function do_login() { global $hesk_settings, $hesklang; $hesk_error_buffer = array(); $user = hesk_input(hesk_POST('user')); if (empty($user)) { $myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username']; $hesk_error_buffer['user'] = $myerror; } define('HESK_USER', $user); $pass = hesk_input(hesk_POST('pass')); if (empty($pass)) { $hesk_error_buffer['pass'] = $hesklang['enter_pass']; } if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) { // Using ReCaptcha? if ($hesk_settings['recaptcha_use']) { require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php'; $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', '')); if ($resp->is_valid) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error']; } } else { $mysecnum = intval(hesk_POST('mysecnum', 0)); if (empty($mysecnum)) { $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss']; } else { require HESK_PATH . 'inc/secimg.inc.php'; $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']); if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng']; } } } } /* Any missing fields? */ if (count($hesk_error_buffer) != 0) { $_SESSION['a_iserror'] = array_keys($hesk_error_buffer); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "<li>{$error}</li>\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); print_login(); exit; } elseif (isset($_SESSION['img_a_verified'])) { unset($_SESSION['img_a_verified']); } /* User entered all required info, now lets limit brute force attempts */ hesk_limitBfAttempts(); $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_session_stop(); $_SESSION['a_iserror'] = array('user', 'pass'); hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT'); print_login(); exit; } $res = hesk_dbFetchAssoc($result); foreach ($res as $k => $v) { $_SESSION[$k] = $v; } /* Check password */ if (hesk_Pass2Hash($pass) != $_SESSION['pass']) { hesk_session_stop(); $_SESSION['a_iserror'] = array('pass'); hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT'); print_login(); exit; } $pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']); /* Check if default password */ if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') { hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE'); } unset($_SESSION['pass']); /* Login successful, clean brute force attempts */ hesk_cleanBfAttempts(); /* Regenerate session ID (security) */ hesk_session_regenerate_id(); /* Remember username? */ if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') { setcookie('hesk_username', "{$user}", strtotime('+1 year')); setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year')); } elseif (hesk_POST('remember_user') == 'JUSTUSER') { setcookie('hesk_username', "{$user}", strtotime('+1 year')); setcookie('hesk_p', ''); } else { // Expire cookie if set otherwise setcookie('hesk_username', ''); setcookie('hesk_p', ''); } /* Close any old tickets here so Cron jobs aren't necessary */ if ($hesk_settings['autoclose']) { $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape(date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400)) . "'"); } /* Redirect to the destination page */ if (hesk_isREQUEST('goto')) { $url = hesk_REQUEST('goto'); $url = str_replace('&', '&', $url); /* goto parameter can be set to the local domain only */ $myurl = parse_url($hesk_settings['hesk_url']); $goto = parse_url($url); if (isset($myurl['host']) && isset($goto['host'])) { if (str_replace('www.', '', strtolower($myurl['host'])) != str_replace('www.', '', strtolower($goto['host']))) { $url = 'admin_main.php'; } } header('Location: ' . $url); } else { header('Location: admin_main.php'); } exit; }
function hesk_newTicket($ticket) { global $hesk_settings, $hesklang, $hesk_db_link; // If language is not set or default, set it to NULL $language = !$hesk_settings['can_sel_lang'] || $hesklang['LANGUAGE'] == HESK_DEFAULT_LANGUAGE ? "NULL" : "'" . hesk_dbEscape($hesklang['LANGUAGE']) . "'"; // Insert ticket into database hesk_dbQuery("\n\tINSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets`\n\t(\n\t\t`trackid`,\n\t\t`name`,\n\t\t`email`,\n\t\t`category`,\n\t\t`company_ticket_id`,\n\t\t`contract_ticket_id`,\n\t\t`priority`,\n\t\t`subject`,\n\t\t`message`,\n\t\t`dt`,\n\t\t`lastchange`,\n\t\t`articles`,\n\t\t`ip`,\n\t\t`language`,\n\t\t`openedby`,\n\t\t`owner`,\n\t\t`attachments`,\n\t\t`merged`,\n\t\t`history`,\n\t\t`custom1`,\n\t\t`custom2`,\n\t\t`custom3`,\n\t\t`custom4`,\n\t\t`custom5`,\n\t\t`custom6`,\n\t\t`custom7`,\n\t\t`custom8`,\n\t\t`custom9`,\n\t\t`custom10`,\n\t\t`custom11`,\n\t\t`custom12`,\n\t\t`custom13`,\n\t\t`custom14`,\n\t\t`custom15`,\n\t\t`custom16`,\n\t\t`custom17`,\n\t\t`custom18`,\n\t\t`custom19`,\n\t\t`custom20`\n\t)\n\tVALUES\n\t(\n\t\t'" . hesk_dbEscape($ticket['trackid']) . "',\n\t\t'" . hesk_dbEscape($ticket['name']) . "',\n\t\t'" . hesk_dbEscape($ticket['email']) . "',\n\t\t'" . intval($ticket['category']) . "',\n\t\t'" . hesk_dbEscape($ticket['company_ticket_id']) . "',\n\t\t'" . hesk_dbEscape($ticket['contract_ticket_id']) . "',\n\t\t'" . intval($ticket['priority']) . "',\n\t\t'" . hesk_dbEscape($ticket['subject']) . "',\n\t\t'" . hesk_dbEscape($ticket['message']) . "',\n\t\tNOW(),\n\t\tNOW(),\n\t\t" . (isset($ticket['articles']) ? "'{$ticket['articles']}'" : 'NULL') . ",\n\t\t'" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "',\n\t\t{$language},\n\t\t'" . (isset($ticket['openedby']) ? intval($ticket['openedby']) : 0) . "',\n\t\t'" . intval($ticket['owner']) . "',\n\t\t'" . hesk_dbEscape($ticket['attachments']) . "',\n\t\t'',\n\t\t'" . hesk_dbEscape($ticket['history']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom1']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom2']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom3']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom4']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom5']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom6']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom7']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom8']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom9']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom10']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom11']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom12']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom13']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom14']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom15']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom16']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom17']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom18']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom19']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom20']) . "'\n\t)\n\t"); // Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => 0, 'name' => $ticket['name'], 'lastreplier' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date(), 'lastchange' => hesk_date(), 'id' => hesk_dbInsertID()); // Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } return hesk_ticketToPlain($info, 1); }
