function hesk_verifyGoto() { // Default redirect URL $url_default = 'admin_main.php'; // If no "goto" parameter is set, redirect to the default page if (!hesk_isREQUEST('goto')) { return $url_default; } // Get the "goto" parameter $url = hesk_REQUEST('goto'); // Fix encoded "&" $url = str_replace('&', '&', $url); // Parse the URL for verification $url_parts = parse_url($url); // The "path" part is required if (!isset($url_parts['path'])) { return $url_default; } // Extract the file name from path $url = basename($url_parts['path']); // Allowed files for redirect $OK_urls = array('admin_main.php' => '', 'admin_settings.php' => '', 'admin_settings_save.php' => 'admin_settings.php', 'admin_ticket.php' => '', 'archive.php' => '', 'assign_owner.php' => '', 'change_status.php' => '', 'edit_post.php' => '', 'export.php' => '', 'find_tickets.php' => '', 'generate_spam_question.php' => '', 'knowledgebase_private.php' => '', 'lock.php' => '', 'mail.php' => '', 'manage_canned.php' => '', 'manage_categories.php' => '', 'manage_knowledgebase.php' => '', 'manage_users.php' => '', 'new_ticket.php' => '', 'profile.php' => '', 'reports.php' => '', 'show_tickets.php' => ''); // URL must match one of the allowed ones if (!isset($OK_urls[$url])) { return $url_default; } // Modify redirect? if (strlen($OK_urls[$url])) { $url = $OK_urls[$url]; } // All OK, return the URL with query if set return isset($url_parts['query']) ? $url . '?' . $url_parts['query'] : $url; }
* is expressly forbidden. To remove HESK copyright notice you must purchase * a license for this script. For more information on how to obtain * a license please visit the page below: * https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', './'); // Get all the required files and functions require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; // Are we in maintenance mode? hesk_check_maintenance(); // Are we in "Knowledgebase only" mode? hesk_check_kb_only(); // What should we do? $action = hesk_REQUEST('a'); switch ($action) { case 'add': hesk_session_start(); print_add_ticket(); break; case 'forgot_tid': hesk_session_start(); forgot_tid(); break; default: print_start(); } // Print footer require_once HESK_PATH . 'inc/footer.inc.php'; exit;
define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_service_msg'); // Define required constants define('LOAD_TABS', 1); define('WYSIWYG', 1); // What should we do? if ($action = hesk_REQUEST('a')) { if ($action == 'edit_sm') { edit_sm(); } elseif (defined('HESK_DEMO')) { hesk_process_messages($hesklang['ddemo'], 'service_messages.php', 'NOTICE'); } elseif ($action == 'new_sm') { new_sm(); } elseif ($action == 'save_sm') { save_sm(); } elseif ($action == 'order_sm') { order_sm(); } elseif ($action == 'remove_sm') { remove_sm(); } } /* Print header */
$is_reply = 0; $tmpvar = array(); /* Get ticket info */ $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_error($hesklang['ticket_not_found']); } $ticket = hesk_dbFetchAssoc($result); // Demo mode if (defined('HESK_DEMO')) { $ticket['email'] = '*****@*****.**'; } /* Is this user allowed to view tickets inside this category? */ hesk_okCategory($ticket['category']); if (hesk_isREQUEST('reply')) { $tmpvar['id'] = intval(hesk_REQUEST('reply')) or die($hesklang['id_not_valid']); $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='{$tmpvar['id']}' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_error($hesklang['id_not_valid']); } $reply = hesk_dbFetchAssoc($result); $ticket['message'] = $reply['message']; $is_reply = 1; } if (isset($_POST['save'])) { /* A security check */ hesk_token_check('POST'); $hesk_error_buffer = array(); if ($is_reply) { $tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message']; if (count($hesk_error_buffer)) {
* https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Print XML header */ header('Content-Type: text/html; charset=' . $hesklang['ENCODING']); /* Get the search query composed of the subject and message */ $query = hesk_REQUEST('q') or die(''); /* Get relevant articles from the database, include private ones */ $res = hesk_dbQuery("SELECT `id`, `subject`, `content` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('" . hesk_dbEscape($query) . "') LIMIT " . intval($hesk_settings['kb_search_limit'])); $num = hesk_dbNumRows($res); /* Solve some spacing issues */ if (hesk_isREQUEST('p')) { echo ' <br />'; } /* Return found articles */ ?> <div class="conatiner notice"> <span style="font-size:12px;font-weight:bold"><?php echo $hesklang['sc']; ?> :</span><br /> <br /> <?php
