function hesk_newTicket($ticket)
{
    global $hesk_settings, $hesklang, $hesk_db_link;
    // If language is not set or default, set it to NULL
    $language = !$hesk_settings['can_sel_lang'] || $hesklang['LANGUAGE'] == HESK_DEFAULT_LANGUAGE ? "NULL" : "'" . hesk_dbEscape($hesklang['LANGUAGE']) . "'";
    // Insert ticket into database
    hesk_dbQuery("\n\tINSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets`\n\t(\n\t\t`trackid`,\n\t\t`name`,\n\t\t`email`,\n\t\t`category`,\n\t\t`company_ticket_id`,\n\t\t`contract_ticket_id`,\n\t\t`priority`,\n\t\t`subject`,\n\t\t`message`,\n\t\t`dt`,\n\t\t`lastchange`,\n\t\t`articles`,\n\t\t`ip`,\n\t\t`language`,\n\t\t`openedby`,\n\t\t`owner`,\n\t\t`attachments`,\n\t\t`merged`,\n\t\t`history`,\n\t\t`custom1`,\n\t\t`custom2`,\n\t\t`custom3`,\n\t\t`custom4`,\n\t\t`custom5`,\n\t\t`custom6`,\n\t\t`custom7`,\n\t\t`custom8`,\n\t\t`custom9`,\n\t\t`custom10`,\n\t\t`custom11`,\n\t\t`custom12`,\n\t\t`custom13`,\n\t\t`custom14`,\n\t\t`custom15`,\n\t\t`custom16`,\n\t\t`custom17`,\n\t\t`custom18`,\n\t\t`custom19`,\n\t\t`custom20`\n\t)\n\tVALUES\n\t(\n\t\t'" . hesk_dbEscape($ticket['trackid']) . "',\n\t\t'" . hesk_dbEscape($ticket['name']) . "',\n\t\t'" . hesk_dbEscape($ticket['email']) . "',\n\t\t'" . intval($ticket['category']) . "',\n\t\t'" . hesk_dbEscape($ticket['company_ticket_id']) . "',\n\t\t'" . hesk_dbEscape($ticket['contract_ticket_id']) . "',\n\t\t'" . intval($ticket['priority']) . "',\n\t\t'" . hesk_dbEscape($ticket['subject']) . "',\n\t\t'" . hesk_dbEscape($ticket['message']) . "',\n\t\tNOW(),\n\t\tNOW(),\n\t\t" . (isset($ticket['articles']) ? "'{$ticket['articles']}'" : 'NULL') . ",\n\t\t'" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "',\n\t\t{$language},\n\t\t'" . (isset($ticket['openedby']) ? intval($ticket['openedby']) : 0) . "',\n\t\t'" . intval($ticket['owner']) . "',\n\t\t'" . hesk_dbEscape($ticket['attachments']) . "',\n\t\t'',\n\t\t'" . hesk_dbEscape($ticket['history']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom1']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom2']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom3']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom4']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom5']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom6']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom7']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom8']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom9']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom10']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom11']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom12']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom13']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom14']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom15']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom16']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom17']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom18']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom19']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom20']) . "'\n\t)\n\t");
    // Generate the array with ticket info that can be used in emails
    $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => 0, 'name' => $ticket['name'], 'lastreplier' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date(), 'lastchange' => hesk_date(), 'id' => hesk_dbInsertID());
    // Add custom fields to the array
    foreach ($hesk_settings['custom_fields'] as $k => $v) {
        $info[$k] = $v['use'] ? $ticket[$k] : '';
    }
    return hesk_ticketToPlain($info, 1);
}
function hesk_newTicket($ticket, $isVerified = true)
{
    global $hesk_settings, $hesklang, $hesk_db_link;
    // If language is not set or default, set it to NULL.
    if (!isset($ticket['language']) || empty($ticket['language'])) {
        $language = !$hesk_settings['can_sel_lang'] ? HESK_DEFAULT_LANGUAGE : hesk_dbEscape($hesklang['LANGUAGE']);
    } else {
        $language = $ticket['language'];
    }
    // Get the default ticket status for new tickets and set it accordingly
    $defaultNewTicketRs = hesk_dbQuery("SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsNewTicketStatus` = 1");
    $defaultNewTicket = hesk_dbFetchAssoc($defaultNewTicketRs);
    $ticket['status'] = $defaultNewTicket['ID'];
    $tableName = $isVerified ? 'tickets' : 'stage_tickets';
    // Insert ticket into database
    hesk_dbQuery("\n\tINSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . $tableName . "`\n\t(\n\t\t`trackid`,\n\t\t`name`,\n\t\t`email`,\n\t\t`category`,\n\t\t`priority`,\n\t\t`subject`,\n\t\t`message`,\n\t\t`dt`,\n\t\t`lastchange`,\n\t\t`articles`,\n\t\t`ip`,\n\t\t`language`,\n\t\t`openedby`,\n\t\t`owner`,\n\t\t`attachments`,\n\t\t`merged`,\n\t\t`history`,\n\t\t`custom1`,\n\t\t`custom2`,\n\t\t`custom3`,\n\t\t`custom4`,\n\t\t`custom5`,\n\t\t`custom6`,\n\t\t`custom7`,\n\t\t`custom8`,\n\t\t`custom9`,\n\t\t`custom10`,\n\t\t`custom11`,\n\t\t`custom12`,\n\t\t`custom13`,\n\t\t`custom14`,\n\t\t`custom15`,\n\t\t`custom16`,\n\t\t`custom17`,\n\t\t`custom18`,\n\t\t`custom19`,\n\t\t`custom20`,\n\t\t`status`,\n\t\t`latitude`,\n\t\t`longitude`\n\t)\n\tVALUES\n\t(\n\t\t'" . hesk_dbEscape($ticket['trackid']) . "',\n\t\t'" . hesk_dbEscape($ticket['name']) . "',\n\t\t'" . hesk_dbEscape($ticket['email']) . "',\n\t\t'" . intval($ticket['category']) . "',\n\t\t'" . intval($ticket['priority']) . "',\n\t\t'" . hesk_dbEscape($ticket['subject']) . "',\n\t\t'" . hesk_dbEscape($ticket['message']) . "',\n\t\tNOW(),\n\t\tNOW(),\n\t\t" . (isset($ticket['articles']) ? "'{$ticket['articles']}'" : 'NULL') . ",\n\t\t'" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "',\n\t\t'" . hesk_dbEscape($language) . "',\n\t\t'" . (isset($ticket['openedby']) ? intval($ticket['openedby']) : 0) . "',\n\t\t'" . intval($ticket['owner']) . "',\n\t\t'" . hesk_dbEscape($ticket['attachments']) . "',\n\t\t'',\n\t\t'" . hesk_dbEscape($ticket['history']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom1']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom2']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom3']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom4']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom5']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom6']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom7']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom8']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom9']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom10']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom11']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom12']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom13']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom14']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom15']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom16']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom17']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom18']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom19']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom20']) . "',\n\t\t'" . intval($ticket['status']) . "',\n\t\t'" . hesk_dbEscape($ticket['latitude']) . "',\n\t\t'" . hesk_dbEscape($ticket['longitude']) . "'\n\t)\n\t");
    // Generate the array with ticket info that can be used in emails
    $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date(), 'lastchange' => hesk_date(), 'id' => hesk_dbInsertID(), 'language' => $language);
    // Add custom fields to the array
    foreach ($hesk_settings['custom_fields'] as $k => $v) {
        $info[$k] = $v['use'] ? $ticket[$k] : '';
    }
    return hesk_ticketToPlain($info, 1);
}
Exemple #3
0
function new_sm()
{
    global $hesk_settings, $hesklang, $listBox;
    global $hesk_error_buffer;
    // A security check
    # hesk_token_check('POST');
    $hesk_error_buffer = array();
    $style = intval(hesk_POST('style', 0));
    if ($style > 4 || $style < 0) {
        $style = 0;
    }
    $type = empty($_POST['type']) ? 0 : 1;
    $title = hesk_input(hesk_POST('title')) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
    $message = hesk_getHTML(hesk_POST('message'));
    // Any errors?
    if (count($hesk_error_buffer)) {
        $_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => hesk_input(hesk_POST('message')));
        $tmp = '';
        foreach ($hesk_error_buffer as $error) {
            $tmp .= "<li>{$error}</li>\n";
        }
        $hesk_error_buffer = $tmp;
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'service_messages.php');
    }
    // Just preview the message?
