function hesk_iTestDatabaseConnection()
{
    global $hesk_settings, $hesklang;
    $db_success = 1;
    $hesk_settings['db_host'] = hesk_input(hesk_POST('host'));
    $hesk_settings['db_name'] = hesk_input(hesk_POST('name'));
    $hesk_settings['db_user'] = hesk_input(hesk_POST('user'));
    $hesk_settings['db_pass'] = hesk_input(hesk_POST('pass'));
    // Allow & in password
    $hesk_settings['db_pass'] = str_replace('&', '&', $hesk_settings['db_pass']);
    // Use MySQLi extension to connect?
    $use_mysqli = function_exists('mysqli_connect') ? true : false;
    // Start output buffering
    ob_start();
    // Connect to database
    if ($use_mysqli) {
        // Do we need a special port? Check and connect to the database
        if (strpos($hesk_settings['db_host'], ':')) {
            list($hesk_settings['db_host'], $hesk_settings['db_port']) = explode(':', $hesk_settings['db_host']);
            $hesk_db_link = mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name'], intval($hesk_settings['db_port'])) or $db_success = 0;
        } else {
            $hesk_db_link = mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name']) or $db_success = 0;
        }
    } else {
        $hesk_db_link = mysql_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass']) or $db_success = 0;
        // Select database works OK?
        if ($db_success == 1 && !mysql_select_db($hesk_settings['db_name'], $hesk_db_link)) {
            // No, try to create the database
            if (function_exists('mysql_create_db') && mysql_create_db($hesk_settings['db_name'], $hesk_db_link)) {
                if (mysql_select_db($hesk_settings['db_name'], $hesk_db_link)) {
                    $db_success = 1;
                } else {
                    $db_success = 0;
                }
            } else {
                $db_success = 0;
            }
        }
    }
    ob_end_clean();
    // Any errors?
    if (!$db_success) {
        global $mysql_log;
        $mysql_log = $use_mysqli ? mysqli_connect_error() : mysql_error();
        hesk_iDatabase(1);
    }
    // Check MySQL version
    define('MYSQL_VERSION', hesk_dbResult(hesk_dbQuery('SELECT VERSION() AS version')));
    if (version_compare(MYSQL_VERSION, REQUIRE_MYSQL_VERSION, '<')) {
        hesk_iDatabase(5);
    }
    return $hesk_db_link;
}
Exemple #2
0
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
// Get all the required files and functions
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/setup_functions.inc.php';
// Print header
header('Content-Type: text/html; charset=' . $hesklang['ENCODING']);
// Demo mode?
if (defined('HESK_DEMO')) {
    hesk_show_notice($hesklang['ddemo']);
    exit;
}
// Test type?
$test_type = hesk_POST('test');
// Test MySQL connection
if ($test_type == 'mysql') {
    if (hesk_testMySQL()) {
        hesk_show_success($hesklang['conok']);
    } elseif (!empty($mysql_log)) {
        hesk_show_error($mysql_error . '<br /><br /><b>' . $hesklang['mysql_said'] . ':</b> ' . $mysql_log);
    } else {
        hesk_show_error($mysql_error);
    }
} elseif ($test_type == 'pop3') {
    if (hesk_testPOP3()) {
        hesk_show_success($hesklang['conok']);
    } else {
        hesk_show_error($pop3_error . '<br /><br /><textarea name="pop3_log" rows="10" cols="60">' . $pop3_log . '</textarea>');
    }
Exemple #3
0
function new_sm()
{
    global $hesk_settings, $hesklang, $listBox;
    global $hesk_error_buffer;
    // A security check
    # hesk_token_check('POST');
    $hesk_error_buffer = array();
    $style = intval(hesk_POST('style', 0));
    if ($style > 4 || $style < 0) {
        $style = 0;
    }
    $type = empty($_POST['type']) ? 0 : 1;
    $title = hesk_input(hesk_POST('title')) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
    $message = hesk_getHTML(hesk_POST('message'));
    // Any errors?
    if (count($hesk_error_buffer)) {
        $_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => hesk_input(hesk_POST('message')));
        $tmp = '';
        foreach ($hesk_error_buffer as $error) {
            $tmp .= "<li>{$error}</li>\n";
        }
        $hesk_error_buffer = $tmp;
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'service_messages.php');
    }
    // Just preview the message?
    if (isset($_POST['sm_preview'])) {
        $_SESSION['preview_sm'] = true;
        $_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => $message);
        header('Location: service_messages.php');
        exit;
    }
    // Get the latest service message order
    $res = hesk_dbQuery("SELECT `order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` ORDER BY `order` DESC LIMIT 1");
    $row = hesk_dbFetchRow($res);
    $my_order = intval($row[0]) + 10;
    // Insert service message into database
    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` (`author`,`title`,`message`,`style`,`type`,`order`) VALUES (\n    '" . intval($_SESSION['id']) . "',\n    '" . hesk_dbEscape($title) . "',\n    '" . hesk_dbEscape($message) . "',\n    '{$style}',\n    '{$type}',\n    '{$my_order}'\n    )");
    $_SESSION['smord'] = hesk_dbInsertID();
    hesk_process_messages($hesklang['sm_added'], 'service_messages.php', 'SUCCESS');
}
function change_manager()
{
    global $hesklang, $hesk_settings;
    $catid = hesk_POST('catid');
    $newManagerId = hesk_POST('managerid');
    hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` SET `manager` = ' . intval($newManagerId) . ' WHERE `id` = ' . intval($catid));
    if (hesk_dbAffectedRows() != 1) {
        hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
    }
    if ($newManagerId == 0) {
        // There is no new manager.
        return;
    }
    // Add the category to the user's categories list, if not already present
    $currentCatRs = hesk_dbQuery('SELECT `categories` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` WHERE `id` = ' . intval($newManagerId));
    $currentCategories = hesk_dbFetchAssoc($currentCatRs);
    $categories = explode(',', $currentCategories['categories']);
    if (!in_array($catid, $categories)) {
        hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` SET `categories` = \'' . $currentCategories['categories'] . ',' . $catid . '\' WHERE `id` = ' . intval($newManagerId));
    }
    hesk_process_messages($hesklang['manager_updated'], './manage_categories.php', 'SUCCESS');
}
Exemple #5
0
*  a license please visit the page below:
*  https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
/* A security check */
hesk_token_check('POST');
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
$priority = intval(hesk_POST('priority'));
if ($priority < 0 || $priority > 3) {
    hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE');
}
$options = array(0 => '<font class="critical">' . $hesklang['critical'] . '</font>', 1 => '<font class="important">' . $hesklang['high'] . '</font>', 2 => '<font class="medium">' . $hesklang['medium'] . '</font>', 3 => $hesklang['low']);
$revision = sprintf($hesklang['thist8'], hesk_date(), $options[$priority], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbAffectedRows() != 1) {
    hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE');
}
hesk_process_messages(sprintf($hesklang['chpri2'], $options[$priority]), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
function new_saved()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    $hesk_error_buffer = '';
    $savename = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_title'] . '</li>';
    $msg = hesk_input(hesk_POST('msg')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_msg'] . '</li>';
    // Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
    $msg = preg_replace('/\\R/u', "\r\n", $msg);
    $_SESSION['canned']['what'] = 'NEW';
    $_SESSION['canned']['name'] = $savename;
    $_SESSION['canned']['msg'] = $msg;
    /* Any errors? */
    if (strlen($hesk_error_buffer)) {
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'manage_ticket_templates.php');
    }
    /* Get the latest tpl_order */
    $result = hesk_dbQuery('SELECT `tpl_order` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'ticket_templates` ORDER BY `tpl_order` DESC LIMIT 1');
    $row = hesk_dbFetchRow($result);
    $my_order = $row[0] + 10;
    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` (`title`,`message`,`tpl_order`) VALUES ('" . hesk_dbEscape($savename) . "','" . hesk_dbEscape($msg) . "','" . intval($my_order) . "')");
    unset($_SESSION['canned']['what']);
    unset($_SESSION['canned']['name']);
    unset($_SESSION['canned']['msg']);
    hesk_process_messages($hesklang['ticket_tpl_saved'], 'manage_ticket_templates.php', 'SUCCESS');
}
Exemple #7
0
function mail_list_messages()
{
    global $hesk_settings, $hesklang, $admins;
    $href = 'mail.php';
    $query = '';
    if ($hesk_settings['mailtmp']['folder'] == 'outbox') {
        $query .= 'folder=outbox&amp;';
    }
    $query .= 'page=';
    $maxresults = 30;
    $tmp = intval(hesk_POST('page', 1));
    $page = $tmp > 1 ? $tmp : 1;
    /* List of private messages */
    $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `" . hesk_dbEscape($hesk_settings['mailtmp']['this']) . "`='" . intval($_SESSION['id']) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "'");
    $total = hesk_dbResult($res, 0, 0);
    if ($total > 0) {
        $pages = ceil($total / $maxresults) or $pages = 1;
        if ($page > $pages) {
            $page = $pages;
        }
        $limit_down = $page * $maxresults - $maxresults;
        $prev_page = $page - 1 <= 0 ? 0 : $page - 1;
        $next_page = $page + 1 > $pages ? 0 : $page + 1;
        if ($pages > 1) {
            echo $hesklang['pg'] . ': ';
            /* List pages */
            if ($pages >= 7) {
                if ($page > 2) {
                    echo '<a href="' . $href . '?' . $query . '1"><b>&laquo;</b></a> &nbsp; ';
                }
                if ($prev_page) {
                    echo '<a href="' . $href . '?' . $query . $prev_page . '"><b>&lsaquo;</b></a> &nbsp; ';
                }
            }
            for ($i = 1; $i <= $pages; $i++) {
                if ($i <= $page + 5 && $i >= $page - 5) {
                    if ($i == $page) {
                        echo ' <b>' . $i . '</b> ';
                    } else {
                        echo ' <a href="' . $href . '?' . $query . $i . '">' . $i . '</a> ';
                    }
                }
            }
            if ($pages >= 7) {
                if ($next_page) {
                    echo ' &nbsp; <a href="' . $href . '?' . $query . $next_page . '"><b>&rsaquo;</b></a> ';
                }
                if ($page < $pages - 1) {
                    echo ' &nbsp; <a href="' . $href . '?' . $query . $pages . '"><b>&raquo;</b></a>';
                }
            }
            echo '<br />&nbsp;';
        }
        // end PAGES > 1
        // Get messages from the database
        $res = hesk_dbQuery("SELECT `id`, `from`, `to`, `subject`, `dt`, `read` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `" . hesk_dbEscape($hesk_settings['mailtmp']['this']) . "`='" . intval($_SESSION['id']) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "' ORDER BY `id` DESC LIMIT " . intval($limit_down) . " , " . intval($maxresults) . " ");
        ?>