function print_login() { global $hesk_settings, $hesklang; // Tell header to load reCaptcha API if needed if ($hesk_settings['recaptcha_use'] == 2) { define('RECAPTCHA', 1); } $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['admin_login']; require_once HESK_PATH . 'inc/header.inc.php'; if (hesk_isREQUEST('notice')) { hesk_process_messages($hesklang['session_expired'], 'NOREDIRECT'); } if (!isset($_SESSION['a_iserror'])) { $_SESSION['a_iserror'] = array(); } ?> <div class="loginError"><?php /* This will handle error, success and notice messages */ hesk_handle_messages(); ?> </div> <div> <div class="panel panel-default form-signin"> <div class="panel-heading"> <h4><span <?php echo $iconDisplay; ?> ><span class="mega-octicon octicon-sign-in"></span> </span><?php echo $hesklang['admin_login']; ?> </a></h4> </div> <div class="panel-body"> <form class="form-signin form-horizontal" role="form" action="index.php" method="post" name="form1"> <?php if (in_array('pass', $_SESSION['a_iserror'])) { echo '<div class="form-group has-error">'; } else { echo '<div class="form-group">'; } ?> <label for="user" class="col-sm-4 control-label"><?php echo $hesklang['username']; ?> :</label> <div class="col-sm-8"> <?php if (defined('HESK_USER')) { $savedUser = HESK_USER; } else { $savedUser = hesk_htmlspecialchars(hesk_COOKIE('hesk_username')); } $is_1 = ''; $is_2 = ''; $is_3 = ''; $remember_user = hesk_POST('remember_user'); if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN')) { $is_1 = 'checked="checked"'; } elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER') { $is_2 = 'checked="checked"'; } else { $is_3 = 'checked="checked"'; } if ($hesk_settings['list_users']) { echo '<select class="form-control" name="user">'; $res = hesk_dbQuery('SELECT `user` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` ORDER BY `user` ASC'); while ($row = hesk_dbFetchAssoc($res)) { $sel = strtolower($savedUser) == strtolower($row['user']) ? 'selected="selected"' : ''; echo '<option value="' . $row['user'] . '" ' . $sel . '>' . $row['user'] . '</option>'; } echo '</select>'; } else { echo '<input class="form-control" type="text" name="user" size="35" placeholder="' . htmlspecialchars($hesklang['username']) . '" value="' . $savedUser . '" />'; } ?> </div> </div> <?php if (in_array('pass', $_SESSION['a_iserror'])) { echo '<div class="form-group has-error">'; } else { echo '<div class="form-group">'; } ?> <label for="pass" class="col-sm-4 control-label"><?php echo $hesklang['pass']; ?> :</label> <div class="col-sm-8"> <input type="password" class="form-control" id="pass" name="pass" size="35" placeholder="<?php echo htmlspecialchars($hesklang['pass']); ?> " /> </div> </div> <?php if ($hesk_settings['secimg_use'] == 2) { // SPAM prevention verified for this session if (isset($_SESSION['img_a_verified'])) { echo '<img src="' . HESK_PATH . 'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> ' . $hesklang['vrfy']; } elseif ($hesk_settings['recaptcha_use'] == 1) { ?> <script type="text/javascript"> var RecaptchaOptions = { theme : '<?php echo isset($_SESSION['a_iserror']) && in_array('mysecnum', $_SESSION['a_iserror']) ? 'red' : 'white'; ?> ', custom_translations : { visual_challenge : "<?php echo hesk_slashJS($hesklang['visual_challenge']); ?> ", audio_challenge : "<?php echo hesk_slashJS($hesklang['audio_challenge']); ?> ", refresh_btn : "<?php echo hesk_slashJS($hesklang['refresh_btn']); ?> ", instructions_visual : "<?php echo hesk_slashJS($hesklang['instructions_visual']); ?> ", instructions_context : "<?php echo hesk_slashJS($hesklang['instructions_context']); ?> ", instructions_audio : "<?php echo hesk_slashJS($hesklang['instructions_audio']); ?> ", help_btn : "<?php echo hesk_slashJS($hesklang['help_btn']); ?> ", play_again : "<?php echo hesk_slashJS($hesklang['play_again']); ?> ", cant_hear_this : "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?> ", incorrect_try_again : "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?> ", image_alt_text : "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?