    if (isset($_POST['sm_preview'])) {
        $_SESSION['preview_sm'] = true;
        $_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => $message);
        header('Location: service_messages.php');
        exit;
    }
    // Get the latest service message order
    $res = hesk_dbQuery("SELECT `order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` ORDER BY `order` DESC LIMIT 1");
    $row = hesk_dbFetchRow($res);
    $my_order = intval($row[0]) + 10;
    // Insert service message into database
    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` (`author`,`title`,`message`,`style`,`type`,`order`) VALUES (\n    '" . intval($_SESSION['id']) . "',\n    '" . hesk_dbEscape($title) . "',\n    '" . hesk_dbEscape($message) . "',\n    '{$style}',\n    '{$type}',\n    '{$my_order}'\n    )");
    $_SESSION['smord'] = hesk_dbInsertID();
    hesk_process_messages($hesklang['sm_added'], 'service_messages.php', 'SUCCESS');
}
$res = hesk_dbQuery("SELECT `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='{$ticket['id']}' AND `dt` > DATE_SUB(NOW(), INTERVAL 10 MINUTE) ORDER BY `id` ASC");
if (hesk_dbNumRows($res) > 0) {
    $sequential_customer_replies = 0;
    while ($tmp = hesk_dbFetchAssoc($res)) {
        $sequential_customer_replies = $tmp['staffid'] ? 0 : $sequential_customer_replies + 1;
    }
    if ($sequential_customer_replies > 10) {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` (`ip`, `number`) VALUES ('" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "', " . intval($hesk_settings['attempt_limit'] + 1) . ")");
        hesk_error(sprintf($hesklang['yhbr'], $hesk_settings['attempt_banmin']), 0);
    }
}
/* Insert attachments */
if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
    foreach ($attachments as $myatt) {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('{$trackingID}','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
        $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
    }
}
// If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff"
$ticket['status'] = $ticket['status'] ? 1 : 0;
/* Update ticket as necessary */
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}' LIMIT 1");
if (isset($_SESSION['id']['user'])) {
    $name = $_SESSION['id']['user'];
} else {
    $name = $ticket['name'];
}
// Insert reply into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ({$ticket['id']},'" . hesk_dbEscape($name) . "','" . hesk_dbEscape($message) . "',NOW(),'" . hesk_dbEscape($myattachments) . "')");
/*** Need to notify any staff? ***/
// --> Prepare reply message
function new_cat()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    /* Options */
    $_SESSION['cat_autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
    $_SESSION['cat_type'] = hesk_POST('type') == 'Y' ? 1 : 0;
    // Default priority
    $_SESSION['cat_priority'] = intval(hesk_POST('priority', 3));
    if ($_SESSION['cat_priority'] < 0 || $_SESSION['cat_priority'] > 3) {
        $_SESSION['cat_priority'] = 3;
    }
    /* Category name */
    $catname = hesk_input(hesk_POST('name'), $hesklang['enter_cat_name'], 'manage_categories.php');
    /* Do we already have a category with this name? */
    $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `name` LIKE '" . hesk_dbEscape(hesk_dbLike($catname)) . "' LIMIT 1");
    if (hesk_dbNumRows($res) != 0) {
        $_SESSION['catname'] = $catname;
        hesk_process_messages($hesklang['cndupl'], 'manage_categories.php');
    }
    /* Get the latest cat_order */
    $res = hesk_dbQuery("SELECT `cat_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ORDER BY `cat_order` DESC LIMIT 1");
    $row = hesk_dbFetchRow($res);
    $my_order = $row[0] + 10;
    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` (`name`,`cat_order`,`autoassign`,`type`, `priority`) VALUES ('" . hesk_dbEscape($catname) . "','" . intval($my_order) . "','" . intval($_SESSION['cat_autoassign']) . "','" . intval($_SESSION['cat_type']) . "','{$_SESSION['cat_priority']}')");
    hesk_cleanSessionVars('catname');
    hesk_cleanSessionVars('cat_autoassign');
    hesk_cleanSessionVars('cat_type');
    hesk_cleanSessionVars('cat_priority');
    $_SESSION['selcat2'] = hesk_dbInsertID();
    hesk_process_messages(sprintf($hesklang['cat_name_added'], '<i>' . stripslashes($catname) . '</i>'), 'manage_categories.php', 'SUCCESS');
}
Exemple #6
0
function mail_send()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    $hesk_error_buffer = '';
    /* Recipient */
    $_SESSION['mail']['to'] = intval(hesk_POST('to'));
    /* Valid recipient? */
    if (empty($_SESSION['mail']['to'])) {
        $hesk_error_buffer .= '<li>' . $hesklang['m_rec'] . '</li>';
    } elseif ($_SESSION['mail']['to'] == $_SESSION['id']) {
        $hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>';
    } else {
        $res = hesk_dbQuery("SELECT `name`,`email`,`notify_pm` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($_SESSION['mail']['to']) . "' LIMIT 1");
        $num = hesk_dbNumRows($res);
        if (!$num) {
            $hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>';
        } else {
            $pm_recipient = hesk_dbFetchAssoc($res);
        }
    }
    /* Subject */
    $_SESSION['mail']['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer .= '<li>' . $hesklang['m_esu'] . '</li>';
    /* Message */
    $_SESSION['mail']['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_message'] . '</li>';
    /* Any errors? */
    if (strlen($hesk_error_buffer)) {
        $_SESSION['hide']['list'] = 1;
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
    } else {
        $_SESSION['mail']['message'] = hesk_makeURL($_SESSION['mail']['message']);
        $_SESSION['mail']['message'] = nl2br($_SESSION['mail']['message']);
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`from`,`to`,`subject`,`message`,`dt`,`read`) VALUES ('" . intval($_SESSION['id']) . "','" . intval($_SESSION['mail']['to']) . "','" . hesk_dbEscape($_SESSION['mail']['subject']) . "','" . hesk_dbEscape($_SESSION['mail']['message']) . "',NOW(),'0')");
        /* Notify receiver via e-mail? */
        if (isset($pm_recipient) && $pm_recipient['notify_pm']) {
            $pm_id = hesk_dbInsertID();
            $pm = array('name' => hesk_msgToPlain(addslashes($_SESSION['name']), 1, 1), 'subject' => hesk_msgToPlain($_SESSION['mail']['subject'], 1, 1), 'message' => hesk_msgToPlain($_SESSION['mail']['message'], 1, 1), 'id' => $pm_id);
            /* Format email subject and message for recipient */
            $subject = hesk_getEmailSubject('new_pm', $pm, 0);
            $message = hesk_getEmailMessage('new_pm', $pm, 1, 0);
            /* Send e-mail */
            hesk_mail($pm_recipient['email'], $subject, $message);
        }
        unset($_SESSION['mail']);
        hesk_process_messages($hesklang['m_pms'], './mail.php', 'SUCCESS');
    }
}
function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority = -1)
{
    global $hesk_settings, $hesklang, $hesk_db_link, $ticket;
    // Process "Reply-To:" or "From:" email
    $tmpvar['email'] = isset($results['reply-to'][0]['address']) ? hesk_validateEmail($results['reply-to'][0]['address'], 'ERR', 0) : hesk_validateEmail($results['from'][0]['address'], 'ERR', 0);
    // Email missing, invalid or banned?
    if (!$tmpvar['email'] || hesk_isBannedEmail($tmpvar['email'])) {
        return hesk_cleanExit();
    }
    // Process "Reply-To:" or "From:" name, convert to UTF-8, set to "[Customer]" if not set
    if (isset($results['reply-to'][0]['name']) && strlen($results['reply-to'][0]['name'])) {
        $tmpvar['name'] = $results['reply-to'][0]['name'];
        if (!empty($results['reply-to'][0]['encoding'])) {
            $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['reply-to'][0]['encoding']);
        }
    } else {
        $tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde'];
        if (!empty($results['from'][0]['encoding'])) {
            $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']);
        }
    }
    $tmpvar['name'] = hesk_input($tmpvar['name'], '', '', 1, 50) or $tmpvar['name'] = $hesklang['pde'];
    // Process "To:" email (not yet implemented, for future use)
    // $tmpvar['to_email']	= hesk_validateEmail($results['to'][0]['address'],'ERR',0);
    // Process email subject, convert to UTF-8, set to "[Piped email]" if none set
    $tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem'];
    if (!empty($results['subject_encoding'])) {
        $tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']);
    }
    $tmpvar['subject'] = hesk_input($tmpvar['subject'], '', '', 1, 70) or $tmpvar['subject'] = $hesklang['pem'];
    // Process email message, convert to UTF-8
    $tmpvar['message'] = isset($results['message']) ? $results['message'] : '';
    if (!empty($results['encoding'])) {
        $tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']);
    }
    $tmpvar['message'] = hesk_input($tmpvar['message'], '', '', 1);
    // Message missing?
    if (strlen($tmpvar['message']) == 0) {
        // Message required? Ignore this email.
        if ($hesk_settings['eml_req_msg']) {
            return hesk_cleanExit();
        }
        // Message not required? Assign a default message
        $tmpvar['message'] = $hesklang['def_msg'];
        // Track duplicate emails based on subject
        $message_hash = md5($tmpvar['subject']);
    } else {
        $message_hash = md5($tmpvar['message']);
    }
    // Strip quoted reply from email
    $tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']);
    // Convert URLs to links, change newlines to <br />
    $tmpvar['message'] = hesk_makeURL($tmpvar['message']);
    $tmpvar['message'] = nl2br($tmpvar['message']);
    # For debugging purposes
    # die( bin2hex($tmpvar['message']) );
    # die($tmpvar['message']);
    // Try to detect "delivery failed" and "noreply" emails - ignore if detected
    if (hesk_isReturnedEmail($tmpvar)) {
        return hesk_cleanExit();
    }
    // Check for email loops
    if (hesk_isEmailLoop($tmpvar['email'], $message_hash)) {
        return hesk_cleanExit();
    }
    // OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket
    if (preg_match('/\\[#([A-Z0-9]{3}\\-[A-Z0-9]{3}\\-[A-Z0-9]{4})\\]/', str_replace(' ', '', $tmpvar['subject']), $matches)) {
        // We found a possible tracking ID
        $tmpvar['trackid'] = $matches[1];
        // Does it match one in the database?
