Ejemplo n.º 1
0
            }
            $myerror .= '</ul>';
            hesk_error($myerror);
        }
        $tmpvar['message'] = hesk_makeURL($tmpvar['message']);
        $tmpvar['message'] = nl2br($tmpvar['message']);
        foreach ($hesk_settings['custom_fields'] as $k => $v) {
            if ($v['use'] && isset($_POST[$k])) {
                if (is_array($_POST[$k])) {
                    $tmpvar[$k] = '';
                    foreach ($_POST[$k] as $myCB) {
                        $tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';
                    }
                    $tmpvar[$k] = substr($tmpvar[$k], 0, -6);
                } else {
                    $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k])));
                }
            } else {
                $tmpvar[$k] = '';
            }
        }
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET\n\t\t`name`='" . hesk_dbEscape($tmpvar['name']) . "',\n\t\t`email`='" . hesk_dbEscape($tmpvar['email']) . "',\n\t\t`subject`='" . hesk_dbEscape($tmpvar['subject']) . "',\n\t\t`message`='" . hesk_dbEscape($tmpvar['message']) . "',\n\t\t`custom1`='" . hesk_dbEscape($tmpvar['custom1']) . "',\n\t\t`custom2`='" . hesk_dbEscape($tmpvar['custom2']) . "',\n\t\t`custom3`='" . hesk_dbEscape($tmpvar['custom3']) . "',\n\t\t`custom4`='" . hesk_dbEscape($tmpvar['custom4']) . "',\n\t\t`custom5`='" . hesk_dbEscape($tmpvar['custom5']) . "',\n\t\t`custom6`='" . hesk_dbEscape($tmpvar['custom6']) . "',\n\t\t`custom7`='" . hesk_dbEscape($tmpvar['custom7']) . "',\n\t\t`custom8`='" . hesk_dbEscape($tmpvar['custom8']) . "',\n\t\t`custom9`='" . hesk_dbEscape($tmpvar['custom9']) . "',\n\t\t`custom10`='" . hesk_dbEscape($tmpvar['custom10']) . "',\n\t\t`custom11`='" . hesk_dbEscape($tmpvar['custom11']) . "',\n\t\t`custom12`='" . hesk_dbEscape($tmpvar['custom12']) . "',\n\t\t`custom13`='" . hesk_dbEscape($tmpvar['custom13']) . "',\n\t\t`custom14`='" . hesk_dbEscape($tmpvar['custom14']) . "',\n\t\t`custom15`='" . hesk_dbEscape($tmpvar['custom15']) . "',\n\t\t`custom16`='" . hesk_dbEscape($tmpvar['custom16']) . "',\n\t\t`custom17`='" . hesk_dbEscape($tmpvar['custom17']) . "',\n\t\t`custom18`='" . hesk_dbEscape($tmpvar['custom18']) . "',\n\t\t`custom19`='" . hesk_dbEscape($tmpvar['custom19']) . "',\n\t\t`custom20`='" . hesk_dbEscape($tmpvar['custom20']) . "'\n\t\tWHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
    }
    unset($tmpvar);
    hesk_cleanSessionVars('tmpvar');
    hesk_process_messages($hesklang['edt2'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
$ticket['message'] = hesk_msgToPlain($ticket['message'], 0, 0);
/* Print header */
require_once HESK_PATH . 'inc/header.inc.php';
/* Print admin navigation */
Ejemplo n.º 2
0
    hesk_error($hesklang['maxpost']);
}
session_start();
/* A security check */
# hesk_token_check('POST');
$hesk_error_buffer = array();
// Tracking ID
$trackingID = hesk_cleanID('orig_track') or die($hesklang['int_error'] . ': No orig_track');
// Email required to view ticket?