> " } }; </script> <?php require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php'; echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">'; echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true); echo '</div></div>'; } elseif ($hesk_settings['recaptcha_use'] == 2) { ?> <div class="form-group"> <div class="col-md-8 col-md-offset-4"> <div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?> "></div> </div> </div> <?php } else { echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">'; $cls = in_array('mysecnum', $_SESSION['a_iserror']) ? ' class="isError" ' : ''; echo $hesklang['sec_enter'] . '<br /> <br /><img src="' . HESK_PATH . 'print_sec_img.php?' . rand(10000, 99999) . '" width="150" height="40" alt="' . $hesklang['sec_img'] . '" title="' . $hesklang['sec_img'] . '" border="1" name="secimg" style="vertical-align:text-bottom" /> ' . '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\'' . HESK_PATH . 'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="' . HESK_PATH . 'img/reload.png" height="24" width="24" alt="' . $hesklang['reload'] . '" title="' . $hesklang['reload'] . '" border="0" style="vertical-align:text-bottom" /></a>' . '<br /> <br /><input type="text" name="mysecnum" size="20" maxlength="5" ' . $cls . ' />'; echo '</div></div>'; } } // End if $hesk_settings['secimg_use'] == 2 if ($hesk_settings['autologin']) { ?> <div class="form-group"> <div class="col-md-offset-4 col-md-8"> <div class="radio"> <label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php echo $is_1; ?> /> <?php echo $hesklang['autologin']; ?> </label> </div> <div class="radio"> <label><input type="radio" name="remember_user" value="JUSTUSER" <?php echo $is_2; ?> /> <?php echo $hesklang['just_user']; ?> </label> </div> <div class="radio"> <label><input type="radio" name="remember_user" value="NOTHANKS" <?php echo $is_3; ?> /> <?php echo $hesklang['nothx']; ?> </label> </div> </div> </div> <?php } else { ?> <div class="form-group"> <div class="col-md-offset-4 col-md-8"> <div class="checkbox"> <label><input type="checkbox" name="remember_user" value="JUSTUSER" <?php echo $is_2; ?> /> <?php echo $hesklang['remember_user']; ?> </label> </div> </div> </div> <?php } // End if $hesk_settings['autologin'] ?> <div class="form-group"> <div class="col-md-offset-4 col-md-8"> <input type="submit" value="<?php echo $hesklang['click_login']; ?> " class="btn btn-default" /> <input type="hidden" name="a" value="do_login" /> <?php if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) { echo '<input type="hidden" name="goto" value="' . $url . '" />'; } // Do we allow staff password reset? if ($hesk_settings['reset_pass']) { echo '<br /> <br /><a href="password.php" class="smaller">' . $hesklang['fpass'] . '</a>'; } ?> </div> </div> </form> </div> </div> </div> <p> </p> <?php hesk_cleanSessionVars('a_iserror'); require_once HESK_PATH . 'inc/footer.inc.php'; exit; }
require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_reply_tickets'); /* A security check */ hesk_token_check(); /* Ticket ID */ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']); /* Valid statuses */ $status_options = array(0 => $hesklang['open'], 1 => $hesklang['wait_reply'], 2 => $hesklang['replied'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']); /* New status */ $status = intval(hesk_REQUEST('s')); if (!isset($status_options[$status])) { hesk_process_messages($hesklang['instat'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE'); } $locked = 0; if ($status == 3) { $action = $hesklang['ticket_been'] . ' ' . $hesklang['closed']; $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); if ($hesk_settings['custopen'] != 1) { $locked = 1; } // Notify customer of closed ticket? if ($hesk_settings['notify_closed']) { // Get ticket info $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 1) {
define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); // Ticket ID $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']); // Note ID $noteID = intval(hesk_REQUEST('note')) or die($hesklang['int_error'] . ': ' . $hesklang['mis_note']); // Get ticket info $result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_error($hesklang['ticket_not_found']); } $ticket = hesk_dbFetchAssoc($result); // Get note info $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}"); if (hesk_dbNumRows($result) != 1) { hesk_error($hesklang['no_note']); } $note = hesk_dbFetchAssoc($result); // Make sure the note matches the ticket and the user has permission to edit it if ($note['ticket'] != $ticket['id'] || !hesk_checkPermission('can_del_notes', 0) && $note['who'] != $_SESSION['id']) { hesk_error($hesklang['perm_deny']);