		<form action="mail.php<?php 
        if ($hesk_settings['mailtmp']['folder'] == 'outbox') {
            echo '?folder=outbox';
        }
        ?>
" name="form1" method="post">

		<div class="container table-responsive">
			<table class="table table-bordered table-hover" style="background: #E0EEEE;">
				<tr>
					<th class="admin_white" style="width:1px"><input type="checkbox" name="checkall" value="2" onclick="hesk_changeAll(this)" /></th>
					<th class="admin_white" style="text-align:left; white-space:nowrap;"><?php 
        echo $hesklang['m_sub'];
        ?>
</th>
					<th class="admin_white" style="text-align:left; white-space:nowrap;"><?php 
        echo $hesk_settings['mailtmp']['m_from'];
        ?>
</th>
					<th class="admin_white" style="text-align:left; white-space:nowrap;"><?php 
        echo $hesklang['date'];
        ?>
</th>
				</tr>

				<?php 
        $i = 0;
        while ($pm = hesk_dbFetchAssoc($res)) {
            if ($i) {
                $color = "admin_gray";
                $i = 0;
            } else {
                $color = "admin_white";
                $i = 1;
            }
            $pm['subject'] = '<a href="mail.php?a=read&amp;id=' . $pm['id'] . '">' . $pm['subject'] . '</a>';
            if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read']) {
                $pm['subject'] = '<b>' . $pm['subject'] . '</b>';
            }
            $pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&amp;id=' . $pm[$hesk_settings['mailtmp']['other']] . '">' . $admins[$pm[$hesk_settings['mailtmp']['other']]] . '</a>' : ($pm['from'] == 9999 ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']);
            $pm['dt'] = hesk_dateToString($pm['dt'], 0, 0, 0, true);
            echo <<<EOC
\t\t\t\t\t<tr>
\t\t\t\t\t<td class="{$color}" style="text-align:left; white-space:nowrap;"><input type="checkbox" name="id[]" value="{$pm['id']}" />&nbsp;</td>
\t\t\t\t\t<td class="{$color}">{$pm['subject']}</td>
\t\t\t\t\t<td class="{$color}">{$pm['name']}</td>
\t\t\t\t\t<td class="{$color}">{$pm['dt']}</td>
\t\t\t\t\t</tr> 
EOC;
        }
        // End while
        ?>
				</table><!-- end table table-bordered table-hover table-responsive -->
			</div>

			<div class="container" align="right"><select name="a">
			<?php 
        if ($hesk_settings['mailtmp']['this'] == 'to') {
            ?>
				<option value="mark_read" selected="selected"><?php 
            echo $hesklang['mo1'];
            ?>
</option>
				<option value="mark_unread"><?php 
            echo $hesklang['mo2'];
            ?>
</option>
				<?php 
        }
        ?>
			<option value="delete"><?php 
        echo $hesklang['mo3'];
        ?>
</option>
			</select>
			<input type="hidden" name="token" value="<?php 
        hesk_token_echo();
        ?>
" />
			<input type="submit" value="<?php 
        echo $hesklang['execute'];
        ?>
" onclick="Javascript:if (document.form1.a.value=='delete') return hesk_confirmExecute('<?php 
        echo hesk_makeJsString($hesklang['mo3']);
        ?>
?');" class="btn btn-default" />

		</form>
<br/><br/>
		</div>
	    <?php 
    } else {
        echo '<div class="container"><i>' . $hesklang['npm'] . '</i></div><br/>';
    }
}
Exemple #8
0
if ($_SESSION['step'] == 3 && isset($_POST['dbtest'])) {
    // Username
    $_SESSION['admin_user'] = hesk_input(hesk_POST('admin_user'));
    if (strlen($_SESSION['admin_user']) == 0) {
        $_SESSION['admin_user'] = '******';
    }
    // Password
    $_SESSION['admin_pass'] = hesk_input(hesk_POST('admin_pass'));
    if (strlen($_SESSION['admin_pass']) == 0) {
        $_SESSION['admin_pass'] = substr(str_shuffle("23456789abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ"), 0, mt_rand(8, 12));
    }
    // Password hash for the database
    $_SESSION['admin_hash'] = hesk_Pass2Hash($_SESSION['admin_pass']);
    $hesk_db_link = hesk_iTestDatabaseConnection();
    // Get table prefix, don't allow any special chars
    $hesk_settings['db_pfix'] = preg_replace('/[^0-9a-zA-Z_]/', '', hesk_POST('pfix', 'hesk_'));
    // Generate HESK table names
    $hesk_tables = array($hesk_settings['db_pfix'] . 'attachments', $hesk_settings['db_pfix'] . 'banned_emails', $hesk_settings['db_pfix'] . 'banned_ips', $hesk_settings['db_pfix'] . 'categories', $hesk_settings['db_pfix'] . 'kb_articles', $hesk_settings['db_pfix'] . 'kb_attachments', $hesk_settings['db_pfix'] . 'kb_categories', $hesk_settings['db_pfix'] . 'logins', $hesk_settings['db_pfix'] . 'mail', $hesk_settings['db_pfix'] . 'notes', $hesk_settings['db_pfix'] . 'online', $hesk_settings['db_pfix'] . 'pipe_loops', $hesk_settings['db_pfix'] . 'replies', $hesk_settings['db_pfix'] . 'reply_drafts', $hesk_settings['db_pfix'] . 'reset_password', $hesk_settings['db_pfix'] . 'service_messages', $hesk_settings['db_pfix'] . 'std_replies', $hesk_settings['db_pfix'] . 'tickets', $hesk_settings['db_pfix'] . 'ticket_templates', $hesk_settings['db_pfix'] . 'users');
    // Check if any of the HESK tables exists
    $res = hesk_dbQuery('SHOW TABLES FROM `' . hesk_dbEscape($hesk_settings['db_name']) . '`');
    while ($row = hesk_dbFetchRow($res)) {
        if (in_array($row[0], $hesk_tables)) {
            hesk_iDatabase(2);
        }
    }
    // All ok, let's save settings
    hesk_iSaveSettings();
    // Now install HESK database tables
    hesk_iTables();
    // And move to the next step
    $_SESSION['step'] = 4;
// Get note info
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}");
if (hesk_dbNumRows($result) != 1) {
    hesk_error($hesklang['no_note']);
}
$note = hesk_dbFetchAssoc($result);
// Make sure the note matches the ticket and the user has permission to edit it
if ($note['ticket'] != $ticket['id'] || !hesk_checkPermission('can_del_notes', 0) && $note['who'] != $_SESSION['id']) {
    hesk_error($hesklang['perm_deny']);
}
// Save changes?
if (isset($_POST['save'])) {
    // A security check
    hesk_token_check('POST');
    // Get message
    $tmpvar['message'] = nl2br(hesk_makeURL(hesk_input(hesk_POST('message'))));
    // If we have message or attachments do the update
    if (strlen($tmpvar['message']) || strlen($note['attachments'])) {
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`={$noteID}");
        hesk_process_messages($hesklang['ednote2'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
    } else {
        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}");
        header('Location: admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
        exit;
    }
}
$note['message'] = hesk_msgToPlain($note['message'], 0, 0);
/* Print header */
require_once HESK_PATH . 'inc/header.inc.php';
/* Print admin navigation */
require_once HESK_PATH . 'inc/show_admin_nav.inc.php';
Exemple #10
0
function print_login()
{
    global $hesk_settings, $hesklang;
    $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['admin_login'];
    require_once HESK_PATH . 'inc/header.inc.php';
    if (hesk_isREQUEST('notice')) {
        hesk_process_messages($hesklang['session_expired'], 'NOREDIRECT');
    }
    if (!isset($_SESSION['a_iserror'])) {
        $_SESSION['a_iserror'] = array();
    }
    ?>
	<table width="100%" border="0" cellspacing="0" cellpadding="0">
	<tr>
	<td width="3"><img src="../img/headerleftsm.jpg" width="3" height="25" alt="" /></td>
	<td class="headersm"><?php 
    echo $hesklang['login'];
    ?>
</td>
	<td width="3"><img src="../img/headerrightsm.jpg" width="3" height="25" alt="" /></td>
	</tr>
	</table>

