function do_login()
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = array();
$user = hesk_input(hesk_POST('user'));
if (empty($user)) {
$myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
$hesk_error_buffer['user'] = $myerror;
}
define('HESK_USER', $user);
$pass = hesk_input(hesk_POST('pass'));
if (empty($pass)) {
$hesk_error_buffer['pass'] = $hesklang['enter_pass'];
}
if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use']) {
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
if ($resp->is_valid) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} else {
$mysecnum = intval(hesk_POST('mysecnum', 0));
if (empty($mysecnum)) {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
} else {
require HESK_PATH . 'inc/secimg.inc.php';
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
/* Any missing fields? */
if (count($hesk_error_buffer) != 0) {
$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
print_login();
exit;
} elseif (isset($_SESSION['img_a_verified'])) {
unset($_SESSION['img_a_verified']);
}
/* User entered all required info, now lets limit brute force attempts */
hesk_limitBfAttempts();
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('user', 'pass');
hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
print_login();
exit;
}
$res = hesk_dbFetchAssoc($result);
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check password */
if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('pass');
hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
print_login();
exit;
}
$pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Remember username? */
if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
} elseif (hesk_POST('remember_user') == 'JUSTUSER') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', '');
} else {
// Expire cookie if set otherwise
setcookie('hesk_username', '');
setcookie('hesk_p', '');
}
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape(date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400)) . "'");
}
/* Redirect to the destination page */
if (hesk_isREQUEST('goto')) {
$url = hesk_REQUEST('goto');
$url = str_replace('&', '&', $url);
/* goto parameter can be set to the local domain only */
$myurl = parse_url($hesk_settings['hesk_url']);
$goto = parse_url($url);
if (isset($myurl['host']) && isset($goto['host'])) {
if (str_replace('www.', '', strtolower($myurl['host'])) != str_replace('www.', '', strtolower($goto['host']))) {
$url = 'admin_main.php';
}
}
header('Location: ' . $url);
} else {
header('Location: admin_main.php');
}
exit;
}
function hesk_autoLogin($noredirect = 0)
{
global $hesk_settings, $hesklang, $hesk_db_link;
if (!$hesk_settings['autologin']) {
return false;
}
$user = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
$hash = hesk_htmlspecialchars(hesk_COOKIE('hesk_p'));
define('HESK_USER', $user);
if (empty($user) || empty($hash)) {
return false;
}
/* Login cookies exist, now lets limit brute force attempts */
hesk_limitBfAttempts();
/* Check username */
$result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login¬ice=1');
exit;
}
$res = hesk_dbFetchAssoc($result);
/* Check password */
if ($hash != hesk_Pass2Hash($res['pass'] . strtolower($user) . $res['pass'])) {
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login¬ice=1');
exit;
}
// Set user details
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
// We don't need the password hash anymore
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Get allowed categories */
if (empty($_SESSION['isadmin'])) {
$_SESSION['categories'] = explode(',', $_SESSION['categories']);
}
/* Renew cookies */
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$hash}", strtotime('+1 year'));
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
$dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get list of tickets
$result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
if (hesk_dbNumRows($result) > 0) {
global $ticket;
// Load required functions?
if (!function_exists('hesk_notifyCustomer')) {
require HESK_PATH . 'inc/email_functions.inc.php';
}
while ($ticket = hesk_dbFetchAssoc($result)) {
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
$ticket = hesk_ticketToPlain($ticket, 1, 0);
hesk_notifyCustomer('ticket_closed');
}
}
}
// Update ticket statuses and history in database
hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`='3', `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
}
/* If session expired while a HESK page is open just continue using it, don't redirect */
if ($noredirect) {
return true;
}
/* Redirect to the destination page */
header('Location: ' . hesk_verifyGoto());
exit;
}
function update_profile()
{
global $hesk_settings, $hesklang, $can_view_unassigned;
/* A security check */
hesk_token_check('POST');
$sql_pass = '';
$sql_username = '';
$hesk_error_buffer = '';
$_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
$_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
$_SESSION['new']['signature'] = hesk_input(hesk_POST('signature'));
/* Signature */
if (strlen($_SESSION['new']['signature']) > 255) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
/* Admins can change username */
if ($_SESSION['isadmin']) {
$_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
/* Check for duplicate usernames */
$result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 0) {
$hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
} else {
$sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'";
}
}
/* Change password? */
$newpass = hesk_input(hesk_POST('newpass'));
$passlen = strlen($newpass);
if ($passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2 = hesk_input(hesk_POST('newpass2'));
if ($newpass != $newpass2) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$v = hesk_Pass2Hash($newpass);
if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
define('WARN_PASSWORD', true);
}
$sql_pass = '******'' . $v . '\'';
}
}
}
/* After reply */
$_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply'));
if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) {
$_SESSION['new']['afterreply'] = 0;
}
/* Auto-start ticket timer */
$_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
/* Notifications */
$_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
/* Any errors? */
if (strlen($hesk_error_buffer)) {
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
} else {
/* Update database */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n\t `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\r\n\t `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\r\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\r\n {$sql_username}\r\n\t\t{$sql_pass} ,\r\n\t `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,\r\n `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,\r\n\t `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,\r\n `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,\r\n `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,\r\n `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,\r\n `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,\r\n `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',\r\n `notify_note`='" . intval($_SESSION['new']['notify_note']) . "'\r\n\t WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
/* Update session variables */
foreach ($_SESSION['new'] as $k => $v) {
$_SESSION[$k] = $v;
}
unset($_SESSION['new']);
hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS');
}
}
}
}
// Test database connection?
