function hesk_getCategoryPriority($id) { global $hesk_settings, $hesklang, $hesk_db_link; $priority = 3; // Does the category have a different default priority? $res = hesk_dbQuery("SELECT `priority` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`=" . intval($id) . " LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $priority = hesk_dbResult($res); } return $priority; }
function hesk_iSaveSettings() { global $hesk_settings, $hesklang; $spam_question = hesk_generate_SPAM_question(); $hesk_settings['secimg_use'] = empty($_SESSION['set_captcha']) ? 0 : 1; $hesk_settings['use_spamq'] = empty($_SESSION['use_spamq']) ? 0 : 1; $hesk_settings['question_ask'] = $spam_question[0]; $hesk_settings['question_ans'] = $spam_question[1]; $hesk_settings['set_attachments'] = empty($_SESSION['set_attachments']) ? 0 : 1; $hesk_settings['hesk_version'] = HESK_NEW_VERSION; if (isset($_SERVER['HTTP_HOST'])) { $hesk_settings['site_url'] = 'http://' . $_SERVER['HTTP_HOST']; if (isset($_SERVER['REQUEST_URI'])) { $hesk_settings['hesk_url'] = 'http://' . $_SERVER['HTTP_HOST'] . str_replace('/install/install.php', '', $_SERVER['REQUEST_URI']); } } /* Encode and escape characters */ $set = $hesk_settings; foreach ($hesk_settings as $k => $v) { if (is_array($v)) { continue; } $set[$k] = addslashes($v); } $set['debug_mode'] = 0; $set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", $set['email_providers']) . "'" : ''; // Check if PHP version is 5.2.3+ and MySQL is 5.0.7+ $res = hesk_dbQuery('SELECT VERSION() AS version'); $set['db_vrsn'] = version_compare(PHP_VERSION, '5.2.3') >= 0 && version_compare(hesk_dbResult($res), '5.0.7') >= 0 ? 1 : 0; hesk_iSaveSettingsFile($set); return true; }
function hesk_iTestDatabaseConnection() { global $hesk_settings, $hesklang; $db_success = 1; $hesk_settings['db_host'] = hesk_input(hesk_POST('host')); $hesk_settings['db_name'] = hesk_input(hesk_POST('name')); $hesk_settings['db_user'] = hesk_input(hesk_POST('user')); $hesk_settings['db_pass'] = hesk_input(hesk_POST('pass')); // Allow & in password $hesk_settings['db_pass'] = str_replace('&', '&', $hesk_settings['db_pass']); // Use MySQLi extension to connect? $use_mysqli = function_exists('mysqli_connect') ? true : false; // Start output buffering ob_start(); // Connect to database if ($use_mysqli) { // Do we need a special port? Check and connect to the database if (strpos($hesk_settings['db_host'], ':')) { list($hesk_settings['db_host'], $hesk_settings['db_port']) = explode(':', $hesk_settings['db_host']); $hesk_db_link = mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name'], intval($hesk_settings['db_port'])) or $db_success = 0; } else { $hesk_db_link = mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name']) or $db_success = 0; } } else { $hesk_db_link = mysql_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass']) or $db_success = 0; // Select database works OK? if ($db_success == 1 && !mysql_select_db($hesk_settings['db_name'], $hesk_db_link)) { // No, try to create the database if (function_exists('mysql_create_db') && mysql_create_db($hesk_settings['db_name'], $hesk_db_link)) { if (mysql_select_db($hesk_settings['db_name'], $hesk_db_link)) { $db_success = 1; } else { $db_success = 0; } } else { $db_success = 0; } } } ob_end_clean(); // Any errors? if (!$db_success) { global $mysql_log; $mysql_log = $use_mysqli ? mysqli_connect_error() : mysql_error(); hesk_iDatabase(1); } // Check MySQL version define('MYSQL_VERSION', hesk_dbResult(hesk_dbQuery('SELECT VERSION() AS version'))); if (version_compare(MYSQL_VERSION, REQUIRE_MYSQL_VERSION, '<')) { hesk_iDatabase(5); } return $hesk_db_link; }
function hesk_dbTime() { $res = hesk_dbQuery("SELECT NOW()"); return strtotime(hesk_dbResult($res, 0, 0)); }
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k)))); $_SESSION["c_{$k}"] = hesk_POST($k); } } else { $tmpvar[$k] = ''; } } // Check bans if (!isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) { hesk_error($hesklang['baned_e']); } // Check maximum open tickets limit $below_limit = true; if ($hesk_settings['max_open'] && !isset($hesk_error_buffer['email'])) { $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN ('0', '1', '2', '4', '5') AND " . hesk_dbFormatEmail($tmpvar['email'])); $num = hesk_dbResult($res); if ($num >= $hesk_settings['max_open']) { $hesk_error_buffer = array('max_open' => sprintf($hesklang['maxopen'], $num, $hesk_settings['max_open'])); $below_limit = false; } } // If we reached max tickets let's save some resources if ($below_limit) { // Generate tracking ID $tmpvar['trackid'] = hesk_createID(); // Attachments if ($hesk_settings['attachments']['use']) { require_once HESK_PATH . 'inc/attachments.inc.php'; $attachments = array(); $trackingID = $tmpvar['trackid']; for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
function manage_category() { global $hesk_settings, $hesklang; $catid = intval(hesk_GET('catid')) or hesk_error($hesklang['kb_cat_inv']); $result = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'kb_categories` ORDER BY `parent` ASC, `cat_order` ASC'); $kb_cat = array(); while ($cat = hesk_dbFetchAssoc($result)) { $kb_cat[] = $cat; if ($cat['id'] == $catid) { $this_cat = $cat; } } if (isset($_SESSION['manage_cat'])) { $_SESSION['manage_cat'] = hesk_stripArray($_SESSION['manage_cat']); $this_cat['type'] = $_SESSION['manage_cat']['type']; $this_cat['parent'] = $_SESSION['manage_cat']['parent']; $this_cat['name'] = $_SESSION['manage_cat']['title']; } /* Translate main category "Knowledgebase" if needed */ $kb_cat[0]['name'] = $hesklang['kb_text']; require HESK_PATH . 'inc/treemenu/TreeMenu.php'; $icon = HESK_PATH . 'img/folder.gif'; $expandedIcon = HESK_PATH . 'img/folder-expanded.gif'; $menu = new HTML_TreeMenu(); $thislevel = array('0'); $nextlevel = array(); $i = 1; $j = 1; while (count($kb_cat) > 0) { foreach ($kb_cat as $k => $cat) { if (in_array($cat['parent'], $thislevel)) { $up = $cat['parent']; $my = $cat['id']; $type = $cat['type'] ? '*' : ''; $text_short = $cat['name'] . $type . ' (' . $cat['articles'] . ', ' . $cat['articles_private'] . ', ' . $cat['articles_draft'] . ')'; if (isset($node[$up])) { $node[$my] =& $node[$up]->addItem(new HTML_TreeNode(array('hesk_parent' => $this_cat['parent'], 'text' => 'Text', 'text_short' => $text_short, 'hesk_catid' => $cat['id'], 'hesk_select' => 'option' . $j, 'icon' => $icon, 'expandedIcon' => $expandedIcon, 'expanded' => true))); } else { $node[$my] = new HTML_TreeNode(array('hesk_parent' => $this_cat['parent'], 'text' => 'Text', 'text_short' => $text_short, 'hesk_catid' => $cat['id'], 'hesk_select' => 'option' . $j, 'icon' => $icon, 'expandedIcon' => $expandedIcon, 'expanded' => true)); } $nextlevel[] = $cat['id']; $j++; unset($kb_cat[$k]); } } $thislevel = $nextlevel; $nextlevel = array(); /* Break after 20 recursions to avoid hang-ups in case of any problems */ if ($i > 20) { break; } $i++; } $menu->addItem($node[1]); // Create the presentation class $listBox =& ref_new(new HTML_TreeMenu_Listbox($menu)); /* Print header */ require_once HESK_PATH . 