function hesk_verifyGoto()
{
// Default redirect URL
$url_default = 'admin_main.php';
// If no "goto" parameter is set, redirect to the default page
if (!hesk_isREQUEST('goto')) {
return $url_default;
}
// Get the "goto" parameter
$url = hesk_REQUEST('goto');
// Fix encoded "&"
$url = str_replace('&', '&', $url);
// Parse the URL for verification
$url_parts = parse_url($url);
// The "path" part is required
if (!isset($url_parts['path'])) {
return $url_default;
}
// Extract the file name from path
$url = basename($url_parts['path']);
// Allowed files for redirect
$OK_urls = array('admin_main.php' => '', 'admin_settings.php' => '', 'admin_settings_save.php' => 'admin_settings.php', 'admin_ticket.php' => '', 'archive.php' => '', 'assign_owner.php' => '', 'change_status.php' => '', 'edit_post.php' => '', 'export.php' => '', 'find_tickets.php' => '', 'generate_spam_question.php' => '', 'knowledgebase_private.php' => '', 'lock.php' => '', 'mail.php' => '', 'manage_canned.php' => '', 'manage_categories.php' => '', 'manage_knowledgebase.php' => '', 'manage_users.php' => '', 'new_ticket.php' => '', 'profile.php' => '', 'reports.php' => '', 'show_tickets.php' => '');
// URL must match one of the allowed ones
if (!isset($OK_urls[$url])) {
return $url_default;
}
// Modify redirect?
if (strlen($OK_urls[$url])) {
$url = $OK_urls[$url];
}
// All OK, return the URL with query if set
return isset($url_parts['query']) ? $url . '?' . $url_parts['query'] : $url;
}
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', './');
// Get all the required files and functions
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
// Are we in maintenance mode?
hesk_check_maintenance();
// Are we in "Knowledgebase only" mode?
hesk_check_kb_only();
// What should we do?
$action = hesk_REQUEST('a');
switch ($action) {
case 'add':
hesk_session_start();
print_add_ticket();
break;
case 'forgot_tid':
hesk_session_start();
forgot_tid();
break;
default:
print_start();
}
// Print footer
require_once HESK_PATH . 'inc/footer.inc.php';
exit;
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_service_msg');
// Define required constants
define('LOAD_TABS', 1);
define('WYSIWYG', 1);
// What should we do?
if ($action = hesk_REQUEST('a')) {
if ($action == 'edit_sm') {
edit_sm();
} elseif (defined('HESK_DEMO')) {
hesk_process_messages($hesklang['ddemo'], 'service_messages.php', 'NOTICE');
} elseif ($action == 'new_sm') {
new_sm();
} elseif ($action == 'save_sm') {
save_sm();
} elseif ($action == 'order_sm') {
order_sm();
} elseif ($action == 'remove_sm') {
remove_sm();
}
}
/* Print header */
$is_reply = 0;
$tmpvar = array();
/* Get ticket info */
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
// Demo mode
if (defined('HESK_DEMO')) {
$ticket['email'] = '*****@*****.**';
}
/* Is this user allowed to view tickets inside this category? */
hesk_okCategory($ticket['category']);
if (hesk_isREQUEST('reply')) {
$tmpvar['id'] = intval(hesk_REQUEST('reply')) or die($hesklang['id_not_valid']);
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='{$tmpvar['id']}' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_error($hesklang['id_not_valid']);
}
$reply = hesk_dbFetchAssoc($result);
$ticket['message'] = $reply['message'];
$is_reply = 1;
}
if (isset($_POST['save'])) {
/* A security check */
hesk_token_check('POST');
$hesk_error_buffer = array();
if ($is_reply) {
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
if (count($hesk_error_buffer)) {
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Print XML header */
header('Content-Type: text/html; charset=' . $hesklang['ENCODING']);
/* Get the search query composed of the subject and message */
$query = hesk_REQUEST('q') or die('');
/* Get relevant articles from the database, include private ones */
$res = hesk_dbQuery("SELECT `id`, `subject`, `content` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('" . hesk_dbEscape($query) . "') LIMIT " . intval($hesk_settings['kb_search_limit']));
$num = hesk_dbNumRows($res);
/* Solve some spacing issues */
if (hesk_isREQUEST('p')) {
echo ' <br />';
}
/* Return found articles */
?>
<div class="conatiner notice">
<span style="font-size:12px;font-weight:bold"><?php
echo $hesklang['sc'];
?>
:</span><br /> <br />
<?php
function print_login()
{