	<table width="100%" border="0" cellspacing="0" cellpadding="3">
	<tr>
	<td><span class="smaller"><a href="<?php 
    echo $hesk_settings['site_url'];
    ?>
" class="smaller"><?php 
    echo $hesk_settings['site_title'];
    ?>
</a> &gt;
	<?php 
    echo $hesklang['admin_login'];
    ?>
</span></td>
	</tr>
	</table>

	</td>
	</tr>
	<tr>
	<td>

	<br />

	<?php 
    /* This will handle error, success and notice messages */
    hesk_handle_messages();
    ?>

    <br />

    <div align="center">
	<table border="0" cellspacing="0" cellpadding="0" width="<?php 
    echo $hesk_settings['secimg_use'] == 2 ? '60' : '50';
    ?>
% ">
	<tr>
		<td width="7" height="7"><img src="../img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
		<td class="roundcornerstop"></td>
		<td><img src="../img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
	</tr>
	<tr>
		<td class="roundcornersleft">&nbsp;</td>
		<td>

        <form action="index.php" method="post" name="form1">

        <table width="100%" border="0" cellspacing="0" cellpadding="0">
        <tr>
                <td width="60" style="text-align:center"><img src="../img/login.png" alt="" width="24" height="24" /></td>
                <td>
                <p><b><?php 
    echo $hesklang['admin_login'];
    ?>
</a></b></p>
                </td>
        </tr>
        <tr>
                <td width="60">&nbsp;</td>
                <td>&nbsp;</td>
        </tr>
        <tr>
                <td width="60">&nbsp;</td>
                <td><?php 
    echo $hesklang['username'];
    ?>
:<br />
				<?php 
    $cls = in_array('user', $_SESSION['a_iserror']) ? ' class="isError" ' : '';
    if (defined('HESK_USER')) {
        $savedUser = HESK_USER;
    } else {
        $savedUser = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
    }
    $is_1 = '';
    $is_2 = '';
    $is_3 = '';
    $remember_user = hesk_POST('remember_user');
    if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN')) {
        $is_1 = 'checked="checked"';
    } elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER') {
        $is_2 = 'checked="checked"';
    } else {
        $is_3 = 'checked="checked"';
    }
    if ($hesk_settings['list_users']) {
        echo '<select name="user" ' . $cls . '>';
        $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` ORDER BY `user` ASC');
        while ($row = hesk_dbFetchAssoc($res)) {
            $sel = strtolower($savedUser) == strtolower($row['user']) ? 'selected="selected"' : '';
            echo '<option value="' . $row['user'] . '" ' . $sel . '>' . $row['user'] . '</option>';
        }
        echo '</select>';
    } else {
        echo '<input type="text" name="user" size="35" value="' . $savedUser . '" ' . $cls . ' />';
    }
    ?>
                </td>
        </tr>
        <tr>
                <td width="60">&nbsp;</td>
                <td>&nbsp;</td>
        </tr>
        <tr>
                <td width="60">&nbsp;</td>
                <td><?php 
    echo $hesklang['pass'];
    ?>
:<br /><input type="password" name="pass" size="35" <?php 
    if (in_array('pass', $_SESSION['a_iserror'])) {
        echo ' class="isError" ';
    }
    ?>
 /></td>
        </tr>
		<?php 
    if ($hesk_settings['secimg_use'] == 2) {
        ?>
			<tr>
				<td width="60">&nbsp;</td>
				<td>
                <hr />
				<?php 
        // SPAM prevention verified for this session
        if (isset($_SESSION['img_a_verified'])) {
            echo '<img src="' . HESK_PATH . 'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> ' . $hesklang['vrfy'];
        } elseif ($hesk_settings['recaptcha_use']) {
            ?>
					<script type="text/javascript">
					var RecaptchaOptions = {
					theme : '<?php 
            echo isset($_SESSION['a_iserror']) && in_array('mysecnum', $_SESSION['a_iserror']) ? 'red' : 'white';
            ?>
',
					custom_translations : {
						visual_challenge : "<?php 
            echo hesk_slashJS($hesklang['visual_challenge']);
            ?>
",
						audio_challenge : "<?php 
            echo hesk_slashJS($hesklang['audio_challenge']);
            ?>
",
						refresh_btn : "<?php 
            echo hesk_slashJS($hesklang['refresh_btn']);
            ?>
",
						instructions_visual : "<?php 
            echo hesk_slashJS($hesklang['instructions_visual']);
            ?>
",
						instructions_context : "<?php 
            echo hesk_slashJS($hesklang['instructions_context']);
            ?>
",
						instructions_audio : "<?php 
            echo hesk_slashJS($hesklang['instructions_audio']);
            ?>
",
						help_btn : "<?php 
            echo hesk_slashJS($hesklang['help_btn']);
            ?>
",
						play_again : "<?php 
            echo hesk_slashJS($hesklang['play_again']);
            ?>
",
						cant_hear_this : "<?php 
            echo hesk_slashJS($hesklang['cant_hear_this']);
            ?>
",
						incorrect_try_again : "<?php 
            echo hesk_slashJS($hesklang['incorrect_try_again']);
            ?>
",
						image_alt_text : "<?php 
            echo hesk_slashJS($hesklang['image_alt_text']);
            ?>
",
					},
					};
					</script>
					<?php 
            require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
            echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, $hesk_settings['recaptcha_ssl']);
        } else {
            $cls = in_array('mysecnum', $_SESSION['a_iserror']) ? ' class="isError" ' : '';
            echo $hesklang['sec_enter'] . '<br />&nbsp;<br /><img src="' . HESK_PATH . 'print_sec_img.php?' . rand(10000, 99999) . '" width="150" height="40" alt="' . $hesklang['sec_img'] . '" title="' . $hesklang['sec_img'] . '" border="1" name="secimg" style="vertical-align:text-bottom" /> ' . '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\'' . HESK_PATH . 'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="' . HESK_PATH . 'img/reload.png" height="24" width="24" alt="' . $hesklang['reload'] . '" title="' . $hesklang['reload'] . '" border="0" style="vertical-align:text-bottom" /></a>' . '<br />&nbsp;<br /><input type="text" name="mysecnum" size="20" maxlength="5" ' . $cls . ' />';
        }
        ?>
                <hr />
				</td>
			</tr>
            <?php 
    } else {
        ?>
	        <tr>
	                <td width="60">&nbsp;</td>
	                <td>&nbsp;</td>
	        </tr>
	        <?php 
    }
    // End if $hesk_settings['secimg_use'] == 2
    if ($hesk_settings['autologin']) {
        ?>
			<tr>
				<td width="60">&nbsp;</td>
				<td><label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php 
        echo $is_1;
        ?>
 /> <?php 
        echo $hesklang['autologin'];
        ?>
</label><br />
				<label><input type="radio" name="remember_user" value="JUSTUSER" <?php 
        echo $is_2;
        ?>
 /> <?php 
        echo $hesklang['just_user'];
        ?>
</label><br />
				<label><input type="radio" name="remember_user" value="NOTHANKS" <?php 
        echo $is_3;
        ?>
 /> <?php 
        echo $hesklang['nothx'];
        ?>
</label></td>
			</tr>
			<?php 
    } else {
        ?>
			<tr>
				<td width="60">&nbsp;</td>
				<td><label><input type="checkbox" name="remember_user" value="JUSTUSER" <?php 
        echo $is_2;
        ?>
 /> <?php 
        echo $hesklang['remember_user'];
        ?>
</label></td>
			</tr>
			<?php 
    }
    // End if $hesk_settings['autologin']
    ?>
        <tr>
                <td width="60">&nbsp;</td>
                <td>&nbsp;</td>
        </tr>
        <tr>
                <td width="60">&nbsp;</td>
				<td><input type="submit" value="<?php 
    echo $hesklang['click_login'];
    ?>
" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" />
                <input type="hidden" name="a" value="do_login" />
				<?php 
    if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) {
        echo '<input type="hidden" name="goto" value="' . $url . '" />';
    }
    ?>
                <br />&nbsp;
				</td>
        </tr>
        </table>