function hesk_newTicket($ticket, $isVerified = true) { global $hesk_settings, $hesklang, $hesk_db_link; // If language is not set or default, set it to NULL. if (!isset($ticket['language']) || empty($ticket['language'])) { $language = !$hesk_settings['can_sel_lang'] ? HESK_DEFAULT_LANGUAGE : hesk_dbEscape($hesklang['LANGUAGE']); } else { $language = $ticket['language']; } // Get the default ticket status for new tickets and set it accordingly $defaultNewTicketRs = hesk_dbQuery("SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsNewTicketStatus` = 1"); $defaultNewTicket = hesk_dbFetchAssoc($defaultNewTicketRs); $ticket['status'] = $defaultNewTicket['ID']; $tableName = $isVerified ? 'tickets' : 'stage_tickets'; // Insert ticket into database hesk_dbQuery("\n\tINSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . $tableName . "`\n\t(\n\t\t`trackid`,\n\t\t`name`,\n\t\t`email`,\n\t\t`category`,\n\t\t`priority`,\n\t\t`subject`,\n\t\t`message`,\n\t\t`dt`,\n\t\t`lastchange`,\n\t\t`articles`,\n\t\t`ip`,\n\t\t`language`,\n\t\t`openedby`,\n\t\t`owner`,\n\t\t`attachments`,\n\t\t`merged`,\n\t\t`history`,\n\t\t`custom1`,\n\t\t`custom2`,\n\t\t`custom3`,\n\t\t`custom4`,\n\t\t`custom5`,\n\t\t`custom6`,\n\t\t`custom7`,\n\t\t`custom8`,\n\t\t`custom9`,\n\t\t`custom10`,\n\t\t`custom11`,\n\t\t`custom12`,\n\t\t`custom13`,\n\t\t`custom14`,\n\t\t`custom15`,\n\t\t`custom16`,\n\t\t`custom17`,\n\t\t`custom18`,\n\t\t`custom19`,\n\t\t`custom20`,\n\t\t`status`,\n\t\t`latitude`,\n\t\t`longitude`\n\t)\n\tVALUES\n\t(\n\t\t'" . hesk_dbEscape($ticket['trackid']) . "',\n\t\t'" . hesk_dbEscape($ticket['name']) . "',\n\t\t'" . hesk_dbEscape($ticket['email']) . "',\n\t\t'" . intval($ticket['category']) . "',\n\t\t'" . intval($ticket['priority']) . "',\n\t\t'" . hesk_dbEscape($ticket['subject']) . "',\n\t\t'" . hesk_dbEscape($ticket['message']) . "',\n\t\tNOW(),\n\t\tNOW(),\n\t\t" . (isset($ticket['articles']) ? "'{$ticket['articles']}'" : 'NULL') . ",\n\t\t'" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "',\n\t\t'" . hesk_dbEscape($language) . "',\n\t\t'" . (isset($ticket['openedby']) ? intval($ticket['openedby']) : 0) . "',\n\t\t'" . intval($ticket['owner']) . "',\n\t\t'" . hesk_dbEscape($ticket['attachments']) . "',\n\t\t'',\n\t\t'" . hesk_dbEscape($ticket['history']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom1']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom2']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom3']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom4']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom5']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom6']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom7']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom8']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom9']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom10']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom11']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom12']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom13']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom14']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom15']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom16']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom17']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom18']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom19']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom20']) . "',\n\t\t'" . intval($ticket['status']) . "',\n\t\t'" . hesk_dbEscape($ticket['latitude']) . "',\n\t\t'" . hesk_dbEscape($ticket['longitude']) . "'\n\t)\n\t"); // Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date(), 'lastchange' => hesk_date(), 'id' => hesk_dbInsertID(), 'language' => $language); // Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } return hesk_ticketToPlain($info, 1); }
function do_login() { global $hesk_settings, $hesklang; $hesk_error_buffer = array(); $user = hesk_input(hesk_POST('user')); if (empty($user)) { $myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username']; $hesk_error_buffer['user'] = $myerror; } define('HESK_USER', $user); $pass = hesk_input(hesk_POST('pass')); if (empty($pass)) { $hesk_error_buffer['pass'] = $hesklang['enter_pass']; } if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) { // Using ReCaptcha? if ($hesk_settings['recaptcha_use'] == 1) { require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php'; $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', '')); if ($resp->is_valid) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error']; } } elseif ($hesk_settings['recaptcha_use'] == 2) { require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php'; $resp = null; $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']); // Was there a reCAPTCHA response? if (isset($_POST["g-recaptcha-response"])) { $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response")); } if ($resp != null && $resp->success) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error']; } } else { $mysecnum = intval(hesk_POST('mysecnum', 0)); if (empty($mysecnum)) { $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss']; } else { require HESK_PATH . 'inc/secimg.inc.php'; $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']); if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng']; } } } } /* Any missing fields? */ if (count($hesk_error_buffer) != 0) { $_SESSION['a_iserror'] = array_keys($hesk_error_buffer); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "<li>{$error}</li>\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); print_login(); exit; } elseif (isset($_SESSION['img_a_verified'])) { unset($_SESSION['img_a_verified']); } /* User entered all required info, now lets limit brute force attempts */ hesk_limitBfAttempts(); $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_session_stop(); $_SESSION['a_iserror'] = array('user', 'pass'); hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT'); print_login(); exit; } $res = hesk_dbFetchAssoc($result); foreach ($res as $k => $v) { $_SESSION[$k] = $v; } /* Check password */ if (hesk_Pass2Hash($pass) != $_SESSION['pass']) { hesk_session_stop(); $_SESSION['a_iserror'] = array('pass'); hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT'); print_login(); exit; } $pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']); /* Check if default password */ if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') { hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE'); } // Set a tag that will be used to expire sessions after username or password change $_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']); // We don't need the password hash anymore unset($_SESSION['pass']); /* Login successful, clean brute force attempts */ hesk_cleanBfAttempts(); /* Make sure our user is active */ if (!$_SESSION['active']) { hesk_session_stop(); $_SESSION['a_iserror'] = array('active'); hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT'); print_login(); exit; } /* Regenerate session ID (security) */ hesk_session_regenerate_id(); /* Remember username? */ if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') { setcookie('hesk_username', "{$user}", strtotime('+1 year')); setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year')); } elseif (hesk_POST('remember_user') == 'JUSTUSER') { setcookie('hesk_username', "{$user}", strtotime('+1 year')); setcookie('hesk_p', ''); } else { // Expire cookie if set otherwise setcookie('hesk_username', ''); setcookie('hesk_p', ''); } /* Close any old tickets here so Cron jobs aren't necessary */ if ($hesk_settings['autoclose']) { $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']); $dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400); $closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1'); $closedStatus = hesk_dbFetchAssoc($closedStatusRs); // Are we allowed to close tickets in this status? if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') { // Notify customer of closed ticket? if ($hesk_settings['notify_closed']) { // Get list of tickets $result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' "); if (hesk_dbNumRows($result) > 0) { global $ticket; // Load required functions? if (!function_exists('hesk_notifyCustomer')) { require HESK_PATH . 'inc/email_functions.inc.php'; } while ($ticket = hesk_dbFetchAssoc($result)) { $ticket['dt'] = hesk_date($ticket['dt'], true); $ticket['lastchange'] = hesk_date($ticket['lastchange'], true); $ticket = hesk_ticketToPlain($ticket, 1, 0); hesk_notifyCustomer('ticket_closed'); } } } // Update ticket statuses and history in database if we're allowed to do so $defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1'); $defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs); hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' "); } } /* Redirect to the destination page */ header('Location: ' . hesk_verifyGoto()); exit; }