        $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($tmpvar['trackid']) . "' LIMIT 1");
        if (hesk_dbNumRows($res)) {
            $ticket = hesk_dbFetchAssoc($res);
            // Do email addresses match?
            if (strpos(strtolower($ticket['email']), strtolower($tmpvar['email'])) === false) {
                $tmpvar['trackid'] = '';
            }
            // Is this ticket locked? Force create a new one if it is
            if ($ticket['locked']) {
                $tmpvar['trackid'] = '';
            }
        } else {
            $tmpvar['trackid'] = '';
        }
    }
    // If tracking ID is empty, generate a new one
    if (empty($tmpvar['trackid'])) {
        $tmpvar['trackid'] = hesk_createID();
        $is_reply = 0;
    } else {
        $is_reply = 1;
    }
    // Process attachments
    $tmpvar['attachmment_notices'] = '';
    $tmpvar['attachments'] = '';
    $num = 0;
    if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) {
        foreach ($results['attachments'] as $k => $v) {
            // Clean attachment names
            $myatt['real_name'] = hesk_cleanFileName($v['orig_name']);
            // Check number of attachments, delete any over max number
            if ($num >= $hesk_settings['attachments']['max_number']) {
                $tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n";
                continue;
            }
            // Check file extension
            $ext = strtolower(strrchr($myatt['real_name'], "."));
            if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) {
                $tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n";
                continue;
            }
            // Check file size
            $myatt['size'] = $v['size'];
            if ($myatt['size'] > $hesk_settings['attachments']['max_size']) {
                $tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n";
                continue;
            }
            // Generate a random file name
            $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789';
            $tmp = $useChars[mt_rand(0, 29)];
            for ($j = 1; $j < 10; $j++) {
                $tmp .= $useChars[mt_rand(0, 29)];
            }
            $myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext;
            // Rename the temporary file
            rename($v['stored_name'], HESK_PATH . $hesk_settings['attach_dir'] . '/' . $myatt['saved_name']);
            // Insert into database
            hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
            $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
            $num++;
        }
        if (strlen($tmpvar['attachmment_notices'])) {
            $tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'], '', '', 1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'], '', '', 1));
        }
    }
    // Delete the temporary files
    deleteAll($results['tempdir']);
    // If this is a reply add a new reply
    if ($is_reply) {
        // Set last replier name to customer name
        $ticket['lastreplier'] = $tmpvar['name'] == $hesklang['pde'] ? $tmpvar['email'] : $tmpvar['name'];
        // If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff"
        $ticket['status'] = $ticket['status'] ? 1 : 0;
        // Update ticket as necessary
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
        // If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened)
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' ");
        // Insert reply into database
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($ticket['lastreplier']) . "','" . hesk_dbEscape($tmpvar['message']) . "',NOW(),'" . hesk_dbEscape($tmpvar['attachments']) . "')");
        // --> Prepare reply message
        // 1. Generate the array with ticket info that can be used in emails
        $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($tmpvar['message']), 'attachments' => $tmpvar['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']);
        // 2. Add custom fields to the array
        foreach ($hesk_settings['custom_fields'] as $k => $v) {
            $info[$k] = $v['use'] ? $ticket[$k] : '';
        }
        // 3. Make sure all values are properly formatted for email
        $ticket = hesk_ticketToPlain($info, 1, 0);
        // --> Process custom fields before sending
        foreach ($hesk_settings['custom_fields'] as $k => $v) {
            $ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : '';
        }
        // --> If ticket is assigned just notify the owner
        if ($ticket['owner']) {
            hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
        } else {
            hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'");
        }
        return $ticket['trackid'];
    }
    // END REPLY
    // Not a reply, but a new ticket. Add it to the database
    $tmpvar['category'] = $set_category;
    $tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority;
    $_SERVER['REMOTE_ADDR'] = $hesklang['unknown'];
    // Auto assign tickets if aplicable
    $tmpvar['owner'] = 0;
    $tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date());
    $tmpvar['openedby'] = $pop3 ? -2 : -1;
    $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
    #print_r($autoassign_owner);
    if ($autoassign_owner) {
        $tmpvar['owner'] = $autoassign_owner['id'];
        $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
    }
    // Custom fields will be empty as there is no reliable way of detecting them
    foreach ($hesk_settings['custom_fields'] as $k => $v) {
        $tmpvar[$k] = '';
    }
    // Insert ticket to database
    $ticket = hesk_newTicket($tmpvar);
    // Notify the customer
    if ($hesk_settings['notify_new']) {
        $possible_SPAM = false;
        // Do we need to check subject for SPAM tags?
        if ($hesk_settings['notify_skip_spam']) {
            foreach ($hesk_settings['notify_spam_tags'] as $tag) {
                if (strpos($tmpvar['subject'], $tag) !== false) {
                    $possible_SPAM = true;
                    break;
                }
            }
        }
        // SPAM tags not found or not checked, send email
        if ($possible_SPAM === false) {
            hesk_notifyCustomer();
        }
    }
    // Need to notify staff?
    // --> From autoassign?
    if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) {
        hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
    } elseif (!$tmpvar['owner']) {
        hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' ");
    }
    return $ticket['trackid'];
}
    $tmpvar['articles'] = implode(',', array_unique(array_map('intval', $_POST['suggested'])));
}
// All good now, continue with ticket creation
$tmpvar['owner'] = 0;
$tmpvar['history'] = sprintf($hesklang['thist15'], hesk_date(), $tmpvar['name']);
// Auto assign tickets if aplicable
$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
if ($autoassign_owner) {
    $tmpvar['owner'] = $autoassign_owner['id'];
    $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
}
// Insert attachments
if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
    foreach ($attachments as $myatt) {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
        $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
    }
}
// Insert ticket to database
$ticket = hesk_newTicket($tmpvar);
//insert to ERP
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
include 'oe_api.php';
$valid_services = array("SCA" => "project.issue");
//klasat e ERP  me te cilat do te punojme
$params = array();
$params['name'] = hesk_POST('subject');
$params['description'] = hesk_POST('message');
$params['email_from'] = hesk_POST('email');
$params['priority'] = hesk_POST('priority');
$params['categ_id'] = hesk_POST('category');
function new_article()
{
    global $hesk_settings, $hesklang, $listBox;
    global $hesk_error_buffer;
    /* A security check */
    # hesk_token_check('POST');
    $_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1);
    $hesk_error_buffer = array();
    $catid = intval(hesk_POST('catid', 1));
    $type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1);
    $html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1);
    $now = hesk_date();
    // Prevent submitting duplicate articles by reloading manage_knowledgebase.php page
    if (isset($_SESSION['article_submitted'])) {
        header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid);
        exit;
    }
    $_SESSION['KB_CATEGORY'] = $catid;
    $subject = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['kb_e_subj'];
    if ($html) {
        if (empty($_POST['content'])) {
            $hesk_error_buffer[] = $hesklang['kb_e_cont'];
        }
        $content = hesk_getHTML(hesk_POST('content'));
    } else {
        $content = hesk_input(hesk_POST('content')) or $hesk_error_buffer[] = $hesklang['kb_e_cont'];
        $content = nl2br($content);
        $content = hesk_makeURL($content);
    }
    $sticky = isset($_POST['sticky']) ? 1 : 0;
    $keywords = hesk_input(hesk_POST('keywords'));
    /* Article attachments */
    define('KB', 1);
    require_once HESK_PATH . 'inc/posting_functions.inc.php';
    require_once HESK_PATH . 'inc/attachments.inc.php';
    $attachments = array();
    for ($i = 1; $i <= 3; $i++) {
        $att = hesk_uploadFile($i);
        if (!empty($att)) {
            $attachments[$i] = $att;
        }
    }
    $myattachments = '';
    /* Any errors? */
    if (count($hesk_error_buffer)) {
        // Remove any successfully uploaded attachments
        if ($hesk_settings['attachments']['use']) {
            hesk_removeAttachments($attachments);
        }
        $_SESSION['new_article'] = array('type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input(hesk_POST('content')), 'keywords' => $keywords, 'sticky' => $sticky);
        $tmp = '';
        foreach ($hesk_error_buffer as $error) {
