Beispiel #1
6
function do_login()
{
    global $hesk_settings, $hesklang;
    $hesk_error_buffer = array();
    $user = hesk_input(hesk_POST('user'));
    if (empty($user)) {
        $myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
        $hesk_error_buffer['user'] = $myerror;
    }
    define('HESK_USER', $user);
    $pass = hesk_input(hesk_POST('pass'));
    if (empty($pass)) {
        $hesk_error_buffer['pass'] = $hesklang['enter_pass'];
    }
    if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
        // Using ReCaptcha?
        if ($hesk_settings['recaptcha_use']) {
            require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
            $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
            if ($resp->is_valid) {
                $_SESSION['img_a_verified'] = true;
            } else {
                $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
            }
        } else {
            $mysecnum = intval(hesk_POST('mysecnum', 0));
            if (empty($mysecnum)) {
                $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
            } else {
                require HESK_PATH . 'inc/secimg.inc.php';
                $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
                if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
                    $_SESSION['img_a_verified'] = true;
                } else {
                    $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
                }
            }
        }
    }
    /* Any missing fields? */
    if (count($hesk_error_buffer) != 0) {
        $_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
        $tmp = '';
        foreach ($hesk_error_buffer as $error) {
            $tmp .= "<li>{$error}</li>\n";
        }
        $hesk_error_buffer = $tmp;
        $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
        print_login();
        exit;
    } elseif (isset($_SESSION['img_a_verified'])) {
        unset($_SESSION['img_a_verified']);
    }
    /* User entered all required info, now lets limit brute force attempts */
    hesk_limitBfAttempts();
    $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('user', 'pass');
        hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
        print_login();
        exit;
    }
    $res = hesk_dbFetchAssoc($result);
    foreach ($res as $k => $v) {
        $_SESSION[$k] = $v;
    }
    /* Check password */
    if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('pass');
        hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
        print_login();
        exit;
    }
    $pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
    /* Check if default password */
    if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
        hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
    }
    unset($_SESSION['pass']);
    /* Login successful, clean brute force attempts */
    hesk_cleanBfAttempts();
    /* Regenerate session ID (security) */
    hesk_session_regenerate_id();
    /* Remember username? */
    if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
        setcookie('hesk_username', "{$user}", strtotime('+1 year'));
        setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
    } elseif (hesk_POST('remember_user') == 'JUSTUSER') {
        setcookie('hesk_username', "{$user}", strtotime('+1 year'));
        setcookie('hesk_p', '');
    } else {
        // Expire cookie if set otherwise
        setcookie('hesk_username', '');
        setcookie('hesk_p', '');
    }
    /* Close any old tickets here so Cron jobs aren't necessary */
    if ($hesk_settings['autoclose']) {
        $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape(date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400)) . "'");
    }
    /* Redirect to the destination page */
    if (hesk_isREQUEST('goto')) {
        $url = hesk_REQUEST('goto');
        $url = str_replace('&amp;', '&', $url);
        /* goto parameter can be set to the local domain only */
        $myurl = parse_url($hesk_settings['hesk_url']);
        $goto = parse_url($url);
        if (isset($myurl['host']) && isset($goto['host'])) {
            if (str_replace('www.', '', strtolower($myurl['host'])) != str_replace('www.', '', strtolower($goto['host']))) {
                $url = 'admin_main.php';
            }
        }
        header('Location: ' . $url);
    } else {
        header('Location: admin_main.php');
    }
    exit;
}
Beispiel #2
0
function show_message()
{
    global $hesk_settings, $hesklang, $admins;
    $id = intval(hesk_GET('id'));
    /* Get the message details */
    $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "' LIMIT 1");
    $num = hesk_dbNumRows($res);
    if ($num) {
        $pm = hesk_dbFetchAssoc($res);
        /* Allowed to read the message? */
        if ($pm['to'] == $_SESSION['id']) {
            if (!isset($_SESSION['mail']['subject'])) {
                $_SESSION['mail']['subject'] = $hesklang['m_re'] . ' ' . $pm['subject'];
            }
            if (!isset($_SESSION['mail']['to'])) {
                $_SESSION['mail']['to'] = $pm['from'];
            }
        } elseif ($pm['from'] == $_SESSION['id']) {
            if (!isset($_SESSION['mail']['subject'])) {
                $_SESSION['mail']['subject'] = $hesklang['m_fwd'] . ' ' . $pm['subject'];
            }
            if (!isset($_SESSION['mail']['to'])) {
                $_SESSION['mail']['to'] = $pm['to'];
            }
            $hesk_settings['mailtmp']['this'] = 'from';
            $hesk_settings['mailtmp']['other'] = 'to';
            $hesk_settings['mailtmp']['m_from'] = $hesklang['m_to'];
            $hesk_settings['mailtmp']['outbox'] = '<b>' . $hesklang['outbox'] . '</b>';
            $hesk_settings['mailtmp']['inbox'] = '<a href="mail.php">' . $hesklang['inbox'] . '</a>';
            $hesk_settings['mailtmp']['outbox'] = '<a href="mail.php?folder=outbox">' . $hesklang['outbox'] . '</a>';
        } else {
            hesk_process_message($hesklang['m_ena'], 'mail.php');
        }
        /* Mark as read */
        if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read']) {
            $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' LIMIT 1");
        }
        $pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&amp;id=' . $pm[$hesk_settings['mailtmp']['other']] . '">' . $admins[$pm[$hesk_settings['mailtmp']['other']]] . '</a>' : ($pm['from'] == 9999 ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']);
        $pm['dt'] = hesk_dateToString($pm['dt'], 0, 1, 0, true);
        ?>

	<table width="100%" border="0" cellspacing="0" cellpadding="0">
		<tr>
			<td width="7" height="7"><img src="../img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
			<td class="roundcornerstop"></td>
			<td><img src="../img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
		</tr>
		<tr>
		<td class="roundcornersleft">&nbsp;</td>
		<td>

			<table border="0" cellspacing="0" cellpadding="0" width="100%">
			<tr>
			<td valign="top">
				<table border="0">
				<tr>
					<td><b><?php 
        echo $hesk_settings['mailtmp']['m_from'];
        ?>
</b></td>
					<td><?php 
        echo $pm['name'];
        ?>
</td>
				</tr>
				<tr>
					<td><b><?php 
        echo $hesklang['date'];
        ?>
</b></td>
					<td><?php 
        echo $pm['dt'];
        ?>
</td>
				</tr>
				<tr>
					<td><b><?php 
        echo $hesklang['m_sub'];
        ?>
</b></td>
					<td><?php 
        echo $pm['subject'];
        ?>
</td>
				</tr>
				</table>
			</td>
			<td style="text-align:right; vertical-align:top;">

				<?php 
        $folder = '&amp;folder=outbox';
        if ($pm['to'] == $_SESSION['id']) {
            echo '<a href="mail.php?a=mark_unread&amp;id=' . $id . '&amp;token=' . hesk_token_echo(0) . '"><img src="../img/mail.png" width="16" height="16" alt="' . $hesklang['mau'] . '" title="' . $hesklang['mau'] . '" class="optionWhiteOFF" onmouseover="this.className=\'optionWhiteON\'" onmouseout="this.className=\'optionWhiteOFF\'" /></a> ';
            $folder = '';
        }
        echo '<a href="mail.php?a=delete&amp;id=' . $id . '&amp;token=' . hesk_token_echo(0) . $folder . '" onclick="return hesk_confirmExecute(\'' . hesk_makeJsString($hesklang['delm']) . '?\');"><img src="../img/delete.png" width="16" height="16" alt="' . $hesklang['delm'] . '" title="' . $hesklang['delm'] . '" class="optionWhiteOFF" onmouseover="this.className=\'optionWhiteON\'" onmouseout="this.className=\'optionWhiteOFF\'" /></a>';
        ?>

			</td>
			</tr>
			</table>

		<hr />

		<p><?php 
        echo $pm['message'];
        ?>
</p>

	    </td>
		<td class="roundcornersright">&nbsp;</td>
		</tr>
		<tr>
		<td><img src="../img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
		<td class="roundcornersbottom"></td>
		<td width="7" height="7"><img src="../img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
		</tr>
	</table>