function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority = -1) { global $hesk_settings, $hesklang, $hesk_db_link, $ticket; // Process "Reply-To:" or "From:" email $tmpvar['email'] = isset($results['reply-to'][0]['address']) ? hesk_validateEmail($results['reply-to'][0]['address'], 'ERR', 0) : hesk_validateEmail($results['from'][0]['address'], 'ERR', 0); // Email missing, invalid or banned? if (!$tmpvar['email'] || hesk_isBannedEmail($tmpvar['email'])) { return hesk_cleanExit(); } // Process "Reply-To:" or "From:" name, convert to UTF-8, set to "[Customer]" if not set if (isset($results['reply-to'][0]['name']) && strlen($results['reply-to'][0]['name'])) { $tmpvar['name'] = $results['reply-to'][0]['name']; if (!empty($results['reply-to'][0]['encoding'])) { $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['reply-to'][0]['encoding']); } } else { $tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde']; if (!empty($results['from'][0]['encoding'])) { $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']); } } $tmpvar['name'] = hesk_input($tmpvar['name'], '', '', 1, 50) or $tmpvar['name'] = $hesklang['pde']; // Process "To:" email (not yet implemented, for future use) // $tmpvar['to_email'] = hesk_validateEmail($results['to'][0]['address'],'ERR',0); // Process email subject, convert to UTF-8, set to "[Piped email]" if none set $tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem']; if (!empty($results['subject_encoding'])) { $tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']); } $tmpvar['subject'] = hesk_input($tmpvar['subject'], '', '', 1, 70) or $tmpvar['subject'] = $hesklang['pem']; // Process email message, convert to UTF-8 $tmpvar['message'] = isset($results['message']) ? $results['message'] : ''; if (!empty($results['encoding'])) { $tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']); } $tmpvar['message'] = hesk_input($tmpvar['message'], '', '', 1); // Message missing? if (strlen($tmpvar['message']) == 0) { // Message required? Ignore this email. if ($hesk_settings['eml_req_msg']) { return hesk_cleanExit(); } // Message not required? Assign a default message $tmpvar['message'] = $hesklang['def_msg']; // Track duplicate emails based on subject $message_hash = md5($tmpvar['subject']); } else { $message_hash = md5($tmpvar['message']); } // Strip quoted reply from email $tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']); // Convert URLs to links, change newlines to <br /> $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); # For debugging purposes # die( bin2hex($tmpvar['message']) ); # die($tmpvar['message']); // Try to detect "delivery failed" and "noreply" emails - ignore if detected if (hesk_isReturnedEmail($tmpvar)) { return hesk_cleanExit(); } // Check for email loops if (hesk_isEmailLoop($tmpvar['email'], $message_hash)) { return hesk_cleanExit(); } // OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket if (preg_match('/\\[#([A-Z0-9]{3}\\-[A-Z0-9]{3}\\-[A-Z0-9]{4})\\]/', str_replace(' ', '', $tmpvar['subject']), $matches)) { // We found a possible tracking ID $tmpvar['trackid'] = $matches[1]; // Does it match one in the database? $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($tmpvar['trackid']) . "' LIMIT 1"); if (hesk_dbNumRows($res)) { $ticket = hesk_dbFetchAssoc($res); // Do email addresses match? if (strpos(strtolower($ticket['email']), strtolower($tmpvar['email'])) === false) { $tmpvar['trackid'] = ''; } // Is this ticket locked? Force create a new one if it is if ($ticket['locked']) { $tmpvar['trackid'] = ''; } } else { $tmpvar['trackid'] = ''; } } // If tracking ID is empty, generate a new one if (empty($tmpvar['trackid'])) { $tmpvar['trackid'] = hesk_createID(); $is_reply = 0; } else { $is_reply = 1; } // Process attachments $tmpvar['attachmment_notices'] = ''; $tmpvar['attachments'] = ''; $num = 0; if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) { foreach ($results['attachments'] as $k => $v) { // Clean attachment names $myatt['real_name'] = hesk_cleanFileName($v['orig_name']); // Check number of attachments, delete any over max number if ($num >= $hesk_settings['attachments']['max_number']) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n"; continue; } // Check file extension $ext = strtolower(strrchr($myatt['real_name'], ".")); if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n"; continue; } // Check file size $myatt['size'] = $v['size']; if ($myatt['size'] > $hesk_settings['attachments']['max_size']) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n"; continue; } // Generate a random file name $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789'; $tmp = $useChars[mt_rand(0, 29)]; for ($j = 1; $j < 10; $j++) { $tmp .= $useChars[mt_rand(0, 29)]; } $myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext; // Rename the temporary file rename($v['stored_name'], HESK_PATH . $hesk_settings['attach_dir'] . '/' . $myatt['saved_name']); // Insert into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; $num++; } if (strlen($tmpvar['attachmment_notices'])) { $tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'], '', '', 1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'], '', '', 1)); } } // Delete the temporary files deleteAll($results['tempdir']); // If this is a reply add a new reply if ($is_reply) { // Set last replier name to customer name $ticket['lastreplier'] = $tmpvar['name'] == $hesklang['pde'] ? $tmpvar['email'] : $tmpvar['name']; // If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff" $ticket['status'] = $ticket['status'] ? 1 : 0; // Update ticket as necessary hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); // If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened) hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' "); // Insert reply into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($ticket['lastreplier']) . "','" . hesk_dbEscape($tmpvar['message']) . "',NOW(),'" . hesk_dbEscape($tmpvar['attachments']) . "')"); // --> Prepare reply message // 1. Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($tmpvar['message']), 'attachments' => $tmpvar['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); // --> Process custom fields before sending foreach ($hesk_settings['custom_fields'] as $k => $v) { $ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : ''; } // --> If ticket is assigned just notify the owner if ($ticket['owner']) { hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my'); } else { hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'"); } return $ticket['trackid']; } // END REPLY // Not a reply, but a new ticket. Add it to the database $tmpvar['category'] = $set_category; $tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority; $_SERVER['REMOTE_ADDR'] = $hesklang['unknown']; // Auto assign tickets if aplicable $tmpvar['owner'] = 0; $tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date()); $tmpvar['openedby'] = $pop3 ? -2 : -1; $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']); #print_r($autoassign_owner); if ($autoassign_owner) { $tmpvar['owner'] = $autoassign_owner['id']; $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')'); } // Custom fields will be empty as there is no reliable way of detecting them foreach ($hesk_settings['custom_fields'] as $k => $v) { $tmpvar[$k] = ''; } // Insert ticket to database $ticket = hesk_newTicket($tmpvar); // Notify the customer if ($hesk_settings['notify_new']) { $possible_SPAM = false; // Do we need to check subject for SPAM tags? if ($hesk_settings['notify_skip_spam']) { foreach ($hesk_settings['notify_spam_tags'] as $tag) { if (strpos($tmpvar['subject'], $tag) !== false) { $possible_SPAM = true; break; } } } // SPAM tags not found or not checked, send email if ($possible_SPAM === false) { hesk_notifyCustomer(); } } // Need to notify staff? // --> From autoassign? if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) { hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you'); } elseif (!$tmpvar['owner']) { hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' "); } return $ticket['trackid']; }