if ($_SESSION['step'] == 3 && isset($_POST['dbtest'])) {
// Username
$_SESSION['admin_user'] = hesk_input(hesk_POST('admin_user'));
if (strlen($_SESSION['admin_user']) == 0) {
$_SESSION['admin_user'] = '******';
}
// Password
$_SESSION['admin_pass'] = hesk_input(hesk_POST('admin_pass'));
if (strlen($_SESSION['admin_pass']) == 0) {
$_SESSION['admin_pass'] = substr(str_shuffle("23456789abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ"), 0, mt_rand(8, 12));
}
// Password hash for the database
$_SESSION['admin_hash'] = hesk_Pass2Hash($_SESSION['admin_pass']);
$hesk_db_link = hesk_iTestDatabaseConnection();
// Get table prefix, don't allow any special chars
$hesk_settings['db_pfix'] = preg_replace('/[^0-9a-zA-Z_]/', '', hesk_POST('pfix', 'hesk_'));
// Generate HESK table names
$hesk_tables = array($hesk_settings['db_pfix'] . 'attachments', $hesk_settings['db_pfix'] . 'banned_emails', $hesk_settings['db_pfix'] . 'banned_ips', $hesk_settings['db_pfix'] . 'categories', $hesk_settings['db_pfix'] . 'kb_articles', $hesk_settings['db_pfix'] . 'kb_attachments', $hesk_settings['db_pfix'] . 'kb_categories', $hesk_settings['db_pfix'] . 'logins', $hesk_settings['db_pfix'] . 'mail', $hesk_settings['db_pfix'] . 'notes', $hesk_settings['db_pfix'] . 'online', $hesk_settings['db_pfix'] . 'pipe_loops', $hesk_settings['db_pfix'] . 'replies', $hesk_settings['db_pfix'] . 'reply_drafts', $hesk_settings['db_pfix'] . 'reset_password', $hesk_settings['db_pfix'] . 'service_messages', $hesk_settings['db_pfix'] . 'std_replies', $hesk_settings['db_pfix'] . 'tickets', $hesk_settings['db_pfix'] . 'ticket_templates', $hesk_settings['db_pfix'] . 'users');
// Check if any of the HESK tables exists
$res = hesk_dbQuery('SHOW TABLES FROM `' . hesk_dbEscape($hesk_settings['db_name']) . '`');
while ($row = hesk_dbFetchRow($res)) {
if (in_array($row[0], $hesk_tables)) {
hesk_iDatabase(2);
}
}
// All ok, let's save settings
hesk_iSaveSettings();
// Now install HESK database tables
function do_login()
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = array();
$user = hesk_input(hesk_POST('user'));
if (empty($user)) {
$myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
$hesk_error_buffer['user'] = $myerror;
}
define('HESK_USER', $user);
$pass = hesk_input(hesk_POST('pass'));
if (empty($pass)) {
$hesk_error_buffer['pass'] = $hesklang['enter_pass'];
}
if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use'] == 1) {
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
if ($resp->is_valid) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} elseif ($hesk_settings['recaptcha_use'] == 2) {
require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php';
$resp = null;
$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
// Was there a reCAPTCHA response?
if (isset($_POST["g-recaptcha-response"])) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
}
if ($resp != null && $resp->success) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} else {
$mysecnum = intval(hesk_POST('mysecnum', 0));
if (empty($mysecnum)) {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
} else {
require HESK_PATH . 'inc/secimg.inc.php';
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
/* Any missing fields? */
if (count($hesk_error_buffer) != 0) {
$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
print_login();
exit;
} elseif (isset($_SESSION['img_a_verified'])) {
unset($_SESSION['img_a_verified']);
}
/* User entered all required info, now lets limit brute force attempts */
hesk_limitBfAttempts();
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('user', 'pass');
hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
print_login();
exit;
}
$res = hesk_dbFetchAssoc($result);
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check password */
if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('pass');
hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
print_login();
exit;
}
$pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
// We don't need the password hash anymore
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Make sure our user is active */
if (!$_SESSION['active']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('active');
hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT');
print_login();
exit;
}
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Remember username? */
if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
} elseif (hesk_POST('remember_user') == 'JUSTUSER') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', '');
} else {
// Expire cookie if set otherwise
setcookie('hesk_username', '');
setcookie('hesk_p', '');
}
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
$dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
$closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
$closedStatus = hesk_dbFetchAssoc($closedStatusRs);
// Are we allowed to close tickets in this status?
if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') {
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get list of tickets
$result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
if (hesk_dbNumRows($result) > 0) {
global $ticket;
// Load required functions?
if (!function_exists('hesk_notifyCustomer')) {
require HESK_PATH . 'inc/email_functions.inc.php';
}
while ($ticket = hesk_dbFetchAssoc($result)) {
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
$ticket = hesk_ticketToPlain($ticket, 1, 0);
hesk_notifyCustomer('ticket_closed');
}
}
}
// Update ticket statuses and history in database if we're allowed to do so
$defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1');
$defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs);
hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
}
}
/* Redirect to the destination page */
header('Location: ' . hesk_verifyGoto());
exit;
}
function hesk_iUpdateTables()
{
global $hesk_settings, $hesklang;
$update_all_next = 0;
// Updating version 0.90 to 0.91
if ($hesk_settings['update_from'] == '0.90') {
hesk_dbQuery("ALTER TABLE `hesk_users` ADD `notify` CHAR( 1 ) DEFAULT '1' NOT NULL");
$update_all_next = 1;
}
// END version 0.90 to 0.91
// Updating versions 0.91 through 0.93.1 to 0.94
if ($update_all_next || $hesk_settings['update_from'] == '0.91-0.93.1') {
hesk_dbQuery("CREATE TABLE `hesk_attachments` (\r\n\t\t `att_id` mediumint(8) unsigned NOT NULL auto_increment,\r\n\t\t `ticket_id` varchar(10) NOT NULL default '',\r\n\t\t `saved_name` varchar(255) NOT NULL default '',\r\n\t\t `real_name` varchar(255) NOT NULL default '',\r\n\t\t `size` int(10) unsigned NOT NULL default '0',\r\n\t\t PRIMARY KEY (`att_id`),\r\n\t\t KEY `ticket_id` (`ticket_id`)\r\n\t\t) ENGINE=MyISAM");
hesk_dbQuery("CREATE TABLE `hesk_std_replies` (\r\n\t\t`id` smallint(5) unsigned NOT NULL auto_increment,\r\n\t\t`title` varchar(70) NOT NULL default '',\r\n\t\t`message` text NOT NULL,\r\n\t\t`reply_order` smallint(5) unsigned NOT NULL default '0',\r\n\t\tPRIMARY KEY (`id`)\r\n\t\t) ENGINE=MyISAM");
hesk_dbQuery("ALTER TABLE `hesk_categories`\r\n\t\tCHANGE `name` `name` varchar(60) NOT NULL default '',\r\n\t\tADD `cat_order` smallint(5) unsigned NOT NULL default '0'");
hesk_dbQuery("ALTER TABLE `hesk_replies`\r\n\t\tCHANGE `name` `name` varchar(50) NOT NULL default '',\r\n\t\tADD `attachments` TEXT");
hesk_dbQuery("ALTER TABLE `hesk_tickets`\r\n\t\tCHANGE `name` `name` varchar(50) NOT NULL default '',\r\n\t\tCHANGE `category` `category` SMALLINT(5) UNSIGNED NOT NULL DEFAULT '1',\r\n\t\tCHANGE `priority` `priority` enum('1','2','3') NOT NULL default '3',\r\n\t\tCHANGE `subject` `subject` varchar(70) NOT NULL default '',\r\n\t\tADD `lastchange` datetime NOT NULL default '0000-00-00 00:00:00' AFTER `dt`,\r\n\t\tCHANGE `status` `status` enum('0','1','2','3') default '1',\r\n\t\tADD `lastreplier` enum('0','1') NOT NULL default '0',\r\n\t\tADD `archive` enum('0','1') NOT NULL default '0',\r\n\t\tADD `attachments` text,\r\n\t\tADD `custom1` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD `custom2` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD `custom3` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD `custom4` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD `custom5` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD INDEX `archive` ( `archive` )");
// Change status of closed tickets to the new "Resolved" status
hesk_dbQuery("UPDATE `hesk_tickets` SET `status`='3' WHERE `status`='0'");
// Populate lastchange
hesk_dbQuery("UPDATE `hesk_tickets` SET `lastchange`=`dt`");
// Update categories with order values
$res = hesk_dbQuery("SELECT `id` FROM `hesk_categories`");
$i = 10;
while ($mycat = hesk_dbFetchAssoc($res)) {
hesk_dbQuery("UPDATE `hesk_categories` SET `cat_order`={$i} WHERE `id`=" . intval($mycat['id']) . " LIMIT 1");
$i += 10;
}
$update_all_next = 1;
}
// END versions 0.91 through 0.93.1 to 0.94
// Updating version 0.94 to 0.94.1
if ($hesk_settings['update_from'] == '0.94') {
hesk_dbQuery("CREATE TABLE `hesk_attachments` (\r\n\t\t `att_id` mediumint(8) unsigned NOT NULL auto_increment,\r\n\t\t `ticket_id` varchar(10) NOT NULL default '',\r\n\t\t `saved_name` varchar(255) NOT NULL default '',\r\n\t\t `real_name` varchar(255) NOT NULL default '',\r\n\t\t `size` int(10) unsigned NOT NULL default '0',\r\n\t\t PRIMARY KEY (`att_id`),\r\n\t\t KEY `ticket_id` (`ticket_id`)\r\n\t\t) ENGINE=MyISAM");
if ($hesk_settings['attachments']['use']) {
/* Update attachments for tickets */
$res = hesk_dbQuery("SELECT * FROM `hesk_tickets` WHERE `attachments` != '' ");
while ($ticket = hesk_dbFetchAssoc($res)) {
$att = explode('#####', substr($ticket['attachments'], 0, -5));
$myattachments = '';
foreach ($att as $myatt) {
$name = substr(strstr($myatt, $ticket['trackid']), 16);
$saved_name = strstr($myatt, $ticket['trackid']);
$size = filesize($hesk_settings['server_path'] . '/attachments/' . $saved_name);
hesk_dbQuery("INSERT INTO `hesk_attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($ticket['trackid']) . "', '" . hesk_dbEscape($saved_name) . "', '" . hesk_dbEscape($name) . "', '" . intval($size) . "')");
$myattachments .= hesk_dbInsertID() . '#' . $name . ',';
}
hesk_dbQuery("UPDATE `hesk_tickets` SET `attachments` = '" . hesk_dbEscape($myattachments) . "' WHERE `id` = " . intval($ticket['id']) . " LIMIT 1");
}
// Update attachments for replies
$res = hesk_dbQuery("SELECT * FROM `hesk_replies` WHERE `attachments` != '' ");
while ($ticket = hesk_dbFetchAssoc($res)) {
$res2 = hesk_dbQuery("SELECT `trackid` FROM `hesk_tickets` WHERE `id` = '" . intval($ticket['replyto']) . "' LIMIT 1");
$trackingID = hesk_dbResult($res2, 0, 0);
$att = explode('#####', substr($ticket['attachments'], 0, -5));
$myattachments = '';
foreach ($att as $myatt) {
$name = substr(strstr($myatt, $trackingID), 16);
$saved_name = strstr($myatt, $trackingID);
$size = filesize($hesk_settings['server_path'] . '/attachments/' . $saved_name);
hesk_dbQuery("INSERT INTO `hesk_attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($trackingID) . "', '" . hesk_dbEscape($saved_name) . "', '" . hesk_dbEscape($name) . "', '" . intval($size) . "')");
$myattachments .= hesk_dbInsertID() . '#' . $name . ',';