            $tmp .= "<li>{$error}</li>\n";
        }
        $hesk_error_buffer = $tmp;
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'manage_knowledgebase.php');
    }
    $revision = sprintf($hesklang['revision1'], $now, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    /* Add to database */
    if (!empty($attachments)) {
        foreach ($attachments as $myatt) {
            hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
            $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
        }
    }
    /* Get the latest reply_order */
    $res = hesk_dbQuery("SELECT `art_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1");
    $row = hesk_dbFetchRow($res);
    $my_order = $row[0] + 10;
    /* Insert article into database */
    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES (\n    '" . intval($catid) . "',\n    NOW(),\n    '" . intval($_SESSION['id']) . "',\n    '" . hesk_dbEscape($subject) . "',\n    '" . hesk_dbEscape($content) . "',\n    '" . hesk_dbEscape($keywords) . "',\n    '" . intval($type) . "',\n    '" . intval($html) . "',\n    '" . intval($sticky) . "',\n    '" . intval($my_order) . "',\n    '" . hesk_dbEscape($revision) . "',\n    '" . hesk_dbEscape($myattachments) . "'\n    )");
    $_SESSION['artord'] = hesk_dbInsertID();
    // Update category article count
    if ($type == 0) {
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=`articles`+1 WHERE `id`='" . intval($catid) . "'");
    } else {
        if ($type == 1) {
            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='" . intval($catid) . "'");
        } else {
            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='" . intval($catid) . "'");
        }
    }
    unset($_SESSION['hide']);
    $_SESSION['article_submitted'] = 1;
    hesk_process_messages($hesklang['your_kb_added'], 'NOREDIRECT', 'SUCCESS');
    $_GET['catid'] = $catid;
    manage_category();
}
Exemple #10
0
function hesk_iUpdateTables()
{
    global $hesk_settings, $hesklang;
    $update_all_next = 0;
    // Updating version 0.90 to 0.91
    if ($hesk_settings['update_from'] == '0.90') {
        hesk_dbQuery("ALTER TABLE `hesk_users` ADD `notify` CHAR( 1 ) DEFAULT '1' NOT NULL");
        $update_all_next = 1;
    }
    // END version 0.90 to 0.91
    // Updating versions 0.91 through 0.93.1 to 0.94
    if ($update_all_next || $hesk_settings['update_from'] == '0.91-0.93.1') {
        hesk_dbQuery("CREATE TABLE `hesk_attachments` (\r\n\t\t  `att_id` mediumint(8) unsigned NOT NULL auto_increment,\r\n\t\t  `ticket_id` varchar(10) NOT NULL default '',\r\n\t\t  `saved_name` varchar(255) NOT NULL default '',\r\n\t\t  `real_name` varchar(255) NOT NULL default '',\r\n\t\t  `size` int(10) unsigned NOT NULL default '0',\r\n\t\t  PRIMARY KEY  (`att_id`),\r\n\t\t  KEY `ticket_id` (`ticket_id`)\r\n\t\t) ENGINE=MyISAM");
        hesk_dbQuery("CREATE TABLE `hesk_std_replies` (\r\n\t\t`id` smallint(5) unsigned NOT NULL auto_increment,\r\n\t\t`title` varchar(70) NOT NULL default '',\r\n\t\t`message` text NOT NULL,\r\n\t\t`reply_order` smallint(5) unsigned NOT NULL default '0',\r\n\t\tPRIMARY KEY  (`id`)\r\n\t\t) ENGINE=MyISAM");
        hesk_dbQuery("ALTER TABLE `hesk_categories`\r\n\t\tCHANGE `name` `name` varchar(60) NOT NULL default '',\r\n\t\tADD `cat_order` smallint(5) unsigned NOT NULL default '0'");
        hesk_dbQuery("ALTER TABLE `hesk_replies`\r\n\t\tCHANGE `name` `name` varchar(50) NOT NULL default '',\r\n\t\tADD `attachments` TEXT");
        hesk_dbQuery("ALTER TABLE `hesk_tickets`\r\n\t\tCHANGE `name` `name` varchar(50) NOT NULL default '',\r\n\t\tCHANGE `category` `category` SMALLINT(5) UNSIGNED NOT NULL DEFAULT '1',\r\n\t\tCHANGE `priority` `priority` enum('1','2','3') NOT NULL default '3',\r\n\t\tCHANGE `subject` `subject` varchar(70) NOT NULL default '',\r\n\t\tADD `lastchange` datetime NOT NULL default '0000-00-00 00:00:00' AFTER `dt`,\r\n\t\tCHANGE `status` `status` enum('0','1','2','3') default '1',\r\n\t\tADD `lastreplier` enum('0','1') NOT NULL default '0',\r\n\t\tADD `archive` enum('0','1') NOT NULL default '0',\r\n\t\tADD `attachments` text,\r\n\t\tADD `custom1` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD `custom2` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD `custom3` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD `custom4` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD `custom5` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD INDEX `archive` ( `archive` )");
        // Change status of closed tickets to the new "Resolved" status
        hesk_dbQuery("UPDATE `hesk_tickets` SET `status`='3' WHERE `status`='0'");
        // Populate lastchange
        hesk_dbQuery("UPDATE `hesk_tickets` SET `lastchange`=`dt`");
        // Update categories with order values
        $res = hesk_dbQuery("SELECT `id` FROM `hesk_categories`");
        $i = 10;
        while ($mycat = hesk_dbFetchAssoc($res)) {
            hesk_dbQuery("UPDATE `hesk_categories` SET `cat_order`={$i} WHERE `id`=" . intval($mycat['id']) . " LIMIT 1");
            $i += 10;
        }
        $update_all_next = 1;
    }
    // END versions 0.91 through 0.93.1 to 0.94
    // Updating version 0.94 to 0.94.1
    if ($hesk_settings['update_from'] == '0.94') {
        hesk_dbQuery("CREATE TABLE `hesk_attachments` (\r\n\t\t  `att_id` mediumint(8) unsigned NOT NULL auto_increment,\r\n\t\t  `ticket_id` varchar(10) NOT NULL default '',\r\n\t\t  `saved_name` varchar(255) NOT NULL default '',\r\n\t\t  `real_name` varchar(255) NOT NULL default '',\r\n\t\t  `size` int(10) unsigned NOT NULL default '0',\r\n\t\t  PRIMARY KEY  (`att_id`),\r\n\t\t  KEY `ticket_id` (`ticket_id`)\r\n\t\t) ENGINE=MyISAM");
        if ($hesk_settings['attachments']['use']) {
            /* Update attachments for tickets */
            $res = hesk_dbQuery("SELECT * FROM `hesk_tickets` WHERE `attachments` != '' ");
            while ($ticket = hesk_dbFetchAssoc($res)) {
                $att = explode('#####', substr($ticket['attachments'], 0, -5));
                $myattachments = '';
                foreach ($att as $myatt) {
                    $name = substr(strstr($myatt, $ticket['trackid']), 16);
                    $saved_name = strstr($myatt, $ticket['trackid']);
                    $size = filesize($hesk_settings['server_path'] . '/attachments/' . $saved_name);
                    hesk_dbQuery("INSERT INTO `hesk_attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($ticket['trackid']) . "', '" . hesk_dbEscape($saved_name) . "', '" . hesk_dbEscape($name) . "', '" . intval($size) . "')");
                    $myattachments .= hesk_dbInsertID() . '#' . $name . ',';
                }
                hesk_dbQuery("UPDATE `hesk_tickets` SET `attachments` = '" . hesk_dbEscape($myattachments) . "' WHERE `id` = " . intval($ticket['id']) . " LIMIT 1");
            }
            // Update attachments for replies
            $res = hesk_dbQuery("SELECT * FROM `hesk_replies` WHERE `attachments` != '' ");
            while ($ticket = hesk_dbFetchAssoc($res)) {
                $res2 = hesk_dbQuery("SELECT `trackid` FROM `hesk_tickets` WHERE `id` = '" . intval($ticket['replyto']) . "' LIMIT 1");
                $trackingID = hesk_dbResult($res2, 0, 0);
                $att = explode('#####', substr($ticket['attachments'], 0, -5));
                $myattachments = '';
                foreach ($att as $myatt) {
                    $name = substr(strstr($myatt, $trackingID), 16);
                    $saved_name = strstr($myatt, $trackingID);
                    $size = filesize($hesk_settings['server_path'] . '/attachments/' . $saved_name);
                    hesk_dbQuery("INSERT INTO `hesk_attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($trackingID) . "', '" . hesk_dbEscape($saved_name) . "', '" . hesk_dbEscape($name) . "', '" . intval($size) . "')");
                    $myattachments .= hesk_dbInsertID() . '#' . $name . ',';
                }
                hesk_dbQuery("UPDATE `hesk_replies` SET `attachments` = '" . hesk_dbEscape($myattachments) . "' WHERE `id` = " . intval($ticket['id']) . " LIMIT 1");
            }
        }
        // END if attachments use
        $update_all_next = 1;
    }
    // END version 0.94 to 0.94.1
    // Updating version 0.94.1 to 2.0
    if ($update_all_next || $hesk_settings['update_from'] == '0.94.1') {
        hesk_dbQuery("CREATE TABLE `hesk_kb_articles` (\r\n\t\t  `id` smallint(5) unsigned NOT NULL auto_increment,\r\n\t\t  `catid` smallint(5) unsigned NOT NULL default '0',\r\n\t\t  `dt` timestamp NOT NULL default CURRENT_TIMESTAMP,\r\n\t\t  `author` smallint(5) unsigned NOT NULL default '0',\r\n\t\t  `subject` varchar(255) NOT NULL default '',\r\n\t\t  `content` text NOT NULL,\r\n\t\t  `rating` float NOT NULL default '0',\r\n\t\t  `votes` mediumint(8) unsigned NOT NULL default '0',\r\n\t\t  `views` mediumint(8) unsigned NOT NULL default '0',\r\n\t\t  `type` enum('0','1','2') NOT NULL default '0',\r\n\t\t  `html` enum('0','1') NOT NULL default '0',\r\n\t\t  `art_order` smallint(5) unsigned NOT NULL default '0',\r\n\t\t  `history` text NOT NULL,\r\n\t\t  PRIMARY KEY  (`id`),\r\n\t\t  KEY `catid` (`catid`),\r\n\t\t  KEY `type` (`type`),\r\n\t\t  FULLTEXT KEY `subject` (`subject`,`content`)\r\n\t\t) ENGINE=MyISAM");
        hesk_dbQuery("CREATE TABLE `hesk_kb_categories` (\r\n\t\t  `id` smallint(5) unsigned NOT NULL auto_increment,\r\n\t\t  `name` varchar(255) NOT NULL default '',\r\n\t\t  `parent` smallint(5) unsigned NOT NULL default '0',\r\n\t\t  `articles` smallint(5) unsigned NOT NULL default '0',\r\n\t\t  `cat_order` smallint(5) unsigned NOT NULL default '0',\r\n\t\t  `type` enum('0','1') NOT NULL default '0',\r\n\t\t  PRIMARY KEY  (`id`),\r\n\t\t  KEY `type` (`type`)\r\n\t\t) ENGINE=MyISAM");
        hesk_dbQuery("INSERT INTO `hesk_kb_categories` VALUES (1, 'Knowledgebase', 0, 0, 10, '0')");