'inc/header.inc.php'; /* Print main manage users page */ require_once HESK_PATH . 'inc/show_admin_nav.inc.php'; ?> <div class="container manage-kb-category-title"><a href="manage_knowledgebase.php" class="smaller"><b><?php echo $hesklang['kb']; ?> </b></a> > <?php echo $hesklang['kb_cat_man']; ?> </div> <!-- SUB NAVIGATION --> <?php show_subnav('', $catid); ?> <!-- SUB NAVIGATION --> <?php if (!isset($_SESSION['hide']['article_list'])) { ?> <div class="container category-kb"><?php echo $hesklang['category']; ?> : <span class="black"><?php echo $this_cat['name']; ?> </span></div> <br /> <?php $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='{$catid}' ORDER BY `sticky` DESC, `art_order` ASC"); $num = hesk_dbNumRows($result); if ($num == 0) { echo '<div class="container kb_no_article">' . $hesklang['kb_no_art'] . ' <br/><br/> <a href="manage_knowledgebase.php?a=add_article&catid=' . $catid . '"><img src="../img/add_article.png" width="16" height="16" alt="' . $hesklang['kb_i_art2'] . '" title="' . $hesklang['kb_i_art2'] . '" border="0" style="border:none;vertical-align:text-bottom" /></a>' . '<a href="manage_knowledgebase.php?a=add_article&catid=' . $catid . '"><b>' . $hesklang['kb_i_art2'] . '</b></a></div>'; } else { /* Get number of sticky articles */ $res2 = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='{$catid}' AND `sticky` = '1' "); $num_sticky = hesk_dbResult($res2); $num_nosticky = $num - $num_sticky; ?> <div class="container insertArticle"> <?php echo '<a href="manage_knowledgebase.php?a=add_article&catid=' . $catid . '"><img src="../img/add_article.png" width="16" height="16" alt="' . $hesklang['kb_i_art2'] . '" title="' . $hesklang['kb_i_art2'] . '" border="0" style="border:none;vertical-align:text-bottom" /></a> <a href="manage_knowledgebase.php?a=add_article&catid=' . $catid . '"><b>' . $hesklang['kb_i_art2'] . '</b></a>'; ?> </div> <div class="container kb_cat_art_title"><?php echo $hesklang['kb_cat_art']; ?> </div> <div class="container"> <table class="table table-bordered table-responsive kb_cat_art_table"> <tr> <th class="admin_white"> </th> <th class="admin_white"><b><i><?php echo $hesklang['kb_subject']; ?> </i></b></th> <th class="admin_white"><b><i><?php echo $hesklang['kb_type']; ?> </i></b></th> <th class="admin_white"><b><i><?php echo $hesklang['views']; ?> </i></b></th> <?php if ($hesk_settings['kb_rating']) { ?> <th class="admin_white" style="white-space:nowrap" nowrap="nowrap" width="130"><b><i><?php echo $hesklang['rating'] . ' (' . $hesklang['votes'] . ')'; ?> </i></b></th> <?php } ?> <th class="admin_white" style="width:120px"><b><i> <?php echo $hesklang['opt']; ?> </i></b></th> </tr> <?php $i = 1; $j = 1; $k = 1; $previous_sticky = 1; $num = $num_sticky; while ($article = hesk_dbFetchAssoc($result)) { if ($previous_sticky != $article['sticky']) { $k = 1; $num = $num_nosticky; $previous_sticky = $article['sticky']; } if (isset($_SESSION['artord']) && $article['id'] == $_SESSION['artord']) { $color = 'admin_green'; unset($_SESSION['artord']); } elseif ($article['sticky']) { $color = 'admin_yellow'; } else { $color = $i ? 'admin_white' : 'admin_gray'; } $tmp = $i ? 'White' : 'Blue'; $style = 'class="option' . $tmp . 'OFF" onmouseover="this.className=\'option' . $tmp . 'ON\'" onmouseout="this.className=\'option' . $tmp . 'OFF\'"'; $i = $i ? 0 : 1; switch ($article['type']) { case '1': $type = '<span class="kb_private">' . $hesklang['kb_private'] . '</span>'; break; case '2': $type = '<span class="kb_draft">' . $hesklang['kb_draft'] . '</span>'; break; default: $type = '<span class="kb_published">' . $hesklang['kb_published'] . '</span>'; } if ($hesk_settings['kb_rating']) { $alt = $article['rating'] ? sprintf($hesklang['kb_rated'], sprintf("%01.1f", $article['rating'])) : $hesklang['kb_not_rated']; $rat = '<td class="' . $color . '" style="white-space:nowrap;"><img src="../img/star_' . hesk_round_to_half($article['rating']) * 10 . '.png" width="85" height="16" alt="' . $alt . '" title="' . $alt . '" border="0" style="vertical-align:text-bottom" /> (' . $article['votes'] . ') </td>'; } else { $rat = ''; } ?> <tr> <td class="<?php echo $color; ?> "><?php echo $j; ?> .</td> <td class="<?php echo $color; ?> "><?php echo $article['subject']; ?> </td> <td class="<?php echo $color; ?> "><?php echo $type; ?> </td> <td class="<?php echo $color; ?> "><?php echo $article['views']; ?> </td> <?php echo $rat; ?> <td class="<?php echo $color; ?> " style="text-align:center; white-space:nowrap;"> <?php if ($num > 1) { if ($k == 1) { ?> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" /> <a href="manage_knowledgebase.php?a=order_article&id=<?php echo $article['id']; ?> &catid=<?php echo $catid; ?> &move=15&token=<?php hesk_token_echo(); ?> "><img src="../img/move_down.png" width="16" height="16" alt="<?php echo $hesklang['move_dn']; ?> " title="<?php echo $hesklang['move_dn']; ?> " <?php echo $style; ?> /></a> <?php } elseif ($k == $num) { ?> <a href="manage_knowledgebase.php?a=order_article&id=<?php echo $article['id']; ?> &catid=<?php echo $catid; ?> &move=-15&token=<?php hesk_token_echo(); ?> "><img src="../img/move_up.png" width="16" height="16" alt="<?php echo $hesklang['move_up']; ?> " title="<?php echo $hesklang['move_up']; ?> " <?php echo $style; ?> /></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" /> <?php } else { ?> <a href="manage_knowledgebase.php?a=order_article&id=<?php echo $article['id']; ?> &catid=<?php echo $catid; ?> &move=-15&token=<?php hesk_token_echo(); ?> "><img src="../img/move_up.png" width="16" height="16" alt="<?php echo $hesklang['move_up']; ?> " title="<?php echo $hesklang['move_up']; ?> " <?php echo $style; ?> /></a> <a href="manage_knowledgebase.php?a=order_article&id=<?php echo $article['id']; ?> &catid=<?php echo $catid; ?> &move=15&token=<?php hesk_token_echo(); ?> "><img src="../img/move_down.png" width="16" height="16" alt="<?php echo $hesklang['move_dn']; ?> " title="<?php echo $hesklang['move_dn']; ?> " <?php echo $style; ?> /></a> <?php } } elseif ($num_sticky > 1 || $num_nosticky > 1) { echo '<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;vertical-align:text-bottom;" /> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;vertical-align:text-bottom;" />'; } ?> <a href="manage_knowledgebase.php?a=sticky&s=<?php echo $article['sticky'] ? 0 : 1; ?> &id=<?php echo $article['id']; ?> &catid=<?php echo $catid; ?> &token=<?php hesk_token_echo(); ?> "><img src="../img/sticky<?php if (!$article['sticky']) { echo '_off'; } ?> .png" width="16" height="16" alt="<?php echo $article['sticky'] ? $hesklang['stickyoff'] : $hesklang['stickyon']; ?> " title="<?php echo $article['sticky'] ? $hesklang['stickyoff'] : $hesklang['stickyon']; ?> " <?php echo $style; ?> /></a> <a href="knowledgebase_private.php?article=<?php echo $article['id']; ?> &back=1<?php if ($article['type'] == 2) { echo '&draft=1'; } ?> " target="_blank"><img src="../img/article_text.png" width="16" height="16" alt="<?php echo $hesklang['viewart']; ?> " title="<?php echo $hesklang['viewart']; ?> " <?php echo $style; ?