}
hesk_dbQuery("UPDATE `hesk_replies` SET `attachments` = '" . hesk_dbEscape($myattachments) . "' WHERE `id` = " . intval($ticket['id']) . " LIMIT 1");
}
}
// END if attachments use
$update_all_next = 1;
}
// END version 0.94 to 0.94.1
// Updating version 0.94.1 to 2.0
if ($update_all_next || $hesk_settings['update_from'] == '0.94.1') {
hesk_dbQuery("CREATE TABLE `hesk_kb_articles` (\r\n\t\t `id` smallint(5) unsigned NOT NULL auto_increment,\r\n\t\t `catid` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `dt` timestamp NOT NULL default CURRENT_TIMESTAMP,\r\n\t\t `author` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `subject` varchar(255) NOT NULL default '',\r\n\t\t `content` text NOT NULL,\r\n\t\t `rating` float NOT NULL default '0',\r\n\t\t `votes` mediumint(8) unsigned NOT NULL default '0',\r\n\t\t `views` mediumint(8) unsigned NOT NULL default '0',\r\n\t\t `type` enum('0','1','2') NOT NULL default '0',\r\n\t\t `html` enum('0','1') NOT NULL default '0',\r\n\t\t `art_order` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `history` text NOT NULL,\r\n\t\t PRIMARY KEY (`id`),\r\n\t\t KEY `catid` (`catid`),\r\n\t\t KEY `type` (`type`),\r\n\t\t FULLTEXT KEY `subject` (`subject`,`content`)\r\n\t\t) ENGINE=MyISAM");
hesk_dbQuery("CREATE TABLE `hesk_kb_categories` (\r\n\t\t `id` smallint(5) unsigned NOT NULL auto_increment,\r\n\t\t `name` varchar(255) NOT NULL default '',\r\n\t\t `parent` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `articles` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `cat_order` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `type` enum('0','1') NOT NULL default '0',\r\n\t\t PRIMARY KEY (`id`),\r\n\t\t KEY `type` (`type`)\r\n\t\t) ENGINE=MyISAM");
hesk_dbQuery("INSERT INTO `hesk_kb_categories` VALUES (1, 'Knowledgebase', 0, 0, 10, '0')");
hesk_dbQuery("CREATE TABLE `hesk_notes` (\r\n\t\t `id` mediumint(8) unsigned NOT NULL auto_increment,\r\n\t\t `ticket` mediumint(8) unsigned NOT NULL default '0',\r\n\t\t `who` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `dt` datetime NOT NULL default '0000-00-00 00:00:00',\r\n\t\t `message` text NOT NULL,\r\n\t\t PRIMARY KEY (`id`),\r\n\t\t KEY `ticketid` (`ticket`)\r\n\t\t) ENGINE=MyISAM");
$sql = array();
$sql[] = "ALTER TABLE `hesk_replies` ADD `staffid` SMALLINT UNSIGNED NOT NULL DEFAULT '0'";
$sql[] = "ALTER TABLE `hesk_replies` ADD `rating` ENUM( '1', '5' ) default NULL";
$sql[] = "ALTER TABLE `hesk_tickets` ADD INDEX `categories` ( `category` )";
$sql[] = "ALTER TABLE `hesk_tickets` ADD INDEX `statuses` ( `status` ) ";
$sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom1` `custom1` text NOT NULL";
$sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom2` `custom2` text NOT NULL";
$sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom3` `custom3` text NOT NULL";
$sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom4` `custom4` text NOT NULL";
$sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom5` `custom5` text NOT NULL";
$sql[] = "ALTER TABLE `hesk_tickets` ADD `custom6` text NOT NULL";
$sql[] = "ALTER TABLE `hesk_tickets` ADD `custom7` text NOT NULL";
$sql[] = "ALTER TABLE `hesk_tickets` ADD `custom8` text NOT NULL";
$sql[] = "ALTER TABLE `hesk_tickets` ADD `custom9` text NOT NULL";
$sql[] = "ALTER TABLE `hesk_tickets` ADD `custom10` text NOT NULL";
$sql[] = "ALTER TABLE `hesk_users` CHANGE `pass` `pass` CHAR( 40 ) NOT NULL";
$sql[] = "ALTER TABLE `hesk_users` CHANGE `isadmin` `isadmin` ENUM( '0', '1' ) NOT NULL DEFAULT '0'";
$sql[] = "ALTER TABLE `hesk_users` CHANGE `notify` `notify` ENUM( '0', '1' ) NOT NULL DEFAULT '1'";
$sql[] = "ALTER TABLE `hesk_users` ADD `heskprivileges` VARCHAR( 255 ) NOT NULL";
$sql[] = "ALTER TABLE `hesk_users` ADD `ratingneg` mediumint(8) unsigned NOT NULL default '0'";
$sql[] = "ALTER TABLE `hesk_users` ADD `ratingpos` mediumint(8) unsigned NOT NULL default '0'";
$sql[] = "ALTER TABLE `hesk_users` ADD `rating` float NOT NULL default '0'";
$sql[] = "ALTER TABLE `hesk_users` ADD `replies` mediumint(8) unsigned NOT NULL default '0'";
$sql[] = "ALTER TABLE `hesk_std_replies` CHANGE `title` `title` VARCHAR( 100 ) NOT NULL";
foreach ($sql as $s) {
hesk_dbQuery($s);
}
// Update passwords to the new type and hesk privileges for non-admins */
$res = hesk_dbQuery('SELECT `id`,`pass`,`isadmin` FROM `hesk_users` ORDER BY `id` ASC');
$sql = array();
while ($row = hesk_dbFetchAssoc($res)) {
$new_pass = hesk_Pass2Hash($row['pass']);
$s = "UPDATE `hesk_users` SET `pass`='" . hesk_dbEscape($new_pass) . "' ";
if ($row['isadmin'] == 0) {
$s .= ", `heskprivileges`='can_view_tickets,can_reply_tickets,can_change_cat,' ";
}
$s .= "WHERE `id`=" . intval($row['id']);
$sql[] = $s;
}
foreach ($sql as $s) {
hesk_dbQuery($s);
}
$update_all_next = 1;
}
// END version 0.94.1 to 2.0
// Updating version 2.0 to 2.1
if ($update_all_next || $hesk_settings['update_from'] == '2.0') {
hesk_dbQuery("CREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (\r\n\t\t `att_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,\r\n\t\t `saved_name` varchar(255) NOT NULL DEFAULT '',\r\n\t\t `real_name` varchar(255) NOT NULL DEFAULT '',\r\n\t\t `size` int(10) unsigned NOT NULL DEFAULT '0',\r\n\t\t PRIMARY KEY (`att_id`)\r\n\t\t) ENGINE=MyISAM");
$sql = array();