	<br /><hr />


			<?php 
    }
    // END if $num
    $_SESSION['hide']['list'] = 1;
}
Beispiel #3
0
    if (empty($ticket['repliername'])) {
        $ticket['repliername'] = $hesklang['staff'];
    }
} else {
    $ticket['repliername'] = $ticket['name'];
}
/* Get category name and ID */
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($ticket['category']) . "' LIMIT 1");
/* If this category has been deleted use the default category with ID 1 */
if (hesk_dbNumRows($result) != 1) {
    $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='1' LIMIT 1");
}
$category = hesk_dbFetchAssoc($result);
/* Get replies */
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` " . ($hesk_settings['new_top'] ? 'DESC' : 'ASC'));
$replies = hesk_dbNumRows($result);
$unread_replies = array();
// Demo mode
if (defined('HESK_DEMO')) {
    $ticket['email'] = '*****@*****.**';
}
/* Print header */
require_once HESK_PATH . 'inc/header.inc.php';
?>

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="3"><img src="img/headerleftsm.jpg" width="3" height="25" alt="" /></td>
<td class="headersm"><?php 
hesk_showTopBar($hesklang['cid'] . ': ' . $trackingID);
?>
Beispiel #4
0
function update_profile()
{
    global $hesk_settings, $hesklang, $can_view_unassigned;
    /* A security check */
    hesk_token_check('POST');
    $sql_pass = '';
    $sql_username = '';
    $hesk_error_buffer = '';
    $_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
    $_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
    $_SESSION['new']['signature'] = hesk_input(hesk_POST('signature'));
    /* Signature */
    if (strlen($_SESSION['new']['signature']) > 255) {
        $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
    }
    /* Admins can change username */
    if ($_SESSION['isadmin']) {
        $_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
        /* Check for duplicate usernames */
        $result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1");
        if (hesk_dbNumRows($result) != 0) {
            $hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
        } else {
            $sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'";
        }
    }
    /* Change password? */
    $newpass = hesk_input(hesk_POST('newpass'));
    $passlen = strlen($newpass);
    if ($passlen > 0) {
        /* At least 5 chars? */
        if ($passlen < 5) {
            $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
        } else {
            $newpass2 = hesk_input(hesk_POST('newpass2'));
            if ($newpass != $newpass2) {
                $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
            } else {
                $v = hesk_Pass2Hash($newpass);
                if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
                    define('WARN_PASSWORD', true);
                }
                $sql_pass = '******'' . $v . '\'';
            }
        }
    }
    /* After reply */
    $_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply'));
    if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) {
        $_SESSION['new']['afterreply'] = 0;
    }
    /* Auto-start ticket timer */
    $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
    /* Notifications */
    $_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1;
    $_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
    $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1;
    $_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
    $_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
    $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
    $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
    /* Any errors? */
    if (strlen($hesk_error_buffer)) {
        /* Process the session variables */
        $_SESSION['new'] = hesk_stripArray($_SESSION['new']);
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
    } else {
        /* Update database */
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n\t    `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\r\n\t    `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\r\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\r\n        {$sql_username}\r\n\t\t{$sql_pass} ,\r\n\t    `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,\r\n        `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,\r\n\t    `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,\r\n        `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,\r\n        `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,\r\n        `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,\r\n        `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,\r\n        `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',\r\n        `notify_note`='" . intval($_SESSION['new']['notify_note']) . "'\r\n\t    WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
        /* Process the session variables */
        $_SESSION['new'] = hesk_stripArray($_SESSION['new']);
        /* Update session variables */
        foreach ($_SESSION['new'] as $k => $v) {
            $_SESSION[$k] = $v;
        }
        unset($_SESSION['new']);
        hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS');
    }
}
Beispiel #5
0
$ticket = hesk_dbFetchAssoc($res);
// Demo mode
if (defined('HESK_DEMO')) {
    $ticket['email'] = '*****@*****.**';
    $ticket['ip'] = '127.0.0.1';
}
/* Get category name and ID */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='{$ticket['category']}' LIMIT 1");
/* If this category has been deleted use the default category with ID 1 */
if (hesk_dbNumRows($res) != 1) {
    $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='1' LIMIT 1");
}
$category = hesk_dbFetchAssoc($res);
/* Get replies */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='{$ticket['id']}' ORDER BY `id` ASC");
$replies = hesk_dbNumRows($res);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title><?php 
echo $hesk_settings['hesk_title'];
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo $hesklang['ENCODING'];
?>
">
<style type="text/css">
body, table, td, p
{
Beispiel #6
0
/* New locked status */
if (empty($_GET['locked'])) {
    $status = 0;
    $tmp = $hesklang['tunlock'];
    $revision = sprintf($hesklang['thist6'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    $closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
} else {
    $status = 1;
    $tmp = $hesklang['tlock'];
    $revision = sprintf($hesklang['thist5'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    $closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' ';
    // Notify customer of closed ticket?
    if ($hesk_settings['notify_closed']) {
        // Get ticket info
        $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
        if (hesk_dbNumRows($result) != 1) {
            hesk_error($hesklang['ticket_not_found']);
        }
        $ticket = hesk_dbFetchAssoc($result);
        $closedStatusRS = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsClosed` = 1');
        $ticketIsOpen = true;
        while ($row = hesk_dbFetchAssoc($closedStatusRS)) {
            if ($ticket['status'] == $row['ID']) {
                $ticketIsOpen = false;
            }
        }
        // Notify customer, but only if ticket is not already closed
        if ($ticketIsOpen) {
            require HESK_PATH . 'inc/email_functions.inc.php';
            $ticket['dt'] = hesk_date($ticket['dt'], true);
            $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
Beispiel #7
0
function forgot_tid()
{
    global $hesk_settings, $hesklang;
    require HESK_PATH . 'inc/email_functions.inc.php';
    $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
    if (isset($_POST['open_only'])) {
        $hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0;
    }
    /* Prepare ticket statuses */
    $my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']);
    /* Get ticket(s) from database */
    hesk_load_database_functions();
    hesk_dbConnect();
    // Get tickets from the database
    $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC ');
    $num = hesk_dbNumRows($res);
    if ($num < 1) {
        if ($hesk_settings['open_only']) {
            hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email);
        } else {
            hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email);
        }
    }
    $tid_list = '';
    $name = '';
    $email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : '';
    while ($my_ticket = hesk_dbFetchAssoc($res)) {
        $name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0);
        $tid_list .= "\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\n";
    }
    /* Get e-mail message for customer */
    $msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1);
    $msg = str_replace('%%NAME%%', $name, $msg);
    $msg = str_replace('%%NUM%%', $num, $msg);
    $msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg);
    $msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg);
    $msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
    $subject = hesk_getEmailSubject('forgot_ticket_id');
    /* Send e-mail */
    hesk_mail($email, $subject, $msg);
    /* Show success message */
    $tmp = '<b>' . $hesklang['tid_sent'] . '!</b>';
    $tmp .= '<br />&nbsp;<br />' . $hesklang['tid_sent2'] . '.';
    $tmp .= '<br />&nbsp;<br />' . $hesklang['check_spambox'];
    hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS');
    exit;
}
Beispiel #8
0
function hesk_kbLatestArticles($how_many, $index = 1)
{
    global $hesk_settings, $hesklang;
    // Index page or KB main page?
    if ($index) {
        // Disabled?
        if (!$hesk_settings['kb_index_latest']) {
            return true;
        }
        // Show title in italics
        $font_weight = 'i';
    } else {
        // Disabled?
        if (!$hesk_settings['kb_latest']) {
            return true;
        }
        // Show title in bold
        $font_weight = 'b';
        // Print a line for spacing if we don't show popular articles
        if (!$hesk_settings['kb_popart']) {
            echo '<hr />';
        }
    }
    ?>

    <table border="0" width="100%">
	<tr>
	<td>&raquo; <<?php 
    echo $font_weight;
    ?>
><?php 
    echo $hesklang['latart'];
    ?>
</<?php 
    echo $font_weight;
    ?>
></td>

	<?php 
    /* Show number of views? */
    if ($hesk_settings['kb_date']) {
        echo '<td style="text-align:right"><i>' . $hesklang['dta'] . '</i></td>';
    }
    ?>