> /></a> <a href="manage_knowledgebase.php?a=edit_article&id=<?php echo $article['id']; ?> "><img src="../img/edit.png" width="16" height="16" alt="<?php echo $hesklang['edit']; ?> " title="<?php echo $hesklang['edit']; ?> " <?php echo $style; ?> /></a> <a href="manage_knowledgebase.php?a=remove_article&id=<?php echo $article['id']; ?> &token=<?php hesk_token_echo(); ?> " onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_art']); ?> ');"><img src="../img/delete.png" width="16" height="16" alt="<?php echo $hesklang['delete']; ?> " title="<?php echo $hesklang['delete']; ?> " <?php echo $style; ?> /></a> </td> </tr> <?php $j++; $k++; } // End while ?> </table> </div> <?php } } // END if hide article list /* Manage Category (except the default one) */ if ($catid != 1) { ?> <br /> <div class="container insertCategory"> <?php echo '<a href="manage_knowledgebase.php?a=add_category&parent=' . $catid . '"><img src="../img/add_category.png" width="16" height="16" alt="' . $hesklang['kb_i_cat2'] . '" title="' . $hesklang['kb_i_cat2'] . '" border="0" style="border:none;vertical-align:text-bottom" /></a> <a href="manage_knowledgebase.php?a=add_category&parent=' . $catid . '"><b>' . $hesklang['kb_i_cat2'] . '</b></a>'; ?> </div> <div class="container category-settings-title"><?php echo $hesklang['catset']; ?> </div> <div class="container category-settings-form"> <br/> <form action="manage_knowledgebase.php" method="post" name="form1" onsubmit="Javascript:return hesk_deleteIfSelected('dodelete','<?php echo hesk_makeJsString($hesklang['kb_delcat']); ?> ')"> <div class="form-inline"> <span class="col-sm-2"><b><?php echo $hesklang['kb_cat_title']; ?> :</b></span> <span><input class="form-control" type="text" name="title" size="70" maxlength="255" value="<?php echo $this_cat['name']; ?> " /></span> </div> <br/> <div class="form-inline"> <span class="col-sm-2"><b><?php echo $hesklang['kb_cat_parent']; ?> :</b></span> <span><select class="form-control" name="parent"><?php $listBox->printMenu(); ?> </select></span> </div> <br/> <div class="form-inline"> <span class="col-sm-2"><b><?php echo $hesklang['kb_type']; ?> :</b></span> <div class="form-group"> <label><input type="radio" name="type" value="0" <?php if (!$this_cat['type']) { echo 'checked="checked"'; } ?> /> <b><i><?php echo $hesklang['kb_published']; ?> </i></b></label><br /> <span><?php echo $hesklang['kb_cat_published']; ?> </span><br/><br/> <label><input type="radio" name="type" value="1" <?php if ($this_cat['type']) { echo 'checked="checked"'; } ?> /> <b><i><?php echo $hesklang['kb_private']; ?> </i></b></label><br /> <span><?php echo $hesklang['kb_cat_private']; ?> </span> </div> </div> <br/> <div class="form-inline"> <span class="col-sm-2"><b><?php echo $hesklang['opt']; ?> :</b></span> <div class="form-group"> <label><input type="checkbox" name="dodelete" id="dodelete" value="Y" onclick="Javascript:hesk_toggleLayerDisplay('deleteoptions')" /> <i><?php echo $hesklang['delcat']; ?> </i></label> <div id="deleteoptions" style="display: none;"> <label><input type="radio" name="movearticles" value="Y" checked="checked" /> <?php echo $hesklang['move1']; ?> </label><br /> <label><input type="radio" name="movearticles" value="N" /> <?php echo $hesklang['move2']; ?> </label> </div> </div> </div> <br/> </div> <br/> <div class="col-sm-6 col-sm-offset-6"> <input type="hidden" name="a" value="edit_category" /> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?> " /> <input type="hidden" name="catid" value="<?php echo $catid; ?> " /><input type="submit" value="<?php echo $hesklang['save_changes']; ?> " class="btn btn-default save-cat-changes-btn" /> </div> </form> <?php } // END if $catid != 1 /* Clean unneeded session variables */ hesk_cleanSessionVars(array('hide', 'manage_cat', 'edit_article')); require_once HESK_PATH . 'inc/footer.inc.php'; exit; }
function ban_ip() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get the ip $ip = preg_replace('/[^0-9\\.\\-\\/\\*]/', '', hesk_REQUEST('ip')); $ip_display = str_replace('-', ' - ', $ip); // Nothing entered? if (!strlen($ip)) { hesk_process_messages($hesklang['enterbanip'], 'banned_ips.php'); } // Convert asterisk to ranges if (strpos($ip, '*') !== false) { $ip = str_replace('*', '0', $ip) . '-' . str_replace('*', '255', $ip); } $ip_regex = '(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])'; // Is this a single IP address? if (preg_match('/^' . $ip_regex . '$/', $ip)) { $ip_from = ip2long($ip); $ip_to = $ip_from; } elseif (preg_match('/^' . $ip_regex . '\\-' . $ip_regex . '$/', $ip)) { list($ip_from, $ip_to) = explode('-', $ip); $ip_from = ip2long($ip_from); $ip_to = ip2long($ip_to); } elseif (preg_match('/^' . $ip_regex . '\\/([0-9]{1,2})$/', $ip, $matches) && $matches[4] >= 0 && $matches[4] <= 32) { list($ip_from, $ip_to) = hesk_cidr_to_range($ip); } else { hesk_process_messages($hesklang['validbanip'], 'banned_ips.php'); } // Make sure we have valid ranges if ($ip_from < 0) { $ip_from += 4294967296.0; } elseif ($ip_from > 4294967296.0) { $ip_from = 4294967296.0; } if ($ip_to < 0) { $ip_to += 4294967296.0; } elseif ($ip_to > 4294967296.0) { $ip_to = 4294967296.0; } // Make sure $ip_to is not lower that $ip_from if ($ip_to < $ip_from) { $tmp = $ip_to; $ip_to = $ip_from; $ip_from = $tmp; } // Is this IP address already banned? $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE {$ip_from} BETWEEN `ip_from` AND `ip_to` AND {$ip_to} BETWEEN `ip_from` AND `ip_to` LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $_SESSION['ban_ip']['id'] = hesk_dbResult($res); $hesklang['ipbanexists'] = $ip_to == $ip_from ? sprintf($hesklang['ipbanexists'], long2ip($ip_to)) : sprintf($hesklang['iprbanexists'], long2ip($ip_from) . ' - ' . long2ip($ip_to)); hesk_process_messages($hesklang['ipbanexists'], 'banned_ips.php', 'NOTICE'); } // Delete any duplicate banned IP or ranges that are within the new banned range hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `ip_from` >= {$ip_from} AND `ip_to` <= {$ip_to}"); // Delete temporary bans from logins table if ($ip_to == $ip_from) { hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "' LIMIT 1"); } // Redirect either to banned ips or ticket page from now on $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_ips.php'; // Insert the ip address into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` (`ip_from`,`ip_to`,`ip_display`,`banned_by`) VALUES ({$ip_from}, {$ip_to},'" . hesk_dbEscape($ip_display) . "','" . intval($_SESSION['id']) . "')"); // Remember ip that got banned $_SESSION['ban_ip']['id'] = hesk_dbInsertID(); // Generate success message $hesklang['ip_banned'] = $ip_to == $ip_from ? sprintf($hesklang['ip_banned'], long2ip($ip_to)) : sprintf($hesklang['ip_rbanned'], long2ip($ip_from) . ' - ' . long2ip($ip_to)); // Show success hesk_process_messages(sprintf($hesklang['ip_banned'], $ip), $redirect_to, 'SUCCESS'); }