        hesk_dbQuery("CREATE TABLE `hesk_notes` (\r\n\t\t  `id` mediumint(8) unsigned NOT NULL auto_increment,\r\n\t\t  `ticket` mediumint(8) unsigned NOT NULL default '0',\r\n\t\t  `who` smallint(5) unsigned NOT NULL default '0',\r\n\t\t  `dt` datetime NOT NULL default '0000-00-00 00:00:00',\r\n\t\t  `message` text NOT NULL,\r\n\t\t  PRIMARY KEY  (`id`),\r\n\t\t  KEY `ticketid` (`ticket`)\r\n\t\t) ENGINE=MyISAM");
        $sql = array();
        $sql[] = "ALTER TABLE `hesk_replies` ADD `staffid` SMALLINT UNSIGNED NOT NULL DEFAULT '0'";
        $sql[] = "ALTER TABLE `hesk_replies` ADD `rating` ENUM( '1', '5' ) default NULL";
        $sql[] = "ALTER TABLE `hesk_tickets` ADD INDEX `categories` ( `category` )";
        $sql[] = "ALTER TABLE `hesk_tickets` ADD INDEX `statuses` ( `status` ) ";
        $sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom1` `custom1` text NOT NULL";
        $sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom2` `custom2` text NOT NULL";
        $sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom3` `custom3` text NOT NULL";
        $sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom4` `custom4` text NOT NULL";
        $sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom5` `custom5` text NOT NULL";
        $sql[] = "ALTER TABLE `hesk_tickets` ADD `custom6` text NOT NULL";
        $sql[] = "ALTER TABLE `hesk_tickets` ADD `custom7` text NOT NULL";
        $sql[] = "ALTER TABLE `hesk_tickets` ADD `custom8` text NOT NULL";
        $sql[] = "ALTER TABLE `hesk_tickets` ADD `custom9` text NOT NULL";
        $sql[] = "ALTER TABLE `hesk_tickets` ADD `custom10` text NOT NULL";
        $sql[] = "ALTER TABLE `hesk_users` CHANGE `pass` `pass` CHAR( 40 ) NOT NULL";
        $sql[] = "ALTER TABLE `hesk_users` CHANGE `isadmin` `isadmin` ENUM( '0', '1' ) NOT NULL DEFAULT '0'";
        $sql[] = "ALTER TABLE `hesk_users` CHANGE `notify` `notify` ENUM( '0', '1' ) NOT NULL DEFAULT '1'";
        $sql[] = "ALTER TABLE `hesk_users` ADD `heskprivileges` VARCHAR( 255 ) NOT NULL";
        $sql[] = "ALTER TABLE `hesk_users` ADD `ratingneg` mediumint(8) unsigned NOT NULL default '0'";
        $sql[] = "ALTER TABLE `hesk_users` ADD `ratingpos` mediumint(8) unsigned NOT NULL default '0'";
        $sql[] = "ALTER TABLE `hesk_users` ADD `rating` float NOT NULL default '0'";
        $sql[] = "ALTER TABLE `hesk_users` ADD `replies` mediumint(8) unsigned NOT NULL default '0'";
        $sql[] = "ALTER TABLE `hesk_std_replies` CHANGE `title` `title` VARCHAR( 100 ) NOT NULL";
        foreach ($sql as $s) {
            hesk_dbQuery($s);
        }
        // Update passwords to the new type and hesk privileges for non-admins */
        $res = hesk_dbQuery('SELECT `id`,`pass`,`isadmin` FROM `hesk_users` ORDER BY `id` ASC');
        $sql = array();
        while ($row = hesk_dbFetchAssoc($res)) {
            $new_pass = hesk_Pass2Hash($row['pass']);
            $s = "UPDATE `hesk_users` SET `pass`='" . hesk_dbEscape($new_pass) . "' ";
            if ($row['isadmin'] == 0) {
                $s .= ", `heskprivileges`='can_view_tickets,can_reply_tickets,can_change_cat,' ";
            }
            $s .= "WHERE `id`=" . intval($row['id']);
            $sql[] = $s;
        }
        foreach ($sql as $s) {
            hesk_dbQuery($s);
        }
        $update_all_next = 1;
    }
    // END version 0.94.1 to 2.0
    // Updating version 2.0 to 2.1
    if ($update_all_next || $hesk_settings['update_from'] == '2.0') {
        hesk_dbQuery("CREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (\r\n\t\t  `att_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,\r\n\t\t  `saved_name` varchar(255) NOT NULL DEFAULT '',\r\n\t\t  `real_name` varchar(255) NOT NULL DEFAULT '',\r\n\t\t  `size` int(10) unsigned NOT NULL DEFAULT '0',\r\n\t\t  PRIMARY KEY (`att_id`)\r\n\t\t) ENGINE=MyISAM");
        $sql = array();
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` ADD `attachments` TEXT NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom11` text NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom12` text NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom13` text NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom14` text NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom15` text NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom16` text NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom17` text NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom18` text NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom19` text NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom20` text NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `afterreply` ENUM( '0', '1', '2' ) NOT NULL DEFAULT '0' AFTER `categories`";
        foreach ($sql as $s) {
            hesk_dbQuery($s);
        }
        $update_all_next = 1;
    }
    // END version 2.0 to 2.1
    // Updating version 2.1 to 2.2
    if ($update_all_next || $hesk_settings['update_from'] == '2.1') {
        hesk_dbQuery("\r\n\t\tCREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (\r\n\t\t  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,\r\n\t\t  `from` smallint(5) unsigned NOT NULL,\r\n\t\t  `to` smallint(5) unsigned NOT NULL,\r\n\t\t  `subject` varchar(255) NOT NULL,\r\n\t\t  `message` text NOT NULL,\r\n\t\t  `dt` datetime NOT NULL,\r\n\t\t  `read` enum('0','1') NOT NULL DEFAULT '0',\r\n\t\t  `deletedby` smallint(5) unsigned NOT NULL DEFAULT '0',\r\n\t\t  PRIMARY KEY (`id`),\r\n\t\t  KEY `recipients` (`from`,`to`)\r\n\t\t) ENGINE=MyISAM\r\n\t\t");
        $sql = array();
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `replierid` SMALLINT UNSIGNED NULL AFTER `lastreplier`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `owner` SMALLINT UNSIGNED NOT NULL DEFAULT '0' AFTER `status`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `locked` ENUM( '0', '1' ) NOT NULL DEFAULT '0' AFTER `archive`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `history` TEXT NOT NULL AFTER `attachments`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` CHANGE `notify` `notify_new_unassigned` ENUM( '0', '1' ) NOT NULL DEFAULT '1'";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_new_my` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_new_unassigned`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_reply_unassigned` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_new_my`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_reply_my` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_reply_unassigned`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_assigned` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_reply_my`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_pm` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_assigned`";
        $sql[] = "UPDATE  `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `categories` = TRIM(TRAILING ',' FROM `categories`)";
        $sql[] = "UPDATE  `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges` = TRIM(TRAILING ',' FROM `heskprivileges`)";
        foreach ($sql as $s) {
            hesk_dbQuery($s);
        }
        // Update privileges - anyone can assign ticket to himself/herself by default
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges`=CONCAT(`heskprivileges`,',can_assign_self') WHERE `isadmin`!='1' ");
        $update_all_next = 1;
    }
    // END version 2.1 to 2.2
    // Updating version 2.2 to 2.3
    if ($update_all_next || $hesk_settings['update_from'] == '2.2') {
        // Logins table
        hesk_dbQuery("\r\n\t\tCREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` (\r\n\t\t  `ip` varchar(46) NOT NULL,\r\n\t\t  `number` tinyint(3) unsigned NOT NULL DEFAULT '1',\r\n\t\t  `last_attempt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\r\n\t\t  UNIQUE KEY `ip` (`ip`)\r\n\t\t) ENGINE=MyISAM\r\n\t\t");
        // Online table
        hesk_dbQuery("\r\n\t\tCREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "online` (\r\n\t\t  `user_id` smallint(5) unsigned NOT NULL,\r\n\t\t  `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\r\n\t\t  `tmp` int(11) unsigned NOT NULL DEFAULT '0',\r\n\t\t  UNIQUE KEY `user_id` (`user_id`),\r\n\t\t  KEY `dt` (`dt`)\r\n\t\t) ENGINE=MyISAM\r\n\t\t");
        $sql = array();
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `trackid` `trackid` VARCHAR( 13 ) NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `priority` `priority` ENUM( '0', '1', '2', '3' ) NOT NULL DEFAULT '3'";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `status` `status` ENUM('0','1','2','3','4','5') NOT NULL DEFAULT '0'";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `ip` `ip` VARCHAR( 46 ) NOT NULL DEFAULT ''";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `lastchange` `lastchange` TIMESTAMP on update CURRENT_TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `email` `email` VARCHAR(255) NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD INDEX (`owner`) ";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` CHANGE `heskprivileges` `heskprivileges` TEXT NOT NULL";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `autoassign` ENUM('0','1') NOT NULL DEFAULT '1' AFTER `notify_pm`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `default_list` VARCHAR( 255) NOT NULL DEFAULT '' AFTER `notify_pm`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD INDEX (`autoassign`) ";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` CHANGE `ticket_id` `ticket_id` VARCHAR(13) NOT NULL DEFAULT ''";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` CHANGE `replyto` `replyto` MEDIUMINT(8) UNSIGNED NOT NULL DEFAULT '0'";
        foreach ($sql as $s) {
            hesk_dbQuery($s);
        }
        // Update staff with new permissions (allowed by default)
        $res = hesk_dbQuery("SELECT `id`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `isadmin` != '1' ");
        while ($row = hesk_dbFetchAssoc($res)) {
            // Not admin, is user allowed to view tickets?