	</tr>
	</table>

	<?php 
    /* Get list of articles from the database */
    $res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`subject`,`t1`.`dt` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t1`\r\n\t\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`\r\n\t\t\tWHERE `t1`.`type`='0' AND `t2`.`type`='0'\r\n\t\t\tORDER BY `t1`.`dt` DESC LIMIT " . intval($how_many));
    /* If no results found end here */
    if (hesk_dbNumRows($res) == 0) {
        echo '<p><i>' . $hesklang['noa'] . '</i><br />&nbsp;</p>';
        return true;
    }
    /* We have some results, print them out */
    ?>
    <div align="center">
    <table border="0" cellspacing="1" cellpadding="3" width="100%">
    <?php 
    while ($article = hesk_dbFetchAssoc($res)) {
        echo '
		<tr>
		<td>
		<table border="0" width="100%" cellspacing="0" cellpadding="0">
		<tr>
		<td width="1" valign="top"><img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" /></td>
		<td valign="top">&nbsp;<a href="knowledgebase.php?article=' . $article['id'] . '">' . $article['subject'] . '</a></td>
		';
        if ($hesk_settings['kb_date']) {
            echo '<td valign="top" style="text-align:right" width="200">' . hesk_date($article['dt'], true) . '</td>';
        }
        echo '
		</tr>
		</table>
		</td>
		</tr>
		';
    }
    ?>

    </table>
    </div>

    &nbsp;

    <?php 
}
Beispiel #9
0
function update_user()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    $_SESSION['save_userdata'] = TRUE;
    $tmp = intval(hesk_POST('userid')) or hesk_error("{$hesklang['int_error']}: {$hesklang['no_valid_id']}");
    /* To edit self fore using "Profile" page */
    if ($tmp == $_SESSION['id']) {
        hesk_process_messages($hesklang['eyou'], 'profile.php', 'NOTICE');
    }
    $_SERVER['PHP_SELF'] = './manage_users.php?a=edit&id=' . $tmp;
    $myuser = hesk_validateUserInfo(0, $_SERVER['PHP_SELF']);
    $myuser['id'] = $tmp;
    /* If can't view assigned changes this */
    if (in_array('can_view_unassigned', $myuser['features'])) {
        $sql_where = "";
    } else {
        $sql_where = " , `notify_new_unassigned`='0', `notify_reply_unassigned`='0' ";
    }
    /* Check for duplicate usernames */
    $res = hesk_dbQuery("SELECT `id`,`isadmin`,`categories`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
    if (hesk_dbNumRows($res) == 1) {
        $tmp = hesk_dbFetchAssoc($res);
        /* Duplicate? */
        if ($tmp['id'] != $myuser['id']) {
            hesk_process_messages($hesklang['duplicate_user'], $_SERVER['PHP_SELF']);
        }
        /* Do we have permission to edit this user? */
        if (!compare_user_permissions($tmp['id'], $tmp['isadmin'], explode(',', $tmp['categories']), explode(',', $tmp['heskprivileges']))) {
            hesk_process_messages($hesklang['npea'], 'manage_users.php');
        }
    }
    /* Admins will have access to all features and categories */
    if ($myuser['isadmin']) {
        $myuser['categories'] = '';
        $myuser['features'] = '';
    } else {
        /* Categories and Features will be stored as a string */
        $myuser['categories'] = implode(',', $myuser['categories']);
        $myuser['features'] = implode(',', $myuser['features']);
        /* Unassign tickets from categories that the user had access before but doesn't anymore */
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser['id']) . "' AND `category` NOT IN (" . $myuser['categories'] . ")");
    }
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n    `user`='" . hesk_dbEscape($myuser['user']) . "',\r\n    `name`='" . hesk_dbEscape($myuser['name']) . "',\r\n    `email`='" . hesk_dbEscape($myuser['email']) . "',\r\n    `signature`='" . hesk_dbEscape($myuser['signature']) . "'," . (isset($myuser['pass']) ? "`pass`='" . hesk_dbEscape($myuser['pass']) . "'," : '') . "\r\n    `categories`='" . hesk_dbEscape($myuser['categories']) . "',\r\n    `isadmin`='" . intval($myuser['isadmin']) . "',\r\n    `autoassign`='" . intval($myuser['autoassign']) . "',\r\n    `heskprivileges`='" . hesk_dbEscape($myuser['features']) . "'\r\n    {$sql_where}\r\n    WHERE `id`='" . intval($myuser['id']) . "' LIMIT 1");
    unset($_SESSION['save_userdata']);
    unset($_SESSION['userdata']);
    hesk_process_messages($hesklang['user_profile_updated_success'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
Beispiel #10
0
function hesk_isLoggedIn()
{
    global $hesk_settings;
    $referer = hesk_input($_SERVER['REQUEST_URI']);
    $referer = str_replace('&amp;', '&', $referer);
    if (empty($_SESSION['id'])) {
        if ($hesk_settings['autologin'] && hesk_autoLogin(1)) {
            // Users online
            if ($hesk_settings['online']) {
                require HESK_PATH . 'inc/users_online.inc.php';
                hesk_initOnline($_SESSION['id']);
            }
            return true;
        }
        // Some pages cannot be redirected to
        $modify_redirect = array('admin_reply_ticket.php' => 'admin_main.php', 'admin_settings_save.php' => 'admin_settings.php', 'delete_tickets.php' => 'admin_main.php', 'move_category.php' => 'admin_main.php', 'priority.php' => 'admin_main.php');
        foreach ($modify_redirect as $from => $to) {
            if (strpos($referer, $from) !== false) {
                $referer = $to;
            }
        }
        $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
        header('Location: ' . $url);
        exit;
    } else {
        hesk_session_regenerate_id();
        // Need to update permissions?
        if (empty($_SESSION['isadmin'])) {
            $res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
            if (hesk_dbNumRows($res) == 1) {
                $me = hesk_dbFetchAssoc($res);
                foreach ($me as $k => $v) {
                    $_SESSION[$k] = $v;
                }
                // Get allowed categories
                if (empty($_SESSION['isadmin'])) {
                    $_SESSION['categories'] = explode(',', $_SESSION['categories']);
                }
            } else {
                hesk_session_stop();
                $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
                header('Location: ' . $url);
                exit;
            }
        }
        // Users online
        if ($hesk_settings['online']) {
            require HESK_PATH . 'inc/users_online.inc.php';
            hesk_initOnline($_SESSION['id']);
        }
        return true;
    }
}
Beispiel #11
0
function forgot_tid()
{
    global $hesk_settings, $hesklang;
    require HESK_PATH . 'inc/email_functions.inc.php';
    $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
    /* Prepare ticket statuses */
    $my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']);
    /* Get ticket(s) from database */
    hesk_load_database_functions();
    hesk_dbConnect();
    // Get tickets from the database
    $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC ');
    $num = hesk_dbNumRows($res);
    if ($num < 1) {
        if ($hesk_settings['open_only']) {
            hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email);
        } else {
            hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email);
        }
    }
    $tid_list = '';
    $name = '';
    $email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : '';
    while ($my_ticket = hesk_dbFetchAssoc($res)) {
        $name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0);
        $tid_list .= "\r\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\r\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\r\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\r\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\r\n";
    }
    /* Get e-mail message for customer */
    $msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1);
    $msg = str_replace('%%NAME%%', $name, $msg);
    $msg = str_replace('%%NUM%%', $num, $msg);
    $msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg);
    $msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg);
    $msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
    $subject = hesk_getEmailSubject('forgot_ticket_id');
    /* Send e-mail */
    hesk_mail($email, $subject, $msg);
    /* Show success message */
    $tmp = '<b>' . $hesklang['tid_sent'] . '!</b>';
    $tmp .= '<br />&nbsp;<br />' . $hesklang['tid_sent2'] . '.';
    $tmp .= '<br />&nbsp;<br />' . $hesklang['check_spambox'];
    hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS');
    exit;
    /* Print header */
    $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['tid_sent'];
    require_once HESK_PATH . 'inc/header.inc.php';
    ?>

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="3"><img src="img/headerleftsm.jpg" width="3" height="25" alt="" /></td>
<td class="headersm"><?php 
    hesk_showTopBar($hesklang['tid_sent']);
    ?>
</td>
<td width="3"><img src="img/headerrightsm.jpg" width="3" height="25" alt="" /></td>
</tr>
</table>