        </form>

		</td>
		<td class="roundcornersright">&nbsp;</td>
	</tr>
	<tr>
		<td><img src="../img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
		<td class="roundcornersbottom"></td>
		<td width="7" height="7"><img src="../img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
	</tr>
	</table>
    </div>

    <p>&nbsp;</p>

	<?php 
    hesk_cleanSessionVars('a_iserror');
    require_once HESK_PATH . 'inc/footer.inc.php';
    exit;
}
Exemple #11
0
function forgot_tid()
{
    global $hesk_settings, $hesklang;
    require HESK_PATH . 'inc/email_functions.inc.php';
    $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
    /* Prepare ticket statuses */
    $my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']);
    /* Get ticket(s) from database */
    hesk_load_database_functions();
    hesk_dbConnect();
    // Get tickets from the database
    $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC ');
    $num = hesk_dbNumRows($res);
    if ($num < 1) {
        if ($hesk_settings['open_only']) {
            hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email);
        } else {
            hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email);
        }
    }
    $tid_list = '';
    $name = '';
    $email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : '';
    while ($my_ticket = hesk_dbFetchAssoc($res)) {
        $name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0);
        $tid_list .= "\r\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\r\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\r\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\r\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\r\n";
    }
    /* Get e-mail message for customer */
    $msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1);
    $msg = str_replace('%%NAME%%', $name, $msg);
    $msg = str_replace('%%NUM%%', $num, $msg);
    $msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg);
    $msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg);
    $msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
    $subject = hesk_getEmailSubject('forgot_ticket_id');
    /* Send e-mail */
    hesk_mail($email, $subject, $msg);
    /* Show success message */
    $tmp = '<b>' . $hesklang['tid_sent'] . '!</b>';
    $tmp .= '<br />&nbsp;<br />' . $hesklang['tid_sent2'] . '.';
    $tmp .= '<br />&nbsp;<br />' . $hesklang['check_spambox'];
    hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS');
    exit;
    /* Print header */
    $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['tid_sent'];
    require_once HESK_PATH . 'inc/header.inc.php';
    ?>

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="3"><img src="img/headerleftsm.jpg" width="3" height="25" alt="" /></td>
<td class="headersm"><?php 
    hesk_showTopBar($hesklang['tid_sent']);
    ?>
</td>
<td width="3"><img src="img/headerrightsm.jpg" width="3" height="25" alt="" /></td>
</tr>
</table>

<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><span class="smaller"><a href="<?php 
    echo $hesk_settings['site_url'];
    ?>
" class="smaller"><?php 
    echo $hesk_settings['site_title'];
    ?>
</a> &gt;
<a href="<?php 
    echo $hesk_settings['hesk_url'];
    ?>
" class="smaller"><?php 
    echo $hesk_settings['hesk_title'];
    ?>
</a>
&gt; <?php 
    echo $hesklang['tid_sent'];
    ?>
</span></td>
</tr>
</table>

</td>
</tr>
<tr>
<td>

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
	<td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
	<td class="roundcornerstop"></td>
	<td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
	<td class="roundcornersleft">&nbsp;</td>
	<td>

	<p>&nbsp;</p>
	<p align="center"><?php 
    echo $hesklang['tid_sent2'];
    ?>
</p>
	<p align="center"><b><?php 
    echo $hesklang['check_spambox'];
    ?>
</b></p>
	<p>&nbsp;</p>
	<p align="center"><a href="<?php 
    echo $hesk_settings['hesk_url'];
    ?>
"><?php 
    echo $hesk_settings['hesk_title'];
    ?>
</a></p>
	<p>&nbsp;</p>

	</td>
	<td class="roundcornersright">&nbsp;</td>
</tr>
<tr>
	<td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
	<td class="roundcornersbottom"></td>
	<td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>

	<?php 
}
function hesk_REQUEST($in, $default = false)
{
    return isset($_GET[$in]) ? hesk_input(hesk_GET($in)) : (isset($_POST[$in]) ? hesk_input(hesk_POST($in)) : $default);
}
Exemple #13
0
                /* Format email subject and message for staff */
                $subject = hesk_getEmailSubject('new_note', $ticket);
                $message = hesk_getEmailMessage('new_note', $ticket, 1);
                /* Send email to staff */
                hesk_mail($owner['email'], $subject, $message);
            }
        }
    }
    header('Location: admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
    exit;
}
/* Update time worked */
if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST')) {
    $h = intval(hesk_POST('h'));
    $m = intval(hesk_POST('m'));
    $s = intval(hesk_POST('s'));
    /* Get time worked in proper format */
    $time_worked = hesk_getTime($h . ':' . $m . ':' . $s);
    /* Update database */
    $revision = sprintf($hesklang['thist14'], hesk_date(), $time_worked, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
    /* Show ticket */
    hesk_process_messages($hesklang['twu'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
/* Delete attachment action */
if (isset($_GET['delatt']) && hesk_token_check()) {
    if (!$can_delete || !$can_edit) {
        hesk_process_messages($hesklang['no_permission'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
    }
    $att_id = intval(hesk_GET('delatt')) or hesk_error($hesklang['inv_att_id']);
    $reply = intval(hesk_GET('reply', 0));
Exemple #14
0
else {return false;}
}
//-->
</script>
		<?php 
if (isset($_POST['action']) && $_POST['action'] == 'update') {
    $value_contract_name = hesk_input(hesk_POST('contract_name'));
    $value_company_id = hesk_input(hesk_POST('company_id'));
    $value_project_id = hesk_input(hesk_POST('project_id'));
    $value_staff_id = hesk_input(hesk_POST('staff_id'));
    $value_starting_date = hesk_input(hesk_POST('starting_date'));
    $value_ending_date = hesk_input(hesk_POST('ending_date'));
    $value_sla = hesk_input(hesk_POST('sla'));
    $value_priority = hesk_input(hesk_POST('priority'));
    $value_reply_time = hesk_input(hesk_POST('reply_time'));
    $value_resolved_time = hesk_input(hesk_POST('resolved_time'));
    $value['lastchange'] = hesk_date($value['lastchange'], true);
    $query = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contracts` SET\n\t\t`contract_name`='" . hesk_dbEscape($value_contract_name) . "',\n\t\t`company_id`='" . hesk_dbEscape($value_company_id) . "',\n\t\t`project_id`='" . hesk_dbEscape($value_project_id) . "',\n\t\t`starting_date`='" . hesk_dbEscape($value_starting_date) . "',\n\t\t`ending_date`='" . hesk_dbEscape($value_ending_date) . "',\n\t\t`sla`='" . hesk_dbEscape($value_sla) . "',\n\t\t`priority`='" . hesk_dbEscape($value_priority) . "',\n\t\t`reply_time`='" . hesk_dbEscape($value_reply_time) . "',\n\t\t`resolved_time`='" . hesk_dbEscape($value_resolved_time) . "',\n\t\t`lastchange`=NOW()\n\t\tWHERE `id`='" . intval($value_id) . "' ");
    $query2 = hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "userforcontract` WHERE `contractId`='" . intval($value_id) . "'");
    foreach ($_POST['staff_id'] as $staff) {
        $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "userforcontract` (\n\t\t\t`userId`, \n\t\t\t`contractId`\n\t\t\t)\n\t\t\tVALUES(\n\t\t\t'" . hesk_dbEscape($staff) . "', \n\t\t\t'" . $value_id . "'\n\t\t\t)");
    }
    //$flag = hesk_dbQuery('SELECT id FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'contracts` where active = 1');
}
if ($_SESSION['isadmin']) {
    $res = hesk_dbQuery("SELECT \n\t\tC.id, \n\t\tC.contract_name,\n\t\tCO.company_name,\n\t\tC.active,\n\t\tP.project_name,\n\t\tS.name as staff_name,\n\t\tC.starting_date,\n\t\tC.ending_date,\n\t\tC.sla,\n\t\tC.priority,\n\t\tC.reply_time,\n\t\tC.resolved_time,\n\t\tC.lastchange,\n\t\tCB.name AS created_by \n\t\tFROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contracts` AS C\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS S ON C.staff_id=S.Id\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS CB ON C.created_by=CB.Id\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "companies` AS CO on C.company_id=CO.id\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "projects` AS P on C.project_id=P.id\n\t\tORDER BY `id`");
    $custom_filters = "SELECT \n\t\tC.id, \n\t\tC.contract_name,\n\t\tCO.company_name,\n\t\tC.active,\n\t\tP.project_name,\n\t\tS.name as staff_name,\n\t\tC.starting_date,\n\t\tC.ending_date,\n\t\tC.sla,\n\t\tC.priority,\n\t\tC.reply_time,\n\t\tC.resolved_time,\n\t\tC.lastchange,\n\t\tCB.name AS created_by \n\t\tFROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contracts` AS C\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS S ON C.staff_id=S.Id\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS CB ON C.created_by=CB.Id\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "companies` AS CO on C.company_id=CO.id\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "projects` AS P on C.project_id=P.id";
    //FILTRAT NGA ERMEDITA
    if (isset($_POST['submitbutton_contracts'])) {
        if (!empty($_POST['search_by_contract_name'])) {
            $res = hesk_dbQuery($custom_filters . ' WHERE C.contract_name ="' . $_POST['search_by_contract_name'] . '"');
$set['category_order_column'] = empty($_POST['category_order_column']) ? 'cat_order' : 'name';
if ($set['customer-email-verification-required']) {
    //-- Don't allow multiple emails if verification is required
    $set['multi_eml'] = 0;
}
$set['navbarBackgroundColor'] = hesk_input(hesk_POST('navbarBackgroundColor'));
$set['navbarBrandColor'] = hesk_input(hesk_POST('navbarBrandColor'));
$set['navbarBrandHoverColor'] = hesk_input(hesk_POST('navbarBrandHoverColor'));
$set['navbarItemTextColor'] = hesk_input(hesk_POST('navbarItemTextColor'));
$set['navbarItemTextHoverColor'] = hesk_input(hesk_POST('navbarItemTextHoverColor'));
$set['navbarItemTextSelectedColor'] = hesk_input(hesk_POST('navbarItemTextSelectedColor'));
$set['navbarItemSelectedBackgroundColor'] = hesk_input(hesk_POST('navbarItemSelectedBackgroundColor'));
$set['dropdownItemTextColor'] = hesk_input(hesk_POST('dropdownItemTextColor'));
$set['dropdownItemTextHoverColor'] = hesk_input(hesk_POST('dropdownItemTextHoverColor'));
$set['questionMarkColor'] = hesk_input(hesk_POST('questionMarkColor'));
$set['dropdownItemTextHoverBackgroundColor'] = hesk_input(hesk_POST('dropdownItemTextHoverBackgroundColor'));
$modsForHesk_file_content = '<?php