<td width="200" valign="top"><?php echo $hesklang['phpv']; ?> :</td> <td><?php echo defined('HESK_DEMO') ? $hesklang['hdemo'] : PHP_VERSION . ' ' . (function_exists('mysqli_connect') ? '(MySQLi)' : '(MySQL)'); ?> </td> </tr> <tr> <td width="200" valign="top"><?php echo $hesklang['mysqlv']; ?> :</td> <td><?php echo defined('HESK_DEMO') ? $hesklang['hdemo'] : hesk_dbResult(hesk_dbQuery('SELECT VERSION() AS version')); ?> </td> </tr> <tr> <td width="200" valign="top">/hesk_settings.inc.php</td> <td> <?php if (is_writable(HESK_PATH . 'hesk_settings.inc.php')) { $enable_save_settings = 1; echo '<font class="success">' . $hesklang['exists'] . '</font>, <font class="success">' . $hesklang['writable'] . '</font>'; } else { echo '<font class="success">' . $hesklang['exists'] . '</font>, <font class="error">' . $hesklang['not_writable'] . '</font><br />' . $hesklang['e_settings']; } ?> </td>
function hesk_getOwnerName($id) { global $hesk_settings, $hesklang; if (empty($id)) { return $hesklang['unas']; } // If we already have the name no need to query DB another time if (isset($hesk_settings['user_data'][$id]['name'])) { return $hesk_settings['user_data'][$id]['name']; } $res = hesk_dbQuery("SELECT `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($id) . "' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { return $hesklang['unas']; } $hesk_settings['user_data'][$id]['name'] = hesk_dbResult($res, 0, 0); return $hesk_settings['user_data'][$id]['name']; }
function hesk_printReplyForm() { global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self; ?> <!-- START REPLY FORM --> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="7" height="7"><img src="../img/roundcornerslt.jpg" width="7" height="7" alt="" /></td> <td class="roundcornerstop"></td> <td><img src="../img/roundcornersrt.jpg" width="7" height="7" alt="" /></td> </tr> <tr> <td class="roundcornersleft"> </td> <td> <h3 align="center"><?php echo $hesklang['add_reply']; ?> </h3> <form method="post" action="admin_reply_ticket.php" enctype="multipart/form-data" name="form1" onsubmit="javascript:force_stop();return true;"> <br /> <?php /* Ticket assigned to someone else? */ if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && isset($admins[$ticket['owner']])) { hesk_show_notice($hesklang['nyt'] . ' ' . $admins[$ticket['owner']]); } /* Ticket locked? */ if ($ticket['locked']) { hesk_show_notice($hesklang['tislock']); } // Track time worked? if ($hesk_settings['time_worked']) { ?> <div align="center"> <table class="white" style="min-width:600px;"> <tr> <td colspan="2"> » <?php echo $hesklang['ts']; ?> <input type="text" name="time_worked" id="time_worked" size="10" value="<?php echo isset($_SESSION['time_worked']) ? hesk_getTime($_SESSION['time_worked']) : '00:00:00'; ?> " /> <input type="button" class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" onclick="ss()" id="startb" value="<?php echo $hesklang['start']; ?> " /> <input type="button" class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" onclick="r()" value="<?php echo $hesklang['reset']; ?> " /> <br /> </td> </tr> </table> </div> <?php } /* Do we have any canned responses? */ if (strlen($can_options)) { ?> <div align="center"> <table class="white" style="min-width:600px;"> <tr> <td class="admin_gray" colspan="2"><b>» <?php echo $hesklang['saved_replies']; ?> </b></td> </tr> <tr> <td class="admin_gray"> <label><input type="radio" name="mode" id="modeadd" value="1" checked="checked" /> <?php echo $hesklang['madd']; ?> </label><br /> <label><input type="radio" name="mode" id="moderep" value="0" /> <?php echo $hesklang['mrep']; ?> </label> </td> <td class="admin_gray"> <?php echo $hesklang['select_saved']; ?> :<br /> <select name="saved_replies" onchange="setMessage(this.value)"> <option value="0"> - <?php echo $hesklang['select_empty']; ?> - </option> <?php echo $can_options; ?> </select> </td> </tr> </table> </div> <?php } ?> <p align="center"><?php echo $hesklang['message']; ?> : <font class="important">*</font><br /> <span id="HeskMsg"><textarea name="message" id="message" rows="12" cols="72"><?php // Do we have any message stored in session? if (isset($_SESSION['ticket_message'])) { echo stripslashes(hesk_input($_SESSION['ticket_message'])); } else { $res = hesk_dbQuery("SELECT `message` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1"); if (hesk_dbNumRows($res) == 1) { echo hesk_dbResult($res); } } ?> </textarea></span></p> <?php /* attachments */ if ($hesk_settings['attachments']['use']) { ?> <p align="center"> <?php echo $hesklang['attachments'] . ' (<a href="Javascript:void(0)" onclick="Javascript:hesk_window(\'../file_limits.php\',250,500);return false;">' . $hesklang['ful'] . '</a>):<br />'; for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) { echo '<input type="file" name="attachment[' . $i . ']" size="50" /><br />'; } ?> </p> <?php } ?> <div align="center"> <center> <table> <tr> <td> <?php if ($ticket['owner'] != $_SESSION['id'] && $can_assign_self) { if (empty($ticket['owner'])) { echo '<label><input type="checkbox" name="assign_self" value="1" checked="checked" /> <b>' . $hesklang['asss2'] . '</b></label><br />'; } else { echo '<label><input type="checkbox" name="assign_self" value="1" /> ' . $hesklang['asss2'] . '</label><br />'; } } ?> <label><input type="checkbox" name="set_priority" value="1" /> <?php echo $hesklang['change_priority']; ?> </label> <select name="priority"> <?php echo implode('', $options); ?> </select><br /> <label><input type="checkbox" name="signature" value="1" checked="checked" /> <?php echo $hesklang['attach_sign']; ?> </label> (<a href="profile.php"><?php echo $hesklang['profile_settings']; ?> </a>)<br /> <label><input type="checkbox" name="no_notify" value="1" <?php echo $_SESSION['notify_customer_reply'] ? '' : 'checked="checked"'; ?> /> <?php echo $hesklang['dsen']; ?> </label> </td> </tr> </table> </center> </div> <p align="center"> <input type="hidden" name="orig_id" value="<?php echo $ticket['id']; ?> " /> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?> " /> <input type="submit" value=" <?php echo $hesklang['submit_reply']; ?> " class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /> <input type="submit" name="save_reply" value="<?php echo $hesklang['sacl']; ?> " class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" /> </p> <?php // If ticket is not locked, show additional submit options if (!$ticket['locked']) { ?> <p> </p> <p align="center"> <input type="submit" name="submit_as_customer" value="<?php echo $hesklang['sasc']; ?> " class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" /> <input type="submit" name="submit_as_resolved" value="<?php echo $hesklang['submit_as'] . ' ' . $hesklang['closed']; ?> " class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" /> <input type="submit" name="submit_as_in_progress" value="<?php echo $hesklang['submit_as'] . ' ' . $hesklang['in_progress']; ?> " class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" /> <input type="submit" name="submit_as_on_hold" value="<?php echo $hesklang['submit_as'] . ' ' . $hesklang['on_hold']; ?> " class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" /> </p> <?php } ?> </form> </td> <td class="roundcornersright"> </td> </tr> <tr> <td><img src="../img/roundcornerslb.jpg" width="7" height="7" alt="" /></td> <td class="roundcornersbottom"></td> <td width="7" height="7"><img src="../img/roundcornersrb.jpg" width="7" height="7" alt="" /></td> </tr> </table> <!-- END REPLY FORM --> <?php }