function hesk_printCustomerTicketReplies() { global $hesklang, $hesk_settings, $result, $reply, $trackingID, $unread_replies; $i = $hesk_settings['new_top'] ? 0 : 1; while ($reply = hesk_dbFetchAssoc($result)) { if ($i) { $color = 'class="ticketrow"'; $i = 0; } else { $color = 'class="ticketalt"'; $i = 1; } /* Store unread reply IDs for later */ if ($reply['staffid'] && !$reply['read']) { $unread_replies[] = $reply['id']; } $reply['dt'] = hesk_date($reply['dt']); ?> <tr> <td <?php echo $color; ?> > <table border="0" cellspacing="0" cellpadding="0" width="100%"> <tr> <td valign="top"> <table border="0" cellspacing="1"> <tr> <td><?php echo $hesklang['date']; ?> :</td> <td><?php echo $reply['dt']; ?> </td> </tr> <tr> <td><?php echo $hesklang['name']; ?> :</td> <td><?php echo $reply['name']; ?> </td> </tr> </table> </td> <td style="text-align:right; vertical-align:top;"> <?php echo hesk_getCustomerButtons($i); ?> </td> </tr> </table> <p><b><?php echo $hesklang['message']; ?> :</b></p> <p><?php echo $reply['message']; ?> </p> <?php /* Attachments */ hesk_listAttachments($reply['attachments'], $i); /* Staff rating */ if ($hesk_settings['rating'] && $reply['staffid']) { if ($reply['rating'] == 1) { echo '<p class="rate">' . $hesklang['rnh'] . '</p>'; } elseif ($reply['rating'] == 5) { echo '<p class="rate">' . $hesklang['rh'] . '</p>'; } else { echo ' <div id="rating' . $reply['id'] . '" class="rate"> ' . $hesklang['r'] . ' <a href="Javascript:void(0)" onclick="Javascript:hesk_rate(\'rate.php?rating=5&id=' . $reply['id'] . '&track=' . $trackingID . '\',\'rating' . $reply['id'] . '\')">' . strtolower($hesklang['yes']) . '</a> / <a href="Javascript:void(0)" onclick="Javascript:hesk_rate(\'rate.php?rating=1&id=' . $reply['id'] . '&track=' . $trackingID . '\',\'rating' . $reply['id'] . '\')">' . strtolower($hesklang['no']) . '</a> </div> '; } } ?> </td> </tr> <?php } return $i; }
function hesk_printTicketReplies() { global $hesklang, $hesk_settings, $result, $reply, $isManager; $i = $hesk_settings['new_top'] ? 0 : 1; if ($reply === false) { return $i; } while ($reply = hesk_dbFetchAssoc($result)) { $color = 'class="ticketMessageContainer"'; $reply['dt'] = hesk_date($reply['dt'], true); ?> <div class="row ticketMessageContainer"> <div class="col-md-3 col-xs-12"> <div class="ticketName"><?php echo $reply['name']; ?> </div> </div> <div class="col-md-9 col-xs-12 pushMarginLeft"> <div class="ticketMessageTop withBorder"> <?php echo hesk_getAdminButtonsInTicket(); ?> <div class="blankSpace"></div> <p><?php echo $hesklang['date']; ?> : <?php echo $reply['dt']; ?> </p> </div> <div class="ticketMessageBottom"> <p><b><?php echo $hesklang['message']; ?> :</b></p> <p><?php echo $reply['message']; ?> </p> </div> <div class="ticketMessageTop pushMargin"> <?php hesk_listAttachments($reply['attachments'], $reply['id']); /* Staff rating */ if ($hesk_settings['rating'] && $reply['staffid']) { if ($reply['rating'] == 1) { echo '<p class="rate">' . $hesklang['rnh'] . '</p>'; } elseif ($reply['rating'] == 5) { echo '<p class="rate">' . $hesklang['rh'] . '</p>'; } } /* Show "unread reply" message? */ if ($reply['staffid'] && !$reply['read']) { echo '<p class="rate">' . $hesklang['unread'] . '</p>'; } ?> </div> </div> </div> <?php } return $i; }
:</td> <td><?php echo hesk_unhortenUrl($ticket[$k]); ?> </td> </tr> <?php } } // Close ticket head table echo '</table>'; // Print initial ticket message echo '<p>' . hesk_unhortenUrl($ticket['message']) . '</p>'; // Print replies while ($reply = hesk_dbFetchAssoc($res)) { $reply['dt'] = hesk_date($reply['dt'], true); echo ' <hr /> <table border="0"> <tr> <td>' . $hesklang['date'] . ':</td> <td>' . $reply['dt'] . '</td> </tr> <tr> <td>' . $hesklang['name'] . ':</td> <td>' . $reply['name'] . '</td> </tr> </table> <p>' . hesk_unhortenUrl($reply['message']) . '</p>
define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_reply_tickets'); hesk_checkPermission('can_edit_tickets'); /* A security check */ hesk_token_check(); /* Ticket ID */ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']); /* New archived status */ if (empty($_GET['locked'])) { $status = 0; $tmp = $hesklang['tunlock']; $revision = sprintf($hesklang['thist6'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); } else { $status = 1; $tmp = $hesklang['tlock']; $revision = sprintf($hesklang['thist5'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); } /* Update database */ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3',`locked`='{$status}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); /* Back to ticket page and show a success message */ hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
require HESK_PATH . 'inc/zip/Zip.php'; $zip = new Zip(); $zip->addLargeFile($save_to, "{$export_name}.xml"); $zip->finalize(); $zip->setZipFile($save_to_zip); } else { require HESK_PATH . 'inc/zip/pclzip.lib.php'; $zip = new PclZip($save_to_zip); $zip->add($save_to, PCLZIP_OPT_REMOVE_ALL_PATH); } // Delete XML, just leave the Zip archive hesk_unlink($save_to); // Echo memory peak usage $flush_me .= hesk_date() . " | " . sprintf($hesklang['pmem'], @memory_get_peak_usage(true) / 1048576) . "<br />\r\n"; // We're done! $flush_me .= hesk_date() . " | {$hesklang['fZIP']}<br /><br />"; $flush_me .= '<a href="' . $save_to_zip . '">' . $hesklang['ch2d'] . "</a>\n"; } else { hesk_unlink($save_to); } } /* Print header */ require_once HESK_PATH . 'inc/header.inc.php'; /* Print main manage users page */ require_once HESK_PATH . 'inc/show_admin_nav.inc.php'; ?> </td> </tr> <tr> <td>
function hesk_show_kb_article($artid) { global $hesk_settings, $hesklang, $article; // Print header $hesk_settings['tmp_title'] = $article['subject']; hesk_kb_header($hesk_settings['kb_link'], $article['catid']); // Update views by 1 hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1"); echo '<h3>' . $article['subject'] . '</h3> <div class="footerWithBorder blankSpace"></div> <h4>' . $hesklang['as'] . '</h4> ' . $article['content']; if (!empty($article['attachments'])) { echo '<p><b>' . $hesklang['attachments'] . ':</b><br />'; $att = explode(',', substr($article['attachments'], 0, -1)); foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); echo '<i class="fa fa-papercip"></i> <a href="../download_attachment.php?kb_att=' . $att_id . '" rel="nofollow">' . $att_name . '</a><br />'; } echo '</p>'; } if ($article['catid'] == 1) { $link = 'knowledgebase_private.php'; } else { $link = 'knowledgebase_private.php?category=' . $article['catid']; } ?> <br><br> <div class="row"> <?php $showRelated = false; $column = 'col-md-12'; require HESK_PATH . 'inc/mail/email_parser.php'; $query = hesk_dbEscape($article['subject'] . ' ' . convert_html_to_text($article['content'])); // Get relevant articles from the database $res = hesk_dbQuery("SELECT `id`, `subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT " . intval($hesk_settings['kb_related'] + 1)); // Array with related articles $related_articles = array(); while ($related = hesk_dbFetchAssoc($res)) { // Get base match score from the first (this) article if (!isset($base_score)) { $base_score = $related['score']; } // Ignore this article if ($related['id'] == $artid) { continue; } // Stop when articles reach less than 10% of base score if ($related['score'] / $base_score < 0.1) { break; } // This is a valid related article $related_articles[$related['id']] = $related['subject']; } // Print related articles if we have any valid matches if (count($related_articles)) { $column = 'col-md-6'; $showRelated = true; } ?