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` ADD `attachments` TEXT NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom11` text NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom12` text NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom13` text NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom14` text NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom15` text NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom16` text NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom17` text NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom18` text NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom19` text NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom20` text NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `afterreply` ENUM( '0', '1', '2' ) NOT NULL DEFAULT '0' AFTER `categories`";
foreach ($sql as $s) {
hesk_dbQuery($s);
}
$update_all_next = 1;
}
// END version 2.0 to 2.1
// Updating version 2.1 to 2.2
if ($update_all_next || $hesk_settings['update_from'] == '2.1') {
hesk_dbQuery("\r\n\t\tCREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (\r\n\t\t `id` int(10) unsigned NOT NULL AUTO_INCREMENT,\r\n\t\t `from` smallint(5) unsigned NOT NULL,\r\n\t\t `to` smallint(5) unsigned NOT NULL,\r\n\t\t `subject` varchar(255) NOT NULL,\r\n\t\t `message` text NOT NULL,\r\n\t\t `dt` datetime NOT NULL,\r\n\t\t `read` enum('0','1') NOT NULL DEFAULT '0',\r\n\t\t `deletedby` smallint(5) unsigned NOT NULL DEFAULT '0',\r\n\t\t PRIMARY KEY (`id`),\r\n\t\t KEY `recipients` (`from`,`to`)\r\n\t\t) ENGINE=MyISAM\r\n\t\t");
$sql = array();
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `replierid` SMALLINT UNSIGNED NULL AFTER `lastreplier`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `owner` SMALLINT UNSIGNED NOT NULL DEFAULT '0' AFTER `status`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `locked` ENUM( '0', '1' ) NOT NULL DEFAULT '0' AFTER `archive`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `history` TEXT NOT NULL AFTER `attachments`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` CHANGE `notify` `notify_new_unassigned` ENUM( '0', '1' ) NOT NULL DEFAULT '1'";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_new_my` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_new_unassigned`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_reply_unassigned` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_new_my`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_reply_my` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_reply_unassigned`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_assigned` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_reply_my`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_pm` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_assigned`";
$sql[] = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `categories` = TRIM(TRAILING ',' FROM `categories`)";
$sql[] = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges` = TRIM(TRAILING ',' FROM `heskprivileges`)";
foreach ($sql as $s) {
hesk_dbQuery($s);
}
// Update privileges - anyone can assign ticket to himself/herself by default
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges`=CONCAT(`heskprivileges`,',can_assign_self') WHERE `isadmin`!='1' ");
$update_all_next = 1;
}
// END version 2.1 to 2.2
// Updating version 2.2 to 2.3
if ($update_all_next || $hesk_settings['update_from'] == '2.2') {
// Logins table
hesk_dbQuery("\r\n\t\tCREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` (\r\n\t\t `ip` varchar(46) NOT NULL,\r\n\t\t `number` tinyint(3) unsigned NOT NULL DEFAULT '1',\r\n\t\t `last_attempt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\r\n\t\t UNIQUE KEY `ip` (`ip`)\r\n\t\t) ENGINE=MyISAM\r\n\t\t");
// Online table
hesk_dbQuery("\r\n\t\tCREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "online` (\r\n\t\t `user_id` smallint(5) unsigned NOT NULL,\r\n\t\t `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\r\n\t\t `tmp` int(11) unsigned NOT NULL DEFAULT '0',\r\n\t\t UNIQUE KEY `user_id` (`user_id`),\r\n\t\t KEY `dt` (`dt`)\r\n\t\t) ENGINE=MyISAM\r\n\t\t");
$sql = array();
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `trackid` `trackid` VARCHAR( 13 ) NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `priority` `priority` ENUM( '0', '1', '2', '3' ) NOT NULL DEFAULT '3'";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `status` `status` ENUM('0','1','2','3','4','5') NOT NULL DEFAULT '0'";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `ip` `ip` VARCHAR( 46 ) NOT NULL DEFAULT ''";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `lastchange` `lastchange` TIMESTAMP on update CURRENT_TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `email` `email` VARCHAR(255) NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD INDEX (`owner`) ";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` CHANGE `heskprivileges` `heskprivileges` TEXT NOT NULL";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `autoassign` ENUM('0','1') NOT NULL DEFAULT '1' AFTER `notify_pm`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `default_list` VARCHAR( 255) NOT NULL DEFAULT '' AFTER `notify_pm`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD INDEX (`autoassign`) ";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` CHANGE `ticket_id` `ticket_id` VARCHAR(13) NOT NULL DEFAULT ''";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` CHANGE `replyto` `replyto` MEDIUMINT(8) UNSIGNED NOT NULL DEFAULT '0'";
foreach ($sql as $s) {
hesk_dbQuery($s);
}
// Update staff with new permissions (allowed by default)
$res = hesk_dbQuery("SELECT `id`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `isadmin` != '1' ");
while ($row = hesk_dbFetchAssoc($res)) {
// Not admin, is user allowed to view tickets?