<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><span class="smaller"><a href="<?php 
    echo $hesk_settings['site_url'];
    ?>
" class="smaller"><?php 
    echo $hesk_settings['site_title'];
    ?>
</a> &gt;
<a href="<?php 
    echo $hesk_settings['hesk_url'];
    ?>
" class="smaller"><?php 
    echo $hesk_settings['hesk_title'];
    ?>
</a>
&gt; <?php 
    echo $hesklang['tid_sent'];
    ?>
</span></td>
</tr>
</table>

</td>
</tr>
<tr>
<td>

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
	<td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
	<td class="roundcornerstop"></td>
	<td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
	<td class="roundcornersleft">&nbsp;</td>
	<td>

	<p>&nbsp;</p>
	<p align="center"><?php 
    echo $hesklang['tid_sent2'];
    ?>
</p>
	<p align="center"><b><?php 
    echo $hesklang['check_spambox'];
    ?>
</b></p>
	<p>&nbsp;</p>
	<p align="center"><a href="<?php 
    echo $hesk_settings['hesk_url'];
    ?>
"><?php 
    echo $hesk_settings['hesk_title'];
    ?>
</a></p>
	<p>&nbsp;</p>

	</td>
	<td class="roundcornersright">&nbsp;</td>
</tr>
<tr>
	<td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
	<td class="roundcornersbottom"></td>
	<td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>

	<?php 
}
Beispiel #12
0
function checkForIpOrEmailBans()
{
    global $hesk_settings;
    hesk_dbConnect();
    $banRS = executeQuery("SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "denied_emails`\n                        UNION ALL SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "denied_ips`");
    return hesk_dbNumRows($banRS);
}
Beispiel #13
0
function hesk_getOwnerName($id)
{
    global $hesk_settings, $hesklang;
    if (empty($id)) {
        return $hesklang['unas'];
    }
    // If we already have the name no need to query DB another time
    if (isset($hesk_settings['user_data'][$id]['name'])) {
        return $hesk_settings['user_data'][$id]['name'];
    }
    $res = hesk_dbQuery("SELECT `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($id) . "' LIMIT 1");
    if (hesk_dbNumRows($res) != 1) {
        return $hesklang['unas'];
    }
    $hesk_settings['user_data'][$id]['name'] = hesk_dbResult($res, 0, 0);
    return $hesk_settings['user_data'][$id]['name'];
}
Beispiel #14
0
function hesk_show_kb_category($catid, $is_search = 0)
{
    global $hesk_settings, $hesklang;
    $res = hesk_dbQuery("SELECT `name`,`parent` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` WHERE `id`='{$catid}' AND `type`='0' LIMIT 1");
    $thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']);
    if ($is_search == 0) {
        /* Print header */
        $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . hesk_htmlspecialchars($thiscat['name']);
        require_once HESK_PATH . 'inc/header.inc.php';
        hesk_kb_header($hesk_settings['kb_link']);
        // If we are in "Knowledgebase only" mode show system messages
        if ($catid == 1 && hesk_check_kb_only(false)) {
            // Service messages
            $res = hesk_dbQuery('SELECT `title`, `message`, `style` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `type`='0' ORDER BY `order` ASC");
            while ($sm = hesk_dbFetchAssoc($res)) {
                hesk_service_message($sm);
            }
        }
    }
    if ($thiscat['parent']) {
        $link = $thiscat['parent'] == 1 ? 'knowledgebase.php' : 'knowledgebase.php?category=' . $thiscat['parent'];
        echo '<span class="homepageh3">&raquo; ' . $hesklang['kb_cat'] . ': ' . $thiscat['name'] . '</span>
        &nbsp;(<a href="javascript:history.go(-1)">' . $hesklang['back'] . '</a>)
		';
    }
    $result = hesk_dbQuery("SELECT `id`,`name`,`articles` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` WHERE `parent`='{$catid}' AND `type`='0' ORDER BY `cat_order` ASC");
    if (hesk_dbNumRows($result) > 0) {
        ?>

		<p>&raquo; <b><?php 
        echo $hesklang['kb_cat_sub'];
        ?>
:</b></p>

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
	<td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
	<td class="roundcornerstop"></td>
	<td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
	<td class="roundcornersleft">&nbsp;</td>
	<td>

		<table border="0" cellspacing="1" cellpadding="3" width="100%">

		<?php 
        $per_col = $hesk_settings['kb_cols'];
        $i = 1;
        while ($cat = hesk_dbFetchAssoc($result)) {
            if ($i == 1) {
                echo '<tr>';
            }
            echo '
		    <td width="50%" valign="top">
			<table border="0">
			<tr><td><img src="img/folder.gif" width="20" height="20" alt="" style="vertical-align:middle" /><a href="knowledgebase.php?category=' . $cat['id'] . '">' . $cat['name'] . '</a></td></tr>
			';
            /* Print most popular/sticky articles */
            if ($hesk_settings['kb_numshow'] && $cat['articles']) {
                $res = hesk_dbQuery("SELECT `id`,`subject` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='{$cat['id']}' AND `type`='0' ORDER BY `sticky` DESC, `views` DESC, `art_order` ASC LIMIT " . (intval($hesk_settings['kb_numshow']) + 1));
                $num = 1;
                while ($art = hesk_dbFetchAssoc($res)) {
                    echo '
		            <tr>
		            <td><img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" />
		            <a href="knowledgebase.php?article=' . $art['id'] . '" class="article">' . $art['subject'] . '</a></td>
		            </tr>';
                    if ($num == $hesk_settings['kb_numshow']) {
                        break;
                    } else {
                        $num++;
                    }
                }
                if (hesk_dbNumRows($res) > $hesk_settings['kb_numshow']) {
                    echo '<tr><td>&raquo; <a href="knowledgebase.php?category=' . $cat['id'] . '"><i>' . $hesklang['m'] . '</i></a></td></tr>';
                }
            }
            echo '
			</table>
		    </td>
			';
            if ($i == $per_col) {
                echo '</tr>';
                $i = 0;
            }
            $i++;
        }
        /* Finish the table if needed */
        if ($i != 1) {
            for ($j = 1; $j <= $per_col; $j++) {
                echo '<td width="50%">&nbsp;</td>';
                if ($i == $per_col) {
                    echo '</tr>';
                    break;
                }
                $i++;
            }
        }
        ?>
		</table>

	</td>
	<td class="roundcornersright">&nbsp;</td>
</tr>
<tr>
	<td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
	<td class="roundcornersbottom"></td>
	<td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>

	<?php 
    }
    // END if NumRows > 0
    ?>

	<p>&raquo; <b><?php 
    echo $hesklang['ac'];
    ?>
</b></p>

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
	<td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
	<td class="roundcornerstop"></td>
	<td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
	<td class="roundcornersleft">&nbsp;</td>
	<td>

	<?php 
    $res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, " . max(200, $hesk_settings['kb_substrart'] * 2) . ") AS `content`, `rating` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='{$catid}' AND `type`='0' ORDER BY `sticky` DESC, `art_order` ASC");
    if (hesk_dbNumRows($res) == 0) {
        echo '<p><i>' . $hesklang['noac'] . '</i></p>';
    } else {
        echo '<div align="center"><table border="0" cellspacing="1" cellpadding="3" width="100%">';
        while ($article = hesk_dbFetchAssoc($res)) {
            $txt = hesk_kbArticleContentPreview($article['content']);
            if ($hesk_settings['kb_rating']) {
                $alt = $article['rating'] ? sprintf($hesklang['kb_rated'], sprintf("%01.1f", $article['rating'])) : $hesklang['kb_not_rated'];
                $rat = '<td width="1" valign="top"><img src="img/star_' . hesk_round_to_half($article['rating']) * 10 . '.png" width="85" height="16" alt="' . $alt . '" title="' . $alt . '" border="0" style="vertical-align:text-bottom" /></td>';
            } else {
                $rat = '';
            }
            echo '
				<tr>
				<td>
	                <table border="0" width="100%" cellspacing="0" cellpadding="1">
	                <tr>
	                <td width="1" valign="top"><img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" /></td>
	                <td valign="top"><a href="knowledgebase.php?article=' . $article['id'] . '">' . $article['subject'] . '</a></td>
	                ' . $rat . '
                    </tr>
	                </table>
	                <table border="0" width="100%" cellspacing="0" cellpadding="1">
	                <tr>
	                <td width="1" valign="top"><img src="img/blank.gif" width="16" height="10" style="vertical-align:middle" alt="" /></td>
	                <td><span class="article_list">' . $txt . '</span></td>
                    </tr>
	                </table>
	            </td>
				</tr>';
        }
        echo '</table></div>';
    }
    ?>