> <div class="<?php echo $column; ?> col-sm-12"> <h4><?php echo $hesklang['ad']; ?> </h4> <div class="footerWithBorder blankSpace"></div> <table border="0"> <tr> <td><?php echo $hesklang['aid']; ?> : </td> <td><?php echo $article['id']; ?> </td> </tr> <tr> <td><?php echo $hesklang['category']; ?> : </td> <td><a href="<?php echo $link; ?> "><?php echo $article['cat_name']; ?> </a></td> </tr> <tr> <td><?php echo $hesklang['dta']; ?> : </td> <td><?php echo hesk_date($article['dt'], true); ?> </td> </tr> <tr> <td><?php echo $hesklang['views']; ?> : </td> <td><?php echo isset($_GET['rated']) ? $article['views'] : $article['views'] + 1; ?> </td> </tr> </table> </div> <?php if ($showRelated) { ?> <div class="col-md-6 col-sm-12"> <h4><?php echo $hesklang['relart']; ?> </h4> <div class="footerWithBorder blankSpace"></div> <?php // Related articles foreach ($related_articles as $id => $subject) { echo '<span class="glyphicon glyphicon-file" style="font-size: 16px;"></span> <a href="knowledgebase_private.php?article=' . $id . '">' . $subject . '</a><br />'; } ?> </div> <?php } ?> </div> <?php if (!isset($_GET['back'])) { ?> <p><br /><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span> <?php echo $hesklang['back']; ?> </a></p> <?php } else { ?> <p> </p> <?php } }
function hesk_show_kb_article($artid) { global $hesk_settings, $hesklang, $article; // Print header $hesk_settings['tmp_title'] = $article['subject']; require_once HESK_PATH . 'inc/header.inc.php'; hesk_kb_header($hesk_settings['kb_link']); // Update views by 1 - exclude known bots and reloads because of ratings if (!isset($_GET['rated']) && !hesk_detect_bots()) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1"); } echo '<h1>' . $article['subject'] . '</h1> <fieldset> <legend>' . $hesklang['as'] . '</legend> ' . $article['content']; if (!empty($article['attachments'])) { echo '<p><b>' . $hesklang['attachments'] . ':</b><br />'; $att = explode(',', substr($article['attachments'], 0, -1)); foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); echo '<img src="img/clip.png" width="16" height="16" alt="' . $att_name . '" style="align:text-bottom" /> <a href="download_attachment.php?kb_att=' . $att_id . '" rel="nofollow">' . $att_name . '</a><br />'; } echo '</p>'; } // Article rating if ($hesk_settings['kb_rating'] && strpos(hesk_COOKIE('hesk_kb_rate'), 'a' . $artid . '%') === false) { echo ' <div id="rating" class="rate" align="right"> <br />' . $hesklang['rart'] . ' <a href="Javascript:void(0)" onclick="Javascript:window.location=\'knowledgebase.php?rating=5&id=' . $article['id'] . '\'" rel="nofollow">' . strtolower($hesklang['yes']) . '</a> / <a href="Javascript:void(0)" onclick="Javascript:window.location=\'knowledgebase.php?rating=1&id=' . $article['id'] . '\'" rel="nofollow">' . strtolower($hesklang['no']) . '</a> </div> '; } echo '</fieldset>'; // Related articles if ($hesk_settings['kb_related']) { require HESK_PATH . 'inc/mail/email_parser.php'; $query = hesk_dbEscape($article['subject'] . ' ' . convert_html_to_text($article['content'])); // Get relevant articles from the database $res = hesk_dbQuery("SELECT t1.`id`, t1.`subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . 'kb_articles` AS t1 LEFT JOIN `' . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS t2 ON t1.`catid` = t2.`id` WHERE t1.`type`='0' AND t2.`type`='0' AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT " . intval($hesk_settings['kb_related'] + 1)); // Array with related articles $related_articles = array(); while ($related = hesk_dbFetchAssoc($res)) { // Get base match score from the first article if (!isset($base_score)) { $base_score = $related['score']; } // Ignore this article if ($related['id'] == $artid) { continue; } // Stop when articles reach less than 10% of base score if ($related['score'] / $base_score < 0.1) { break; } // This is a valid related article $related_articles[$related['id']] = $related['subject']; } // Print related articles if we have any valid matches if (count($related_articles)) { echo '<fieldset><legend>' . $hesklang['relart'] . '</legend>'; foreach ($related_articles as $id => $subject) { echo '<img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle;padding:2px;" /> <a href="knowledgebase.php?article=' . $id . '">' . $subject . '</a><br />'; } echo '</fieldset>'; } } if ($article['catid'] == 1) { $link = 'knowledgebase.php'; } else { $link = 'knowledgebase.php?category=' . $article['catid']; } ?> <fieldset> <legend><?php echo $hesklang['ad']; ?> </legend> <table border="0"> <tr> <td><?php echo $hesklang['aid']; ?> : </td> <td><?php echo $article['id']; ?> </td> </tr> <tr> <td><?php echo $hesklang['category']; ?> : </td> <td><a href="<?php echo $link; ?> "><?php echo $article['cat_name']; ?> </a></td> </tr> <?php if ($hesk_settings['kb_date']) { ?> <tr> <td><?php echo $hesklang['dta']; ?> : </td> <td><?php echo hesk_date($article['dt'], true); ?> </td> </tr> <?php } if ($hesk_settings['kb_views']) { ?> <tr> <td><?php echo $hesklang['views']; ?> : </td> <td><?php echo isset($_GET['rated']) ? $article['views'] : $article['views'] + 1; ?> </td> </tr> <?php } if ($hesk_settings['kb_rating']) { $alt = $article['rating'] ? sprintf($hesklang['kb_rated'], sprintf("%01.1f", $article['rating'])) : $hesklang['kb_not_rated']; echo ' <tr> <td>' . $hesklang['rating'] . ' (' . $hesklang['votes'] . '):</td> <td><img src="img/star_' . hesk_round_to_half($article['rating']) * 10 . '.png" width="85" height="16" alt="' . $alt . '" title="' . $alt . '" border="0" style="vertical-align:text-bottom" /> (' . $article['votes'] . ')</td> </tr> '; } ?> </table> </fieldset> <?php if (!isset($_GET['suggest'])) { ?> <p> <br />« <a href="javascript:history.go(<?php echo isset($_GET['rated']) ? '-2' : '-1'; ?> )"><?php echo $hesklang['back']; ?> </a></p> <?php } else { ?> <p> </p> <?php } }
function hesk_formatDate($dt) { $dt = hesk_date($dt); $dt = str_replace(' ', '<br />', $dt); return $dt; }
function hesk_printTicketReplies() { global $hesklang, $hesk_settings, $result, $reply; $i = $hesk_settings['new_top'] ? 0 : 1; if ($reply === false) { return $i; } while ($reply = hesk_dbFetchAssoc($result)) { if ($i) { $color = 'class="ticketrow"'; $i = 0; } else { $color = 'class="ticketalt"'; $i = 1; } $reply['dt'] = hesk_date($reply['dt'], true); ?> <tr> <td <?php echo $color; ?> > <table border="0" cellspacing="0" cellpadding="0" width="100%"> <tr> <td valign="top"> <table border="0" cellspacing="1"> <tr> <td><?php echo $hesklang['date']; ?> :</td> <td><?php echo $reply['dt']; ?> </td> </tr> <tr> <td><?php echo $hesklang['name']; ?> :</td> <td><?php echo $reply['name']; ?> </td> </tr> </table> </td> <td style="text-align:right; vertical-align:top;"> <?php echo hesk_getAdminButtons(1, $i); ?> </td> </tr> </table> <p><b><?php echo $hesklang['message']; ?> :</b></p> <p><?php echo $reply['message']; ?> </p> <?php /* Attachments */ hesk_listAttachments($reply['attachments'], $reply['id'], $i); /* Staff rating */ if ($hesk_settings['rating'] && $reply['staffid']) { if ($reply['rating'] == 1) { echo '<p class="rate">' . $hesklang['rnh'] . '</p>'; } elseif ($reply['rating'] == 5) { echo '<p class="rate">' . $hesklang['rh'] . '</p>'; } } /* Show "unread reply" message? */ if ($reply['staffid'] && !$reply['read']) { echo '<p class="rate">' . $hesklang['unread'] . '</p>'; } ?> </td> </tr> <?php } return $i; }