if (strpos($row['heskprivileges'], 'can_view_tickets') !== false) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges`=CONCAT(`heskprivileges`,',can_view_unassigned,can_view_online') WHERE `id`=" . intval($row['id']) . " LIMIT 1");
} else {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges`=CONCAT(`heskprivileges`,',can_view_online') WHERE `id`=" . intval($row['id']) . " LIMIT 1");
}
}
$update_all_next = 1;
}
// END version 2.2 to 2.3
// Updating version 2.3 to 2.4
if ($update_all_next || $hesk_settings['update_from'] == '2.3') {
// Email loops table
hesk_dbQuery("\r\n\t\tCREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` (\r\n\t\t `email` varchar(255) CHARACTER SET latin1 NOT NULL,\r\n\t\t `hits` smallint(1) unsigned NOT NULL DEFAULT '0',\r\n\t\t `message_hash` char(32) NOT NULL,\r\n\t\t `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\r\n\t\t KEY `email` (`email`,`hits`)\r\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci\r\n\t\t");
$sql = array();
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "online` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `language` VARCHAR(50) NULL DEFAULT NULL AFTER `ip`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `merged` MEDIUMTEXT NOT NULL AFTER `attachments`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `time_worked` TIME NOT NULL DEFAULT '00:00:00' AFTER `owner`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `status` `status` ENUM( '0', '1', '2', '3', '4', '5' ) NOT NULL DEFAULT '0'";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `language` VARCHAR(50) NULL DEFAULT NULL AFTER `signature`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_note` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_pm`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `autostart` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `afterreply`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ADD `autoassign` ENUM( '0', '1' ) NOT NULL DEFAULT '1', ADD `type` ENUM( '0', '1' ) NOT NULL DEFAULT '0', ADD INDEX ( `type` )";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` ADD `keywords` MEDIUMTEXT NOT NULL AFTER `content`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` ADD `sticky` ENUM( '0', '1' ) NOT NULL DEFAULT '0' AFTER `html` , ADD INDEX ( `sticky` )";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` DROP INDEX `subject` , ADD FULLTEXT `subject` (`subject` , `content` , `keywords`)";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` ADD `read` ENUM( '0', '1' ) NOT NULL DEFAULT '1'";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` CHANGE `read` `read` ENUM( '0', '1' ) NOT NULL DEFAULT '0'";
foreach ($sql as $s) {
hesk_dbQuery($s);
}
// Update staff with new permissions (allowed by default)
$res = hesk_dbQuery("SELECT `id`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `isadmin` != '1' ");
while ($row = hesk_dbFetchAssoc($res)) {
// Not admin, is user allowed to view tickets?
if (strpos($row['heskprivileges'], 'can_edit_tickets') !== false) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges`=CONCAT(`heskprivileges`,',can_merge_tickets') WHERE `id`=" . intval($row['id']) . " LIMIT 1");
}
}
$update_all_next = 1;
}
// END version 2.3 to 2.4
// Upgrade version 2.4.x to 2.5.0
if ($update_all_next || $hesk_settings['update_from'] == '2.4') {
$sql = array();
// Make sure the 2.4 to 2.4.1 change is made
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` CHANGE `hits` `hits` SMALLINT( 1 ) UNSIGNED NOT NULL DEFAULT '0' ";
// 2.4.2 to 2.5.0 specific changes
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` CHANGE `articles` `articles` SMALLINT( 5 ) UNSIGNED NOT NULL DEFAULT '0'";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` ADD `articles_private` SMALLINT UNSIGNED NOT NULL DEFAULT '0' AFTER `articles` , ADD `articles_draft` SMALLINT UNSIGNED NOT NULL DEFAULT '0' AFTER `articles_private`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` ADD INDEX ( `parent` )";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` DROP INDEX `recipients`";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` ADD INDEX ( `to`, `read`, `deletedby` )";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` ADD INDEX ( `from` )";
$sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` CHANGE `rating` `rating` ENUM( '0', '1', '5' ) DEFAULT '0' ";
$sql[] = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `rating` = '0' WHERE `rating` IS NULL OR `rating` = '' ";
foreach ($sql as $s) {
hesk_dbQuery($s);
}
// Update knowledgebase category article counts to reflect new fields
$update_these = array();
// Get a count of all articles grouped by category and type
$res = hesk_dbQuery('SELECT `catid`, `type`, COUNT(*) AS `num` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'kb_articles` GROUP BY `catid`, `type`');
while ($row = hesk_dbFetchAssoc($res)) {
switch ($row['type']) {
case 0:
$update_these[$row['catid']]['articles'] = $row['num'];
break;
case 1:
$update_these[$row['catid']]['articles_private'] = $row['num'];
break;
default:
$update_these[$row['catid']]['articles_draft'] = $row['num'];
}
}
// Set all article counts to 0
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=0, `articles_private`=0, `articles_draft`=0");
// Now update categories that have articles with correct values
foreach ($update_these as $catid => $value) {
$value['articles'] = isset($value['articles']) ? $value['articles'] : 0;
$value['articles_private'] = isset($value['articles_private']) ? $value['articles_private'] : 0;
$value['articles_draft'] = isset($value['articles_draft']) ? $value['articles_draft'] : 0;
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`={$value['articles']}, `articles_private`={$value['articles_private']}, `articles_draft`={$value['articles_draft']} WHERE `id`='{$catid}' LIMIT 1");
// Force order articles
$res = hesk_dbQuery("SELECT `id`, `sticky` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='{$catid}' ORDER BY `sticky` DESC, `art_order` ASC");
$i = 10;
$previous_sticky = 1;
while ($article = hesk_dbFetchAssoc($res)) {
if ($previous_sticky != $article['sticky']) {
$i = 10;
$previous_sticky = $article['sticky'];
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `art_order`=" . intval($i) . " WHERE `id`='" . intval($article['id']) . "' LIMIT 1");
$i += 10;
}
}
// Force order categories
$res = hesk_dbQuery('SELECT `id`, `parent` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'kb_categories` ORDER BY `parent` ASC, `cat_order` ASC');
$i = 10;
while ($category = hesk_dbFetchAssoc($res)) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($category['id']) . "' LIMIT 1");
$i += 10;
}