global $hesk_settings, $hesklang;
// Tell header to load reCaptcha API if needed
if ($hesk_settings['recaptcha_use'] == 2) {
define('RECAPTCHA', 1);
}
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['admin_login'];
require_once HESK_PATH . 'inc/header.inc.php';
if (hesk_isREQUEST('notice')) {
hesk_process_messages($hesklang['session_expired'], 'NOREDIRECT');
}
if (!isset($_SESSION['a_iserror'])) {
$_SESSION['a_iserror'] = array();
}
?>
<div class="loginError"><?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
</div>
<div>
<div class="panel panel-default form-signin">
<div class="panel-heading">
<h4><span <?php
echo $iconDisplay;
?>
><span class="mega-octicon octicon-sign-in"></span> </span><?php
echo $hesklang['admin_login'];
?>
</a></h4>
</div>
<div class="panel-body">
<form class="form-signin form-horizontal" role="form" action="index.php" method="post" name="form1">
<?php
if (in_array('pass', $_SESSION['a_iserror'])) {
echo '<div class="form-group has-error">';
} else {
echo '<div class="form-group">';
}
?>
<label for="user" class="col-sm-4 control-label"><?php
echo $hesklang['username'];
?>
:</label>
<div class="col-sm-8">
<?php
if (defined('HESK_USER')) {
$savedUser = HESK_USER;
} else {
$savedUser = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
}
$is_1 = '';
$is_2 = '';
$is_3 = '';
$remember_user = hesk_POST('remember_user');
if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN')) {
$is_1 = 'checked="checked"';
} elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER') {
$is_2 = 'checked="checked"';
} else {
$is_3 = 'checked="checked"';
}
if ($hesk_settings['list_users']) {
echo '<select class="form-control" name="user">';
$res = hesk_dbQuery('SELECT `user` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` ORDER BY `user` ASC');
while ($row = hesk_dbFetchAssoc($res)) {
$sel = strtolower($savedUser) == strtolower($row['user']) ? 'selected="selected"' : '';
echo '<option value="' . $row['user'] . '" ' . $sel . '>' . $row['user'] . '</option>';
}
echo '</select>';
} else {
echo '<input class="form-control" type="text" name="user" size="35" placeholder="' . htmlspecialchars($hesklang['username']) . '" value="' . $savedUser . '" />';
}
?>
</div>
</div>
<?php
if (in_array('pass', $_SESSION['a_iserror'])) {
echo '<div class="form-group has-error">';
} else {
echo '<div class="form-group">';
}
?>
<label for="pass" class="col-sm-4 control-label"><?php
echo $hesklang['pass'];
?>
:</label>
<div class="col-sm-8">
<input type="password" class="form-control" id="pass" name="pass" size="35" placeholder="<?php
echo htmlspecialchars($hesklang['pass']);
?>
" />
</div>
</div>
<?php
if ($hesk_settings['secimg_use'] == 2) {
// SPAM prevention verified for this session
if (isset($_SESSION['img_a_verified'])) {
echo '<img src="' . HESK_PATH . 'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> ' . $hesklang['vrfy'];
} elseif ($hesk_settings['recaptcha_use'] == 1) {
?>
<script type="text/javascript">
var RecaptchaOptions = {
theme : '<?php
echo isset($_SESSION['a_iserror']) && in_array('mysecnum', $_SESSION['a_iserror']) ? 'red' : 'white';
?>
',
custom_translations : {
visual_challenge : "<?php
echo hesk_slashJS($hesklang['visual_challenge']);
?>
",
audio_challenge : "<?php
echo hesk_slashJS($hesklang['audio_challenge']);
?>
",
refresh_btn : "<?php
echo hesk_slashJS($hesklang['refresh_btn']);
?>
",
instructions_visual : "<?php
echo hesk_slashJS($hesklang['instructions_visual']);
?>
",
instructions_context : "<?php
echo hesk_slashJS($hesklang['instructions_context']);
?>
",
instructions_audio : "<?php
echo hesk_slashJS($hesklang['instructions_audio']);
?>
",
help_btn : "<?php
echo hesk_slashJS($hesklang['help_btn']);
?>
",
play_again : "<?php
echo hesk_slashJS($hesklang['play_again']);
?>
",
cant_hear_this : "<?php
echo hesk_slashJS($hesklang['cant_hear_this']);
?>
",
incorrect_try_again : "<?php
echo hesk_slashJS($hesklang['incorrect_try_again']);
?>
",
image_alt_text : "<?php
echo hesk_slashJS($hesklang['image_alt_text']);
?>
"
}
};
</script>
<?php
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">';
echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
echo '</div></div>';
} elseif ($hesk_settings['recaptcha_use'] == 2) {
?>
<div class="form-group">
<div class="col-md-8 col-md-offset-4">