function update_profile() { global $hesk_settings, $hesklang, $can_view_unassigned; /* A security check */ hesk_token_check('POST'); $sql_pass = ''; $sql_username = ''; $hesk_error_buffer = ''; $_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>'; $_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>'; $_SESSION['new']['signature'] = hesk_input(hesk_POST('signature')); /* Signature */ if (strlen($_SESSION['new']['signature']) > 1000) { $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>'; } /* Admins can change username */ if ($_SESSION['isadmin']) { $_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>'; /* Check for duplicate usernames */ $result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 0) { $hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>'; } else { $sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'"; } } /* Change password? */ $newpass = hesk_input(hesk_POST('newpass')); $passlen = strlen($newpass); if ($passlen > 0) { /* At least 5 chars? */ if ($passlen < 5) { $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>'; } else { $newpass2 = hesk_input(hesk_POST('newpass2')); if ($newpass != $newpass2) { $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>'; } else { $newpass_hash = hesk_Pass2Hash($newpass); if ($newpass_hash == '499d74967b28a841c98bb4baaabaad699ff3c079') { define('WARN_PASSWORD', true); } $sql_pass = '******'' . $newpass_hash . '\''; } } } /* After reply */ $_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply')); if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) { $_SESSION['new']['afterreply'] = 0; } // Defaults $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0; $_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0; $_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0; $_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0; /* Notifications */ $_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1; $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1; $_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1; $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1; $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1; /* Any errors? */ if (strlen($hesk_error_buffer)) { /* Process the session variables */ $_SESSION['new'] = hesk_stripArray($_SESSION['new']); $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); } else { /* Update database */ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\n\t\t`name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\n\t\t`email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\n\t\t{$sql_username}\n\t\t{$sql_pass} ,\n\t\t`afterreply`='" . $_SESSION['new']['afterreply'] . "' ,\n\t\t" . ($hesk_settings['time_worked'] ? "`autostart`='" . $_SESSION['new']['autostart'] . "'," : '') . "\n\t\t`notify_customer_new`='" . $_SESSION['new']['notify_customer_new'] . "' ,\n\t\t`notify_customer_reply`='" . $_SESSION['new']['notify_customer_reply'] . "' ,\n\t\t`show_suggested`='" . $_SESSION['new']['show_suggested'] . "' ,\n\t\t`notify_new_unassigned`='" . $_SESSION['new']['notify_new_unassigned'] . "' ,\n\t\t`notify_new_my`='" . $_SESSION['new']['notify_new_my'] . "' ,\n\t\t`notify_reply_unassigned`='" . $_SESSION['new']['notify_reply_unassigned'] . "' ,\n\t\t`notify_reply_my`='" . $_SESSION['new']['notify_reply_my'] . "' ,\n\t\t`notify_assigned`='" . $_SESSION['new']['notify_assigned'] . "' ,\n\t\t`notify_pm`='" . $_SESSION['new']['notify_pm'] . "',\n\t\t`notify_note`='" . $_SESSION['new']['notify_note'] . "'\n\t\tWHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1"); /* Process the session variables */ $_SESSION['new'] = hesk_stripArray($_SESSION['new']); // Do we need a new session_veify tag? if (strlen($sql_username) && strlen($sql_pass)) { $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], $newpass_hash); } elseif (strlen($sql_pass)) { $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['user'], $newpass_hash); } elseif (strlen($sql_username)) { $res = hesk_dbQuery('SELECT `pass` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1"); $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], hesk_dbResult($res)); } /* Update session variables */ foreach ($_SESSION['new'] as $k => $v) { $_SESSION[$k] = $v; } unset($_SESSION['new']); hesk_cleanSessionVars('as_notify'); hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS'); } }
function hesk_printReplyForm() { global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self, $isManager; ?> <!-- START REPLY FORM --> <h3 class="text-left"><?php echo $hesklang['add_reply']; ?> </h3> <div class="footerWithBorder"></div> <div class="blankSpace"></div> <form role="form" class="form-horizontal" method="post" action="admin_reply_ticket.php" enctype="multipart/form-data" name="form1" onsubmit="javascript:force_stop();return true;"> <?php /* Ticket assigned to someone else? */ if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && isset($admins[$ticket['owner']])) { hesk_show_notice($hesklang['nyt'] . ' ' . $admins[$ticket['owner']]); } /* Ticket locked? */ if ($ticket['locked']) { hesk_show_notice($hesklang['tislock']); } // Track time worked? if ($hesk_settings['time_worked']) { ?> <div class="form-group"> <label for="time_worked" class="col-sm-3 control-label"><?php echo $hesklang['ts']; ?> :</label> <div class="col-sm-6"> <input type="text" class="form-control" name="time_worked" id="time_worked" size="10" value="<?php echo isset($_SESSION['time_worked']) ? hesk_getTime($_SESSION['time_worked']) : '00:00:00'; ?> "/> </div> <div class="col-sm-3 text-right"> <input type="button" class="btn btn-success" onclick="ss()" id="startb" value="<?php echo $hesklang['start']; ?> "/> <input type="button" class="btn btn-danger" onclick="r()" value="<?php echo $hesklang['reset']; ?> "/> </div> </div> <?php } /* Do we have any canned responses? */ if (strlen($can_options)) { ?> <div class="form-group"> <label for="saved_replies" class="col-sm-3 control-label"><?php echo $hesklang['saved_replies']; ?> :</label> <div class="col-sm-9"> <label><input type="radio" name="mode" id="modeadd" value="1" checked="checked" /> <?php echo $hesklang['madd']; ?> </label><br /> <label><input type="radio" name="mode" id="moderep" value="0" /> <?php echo $hesklang['mrep']; ?> </label> <select class="form-control" name="saved_replies" onchange="setMessage(this.value)"> <option value="0"> - <?php echo $hesklang['select_empty']; ?> - </option> <?php echo $can_options; ?> </select> </div> </div> <?php } ?> <div class="form-group"> <label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message']; ?> : <font class="important">*</font></label> <div class="col-sm-9"> <span id="HeskMsg"> <textarea class="form-control" name="message" id="message" rows="12" placeholder="<?php echo htmlspecialchars($hesklang['message']); ?