define('IN_SCRIPT', 1); define('HESK_PATH', './'); // Get all the required files and functions require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; // Feature enabled? if (!$hesk_settings['detect_typos']) { die(''); } // Print XML header header('Content-Type: text/html; charset=' . $hesklang['ENCODING']); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // Get the search query composed of the subject and message $address = hesk_REQUEST('e') or die(''); $div = 1; // Do we allow multiple emails? If yes, check all if ($hesk_settings['multi_eml']) { // Make sure the format is correct $address = preg_replace('/\\s/', '', $address); $address = str_replace(';', ',', $address); // Loops through emails and check for typos $div = 1; $all = explode(',', $address); foreach ($all as $address) { if (($suggest = hesk_emailTypo($address)) !== false) { hesk_emailTypoShow($address, $suggest, $div); $div++; } }
function hesk_autoLogin($noredirect = 0) { global $hesk_settings, $hesklang, $hesk_db_link; if (!$hesk_settings['autologin']) { return false; } $user = hesk_htmlspecialchars(hesk_COOKIE('hesk_username')); $hash = hesk_htmlspecialchars(hesk_COOKIE('hesk_p')); define('HESK_USER', $user); if (empty($user) || empty($hash)) { return false; } /* Login cookies exist, now lets limit brute force attempts */ hesk_limitBfAttempts(); /* Check username */ $result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { setcookie('hesk_username', ''); setcookie('hesk_p', ''); header('Location: index.php?a=login¬ice=1'); exit; } $res = hesk_dbFetchAssoc($result); foreach ($res as $k => $v) { $_SESSION[$k] = $v; } /* Check password */ if ($hash != hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass'])) { setcookie('hesk_username', ''); setcookie('hesk_p', ''); header('Location: index.php?a=login¬ice=1'); exit; } /* Check if default password */ if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') { hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE'); } unset($_SESSION['pass']); /* Login successful, clean brute force attempts */ hesk_cleanBfAttempts(); /* Regenerate session ID (security) */ hesk_session_regenerate_id(); /* Get allowed categories */ if (empty($_SESSION['isadmin'])) { $_SESSION['categories'] = explode(',', $_SESSION['categories']); } /* Renew cookies */ setcookie('hesk_username', "{$user}", strtotime('+1 year')); setcookie('hesk_p', "{$hash}", strtotime('+1 year')); /* Close any old tickets here so Cron jobs aren't necessary */ if ($hesk_settings['autoclose']) { $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']); $dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400); hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' "); } /* If session expired while a HESK page is open just continue using it, don't redirect */ if ($noredirect) { return true; } /* Redirect to the destination page */ if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) { $url = str_replace('&', '&', $url); header('Location: ' . $url); } else { header('Location: admin_main.php'); } exit; }
function print_login() { global $hesk_settings, $hesklang; $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['admin_login']; require_once HESK_PATH . 'inc/header.inc.php'; if (hesk_isREQUEST('notice')) { hesk_process_messages($hesklang['session_expired'], 'NOREDIRECT'); } if (!isset($_SESSION['a_iserror'])) { $_SESSION['a_iserror'] = array(); } ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="3"><img src="../img/headerleftsm.jpg" width="3" height="25" alt="" /></td> <td class="headersm"><?php echo $hesklang['login']; ?> </td> <td width="3"><img src="../img/headerrightsm.jpg" width="3" height="25" alt="" /></td> </tr> </table> <table width="100%" border="0" cellspacing="0" cellpadding="3"> <tr> <td><span class="smaller"><a href="<?php echo $hesk_settings['site_url']; ?> " class="smaller"><?php echo $hesk_settings['site_title']; ?> </a> > <?php echo $hesklang['admin_login']; ?