<div class="g-recaptcha" data-sitekey="<?php
echo $hesk_settings['recaptcha_public_key'];
?>
"></div>
</div>
</div>
<?php
} else {
echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">';
$cls = in_array('mysecnum', $_SESSION['a_iserror']) ? ' class="isError" ' : '';
echo $hesklang['sec_enter'] . '<br /> <br /><img src="' . HESK_PATH . 'print_sec_img.php?' . rand(10000, 99999) . '" width="150" height="40" alt="' . $hesklang['sec_img'] . '" title="' . $hesklang['sec_img'] . '" border="1" name="secimg" style="vertical-align:text-bottom" /> ' . '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\'' . HESK_PATH . 'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="' . HESK_PATH . 'img/reload.png" height="24" width="24" alt="' . $hesklang['reload'] . '" title="' . $hesklang['reload'] . '" border="0" style="vertical-align:text-bottom" /></a>' . '<br /> <br /><input type="text" name="mysecnum" size="20" maxlength="5" ' . $cls . ' />';
echo '</div></div>';
}
}
// End if $hesk_settings['secimg_use'] == 2
if ($hesk_settings['autologin']) {
?>
<div class="form-group">
<div class="col-md-offset-4 col-md-8">
<div class="radio">
<label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php
echo $is_1;
?>
/> <?php
echo $hesklang['autologin'];
?>
</label>
</div>
<div class="radio">
<label><input type="radio" name="remember_user" value="JUSTUSER" <?php
echo $is_2;
?>
/> <?php
echo $hesklang['just_user'];
?>
</label>
</div>
<div class="radio">
<label><input type="radio" name="remember_user" value="NOTHANKS" <?php
echo $is_3;
?>
/> <?php
echo $hesklang['nothx'];
?>
</label>
</div>
</div>
</div>
<?php
} else {
?>
<div class="form-group">
<div class="col-md-offset-4 col-md-8">
<div class="checkbox">
<label><input type="checkbox" name="remember_user" value="JUSTUSER" <?php
echo $is_2;
?>
/> <?php
echo $hesklang['remember_user'];
?>
</label>
</div>
</div>
</div>
<?php
}
// End if $hesk_settings['autologin']
?>
<div class="form-group">
<div class="col-md-offset-4 col-md-8">
<input type="submit" value="<?php
echo $hesklang['click_login'];
?>
" class="btn btn-default" />
<input type="hidden" name="a" value="do_login" />
<?php
if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) {
echo '<input type="hidden" name="goto" value="' . $url . '" />';
}
// Do we allow staff password reset?
if ($hesk_settings['reset_pass']) {
echo '<br /> <br /><a href="password.php" class="smaller">' . $hesklang['fpass'] . '</a>';
}
?>
</div>
</div>
</form>
</div>
</div>
</div>
<p> </p>
<?php
hesk_cleanSessionVars('a_iserror');
require_once HESK_PATH . 'inc/footer.inc.php';
exit;
}
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
/* A security check */
hesk_token_check();
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
/* Valid statuses */
$status_options = array(0 => $hesklang['open'], 1 => $hesklang['wait_reply'], 2 => $hesklang['replied'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']);
/* New status */
$status = intval(hesk_REQUEST('s'));
if (!isset($status_options[$status])) {
hesk_process_messages($hesklang['instat'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE');
}
$locked = 0;
if ($status == 3) {
$action = $hesklang['ticket_been'] . ' ' . $hesklang['closed'];
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
if ($hesk_settings['custopen'] != 1) {
$locked = 1;
}
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get ticket info
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
// Ticket ID
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
// Note ID
$noteID = intval(hesk_REQUEST('note')) or die($hesklang['int_error'] . ': ' . $hesklang['mis_note']);
// Get ticket info
$result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
// Get note info
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}");
if (hesk_dbNumRows($result) != 1) {
hesk_error($hesklang['no_note']);
}
$note = hesk_dbFetchAssoc($result);
// Make sure the note matches the ticket and the user has permission to edit it
if ($note['ticket'] != $ticket['id'] || !hesk_checkPermission('can_del_notes', 0) && $note['who'] != $_SESSION['id']) {
hesk_error($hesklang['perm_deny']);
define('IN_SCRIPT', 1);
define('HESK_PATH', './');
// Get all the required files and functions
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
// Feature enabled?
