define('HESK_PATH', './');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
hesk_load_database_functions();
hesk_session_start();
/* Get the tracking ID */
$trackingID = hesk_cleanID() or die("{$hesklang['int_error']}: {$hesklang['no_trackID']}");
/* Connect to database */
hesk_dbConnect();
// Perform additional checks for customers
if (empty($_SESSION['id'])) {
// Are we in maintenance mode?
hesk_check_maintenance();
// Verify email address match
hesk_verifyEmailMatch($trackingID);
}
/* Get ticket info */
$res = hesk_dbQuery("SELECT `t1`.* , `t2`.name AS `repliername`\n\t\t\t\t\tFROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id`\n\t\t\t\t\tWHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($res);
// Demo mode
if (defined('HESK_DEMO')) {
$ticket['email'] = '*****@*****.**';
$ticket['ip'] = '127.0.0.1';
}
/* Get category name and ID */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='{$ticket['category']}' LIMIT 1");
/* If this category has been deleted use the default category with ID 1 */
$trackingID = $ticket['trackid'];
} else {
hesk_process_messages(sprintf($hesklang['tme1'], $trackingID, $ticket['trackid']) . '<br /><br />' . sprintf($hesklang['tme2'], $ticket['trackid']), 'NOREDIRECT', 'NOTICE');
$trackingID = $ticket['trackid'];
print_form();
}
} else {
/* Nothing found, error out */
hesk_process_messages($hesklang['ticket_not_found'], 'NOREDIRECT');
print_form();
}
} else {
/* We have a match, get ticket info */
$ticket = hesk_dbFetchAssoc($res);
/* If we require e-mail to view tickets check if it matches the one in database */
hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']);
}
/* Ticket exists, clean brute force attempts */
hesk_cleanBfAttempts();
/* Remember email address? */
if ($is_form) {
if (!empty($_GET['r'])) {
setcookie('hesk_myemail', $my_email, strtotime('+1 year'));
$do_remember = ' checked="checked" ';
} elseif (isset($_COOKIE['hesk_myemail'])) {
setcookie('hesk_myemail', '');
}
}
/* Set last replier name */
if ($ticket['lastreplier']) {
if (empty($ticket['repliername'])) {
$tic_id = hesk_cleanID() or die("{$hesklang['int_error']}: {$hesklang['no_trackID']}");
// Connect to database
hesk_dbConnect();
// Get attachment info
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
hesk_error($hesklang['id_not_valid'] . ' (att_id)');
}
$file = hesk_dbFetchAssoc($res);
// Is ticket ID valid for this attachment?
if ($file['ticket_id'] != $tic_id) {
hesk_error($hesklang['trackID_not_found']);
}
// Verify email address match if needed
if (empty($_SESSION['id'])) {
hesk_verifyEmailMatch($tic_id);
}
}
// Path of the file on the server
$realpath = $hesk_settings['attach_dir'] . '/' . $file['saved_name'];
// Perhaps the file has been deleted?
if (!file_exists($realpath)) {
hesk_error($hesklang['attdel']);
}
// Send the file as an attachment to prevent malicious code from executing
header("Pragma: ");
# To fix a bug in IE when running https
header("Cache-Control: ");
# To fix a bug in IE when running https
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');