            if (strpos($row['heskprivileges'], 'can_view_tickets') !== false) {
                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges`=CONCAT(`heskprivileges`,',can_view_unassigned,can_view_online') WHERE `id`=" . intval($row['id']) . " LIMIT 1");
            } else {
                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges`=CONCAT(`heskprivileges`,',can_view_online') WHERE `id`=" . intval($row['id']) . " LIMIT 1");
            }
        }
        $update_all_next = 1;
    }
    // END version 2.2 to 2.3
    // Updating version 2.3 to 2.4
    if ($update_all_next || $hesk_settings['update_from'] == '2.3') {
        // Email loops table
        hesk_dbQuery("\r\n\t\tCREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` (\r\n\t\t  `email` varchar(255) CHARACTER SET latin1 NOT NULL,\r\n\t\t  `hits` smallint(1) unsigned NOT NULL DEFAULT '0',\r\n\t\t  `message_hash` char(32) NOT NULL,\r\n\t\t  `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\r\n\t\t  KEY `email` (`email`,`hits`)\r\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci\r\n\t\t");
        $sql = array();
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "online` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `language` VARCHAR(50) NULL DEFAULT NULL AFTER `ip`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `merged` MEDIUMTEXT NOT NULL AFTER `attachments`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `time_worked` TIME NOT NULL DEFAULT '00:00:00' AFTER `owner`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `status` `status` ENUM( '0', '1', '2', '3', '4', '5' ) NOT NULL DEFAULT '0'";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `language` VARCHAR(50) NULL DEFAULT NULL AFTER `signature`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_note` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_pm`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `autostart` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `afterreply`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ADD `autoassign` ENUM( '0', '1' ) NOT NULL DEFAULT '1', ADD `type` ENUM( '0', '1' ) NOT NULL DEFAULT '0', ADD INDEX ( `type` )";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` ADD `keywords` MEDIUMTEXT NOT NULL AFTER `content`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` ADD `sticky` ENUM( '0', '1' ) NOT NULL DEFAULT '0' AFTER `html` , ADD INDEX ( `sticky` )";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` DROP INDEX `subject` , ADD FULLTEXT `subject` (`subject` , `content` , `keywords`)";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` ADD `read` ENUM( '0', '1' ) NOT NULL DEFAULT '1'";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` CHANGE `read` `read` ENUM( '0', '1' ) NOT NULL DEFAULT '0'";
        foreach ($sql as $s) {
            hesk_dbQuery($s);
        }
        // Update staff with new permissions (allowed by default)
        $res = hesk_dbQuery("SELECT `id`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `isadmin` != '1' ");
        while ($row = hesk_dbFetchAssoc($res)) {
            // Not admin, is user allowed to view tickets?
            if (strpos($row['heskprivileges'], 'can_edit_tickets') !== false) {
                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges`=CONCAT(`heskprivileges`,',can_merge_tickets') WHERE `id`=" . intval($row['id']) . " LIMIT 1");
            }
        }
        $update_all_next = 1;
    }
    // END version 2.3 to 2.4
    // Upgrade version 2.4.x to 2.5.0
    if ($update_all_next || $hesk_settings['update_from'] == '2.4') {
        $sql = array();
        // Make sure the 2.4 to 2.4.1 change is made
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` CHANGE `hits` `hits` SMALLINT( 1 ) UNSIGNED NOT NULL DEFAULT '0' ";
        // 2.4.2 to 2.5.0 specific changes
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` CHANGE `articles` `articles` SMALLINT( 5 ) UNSIGNED NOT NULL DEFAULT '0'";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` ADD `articles_private` SMALLINT UNSIGNED NOT NULL DEFAULT '0' AFTER `articles` , ADD `articles_draft` SMALLINT UNSIGNED NOT NULL DEFAULT '0' AFTER `articles_private`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` ADD INDEX ( `parent` )";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` DROP INDEX `recipients`";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` ADD INDEX ( `to`, `read`, `deletedby` )";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` ADD INDEX ( `from` )";
        $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` CHANGE `rating` `rating` ENUM( '0', '1', '5' ) DEFAULT '0' ";
        $sql[] = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `rating` = '0' WHERE `rating` IS NULL OR `rating` = '' ";
        foreach ($sql as $s) {
            hesk_dbQuery($s);
        }
        // Update knowledgebase category article counts to reflect new fields
        $update_these = array();
        // Get a count of all articles grouped by category and type
        $res = hesk_dbQuery('SELECT `catid`, `type`, COUNT(*) AS `num` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'kb_articles` GROUP BY `catid`, `type`');
        while ($row = hesk_dbFetchAssoc($res)) {
            switch ($row['type']) {
                case 0:
                    $update_these[$row['catid']]['articles'] = $row['num'];
                    break;
                case 1:
                    $update_these[$row['catid']]['articles_private'] = $row['num'];
                    break;
                default:
                    $update_these[$row['catid']]['articles_draft'] = $row['num'];
            }
        }
        // Set all article counts to 0
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=0, `articles_private`=0, `articles_draft`=0");
        // Now update categories that have articles with correct values
        foreach ($update_these as $catid => $value) {
            $value['articles'] = isset($value['articles']) ? $value['articles'] : 0;
            $value['articles_private'] = isset($value['articles_private']) ? $value['articles_private'] : 0;
            $value['articles_draft'] = isset($value['articles_draft']) ? $value['articles_draft'] : 0;
            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`={$value['articles']}, `articles_private`={$value['articles_private']}, `articles_draft`={$value['articles_draft']} WHERE `id`='{$catid}' LIMIT 1");
            // Force order articles
            $res = hesk_dbQuery("SELECT `id`, `sticky` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='{$catid}' ORDER BY `sticky` DESC, `art_order` ASC");
            $i = 10;
            $previous_sticky = 1;
            while ($article = hesk_dbFetchAssoc($res)) {
                if ($previous_sticky != $article['sticky']) {
                    $i = 10;
                    $previous_sticky = $article['sticky'];
                }
                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `art_order`=" . intval($i) . " WHERE `id`='" . intval($article['id']) . "' LIMIT 1");
                $i += 10;
            }
        }
        // Force order categories
        $res = hesk_dbQuery('SELECT `id`, `parent` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'kb_categories` ORDER BY `parent` ASC, `cat_order` ASC');
        $i = 10;
        while ($category = hesk_dbFetchAssoc($res)) {
            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($category['id']) . "' LIMIT 1");
            $i += 10;
        }
        $update_all_next = 1;
    }
    // END version 2.4.0 to 2.5.0
    // 2.5.1 no changes
    // 2.5.2 no changes
    // Insert the "HESK updated to latest version" mail for the administrator
    if (file_exists(HESK_PATH . 'hesk_license.php')) {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`id`, `from`, `to`, `subject`, `message`, `dt`, `read`, `deletedby`) VALUES (NULL, 9999, 1, 'HESK updated to latest version', '<div style=\"text-align:justify;padding:3px\">\r\n\r\n<p><i>Congratulations, your HESK has been updated to the latest version!</i><br />&nbsp;</p>\r\n\r\n<p style=\"color:green;font-weight:bold\">&raquo; Enjoy using HESK? Please let others know!</p>\r\n\r\n<p>You are invited to rate HESK or even write a short review here:<br />&nbsp;<br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://www.hotscripts.com/Detailed/46973.html\" target=\"_blank\">Rate this script @ Hot Scripts</a><br />&nbsp;<br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://php.resourceindex.com/detail/04946.html\" target=\"_blank\">Rate this script @ The PHP Resource Index</a><br />&nbsp;</p>\r\n\r\n<p>Thank you,<br />&nbsp;<br />Klemen,<br />\r\n<a href=\"http://www.hesk.com/\" target=\"_blank\">www.hesk.com</a>\r\n\r\n<p>&nbsp;</p>', NOW(), '0', 9999)");