if (!$hesk_settings['detect_typos']) {
die('');
}
// Print XML header
header('Content-Type: text/html; charset=' . $hesklang['ENCODING']);
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
// Get the search query composed of the subject and message
$address = hesk_REQUEST('e') or die('');
$div = 1;
// Do we allow multiple emails? If yes, check all
if ($hesk_settings['multi_eml']) {
// Make sure the format is correct
$address = preg_replace('/\\s/', '', $address);
$address = str_replace(';', ',', $address);
// Loops through emails and check for typos
$div = 1;
$all = explode(',', $address);
foreach ($all as $address) {
if (($suggest = hesk_emailTypo($address)) !== false) {
hesk_emailTypoShow($address, $suggest, $div);
$div++;
}
}
function hesk_autoLogin($noredirect = 0)
{
global $hesk_settings, $hesklang, $hesk_db_link;
if (!$hesk_settings['autologin']) {
return false;
}
$user = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
$hash = hesk_htmlspecialchars(hesk_COOKIE('hesk_p'));
define('HESK_USER', $user);
if (empty($user) || empty($hash)) {
return false;
}
/* Login cookies exist, now lets limit brute force attempts */
hesk_limitBfAttempts();
/* Check username */
$result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login¬ice=1');
exit;
}
$res = hesk_dbFetchAssoc($result);
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check password */
if ($hash != hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass'])) {
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login¬ice=1');
exit;
}
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Get allowed categories */
if (empty($_SESSION['isadmin'])) {
$_SESSION['categories'] = explode(',', $_SESSION['categories']);
}
/* Renew cookies */
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$hash}", strtotime('+1 year'));
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
$dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
}
/* If session expired while a HESK page is open just continue using it, don't redirect */
if ($noredirect) {
return true;
}
/* Redirect to the destination page */
if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) {
$url = str_replace('&', '&', $url);
header('Location: ' . $url);
} else {
header('Location: admin_main.php');
}
exit;
}
function print_login()
{
global $hesk_settings, $hesklang;
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['admin_login'];
require_once HESK_PATH . 'inc/header.inc.php';
if (hesk_isREQUEST('notice')) {
hesk_process_messages($hesklang['session_expired'], 'NOREDIRECT');
}
if (!isset($_SESSION['a_iserror'])) {
$_SESSION['a_iserror'] = array();
}
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="3"><img src="../img/headerleftsm.jpg" width="3" height="25" alt="" /></td>
<td class="headersm"><?php
echo $hesklang['login'];
?>
</td>
<td width="3"><img src="../img/headerrightsm.jpg" width="3" height="25" alt="" /></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><span class="smaller"><a href="<?php
echo $hesk_settings['site_url'];
?>
" class="smaller"><?php
echo $hesk_settings['site_title'];
?>
</a> >
<?php
echo $hesklang['admin_login'];
?>
</span></td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<br />
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<br />
<div align="center">
<table border="0" cellspacing="0" cellpadding="0" width="<?php
echo $hesk_settings['secimg_use'] == 2 ? '60' : '50';
?>
% ">
<tr>
<td width="7" height="7"><img src="../img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornerstop"></td>
<td><img src="../img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
<td class="roundcornersleft"> </td>
<td>
<form action="index.php" method="post" name="form1">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="60" style="text-align:center"><img src="../img/login.png" alt="" width="24" height="24" /></td>
<td>
<p><b><?php
echo $hesklang['admin_login'];
?>
</a></b></p>
</td>
</tr>
<tr>
<td width="60"> </td>
<td> </td>
</tr>
<tr>
<td width="60"> </td>
<td><?php
echo $hesklang['username'];
?>
:<br />
<?php
$cls = in_array('user', $_SESSION['a_iserror']) ? ' class="isError" ' : '';
if (defined('HESK_USER')) {
$savedUser = HESK_USER;
} else {
$savedUser = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
}
$is_1 = '';
$is_2 = '';
$is_3 = '';
$remember_user = hesk_POST('remember_user');
if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN')) {
