if ($att !== false && !empty($att)) {
$attachments[$i] = $att;
}
}
}
$myattachments = '';
/* Any errors? */
if (count($hesk_error_buffer) != 0) {
$_SESSION['ticket_message'] = hesk_POST('message');
// If this was a reply after re-opening a ticket, force the form at the top
if (hesk_POST('reopen') == 1) {
$_SESSION['force_form_top'] = true;
}
// Remove any successfully uploaded attachments
if ($hesk_settings['attachments']['use']) {
hesk_removeAttachments($attachments);
}
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999));
}
/* Connect to database */
hesk_dbConnect();
// Check if this IP is temporarily locked out
$res = hesk_dbQuery("SELECT `number` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' AND `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW() LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
if (hesk_dbResult($res) >= $hesk_settings['attempt_limit']) {
function new_article()
{
global $hesk_settings, $hesklang, $listBox;
global $hesk_error_buffer;
/* A security check */
# hesk_token_check('POST');
$_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1);
$hesk_error_buffer = array();
$catid = intval(hesk_POST('catid', 1));
$type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1);
$html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1);
$now = hesk_date();
// Prevent submitting duplicate articles by reloading manage_knowledgebase.php page
if (isset($_SESSION['article_submitted'])) {
header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid);
exit;
}
$_SESSION['KB_CATEGORY'] = $catid;
$subject = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['kb_e_subj'];
if ($html) {
if (empty($_POST['content'])) {
$hesk_error_buffer[] = $hesklang['kb_e_cont'];
}
$content = hesk_getHTML(hesk_POST('content'));
} else {
$content = hesk_input(hesk_POST('content')) or $hesk_error_buffer[] = $hesklang['kb_e_cont'];
$content = nl2br($content);
$content = hesk_makeURL($content);
}
$sticky = isset($_POST['sticky']) ? 1 : 0;
$keywords = hesk_input(hesk_POST('keywords'));
/* Article attachments */
define('KB', 1);
require_once HESK_PATH . 'inc/posting_functions.inc.php';
require_once HESK_PATH . 'inc/attachments.inc.php';
$attachments = array();
for ($i = 1; $i <= 3; $i++) {
$att = hesk_uploadFile($i);
if (!empty($att)) {
$attachments[$i] = $att;
}
}
$myattachments = '';
/* Any errors? */
if (count($hesk_error_buffer)) {
// Remove any successfully uploaded attachments
if ($hesk_settings['attachments']['use']) {
hesk_removeAttachments($attachments);
}
$_SESSION['new_article'] = array('type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input(hesk_POST('content')), 'keywords' => $keywords, 'sticky' => $sticky);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'manage_knowledgebase.php');
}
$revision = sprintf($hesklang['revision1'], $now, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
/* Add to database */
if (!empty($attachments)) {
foreach ($attachments as $myatt) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
$myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
}
}
/* Get the latest reply_order */
$res = hesk_dbQuery("SELECT `art_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1");
$row = hesk_dbFetchRow($res);
$my_order = $row[0] + 10;
/* Insert article into database */
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES (\n '" . intval($catid) . "',\n NOW(),\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($subject) . "',\n '" . hesk_dbEscape($content) . "',\n '" . hesk_dbEscape($keywords) . "',\n '" . intval($type) . "',\n '" . intval($html) . "',\n '" . intval($sticky) . "',\n '" . intval($my_order) . "',\n '" . hesk_dbEscape($revision) . "',\n '" . hesk_dbEscape($myattachments) . "'\n )");
$_SESSION['artord'] = hesk_dbInsertID();
// Update category article count
if ($type == 0) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=`articles`+1 WHERE `id`='" . intval($catid) . "'");
} else {
if ($type == 1) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='" . intval($catid) . "'");
} else {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='" . intval($catid) . "'");
}
}
unset($_SESSION['hide']);
$_SESSION['article_submitted'] = 1;
hesk_process_messages($hesklang['your_kb_added'], 'NOREDIRECT', 'SUCCESS');
$_GET['catid'] = $catid;
manage_category();
}