> </span></td> </tr> </table> </td> </tr> <tr> <td> <br /> <?php /* This will handle error, success and notice messages */ hesk_handle_messages(); ?> <br /> <div align="center"> <table border="0" cellspacing="0" cellpadding="0" width="<?php echo $hesk_settings['secimg_use'] == 2 ? '60' : '50'; ?> % "> <tr> <td width="7" height="7"><img src="../img/roundcornerslt.jpg" width="7" height="7" alt="" /></td> <td class="roundcornerstop"></td> <td><img src="../img/roundcornersrt.jpg" width="7" height="7" alt="" /></td> </tr> <tr> <td class="roundcornersleft"> </td> <td> <form action="index.php" method="post" name="form1"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="60" style="text-align:center"><img src="../img/login.png" alt="" width="24" height="24" /></td> <td> <p><b><?php echo $hesklang['admin_login']; ?> </a></b></p> </td> </tr> <tr> <td width="60"> </td> <td> </td> </tr> <tr> <td width="60"> </td> <td><?php echo $hesklang['username']; ?> :<br /> <?php $cls = in_array('user', $_SESSION['a_iserror']) ? ' class="isError" ' : ''; if (defined('HESK_USER')) { $savedUser = HESK_USER; } else { $savedUser = hesk_htmlspecialchars(hesk_COOKIE('hesk_username')); } $is_1 = ''; $is_2 = ''; $is_3 = ''; $remember_user = hesk_POST('remember_user'); if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN')) { $is_1 = 'checked="checked"'; } elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER') { $is_2 = 'checked="checked"'; } else { $is_3 = 'checked="checked"'; } if ($hesk_settings['list_users']) { echo '<select name="user" ' . $cls . '>'; $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` ORDER BY `user` ASC'); while ($row = hesk_dbFetchAssoc($res)) { $sel = strtolower($savedUser) == strtolower($row['user']) ? 'selected="selected"' : ''; echo '<option value="' . $row['user'] . '" ' . $sel . '>' . $row['user'] . '</option>'; } echo '</select>'; } else { echo '<input type="text" name="user" size="35" value="' . $savedUser . '" ' . $cls . ' />'; } ?> </td> </tr> <tr> <td width="60"> </td> <td> </td> </tr> <tr> <td width="60"> </td> <td><?php echo $hesklang['pass']; ?> :<br /><input type="password" name="pass" size="35" <?php if (in_array('pass', $_SESSION['a_iserror'])) { echo ' class="isError" '; } ?> /></td> </tr> <?php if ($hesk_settings['secimg_use'] == 2) { ?> <tr> <td width="60"> </td> <td> <hr /> <?php // SPAM prevention verified for this session if (isset($_SESSION['img_a_verified'])) { echo '<img src="' . HESK_PATH . 'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> ' . $hesklang['vrfy']; } elseif ($hesk_settings['recaptcha_use']) { ?> <script type="text/javascript"> var RecaptchaOptions = { theme : '<?php echo isset($_SESSION['a_iserror']) && in_array('mysecnum', $_SESSION['a_iserror']) ? 'red' : 'white'; ?> ', custom_translations : { visual_challenge : "<?php echo hesk_slashJS($hesklang['visual_challenge']); ?> ", audio_challenge : "<?php echo hesk_slashJS($hesklang['audio_challenge']); ?> ", refresh_btn : "<?php echo hesk_slashJS($hesklang['refresh_btn']); ?> ", instructions_visual : "<?php echo hesk_slashJS($hesklang['instructions_visual']); ?> ", instructions_context : "<?php echo hesk_slashJS($hesklang['instructions_context']); ?> ", instructions_audio : "<?php echo hesk_slashJS($hesklang['instructions_audio']); ?> ", help_btn : "<?php echo hesk_slashJS($hesklang['help_btn']); ?> ", play_again : "<?php echo hesk_slashJS($hesklang['play_again']); ?> ", cant_hear_this : "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?> ", incorrect_try_again : "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?> ", image_alt_text : "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?> ", }, }; </script> <?php require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php'; echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, $hesk_settings['recaptcha_ssl']); } else { $cls = in_array('mysecnum', $_SESSION['a_iserror']) ? ' class="isError" ' : ''; echo $hesklang['sec_enter'] . '<br /> <br /><img src="' . HESK_PATH . 'print_sec_img.php?' . rand(10000, 99999) . '" width="150" height="40" alt="' . $hesklang['sec_img'] . '" title="' . $hesklang['sec_img'] . '" border="1" name="secimg" style="vertical-align:text-bottom" /> ' . '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\'' . HESK_PATH . 'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="' . HESK_PATH . 