$is_1 = 'checked="checked"';
} elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER') {
$is_2 = 'checked="checked"';
} else {
$is_3 = 'checked="checked"';
}
if ($hesk_settings['list_users']) {
echo '<select name="user" ' . $cls . '>';
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` ORDER BY `user` ASC');
while ($row = hesk_dbFetchAssoc($res)) {
$sel = strtolower($savedUser) == strtolower($row['user']) ? 'selected="selected"' : '';
echo '<option value="' . $row['user'] . '" ' . $sel . '>' . $row['user'] . '</option>';
}
echo '</select>';
} else {
echo '<input type="text" name="user" size="35" value="' . $savedUser . '" ' . $cls . ' />';
}
?>
</td>
</tr>
<tr>
<td width="60"> </td>
<td> </td>
</tr>
<tr>
<td width="60"> </td>
<td><?php
echo $hesklang['pass'];
?>
:<br /><input type="password" name="pass" size="35" <?php
if (in_array('pass', $_SESSION['a_iserror'])) {
echo ' class="isError" ';
}
?>
/></td>
</tr>
<?php
if ($hesk_settings['secimg_use'] == 2) {
?>
<tr>
<td width="60"> </td>
<td>
<hr />
<?php
// SPAM prevention verified for this session
if (isset($_SESSION['img_a_verified'])) {
echo '<img src="' . HESK_PATH . 'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> ' . $hesklang['vrfy'];
} elseif ($hesk_settings['recaptcha_use']) {
?>
<script type="text/javascript">
var RecaptchaOptions = {
theme : '<?php
echo isset($_SESSION['a_iserror']) && in_array('mysecnum', $_SESSION['a_iserror']) ? 'red' : 'white';
?>
',
custom_translations : {
visual_challenge : "<?php
echo hesk_slashJS($hesklang['visual_challenge']);
?>
",
audio_challenge : "<?php
echo hesk_slashJS($hesklang['audio_challenge']);
?>
",
refresh_btn : "<?php
echo hesk_slashJS($hesklang['refresh_btn']);
?>
",
instructions_visual : "<?php
echo hesk_slashJS($hesklang['instructions_visual']);
?>
",
instructions_context : "<?php
echo hesk_slashJS($hesklang['instructions_context']);
?>
",
instructions_audio : "<?php
echo hesk_slashJS($hesklang['instructions_audio']);
?>
",
help_btn : "<?php
echo hesk_slashJS($hesklang['help_btn']);
?>
",
play_again : "<?php
echo hesk_slashJS($hesklang['play_again']);
?>
",
cant_hear_this : "<?php
echo hesk_slashJS($hesklang['cant_hear_this']);
?>
",
incorrect_try_again : "<?php
echo hesk_slashJS($hesklang['incorrect_try_again']);
?>
",
image_alt_text : "<?php
echo hesk_slashJS($hesklang['image_alt_text']);
?>
",
},
};
</script>
<?php
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, $hesk_settings['recaptcha_ssl']);
} else {
$cls = in_array('mysecnum', $_SESSION['a_iserror']) ? ' class="isError" ' : '';
echo $hesklang['sec_enter'] . '<br /> <br /><img src="' . HESK_PATH . 'print_sec_img.php?' . rand(10000, 99999) . '" width="150" height="40" alt="' . $hesklang['sec_img'] . '" title="' . $hesklang['sec_img'] . '" border="1" name="secimg" style="vertical-align:text-bottom" /> ' . '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\'' . HESK_PATH . 'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="' . HESK_PATH . 'img/reload.png" height="24" width="24" alt="' . $hesklang['reload'] . '" title="' . $hesklang['reload'] . '" border="0" style="vertical-align:text-bottom" /></a>' . '<br /> <br /><input type="text" name="mysecnum" size="20" maxlength="5" ' . $cls . ' />';
}
?>
<hr />
</td>
</tr>
<?php
} else {
?>
<tr>
<td width="60"> </td>
<td> </td>
</tr>
<?php
}
// End if $hesk_settings['secimg_use'] == 2
if ($hesk_settings['autologin']) {
?>
<tr>
<td width="60"> </td>
<td><label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php
echo $is_1;
?>
/> <?php
echo $hesklang['autologin'];
?>
</label><br />
<label><input type="radio" name="remember_user" value="JUSTUSER" <?php
echo $is_2;
?>
/> <?php
echo $hesklang['just_user'];
?>
</label><br />
<label><input type="radio" name="remember_user" value="NOTHANKS" <?php
echo $is_3;
?>
/> <?php
echo $hesklang['nothx'];
?>
</label></td>
</tr>
<?php
} else {
?>
<tr>
<td width="60"> </td>
<td><label><input type="checkbox" name="remember_user" value="JUSTUSER" <?php
echo $is_2;
?>
/> <?php
echo $hesklang['remember_user'];
?>
</label></td>
</tr>
<?php
}
// End if $hesk_settings['autologin']
?>
<tr>
<td width="60"> </td>
<td> </td>
</tr>
<tr>
<td width="60"> </td>
<td><input type="submit" value="<?php
echo $hesklang['click_login'];
?>
" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" />