$my_email = hesk_getCustomerEmail();
// Get message
$message = hesk_input(hesk_POST('message'));
// If the message was entered, further parse it
if (strlen($message)) {
    // Make links clickable
    $message = hesk_makeURL($message);
    // Turn newlines into <br />
    $message = nl2br($message);
} else {
    $hesk_error_buffer[] = $hesklang['enter_message'];
}
/* Attachments */
if ($hesk_settings['attachments']['use']) {
    require HESK_PATH . 'inc/attachments.inc.php';
    $attachments = array();
    for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
        $att = hesk_uploadFile($i);
        if ($att !== false && !empty($att)) {
            $attachments[$i] = $att;
        }
    }
Ejemplo n.º 3
0
function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority = -1)
{
    global $hesk_settings, $hesklang, $hesk_db_link, $ticket;
    // Process "Reply-To:" or "From:" email
    $tmpvar['email'] = isset($results['reply-to'][0]['address']) ? hesk_validateEmail($results['reply-to'][0]['address'], 'ERR', 0) : hesk_validateEmail($results['from'][0]['address'], 'ERR', 0);
    // Email missing, invalid or banned?
    if (!$tmpvar['email'] || hesk_isBannedEmail($tmpvar['email'])) {
        return hesk_cleanExit();
    }
    // Process "Reply-To:" or "From:" name, convert to UTF-8, set to "[Customer]" if not set
    if (isset($results['reply-to'][0]['name']) && strlen($results['reply-to'][0]['name'])) {
        $tmpvar['name'] = $results['reply-to'][0]['name'];
        if (!empty($results['reply-to'][0]['encoding'])) {
            $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['reply-to'][0]['encoding']);
        }
    } else {
        $tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde'];
        if (!empty($results['from'][0]['encoding'])) {
            $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']);
        }
    }
    $tmpvar['name'] = hesk_input($tmpvar['name'], '', '', 1, 50) or $tmpvar['name'] = $hesklang['pde'];
    // Process "To:" email (not yet implemented, for future use)
    // $tmpvar['to_email']	= hesk_validateEmail($results['to'][0]['address'],'ERR',0);
    // Process email subject, convert to UTF-8, set to "[Piped email]" if none set
    $tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem'];
    if (!empty($results['subject_encoding'])) {
        $tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']);
    }
    $tmpvar['subject'] = hesk_input($tmpvar['subject'], '', '', 1, 70) or $tmpvar['subject'] = $hesklang['pem'];
    // Process email message, convert to UTF-8
    $tmpvar['message'] = isset($results['message']) ? $results['message'] : '';
    if (!empty($results['encoding'])) {
        $tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']);
    }
    $tmpvar['message'] = hesk_input($tmpvar['message'], '', '', 1);
    // Message missing?
    if (strlen($tmpvar['message']) == 0) {
        // Message required? Ignore this email.
        if ($hesk_settings['eml_req_msg']) {
            return hesk_cleanExit();
        }
        // Message not required? Assign a default message
        $tmpvar['message'] = $hesklang['def_msg'];
        // Track duplicate emails based on subject
        $message_hash = md5($tmpvar['subject']);
    } else {
        $message_hash = md5($tmpvar['message']);
    }
    // Strip quoted reply from email
    $tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']);
    // Convert URLs to links, change newlines to <br />
    $tmpvar['message'] = hesk_makeURL($tmpvar['message']);
    $tmpvar['message'] = nl2br($tmpvar['message']);
    # For debugging purposes
    # die( bin2hex($tmpvar['message']) );
    # die($tmpvar['message']);
    // Try to detect "delivery failed" and "noreply" emails - ignore if detected
    if (hesk_isReturnedEmail($tmpvar)) {
        return hesk_cleanExit();
    }
    // Check for email loops
    if (hesk_isEmailLoop($tmpvar['email'], $message_hash)) {
        return hesk_cleanExit();
    }
    // OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket
    if (preg_match('/\\[#([A-Z0-9]{3}\\-[A-Z0-9]{3}\\-[A-Z0-9]{4})\\]/', str_replace(' ', '', $tmpvar['subject']), $matches)) {
        // We found a possible tracking ID
        $tmpvar['trackid'] = $matches[1];
        // Does it match one in the database?