$update_all_next = 1;
}
// END version 2.4.0 to 2.5.0
// 2.5.1 no changes
// 2.5.2 no changes
// Insert the "HESK updated to latest version" mail for the administrator
if (file_exists(HESK_PATH . 'hesk_license.php')) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`id`, `from`, `to`, `subject`, `message`, `dt`, `read`, `deletedby`) VALUES (NULL, 9999, 1, 'HESK updated to latest version', '<div style=\"text-align:justify;padding:3px\">\r\n\r\n<p><i>Congratulations, your HESK has been updated to the latest version!</i><br /> </p>\r\n\r\n<p style=\"color:green;font-weight:bold\">» Enjoy using HESK? Please let others know!</p>\r\n\r\n<p>You are invited to rate HESK or even write a short review here:<br /> <br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://www.hotscripts.com/Detailed/46973.html\" target=\"_blank\">Rate this script @ Hot Scripts</a><br /> <br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://php.resourceindex.com/detail/04946.html\" target=\"_blank\">Rate this script @ The PHP Resource Index</a><br /> </p>\r\n\r\n<p>Thank you,<br /> <br />Klemen,<br />\r\n<a href=\"http://www.hesk.com/\" target=\"_blank\">www.hesk.com</a>\r\n\r\n<p> </p>', NOW(), '0', 9999)");
} else {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`id`, `from`, `to`, `subject`, `message`, `dt`, `read`, `deletedby`) VALUES (NULL, 9999, 1, 'HESK updated to latest version', '<div style=\"text-align:justify;padding:3px\">\r\n\r\n<p><i>Congratulations, your HESK has been updated to the latest version!</i><br /> </p>\r\n\r\n<p style=\"color:green;font-weight:bold\">» Enjoy using HESK? Please let others know!</p>\r\n\r\n<p>You are invited to rate HESK or even write a short review here:<br /> <br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://www.hotscripts.com/Detailed/46973.html\" target=\"_blank\">Rate this script @ Hot Scripts</a><br /> <br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://php.resourceindex.com/detail/04946.html\" target=\"_blank\">Rate this script @ The PHP Resource Index</a><br /> </p>\r\n\r\n<p style=\"color:green;font-weight:bold\">» Support HESK development, buy a license.</p>\r\n\r\n<p>A lot of time and effort went into developing HESK. Support me by purchasing a license that removes "Powered by" credits from your help desk!<br /> <br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"https://www.hesk.com/buy.php\" target=\"_blank\">Buy a HESK license</a><br /> </p>\r\n\r\n<p>Thank you,<br /> <br />Klemen,<br />\r\n<a href=\"http://www.hesk.com/\" target=\"_blank\">www.hesk.com</a>\r\n\r\n<p> </p>', NOW(), '0', 9999)");
}
return true;
}
function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php')
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = '';
$myuser['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_real_name'] . '</li>';
$myuser['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '<li>' . $hesklang['enter_valid_email'] . '</li>';
$myuser['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
$myuser['isadmin'] = empty($_POST['isadmin']) ? 0 : 1;
$myuser['signature'] = hesk_input(hesk_POST('signature'));
$myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
/* If it's not admin at least one category and fature is required */
$myuser['categories'] = array();
$myuser['features'] = array();
if ($myuser['isadmin'] == 0) {
if (empty($_POST['categories']) || !is_array($_POST['categories'])) {
$hesk_error_buffer .= '<li>' . $hesklang['asign_one_cat'] . '</li>';
} else {
foreach ($_POST['categories'] as $tmp) {
if (is_array($tmp)) {
continue;
}
if ($tmp = intval($tmp)) {
$myuser['categories'][] = $tmp;
}
}
}
if (empty($_POST['features']) || !is_array($_POST['features'])) {
$hesk_error_buffer .= '<li>' . $hesklang['asign_one_feat'] . '</li>';
} else {
foreach ($_POST['features'] as $tmp) {
if (in_array($tmp, $hesk_settings['features'])) {
$myuser['features'][] = $tmp;
}
}
}
}
if (strlen($myuser['signature']) > 255) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
/* Password */
$myuser['cleanpass'] = '';
$newpass = hesk_input(hesk_POST('newpass'));
$passlen = strlen($newpass);
if ($pass_required || $passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2 = hesk_input(hesk_POST('newpass2'));
if ($newpass != $newpass2) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$myuser['pass'] = hesk_Pass2Hash($newpass);
$myuser['cleanpass'] = $newpass;
}
}
}
/* Save entered info in session so we don't loose it in case of errors */
$_SESSION['userdata'] = $myuser;
/* Any errors */
if (strlen($hesk_error_buffer)) {
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, $redirect_to);
}
return $myuser;
}
function hesk_autoLogin($noredirect = 0)
{
global $hesk_settings, $hesklang, $hesk_db_link;
if (!$hesk_settings['autologin']) {
return false;
}
$user = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
$hash = hesk_htmlspecialchars(hesk_COOKIE('hesk_p'));
define('HESK_USER', $user);
if (empty($user) || empty($hash)) {
return false;
}
/* Login cookies exist, now lets limit brute force attempts */
hesk_limitBfAttempts();
/* Check username */
$result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login¬ice=1');
exit;
}
$res = hesk_dbFetchAssoc($result);
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check password */
if ($hash != hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass'])) {
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login¬ice=1');
exit;
}
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Get allowed categories */
if (empty($_SESSION['isadmin'])) {
$_SESSION['categories'] = explode(',', $_SESSION['categories']);
}
/* Renew cookies */
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$hash}", strtotime('+1 year'));
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
$dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
}
/* If session expired while a HESK page is open just continue using it, don't redirect */
if ($noredirect) {
return true;
}
/* Redirect to the destination page */
if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) {
$url = str_replace('&', '&', $url);
header('Location: ' . $url);
} else {
header('Location: admin_main.php');
}
exit;
}
<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', './');
include "inc/database.inc.php";
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
/*echo "Po lidhemi me databazen <br/>";*/
session_start();
hesk_dbConnect();
$myuser = addslashes($_POST['user']);
$mypassword = hesk_Pass2Hash(addslashes($_POST['pass']));
$msg = '';
if (isset($myuser, $mypassword)) {
//email and password sent from form
$myuser = stripslashes($myuser);
$mypassword = stripslashes($mypassword);