> " cols="72"><?php // Do we have any message stored in session? if (isset($_SESSION['ticket_message'])) { echo stripslashes(hesk_input($_SESSION['ticket_message'])); } else { $res = hesk_dbQuery("SELECT `message` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1"); if (hesk_dbNumRows($res) == 1) { echo hesk_dbResult($res); } } ?> </textarea></span> </div> </div> <?php /* attachments */ if ($hesk_settings['attachments']['use']) { ?> <div class="form-group"> <label for="attachments" class="col-sm-3 control-label"><?php echo $hesklang['attachments']; ?> :</label> <div class="col-sm-9"> <?php for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) { echo '<input type="file" name="attachment[' . $i . ']" size="50" /><br />'; } echo '<a href="Javascript:void(0)" onclick="Javascript:hesk_window(\'../file_limits.php\',250,500);return false;">' . $hesklang['ful'] . '</a>'; ?> </div> </div> <?php } ?> <div class="form-group"> <label for="options" class="col-sm-3 control-label"><?php echo $hesklang['addop']; ?> :</label> <div class="col-sm-9"> <?php if ($ticket['owner'] != $_SESSION['id'] && $can_assign_self) { if (empty($ticket['owner'])) { echo '<label><input type="checkbox" name="assign_self" value="1" checked="checked" /> <b>' . $hesklang['asss2'] . '</b></label><br />'; } else { echo '<label><input type="checkbox" name="assign_self" value="1" /> ' . $hesklang['asss2'] . '</label><br />'; } } $statusSql = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsStaffClosedOption` = 1'; $statusRow = hesk_dbQuery($statusSql)->fetch_assoc(); $staffClosedOptionStatus = array(); $staffClosedOptionStatus['ID'] = $statusRow['ID']; ?> <div class="form-inline"> <label> <input type="checkbox" name="set_priority" value="1" /> <?php echo $hesklang['change_priority']; ?> </label> <select class="form-control" name="priority"> <?php echo implode('', $options); ?> </select> </div> <br /> <label> <input type="checkbox" name="signature" value="1" checked="checked" /> <?php echo $hesklang['attach_sign']; ?> </label> (<a href="profile.php"><?php echo $hesklang['profile_settings']; ?> </a>) <br /> <label> <input type="checkbox" name="no_notify" value="1" <?php echo $_SESSION['notify_customer_reply'] && !empty($ticket['email']) ? '' : 'checked="checked" '; ?> <?php if (empty($ticket['email'])) { echo 'disabled'; } ?> > <?php echo $hesklang['dsen']; ?> </label><br/><br/> <?php if (empty($ticket['email'])) { echo '<input type="hidden" name="no_notify" value="1">'; } ?> <input type="hidden" name="orig_id" value="<?php echo $ticket['id']; ?> " /> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?> " /> <div class="btn-group"> <input class="btn btn-primary" type="submit" value="<?php echo $hesklang['submit_reply']; ?> "> <button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-expanded="false"> <span class="caret"></span> <span class="sr-only">Toggle Dropdown</span> </button> <ul class="dropdown-menu" role="menu"> <li><a> <button class="dropdown-submit" type="submit" name="submit_as_customer"> <?php echo $hesklang['sasc']; ?> </button> </a></li> <li class="divider"></li> <?php $allStatusesRs = hesk_dbQuery('SELECT `ID`, `Key`, `TextColor` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses`'); $statuses = array(); while ($row = hesk_dbFetchAssoc($allStatusesRs)) { array_push($statuses, $row); } foreach ($statuses as $status) { echo '<li><a> <button class="dropdown-submit" type="submit" name="submit_as_status" value="' . $status['ID'] . '""> ' . $hesklang['submit_reply'] . ' ' . $hesklang['and_change_status_to'] . ' <b> <span style="color:' . $status['TextColor'] . '">' . $hesklang[$status['Key']] . '</span></b> </button> </a></li>'; } ?> </ul> </div> <input class="btn btn-default" type="submit" name="save_reply" value="<?php echo $hesklang['sacl']; ?> "> <?php if ($isManager) { ?> <input type="hidden" name="isManager" value="1"> <?php } ?> </div> </div> </form> <!-- END REPLY FORM --> <?php }
function hesk_printReplyForm() { global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self; ?> <!-- START REPLY FORM --> <div class="container addReply-title"><?php echo $hesklang['add_reply']; ?> </div> <div class="container replyTicket-form"> <form method="post" action="admin_reply_ticket.php" enctype="multipart/form-data" name="form1" onsubmit="javascript:force_stop();return true;"> <br/> <?php /* Ticket assigned to someone else? */ /*if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && isset($admins[$ticket['owner']]) ) { hesk_show_notice($hesklang['nyt'] . ' ' . $admins[$ticket['owner']]); }*/ /* Ticket locked? */ if ($ticket['locked']) { hesk_show_notice($hesklang['tislock']); } // Track time worked? if ($hesk_settings['time_worked']) { ?> <div class="white table-track-time-worked"> <div class="form-inline time_worked"> <label class="col-sm-2"><?php echo $hesklang['ts']; ?> </label> <input class="form-control" type="text" name="time_worked" id="time_worked" size="10" value="<?php echo isset($_SESSION['time_worked']) ? hesk_getTime($_SESSION['time_worked']) : '00:00:00'; ?> " /> <button type="button" class="btn btn-default" onclick="ss()" id="startb"><?php echo $hesklang['start']; ?> </button> <button type="button" class="btn btn-default" onclick="r()"><?php echo $hesklang['reset']; ?> </button> </div> </div><!-- end table-track-time-worked--> <br/> <?php } /* Do we have any canned responses? */ if (strlen($can_options)) { ?> <div class="white table-track-time-worked"> <div class="form-inline" style=" margin-bottom: 10px;"> <span class="admin_gray"><b>» <?php echo $hesklang['saved_replies']; ?> </b></span> <div class="form-group admin_gray" style="vertical-align: top;"> <label for="modeadd"><input type="radio" name="mode" id="modeadd" value="1" checked="checked" /> <?php echo $hesklang['madd']; ?> </label><br /> <label for="moderep"><input type="radio" name="mode" id="moderep" value="0" /> <?php echo $hesklang['mrep']; ?> </label> </div> </div> <div class="form-inline admin_gray" style="margin-bottom: 10px;"> <label for="selec-canned-response"><?php echo $hesklang['select_saved']; ?> :</label> <select id="selec-canned-response" name="saved_replies" onchange="setMessage(this.value)"> <option value="0"> - <?php echo $hesklang['select_empty']; ?> - </option> <?php echo $can_options; ?> </select> </div> </div><!-- end table-track-time-worked--> <?php } ?> <div class="form-inline"> <span class="col-sm-2"><?php echo $hesklang['message']; ?> : <font class="important">*</font></span> <span id="HeskMsg"><textarea name="message" id="message" rows="12" cols="72" class="HeskMsg-addReply form-control"> <?php // Do we have any message stored in session? if (isset($_SESSION['ticket_message'])) { echo stripslashes(hesk_input($_SESSION['ticket_message'])); } else { $res = hesk_dbQuery("SELECT `message` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1"); if (hesk_dbNumRows($res) == 1) { echo hesk_dbResult($res); } } ?> </textarea></span></div> <br/> <div class="form-inline"> <?php /* attachments */ if ($hesk_settings['attachments']['use']) { ?