	</td>
	<td class="roundcornersright">&nbsp;</td>
</tr>
<tr>
	<td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
	<td class="roundcornersbottom"></td>
	<td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>

	<?php 
    /* On the main KB page print out top and latest articles if needed */
    if ($catid == 1) {
        /* Get list of top articles */
        hesk_kbTopArticles($hesk_settings['kb_popart'], 0);
        /* Get list of latest articles */
        hesk_kbLatestArticles($hesk_settings['kb_latest'], 0);
    }
}
Beispiel #15
0
            hesk_mail($email, $hesklang['reset_password'], $msg);
            // Show success
            hesk_process_messages($hesklang['pemls'], 'NOREDIRECT', 'SUCCESS');
        }
    }
} elseif (isset($_GET['h'])) {
    // Get the hash
    $hash = preg_replace('/[^a-zA-Z0-9]/', '', $_GET['h']);
    // Connect to database
    hesk_load_database_functions();
    hesk_dbConnect();
    // Expire verification hashes older than 2 hours
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` WHERE `dt` < (NOW() - INTERVAL 2 HOUR)");
    // Verify the hash exists
    $res = hesk_dbQuery("SELECT `user`, `ip` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` WHERE `hash` = '{$hash}' LIMIT 1");
    if (hesk_dbNumRows($res) != 1) {
        // Not a valid hash
        hesk_limitBfAttempts();
        hesk_process_messages($hesklang['ehash'], 'NOREDIRECT');
    } else {
        // Get info from database
        $row = hesk_dbFetchAssoc($res);
        // Only allow resetting password from the same IP address that submitted password reset request
        if ($row['ip'] != $_SERVER['REMOTE_ADDR']) {
            hesk_limitBfAttempts();
            hesk_process_messages($hesklang['ehaip'], 'NOREDIRECT');
        } else {
            // Expire all verification hashes for this user
            hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` WHERE `user`=" . intval($row['user']));
            // Load additional required functions
            require HESK_PATH . 'inc/admin_functions.inc.php';
Beispiel #16
0
function delete_kb_attachments($attachments)
{
    global $hesk_settings, $hesklang;
    // If nothing to delete just return
    if (empty($attachments)) {
        return true;
    }
    // Do the delete
    $att = explode(',', substr($attachments, 0, -1));
    foreach ($att as $myatt) {
        list($att_id, $att_name) = explode('#', $myatt);
        // Get attachment saved name
        $result = hesk_dbQuery("SELECT `saved_name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
        if (hesk_dbNumRows($result) == 1) {
            $file = hesk_dbFetchAssoc($result);
            hesk_unlink(HESK_PATH . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
        }
        $result = hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
    }
    return true;
}
Beispiel #17
0
else {return false;}
}
//-->
</script>

<?php 
/* This will handle error, success and notice messages */
hesk_handle_messages();
// Get canned responses from database
$result = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'ticket_templates` ORDER BY `tpl_order` ASC');
$options = '';
$javascript_messages = '';
$javascript_titles = '';
$i = 1;
$j = 0;
$num = hesk_dbNumRows($result);
if ($num < 1) {
    echo '<p>' . $hesklang['no_ticket_tpl'] . '</p>';
} else {
    ?>
	<div align="center">
	<table border="0" cellspacing="1" cellpadding="3" class="white" width="100%">
	<tr>
	<th class="admin_white" style="text-align:left"><b><i><?php 
    echo $hesklang['ticket_tpl_title'];
    ?>
</i></b></th>
	<th class="admin_white" style="width:80px"><b><i>&nbsp;<?php 
    echo $hesklang['opt'];
    ?>
&nbsp;</i></b></th>
Beispiel #18
0
// Do we allow customer to select priority?
if ($hesk_settings['cust_urgency']) {
    $tmpvar['priority'] = intval(hesk_POST('priority'));
    // We don't allow customers select "Critical". If priority is not valid set it to "low".
    if ($tmpvar['priority'] < 1 || $tmpvar['priority'] > 3) {
        // If we are showing "Click to select" priority needs to be selected
        if ($hesk_settings['select_pri']) {
            $tmpvar['priority'] = -1;
            $hesk_error_buffer['priority'] = $hesklang['select_priority'];
        } else {
            $tmpvar['priority'] = 3;
        }
    }
} else {
    $res = hesk_dbQuery("SELECT `priority` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`=" . intval($tmpvar['category']));
    if (hesk_dbNumRows($res) == 1) {
        $tmpvar['priority'] = intval(hesk_dbResult($res));
    } else {
        $tmpvar['priority'] = 3;
    }
}
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer['message'] = $hesklang['enter_message'];
$tmpvar['contract_ticket_id'] = hesk_input(hesk_POST('contract_name'));
$tmpvar['company_ticket_id'] = hesk_input(hesk_POST('company_name'));
// Is category a valid choice?
if ($tmpvar['category']) {
    hesk_verifyCategory();
    // Is auto-assign of tickets disabled in this category?
    if (empty($hesk_settings['category_data'][$tmpvar['category']]['autoassign'])) {
        $hesk_settings['autoassign'] = false;
Beispiel #19
0
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Print XML header */
header('Content-Type: text/html; charset=' . $hesklang['ENCODING']);
/* Get the search query composed of the subject and message */
$query = hesk_REQUEST('q') or die('');
/* Get relevant articles from the database, include private ones */
$res = hesk_dbQuery("SELECT `id`, `subject`, `content` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('" . hesk_dbEscape($query) . "') LIMIT " . intval($hesk_settings['kb_search_limit']));
$num = hesk_dbNumRows($res);
/* Solve some spacing issues */
if (hesk_isREQUEST('p')) {
    echo '&nbsp;<br />';
}
/* Return found articles */
?>
<div class="conatiner notice">
<span style="font-size:12px;font-weight:bold"><?php 
echo $hesklang['sc'];
?>
:</span><br />&nbsp;<br />
    <?php 
if (!$num) {
    echo '<i>' . $hesklang['nsfo'] . '</i>';
} else {
Beispiel #20
0
function hesk_fullyDeleteTicket()
{
    global $hesk_settings, $hesklang, $ticket;
    /* Delete attachment files */
    $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
    if (hesk_dbNumRows($res)) {
        $hesk_settings['server_path'] = dirname(dirname(__FILE__));
        while ($file = hesk_dbFetchAssoc($res)) {
            hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
        }
    }
    /* Delete attachments info from the database */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
    /* Delete the ticket */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($ticket['id']) . "'");
    /* Delete replies to the ticket */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "'");
    /* Delete ticket notes */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `ticket`='" . intval($ticket['id']) . "'");
    return true;
}
Beispiel #21
0
function rename_cat()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    $_SERVER['PHP_SELF'] = 'manage_categories.php?catid=' . intval(hesk_POST('catid'));
    $catid = hesk_isNumber(hesk_POST('catid'), $hesklang['choose_cat_ren'], $_SERVER['PHP_SELF']);
    $_SESSION['selcat'] = $catid;
    $_SESSION['selcat2'] = $catid;
    $catname = hesk_input(hesk_POST('name'), $hesklang['cat_ren_name'], $_SERVER['PHP_SELF']);
    $_SESSION['catname2'] = $catname;
    $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `name` LIKE '" . hesk_dbEscape(hesk_dbLike($catname)) . "' LIMIT 1");
    if (hesk_dbNumRows($res) != 0) {
        $old = hesk_dbFetchAssoc($res);
        if ($old['id'] == $catid) {
            hesk_process_messages($hesklang['noch'], $_SERVER['PHP_SELF'], 'NOTICE');
        } else {
            hesk_process_messages($hesklang['cndupl'], $_SERVER['PHP_SELF']);
        }
    }
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `name`='" . hesk_dbEscape($catname) . "' WHERE `id`='" . intval($catid) . "' LIMIT 1");
    unset($_SESSION['selcat']);
    unset($_SESSION['catname2']);
    hesk_process_messages($hesklang['cat_renamed_to'] . ' <i>' . stripslashes($catname) . '</i>', $_SERVER['PHP_SELF'], 'SUCCESS');
}
Beispiel #22
0
if ($print_table) {
    echo '</table>';
    $print_table = 0;
}
?>
				<!-- END CUSTOM BEFORE -->