//-- Mods For Hesk Theme Color Settings
$modsForHesk_settings[\'navbarBackgroundColor\'] = \'' . $set['navbarBackgroundColor'] . '\';
$modsForHesk_settings[\'navbarBrandColor\'] = \'' . $set['navbarBrandColor'] . '\';
$modsForHesk_settings[\'navbarBrandHoverColor\'] = \'' . $set['navbarBrandHoverColor'] . '\';
$modsForHesk_settings[\'navbarItemTextColor\'] = \'' . $set['navbarItemTextColor'] . '\';
$modsForHesk_settings[\'navbarItemTextHoverColor\'] = \'' . $set['navbarItemTextHoverColor'] . '\';
$modsForHesk_settings[\'navbarItemTextSelectedColor\'] = \'' . $set['navbarItemTextSelectedColor'] . '\';
$modsForHesk_settings[\'navbarItemSelectedBackgroundColor\'] = \'' . $set['navbarItemSelectedBackgroundColor'] . '\';
$modsForHesk_settings[\'dropdownItemTextColor\'] = \'' . $set['dropdownItemTextColor'] . '\';
$modsForHesk_settings[\'dropdownItemTextHoverColor\'] = \'' . $set['dropdownItemTextHoverColor'] . '\';
$modsForHesk_settings[\'dropdownItemTextHoverBackgroundColor\'] = \'' . $set['dropdownItemTextHoverBackgroundColor'] . '\';
$modsForHesk_settings[\'questionMarkColor\'] = \'' . $set['questionMarkColor'] . '\';
Exemple #16
0
function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php')
{
    global $hesk_settings, $hesklang;
    $hesk_error_buffer = '';
    $myuser['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_real_name'] . '</li>';
    $myuser['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '<li>' . $hesklang['enter_valid_email'] . '</li>';
    $myuser['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
    $myuser['isadmin'] = empty($_POST['isadmin']) ? 0 : 1;
    $myuser['signature'] = hesk_input(hesk_POST('signature'));
    $myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
    /* If it's not admin at least one category and fature is required */
    $myuser['categories'] = array();
    $myuser['features'] = array();
    if ($myuser['isadmin'] == 0) {
        if (empty($_POST['categories']) || !is_array($_POST['categories'])) {
            $hesk_error_buffer .= '<li>' . $hesklang['asign_one_cat'] . '</li>';
        } else {
            foreach ($_POST['categories'] as $tmp) {
                if (is_array($tmp)) {
                    continue;
                }
                if ($tmp = intval($tmp)) {
                    $myuser['categories'][] = $tmp;
                }
            }
        }
        if (empty($_POST['features']) || !is_array($_POST['features'])) {
            $hesk_error_buffer .= '<li>' . $hesklang['asign_one_feat'] . '</li>';
        } else {
            foreach ($_POST['features'] as $tmp) {
                if (in_array($tmp, $hesk_settings['features'])) {
                    $myuser['features'][] = $tmp;
                }
            }
        }
    }
    if (strlen($myuser['signature']) > 255) {
        $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
    }
    /* Password */
    $myuser['cleanpass'] = '';
    $newpass = hesk_input(hesk_POST('newpass'));
    $passlen = strlen($newpass);
    if ($pass_required || $passlen > 0) {
        /* At least 5 chars? */
        if ($passlen < 5) {
            $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
        } else {
            $newpass2 = hesk_input(hesk_POST('newpass2'));
            if ($newpass != $newpass2) {
                $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
            } else {
                $myuser['pass'] = hesk_Pass2Hash($newpass);
                $myuser['cleanpass'] = $newpass;
            }
        }
    }
    /* Save entered info in session so we don't loose it in case of errors */
    $_SESSION['userdata'] = $myuser;
    /* Any errors */
    if (strlen($hesk_error_buffer)) {
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, $redirect_to);
    }
    return $myuser;
}
function hesk_testSMTP()
{
    global $hesk_settings, $hesklang, $set;
    // Get variables
    $set['smtp_host_name'] = hesk_input(hesk_POST('s_smtp_host_name', 'localhost'));
    $set['smtp_host_port'] = intval(hesk_POST('s_smtp_host_port', 25));
    $set['smtp_timeout'] = intval(hesk_POST('s_smtp_timeout', 10));
    $set['smtp_ssl'] = empty($_POST['s_smtp_ssl']) ? 0 : 1;
    $set['smtp_tls'] = empty($_POST['s_smtp_tls']) ? 0 : 1;
    $set['smtp_user'] = hesk_input(hesk_POST('s_smtp_user'));
    $set['smtp_password'] = hesk_input(hesk_POST('s_smtp_password'));
    // Initiate SMTP class and set parameters
    require_once HESK_PATH . 'inc/mail/smtp.php';
    $smtp = new smtp_class();
    $smtp->host_name = $set['smtp_host_name'];
    $smtp->host_port = $set['smtp_host_port'];
    $smtp->timeout = $set['smtp_timeout'];
    $smtp->ssl = $set['smtp_ssl'];
    $smtp->start_tls = $set['smtp_tls'];
    $smtp->user = $set['smtp_user'];
    $smtp->password = hesk_htmlspecialchars_decode(stripslashes($set['smtp_password']));
    $smtp->debug = 1;
    if (strlen($set['smtp_user']) || strlen($set['smtp_password'])) {
        require_once HESK_PATH . 'inc/mail/sasl/sasl.php';
    }
    $connection_OK = false;
    ob_start();
    // Test connection
    if ($smtp->Connect()) {
        // SMTP connect successful
        $connection_OK = true;
        $smtp->Disconnect();
    } else {
        global $smtp_error, $smtp_log;
        $smtp_error = ucfirst($smtp->error);
        $smtp_log = ob_get_contents();
    }
    $smtp_log = ob_get_contents();
    ob_end_clean();
    return $connection_OK;
}
Exemple #18
0
// Convert old database settings
if (isset($hesk_settings['database_user'])) {
    $hesk_settings['db_user'] = $hesk_settings['database_user'];
    $hesk_settings['db_name'] = $hesk_settings['database_name'];
    $hesk_settings['db_pass'] = $hesk_settings['database_pass'];
    $hesk_settings['db_host'] = $hesk_settings['database_host'];
}
// Set the table prefix to default for versions older than 2.0
if (!isset($hesk_settings['db_pfix'])) {
    $hesk_settings['db_pfix'] = 'hesk_';
}
// If no step is defined, start with step 1
if (!isset($_SESSION['step'])) {
    $_SESSION['step'] = 1;
} elseif ($_SESSION['step'] == 1) {
    $agree = hesk_POST('agree', '');
    if ($agree == 'YES') {
        // Are sessions working?
        if (empty($_SESSION['works'])) {
            hesk_iSessionError();
        }
        // All OK, continue
        $_SESSION['license_agree'] = 1;
        $_SESSION['step'] = 2;
    } else {
        $_SESSION['step'] = 1;
    }
}
// Test database connection?
if ($_SESSION['step'] == 3 && isset($_POST['dbtest'])) {
    $hesk_db_link = hesk_iTestDatabaseConnection();
function rename_cat()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    $_SERVER['PHP_SELF'] = 'manage_categories.php?catid=' . intval(hesk_POST('catid'));
    $catid = hesk_isNumber(hesk_POST('catid'), $hesklang['choose_cat_ren'], $_SERVER['PHP_SELF']);
    $_SESSION['selcat'] = $catid;
    $_SESSION['selcat2'] = $catid;
    $catname = hesk_input(hesk_POST('name'), $hesklang['cat_ren_name'], $_SERVER['PHP_SELF']);
    $_SESSION['catname2'] = $catname;
    $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `name` LIKE '" . hesk_dbEscape(hesk_dbLike($catname)) . "' LIMIT 1");
    if (hesk_dbNumRows($res) != 0) {
        $old = hesk_dbFetchAssoc($res);
        if ($old['id'] == $catid) {
            hesk_process_messages($hesklang['noch'], $_SERVER['PHP_SELF'], 'NOTICE');
        } else {
            hesk_process_messages($hesklang['cndupl'], $_SERVER['PHP_SELF']);
        }
    }
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `name`='" . hesk_dbEscape($catname) . "' WHERE `id`='" . intval($catid) . "' LIMIT 1");
    unset($_SESSION['selcat']);
    unset($_SESSION['catname2']);
    hesk_process_messages($hesklang['cat_renamed_to'] . ' <i>' . stripslashes($catname) . '</i>', $_SERVER['PHP_SELF'], 'SUCCESS');
}
$sql .= " WHERE `id`='{$replyto}' LIMIT 1";
hesk_dbQuery($sql);
unset($sql);
/* Update number of replies in the users table */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
// --> Prepare reply message
// 1. Generate the array with ticket info that can be used in emails
$info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $new_status, 'name' => $ticket['name'], 'lastreplier' => $_SESSION['name'], 'subject' => $ticket['subject'], 'message' => stripslashes($message), 'attachments' => $myattachments, 'dt' => hesk_date($ticket['dt']), 'lastchange' => hesk_date($ticket['lastchange']));
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
    $info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
// Notify the customer
if (!isset($_POST['no_notify']) || intval(hesk_POST('no_notify')) != 1) {
    hesk_notifyCustomer('new_reply_by_staff');
}
/* Set reply submitted message */
$_SESSION['HESK_SUCCESS'] = TRUE;
$_SESSION['HESK_MESSAGE'] = $hesklang['reply_submitted'];
if (!empty($_POST['close'])) {
    $_SESSION['HESK_MESSAGE'] .= '<br /><br />' . $hesklang['ticket_marked'] . ' <span class="resolved">' . $hesklang['closed'] . '</span>';
}
/* What to do after reply? */
if ($_SESSION['afterreply'] == 1) {
    header('Location: admin_main.php');
} elseif ($_SESSION['afterreply'] == 2) {
    /* Get the next open ticket that needs a reply */
    $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `owner` IN ('0','" . intval($_SESSION['id']) . "') AND " . hesk_myCategories() . " AND `status` IN ('0','1') ORDER BY `owner` DESC, `priority` ASC LIMIT 1");
    if (hesk_dbNumRows($res) == 1) {
Exemple #21
0
             require HESK_PATH . 'inc/secimg.inc.php';
             $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
             if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
                 //$_SESSION['img_a_verified'] = true;
             } else {
                 $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
             }
         }
     }
 }
 // Connect to database and check for brute force attempts
 hesk_load_database_functions();
 hesk_dbConnect();
 hesk_limitBfAttempts();
 // Get email
 $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email'];
 // Any errors?
 if (count($hesk_error_buffer) != 0) {
     $_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
     $tmp = '';
     foreach ($hesk_error_buffer as $error) {
         $tmp .= "<li>{$error}</li>\n";
     }
     $hesk_error_buffer = $tmp;
     $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
     hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
 } elseif (defined('HESK_DEMO')) {
     hesk_process_messages($hesklang['ddemo'], 'NOREDIRECT');
 } else {
     // Get user data from the database