        $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($tmpvar['trackid']) . "' LIMIT 1");
        if (hesk_dbNumRows($res)) {
            $ticket = hesk_dbFetchAssoc($res);
            // Do email addresses match?
            if (strpos(strtolower($ticket['email']), strtolower($tmpvar['email'])) === false) {
                $tmpvar['trackid'] = '';
            }
            // Is this ticket locked? Force create a new one if it is
            if ($ticket['locked']) {
                $tmpvar['trackid'] = '';
            }
        } else {
            $tmpvar['trackid'] = '';
        }
    }
    // If tracking ID is empty, generate a new one
    if (empty($tmpvar['trackid'])) {
        $tmpvar['trackid'] = hesk_createID();
        $is_reply = 0;
    } else {
        $is_reply = 1;
    }
    // Process attachments
    $tmpvar['attachmment_notices'] = '';
    $tmpvar['attachments'] = '';
    $num = 0;
    if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) {
        foreach ($results['attachments'] as $k => $v) {
            // Clean attachment names
            $myatt['real_name'] = hesk_cleanFileName($v['orig_name']);
            // Check number of attachments, delete any over max number
            if ($num >= $hesk_settings['attachments']['max_number']) {
                $tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n";
                continue;
            }
            // Check file extension
            $ext = strtolower(strrchr($myatt['real_name'], "."));
            if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) {
                $tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n";
                continue;
            }
            // Check file size
            $myatt['size'] = $v['size'];
            if ($myatt['size'] > $hesk_settings['attachments']['max_size']) {
                $tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n";
                continue;
            }
            // Generate a random file name
            $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789';
            $tmp = $useChars[mt_rand(0, 29)];
            for ($j = 1; $j < 10; $j++) {
                $tmp .= $useChars[mt_rand(0, 29)];
            }
            $myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext;
            // Rename the temporary file
            rename($v['stored_name'], HESK_PATH . $hesk_settings['attach_dir'] . '/' . $myatt['saved_name']);
            // Insert into database
            hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
            $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
            $num++;
        }
        if (strlen($tmpvar['attachmment_notices'])) {
            $tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'], '', '', 1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'], '', '', 1));
        }
    }
    // Delete the temporary files
    deleteAll($results['tempdir']);
    // If this is a reply add a new reply
    if ($is_reply) {
        // Set last replier name to customer name
        $ticket['lastreplier'] = $tmpvar['name'] == $hesklang['pde'] ? $tmpvar['email'] : $tmpvar['name'];
        // If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff"
        $ticket['status'] = $ticket['status'] ? 1 : 0;
        // Update ticket as necessary
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
        // If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened)
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' ");
        // Insert reply into database
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($ticket['lastreplier']) . "','" . hesk_dbEscape($tmpvar['message']) . "',NOW(),'" . hesk_dbEscape($tmpvar['attachments']) . "')");
        // --> Prepare reply message
        // 1. Generate the array with ticket info that can be used in emails
        $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($tmpvar['message']), 'attachments' => $tmpvar['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']);
        // 2. Add custom fields to the array
        foreach ($hesk_settings['custom_fields'] as $k => $v) {
            $info[$k] = $v['use'] ? $ticket[$k] : '';
        }
        // 3. Make sure all values are properly formatted for email
        $ticket = hesk_ticketToPlain($info, 1, 0);
        // --> Process custom fields before sending
        foreach ($hesk_settings['custom_fields'] as $k => $v) {
            $ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : '';
        }
        // --> If ticket is assigned just notify the owner
        if ($ticket['owner']) {
            hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
        } else {
            hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'");
        }
        return $ticket['trackid'];
    }
    // END REPLY
    // Not a reply, but a new ticket. Add it to the database
    $tmpvar['category'] = $set_category;
    $tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority;
    $_SERVER['REMOTE_ADDR'] = $hesklang['unknown'];
    // Auto assign tickets if aplicable
    $tmpvar['owner'] = 0;
    $tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date());
    $tmpvar['openedby'] = $pop3 ? -2 : -1;
    $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
    #print_r($autoassign_owner);
    if ($autoassign_owner) {
        $tmpvar['owner'] = $autoassign_owner['id'];
        $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
    }
    // Custom fields will be empty as there is no reliable way of detecting them
    foreach ($hesk_settings['custom_fields'] as $k => $v) {
        $tmpvar[$k] = '';
    }
    // Insert ticket to database
    $ticket = hesk_newTicket($tmpvar);
    // Notify the customer
    if ($hesk_settings['notify_new']) {
        $possible_SPAM = false;
        // Do we need to check subject for SPAM tags?