				<!-- ticket info -->
				<div class="form-group ticket-info">
					<?php 
// Lets handle ticket templates
$can_options = '';
// Get ticket templates from the database
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` ORDER BY `tpl_order` ASC");
// If we have any templates print them out
if (hesk_dbNumRows($res)) {
    ?>
						<script language="javascript" type="text/javascript"><!--
						// -->
						var myMsgTxt = new Array();
						var mySubjectTxt = new Array();
						myMsgTxt[0]='';
						mySubjectTxt[0]='';

						<?php 
    while ($mysaved = hesk_dbFetchRow($res)) {
        $can_options .= '<option value="' . $mysaved[0] . '">' . $mysaved[1] . "</option>\n";
        echo 'myMsgTxt[' . $mysaved[0] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved[2])) . "';\n";
        echo 'mySubjectTxt[' . $mysaved[0] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved[1])) . "';\n";
    }
    ?>
Beispiel #23
0
/* Get details about the original ticket */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='{$trackingID}' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
    hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($res);
/* If we require e-mail to view tickets check if it matches the one in database */
hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']);
/* Ticket locked? */
if ($ticket['locked']) {
    hesk_process_messages($hesklang['tislock2'], 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999));
    exit;
}
// Prevent flooding ticket replies
$res = hesk_dbQuery("SELECT `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='{$ticket['id']}' AND `dt` > DATE_SUB(NOW(), INTERVAL 10 MINUTE) ORDER BY `id` ASC");
if (hesk_dbNumRows($res) > 0) {
    $sequential_customer_replies = 0;
    while ($tmp = hesk_dbFetchAssoc($res)) {
        $sequential_customer_replies = $tmp['staffid'] ? 0 : $sequential_customer_replies + 1;
    }
    if ($sequential_customer_replies > 10) {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` (`ip`, `number`) VALUES ('" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "', " . intval($hesk_settings['attempt_limit'] + 1) . ")");
        hesk_error(sprintf($hesklang['yhbr'], $hesk_settings['attempt_banmin']), 0);
    }
}
/* Insert attachments */
if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
    foreach ($attachments as $myatt) {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('{$trackingID}','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
        $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
    }
Beispiel #24
0
function do_login()
{
    global $hesk_settings, $hesklang;
    $hesk_error_buffer = array();
    $user = hesk_input(hesk_POST('user'));
    if (empty($user)) {
        $myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
        $hesk_error_buffer['user'] = $myerror;
    }
    define('HESK_USER', $user);
    $pass = hesk_input(hesk_POST('pass'));
    if (empty($pass)) {
        $hesk_error_buffer['pass'] = $hesklang['enter_pass'];
    }
    if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
        // Using ReCaptcha?
        if ($hesk_settings['recaptcha_use'] == 1) {
            require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
            $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
            if ($resp->is_valid) {
                $_SESSION['img_a_verified'] = true;
            } else {
                $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
            }
        } elseif ($hesk_settings['recaptcha_use'] == 2) {
            require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php';
            $resp = null;
            $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
            // Was there a reCAPTCHA response?
            if (isset($_POST["g-recaptcha-response"])) {
                $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
            }
            if ($resp != null && $resp->success) {
                $_SESSION['img_a_verified'] = true;
            } else {
                $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
            }
        } else {
            $mysecnum = intval(hesk_POST('mysecnum', 0));
            if (empty($mysecnum)) {
                $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
            } else {
                require HESK_PATH . 'inc/secimg.inc.php';
                $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
                if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
                    $_SESSION['img_a_verified'] = true;
                } else {
                    $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
                }
            }
        }
    }
    /* Any missing fields? */
    if (count($hesk_error_buffer) != 0) {
        $_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
        $tmp = '';
        foreach ($hesk_error_buffer as $error) {
            $tmp .= "<li>{$error}</li>\n";
        }
        $hesk_error_buffer = $tmp;
        $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
        print_login();
        exit;
    } elseif (isset($_SESSION['img_a_verified'])) {
        unset($_SESSION['img_a_verified']);
    }
    /* User entered all required info, now lets limit brute force attempts */
    hesk_limitBfAttempts();
    $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('user', 'pass');
        hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
        print_login();
        exit;
    }
    $res = hesk_dbFetchAssoc($result);
    foreach ($res as $k => $v) {
        $_SESSION[$k] = $v;
    }
    /* Check password */
    if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('pass');
        hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
        print_login();
        exit;
    }
    $pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
    /* Check if default password */
    if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
        hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
    }
    // Set a tag that will be used to expire sessions after username or password change
    $_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
    // We don't need the password hash anymore
    unset($_SESSION['pass']);
    /* Login successful, clean brute force attempts */
    hesk_cleanBfAttempts();
    /* Make sure our user is active */
    if (!$_SESSION['active']) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('active');
        hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT');
        print_login();
        exit;
    }
    /* Regenerate session ID (security) */
    hesk_session_regenerate_id();
    /* Remember username? */
    if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
        setcookie('hesk_username', "{$user}", strtotime('+1 year'));
        setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
    } elseif (hesk_POST('remember_user') == 'JUSTUSER') {
        setcookie('hesk_username', "{$user}", strtotime('+1 year'));
        setcookie('hesk_p', '');
    } else {
        // Expire cookie if set otherwise
        setcookie('hesk_username', '');
        setcookie('hesk_p', '');
    }
    /* Close any old tickets here so Cron jobs aren't necessary */
    if ($hesk_settings['autoclose']) {
        $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
        $dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
        $closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
        $closedStatus = hesk_dbFetchAssoc($closedStatusRs);
        // Are we allowed to close tickets in this status?
        if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') {
            // Notify customer of closed ticket?
            if ($hesk_settings['notify_closed']) {
                // Get list of tickets
                $result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
                if (hesk_dbNumRows($result) > 0) {
                    global $ticket;
                    // Load required functions?
                    if (!function_exists('hesk_notifyCustomer')) {
                        require HESK_PATH . 'inc/email_functions.inc.php';
                    }
                    while ($ticket = hesk_dbFetchAssoc($result)) {
                        $ticket['dt'] = hesk_date($ticket['dt'], true);
                        $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
                        $ticket = hesk_ticketToPlain($ticket, 1, 0);
                        hesk_notifyCustomer('ticket_closed');
                    }
                }
            }
            // Update ticket statuses and history in database if we're allowed to do so
            $defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1');
            $defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs);
            hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
        }
    }
    /* Redirect to the destination page */
    header('Location: ' . hesk_verifyGoto());
    exit;
}
Beispiel #25
0
function edit_sm()
{
    global $hesk_settings, $hesklang;
    // Get service messageID
    $id = intval(hesk_GET('id')) or hesk_error($hesklang['sm_e_id']);
    // Get details from the database
    $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `id`={$id} LIMIT 1");
    if (hesk_dbNumRows($res) != 1) {
        hesk_error($hesklang['sm_not_found']);
    }
    $sm = hesk_dbFetchAssoc($res);
    $_SESSION['new_sm'] = $sm;
    $_SESSION['edit_sm'] = true;
    $hesklang['new_sm'] = $hesklang['edit_sm'];
}
Beispiel #26
0
function hesk_isEmailLoop($email, $message_hash)
{
    global $hesk_settings, $hesklang, $hesk_db_link;
    // If $hesk_settings['loop_hits'] is set to 0 this function is disabled
    if (!$hesk_settings['loop_hits']) {
        return false;
    }
    // Escape wildcards in email
    $email_like = hesk_dbEscape(hesk_dbLike($email));
    // Delete expired DB entries
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` WHERE `dt` < (NOW() - INTERVAL " . intval($hesk_settings['loop_time']) . " SECOND) ");
    // Check current entry
    $res = hesk_dbQuery("SELECT `hits`, `message_hash` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` WHERE `email` LIKE '{$email_like}' LIMIT 1");
    // Any active entry*
    if (hesk_dbNumRows($res)) {
        list($num, $md5) = hesk_dbFetchRow($res);
        $num++;
        // Number of emails in a time period reached?
        if ($num >= $hesk_settings['loop_hits']) {
            return true;
        }
        // Message exactly the same as in previous email?
        if ($message_hash == $md5) {
            return true;
        }
        // Update DB entry
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '" . hesk_dbEscape($message_hash) . "' WHERE `email` LIKE '{$email_like}' LIMIT 1");
    } else {
        // First instance, insert a new database row
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` (`email`, `message_hash`) VALUES ('" . hesk_dbEscape($email) . "', '" . hesk_dbEscape($message_hash) . "')");
    }
    // No loop rule trigered
    return false;
}
Beispiel #27
0
function hesk_isLoggedIn()
{
    global $hesk_settings;
    $referer = hesk_input($_SERVER['REQUEST_URI']);
    $referer = str_replace('&amp;', '&', $referer);
    if (empty($_SESSION['id']) || empty($_SESSION['session_verify'])) {
        if ($hesk_settings['autologin'] && hesk_autoLogin(1)) {
            // Users online
            if ($hesk_settings['online']) {
                require HESK_PATH . 'inc/users_online.inc.php';
                hesk_initOnline($_SESSION['id']);
            }
            return true;
        }
        hesk_session_stop();
        $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
        header('Location: ' . $url);
        exit;
    } else {
        hesk_session_regenerate_id();
        // Let's make sure access data is up-to-date
        $res = hesk_dbQuery("SELECT `user`, `pass`, `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
        // Exit if user not found
        if (hesk_dbNumRows($res) != 1) {
            hesk_session_stop();
            $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
            header('Location: ' . $url);
            exit;
        }
        // Fetch results from database
        $me = hesk_dbFetchAssoc($res);
        // Verify this session is still valid
        if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) {
            hesk_session_stop();
            $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
            header('Location: ' . $url);
            exit;
        }
        // Update session variables as needed
        if ($me['isadmin'] == 1) {
            $_SESSION['isadmin'] = 1;
        } else {
            $_SESSION['isadmin'] = 0;
            $_SESSION['categories'] = explode(',', $me['categories']);
            $_SESSION['heskprivileges'] = $me['heskprivileges'];
        }
        // Users online
        if ($hesk_settings['online']) {
            require HESK_PATH . 'inc/users_online.inc.php';
            hesk_initOnline($_SESSION['id']);
        }
        return true;
    }
}
Beispiel #28
0
function show_message()
{
    global $hesk_settings, $hesklang, $admins;
    $id = intval(hesk_GET('id'));
    /* Get the message details */
    $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "' LIMIT 1");
    $num = hesk_dbNumRows($res);
    if ($num) {
        $pm = hesk_dbFetchAssoc($res);
        /* Allowed to read the message? */
        if ($pm['to'] == $_SESSION['id']) {
            if (!isset($_SESSION['mail']['subject'])) {
                $_SESSION['mail']['subject'] = $hesklang['m_re'] . ' ' . $pm['subject'];
            }
            if (!isset($_SESSION['mail']['to'])) {
                $_SESSION['mail']['to'] = $pm['from'];
            }
        } elseif ($pm['from'] == $_SESSION['id']) {
            if (!isset($_SESSION['mail']['subject'])) {
                $_SESSION['mail']['subject'] = $hesklang['m_fwd'] . ' ' . $pm['subject'];
            }
            if (!isset($_SESSION['mail']['to'])) {
                $_SESSION['mail']['to'] = $pm['to'];
            }
            $hesk_settings['mailtmp']['this'] = 'from';
            $hesk_settings['mailtmp']['other'] = 'to';
            $hesk_settings['mailtmp']['m_from'] = $hesklang['m_to'];
            $hesk_settings['mailtmp']['outbox'] = '<b>' . $hesklang['outbox'] . '</b>';
            $hesk_settings['mailtmp']['inbox'] = '<a href="mail.php">' . $hesklang['inbox'] . '</a>';
            $hesk_settings['mailtmp']['outbox'] = '<a href="mail.php?folder=outbox">' . $hesklang['outbox'] . '</a>';
        } else {
            hesk_process_message($hesklang['m_ena'], 'mail.php');
        }
        /* Mark as read */
        if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read']) {
            $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' LIMIT 1");
        }
        $pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&amp;id=' . $pm[$hesk_settings['mailtmp']['other']] . '">' . $admins[$pm[$hesk_settings['mailtmp']['other']]] . '</a>' : ($pm['from'] == 9999 ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']);
        $pm['dt'] = hesk_dateToString($pm['dt'], 0, 1, 0, true);
        ?>