    } else {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`id`, `from`, `to`, `subject`, `message`, `dt`, `read`, `deletedby`) VALUES (NULL, 9999, 1, 'HESK updated to latest version', '<div style=\"text-align:justify;padding:3px\">\r\n\r\n<p><i>Congratulations, your HESK has been updated to the latest version!</i><br />&nbsp;</p>\r\n\r\n<p style=\"color:green;font-weight:bold\">&raquo; Enjoy using HESK? Please let others know!</p>\r\n\r\n<p>You are invited to rate HESK or even write a short review here:<br />&nbsp;<br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://www.hotscripts.com/Detailed/46973.html\" target=\"_blank\">Rate this script @ Hot Scripts</a><br />&nbsp;<br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://php.resourceindex.com/detail/04946.html\" target=\"_blank\">Rate this script @ The PHP Resource Index</a><br />&nbsp;</p>\r\n\r\n<p style=\"color:green;font-weight:bold\">&raquo; Support HESK development, buy a license.</p>\r\n\r\n<p>A lot of time and effort went into developing HESK. Support me by purchasing a license that removes &quot;Powered by&quot; credits from your help desk!<br />&nbsp;<br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"https://www.hesk.com/buy.php\" target=\"_blank\">Buy a HESK license</a><br />&nbsp;</p>\r\n\r\n<p>Thank you,<br />&nbsp;<br />Klemen,<br />\r\n<a href=\"http://www.hesk.com/\" target=\"_blank\">www.hesk.com</a>\r\n\r\n<p>&nbsp;</p>', NOW(), '0', 9999)");
    }
    return true;
}
Exemple #11
0
function new_user()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    $myuser = hesk_validateUserInfo();
    /* Can view unassigned tickets? */
    if (in_array('can_view_unassigned', $myuser['features'])) {
        $sql_where = '';
        $sql_what = '';
    } else {
        $sql_where = ' , `notify_new_unassigned`, `notify_reply_unassigned` ';
        $sql_what = " , '0', '0' ";
    }
    /* Categories and Features will be stored as a string */
    $myuser['categories'] = implode(',', $myuser['categories']);
    $myuser['features'] = implode(',', $myuser['features']);
    /* Check for duplicate usernames */
    $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 0) {
        hesk_process_messages($hesklang['duplicate_user'], 'manage_users.php');
    }
    /* Admins will have access to all features and categories */
    if ($myuser['isadmin']) {
        $myuser['categories'] = '';
        $myuser['features'] = '';
    }
    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` (`user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`,`autoassign`,`heskprivileges` {$sql_where}) VALUES (\r\n\t'" . hesk_dbEscape($myuser['user']) . "',\r\n\t'" . hesk_dbEscape($myuser['pass']) . "',\r\n\t'" . intval($myuser['isadmin']) . "',\r\n\t'" . hesk_dbEscape($myuser['name']) . "',\r\n\t'" . hesk_dbEscape($myuser['email']) . "',\r\n\t'" . hesk_dbEscape($myuser['signature']) . "',\r\n\t'" . hesk_dbEscape($myuser['categories']) . "',\r\n\t'" . intval($myuser['autoassign']) . "',\r\n\t'" . hesk_dbEscape($myuser['features']) . "'\r\n\t{$sql_what} )");
    $_SESSION['seluser'] = hesk_dbInsertID();
    unset($_SESSION['userdata']);
    hesk_process_messages(sprintf($hesklang['user_added_success'], $myuser['user'], $myuser['cleanpass']), './manage_users.php', 'SUCCESS');
}
Exemple #12
0
if (isset($_POST['resolved_time'])) {
    $value_resolved_time = hesk_input(hesk_POST('resolved_time'));
} else {
    $value_resolved_time = '';
}
if (!empty($value_contract_name) && !empty($value_company_id) && !empty($value_project_id) && !empty($value_starting_date) && !empty($value_ending_date) && !empty($value_sla) && !empty($value_priority) && !empty($value_reply_time) && !empty($value_resolved_time)) {
    if (isset($_POST['action']) && $_POST['action'] == 'save') {
        if (date("Y-m-d") >= hesk_dbEscape($value_starting_date) && date("Y-m-d") <= hesk_dbEscape($value_ending_date)) {
            $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contracts` (\n\t\t\t`id`,\n\t\t\t`contract_name`,\n\t\t\t`company_id`,\n\t\t\t`project_id`,\n\t\t\t`starting_date`,\n\t\t\t`ending_date`,\n\t\t\t`created_by`,\n\t\t\t`sla`,\n\t\t\t`priority`,\n\t\t\t`reply_time`,\n\t\t\t`resolved_time`,\n\t\t\t`active`\n\t\t\t) VALUES (\n\t\t\t'" . hesk_dbEscape($value_id) . "',\n\t\t\t'" . hesk_dbEscape($value_contract_name) . "',\n\t\t\t'" . hesk_dbEscape($value_company_id) . "',\n\t\t\t'" . hesk_dbEscape($value_project_id) . "',\n\t\t\t'" . hesk_dbEscape($value_starting_date) . "',\n\t\t\t'" . hesk_dbEscape($value_ending_date) . "',\n\t\t\t'" . hesk_dbEscape($_SESSION['id']) . "',\n\t\t\t'" . hesk_dbEscape($value_sla) . "',\n\t\t\t'" . hesk_dbEscape($value_priority) . "',\n\t\t\t'" . hesk_dbEscape($value_reply_time) . "',\n\t\t\t'" . hesk_dbEscape($value_resolved_time) . "',\n\t\t\t'" . hesk_dbEscape(1) . "'\n\t\t\t)");
            $id = hesk_dbInsertID();
            foreach ($_POST['staff_id'] as $staff) {
                $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "userforcontract` (\n\t\t\t\t\t`userId`, `contractId`) VALUES('" . hesk_dbEscape($staff) . "', '" . $id . "')");
            }
        } else {
            $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contracts` (\n\t\t\t`id`,\n\t\t\t`contract_name`,\n\t\t\t`company_id`,\n\t\t\t`project_id`,\n\t\t\t`starting_date`,\n\t\t\t`ending_date`,\n\t\t\t`created_by`,\n\t\t\t`sla`,\n\t\t\t`priority`,\n\t\t\t`reply_time`,\n\t\t\t`resolved_time`,\n\t\t\t`active`\n\t\t\t) VALUES (\n\t\t\t'" . hesk_dbEscape($value_id) . "',\n\t\t\t'" . hesk_dbEscape($value_contract_name) . "',\n\t\t\t'" . hesk_dbEscape($value_company_id) . "',\n\t\t\t'" . hesk_dbEscape($value_project_id) . "',\n\t\t\t'" . hesk_dbEscape($value_starting_date) . "',\n\t\t\t'" . hesk_dbEscape($value_ending_date) . "',\n\t\t\t'" . hesk_dbEscape($_SESSION['id']) . "',\n\t\t\t'" . hesk_dbEscape($value_sla) . "',\n\t\t\t'" . hesk_dbEscape($value_priority) . "',\n\t\t\t'" . hesk_dbEscape($value_reply_time) . "',\n\t\t\t'" . hesk_dbEscape($value_resolved_time) . "',\n\t\t\t'" . hesk_dbEscape(0) . "'\n\t\t\t)");
            $id = hesk_dbInsertID();
            foreach ($_POST['staff_id'] as $staff) {
                $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "userforcontract` (\n\t\t\t\t\t`userId`, `contractId`) VALUES('" . hesk_dbEscape($staff) . "', '" . $id . "')");
            }
        }
    }
}
/* Print header */
require_once HESK_PATH . 'inc/header.inc.php';
/* Print admin navigation */
require_once HESK_PATH . 'inc/show_admin_nav.inc.php';
?>

<div class="container manage-contract-title"><?php 
echo $hesklang['manage_contracts'];
?>
function ban_email()
{
    global $hesk_settings, $hesklang;
    // A security check
    hesk_token_check();
    // Get the email
    $email = strtolower(hesk_input(hesk_REQUEST('email')));
    // Nothing entered?
    if (!strlen($email)) {
        hesk_process_messages($hesklang['enterbanemail'], 'banned_emails.php');
    }
    // Only allow one email to be entered
    $email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email;
    $email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email;
    // Validate email address
    $hesk_settings['multi_eml'] = 0;
    if (!hesk_validateEmail($email, '', 0) && !verify_email_domain($email)) {
        hesk_process_messages($hesklang['validbanemail'], 'banned_emails.php');
    }
    // Redirect either to banned emails or ticket page from now on
    $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
    // Prevent duplicate rows
    if ($_SESSION['ban_email']['id'] = hesk_isBannedEmail($email)) {
        hesk_process_messages(sprintf($hesklang['emailbanexists'], $email), $redirect_to, 'NOTICE');
    }
    // Insert the email address into database
    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` (`email`,`banned_by`) VALUES ('" . hesk_dbEscape($email) . "','" . intval($_SESSION['id']) . "')");
    // Remember email that got banned
    $_SESSION['ban_email']['id'] = hesk_dbInsertID();
    // Show success
    hesk_process_messages(sprintf($hesklang['email_banned'], $email), $redirect_to, 'SUCCESS');
}
Exemple #14
0
function new_user()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    $myuser = hesk_validateUserInfo();
    /* Categories and Features will be stored as a string */
    $myuser['categories'] = implode(',', $myuser['categories']);
    $myuser['features'] = implode(',', $myuser['features']);
    /* Check for duplicate usernames */
    $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 0) {
        hesk_process_messages($hesklang['duplicate_user'], 'manage_users.php');
    }
    /* Admins will have access to all features and categories */
    if ($myuser['isadmin']) {
        $myuser['categories'] = '';
        $myuser['features'] = '';
    }