     $res = hesk_dbQuery("SELECT `id`, `name`, `pass` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `email` LIKE '" . hesk_dbEscape($email) . "' LIMIT 1");
$tmpvar['attachments'] = '';
// If we have any errors lets store info in session to avoid re-typing everything
if (count($hesk_error_buffer) != 0) {
    $_SESSION['iserror'] = array_keys($hesk_error_buffer);
    $_SESSION['as_name'] = hesk_POST('name');
    $_SESSION['as_email'] = hesk_POST('email');
    $_SESSION['as_category'] = hesk_POST('category');
    $_SESSION['as_priority'] = $tmpvar['priority'];
    $_SESSION['as_subject'] = hesk_POST('subject');
    $_SESSION['as_message'] = hesk_POST('message');
    $_SESSION['as_owner'] = $tmpvar['owner'];
    $_SESSION['as_notify'] = $notify;
    $_SESSION['as_show'] = $show;
    foreach ($hesk_settings['custom_fields'] as $k => $v) {
        if ($v['use']) {
            $_SESSION["as_{$k}"] = $v['type'] == 'checkbox' ? hesk_POST_array($k) : hesk_POST($k);
        }
    }
    $tmp = '';
    foreach ($hesk_error_buffer as $error) {
        $tmp .= "<li>{$error}</li>\n";
    }
    $hesk_error_buffer = $tmp;
    // Remove any successfully uploaded attachments
    if ($hesk_settings['attachments']['use']) {
        hesk_removeAttachments($attachments);
    }
    $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
    hesk_process_messages($hesk_error_buffer, 'new_ticket.php');
}
if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
Exemple #23
0
     if (count($hesk_error_buffer)) {
         $myerror = '<ul>';
         foreach ($hesk_error_buffer as $error) {
             $myerror .= "<li>{$error}</li>\n";
         }
         $myerror .= '</ul>';
         hesk_error($myerror);
     }
     $tmpvar['message'] = hesk_makeURL($tmpvar['message']);
     $tmpvar['message'] = nl2br($tmpvar['message']);
     hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
 } else {
     $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name'];
     $tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer[] = $hesklang['enter_valid_email'];
     $tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['enter_ticket_subject'];
     $tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
     // Demo mode
     if (defined('HESK_DEMO')) {
         $tmpvar['email'] = '*****@*****.**';
     }
     if (count($hesk_error_buffer)) {
         $myerror = '<ul>';
         foreach ($hesk_error_buffer as $error) {
             $myerror .= "<li>{$error}</li>\n";
         }
         $myerror .= '</ul>';
         hesk_error($myerror);
     }
     $tmpvar['message'] = hesk_makeURL($tmpvar['message']);
     $tmpvar['message'] = nl2br($tmpvar['message']);
     foreach ($hesk_settings['custom_fields'] as $k => $v) {
function new_article()
{
    global $hesk_settings, $hesklang, $listBox;
    global $hesk_error_buffer;
    /* A security check */
    # hesk_token_check('POST');
    $_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1);
    $hesk_error_buffer = array();
    $catid = intval(hesk_POST('catid', 1));
    $type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1);
    $html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1);
    $now = hesk_date();
    // Prevent submitting duplicate articles by reloading manage_knowledgebase.php page
    if (isset($_SESSION['article_submitted'])) {
        header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid);
        exit;
    }
    $_SESSION['KB_CATEGORY'] = $catid;
    $subject = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['kb_e_subj'];
    if ($html) {
        if (empty($_POST['content'])) {
            $hesk_error_buffer[] = $hesklang['kb_e_cont'];
        }
        $content = hesk_getHTML(hesk_POST('content'));
    } else {
        $content = hesk_input(hesk_POST('content')) or $hesk_error_buffer[] = $hesklang['kb_e_cont'];
        $content = nl2br($content);
        $content = hesk_makeURL($content);
    }
    $sticky = isset($_POST['sticky']) ? 1 : 0;
    $keywords = hesk_input(hesk_POST('keywords'));
    /* Article attachments */
    define('KB', 1);
    require_once HESK_PATH . 'inc/posting_functions.inc.php';
    require_once HESK_PATH . 'inc/attachments.inc.php';
    $attachments = array();
    for ($i = 1; $i <= 3; $i++) {
        $att = hesk_uploadFile($i);
        if (!empty($att)) {
            $attachments[$i] = $att;
        }
    }
    $myattachments = '';
    /* Any errors? */
    if (count($hesk_error_buffer)) {
        // Remove any successfully uploaded attachments
        if ($hesk_settings['attachments']['use']) {
            hesk_removeAttachments($attachments);
        }
        $_SESSION['new_article'] = array('type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input(hesk_POST('content')), 'keywords' => $keywords, 'sticky' => $sticky);
        $tmp = '';
        foreach ($hesk_error_buffer as $error) {
            $tmp .= "<li>{$error}</li>\n";
        }
        $hesk_error_buffer = $tmp;
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'manage_knowledgebase.php');
    }
    $revision = sprintf($hesklang['revision1'], $now, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    /* Add to database */
    if (!empty($attachments)) {
        foreach ($attachments as $myatt) {
            hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
            $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
        }
    }
    /* Get the latest reply_order */
    $res = hesk_dbQuery("SELECT `art_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1");
    $row = hesk_dbFetchRow($res);
    $my_order = $row[0] + 10;
    /* Insert article into database */
    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES (\n    '" . intval($catid) . "',\n    NOW(),\n    '" . intval($_SESSION['id']) . "',\n    '" . hesk_dbEscape($subject) . "',\n    '" . hesk_dbEscape($content) . "',\n    '" . hesk_dbEscape($keywords) . "',\n    '" . intval($type) . "',\n    '" . intval($html) . "',\n    '" . intval($sticky) . "',\n    '" . intval($my_order) . "',\n    '" . hesk_dbEscape($revision) . "',\n    '" . hesk_dbEscape($myattachments) . "'\n    )");
    $_SESSION['artord'] = hesk_dbInsertID();
    // Update category article count
    if ($type == 0) {
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=`articles`+1 WHERE `id`='" . intval($catid) . "'");
    } else {
        if ($type == 1) {
            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='" . intval($catid) . "'");
        } else {
            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='" . intval($catid) . "'");
        }
    }
    unset($_SESSION['hide']);
    $_SESSION['article_submitted'] = 1;
    hesk_process_messages($hesklang['your_kb_added'], 'NOREDIRECT', 'SUCCESS');
    $_GET['catid'] = $catid;
    manage_category();
}
Exemple #25
0
function forgot_tid()
{
    global $hesk_settings, $hesklang;
    require HESK_PATH . 'inc/email_functions.inc.php';
    $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
    if (isset($_POST['open_only'])) {
        $hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0;
    }
    /* Prepare ticket statuses */
    $my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']);
    /* Get ticket(s) from database */
    hesk_load_database_functions();
    hesk_dbConnect();
    // Get tickets from the database
    $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC ');
    $num = hesk_dbNumRows($res);
    if ($num < 1) {
        if ($hesk_settings['open_only']) {
            hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email);
        } else {
            hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email);
        }
    }
    $tid_list = '';
    $name = '';
    $email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : '';
    while ($my_ticket = hesk_dbFetchAssoc($res)) {
        $name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0);
        $tid_list .= "\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\n";
    }
    /* Get e-mail message for customer */
    $msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1);
    $msg = str_replace('%%NAME%%', $name, $msg);
    $msg = str_replace('%%NUM%%', $num, $msg);
    $msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg);
    $msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg);
    $msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
    $subject = hesk_getEmailSubject('forgot_ticket_id');
    /* Send e-mail */
    hesk_mail($email, $subject, $msg);
    /* Show success message */
    $tmp = '<b>' . $hesklang['tid_sent'] . '!</b>';
    $tmp .= '<br />&nbsp;<br />' . $hesklang['tid_sent2'] . '.';
    $tmp .= '<br />&nbsp;<br />' . $hesklang['check_spambox'];
    hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS');
    exit;
}
    $email_body .= "<p>Ju do te njoftoheni me nje email per zgjidhjen e ceshtjes.</p>";
    $email_body .= "<p>Faleminderit!</p>";
    $email_body .= "<p>Stafi Commprog!</p>";
    //ndertojme template e emailit ne rastin kur KA probleme
    $email_body2 = "<p> Përshendetje,</p>" . "<p> U Hap Ceshtja: " . hesk_POST('subject') . " me ID: " . $ticket['id'] . "</p>";
    $email_body2 .= "<div style='color:blue'>" . hesk_POST('message') . "</div>";
    $email_body2 .= "<p>Cështja u hap nga useri: " . hesk_POST('name') . "</p>";
    $email_body2 .= "<p>KUJDES! Cështja nuk eshte e lidhur me nje projekt ne Impro. Beni lidhjen!</p>";
    $email_body2 .= "<p>Faleminderit!</p>";
    while ($u_email = hesk_dbFetchAssoc($u_emails)) {
        if (!empty($data)) {
            // Notify the customer
            hesk_notifyCustomer();
            hesk_mail($u_email['email'], hesk_POST('subject'), $email_body);
        } else {
            hesk_mail($u_email['email'], hesk_POST('subject'), $email_body2);
        }
    }
}
// Need to notify staff?
// --> From autoassign?
if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) {
    hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
} elseif (!$tmpvar['owner']) {
    hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' ");
}
// Next ticket show suggested articles again
$_SESSION['ARTICLES_SUGGESTED'] = false;
// Need email to view ticket? If yes, remember it by default
if ($hesk_settings['email_view_ticket']) {
    setcookie('hesk_myemail', $tmpvar['email'], strtotime('+1 year'));
if ($hesk_settings['attachments']['use']) {
    require HESK_PATH . 'inc/attachments.inc.php';
    $attachments = array();