> <?php echo '<span class="col-sm-2">' . $hesklang['attachments'] . ':' . '</span>'; echo '<div class="form-group" id="attachments-addReply">'; for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) { echo '<input id="chooseFile-addReply" type="file" name="attachment[' . $i . ']" size="50" />'; } echo '<span>(<a href="Javascript:void(0)" onclick="Javascript:hesk_window(\'../file_limits.php\',250,500);return false;">' . $hesklang['ful'] . '</a>)</span>'; echo ' </div>'; ?> <?php } ?> </div> <br/> <div class="first-table"> <?php /*if ($ticket['owner'] != $_SESSION['id'] && $can_assign_self) { if (empty($ticket['owner'])) { echo '<label class="container"><input type="checkbox" name="assign_self" value="1" checked="checked" /> <b>'.$hesklang['asss2'].'</b></label><br />'; } else { echo '<label class="container"><input type="checkbox" name="assign_self" value="1" /> '.$hesklang['asss2'].'</label><br />'; } }*/ ?> <div class="form-inline"> <label class="col-sm-2 control-label"><input type="checkbox" name="set_priority" value="1" /> <?php echo $hesklang['change_priority']; ?> </label> <select class="form-control" name="priority"> <?php echo implode('', $options); ?> </select> </div> <br /> <!--<div class="form-inline"> <label class="col-sm-2"><input type="checkbox" name="signature" value="1" checked="checked" /> <?php //echo $hesklang['attach_sign']; ?> </label> <span>(<a href="profile.php"><?php //echo $hesklang['profile_settings']; ?> </a>)</span> </div>--> <label class="container"><input type="checkbox" name="no_notify" value="1" <?php echo $_SESSION['notify_customer_reply'] ? '' : 'checked="checked"'; ?> /> <?php echo $hesklang['dsen']; ?> </label> </div><!-- end first-table--> <br/> <div> <input type="hidden" name="orig_id" value="<?php echo $ticket['id']; ?> " /> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?> " /> <input type="submit" value="<?php echo $hesklang['submit_reply']; ?> " class="btn btn-default submit_reply_btn" /> <input type="submit" name="save_reply" value="<?php echo $hesklang['sacl']; ?> " class="btn btn-default sacl_btn" /> </div> <br/> <?php // If ticket is not locked, show additional submit options if (!$ticket['locked']) { ?> <div> <input type="submit" name="submit_as_customer" value="<?php echo $hesklang['sasc']; ?> " class="btn btn-default sasc_btn" /> <input type="submit" name="submit_as_resolved" value="<?php echo $hesklang['submit_as'] . ' ' . $hesklang['closed']; ?> " class="btn btn-default submit_as_closed_btn" /> <input type="submit" name="submit_as_in_progress" value="<?php echo $hesklang['submit_as'] . ' ' . $hesklang['in_progress']; ?> " class="btn btn-default submit_as_in_progress_btn" /> <input type="submit" name="submit_as_on_hold" value="<?php echo $hesklang['submit_as'] . ' ' . $hesklang['on_hold']; ?> " class="btn btn-default submit_as_on_hold_btn" /> </div> <br/> <?php } ?> </form> </div><!-- end reply-form-admin-ticket --> <!-- END REPLY FORM --> <?php }
function mail_list_messages() { global $hesk_settings, $hesklang, $admins; $href = 'mail.php'; $query = ''; if ($hesk_settings['mailtmp']['folder'] == 'outbox') { $query .= 'folder=outbox&'; } $query .= 'page='; $maxresults = 30; $tmp = intval(hesk_POST('page', 1)); $page = $tmp > 1 ? $tmp : 1; /* List of private messages */ $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `" . hesk_dbEscape($hesk_settings['mailtmp']['this']) . "`='" . intval($_SESSION['id']) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "'"); $total = hesk_dbResult($res, 0, 0); if ($total > 0) { $pages = ceil($total / $maxresults) or $pages = 1; if ($page > $pages) { $page = $pages; } $limit_down = $page * $maxresults - $maxresults; $prev_page = $page - 1 <= 0 ? 0 : $page - 1; $next_page = $page + 1 > $pages ? 0 : $page + 1; if ($pages > 1) { echo $hesklang['pg'] . ': '; /* List pages */ if ($pages >= 7) { if ($page > 2) { echo '<a href="' . $href . '?' . $query . '1"><b>«</b></a> '; } if ($prev_page) { echo '<a href="' . $href . '?' . $query . $prev_page . '"><b>‹</b></a> '; } } for ($i = 1; $i <= $pages; $i++) { if ($i <= $page + 5 && $i >= $page - 5) { if ($i == $page) { echo ' <b>' . $i . '</b> '; } else { echo ' <a href="' . $href . '?' . $query . $i . '">' . $i . '</a> '; } } } if ($pages >= 7) { if ($next_page) { echo ' <a href="' . $href . '?' . $query . $next_page . '"><b>›</b></a> '; } if ($page < $pages - 1) { echo ' <a href="' . $href . '?' . $query . $pages . '"><b>»</b></a>'; } } echo '<br /> '; } // end PAGES > 1 // Get messages from the database $res = hesk_dbQuery("SELECT `id`, `from`, `to`, `subject`, `dt`, `read` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `" . hesk_dbEscape($hesk_settings['mailtmp']['this']) . "`='" . intval($_SESSION['id']) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "' ORDER BY `id` DESC LIMIT " . intval($limit_down) . " , " . intval($maxresults) . " "); ?> <form action="mail.php<?php if ($hesk_settings['mailtmp']['folder'] == 'outbox') { echo '?folder=outbox'; } ?> " name="form1" method="post"> <div class="container table-responsive"> <table class="table table-bordered table-hover" style="background: #E0EEEE;"> <tr> <th class="admin_white" style="width:1px"><input type="checkbox" name="checkall" value="2" onclick="hesk_changeAll(this)" /></th> <th class="admin_white" style="text-align:left; white-space:nowrap;"><?php echo $hesklang['m_sub']; ?> </th> <th class="admin_white" style="text-align:left; white-space:nowrap;"><?php echo $hesk_settings['mailtmp']['m_from']; ?> </th> <th class="admin_white" style="text-align:left; white-space:nowrap;"><?php echo $hesklang['date']; ?> </th> </tr> <?php $i = 0; while ($pm = hesk_dbFetchAssoc($res)) { if ($i) { $color = "admin_gray"; $i = 0; } else { $color = "admin_white"; $i = 1; } $pm['subject'] = '<a href="mail.php?a=read&id=' . $pm['id'] . '">' . $pm['subject'] . '</a>'; if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read']) { $pm['subject'] = '<b>' . $pm['subject'] . '</b>'; } $pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&id=' . $pm[$hesk_settings['mailtmp']['other']] . '">' . $admins[$pm[$hesk_settings['mailtmp']['other']]] . '</a>' : ($pm['from'] == 9999 ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']); $pm['dt'] = hesk_dateToString($pm['dt'], 0, 0, 0, true); echo <<<EOC \t\t\t\t\t<tr> \t\t\t\t\t<td class="{$color}" style="text-align:left; white-space:nowrap;"><input type="checkbox" name="id[]" value="{$pm['id']}" /> </td> \t\t\t\t\t<td class="{$color}">{$pm['subject']}</td> \t\t\t\t\t<td class="{$color}">{$pm['name']}</td> \t\t\t\t\t<td class="{$color}">{$pm['dt']}</td> \t\t\t\t\t</tr> EOC; } // End while ?> </table><!-- end table table-bordered table-hover table-responsive --> </div> <div class="container" align="right"><select name="a"> <?php if ($hesk_settings['mailtmp']['this'] == 'to') { ?> <option value="mark_read" selected="selected"><?php echo $hesklang['mo1']; ?> </option> <option value="mark_unread"><?php echo $hesklang['mo2']; ?> </option> <?php } ?> <option value="delete"><?php echo $hesklang['mo3']; ?> </option> </select> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?> " /> <input type="submit" value="<?php echo $hesklang['execute']; ?> " onclick="Javascript:if (document.form1.a.value=='delete') return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['mo3']); ?> ?');" class="btn btn-default" /> </form> <br/><br/> </div> <?php } else { echo '<div class="container"><i>' . $hesklang['npm'] . '</i></div><br/>'; } }
