Example #1
6
function do_login()
{
    global $hesk_settings, $hesklang;
    $hesk_error_buffer = array();
    $user = hesk_input(hesk_POST('user'));
    if (empty($user)) {
        $myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
        $hesk_error_buffer['user'] = $myerror;
    }
    define('HESK_USER', $user);
    $pass = hesk_input(hesk_POST('pass'));
    if (empty($pass)) {
        $hesk_error_buffer['pass'] = $hesklang['enter_pass'];
    }
    if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
        // Using ReCaptcha?
        if ($hesk_settings['recaptcha_use']) {
            require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
            $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
            if ($resp->is_valid) {
                $_SESSION['img_a_verified'] = true;
            } else {
                $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
            }
        } else {
            $mysecnum = intval(hesk_POST('mysecnum', 0));
            if (empty($mysecnum)) {
                $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
            } else {
                require HESK_PATH . 'inc/secimg.inc.php';
                $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
                if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
                    $_SESSION['img_a_verified'] = true;
                } else {
                    $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
                }
            }
        }
    }
    /* Any missing fields? */
    if (count($hesk_error_buffer) != 0) {
        $_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
        $tmp = '';
        foreach ($hesk_error_buffer as $error) {
            $tmp .= "<li>{$error}</li>\n";
        }
        $hesk_error_buffer = $tmp;
        $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
        print_login();
        exit;
    } elseif (isset($_SESSION['img_a_verified'])) {
        unset($_SESSION['img_a_verified']);
    }
    /* User entered all required info, now lets limit brute force attempts */
    hesk_limitBfAttempts();
    $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('user', 'pass');
        hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
        print_login();
        exit;
    }
    $res = hesk_dbFetchAssoc($result);
    foreach ($res as $k => $v) {
        $_SESSION[$k] = $v;
    }
    /* Check password */
    if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('pass');
        hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
        print_login();
        exit;
    }
    $pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
    /* Check if default password */
    if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
        hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
    }
    unset($_SESSION['pass']);
    /* Login successful, clean brute force attempts */
    hesk_cleanBfAttempts();
    /* Regenerate session ID (security) */
    hesk_session_regenerate_id();
    /* Remember username? */
    if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
        setcookie('hesk_username', "{$user}", strtotime('+1 year'));
        setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
    } elseif (hesk_POST('remember_user') == 'JUSTUSER') {
        setcookie('hesk_username', "{$user}", strtotime('+1 year'));
        setcookie('hesk_p', '');
    } else {
        // Expire cookie if set otherwise
        setcookie('hesk_username', '');
        setcookie('hesk_p', '');
    }
    /* Close any old tickets here so Cron jobs aren't necessary */
    if ($hesk_settings['autoclose']) {
        $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape(date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400)) . "'");
    }
    /* Redirect to the destination page */
    if (hesk_isREQUEST('goto')) {
        $url = hesk_REQUEST('goto');
        $url = str_replace('&amp;', '&', $url);
        /* goto parameter can be set to the local domain only */
        $myurl = parse_url($hesk_settings['hesk_url']);
        $goto = parse_url($url);
        if (isset($myurl['host']) && isset($goto['host'])) {
            if (str_replace('www.', '', strtolower($myurl['host'])) != str_replace('www.', '', strtolower($goto['host']))) {
                $url = 'admin_main.php';
            }
        }
        header('Location: ' . $url);
    } else {
        header('Location: admin_main.php');
    }
    exit;
}
Example #2
0
            $trackingID = $ticket['trackid'];
            print_form();
        }
    } else {
        /* Nothing found, error out */
        hesk_process_messages($hesklang['ticket_not_found'], 'NOREDIRECT');
        print_form();
    }
} else {
    /* We have a match, get ticket info */