	<div class="container mail-from-user-table">
		<div>
			&nbsp;
			<div>

				<div class="form-inline mail-info-table">
					<div class="form-group mail-from-date-subject">
						<div class="form-inline">
							<span><b><?php 
        echo $hesk_settings['mailtmp']['m_from'];
        ?>
</b></span>
							<span><?php 
        echo $pm['name'];
        ?>
</span>
						</div>
						<div class="form-inline">
							<span><b><?php 
        echo $hesklang['date'];
        ?>
</b></span>
							<span><?php 
        echo $pm['dt'];
        ?>
</span>
						</div>
						<div class="form-inline">
							<span><b><?php 
        echo $hesklang['m_sub'];
        ?>
</b></span>
							<span><?php 
        echo $pm['subject'];
        ?>
</span>
						</div>
					</div><!-- end mail-from-date-subject -->
					<div class="form-group mail-icons" style="float: right;">

						<?php 
        $folder = '&amp;folder=outbox';
        if ($pm['to'] == $_SESSION['id']) {
            echo '<a href="mail.php?a=mark_unread&amp;id=' . $id . '&amp;token=' . hesk_token_echo(0) . '"><img src="../img/mail.png" width="16" height="16" alt="' . $hesklang['mau'] . '" title="' . $hesklang['mau'] . '" class="optionWhiteOFF" onmouseover="this.className=\'optionWhiteON\'" onmouseout="this.className=\'optionWhiteOFF\'" /></a> ';
            $folder = '';
        }
        echo '<a href="mail.php?a=delete&amp;id=' . $id . '&amp;token=' . hesk_token_echo(0) . $folder . '" onclick="return hesk_confirmExecute(\'' . hesk_makeJsString($hesklang['delm']) . '?\');"><img src="../img/delete.png" width="16" height="16" alt="' . $hesklang['delm'] . '" title="' . $hesklang['delm'] . '" class="optionWhiteOFF" onmouseover="this.className=\'optionWhiteON\'" onmouseout="this.className=\'optionWhiteOFF\'" /></a>';
        ?>

					</div><!-- end mail-icons -->
				</div>

			<br/><br/>

			<p><?php 
        echo strip_tags($pm['message']);
        ?>
</p>

			</div>
			&nbsp;
		</div>
	</div><!-- end mail-from-user-table -->

	<br /><br/><br/>


			<?php 
    }
    // END if $num
    $_SESSION['hide']['list'] = 1;
}
Beispiel #29
0
function hesk_show_kb_category($catid, $is_search = 0)
{
    global $hesk_settings, $hesklang;
    if ($is_search == 0) {
        /* Print header */
        require_once HESK_PATH . 'inc/header.inc.php';
        hesk_kb_header($hesk_settings['kb_link'], $catid);
        if ($catid == 1) {
            echo '<br/><div class="container priv-kb-text">' . $hesklang['priv'] . '</div><br/>';
        }
    }
    $res = hesk_dbQuery("SELECT `name`,`parent` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` WHERE `id`='" . intval($catid) . "' LIMIT 1");
    $thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']);
    if ($thiscat['parent']) {
        $link = $thiscat['parent'] == 1 ? 'knowledgebase_private.php' : 'knowledgebase_private.php?category=' . $thiscat['parent'];
        echo '<br/><div class="container homepageh3"> ' . $hesklang['kb_cat'] . ': ' . $thiscat['name'] . '</div><br/>
        <div class="container"><a href="javascript:history.go(-1)">' . '<button type="submit" class="btn btn-default goback-btn">' . $hesklang['back'] . '</button>' . '</a></div>
		';
    }
    $result = hesk_dbQuery("SELECT `id`,`name`,`articles`,`type` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` WHERE `parent`='" . intval($catid) . "' ORDER BY `parent` ASC, `cat_order` ASC");
    if (hesk_dbNumRows($result) > 0) {
        ?>

