Ejemplo n.º 1
0
        if ($att !== false && !empty($att)) {
            $attachments[$i] = $att;
        }
    }
}
$myattachments = '';
/* Any errors? */
if (count($hesk_error_buffer) != 0) {
    $_SESSION['ticket_message'] = hesk_POST('message');
    // If this was a reply after re-opening a ticket, force the form at the top
    if (hesk_POST('reopen') == 1) {
        $_SESSION['force_form_top'] = true;
    }
    // Remove any successfully uploaded attachments
    if ($hesk_settings['attachments']['use']) {
        hesk_removeAttachments($attachments);
    }
    $tmp = '';
    foreach ($hesk_error_buffer as $error) {
        $tmp .= "<li>{$error}</li>\n";
    }
    $hesk_error_buffer = $tmp;
    $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
    hesk_process_messages($hesk_error_buffer, 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999));
}
/* Connect to database */
hesk_dbConnect();
// Check if this IP is temporarily locked out
$res = hesk_dbQuery("SELECT `number` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' AND `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW() LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
    if (hesk_dbResult($res) >= $hesk_settings['attempt_limit']) {
function new_article()
{
    global $hesk_settings, $hesklang, $listBox;
    global $hesk_error_buffer;
    /* A security check */
    # hesk_token_check('POST');
    $_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1);
    $hesk_error_buffer = array();
    $catid = intval(hesk_POST('catid', 1));
    $type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1);
    $html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1);
    $now = hesk_date();
    // Prevent submitting duplicate articles by reloading manage_knowledgebase.php page
    if (isset($_SESSION['article_submitted'])) {
        header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid);
        exit;
    }
    $_SESSION['KB_CATEGORY'] = $catid;
    $subject = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['kb_e_subj'];
    if ($html) {
        if (empty($_POST['content'])) {
            $hesk_error_buffer[] = $hesklang['kb_e_cont'];
        }
        $content = hesk_getHTML(hesk_POST('content'));
    } else {
        $content = hesk_input(hesk_POST('content')) or $hesk_error_buffer[] = $hesklang['kb_e_cont'];
        $content = nl2br($content);
        $content = hesk_makeURL($content);
    }
    $sticky = isset($_POST['sticky']) ? 1 : 0;
    $keywords = hesk_input(hesk_POST('keywords'));
    /* Article attachments */
    define('KB', 1);
    require_once HESK_PATH . 'inc/posting_functions.inc.php';
    require_once HESK_PATH . 'inc/attachments.inc.php';
    $attachments = array();
    for ($i = 1; $i <= 3; $i++) {
        $att = hesk_uploadFile($i);
        if (!empty($att)) {
            $attachments[$i] = $att;
        }
    }
    $myattachments = '';
    /* Any errors? */
    if (count($hesk_error_buffer)) {
        // Remove any successfully uploaded attachments
        if ($hesk_settings['attachments']['use']) {
            hesk_removeAttachments($attachments);
        }
        $_SESSION['new_article'] = array('type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input(hesk_POST('content')), 'keywords' => $keywords, 'sticky' => $sticky);
        $tmp = '';
        foreach ($hesk_error_buffer as $error) {
            $tmp .= "<li>{$error}</li>\n";
        }
        $hesk_error_buffer = $tmp;
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'manage_knowledgebase.php');
    }
    $revision = sprintf($hesklang['revision1'], $now, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    /* Add to database */
    if (!empty($attachments)) {
        foreach ($attachments as $myatt) {
            hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
            $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
        }
    }
    /* Get the latest reply_order */
    $res = hesk_dbQuery("SELECT `art_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1");
    $row = hesk_dbFetchRow($res);
    $my_order = $row[0] + 10;
    /* Insert article into database */
    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES (\n    '" . intval($catid) . "',\n    NOW(),\n    '" . intval($_SESSION['id']) . "',\n    '" . hesk_dbEscape($subject) . "',\n    '" . hesk_dbEscape($content) . "',\n    '" . hesk_dbEscape($keywords) . "',\n    '" . intval($type) . "',\n    '" . intval($html) . "',\n    '" . intval($sticky) . "',\n    '" . intval($my_order) . "',\n    '" . hesk_dbEscape($revision) . "',\n    '" . hesk_dbEscape($myattachments) . "'\n    )");
    $_SESSION['artord'] = hesk_dbInsertID();
    // Update category article count
    if ($type == 0) {
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=`articles`+1 WHERE `id`='" . intval($catid) . "'");
    } else {
        if ($type == 1) {
            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='" . intval($catid) . "'");
        } else {
            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='" . intval($catid) . "'");
        }
    }
    unset($_SESSION['hide']);
    $_SESSION['article_submitted'] = 1;
    hesk_process_messages($hesklang['your_kb_added'], 'NOREDIRECT', 'SUCCESS');
    $_GET['catid'] = $catid;
    manage_category();
}