<input type="hidden" name="a" value="do_login" />
<?php
if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) {
echo '<input type="hidden" name="goto" value="' . $url . '" />';
}
?>
<br />
</td>
</tr>
</table>
</form>
</td>
<td class="roundcornersright"> </td>
</tr>
<tr>
<td><img src="../img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornersbottom"></td>
<td width="7" height="7"><img src="../img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>
</div>
<p> </p>
<?php
hesk_cleanSessionVars('a_iserror');
require_once HESK_PATH . 'inc/footer.inc.php';
exit;
}
function hesk_token_check($method = 'GET', $show_error = 1)
{
// Get the token
$my_token = hesk_REQUEST('token');
// Verify it or throw an error
if (!hesk_token_compare($my_token)) {
if ($show_error) {
global $hesk_settings, $hesklang;
hesk_error($hesklang['eto']);
} else {
return false;
}
}
return true;
}
function ban_email()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Get the email
$email = strtolower(hesk_input(hesk_REQUEST('email')));
// Nothing entered?
if (!strlen($email)) {
hesk_process_messages($hesklang['enterbanemail'], 'banned_emails.php');
}
// Only allow one email to be entered
$email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email;
$email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email;
// Validate email address
$hesk_settings['multi_eml'] = 0;
if (!hesk_validateEmail($email, '', 0) && !verify_email_domain($email)) {
hesk_process_messages($hesklang['validbanemail'], 'banned_emails.php');
}
// Redirect either to banned emails or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
// Prevent duplicate rows
if ($_SESSION['ban_email']['id'] = hesk_isBannedEmail($email)) {
hesk_process_messages(sprintf($hesklang['emailbanexists'], $email), $redirect_to, 'NOTICE');
}
// Insert the email address into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` (`email`,`banned_by`) VALUES ('" . hesk_dbEscape($email) . "','" . intval($_SESSION['id']) . "')");
// Remember email that got banned
$_SESSION['ban_email']['id'] = hesk_dbInsertID();
// Show success
hesk_process_messages(sprintf($hesklang['email_banned'], $email), $redirect_to, 'SUCCESS');
}
$can_assign_self = TRUE;
} else {
$can_assign_self = hesk_checkPermission('can_assign_self', 0);
}
/* A security check */
hesk_token_check();
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($res);
$_SERVER['PHP_SELF'] = 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999);
/* New owner ID */
$owner = intval(hesk_REQUEST('owner'));
/* If ID is -1 the ticket will be unassigned */
if ($owner == -1) {
$revision = sprintf($hesklang['thist2'], hesk_date(), '<i>' . $hesklang['unas'] . '</i>', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
hesk_process_messages($hesklang['tunasi2'], $_SERVER['PHP_SELF'], 'SUCCESS');
} elseif ($owner < 1) {
hesk_process_messages($hesklang['nose'], $_SERVER['PHP_SELF'], 'NOTICE');
}
/* Verify the new owner and permissions */
$res = hesk_dbQuery("SELECT `id`,`user`,`name`,`email`,`isadmin`,`categories`,`notify_assigned` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='{$owner}' LIMIT 1");
$row = hesk_dbFetchAssoc($res);
/* Has new owner access to the category? */
if (!$row['isadmin']) {
$row['categories'] = explode(',', $row['categories']);
if (!in_array($ticket['category'], $row['categories'])) {
function print_login()
{
global $hesk_settings, $hesklang;
// Tell header to load reCaptcha API if needed
if ($hesk_settings['recaptcha_use'] == 2) {
define('RECAPTCHA', 1);
}
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['admin_login'];
require_once HESK_PATH . 'inc/header.inc.php';
if (hesk_isREQUEST('notice')) {
hesk_process_messages($hesklang['session_expired'], 'NOREDIRECT');
}
if (!isset($_SESSION['a_iserror'])) {
$_SESSION['a_iserror'] = array();
}
?>
<nav class="row navbar navbar-default" id="showTopBar-indexPhp">
<div class="menu-wrapper">
<div class="container showTopBar"><?php
hesk_showTopBar($hesk_settings['hesk_title']);
?>
</div>
</div><!-- end showTopBar-indexPhp -->
</nav>
<div class="container siteUrl-title-admin-indexPhp">
<div class="form-inline">
<span><a href="<?php
echo $hesk_settings['site_url'];
?>
" class="smaller"><?php
echo $hesk_settings['site_title'];
?>
</a></span> >
<span><?php
echo $hesklang['admin_login'];
?>
</span>
</div>
</div>
<!--
</td>
</tr>-->
<!-- start in this page end somewhere...