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "contracts` WHERE `id` = '" . $_GET['id'] . "' LIMIT 1"); if (mysqli_num_rows($res) == 1) { $row = mysqli_fetch_array($res); $value_id = $row['id']; $value_contract_name = $row['contract_name']; $value_company_id = $row['company_id']; $value_project_id = $row['project_id']; $value_staff_id = $row['staff_id']; $value_starting_date = $row['starting_date']; $value_ending_date = $row['ending_date']; $value_active = $row['active']; $value_sla = $row['sla']; $value_priority = $row['priority']; $value_reply_time = $row['reply_time']; $value_resolved_time = $row['resolved_time']; $value['lastchange'] = hesk_date($value['lastchange'], true); } } ?> <!-- Edit Contract--> <div role="tabpanel" class="tab-pane" id="edit-cont"> <div class="edit-contract"> <form method="post" action="contracts.php" name="form2"> <input type="hidden" name="id" value="<?php echo $value_id; ?> "/> <div class="form-inline contr-row1" id="contract_row"> <label class="col-xs-6 col-sm-3 control-label"><?php echo $hesklang['contract_name'];
function hesk_kbLatestArticles($how_many, $index = 1) { global $hesk_settings, $hesklang; // Index page or KB main page? if ($index) { // Disabled? if (!$hesk_settings['kb_index_latest']) { return true; } // Show title in italics $font_weight = 'i'; } else { // Disabled? if (!$hesk_settings['kb_latest']) { return true; } // Show title in bold $font_weight = 'b'; // Print a line for spacing if we don't show popular articles if (!$hesk_settings['kb_popart']) { echo '<br/><br/>'; } } ?> <?php /* Get list of articles from the database */ $res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`subject`,`t1`.`dt` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t1`\n\t\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`\n\t\t\tWHERE `t1`.`type`='0' AND `t2`.`type`='0'\n\t\t\tORDER BY `t1`.`dt` DESC LIMIT " . intval($how_many)); /* If no results found end here */ if (hesk_dbNumRows($res) == 0) { echo '<div class="container noarticles"><i>' . $hesklang['noa'] . '</i><br /> </div></div>'; return true; } /* We have some results, print them out */ ?> <div role="tabpanel" class="tab-pane" id="profile"> <table class="table"> <?php while ($article = hesk_dbFetchAssoc($res)) { echo '<tbody> <tr> <td width="84%"><img src="img/article_text.jpg" width="16" height="16" border="0" alt="" style="vertical-align:middle" /> <span class="latest-kb-date-added1"><a href="knowledgebase.php?article=' . $article['id'] . '">' . $article['subject'] . '</a></span></td> '; if ($hesk_settings['kb_date']) { echo '<td><span class="latest-kb-date-added2">' . hesk_date($article['dt'], true) . '</span></td>'; } echo ' </tr> </tbody> '; } ?> </table> </div> <script type="text/javascript"> jQuery(document).ready(function ($) { $('#tabs').tab(); }); </script> </div> <?php }
function hesk_show_kb_article($artid) { global $hesk_settings, $hesklang, $article; // Print header $hesk_settings['tmp_title'] = $article['subject']; require_once HESK_PATH . 'inc/header.inc.php'; hesk_kb_header($hesk_settings['kb_link'], $article['catid']); // Update views by 1 hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`='" . intval($artid) . "' LIMIT 1"); echo '<h1>' . $article['subject'] . '</h1> <fieldset> <legend>' . $hesklang['as'] . '</legend> ' . $article['content']; if (!empty($article['attachments'])) { echo '<p><b>' . $hesklang['attachments'] . ':</b><br />'; $att = explode(',', substr($article['attachments'], 0, -1)); foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); echo '<img src="../img/clip.png" width="16" height="16" alt="' . $att_name . '" style="align:text-bottom" /> <a href="../download_attachment.php?kb_att=' . $att_id . '" rel="nofollow">' . $att_name . '</a><br />'; } echo '</p>'; } echo '</fieldset>'; if ($article['catid'] == 1) { $link = 'knowledgebase_private.php'; } else { $link = 'knowledgebase_private.php?category=' . $article['catid']; } ?> <fieldset> <legend><?php echo $hesklang['ad']; ?> </legend> <table border="0"> <tr> <td><?php echo $hesklang['aid']; ?> : </td> <td><?php echo $article['id']; ?> </td> </tr> <tr> <td><?php echo $hesklang['category']; ?> : </td> <td><a href="<?php echo $link; ?> "><?php echo $article['cat_name']; ?> </a></td> </tr> <tr> <td><?php echo $hesklang['dta']; ?> : </td> <td><?php echo hesk_date($article['dt']); ?> </td> </tr> <tr> <td><?php echo $hesklang['views']; ?> : </td> <td><?php echo isset($_GET['rated']) ? $article['views'] : $article['views'] + 1; ?> </td> </tr> </table> </fieldset> <?php if (!isset($_GET['back'])) { ?> <p> <br />« <a href="javascript:history.go(-1)"><?php echo $hesklang['back']; ?> </a></p> <?php } else { ?> <p> </p> <?php } }
// Notify customer of closed ticket? if ($hesk_settings['notify_closed']) { // Get ticket info $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_error($hesklang['ticket_not_found']); } $ticket = hesk_dbFetchAssoc($result); $closedStatusRS = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsClosed` = 1'); $ticketIsOpen = true; while ($row = hesk_dbFetchAssoc($closedStatusRS)) { if ($ticket['status'] == $row['ID']) { $ticketIsOpen = false; } } // Notify customer, but only if ticket is not already closed if ($ticketIsOpen) { require HESK_PATH . 'inc/email_functions.inc.php'; $ticket['dt'] = hesk_date($ticket['dt'], true); $ticket['lastchange'] = hesk_date($ticket['lastchange'], true); hesk_notifyCustomer('ticket_closed'); } } } /* Update database */ $statusSql = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `LockedTicketStatus` = 1'; $statusRow = hesk_dbQuery($statusSql)->fetch_assoc(); $statusId = $statusRow['ID']; hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$statusId}',`locked`='{$status}' {$closedby_sql} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); /* Back to ticket page and show a success message */ hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
function hesk_kbLatestArticles($how_many, $index = 1) { global $hesk_settings, $hesklang; // Index page or KB main page? if ($index) { // Disabled? if (!$hesk_settings['kb_index_latest']) { return true; } // Show title in italics $font_weight = 'i'; } else { // Disabled? if (!$hesk_settings['kb_latest']) { return true; } // Show title in bold $font_weight = 'b'; // Print a line for spacing if we don't show popular articles if (!$hesk_settings['kb_popart']) { echo '<hr />'; } } ?> <table border="0" width="100%"> <tr> <td>» <<?php echo $font_weight; ?> ><?php echo $hesklang['latart']; ?> </<?php echo $font_weight; ?> ></td> <?php /* Show number of views? */ if ($hesk_settings['kb_date']) { echo '<td style="text-align:right"><i>' . $hesklang['dta'] . '</i></td>'; } ?> </tr> </table> <?php /* Get list of articles from the database */ $res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`subject`,`t1`.`dt` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t1`\r\n\t\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`\r\n\t\t\tWHERE `t1`.`type`='0' AND `t2`.`type`='0'\r\n\t\t\tORDER BY `t1`.`dt` DESC LIMIT " . intval($how_many)); /* If no results found end here */ if (hesk_dbNumRows($res) == 0) { echo '<p><i>' . $hesklang['noa'] . '</i><br /> </p>'; return true; } /* We have some results, print them out */ ?> <div align="center"> <table border="0" cellspacing="1" cellpadding="3" width="100%"> <?php while ($article = hesk_dbFetchAssoc($res)) { echo ' <tr> <td> <table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td width="1" valign="top"><img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" /></td> <td valign="top"> <a href="knowledgebase.php?article=' . $article['id'] . '">' . $article['subject'] . '</a></td> '; if ($hesk_settings['kb_date']) { echo '<td valign="top" style="text-align:right" width="200">' . hesk_date($article['dt'], true) . '</td>'; } echo ' </tr> </table> </td> </tr> '; } ?> </table> </div> <?php }