        if ($hesk_settings['notify_skip_spam']) {
            foreach ($hesk_settings['notify_spam_tags'] as $tag) {
                if (strpos($tmpvar['subject'], $tag) !== false) {
                    $possible_SPAM = true;
                    break;
                }
            }
        }
        // SPAM tags not found or not checked, send email
        if ($possible_SPAM === false) {
            hesk_notifyCustomer();
        }
    }
    // Need to notify staff?
    // --> From autoassign?
    if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) {
        hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
    } elseif (!$tmpvar['owner']) {
        hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' ");
    }
    return $ticket['trackid'];
}
Ejemplo n.º 4
0
function mail_send()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    $hesk_error_buffer = '';
    /* Recipient */
    $_SESSION['mail']['to'] = intval(hesk_POST('to'));
    /* Valid recipient? */
    if (empty($_SESSION['mail']['to'])) {
        $hesk_error_buffer .= '<li>' . $hesklang['m_rec'] . '</li>';
    } elseif ($_SESSION['mail']['to'] == $_SESSION['id']) {
        $hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>';
    } else {
        $res = hesk_dbQuery("SELECT `name`,`email`,`notify_pm` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($_SESSION['mail']['to']) . "' LIMIT 1");
        $num = hesk_dbNumRows($res);
        if (!$num) {
            $hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>';
        } else {
            $pm_recipient = hesk_dbFetchAssoc($res);
        }
    }
    /* Subject */
    $_SESSION['mail']['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer .= '<li>' . $hesklang['m_esu'] . '</li>';
    /* Message */
    $_SESSION['mail']['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_message'] . '</li>';
    /* Any errors? */
    if (strlen($hesk_error_buffer)) {
        $_SESSION['hide']['list'] = 1;
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
    } else {
        $_SESSION['mail']['message'] = hesk_makeURL($_SESSION['mail']['message']);
        $_SESSION['mail']['message'] = nl2br($_SESSION['mail']['message']);
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`from`,`to`,`subject`,`message`,`dt`,`read`) VALUES ('" . intval($_SESSION['id']) . "','" . intval($_SESSION['mail']['to']) . "','" . hesk_dbEscape($_SESSION['mail']['subject']) . "','" . hesk_dbEscape($_SESSION['mail']['message']) . "',NOW(),'0')");
        /* Notify receiver via e-mail? */
        if (isset($pm_recipient) && $pm_recipient['notify_pm']) {
            $pm_id = hesk_dbInsertID();
            $pm = array('name' => hesk_msgToPlain(addslashes($_SESSION['name']), 1, 1), 'subject' => hesk_msgToPlain($_SESSION['mail']['subject'], 1, 1), 'message' => hesk_msgToPlain($_SESSION['mail']['message'], 1, 1), 'id' => $pm_id);
            /* Format email subject and message for recipient */
            $subject = hesk_getEmailSubject('new_pm', $pm, 0);
            $message = hesk_getEmailMessage('new_pm', $pm, 1, 0);
            /* Send e-mail */
            hesk_mail($pm_recipient['email'], $subject, $message);
        }
        unset($_SESSION['mail']);
        hesk_process_messages($hesklang['m_pms'], './mail.php', 'SUCCESS');
    }
}
Ejemplo n.º 5
0
    $_SESSION['c_category'] = hesk_POST('category');
    $_SESSION['c_priority'] = hesk_POST('priority');
    $_SESSION['c_subject'] = hesk_POST('subject');
    $_SESSION['c_message'] = hesk_POST('message');
    $tmp = '';
    foreach ($hesk_error_buffer as $error) {
        $tmp .= "<li>{$error}</li>\n";
    }
    // Remove any successfully uploaded attachments
    if ($below_limit && $hesk_settings['attachments']['use']) {
        hesk_removeAttachments($attachments);
    }