'img/reload.png" height="24" width="24" alt="' . $hesklang['reload'] . '" title="' . $hesklang['reload'] . '" border="0" style="vertical-align:text-bottom" /></a>' . '<br /> <br /><input type="text" name="mysecnum" size="20" maxlength="5" ' . $cls . ' />'; } ?> <hr /> </td> </tr> <?php } else { ?> <tr> <td width="60"> </td> <td> </td> </tr> <?php } // End if $hesk_settings['secimg_use'] == 2 if ($hesk_settings['autologin']) { ?> <tr> <td width="60"> </td> <td><label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php echo $is_1; ?> /> <?php echo $hesklang['autologin']; ?> </label><br /> <label><input type="radio" name="remember_user" value="JUSTUSER" <?php echo $is_2; ?> /> <?php echo $hesklang['just_user']; ?> </label><br /> <label><input type="radio" name="remember_user" value="NOTHANKS" <?php echo $is_3; ?> /> <?php echo $hesklang['nothx']; ?> </label></td> </tr> <?php } else { ?> <tr> <td width="60"> </td> <td><label><input type="checkbox" name="remember_user" value="JUSTUSER" <?php echo $is_2; ?> /> <?php echo $hesklang['remember_user']; ?> </label></td> </tr> <?php } // End if $hesk_settings['autologin'] ?> <tr> <td width="60"> </td> <td> </td> </tr> <tr> <td width="60"> </td> <td><input type="submit" value="<?php echo $hesklang['click_login']; ?> " class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /> <input type="hidden" name="a" value="do_login" /> <?php if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) { echo '<input type="hidden" name="goto" value="' . $url . '" />'; } ?> <br /> </td> </tr> </table> </form> </td> <td class="roundcornersright"> </td> </tr> <tr> <td><img src="../img/roundcornerslb.jpg" width="7" height="7" alt="" /></td> <td class="roundcornersbottom"></td> <td width="7" height="7"><img src="../img/roundcornersrb.jpg" width="7" height="7" alt="" /></td> </tr> </table> </div> <p> </p> <?php hesk_cleanSessionVars('a_iserror'); require_once HESK_PATH . 'inc/footer.inc.php'; exit; }
function hesk_token_check($method = 'GET', $show_error = 1) { // Get the token $my_token = hesk_REQUEST('token'); // Verify it or throw an error if (!hesk_token_compare($my_token)) { if ($show_error) { global $hesk_settings, $hesklang; hesk_error($hesklang['eto']); } else { return false; } } return true; }
function ban_email() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get the email $email = strtolower(hesk_input(hesk_REQUEST('email'))); // Nothing entered? if (!strlen($email)) { hesk_process_messages($hesklang['enterbanemail'], 'banned_emails.php'); } // Only allow one email to be entered $email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email; $email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email; // Validate email address $hesk_settings['multi_eml'] = 0; if (!hesk_validateEmail($email, '', 0) && !verify_email_domain($email)) { hesk_process_messages($hesklang['validbanemail'], 'banned_emails.php'); } // Redirect either to banned emails or ticket page from now on $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php'; // Prevent duplicate rows if ($_SESSION['ban_email']['id'] = hesk_isBannedEmail($email)) { hesk_process_messages(sprintf($hesklang['emailbanexists'], $email), $redirect_to, 'NOTICE'); } // Insert the email address into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` (`email`,`banned_by`) VALUES ('" . hesk_dbEscape($email) . "','" . intval($_SESSION['id']) . "')"); // Remember email that got banned $_SESSION['ban_email']['id'] = hesk_dbInsertID(); // Show success hesk_process_messages(sprintf($hesklang['email_banned'], $email), $redirect_to, 'SUCCESS'); }