<tr>
<td>-->
<br/>
<br/>
<br/>
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<div class="container">
<div class="col-sm-5 admin-login-top-latest-kb">
<div class="form-group admin-login">
<br/>
<div class="container form-group">
<form action="index.php" method="post" name="form1">
<div id="ad-log"><b><?php
echo $hesklang['admin_login'];
?>
</a></b></div>
</br>
<div class="form-inline">
<h4><label class="control-label" for="username-admin"><?php
echo $hesklang['username'];
?>
:</label></h4>
<?php
$cls = in_array('user', $_SESSION['a_iserror']) ? ' class="isError" ' : '';
if (defined('HESK_USER')) {
$savedUser = HESK_USER;
} else {
$savedUser = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
}
$is_1 = '';
$is_2 = '';
$is_3 = '';
$remember_user = hesk_POST('remember_user');
if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN')) {
$is_1 = 'checked="checked"';
} elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER') {
$is_2 = 'checked="checked"';
} else {
$is_3 = 'checked="checked"';
}
if ($hesk_settings['list_users']) {
echo '<select name="user" ' . $cls . '>';
$res = hesk_dbQuery('SELECT `user` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` ORDER BY `user` ASC');
while ($row = hesk_dbFetchAssoc($res)) {
$sel = strtolower($savedUser) == strtolower($row['user']) ? 'selected="selected"' : '';
echo '<option value="' . $row['user'] . '" ' . $sel . '>' . $row['user'] . '</option>';
}
echo '</select>';
} else {
echo '<input class="form-control" id="username-admin" type="text" name="user" size="35" value="' . $savedUser . '" ' . $cls . ' />';
}
?>
</div>
<br/>
<div class="form-inline">
<h4><label class="control-label" for="password-admin"><?php
echo $hesklang['pass'];
?>
:</h4><input class="form-control" id="password-admin" type="password" name="pass" size="35" <?php
if (in_array('pass', $_SESSION['a_iserror'])) {
echo ' class="isError" ';
}
?>
/>
</div>
<?php
if ($hesk_settings['secimg_use'] == 2) {
?>
<br/><br/>
<?php
// SPAM prevention verified for this session
if (isset($_SESSION['img_a_verified'])) {
echo '<img src="' . HESK_PATH . 'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> ' . $hesklang['vrfy'];
} elseif ($hesk_settings['recaptcha_use'] == 1) {
?>
<script type="text/javascript">
var RecaptchaOptions = {
theme : '<?php
echo isset($_SESSION['a_iserror']) && in_array('mysecnum', $_SESSION['a_iserror']) ? 'red' : 'white';
?>
',
custom_translations : {
visual_challenge : "<?php
echo hesk_slashJS($hesklang['visual_challenge']);
?>
",
audio_challenge : "<?php
echo hesk_slashJS($hesklang['audio_challenge']);
?>
",
refresh_btn : "<?php
echo hesk_slashJS($hesklang['refresh_btn']);
?>
",
instructions_visual : "<?php
echo hesk_slashJS($hesklang['instructions_visual']);
?>
",
instructions_context : "<?php
echo hesk_slashJS($hesklang['instructions_context']);
?>
",
instructions_audio : "<?php
echo hesk_slashJS($hesklang['instructions_audio']);
?>
",
help_btn : "<?php
echo hesk_slashJS($hesklang['help_btn']);
?>
",
play_again : "<?php
echo hesk_slashJS($hesklang['play_again']);
?>
",
cant_hear_this : "<?php
echo hesk_slashJS($hesklang['cant_hear_this']);
?>
",
incorrect_try_again : "<?php
echo hesk_slashJS($hesklang['incorrect_try_again']);
?>
",
image_alt_text : "<?php
echo hesk_slashJS($hesklang['image_alt_text']);
?>
",
},
};
</script>
<?php
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
} elseif ($hesk_settings['recaptcha_use'] == 2) {