$myuser = mysql_real_escape_string($myuser);
$mypassword = mysql_real_escape_string($mypassword);
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "clients` WHERE `user` = '" . hesk_dbEscape($myuser) . "' AND `pass` = '" . hesk_dbEscape($mypassword) . "' LIMIT 1");
$id = mysql_fetch_assoc($result);
$count = mysql_num_rows($result);
//If result matched $myemail and $mypassword, table row must be 1 row
if ($count == 1) {
if ($id['active'] == '0') {
$msg = $hesklang['account_deactivated'];
$_SESSION['message'] = $msg;
header("location:http://localhost/support/");
} else {
session_start();
function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php')
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = '';
$myuser['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_real_name'] . '</li>';
$myuser['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '<li>' . $hesklang['enter_valid_email'] . '</li>';
$myuser['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
$myuser['isadmin'] = empty($_POST['isadmin']) ? 0 : 1;
$myuser['signature'] = hesk_input(hesk_POST('signature'));
$myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
/* If it's not admin at least one category and fature is required */
$myuser['categories'] = array();
$myuser['features'] = array();
if ($myuser['isadmin'] == 0) {
if (empty($_POST['categories']) || !is_array($_POST['categories'])) {
$hesk_error_buffer .= '<li>' . $hesklang['asign_one_cat'] . '</li>';
} else {
foreach ($_POST['categories'] as $tmp) {
if (is_array($tmp)) {
continue;
}
if ($tmp = intval($tmp)) {
$myuser['categories'][] = $tmp;
}
}
}
if (empty($_POST['features']) || !is_array($_POST['features'])) {
$hesk_error_buffer .= '<li>' . $hesklang['asign_one_feat'] . '</li>';
} else {
foreach ($_POST['features'] as $tmp) {
if (in_array($tmp, $hesk_settings['features'])) {
$myuser['features'][] = $tmp;
}
}
}
}
if (strlen($myuser['signature']) > 1000) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
/* Password */
$myuser['cleanpass'] = '';
$newpass = hesk_input(hesk_POST('newpass'));
$passlen = strlen($newpass);
if ($pass_required || $passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2 = hesk_input(hesk_POST('newpass2'));
if ($newpass != $newpass2) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$myuser['pass'] = hesk_Pass2Hash($newpass);
$myuser['cleanpass'] = $newpass;
}
}
}
/* After reply */
$myuser['afterreply'] = intval(hesk_POST('afterreply'));
if ($myuser['afterreply'] != 1 && $myuser['afterreply'] != 2) {
$myuser['afterreply'] = 0;
}
// Defaults
$myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0;
$myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
$myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
$myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
/* Notifications */
$myuser['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) ? 0 : 1;
$myuser['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$myuser['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) ? 0 : 1;
$myuser['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$myuser['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$myuser['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$myuser['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
/* Save entered info in session so we don't loose it in case of errors */
$_SESSION['userdata'] = $myuser;
/* Any errors */
if (strlen($hesk_error_buffer)) {
if ($myuser['isadmin']) {
// Preserve default staff data for the form
global $default_userdata;
$_SESSION['userdata']['features'] = $default_userdata['features'];
$_SESSION['userdata']['categories'] = $default_userdata['categories'];
}
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, $redirect_to);
}
// "can_unban_emails" feature also enables "can_ban_emails"
if (in_array('can_unban_emails', $myuser['features']) && !in_array('can_ban_emails', $myuser['features'])) {
$myuser['features'][] = 'can_ban_emails';
}
return $myuser;
}
function update_profile()
{
global $hesk_settings, $hesklang, $can_view_unassigned;
/* A security check */
hesk_token_check('POST');
$sql_pass = '';
$sql_username = '';
$hesk_error_buffer = '';
$newvar['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
$newvar['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
$newvar['new']['signature'] = hesk_input(hesk_POST('signature'));
$newvar['new']['user'] = hesk_input(hesk_POST('user'));
$newvar['new']['address'] = hesk_input(hesk_POST('address'));
$newvar['new']['phonenumber'] = hesk_input(hesk_POST('phonenumber'));
$newvar['new']['poz_detyres'] = hesk_input(hesk_POST('poz_detyres'));
/* Signature */
if (strlen($newvar['new']['signature']) > 1000) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
$sql_username = "******" . hesk_dbEscape($newvar['new']['user']) . "'";
/* Change password? */
$newpass_cl = hesk_input(hesk_POST('newpass_cl'));
$passlen = strlen($newpass_cl);
if ($passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2_cl = hesk_input(hesk_POST('newpass2_cl'));
if ($newpass_cl != $newpass2_cl) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$v = hesk_Pass2Hash($newpass_cl);
if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
define('WARN_PASSWORD', true);
}
$sql_pass = '******'' . $v . '\'';
}
}
}
$id = hesk_input(hesk_POST('userid'));
/* Any errors? */
if (strlen($hesk_error_buffer)) {
/* Process the session variables */
$newvar['new'] = hesk_stripArray($newvar['new']);
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
//hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
}
//else
//{
$query = "UPDATE " . hesk_dbEscape($hesk_settings['db_pfix']) . "clients SET \n\t\t\tname='" . hesk_dbEscape($newvar['new']['name']) . "', \n\t\t\temail='" . hesk_dbEscape($newvar['new']['email']) . "', \n\t\t\tuser='******'new']['user']) . "',\n\t\t\taddress='" . hesk_dbEscape($newvar['new']['address']) . "',\n\t\t\tphonenumber='" . hesk_dbEscape($newvar['new']['phonenumber']) . "',\n\t\t\tpoz_detyres='" . hesk_dbEscape($newvar['new']['poz_detyres']) . "',\n\t\t\tsignature='" . hesk_dbEscape($newvar['new']['signature']) . "'\n\t\t\t{$sql_pass}\n\t\t\tWHERE id=" . $id . " LIMIT 1";
/* Update database */
$result = hesk_dbQuery($query);
/* Process the session variables */
$newvar['new'] = hesk_stripArray($newvar['new']);
$tmp = $_SESSION['id']['id'];
$_SESSION['id'] = $newvar['new'];
$_SESSION['id']['id'] = $tmp;
/* Update session variables */
/*foreach ($newvar['new'] as $k => $v)
{
$_SESSION[$k] = $v;
}*/
unset($newvar['new']);
hesk_cleanSessionVars('as_notify');
hesk_process_messages($hesklang['profile_updated_success'], 'client_profile.php', 'SUCCESS');
// }
}