    $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $tmp . '</ul>';
    hesk_process_messages($hesk_error_buffer, 'index.php?a=add');
}
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
// Track suggested knowledgebase articles
if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && isset($_POST['suggested']) && is_array($_POST['suggested'])) {
    $tmpvar['articles'] = implode(',', array_unique(array_map('intval', $_POST['suggested'])));
}
// All good now, continue with ticket creation
$tmpvar['owner'] = 0;
$tmpvar['history'] = sprintf($hesklang['thist15'], hesk_date(), $tmpvar['name']);
// Auto assign tickets if aplicable
$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
if ($autoassign_owner) {
    $tmpvar['owner'] = $autoassign_owner['id'];
    $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
}
// Insert attachments
Ejemplo n.º 6
0
function hesk_mail($to, $subject, $message, $htmlMessage, $cc = array(), $bcc = array(), $hasMessageTag = false)
{
    global $hesk_settings, $hesklang, $modsForHesk_settings, $ticket;
    // Demo mode
    if (defined('HESK_DEMO')) {
        return true;
    }
    // Encode subject to UTF-8
    $subject = "=?UTF-8?B?" . base64_encode(hesk_html_entity_decode($subject)) . "?=";
    // Auto-generate URLs for HTML-formatted emails
    $htmlMessage = hesk_makeURL($htmlMessage, '', false);
    // Setup "name <email>" for headers
    if ($hesk_settings['noreply_name']) {
        $hesk_settings['from_header'] = "=?UTF-8?B?" . base64_encode(hesk_html_entity_decode($hesk_settings['noreply_name'])) . "?= <" . $hesk_settings['noreply_mail'] . ">";
    } else {
        $hesk_settings['from_header'] = $hesk_settings['noreply_mail'];
    }
    // Uncomment for debugging
    # echo "<p>TO: $to<br >SUBJECT: $subject<br >MSG: $message</p>";
    # return true;
    // Use mailgun
    if ($modsForHesk_settings['use_mailgun']) {
        ob_start();
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, "https://api.mailgun.net/v2/" . $modsForHesk_settings['mailgun_domain'] . "/messages");
        curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
        curl_setopt($ch, CURLOPT_USERPWD, 'api:' . $modsForHesk_settings['mailgun_api_key']);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($ch, CURLOPT_POST, true);
        $postfields = array('from' => $hesk_settings['from_header'], 'to' => $to, 'h:Reply-To' => $hesk_settings['from_header'], 'subject' => $subject, 'text' => $message);
        if (count($cc) > 0) {
            $postfields['cc'] = implode(',', $cc);
        }
        if (count($bcc) > 0) {
            $postfields['bcc'] = implode(',', $bcc);
        }
        if ($modsForHesk_settings['html_emails']) {
            $postfields['html'] = $htmlMessage;
        }
        if ($hasMessageTag && $modsForHesk_settings['attachments'] && $hesk_settings['attachments']['use'] && isset($ticket['attachments']) && strlen($ticket['attachments'])) {
            $postfields = processDirectAttachments('mailgun', $postfields);
        }
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
        $result = curl_exec($ch);
        curl_close($ch);
        $tmp = trim(ob_get_contents());
        ob_end_clean();
        return strlen($tmp) ? $tmp : true;
    }
    $outerboundary = sha1(uniqid());
    $innerboundary = sha1(uniqid());
    if ($outerboundary == $innerboundary) {
        $innerboundary .= '1';
    }
    $plaintextMessage = $message;
    $message = "--" . $outerboundary . "\n";
    $message .= "Content-Type: multipart/alternative; boundary=\"" . $innerboundary . "\"\n\n";
    $message .= "--" . $innerboundary . "\n";
    $message .= "Content-Type: text/plain; charset=" . $hesklang['ENCODING'] . "\n\n";
    $message .= $plaintextMessage . "\n\n";
    //Prepare the message for HTML or non-html
