define('HESK_PATH', './'); define('HESK_NO_ROBOTS', 1); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; hesk_load_database_functions(); hesk_session_start(); $hesk_error_buffer = array(); $do_remember = ''; $display = 'none'; /* Was this accessed by the form or link? */ $is_form = isset($_GET['f']) ? 1 : 0; /* Get the tracking ID */ $trackingID = hesk_cleanID(); /* Email required to view ticket? */ $my_email = hesk_getCustomerEmail(1); /* A message from ticket reminder? */ if (!empty($_GET['remind'])) { $display = 'block'; print_form(); } /* Any errors? Show the form */ if ($is_form) { if (empty($trackingID)) { $hesk_error_buffer[] = $hesklang['eytid']; } if ($hesk_settings['email_view_ticket'] && empty($my_email)) { $hesk_error_buffer[] = $hesklang['enter_valid_email']; } $tmp = count($hesk_error_buffer); if ($tmp == 1) {
function hesk_verifyEmailMatch($trackingID, $my_email = 0, $ticket_email = 0, $error = 1) { global $hesk_settings, $hesklang, $hesk_db_link; /* Email required to view ticket? */ if (!$hesk_settings['email_view_ticket']) { $hesk_settings['e_param'] = ''; $hesk_settings['e_query'] = ''; return true; } /* Limit brute force attempts */ hesk_limitBfAttempts(); /* Get email address */ if ($my_email) { $hesk_settings['e_param'] = '&e=' . rawurlencode($my_email); $hesk_settings['e_query'] = '&e=' . rawurlencode($my_email); } else { $my_email = hesk_getCustomerEmail(); } /* Get email from ticket */ if (!$ticket_email) { $res = hesk_dbQuery("SELECT `email` FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $ticket_email = hesk_dbResult($res); } else { hesk_process_messages($hesklang['ticket_not_found'], 'ticket.php'); } } /* Validate email */ if ($hesk_settings['multi_eml']) { $valid_emails = explode(',', strtolower($ticket_email)); if (in_array(strtolower($my_email), $valid_emails)) { /* Match, clean brute force attempts and return true */ hesk_cleanBfAttempts(); return true; } } elseif (strtolower($ticket_email) == strtolower($my_email)) { /* Match, clean brute force attempts and return true */ hesk_cleanBfAttempts(); return true; } /* Email doesn't match, clean cookies and error out */ if ($error) { setcookie('hesk_myemail', ''); hesk_process_messages($hesklang['enmdb'], 'ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999)); } else { return false; } }