if empty _POST message message DB init save clear_text http_request me

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
if (!empty($_POST['message'])){
$message = DB::init()->save(clear_text(http_request('message','POST',20000)));
$ticket_id = USER::init()->session_data('ticket_id');
$ticket_data = DB::init(__LINE__,__FILE__)->query_assoc("SELECT t1.`noid`,t1.`created`,t1.`text`,t2.`status`,`aname` ".
"FROM tickets_message AS `t1`,tickets AS `t2` ".
"WHERE t1.`id`='$ticket_id' AND t2.`id`=t1.`id` ORDER BY `noid` DESC LIMIT 1");
if (!DB::init()->mysql_error AND $ticket_data['noid'] > 0){
if (!is_null($ticket_data['aname']) OR (time()-$ticket_data['created']) > 300 OR strlen ($ticket_data['text']) > 20000){
DB::init(__LINE__,__FILE__)->query_unbuf("INSERT INTO `tickets_message` (`id`,`noid`, `created`, `text`) VALUES ('$ticket_id',{$ticket_data['noid']}+1,'".time()."', '$message')");
}else{
$message = $ticket_data['text']."\nUpd: ".date('H:i:s').'\n'.$message;
DB::init(__LINE__,__FILE__)->query_unbuf("UPDATE `tickets_message` SET `text`='$message' WHERE (`id`='$ticket_id') AND (`noid`='{$ticket_data['noid']}')");
}
if ($ticket_data['status'] <> 2){
DB::init(__LINE__,__FILE__)->query_unbuf("UPDATE `tickets` SET `status`='2' WHERE (`id`='$ticket_id')");
}
if (DB::init()->mysql_error){
out_json_data(array('tickets_stat'=>false));
}else {
out_json_data(array('tickets_stat'=>true,'ticket_id'=>$ticket_id));
}
}else {
out_json_data(array('tickets_stat'=>false));
}
}else {
include($GLOBALS['PANEL_DIR'].'tickets.tpl');
out_json_data(array('tickets_stat'=>true,'tpl'=>optimize_html($tickets_add_tpl)));
}