$row['categories'] = explode(',', $row['categories']); if (!in_array($ticket['category'], $row['categories'])) { hesk_error($hesklang['unoa']); } } /* Assigning to self? */ if ($can_assign_others || $owner == $_SESSION['id'] && $can_assign_self) { $revision = sprintf($hesklang['thist2'], hesk_date(), $row['name'] . ' (' . $row['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) { $_SERVER['PHP_SELF'] = 'admin_main.php'; } } else { hesk_error($hesklang['no_permission']); } $ticket['owner'] = $owner; /* --> Prepare message */ // 1. Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); /* Notify the new owner? */ if ($ticket['owner'] != intval($_SESSION['id'])) { hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you'); } $tmp = $owner == $_SESSION['id'] ? $hesklang['tasy'] : $hesklang['taso']; hesk_process_messages($tmp, $_SERVER['PHP_SELF'], 'SUCCESS');
* a license please visit the page below: * https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_reply_tickets'); /* A security check */ hesk_token_check('POST'); /* Ticket ID */ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']); $priority = intval(hesk_POST('priority')); if ($priority < 0 || $priority > 3) { hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE'); } $options = array(0 => '<font class="critical">' . $hesklang['critical'] . '</font>', 1 => '<font class="important">' . $hesklang['high'] . '</font>', 2 => '<font class="medium">' . $hesklang['medium'] . '</font>', 3 => $hesklang['low']); $revision = sprintf($hesklang['thist8'], hesk_date(), $options[$priority], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE'); } hesk_process_messages(sprintf($hesklang['chpri2'], $options[$priority]), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
if ($hesk_settings['custopen'] != 1) { $locked = 1; } // Mark that customer resolved the ticket $closedby_sql = ' , `closedat`=NOW(), `closedby`=0 '; } elseif ($status == 2) { // Is customer reopening tickets enabled? if (!$hesk_settings['custopen']) { hesk_error($hesklang['attempt']); } //-- They want to close the ticket, so get the status that is the default for client-side closes $statusRes = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1'); $statusRow = hesk_dbFetchAssoc($statusRes); $status = $statusRow['ID']; $action = $hesklang['opened']; $revision = sprintf($hesklang['thist4'], hesk_date(), $hesklang['customer']); // We will ask the customer why is the ticket being reopened $_SESSION['force_form_top'] = true; // Ticket is not resolved $closedby_sql = ' , `closedat`=NULL, `closedby`=NULL '; } else { die("{$hesklang['int_error']}: {$hesklang['status_not_valid']}."); } // Connect to database hesk_dbConnect(); // Verify email address match if needed hesk_verifyEmailMatch($trackingID); // Lets make status assignment a bit smarter when reopening tickets if ($oldStatus == 2) { // Get number of replies and last replier (customer or staff) $ticket = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `staffreplies`, `lastreplier` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"));
$u[] = $user['userId']; } $ulist = implode(',', $u); $u_emails = hesk_dbQuery("SELECT `email` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` IN (" . $ulist . ")"); $array_email = array(); while ($e = mysqli_fetch_array($u_emails)) { $array_email[] = $e['email']; } $ulist_emails = implode(',', $array_email); //var_dump($ulist_emails); //exit(); $params['subject'] = $ticket['subject']; $params['user_id'] = 11; // Do krijohet nga ERP nje user default dhe do vendosim ID e tij $params['body_text'] = stripslashes($message); $params['date'] = hesk_date($ticket['dt'], true); $params['res_id'] = $data[0]; $params['model'] = "project.issue"; $params['email_from'] = $ticket['email']; $params['email_to'] = $ulist_emails; $data = $oeapi->create_record($params, $valid_services["SCA"]); // dergojme te dhenat e reply_message tek ceshtje e duhur ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); // --> If ticket is assigned just notify the owner if ($ticket['owner']) {
$sql .= " {$priority_sql} "; if ($new_status == 3) { $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $sql .= " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') "; if ($hesk_settings['custopen'] != 1) { $sql .= " , `locked`='1' "; } } $sql .= " WHERE `id`='{$replyto}' LIMIT 1"; hesk_dbQuery($sql); unset($sql); /* Update number of replies in the users table */ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1"); // --> Prepare reply message // 1. Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $new_status, 'name' => $ticket['name'], 'lastreplier' => $_SESSION['name'], 'subject' => $ticket['subject'], 'message' => stripslashes($message), 'attachments' => $myattachments, 'dt' => hesk_date($ticket['dt']), 'lastchange' => hesk_date($ticket['lastchange'])); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); // Notify the customer if (!isset($_POST['no_notify']) || intval(hesk_POST('no_notify')) != 1) { hesk_notifyCustomer('new_reply_by_staff'); } /* Set reply submitted message */ $_SESSION['HESK_SUCCESS'] = TRUE; $_SESSION['HESK_MESSAGE'] = $hesklang['reply_submitted']; if (!empty($_POST['close'])) { $_SESSION['HESK_MESSAGE'] .= '<br /><br />' . $hesklang['ticket_marked'] . ' <span class="resolved">' . $hesklang['closed'] . '</span>';
$hesk_settings['language'] = $hesk_settings['language_default']; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); // Check permissions for this feature hesk_checkPermission('can_man_settings'); // Test languages function if (isset($_GET['test_languages'])) { hesk_testLanguage(0); } $help_folder = '../language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/help_files/'; $enable_save_settings = 0; $enable_use_attachments = 0; $server_time = date('H:i', strtotime(hesk_date())); // Print header require_once HESK_PATH . 'inc/header.inc.php'; // Print main manage users page require_once HESK_PATH . 'inc/show_admin_nav.inc.php'; // Demo mode? Hide values of sensitive settings if (defined('HESK_DEMO')) { $hesk_settings['db_host'] = $hesklang['hdemo']; $hesk_settings['db_name'] = $hesklang['hdemo']; $hesk_settings['db_user'] = $hesklang['hdemo']; $hesk_settings['db_pass'] = $hesklang['hdemo']; $hesk_settings['db_pfix'] = $hesklang['hdemo']; $hesk_settings['smtp_host_name'] = $hesklang['hdemo']; $hesk_settings['smtp_user'] = $hesklang['hdemo']; $hesk_settings['smtp_password'] = $hesklang['hdemo']; $hesk_settings['pop3_host_name'] = $hesklang['hdemo'];
function hesk_time_lastchange($original) { global $hesk_settings, $hesklang; // Save time format setting so we can restore it later $copy = $hesk_settings['timeformat']; // We need this time format for this function $hesk_settings['timeformat'] = 'Y-m-d H:i:s'; // Get HESK time-adjusted start of today if not already if (!defined('HESK_TIME_TODAY')) { // Adjust for HESK time and define constants for alter use define('HESK_TIME_TODAY', date('Y-m-d 00:00:00', hesk_date(NULL, false, false, false))); define('HESK_TIME_YESTERDAY', date('Y-m-d 00:00:00', strtotime(HESK_TIME_TODAY) - 86400)); } // Adjust HESK time difference and get day name $ticket_time = hesk_date($original, true); if ($ticket_time >= HESK_TIME_TODAY) { // For today show HH:MM $day = substr($ticket_time, 11, 5); } elseif ($ticket_time >= HESK_TIME_YESTERDAY) { // For yesterday show word "Yesterday" $day = $hesklang['r2']; } else { // For other days show DD MMM YY list($y, $m, $d) = explode('-', substr($ticket_time, 0, 10)); $day = '<span style="white-space: nowrap;">' . $d . ' ' . $hesklang['ms' . $m] . ' ' . substr($y, 2) . '</span>'; } // Restore original time format setting $hesk_settings['timeformat'] = $copy; // Return value to display return $day; }