		<div class="container"><b><?php 
        echo $hesklang['kb_cat_sub'];
        ?>
:</b></div><br/>

	<div class="container">
		<?php 
        $per_col = $hesk_settings['kb_cols'];
        $i = 1;
        while ($cat = hesk_dbFetchAssoc($result)) {
            if ($i == 1) {
                echo '<tr>';
            }
            $private = $cat['type'] == 1 ? ' *' : '';
            echo '
		    <td width="50%" valign="top">
			<table border="0">
			<tr><td><img src="../img/folder.gif" width="20" height="20" alt="" style="vertical-align:middle" /><a href="knowledgebase_private.php?category=' . $cat['id'] . '">' . $cat['name'] . '</a>' . $private . '</td></tr>
			';
            /* Print most popular/sticky articles */
            if ($hesk_settings['kb_numshow'] && $cat['articles']) {
                $res = hesk_dbQuery("SELECT `id`,`subject`,`type` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($cat['id']) . "' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `views` DESC, `art_order` ASC LIMIT " . (intval($hesk_settings['kb_numshow']) + 1));
                $num = 1;
                while ($art = hesk_dbFetchAssoc($res)) {
                    $private = $art['type'] == 1 ? ' *' : '';
                    echo '
		            <tr>
		            <td><img src="../img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" />
		            <a href="knowledgebase_private.php?article=' . $art['id'] . '" class="article">' . $art['subject'] . '</a>' . $private . '</td>
		            </tr>';
                    if ($num == $hesk_settings['kb_numshow']) {
                        break;
                    } else {
                        $num++;
                    }
                }
                if (hesk_dbNumRows($res) > $hesk_settings['kb_numshow']) {
                    echo '<tr><td>&raquo; <a href="knowledgebase_private.php?category=' . $cat['id'] . '"><i>' . $hesklang['m'] . '</i></a></td></tr>';
                }
            }
            echo '
			</table>
		    </td>
			';
            if ($i == $per_col) {
                echo '</tr>';
                $i = 0;
            }
            $i++;
        }
        /* Finish the table if needed */
        if ($i != 1) {
            for ($j = 1; $j <= $per_col; $j++) {
                echo '<td width="50%">&nbsp;</td>';
                if ($i == $per_col) {
                    echo '</tr>';
                    break;
                }
                $i++;
            }
        }
        ?>
	</div>
	
	<?php 
    }
    // END if NumRows > 0
    ?>

	<br/>
	<div class="container articles_categ"><b><?php 
    echo $hesklang['ac'];
    ?>
</b></div>


	<div>
	<?php 
    $res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, " . max(200, $hesk_settings['kb_substrart'] * 2) . ") AS `content`, `rating`, `type` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `art_order` ASC");
    if (hesk_dbNumRows($res) == 0) {
        echo '<div class="container"><i>' . $hesklang['noac'] . '</i></div>';
    } else {
        echo '<div class="container table-responsive"><table class="table table-bordered" style="background-color: white;">';
        while ($article = hesk_dbFetchAssoc($res)) {
            $private = $article['type'] == 1 ? ' *' : '';
            $txt = hesk_kbArticleContentPreview($article['content']);
            echo '
				<tr>
				<td>
	                <table>
	                <tr>
	                <td width="1" valign="top"><img src="../img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" /></td>
	                <td valign="top"><a href="knowledgebase_private.php?article=' . $article['id'] . '">' . $article['subject'] . '</a>' . $private . '</td>
                    </tr>
	                </table>
	                <table border="0" width="100%" cellspacing="0" cellpadding="1">
	                <tr>
	                <td width="1" valign="top"><img src="../img/blank.gif" width="16" height="10" style="vertical-align:middle" alt="" /></td>
	                <td><span class="article_list" style="word-break: break-all;">' . $txt . '</span></td>
                    </tr>
	                </table>
	            </td>
				</tr>';
        }
        echo '</table></div>';
    }
    ?>

	</div>

<?php 
}
Beispiel #30
0
function hesk_printCanned()
{
    global $hesklang, $hesk_settings, $can_reply, $ticket, $admins;
    /* Can user reply to tickets? */
    if (!$can_reply) {
        return '';
    }
    /* Get canned replies from the database */
    $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` ORDER BY `reply_order` ASC");
    /* If no canned replies return empty */
    if (!hesk_dbNumRows($res)) {
        return '';
    }
    /* We do have some replies, print the required Javascript and select field options */
    $can_options = '';
    ?>
	<script language="javascript" type="text/javascript"><!--
    // -->
    var myMsgTxt = new Array();
	myMsgTxt[0]='';

	<?php 
    while ($mysaved = hesk_dbFetchRow($res)) {
        $can_options .= '<option value="' . $mysaved[0] . '">' . $mysaved[1] . "</option>\n";
        echo 'myMsgTxt[' . $mysaved[0] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved[2])) . "';\n";
    }
    ?>

	function setMessage(msgid)
    {
		var myMsg=myMsgTxt[msgid];

        if (myMsg == '')
        {
        	if (document.form1.mode[1].checked)
            {
				document.getElementById('message').value = '';
            }
            return true;
        }

		myMsg = myMsg.replace(/%%HESK_ID%%/g, '<?php 
    echo hesk_jsString($ticket['id']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_TRACKID%%/g, '<?php 
    echo hesk_jsString($ticket['trackid']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_TRACK_ID%%/g, '<?php 
    echo hesk_jsString($ticket['trackid']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_NAME%%/g, '<?php 
    echo hesk_jsString($ticket['name']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_EMAIL%%/g, '<?php 
    echo hesk_jsString($ticket['email']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_OWNER%%/g, '<?php 
    echo hesk_jsString(isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] : '');
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom1%%/g, '<?php 
    echo hesk_jsString($ticket['custom1']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom2%%/g, '<?php 
    echo hesk_jsString($ticket['custom2']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom3%%/g, '<?php 
    echo hesk_jsString($ticket['custom3']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom4%%/g, '<?php 
    echo hesk_jsString($ticket['custom4']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom5%%/g, '<?php 
    echo hesk_jsString($ticket['custom5']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom6%%/g, '<?php 
    echo hesk_jsString($ticket['custom6']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom7%%/g, '<?php 
    echo hesk_jsString($ticket['custom7']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom8%%/g, '<?php 
    echo hesk_jsString($ticket['custom8']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom9%%/g, '<?php 
    echo hesk_jsString($ticket['custom9']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom10%%/g, '<?php 
    echo hesk_jsString($ticket['custom10']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom11%%/g, '<?php 
    echo hesk_jsString($ticket['custom11']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom12%%/g, '<?php 
    echo hesk_jsString($ticket['custom12']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom13%%/g, '<?php 
    echo hesk_jsString($ticket['custom13']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom14%%/g, '<?php 
    echo hesk_jsString($ticket['custom14']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom15%%/g, '<?php 
    echo hesk_jsString($ticket['custom15']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom16%%/g, '<?php 
    echo hesk_jsString($ticket['custom16']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom17%%/g, '<?php 
    echo hesk_jsString($ticket['custom17']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom18%%/g, '<?php 
    echo hesk_jsString($ticket['custom18']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom19%%/g, '<?php 
    echo hesk_jsString($ticket['custom19']);
    ?>
');
		myMsg = myMsg.replace(/%%HESK_custom20%%/g, '<?php 
    echo hesk_jsString($ticket['custom20']);
    ?>
');

	    if (document.getElementById)
        {
			if (document.getElementById('moderep').checked)
            {
				document.getElementById('HeskMsg').innerHTML='<textarea name="message" id="message" rows="12" cols="72">'+myMsg+'</textarea>';
            }
            else
            {
            	var oldMsg = document.getElementById('message').value;
		        document.getElementById('HeskMsg').innerHTML='<textarea name="message" id="message" rows="12" cols="72">'+oldMsg+myMsg+'</textarea>';
            }
	    }
        else
        {
			if (document.form1.mode[0].checked)
            {
				document.form1.message.value=myMsg;
            }
            else
            {
            	var oldMsg = document.form1.message.value;
		        document.form1.message.value=oldMsg+myMsg;
            }
	    }

	}
	//-->
	</script>
    <?php 
    /* Return options for select box */
    return $can_options;
}