    if ($modsForHesk_settings['html_emails']) {
        $message .= "--" . $innerboundary . "\n";
        $message .= "Content-Type: text/html; charset=" . $hesklang['ENCODING'] . "\n\n";
        $message .= $htmlMessage . "\n\n";
    }
    //-- Close the email
    $message .= "--" . $innerboundary . "--";
    // Use PHP's mail function
    if (!$hesk_settings['smtp']) {
        // Set additional headers
        $headers = '';
        $headers .= "MIME-Version: 1.0\n";
        $headers .= "From: {$hesk_settings['from_header']}\n";
        if (count($cc) > 0) {
            $headers .= "Cc: " . implode(',', $cc);
        }
        if (count($bcc) > 0) {
            $headers .= "Bcc: " . implode(',', $bcc);
        }
        $headers .= "Reply-To: {$hesk_settings['from_header']}\n";
        $headers .= "Return-Path: {$hesk_settings['webmaster_mail']}\n";
        $headers .= "Date: " . date(DATE_RFC2822) . "\n";
        $headers .= "Content-Type: multipart/mixed;boundary=\"" . $outerboundary . "\"";
        // Add attachments if necessary
        if ($hasMessageTag && $modsForHesk_settings['attachments'] && $hesk_settings['attachments']['use'] && isset($ticket['attachments']) && strlen($ticket['attachments'])) {
            $message .= processDirectAttachments('phpmail', NULL, $outerboundary);
        }
        $message .= "\n\n" . '--' . $outerboundary . '--';
        // Send using PHP mail() function
        ob_start();
        mail($to, $subject, $message, $headers);
        $tmp = trim(ob_get_contents());
        ob_end_clean();
        return strlen($tmp) ? $tmp : true;
    }
    // Use a SMTP server directly instead
    $smtp = new smtp_class();
    $smtp->host_name = $hesk_settings['smtp_host_name'];
    $smtp->host_port = $hesk_settings['smtp_host_port'];
    $smtp->timeout = $hesk_settings['smtp_timeout'];
    $smtp->ssl = $hesk_settings['smtp_ssl'];
    $smtp->start_tls = $hesk_settings['smtp_tls'];
    $smtp->user = $hesk_settings['smtp_user'];
    $smtp->password = hesk_htmlspecialchars_decode($hesk_settings['smtp_password']);
    $smtp->debug = 1;
    // Start output buffering so that any errors don't break headers
    ob_start();
    // Send the e-mail using SMTP
    $to_arr = explode(',', $to);
    $headersArray = array("From: {$hesk_settings['from_header']}", "To: {$to}", "Reply-To: {$hesk_settings['from_header']}", "Return-Path: {$hesk_settings['webmaster_mail']}", "Subject: " . $subject, "Date: " . date(DATE_RFC2822));
    array_push($headersArray, "MIME-Version: 1.0");
    array_push($headersArray, "Content-Type: multipart/mixed;boundary=\"" . $outerboundary . "\"");
    if (count($cc) > 0) {
        array_push($headersArray, "Cc: " . implode(',', $cc));
    }
    if (count($bcc) > 0) {
        array_push($headersArray, "Bcc: " . implode(',', $bcc));
    }
    // Add attachments if necessary
    if ($hasMessageTag && $modsForHesk_settings['attachments'] && $hesk_settings['attachments']['use'] && isset($ticket['attachments']) && strlen($ticket['attachments'])) {
        $message .= processDirectAttachments('smtp', NULL, $outerboundary);
    }
    $message .= "\n\n" . '--' . $outerboundary . '--';
    if (!$smtp->SendMessage($hesk_settings['noreply_mail'], $to_arr, $headersArray, $message)) {
        // Suppress errors unless we are in debug mode
        if ($hesk_settings['debug_mode']) {
            $error = $hesklang['cnsm'] . ' ' . $to . '<br /><br />' . $hesklang['error'] . ': ' . htmlspecialchars($smtp->error) . '<br /><br />' . '<textarea name="smtp_log" rows="10" cols="60">' . ob_get_contents() . '</textarea>';
            ob_end_clean();
            hesk_error($error);
        } else {
            $_SESSION['HESK_2ND_NOTICE'] = true;