$can_assign_self = TRUE; } else { $can_assign_self = hesk_checkPermission('can_assign_self', 0); } /* A security check */ hesk_token_check(); /* Ticket ID */ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']); $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { hesk_error($hesklang['ticket_not_found']); } $ticket = hesk_dbFetchAssoc($res); $_SERVER['PHP_SELF'] = 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999); /* New owner ID */ $owner = intval(hesk_REQUEST('owner')); /* If ID is -1 the ticket will be unassigned */ if ($owner == -1) { $revision = sprintf($hesklang['thist2'], hesk_date(), '<i>' . $hesklang['unas'] . '</i>', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); hesk_process_messages($hesklang['tunasi2'], $_SERVER['PHP_SELF'], 'SUCCESS'); } elseif ($owner < 1) { hesk_process_messages($hesklang['nose'], $_SERVER['PHP_SELF'], 'NOTICE'); } /* Verify the new owner and permissions */ $res = hesk_dbQuery("SELECT `id`,`user`,`name`,`email`,`isadmin`,`categories`,`notify_assigned` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='{$owner}' LIMIT 1"); $row = hesk_dbFetchAssoc($res); /* Has new owner access to the category? */ if (!$row['isadmin']) { $row['categories'] = explode(',', $row['categories']); if (!in_array($ticket['category'], $row['categories'])) {
function print_login() { global $hesk_settings, $hesklang; // Tell header to load reCaptcha API if needed if ($hesk_settings['recaptcha_use'] == 2) { define('RECAPTCHA', 1); } $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['admin_login']; require_once HESK_PATH . 'inc/header.inc.php'; if (hesk_isREQUEST('notice')) { hesk_process_messages($hesklang['session_expired'], 'NOREDIRECT'); } if (!isset($_SESSION['a_iserror'])) { $_SESSION['a_iserror'] = array(); } ?> <nav class="row navbar navbar-default" id="showTopBar-indexPhp"> <div class="menu-wrapper"> <div class="container showTopBar"><?php hesk_showTopBar($hesk_settings['hesk_title']); ?> </div> </div><!-- end showTopBar-indexPhp --> </nav> <div class="container siteUrl-title-admin-indexPhp"> <div class="form-inline"> <span><a href="<?php echo $hesk_settings['site_url']; ?> " class="smaller"><?php echo $hesk_settings['site_title']; ?> </a></span> > <span><?php echo $hesklang['admin_login']; ?> </span> </div> </div> <!-- </td> </tr>--> <!-- start in this page end somewhere... <tr> <td>--> <br/> <br/> <br/> <?php /* This will handle error, success and notice messages */ hesk_handle_messages(); ?> <div class="container"> <div class="col-sm-5 admin-login-top-latest-kb"> <div class="form-group admin-login"> <br/> <div class="container form-group"> <form action="index.php" method="post" name="form1"> <div id="ad-log"><b><?php echo $hesklang['admin_login']; ?> </a></b></div> </br> <div class="form-inline"> <h4><label class="control-label" for="username-admin"><?php echo $hesklang['username']; ?> :</label></h4> <?php $cls = in_array('user', $_SESSION['a_iserror']) ? ' class="isError" ' : ''; if (defined('HESK_USER')) { $savedUser = HESK_USER; } else { $savedUser = hesk_htmlspecialchars(hesk_COOKIE('hesk_username')); } $is_1 = ''; $is_2 = ''; $is_3 = ''; $remember_user = hesk_POST('remember_user'); if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN')) { $is_1 = 'checked="checked"'; } elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER') { $is_2 = 'checked="checked"'; } else { $is_3 = 'checked="checked"'; } if ($hesk_settings['list_users']) { echo '<select name="user" ' . $cls . '>'; $res = hesk_dbQuery('SELECT `user` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` ORDER BY `user` ASC'); while ($row = hesk_dbFetchAssoc($res)) { $sel = strtolower($savedUser) == strtolower($row['user']) ? 'selected="selected"' : ''; echo '<option value="' . $row['user'] . '" ' . $sel . '>' . $row['user'] . '</option>'; } echo '</select>'; } else { echo '<input class="form-control" id="username-admin" type="text" name="user" size="35" value="' . $savedUser . '" ' . $cls . ' />'; } ?> </div> <br/> <div class="form-inline"> <h4><label class="control-label" for="password-admin"><?php echo $hesklang['pass']; ?> :</h4><input class="form-control" id="password-admin" type="password" name="pass" size="35" <?php if (in_array('pass', $_SESSION['a_iserror'])) { echo ' class="isError" '; } ?> /> </div> <?php if ($hesk_settings['secimg_use'] == 2) { ?> <br/><br/> <?php // SPAM prevention verified for this session if (isset($_SESSION['img_a_verified'])) { echo '<img src="' . HESK_PATH . 'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> ' . $hesklang['vrfy']; } elseif ($hesk_settings['recaptcha_use'] == 1) { ?> <script type="text/javascript"> var RecaptchaOptions = { theme : '<?php echo isset($_SESSION['a_iserror']) && in_array('mysecnum', $_SESSION['a_iserror']) ? 'red' : 'white'; ?> ', custom_translations : { visual_challenge : "<?php echo hesk_slashJS($hesklang['visual_challenge']); ?> ", audio_challenge : "<?php echo hesk_slashJS($hesklang['audio_challenge']); ?