    for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
        $att = hesk_uploadFile($i);
        if ($att !== false && !empty($att)) {
            $attachments[$i] = $att;
        }
    }
}
$myattachments = '';
/* Any errors? */
if (count($hesk_error_buffer) != 0) {
    $_SESSION['ticket_message'] = hesk_POST('message');
    // If this was a reply after re-opening a ticket, force the form at the top
    if (hesk_POST('reopen') == 1) {
        $_SESSION['force_form_top'] = true;
    }
    // Remove any successfully uploaded attachments
    if ($hesk_settings['attachments']['use']) {
        hesk_removeAttachments($attachments);
    }
    $tmp = '';
    foreach ($hesk_error_buffer as $error) {
        $tmp .= "<li>{$error}</li>\n";
    }
    $hesk_error_buffer = $tmp;
    $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
    hesk_process_messages($hesk_error_buffer, 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999));
}
/* Connect to database */
Exemple #28
0
function print_login()
{
    global $hesk_settings, $hesklang;
    // Tell header to load reCaptcha API if needed
    if ($hesk_settings['recaptcha_use'] == 2) {
        define('RECAPTCHA', 1);
    }
    $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['admin_login'];
    require_once HESK_PATH . 'inc/header.inc.php';
    if (hesk_isREQUEST('notice')) {
        hesk_process_messages($hesklang['session_expired'], 'NOREDIRECT');
    }
    if (!isset($_SESSION['a_iserror'])) {
        $_SESSION['a_iserror'] = array();
    }
    ?>
    <div class="loginError"><?php 
    /* This will handle error, success and notice messages */
    hesk_handle_messages();
    ?>
</div>
    <div>
    <div class="panel panel-default form-signin">
        <div class="panel-heading">
            <h4><span <?php 
    echo $iconDisplay;
    ?>
><span class="mega-octicon octicon-sign-in"></span>&nbsp;</span><?php 
    echo $hesklang['admin_login'];
    ?>
</a></h4>
        </div>
        <div class="panel-body">
            <form class="form-signin form-horizontal" role="form" action="index.php" method="post" name="form1">
                <?php 
    if (in_array('pass', $_SESSION['a_iserror'])) {
        echo '<div class="form-group has-error">';
    } else {
        echo '<div class="form-group">';
    }
    ?>
                <label for="user" class="col-sm-4 control-label"><?php 
    echo $hesklang['username'];
    ?>
:</label>
                <div class="col-sm-8">
                    <?php 
    if (defined('HESK_USER')) {
        $savedUser = HESK_USER;
    } else {
        $savedUser = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
    }
    $is_1 = '';
    $is_2 = '';
    $is_3 = '';
    $remember_user = hesk_POST('remember_user');
    if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN')) {
        $is_1 = 'checked="checked"';
    } elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER') {
        $is_2 = 'checked="checked"';
    } else {
        $is_3 = 'checked="checked"';
    }
    if ($hesk_settings['list_users']) {
        echo '<select class="form-control" name="user">';
        $res = hesk_dbQuery('SELECT `user` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` ORDER BY `user` ASC');
        while ($row = hesk_dbFetchAssoc($res)) {
            $sel = strtolower($savedUser) == strtolower($row['user']) ? 'selected="selected"' : '';
            echo '<option value="' . $row['user'] . '" ' . $sel . '>' . $row['user'] . '</option>';
        }
        echo '</select>';
    } else {
        echo '<input class="form-control" type="text" name="user" size="35" placeholder="' . htmlspecialchars($hesklang['username']) . '" value="' . $savedUser . '" />';
    }
    ?>
                </div>
            </div>
            <?php 
    if (in_array('pass', $_SESSION['a_iserror'])) {
        echo '<div class="form-group has-error">';
    } else {
        echo '<div class="form-group">';
    }
    ?>
            <label for="pass" class="col-sm-4 control-label"><?php 
    echo $hesklang['pass'];
    ?>
:</label>
            <div class="col-sm-8">
                <input type="password" class="form-control" id="pass" name="pass" size="35" placeholder="<?php 
    echo htmlspecialchars($hesklang['pass']);
    ?>
"  />
            </div>
        </div>
            <?php 
    if ($hesk_settings['secimg_use'] == 2) {
        // SPAM prevention verified for this session
        if (isset($_SESSION['img_a_verified'])) {
            echo '<img src="' . HESK_PATH . 'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> ' . $hesklang['vrfy'];
        } elseif ($hesk_settings['recaptcha_use'] == 1) {
            ?>
                    <script type="text/javascript">
                        var RecaptchaOptions = {
                            theme : '<?php 
            echo isset($_SESSION['a_iserror']) && in_array('mysecnum', $_SESSION['a_iserror']) ? 'red' : 'white';
            ?>
',
                            custom_translations : {
                                visual_challenge : "<?php 
            echo hesk_slashJS($hesklang['visual_challenge']);
            ?>
",
                                audio_challenge : "<?php 
            echo hesk_slashJS($hesklang['audio_challenge']);
            ?>
",
                                refresh_btn : "<?php 
            echo hesk_slashJS($hesklang['refresh_btn']);
            ?>
",
                                instructions_visual : "<?php 
            echo hesk_slashJS($hesklang['instructions_visual']);
            ?>
",
                                instructions_context : "<?php 
            echo hesk_slashJS($hesklang['instructions_context']);
            ?>
",
                                instructions_audio : "<?php 
            echo hesk_slashJS($hesklang['instructions_audio']);
            ?>
",
                                help_btn : "<?php 
            echo hesk_slashJS($hesklang['help_btn']);
            ?>
",
                                play_again : "<?php 
            echo hesk_slashJS($hesklang['play_again']);
            ?>
",
                                cant_hear_this : "<?php 
            echo hesk_slashJS($hesklang['cant_hear_this']);
            ?>
",
                                incorrect_try_again : "<?php 
            echo hesk_slashJS($hesklang['incorrect_try_again']);
            ?>
",
                                image_alt_text : "<?php 
            echo hesk_slashJS($hesklang['image_alt_text']);
            ?>
"
                            }
                        };
                    </script>
                    <?php 
            require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
            echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">';
            echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
            echo '</div></div>';
        } elseif ($hesk_settings['recaptcha_use'] == 2) {
            ?>
                    <div class="form-group">
                        <div class="col-md-8 col-md-offset-4">
                            <div class="g-recaptcha" data-sitekey="<?php 
            echo $hesk_settings['recaptcha_public_key'];
            ?>
"></div>
                        </div>
                    </div>
                <?php 
        } else {
            echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">';
            $cls = in_array('mysecnum', $_SESSION['a_iserror']) ? ' class="isError" ' : '';
            echo $hesklang['sec_enter'] . '<br />&nbsp;<br /><img src="' . HESK_PATH . 'print_sec_img.php?' . rand(10000, 99999) . '" width="150" height="40" alt="' . $hesklang['sec_img'] . '" title="' . $hesklang['sec_img'] . '" border="1" name="secimg" style="vertical-align:text-bottom" /> ' . '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\'' . HESK_PATH . 'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="' . HESK_PATH . 'img/reload.png" height="24" width="24" alt="' . $hesklang['reload'] . '" title="' . $hesklang['reload'] . '" border="0" style="vertical-align:text-bottom" /></a>' . '<br />&nbsp;<br /><input type="text" name="mysecnum" size="20" maxlength="5" ' . $cls . ' />';
            echo '</div></div>';
        }
    }
    // End if $hesk_settings['secimg_use'] == 2
    if ($hesk_settings['autologin']) {
        ?>
                <div class="form-group">
                    <div class="col-md-offset-4 col-md-8">
                        <div class="radio">
                            <label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php 
        echo $is_1;
        ?>
 /> <?php 
        echo $hesklang['autologin'];
        ?>
</label>
                        </div>
                        <div class="radio">
                            <label><input type="radio" name="remember_user" value="JUSTUSER" <?php 
        echo $is_2;
        ?>
 /> <?php 
        echo $hesklang['just_user'];
        ?>
</label>
                        </div>
                        <div class="radio">
                            <label><input type="radio" name="remember_user" value="NOTHANKS" <?php 
        echo $is_3;
        ?>
 /> <?php 
        echo $hesklang['nothx'];
        ?>
</label>
                        </div>
                    </div>
                </div>
            <?php 
    } else {
        ?>
                <div class="form-group">
                    <div class="col-md-offset-4 col-md-8">
                        <div class="checkbox">
                            <label><input type="checkbox" name="remember_user" value="JUSTUSER" <?php 
        echo $is_2;
        ?>
 /> <?php 
        echo $hesklang['remember_user'];
        ?>
</label>
                        </div>
                    </div>
                </div>
            <?php 
    }
    // End if $hesk_settings['autologin']
    ?>
            <div class="form-group">
                <div class="col-md-offset-4 col-md-8">
                    <input type="submit" value="<?php 
    echo $hesklang['click_login'];
    ?>
" class="btn btn-default" />
                    <input type="hidden" name="a" value="do_login" />
                    <?php 
    if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) {
        echo '<input type="hidden" name="goto" value="' . $url . '" />';
    }
    // Do we allow staff password reset?
    if ($hesk_settings['reset_pass']) {
        echo '<br />&nbsp;<br /><a href="password.php" class="smaller">' . $hesklang['fpass'] . '</a>';
    }
    ?>
                </div>
            </div>