    $ticket = hesk_dbFetchAssoc($res);
    /* If we require e-mail to view tickets check if it matches the one in database */
    hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']);
}
/* Ticket exists, clean brute force attempts */
hesk_cleanBfAttempts();
/* Remember email address? */
if ($is_form) {
    if (!empty($_GET['r'])) {
        setcookie('hesk_myemail', $my_email, strtotime('+1 year'));
        $do_remember = ' checked="checked" ';
    } elseif (isset($_COOKIE['hesk_myemail'])) {
        setcookie('hesk_myemail', '');
    }
}
/* Set last replier name */
if ($ticket['lastreplier']) {
    if (empty($ticket['repliername'])) {
        $ticket['repliername'] = $hesklang['staff'];
    }
} else {
Example #3
0
function hesk_autoLogin($noredirect = 0)
{
    global $hesk_settings, $hesklang, $hesk_db_link;
    if (!$hesk_settings['autologin']) {
        return false;
    }
    $user = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
    $hash = hesk_htmlspecialchars(hesk_COOKIE('hesk_p'));
    define('HESK_USER', $user);
    if (empty($user) || empty($hash)) {
        return false;
    }
    /* Login cookies exist, now lets limit brute force attempts */
    hesk_limitBfAttempts();
    /* Check username */
    $result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
        setcookie('hesk_username', '');
        setcookie('hesk_p', '');
        header('Location: index.php?a=login&notice=1');
        exit;
    }
    $res = hesk_dbFetchAssoc($result);
    /* Check password */
    if ($hash != hesk_Pass2Hash($res['pass'] . strtolower($user) . $res['pass'])) {
        setcookie('hesk_username', '');
        setcookie('hesk_p', '');
        header('Location: index.php?a=login&notice=1');
        exit;
    }
    // Set user details
    foreach ($res as $k => $v) {
        $_SESSION[$k] = $v;
    }
    /* Check if default password */
    if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
        hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
    }
    // Set a tag that will be used to expire sessions after username or password change
    $_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
    // We don't need the password hash anymore
    unset($_SESSION['pass']);
    /* Login successful, clean brute force attempts */
    hesk_cleanBfAttempts();
    /* Regenerate session ID (security) */
    hesk_session_regenerate_id();
    /* Get allowed categories */
    if (empty($_SESSION['isadmin'])) {
        $_SESSION['categories'] = explode(',', $_SESSION['categories']);
    }
    /* Renew cookies */
    setcookie('hesk_username', "{$user}", strtotime('+1 year'));
    setcookie('hesk_p', "{$hash}", strtotime('+1 year'));
    /* Close any old tickets here so Cron jobs aren't necessary */
    if ($hesk_settings['autoclose']) {
        $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
        $dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
        // Notify customer of closed ticket?
        if ($hesk_settings['notify_closed']) {
            // Get list of tickets
            $result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
            if (hesk_dbNumRows($result) > 0) {
                global $ticket;
                // Load required functions?
                if (!function_exists('hesk_notifyCustomer')) {
                    require HESK_PATH . 'inc/email_functions.inc.php';
                }
                while ($ticket = hesk_dbFetchAssoc($result)) {
                    $ticket['dt'] = hesk_date($ticket['dt'], true);
                    $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
                    $ticket = hesk_ticketToPlain($ticket, 1, 0);
                    hesk_notifyCustomer('ticket_closed');
                }
            }
        }
        // Update ticket statuses and history in database
        hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`='3', `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
    }
    /* If session expired while a HESK page is open just continue using it, don't redirect */
    if ($noredirect) {
        return true;
    }
    /* Redirect to the destination page */
    header('Location: ' . hesk_verifyGoto());
    exit;
}
Example #4
0
function do_login()
{
    global $hesk_settings, $hesklang;
    $hesk_error_buffer = array();
    $user = hesk_input(hesk_POST('user'));
    if (empty($user)) {
        $myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
        $hesk_error_buffer['user'] = $myerror;
    }
    define('HESK_USER', $user);
    $pass = hesk_input(hesk_POST('pass'));
    if (empty($pass)) {
        $hesk_error_buffer['pass'] = $hesklang['enter_pass'];
    }
    if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
        // Using ReCaptcha?