            $_SESSION['HESK_2ND_MESSAGE'] = $hesklang['esf'] . ' ' . $hesklang['contact_webmsater'] . ' <a href="mailto:' . $hesk_settings['webmaster_mail'] . '">' . $hesk_settings['webmaster_mail'] . '</a>';
        }
    }
    ob_end_clean();
    return true;
}
function new_article()
{
    global $hesk_settings, $hesklang, $listBox;
    global $hesk_error_buffer;
    /* A security check */
    # hesk_token_check('POST');
    $_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1);
    $hesk_error_buffer = array();
    $catid = intval(hesk_POST('catid', 1));
    $type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1);
    $html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1);
    $now = hesk_date();
    // Prevent submitting duplicate articles by reloading manage_knowledgebase.php page
    if (isset($_SESSION['article_submitted'])) {
        header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid);
        exit;
    }
    $_SESSION['KB_CATEGORY'] = $catid;
    $subject = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['kb_e_subj'];
    if ($html) {
        if (empty($_POST['content'])) {
            $hesk_error_buffer[] = $hesklang['kb_e_cont'];
        }
        $content = hesk_getHTML(hesk_POST('content'));
    } else {
        $content = hesk_input(hesk_POST('content')) or $hesk_error_buffer[] = $hesklang['kb_e_cont'];
        $content = nl2br($content);
        $content = hesk_makeURL($content);
    }
    $sticky = isset($_POST['sticky']) ? 1 : 0;
    $keywords = hesk_input(hesk_POST('keywords'));
    /* Article attachments */
    define('KB', 1);
    require_once HESK_PATH . 'inc/posting_functions.inc.php';
    require_once HESK_PATH . 'inc/attachments.inc.php';
    $attachments = array();
    for ($i = 1; $i <= 3; $i++) {
        $att = hesk_uploadFile($i);
        if (!empty($att)) {
            $attachments[$i] = $att;
        }
    }
    $myattachments = '';
    /* Any errors? */
    if (count($hesk_error_buffer)) {
        // Remove any successfully uploaded attachments
        if ($hesk_settings['attachments']['use']) {
            hesk_removeAttachments($attachments);
        }
        $_SESSION['new_article'] = array('type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input(hesk_POST('content')), 'keywords' => $keywords, 'sticky' => $sticky);
        $tmp = '';
        foreach ($hesk_error_buffer as $error) {
            $tmp .= "<li>{$error}</li>\n";
        }
        $hesk_error_buffer = $tmp;
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'manage_knowledgebase.php');
    }
    $revision = sprintf($hesklang['revision1'], $now, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    /* Add to database */
    if (!empty($attachments)) {
        foreach ($attachments as $myatt) {
            hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
            $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
        }
    }
    /* Get the latest reply_order */
    $res = hesk_dbQuery("SELECT `art_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1");
    $row = hesk_dbFetchRow($res);
    $my_order = $row[0] + 10;
    /* Insert article into database */
    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES (\n    '" . intval($catid) . "',\n    NOW(),\n    '" . intval($_SESSION['id']) . "',\n    '" . hesk_dbEscape($subject) . "',\n    '" . hesk_dbEscape($content) . "',\n    '" . hesk_dbEscape($keywords) . "',\n    '" . intval($type) . "',\n    '" . intval($html) . "',\n    '" . intval($sticky) . "',\n    '" . intval($my_order) . "',\n    '" . hesk_dbEscape($revision) . "',\n    '" . hesk_dbEscape($myattachments) . "'\n    )");
    $_SESSION['artord'] = hesk_dbInsertID();
    // Update category article count
    if ($type == 0) {
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=`articles`+1 WHERE `id`='" . intval($catid) . "'");
    } else {