            </form>
        </div>
    </div>

    </div>

    <p>&nbsp;</p>

	<?php 
    hesk_cleanSessionVars('a_iserror');
    require_once HESK_PATH . 'inc/footer.inc.php';
    exit;
}
Exemple #29
0
function update_profile()
{
    global $hesk_settings, $hesklang, $can_view_unassigned;
    /* A security check */
    hesk_token_check('POST');
    $sql_pass = '';
    $sql_username = '';
    $hesk_error_buffer = '';
    $_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
    $_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
    $_SESSION['new']['signature'] = hesk_input(hesk_POST('signature'));
    /* Signature */
    if (strlen($_SESSION['new']['signature']) > 255) {
        $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
    }
    /* Admins can change username */
    if ($_SESSION['isadmin']) {
        $_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
        /* Check for duplicate usernames */
        $result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1");
        if (hesk_dbNumRows($result) != 0) {
            $hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
        } else {
            $sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'";
        }
    }
    /* Change password? */
    $newpass = hesk_input(hesk_POST('newpass'));
    $passlen = strlen($newpass);
    if ($passlen > 0) {
        /* At least 5 chars? */
        if ($passlen < 5) {
            $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
        } else {
            $newpass2 = hesk_input(hesk_POST('newpass2'));
            if ($newpass != $newpass2) {
                $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
            } else {
                $v = hesk_Pass2Hash($newpass);
                if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
                    define('WARN_PASSWORD', true);
                }
                $sql_pass = '******'' . $v . '\'';
            }
        }
    }
    /* After reply */
    $_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply'));
    if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) {
        $_SESSION['new']['afterreply'] = 0;
    }
    /* Auto-start ticket timer */
    $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
    /* Notifications */
    $_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1;
    $_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
    $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1;
    $_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
    $_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
    $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
    $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
    /* Any errors? */
    if (strlen($hesk_error_buffer)) {
        /* Process the session variables */
        $_SESSION['new'] = hesk_stripArray($_SESSION['new']);
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
    } else {
        /* Update database */
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n\t    `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\r\n\t    `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\r\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\r\n        {$sql_username}\r\n\t\t{$sql_pass} ,\r\n\t    `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,\r\n        `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,\r\n\t    `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,\r\n        `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,\r\n        `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,\r\n        `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,\r\n        `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,\r\n        `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',\r\n        `notify_note`='" . intval($_SESSION['new']['notify_note']) . "'\r\n\t    WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
        /* Process the session variables */
        $_SESSION['new'] = hesk_stripArray($_SESSION['new']);
        /* Update session variables */
        foreach ($_SESSION['new'] as $k => $v) {
            $_SESSION[$k] = $v;
        }
        unset($_SESSION['new']);
        hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS');
    }
}
Exemple #30
0
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
require HESK_PATH . 'inc/email_functions.inc.php';
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_change_cat');
/* A security check */
hesk_token_check('POST');
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
/* Category ID */
$category = intval(hesk_POST('category', -1));
if ($category < 1) {
    hesk_process_messages($hesklang['incat'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'NOTICE');
}
/* Get new category details */
$res = hesk_dbQuery("SELECT `name`,`autoassign` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='{$category}' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
    hesk_error("{$hesklang['int_error']}: {$hesklang['kb_cat_inv']}.");
}
$row = hesk_dbFetchAssoc($res);
/* Should tickets in new category be auto-assigned if necessary? */
if (!$row['autoassign']) {
    $hesk_settings['autoassign'] = false;
}
/* Is user allowed to view tickets in new category? */
$category_ok = hesk_okCategory($category, 0);