        if ($hesk_settings['recaptcha_use'] == 1) {
            require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
            $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
            if ($resp->is_valid) {
                $_SESSION['img_a_verified'] = true;
            } else {
                $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
            }
        } elseif ($hesk_settings['recaptcha_use'] == 2) {
            require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php';
            $resp = null;
            $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
            // Was there a reCAPTCHA response?
            if (isset($_POST["g-recaptcha-response"])) {
                $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
            }
            if ($resp != null && $resp->success) {
                $_SESSION['img_a_verified'] = true;
            } else {
                $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
            }
        } else {
            $mysecnum = intval(hesk_POST('mysecnum', 0));
            if (empty($mysecnum)) {
                $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
            } else {
                require HESK_PATH . 'inc/secimg.inc.php';
                $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
                if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
                    $_SESSION['img_a_verified'] = true;
                } else {
                    $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
                }
            }
        }
    }
    /* Any missing fields? */
    if (count($hesk_error_buffer) != 0) {
        $_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
        $tmp = '';
        foreach ($hesk_error_buffer as $error) {
            $tmp .= "<li>{$error}</li>\n";
        }
        $hesk_error_buffer = $tmp;
        $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
        print_login();
        exit;
    } elseif (isset($_SESSION['img_a_verified'])) {
        unset($_SESSION['img_a_verified']);
    }
    /* User entered all required info, now lets limit brute force attempts */
    hesk_limitBfAttempts();
    $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('user', 'pass');
        hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
        print_login();
        exit;
    }
    $res = hesk_dbFetchAssoc($result);
    foreach ($res as $k => $v) {
        $_SESSION[$k] = $v;
    }
    /* Check password */
    if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('pass');
        hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
        print_login();
        exit;
    }
    $pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
    /* Check if default password */
    if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
        hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
    }
    // Set a tag that will be used to expire sessions after username or password change
    $_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
    // We don't need the password hash anymore
    unset($_SESSION['pass']);
    /* Login successful, clean brute force attempts */
    hesk_cleanBfAttempts();
    /* Make sure our user is active */
    if (!$_SESSION['active']) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('active');
        hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT');
        print_login();
        exit;
    }
    /* Regenerate session ID (security) */
    hesk_session_regenerate_id();
    /* Remember username? */
    if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
        setcookie('hesk_username', "{$user}", strtotime('+1 year'));
        setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
    } elseif (hesk_POST('remember_user') == 'JUSTUSER') {
        setcookie('hesk_username', "{$user}", strtotime('+1 year'));
        setcookie('hesk_p', '');
    } else {
        // Expire cookie if set otherwise
        setcookie('hesk_username', '');
        setcookie('hesk_p', '');
    }
    /* Close any old tickets here so Cron jobs aren't necessary */
    if ($hesk_settings['autoclose']) {
        $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
        $dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
        $closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
        $closedStatus = hesk_dbFetchAssoc($closedStatusRs);
        // Are we allowed to close tickets in this status?
        if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') {
            // Notify customer of closed ticket?
            if ($hesk_settings['notify_closed']) {
                // Get list of tickets
                $result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
                if (hesk_dbNumRows($result) > 0) {
                    global $ticket;
                    // Load required functions?
