuarios where id='$_POST[id]'");
?>
</p>
<p align="center" class="Estilo19">User has been deleted </p>
<?php
}
else
{
?>
<p align="center" class="Estilo18">Incorrect ID</p>
<?php
}
}
}
?> </td>
<td align="left" valign="top"><table width="100%" height="323" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td align="left" valign="top"><table class="tborder" border="0" cellpadding="0" cellspacing="0" width="100%">
<!-- BEGIN LOGIN BOX -->
<tbody>
<tr class="tcat">
<td align="left" width="1"><img src="index_files/space.gif" height="21" width="1"></td>
<td align="left" width="8"><img src="index_files/blockarrow.gif" height="8" width="8"></td>
<td width="169" align="left" valign="middle"> <span class="smalltext">Welcome:<?php echo $_SESSION[name]; ?>(<a href="../close.php">close</a>)</span></td>
<td align="right" width="25"> </td>
</tr>
<tr>
<td colspan="4" bgcolor="#f5f5f5"><table border="0" cellpadding="2" cellspacing="1" width="98%">
<tbody>
<tr>
<td class="smalltext" width="97%"><a href="staff.php" class="Estilo2"><img src="clipboard.gif" width="16" height="16"><span class="Estilo3"> Show Tickets </span></a></td>
<td width="3%"> </td>
</tr>
<tr>
<td class="smalltext"><img src="new.gif" width="16" height="16">
<?php
if($_SESSION['articulo'] == 1)
{
?>
<span class="Estilo3"> <a href="staff.php?code=475648DS7E4R5Y44F1ASD2W1">Publish Article</a> </span>
<?php
}
else
{
?>
<span class="Estilo5">Publish Article </span>
<?php } ?></td>
<td> </td>
</tr>
<tr>
<td class="smalltext"><p> <img src="lock.gif" width="16" height="16">
<?php
if($_SESSION['ban'] == 1)
{
?>
<a href="staff.php?code=R5A7RHE4EW7D75EW5A" class="Estilo2"><span class="Estilo3"> Delete Users </span></a>
<?php
}
else
{
?>
<span class="Estilo5">Delete Users </span>
<?php } ?>
</p></td>
<td> </td>
</tr>
<tr>
<td class="smalltext"><form name="departamentoselect" method="post" action="staff.php">
<table class="tborder" border="0" cellpadding="0" cellspacing="0" width="100%">
<!-- BEGIN LOGIN BOX -->
<tbody>
<tr class="tcat">
<td align="left" width="1"><img src="index_files/space.gif" height="21" width="1"></td>
<td align="left" width="8"><img src="index_files/blockarrow.gif" height="8" width="8"></td>
<td width="169" align="left" valign="middle"> <img src="clipboard.gif" width="16" height="16"> Show Tickets </td>
<td align="right" width="25"> </td>
</tr>
<tr>
<td colspan="4" bgcolor="#f5f5f5"><table border="0" cellpadding="2" cellspacing="1" width="100%">
<tbody>
<tr>
<td class="smalltext" width="46%"><label>
<select name="departamento" onChange="enviar()">
<option value="" selected>Department..</option>
<?php
$usuariodep = "-" . $_SESSION['user'] . "-";
$busquedadepartamentos=mysql_query("SELECT * FROM departamentos WHERE staff LIKE '%$usuariodep%'") or die("Problemas en el select departamentos:".mysql_error());
while ($departamento=mysql_fetch_array($busquedadepartamentos))
{
?>
<option value="<?php echo $departamento['departamento']; ?>"><?php echo $departamento['departamento']; ?></option>
<?php }
?>
</select>
</label></td>
</tr>
</tbody>
</table>
<script language="Javascript">
document.loginform.loginemail.focus();
</script></td>
</tr>
<!-- END LOGIN BOX -->
<tr class="borderrow1">
<td colspan="4" align="left" height="1"><img src="index_files/space.gif" height="1" width="1"></td>
</tr>
<tr> </tr>
</tbody>
</table>
</form>
<a href="seach.php" class="Estilo2">
<div align="center"></div>
</a> </td>
<td> </td>
</tr>
</tbody>
</table>
<script language="Javascript">
document.loginform.loginemail.focus();
</script></td>
</tr>
<!-- END LOGIN BOX -->
<tr class="borderrow1">
<td colspan="4" align="left" height="1"><img src="index_files/space.gif" height="1" width="1"></td>
</tr>
<tr>
<td height="22" colspan="4" bgcolor="#f5f5f5"> </td>
</tr>
</tbody>
</table></td>
<td width="5"><img src="index_files/space.gif" height="1" width="5"></td>
</tr>
</tbody>
</table></td>
<td height="1" width="5"><img src="index_files/space.gif" height="1" width="5"></td>
</tr>
</tbody>
</table></td>
</tr>
<tr>
<td colspan="2" height="15"><div align="center"><?php echo $titulo; echo "©"; echo $fecha = date("Y"); ?>. All rights Reserved - Power by <a href="http://www.opensupports.com" class="Estilo20">OpenSupports</a></div></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="830">
</table>
</center></body></html>