function hesk_iSaveSettings() { global $hesk_settings, $hesklang; // Get default settings $hesk_default = hesk_defaultSettings(); // Set a new version number $hesk_settings['hesk_version'] = HESK_NEW_VERSION; // Correct typos in variable names before 2.4 $hesk_settings['smtp_host_port'] = isset($hesk_settings['stmp_host_port']) ? $hesk_settings['stmp_host_port'] : 25; $hesk_settings['smtp_timeout'] = isset($hesk_settings['stmp_timeout']) ? $hesk_settings['stmp_timeout'] : 10; $hesk_settings['smtp_user'] = isset($hesk_settings['stmp_user']) ? $hesk_settings['stmp_user'] : ''; $hesk_settings['smtp_password'] = isset($hesk_settings['stmp_password']) ? $hesk_settings['stmp_password'] : ''; // Assign all required values foreach ($hesk_default as $k => $v) { if (is_array($v)) { // Arrays will be processed separately continue; } if (!isset($hesk_settings[$k])) { $hesk_settings[$k] = $v; } } // Arrays need special care $hesk_settings['attachments'] = isset($hesk_settings['attachments']) ? $hesk_settings['attachments'] : $hesk_default['attachments']; $hesk_settings['email_providers'] = isset($hesk_settings['email_providers']) ? $hesk_settings['email_providers'] : $hesk_default['email_providers']; // Attachments max size must be multiplied by 1024 since version 2.4 if ($hesk_settings['attachments']['max_size'] < 102400) { $hesk_settings['attachments']['max_size'] = $hesk_settings['attachments']['max_size'] * 1024; } // Custom fields for ($i = 1; $i <= 20; $i++) { $this_field = 'custom' . $i; if (isset($hesk_settings['custom_fields'][$this_field]) && $hesk_settings['custom_fields'][$this_field]['use']) { if (!isset($hesk_settings['custom_fields'][$this_field]['place'])) { $hesk_settings['custom_fields'][$this_field]['place'] = 0; $hesk_settings['custom_fields'][$this_field]['type'] = 'text'; $hesk_settings['custom_fields'][$this_field]['value'] = ''; } $hesk_settings['custom_fields'][$this_field]['name'] = addslashes($hesk_settings['custom_fields'][$this_field]['name']); $hesk_settings['custom_fields'][$this_field]['value'] = addslashes($hesk_settings['custom_fields'][$this_field]['value']); } else { $hesk_settings['custom_fields'][$this_field] = $hesk_default['custom_fields'][$this_field]; } } // Encode and escape characters $set = $hesk_settings; foreach ($hesk_settings as $k => $v) { if (is_array($v)) { continue; } $set[$k] = addslashes($v); } $set['debug_mode'] = 0; $set['email_providers'] = count($hesk_settings['email_providers']) ? "'" . implode("','", $hesk_settings['email_providers']) . "'" : ''; // Check if PHP version is 5.2.3+ and MySQL is 5.0.7+ $res = hesk_dbQuery('SELECT VERSION() AS version'); $set['db_vrsn'] = version_compare(PHP_VERSION, '5.2.3') >= 0 && version_compare(hesk_dbResult($res), '5.0.7') >= 0 ? 1 : 0; hesk_iSaveSettingsFile($set); return true; }
hesk_removeAttachments($attachments); } $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "<li>{$error}</li>\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999)); } /* Connect to database */ hesk_dbConnect(); // Check if this IP is temporarily locked out $res = hesk_dbQuery("SELECT `number` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' AND `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW() LIMIT 1"); if (hesk_dbNumRows($res) == 1) { if (hesk_dbResult($res) >= $hesk_settings['attempt_limit']) { unset($_SESSION); hesk_error(sprintf($hesklang['yhbb'], $hesk_settings['attempt_banmin']), 0); } } /* Get details about the original ticket */ $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='{$trackingID}' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { hesk_error($hesklang['ticket_not_found']); } $ticket = hesk_dbFetchAssoc($res); /* If we require e-mail to view tickets check if it matches the one in database */ hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']); /* Ticket locked? */ if ($ticket['locked']) { hesk_process_messages($hesklang['tislock2'], 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999));
while ($row = hesk_dbFetchAssoc($res2)) { $admins[$row['id']] = $row['name']; } } /* List of categories */ $orderBy = $modsForHesk_settings['category_order_column']; $hesk_settings['categories'] = array(); $res2 = hesk_dbQuery('SELECT `id`, `name` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` WHERE ' . hesk_myCategories('id') . ' ORDER BY `' . $orderBy . '` ASC'); while ($row = hesk_dbFetchAssoc($res2)) { $hesk_settings['categories'][$row['id']] = $row['name']; } /* Current MySQL time */ $mysql_time = hesk_dbTime(); /* Get number of tickets and page number */ $result = hesk_dbQuery($sql_count); $total = hesk_dbResult($result); //-- Precondition: The panel has already been created, and there is NO open <div class="panel-body"> tag yet. echo '<div class="panel-body">'; if ($total > 0) { /* This query string will be used to browse pages */ if ($href == 'show_tickets.php') { #$query = 'status='.$status; $query = ''; $query .= 's' . implode('=1&s', array_keys($status)) . '=1'; $query .= '&p' . implode('=1&p', array_keys($priority)) . '=1'; $query .= '&category=' . $category; $query .= '&sort=' . $sort; $query .= '&asc=' . $asc; $query .= '&limit=' . $maxresults; $query .= '&archive=' . $archive[1]; $query .= '&s_my=' . $s_my[1];
function hesk_checkNewMail() { global $hesk_settings, $hesklang; $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `to`='" . intval($_SESSION['id']) . "' AND `read`='0' AND `deletedby`!='" . intval($_SESSION['id']) . "' "); $num = hesk_dbResult($res, 0, 0); return $num; }
hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']); } /* Delete attachments info from the database */ hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1"); } } /* Delete this reply */ hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1"); /* Reply wasn't deleted */ if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['repl1'], $_SERVER['PHP_SELF']); } else { /* Reply deleted. Need to update status and last replier? */ $res = hesk_dbQuery("SELECT `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` DESC LIMIT 1"); if (hesk_dbNumRows($res)) { $replier_id = hesk_dbResult($res, 0, 0); $last_replier = $replier_id ? 1 : 0; /* Change status? */ $status_sql = ''; if ($last_reply_id == $n) { $status = $ticket['locked'] ? 3 : ($last_replier ? 2 : 1); $status_sql = " , `status`='" . intval($status) . "' "; } hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='" . intval($replier_id) . "' {$status_sql} WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); } else { $status = $ticket['locked'] ? 3 : 0; hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='{$status}' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); } hesk_process_messages($hesklang['repl'], $_SERVER['PHP_SELF'], 'SUCCESS'); } } else {