        if ($type == 1) {
            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='" . intval($catid) . "'");
        } else {
            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='" . intval($catid) . "'");
        }
    }
    unset($_SESSION['hide']);
    $_SESSION['article_submitted'] = 1;
    hesk_process_messages($hesklang['your_kb_added'], 'NOREDIRECT', 'SUCCESS');
    $_GET['catid'] = $catid;
    manage_category();
}
Ejemplo n.º 8
0
// Get note info
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}");
if (hesk_dbNumRows($result) != 1) {
    hesk_error($hesklang['no_note']);
}
$note = hesk_dbFetchAssoc($result);
// Make sure the note matches the ticket and the user has permission to edit it
if ($note['ticket'] != $ticket['id'] || !hesk_checkPermission('can_del_notes', 0) && $note['who'] != $_SESSION['id']) {
    hesk_error($hesklang['perm_deny']);
}
// Save changes?
if (isset($_POST['save'])) {
    // A security check
    hesk_token_check('POST');
    // Get message
    $tmpvar['message'] = nl2br(hesk_makeURL(hesk_input(hesk_POST('message'))));
    // If we have message or attachments do the update
    if (strlen($tmpvar['message']) || strlen($note['attachments'])) {
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`={$noteID}");
        hesk_process_messages($hesklang['ednote2'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
    } else {
        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}");
        header('Location: admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
        exit;
    }
}
$note['message'] = hesk_msgToPlain($note['message'], 0, 0);
/* Print header */
require_once HESK_PATH . 'inc/header.inc.php';
/* Print admin navigation */
require_once HESK_PATH . 'inc/show_admin_nav.inc.php';
Ejemplo n.º 9
0
     foreach ($hesk_error_buffer as $error) {
         $tmp .= "<li>{$error}</li>\n";
     }
     $hesk_error_buffer = $tmp;
     $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
     hesk_process_messages($hesk_error_buffer, 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . rand(10000, 99999));
 }
 // Process attachments
 if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
     foreach ($attachments as $myatt) {
         hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`,`type`) VALUES ('" . hesk_dbEscape($trackingID) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "', '1')");
         $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
     }
 }
 // Add note to database
 $msg = nl2br(hesk_makeURL($msg));
 hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` (`ticket`,`who`,`dt`,`message`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . intval($_SESSION['id']) . "',NOW(),'" . hesk_dbEscape($msg) . "','" . hesk_dbEscape($myattachments) . "')");
 /* Notify assigned staff that a note has been added if needed */
 if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id']) {
     $res = hesk_dbQuery("SELECT `email`, `notify_note` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($ticket['owner']) . "' LIMIT 1");
     if (hesk_dbNumRows($res) == 1) {
         $owner = hesk_dbFetchAssoc($res);
         // 1. Generate the array with ticket info that can be used in emails
         $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $_SESSION['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($msg), 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'attachments' => $myattachments, 'id' => $ticket['id']);
         // 2. Add custom fields to the array
         foreach ($hesk_settings['custom_fields'] as $k => $v) {
             $info[$k] = $v['use'] ? $ticket[$k] : '';
         }
         // 3. Make sure all values are properly formatted for email
         $ticket = hesk_ticketToPlain($info, 1, 0);
         /* Get email functions */