function hesk_formatDate($dt, $from_database = true) { $dt = hesk_date($dt, $from_database); $dt = str_replace(' ', '<br />', $dt); return $dt; }
function new_article() { global $hesk_settings, $hesklang, $listBox; global $hesk_error_buffer; /* A security check */ # hesk_token_check('POST'); $_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1); $hesk_error_buffer = array(); $catid = intval(hesk_POST('catid', 1)); $type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1); $html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1); $now = hesk_date(); // Prevent submitting duplicate articles by reloading manage_knowledgebase.php page if (isset($_SESSION['article_submitted'])) { header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid); exit; } $_SESSION['KB_CATEGORY'] = $catid; $subject = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['kb_e_subj']; if ($html) { if (empty($_POST['content'])) { $hesk_error_buffer[] = $hesklang['kb_e_cont']; } $content = hesk_getHTML(hesk_POST('content')); } else { $content = hesk_input(hesk_POST('content')) or $hesk_error_buffer[] = $hesklang['kb_e_cont']; $content = nl2br($content); $content = hesk_makeURL($content); } $sticky = isset($_POST['sticky']) ? 1 : 0; $keywords = hesk_input(hesk_POST('keywords')); /* Article attachments */ define('KB', 1); require_once HESK_PATH . 'inc/posting_functions.inc.php'; require_once HESK_PATH . 'inc/attachments.inc.php'; $attachments = array(); for ($i = 1; $i <= 3; $i++) { $att = hesk_uploadFile($i); if (!empty($att)) { $attachments[$i] = $att; } } $myattachments = ''; /* Any errors? */ if (count($hesk_error_buffer)) { // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use']) { hesk_removeAttachments($attachments); } $_SESSION['new_article'] = array('type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input(hesk_POST('content')), 'keywords' => $keywords, 'sticky' => $sticky); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "<li>{$error}</li>\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'manage_knowledgebase.php'); } $revision = sprintf($hesklang['revision1'], $now, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); /* Add to database */ if (!empty($attachments)) { foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; } } /* Get the latest reply_order */ $res = hesk_dbQuery("SELECT `art_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1"); $row = hesk_dbFetchRow($res); $my_order = $row[0] + 10; /* Insert article into database */ hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES (\n '" . intval($catid) . "',\n NOW(),\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($subject) . "',\n '" . hesk_dbEscape($content) . "',\n '" . hesk_dbEscape($keywords) . "',\n '" . intval($type) . "',\n '" . intval($html) . "',\n '" . intval($sticky) . "',\n '" . intval($my_order) . "',\n '" . hesk_dbEscape($revision) . "',\n '" . hesk_dbEscape($myattachments) . "'\n )"); $_SESSION['artord'] = hesk_dbInsertID(); // Update category article count if ($type == 0) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=`articles`+1 WHERE `id`='" . intval($catid) . "'"); } else { if ($type == 1) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='" . intval($catid) . "'"); } else { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='" . intval($catid) . "'"); } } unset($_SESSION['hide']); $_SESSION['article_submitted'] = 1; hesk_process_messages($hesklang['your_kb_added'], 'NOREDIRECT', 'SUCCESS'); $_GET['catid'] = $catid; manage_category(); }
function hesk_show_kb_article($artid) { global $hesk_settings, $hesklang, $article; // Print header $hesk_settings['tmp_title'] = $article['subject']; require_once HESK_PATH . 'inc/header.inc.php'; hesk_kb_header($hesk_settings['kb_link'], $article['catid']); // Update views by 1 hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1"); echo '<h1>' . $article['subject'] . '</h1> <fieldset> <legend>' . $hesklang['as'] . '</legend> ' . $article['content']; if (!empty($article['attachments'])) { echo '<p><b>' . $hesklang['attachments'] . ':</b><br />'; $att = explode(',', substr($article['attachments'], 0, -1)); foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); echo '<img src="../img/clip.png" width="16" height="16" alt="' . $att_name . '" style="align:text-bottom" /> <a href="../download_attachment.php?kb_att=' . $att_id . '" rel="nofollow">' . $att_name . '</a><br />'; } echo '</p>'; } echo '</fieldset>'; // Related articles if ($hesk_settings['kb_related']) { require HESK_PATH . 'inc/mail/email_parser.php'; $query = hesk_dbEscape($article['subject'] . ' ' . convert_html_to_text($article['content'])); // Get relevant articles from the database $res = hesk_dbQuery("SELECT `id`, `subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT " . intval($hesk_settings['kb_related'] + 1)); // Array with related articles $related_articles = array(); while ($related = hesk_dbFetchAssoc($res)) { // Get base match score from the first article if (!isset($base_score)) { $base_score = $related['score']; } // Ignore this article if ($related['id'] == $artid) { continue; } // Stop when articles reach less than 10% of base score if ($related['score'] / $base_score < 0.1) { break; } // This is a valid related article $related_articles[$related['id']] = $related['subject']; } // Print related articles if we have any valid matches if (count($related_articles)) { echo '<fieldset><legend>' . $hesklang['relart'] . '</legend>'; foreach ($related_articles as $id => $subject) { echo '<img src="' . HESK_PATH . 'img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle;padding:2px;" /> <a href="knowledgebase_private.php?article=' . $id . '">' . $subject . '</a><br />'; } echo '</fieldset>'; } } if ($article['catid'] == 1) { $link = 'knowledgebase_private.php'; } else { $link = 'knowledgebase_private.php?category=' . $article['catid']; } ?> <fieldset> <legend><?php echo $hesklang['ad']; ?> </legend> <table border="0"> <tr> <td><?php echo $hesklang['aid']; ?> : </td> <td><?php echo $article['id']; ?> </td> </tr> <tr> <td><?php echo $hesklang['category']; ?> : </td> <td><a href="<?php echo $link; ?> "><?php echo $article['cat_name']; ?> </a></td> </tr> <tr> <td><?php echo $hesklang['dta']; ?> : </td> <td><?php echo hesk_date($article['dt'], true); ?> </td> </tr> <tr> <td><?php echo $hesklang['views']; ?> : </td> <td><?php echo isset($_GET['rated']) ? $article['views'] : $article['views'] + 1; ?> </td> </tr> </table> </fieldset> <?php if (!isset($_GET['back'])) { ?> <p> <br />« <a href="javascript:history.go(-1)"><?php echo $hesklang['back']; ?> </a></p> <?php } else { ?> <p> </p> <?php } }
hesk_process_messages($hesk_error_buffer, 'index.php?a=add'); } $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); // Track suggested knowledgebase articles if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && isset($_POST['suggested']) && is_array($_POST['suggested'])) { $tmpvar['articles'] = implode(',', array_unique(array_map('intval', $_POST['suggested']))); } // All good now, continue with ticket creation $tmpvar['owner'] = 0; $tmpvar['history'] = sprintf($hesklang['thist15'], hesk_date(), $tmpvar['name']); // Auto assign tickets if aplicable $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']); if ($autoassign_owner) { $tmpvar['owner'] = $autoassign_owner['id']; $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')'); } // Insert attachments if ($hesk_settings['attachments']['use'] && !empty($attachments)) { foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; } } // Insert ticket to database $ticket = hesk_newTicket($tmpvar); //insert to ERP ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// include 'oe_api.php'; $valid_services = array("SCA" => "project.issue"); //klasat e ERP me te cilat do te punojme