                    if (!function_exists('hesk_notifyCustomer')) {
                        require HESK_PATH . 'inc/email_functions.inc.php';
                    }
                    while ($ticket = hesk_dbFetchAssoc($result)) {
                        $ticket['dt'] = hesk_date($ticket['dt'], true);
                        $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
                        $ticket = hesk_ticketToPlain($ticket, 1, 0);
                        hesk_notifyCustomer('ticket_closed');
                    }
                }
            }
            // Update ticket statuses and history in database if we're allowed to do so
            $defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1');
            $defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs);
            hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
        }
    }
    /* Redirect to the destination page */
    header('Location: ' . hesk_verifyGoto());
    exit;
}
Example #5
0
function hesk_autoLogin($noredirect = 0)
{
    global $hesk_settings, $hesklang, $hesk_db_link;
    if (!$hesk_settings['autologin']) {
        return false;
    }
    $user = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
    $hash = hesk_htmlspecialchars(hesk_COOKIE('hesk_p'));
    define('HESK_USER', $user);
    if (empty($user) || empty($hash)) {
        return false;
    }
    /* Login cookies exist, now lets limit brute force attempts */
    hesk_limitBfAttempts();
    /* Check username */
    $result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
        setcookie('hesk_username', '');
        setcookie('hesk_p', '');
        header('Location: index.php?a=login&notice=1');
        exit;
    }
    $res = hesk_dbFetchAssoc($result);
    foreach ($res as $k => $v) {
        $_SESSION[$k] = $v;
    }
    /* Check password */
    if ($hash != hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass'])) {
        setcookie('hesk_username', '');
        setcookie('hesk_p', '');
        header('Location: index.php?a=login&notice=1');
        exit;
    }
    /* Check if default password */
    if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
        hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
    }
    unset($_SESSION['pass']);
    /* Login successful, clean brute force attempts */
    hesk_cleanBfAttempts();
    /* Regenerate session ID (security) */
    hesk_session_regenerate_id();
    /* Get allowed categories */
    if (empty($_SESSION['isadmin'])) {
        $_SESSION['categories'] = explode(',', $_SESSION['categories']);
    }
    /* Renew cookies */
    setcookie('hesk_username', "{$user}", strtotime('+1 year'));
    setcookie('hesk_p', "{$hash}", strtotime('+1 year'));
    /* Close any old tickets here so Cron jobs aren't necessary */
    if ($hesk_settings['autoclose']) {
        $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
        $dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
        hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
    }
    /* If session expired while a HESK page is open just continue using it, don't redirect */
    if ($noredirect) {
        return true;
    }
    /* Redirect to the destination page */
    if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) {
        $url = str_replace('&amp;', '&', $url);
        header('Location: ' . $url);
    } else {
        header('Location: admin_main.php');
    }
    exit;
}
Example #6
0
function hesk_verifyEmailMatch($trackingID, $my_email = 0, $ticket_email = 0, $error = 1)
{
    global $hesk_settings, $hesklang, $hesk_db_link;
    /* Email required to view ticket? */
    if (!$hesk_settings['email_view_ticket']) {
        $hesk_settings['e_param'] = '';
        $hesk_settings['e_query'] = '';
        return true;
    }
    /* Limit brute force attempts */
    hesk_limitBfAttempts();
    /* Get email address */
    if ($my_email) {
        $hesk_settings['e_param'] = '&e=' . rawurlencode($my_email);
        $hesk_settings['e_query'] = '&amp;e=' . rawurlencode($my_email);
    } else {
        $my_email = hesk_getCustomerEmail();
    }
    /* Get email from ticket */
    if (!$ticket_email) {
        $res = hesk_dbQuery("SELECT `email` FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
        if (hesk_dbNumRows($res) == 1) {
            $ticket_email = hesk_dbResult($res);
        } else {
            hesk_process_messages($hesklang['ticket_not_found'], 'ticket.php');
        }
    }
    /* Validate email */
    if ($hesk_settings['multi_eml']) {
        $valid_emails = explode(',', strtolower($ticket_email));
        if (in_array(strtolower($my_email), $valid_emails)) {
            /* Match, clean brute force attempts and return true */
            hesk_cleanBfAttempts();
            return true;
        }
    } elseif (strtolower($ticket_email) == strtolower($my_email)) {
        /* Match, clean brute force attempts and return true */
        hesk_cleanBfAttempts();
        return true;
    }
    /* Email doesn't match, clean cookies and error out */
    if ($error) {
        setcookie('hesk_myemail', '');
        hesk_process_messages($hesklang['enmdb'], 'ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999));
    } else {
        return false;
    }
}