?>
<div class="g-recaptcha" data-sitekey="<?php
echo $hesk_settings['recaptcha_public_key'];
?>
"></div>
<?php
} else {
$cls = in_array('mysecnum', $_SESSION['a_iserror']) ? ' class="isError" ' : '';
echo $hesklang['sec_enter'] . '<br /> <br /><img src="' . HESK_PATH . 'print_sec_img.php?' . rand(10000, 99999) . '" width="150" height="40" alt="' . $hesklang['sec_img'] . '" title="' . $hesklang['sec_img'] . '" border="1" name="secimg" style="vertical-align:text-bottom" /> ' . '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\'' . HESK_PATH . 'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="' . HESK_PATH . 'img/reload.png" height="24" width="24" alt="' . $hesklang['reload'] . '" title="' . $hesklang['reload'] . '" border="0" style="vertical-align:text-bottom" /></a>' . '<br /> <br /><input type="text" name="mysecnum" size="20" maxlength="5" ' . $cls . ' />';
}
?>
<br/><br/>
<?php
} else {
?>
<?php
}
// End if $hesk_settings['secimg_use'] == 2
if ($hesk_settings['autologin']) {
?>
<br/>
<div class="radios" style="text-align: -webkit-auto; display: inline-block;">
<div class="">
<span>
<input type="checkbox" name="remember_user" id="optionsRadios1" value="kot" <?php
echo $is_1;
?>
checked="checked" /> <?php
echo $hesklang['remember_user'];
?>
<br />
</span>
</div>
<div class="radio">
<span>
<input type="hidden" name="remember_user" id="optionsRadios2" value="AUTOLOGIN" <?php
echo $is_2;
?>
checked="checked" /><br />
</span>
</div>
</div>
<?php
} else {
?>
<label><input type="checkbox" name="remember_user" value="JUSTUSER" class="form-control"<?php
echo $is_2;
?>
/> <?php
echo $hesklang['remember_user'];
?>
</label>
<?php
}
// End if $hesk_settings['autologin']
?>
<br/><br/>
<button type="submit" class="btn btn-default" id="submit-login"><?php
echo $hesklang['click_login'];
?>
</button>
<input type="hidden" name="a" value="do_login" />
<?php
if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) {
echo '<input type="hidden" name="goto" value="' . $url . '" />';
}
// Do we allow staff password reset?
if ($hesk_settings['reset_pass']) {
echo '<br /> <br /><div id="forgotpassw"><a href="password.php" class="smaller">' . $hesklang['fpass'] . '</a></div>';
}
?>
<br />
</form>
</div>
</div>
<div class="form-inline top-latest-kb-button">
<a href="http://localhost/support/knowledgebase.php#tab_home" target="_blank"><button type="submit" class="btn btn-default" id="top-kb-button" onmouseover="hesk_btn(this,'btn btn-defaultover');" onmouseout="hesk_btn(this,'btn btn-default');">Top Knowledgebase <br/> articles</button></a>
<a href="http://localhost/support/knowledgebase.php#tab_profile" target="_blank"><button type="submit" class="btn btn-default" id="latest-kb-button" onmouseover="hesk_btn(this,'btn btn-defaultover');" onmouseout="hesk_btn(this,'btn btn-default');">Latest Knowledgebase <br/> articles</button></a>
</div>
</div>
<div class="col-sm-7 help-staf"><img src="../img/help.jpg" alt="help" /></div>
</div>
<?php
hesk_cleanSessionVars('a_iserror');
require_once HESK_PATH . 'inc/footer.inc.php';
exit;
}
function unban_temp_ip()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Get the ip
$ip = preg_replace('/[^0-9\\.\\-\\/\\*]/', '', hesk_REQUEST('ip'));
// Delete from bans
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1");
// Show success
hesk_process_messages($hesklang['ip_tempun'], 'banned_ips.php', 'SUCCESS');
}