> ", refresh_btn : "<?php echo hesk_slashJS($hesklang['refresh_btn']); ?> ", instructions_visual : "<?php echo hesk_slashJS($hesklang['instructions_visual']); ?> ", instructions_context : "<?php echo hesk_slashJS($hesklang['instructions_context']); ?> ", instructions_audio : "<?php echo hesk_slashJS($hesklang['instructions_audio']); ?> ", help_btn : "<?php echo hesk_slashJS($hesklang['help_btn']); ?> ", play_again : "<?php echo hesk_slashJS($hesklang['play_again']); ?> ", cant_hear_this : "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?> ", incorrect_try_again : "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?> ", image_alt_text : "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?> ", }, }; </script> <?php require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php'; echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true); } elseif ($hesk_settings['recaptcha_use'] == 2) { ?> <div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?> "></div> <?php } else { $cls = in_array('mysecnum', $_SESSION['a_iserror']) ? ' class="isError" ' : ''; echo $hesklang['sec_enter'] . '<br /> <br /><img src="' . HESK_PATH . 'print_sec_img.php?' . rand(10000, 99999) . '" width="150" height="40" alt="' . $hesklang['sec_img'] . '" title="' . $hesklang['sec_img'] . '" border="1" name="secimg" style="vertical-align:text-bottom" /> ' . '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\'' . HESK_PATH . 'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="' . HESK_PATH . 'img/reload.png" height="24" width="24" alt="' . $hesklang['reload'] . '" title="' . $hesklang['reload'] . '" border="0" style="vertical-align:text-bottom" /></a>' . '<br /> <br /><input type="text" name="mysecnum" size="20" maxlength="5" ' . $cls . ' />'; } ?> <br/><br/> <?php } else { ?> <?php } // End if $hesk_settings['secimg_use'] == 2 if ($hesk_settings['autologin']) { ?> <br/> <div class="radios" style="text-align: -webkit-auto; display: inline-block;"> <div class=""> <span> <input type="checkbox" name="remember_user" id="optionsRadios1" value="kot" <?php echo $is_1; ?> checked="checked" /> <?php echo $hesklang['remember_user']; ?> <br /> </span> </div> <div class="radio"> <span> <input type="hidden" name="remember_user" id="optionsRadios2" value="AUTOLOGIN" <?php echo $is_2; ?> checked="checked" /><br /> </span> </div> </div> <?php } else { ?> <label><input type="checkbox" name="remember_user" value="JUSTUSER" class="form-control"<?php echo $is_2; ?> /> <?php echo $hesklang['remember_user']; ?> </label> <?php } // End if $hesk_settings['autologin'] ?> <br/><br/> <button type="submit" class="btn btn-default" id="submit-login"><?php echo $hesklang['click_login']; ?> </button> <input type="hidden" name="a" value="do_login" /> <?php if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) { echo '<input type="hidden" name="goto" value="' . $url . '" />'; } // Do we allow staff password reset? if ($hesk_settings['reset_pass']) { echo '<br /> <br /><div id="forgotpassw"><a href="password.php" class="smaller">' . $hesklang['fpass'] . '</a></div>'; } ?> <br /> </form> </div> </div> <div class="form-inline top-latest-kb-button"> <a href="http://localhost/support/knowledgebase.php#tab_home" target="_blank"><button type="submit" class="btn btn-default" id="top-kb-button" onmouseover="hesk_btn(this,'btn btn-defaultover');" onmouseout="hesk_btn(this,'btn btn-default');">Top Knowledgebase <br/> articles</button></a> <a href="http://localhost/support/knowledgebase.php#tab_profile" target="_blank"><button type="submit" class="btn btn-default" id="latest-kb-button" onmouseover="hesk_btn(this,'btn btn-defaultover');" onmouseout="hesk_btn(this,'btn btn-default');">Latest Knowledgebase <br/> articles</button></a> </div> </div> <div class="col-sm-7 help-staf"><img src="../img/help.jpg" alt="help" /></div> </div> <?php hesk_cleanSessionVars('a_iserror'); require_once HESK_PATH . 'inc/footer.inc.php'; exit; }
function unban_temp_ip() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get the ip $ip = preg_replace('/[^0-9\\.\\-\\/\\*]/', '', hesk_REQUEST('ip')); // Delete from bans hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1"); // Show success hesk_process_messages($hesklang['ip_tempun'], 'banned_ips.php', 'SUCCESS'); }