    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` (\r\n\t`user`,\r\n\t`pass`,\r\n\t`isadmin`,\r\n\t`name`,\r\n\t`email`,\r\n\t`signature`,\r\n\t`categories`,\r\n\t`autoassign`,\r\n\t`heskprivileges`,\r\n\t`afterreply`,\r\n\t`autostart`,\r\n\t`notify_customer_new`,\r\n\t`notify_customer_reply`,\r\n\t`show_suggested`,\r\n\t`notify_new_unassigned`,\r\n\t`notify_new_my`,\r\n\t`notify_reply_unassigned`,\r\n\t`notify_reply_my`,\r\n\t`notify_assigned`,\r\n\t`notify_pm`,\r\n\t`notify_note`\r\n\t) VALUES (\r\n\t'" . hesk_dbEscape($myuser['user']) . "',\r\n\t'" . hesk_dbEscape($myuser['pass']) . "',\r\n\t'" . intval($myuser['isadmin']) . "',\r\n\t'" . hesk_dbEscape($myuser['name']) . "',\r\n\t'" . hesk_dbEscape($myuser['email']) . "',\r\n\t'" . hesk_dbEscape($myuser['signature']) . "',\r\n\t'" . hesk_dbEscape($myuser['categories']) . "',\r\n\t'" . intval($myuser['autoassign']) . "',\r\n\t'" . hesk_dbEscape($myuser['features']) . "',\r\n\t'" . $myuser['afterreply'] . "' ,\r\n\t'" . $myuser['autostart'] . "' ,\r\n\t'" . $myuser['notify_customer_new'] . "' ,\r\n\t'" . $myuser['notify_customer_reply'] . "' ,\r\n\t'" . $myuser['show_suggested'] . "' ,\r\n\t'" . $myuser['notify_new_unassigned'] . "' ,\r\n\t'" . $myuser['notify_new_my'] . "' ,\r\n\t'" . $myuser['notify_reply_unassigned'] . "' ,\r\n\t'" . $myuser['notify_reply_my'] . "' ,\r\n\t'" . $myuser['notify_assigned'] . "' ,\r\n\t'" . $myuser['notify_pm'] . "',\r\n\t'" . $myuser['notify_note'] . "'\r\n\t)");
    $_SESSION['seluser'] = hesk_dbInsertID();
    unset($_SESSION['userdata']);
    hesk_process_messages(sprintf($hesklang['user_added_success'], $myuser['user'], $myuser['cleanpass']), './manage_users.php', 'SUCCESS');
}
function new_user()
{
    global $hesk_settings, $hesklang;
    global $hesk_db_link;
    /* A security check */
    hesk_token_check('POST');
    $myuser = hesk_validateUserInfo(0, $_SERVER['HTTP_REFERER']);
    /* Categories and Features will be stored as a string */
    $myuser['categories'] = implode(',', $myuser['categories']);
    $myuser['features'] = implode(',', $myuser['features']);
    /* user active */
    $user_active = hesk_input(hesk_POST('prof_active'));
    if (empty($user_active)) {
        $user_active = "0";
    }
    /* Check for duplicate usernames */
    if ($myuser['isclient'] == "1") {
        $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "clients` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
        if (hesk_dbNumRows($result) != 0) {
            hesk_process_messages($hesklang['duplicate_user'], 'manage_users.php');
        }
    } else {
        $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
        if (hesk_dbNumRows($result) != 0) {
            hesk_process_messages($hesklang['duplicate_user'], 'manage_users.php');
        }
    }
    /* Admins will have access to all features and categories */
    if ($myuser['isadmin']) {
        $myuser['categories'] = '';
        $myuser['features'] = '';
    }
    // Check if user is client
    if (hesk_dbEscape($myuser['isclient']) == "1") {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "clients` (\n\t\t`user`,\n\t\t`pass`,\n\t\t`isclient`,\n\t\t`name`,\n\t\t`email`,\n\t\t`address`,\n\t\t`phonenumber`,\n\t\t`poz_detyres`,\n\t\t`company_id`,\n\t\t`active`,\n\t\t`signature`\n\t\t) VALUES (\n\t\t'" . hesk_dbEscape($myuser['user']) . "',\n\t\t'" . hesk_dbEscape($myuser['pass']) . "',\n\t\t'" . intval($myuser['isclient']) . "',\n\t\t'" . hesk_dbEscape($myuser['name']) . "',\n\t\t'" . hesk_dbEscape($myuser['email']) . "',\n\t\t'" . hesk_dbEscape($myuser['address']) . "',\n\t\t'" . hesk_dbEscape($myuser['phonenumber']) . "',\n\t\t'" . hesk_dbEscape($myuser['poz_detyres']) . "',\n\t\t'" . hesk_dbEscape($myuser['company_id']) . "',\n\t\t'" . hesk_dbEscape($user_active) . "',\n\t\t'" . hesk_dbEscape($myuser['signature']) . "'\n\t\t)");
        $id = hesk_dbInsertID();
        foreach ($_POST['contract_id'] as $contract) {
            $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contractforclient` (\n\t\t\t\t\t`contract_Id`, `client_Id`) VALUES('" . hesk_dbEscape($contract) . "', '" . $id . "')");
        }
    } else {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` (\n\t\t`user`,\n\t\t`pass`,\n\t\t`isadmin`,\n\t\t`name`,\n\t\t`email`,\n\t\t`address`,\n\t\t`phonenumber`,\n\t\t`poz_detyres`,\n\t\t`active`,\n\t\t`signature`,\n\t\t`categories`,\n\t\t`autoassign`,\n\t\t`heskprivileges`,\n\t\t`afterreply`,\n\t\t`autostart`,\n\t\t`notify_customer_new`,\n\t\t`notify_customer_reply`,\n\t\t`show_suggested`,\n\t\t`notify_new_unassigned`,\n\t\t`notify_new_my`,\n\t\t`notify_reply_unassigned`,\n\t\t`notify_reply_my`,\n\t\t`notify_assigned`,\n\t\t`notify_pm`,\n\t\t`notify_note`\n\t\t) VALUES (\n\t\t'" . hesk_dbEscape($myuser['user']) . "',\n\t\t'" . hesk_dbEscape($myuser['pass']) . "',\n\t\t'" . intval($myuser['isadmin']) . "',\n\t\t'" . hesk_dbEscape($myuser['name']) . "',\n\t\t'" . hesk_dbEscape($myuser['email']) . "',\n\t\t'" . hesk_dbEscape($myuser['address']) . "',\n\t\t'" . hesk_dbEscape($myuser['phonenumber']) . "',\n\t\t'" . hesk_dbEscape($myuser['poz_detyres']) . "',\n\t\t'" . hesk_dbEscape($user_active) . "',\n\t\t'" . hesk_dbEscape($myuser['signature']) . "',\n\t\t'" . hesk_dbEscape($myuser['categories']) . "',\n\t\t'" . intval($myuser['autoassign']) . "',\n\t\t'" . hesk_dbEscape($myuser['features']) . "',\n\t\t'" . $myuser['afterreply'] . "' ,\n\t\t'" . $myuser['autostart'] . "' ,\n\t\t'" . $myuser['notify_customer_new'] . "' ,\n\t\t'" . $myuser['notify_customer_reply'] . "' ,\n\t\t'" . $myuser['show_suggested'] . "' ,\n\t\t'" . $myuser['notify_new_unassigned'] . "' ,\n\t\t'" . $myuser['notify_new_my'] . "' ,\n\t\t'" . $myuser['notify_reply_unassigned'] . "' ,\n\t\t'" . $myuser['notify_reply_my'] . "' ,\n\t\t'" . $myuser['notify_assigned'] . "' ,\n\t\t'" . $myuser['notify_pm'] . "',\n\t\t'" . $myuser['notify_note'] . "'\n\t\t)");
        $_SESSION['seluser'] = hesk_dbInsertID();
    }
    unset($_SESSION['userdata']);
    hesk_process_messages(sprintf($hesklang['user_added_success'], $myuser['user'], $myuser['cleanpass']), './manage_users.php', 'SUCCESS');
}
Exemple #16
0
function ban_ip()
{
    global $hesk_settings, $hesklang;
    // A security check
    hesk_token_check();
    // Get the ip
    $ip = preg_replace('/[^0-9\\.\\-\\/\\*]/', '', hesk_REQUEST('ip'));
    $ip_display = str_replace('-', ' - ', $ip);
    // Nothing entered?
    if (!strlen($ip)) {
        hesk_process_messages($hesklang['enterbanip'], 'banned_ips.php');
    }
    // Convert asterisk to ranges
    if (strpos($ip, '*') !== false) {
        $ip = str_replace('*', '0', $ip) . '-' . str_replace('*', '255', $ip);
    }
    $ip_regex = '(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])';
    // Is this a single IP address?
    if (preg_match('/^' . $ip_regex . '$/', $ip)) {
        $ip_from = ip2long($ip);
        $ip_to = $ip_from;
    } elseif (preg_match('/^' . $ip_regex . '\\-' . $ip_regex . '$/', $ip)) {
        list($ip_from, $ip_to) = explode('-', $ip);
        $ip_from = ip2long($ip_from);
        $ip_to = ip2long($ip_to);
    } elseif (preg_match('/^' . $ip_regex . '\\/([0-9]{1,2})$/', $ip, $matches) && $matches[4] >= 0 && $matches[4] <= 32) {
        list($ip_from, $ip_to) = hesk_cidr_to_range($ip);
    } else {
        hesk_process_messages($hesklang['validbanip'], 'banned_ips.php');
    }
    // Make sure we have valid ranges
    if ($ip_from < 0) {
        $ip_from += 4294967296.0;
    } elseif ($ip_from > 4294967296.0) {
        $ip_from = 4294967296.0;
    }
    if ($ip_to < 0) {
        $ip_to += 4294967296.0;
    } elseif ($ip_to > 4294967296.0) {
        $ip_to = 4294967296.0;
    }
    // Make sure $ip_to is not lower that $ip_from
    if ($ip_to < $ip_from) {
        $tmp = $ip_to;
        $ip_to = $ip_from;
        $ip_from = $tmp;
    }
    // Is this IP address already banned?
    $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE {$ip_from} BETWEEN `ip_from` AND `ip_to` AND {$ip_to} BETWEEN `ip_from` AND `ip_to` LIMIT 1");
    if (hesk_dbNumRows($res) == 1) {
        $_SESSION['ban_ip']['id'] = hesk_dbResult($res);
        $hesklang['ipbanexists'] = $ip_to == $ip_from ? sprintf($hesklang['ipbanexists'], long2ip($ip_to)) : sprintf($hesklang['iprbanexists'], long2ip($ip_from) . ' - ' . long2ip($ip_to));
        hesk_process_messages($hesklang['ipbanexists'], 'banned_ips.php', 'NOTICE');
    }
    // Delete any duplicate banned IP or ranges that are within the new banned range
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `ip_from` >= {$ip_from} AND `ip_to` <= {$ip_to}");
    // Delete temporary bans from logins table
    if ($ip_to == $ip_from) {
        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "' LIMIT 1");
    }
    // Redirect either to banned ips or ticket page from now on
    $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_ips.php';
    // Insert the ip address into database
    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` (`ip_from`,`ip_to`,`ip_display`,`banned_by`) VALUES ({$ip_from}, {$ip_to},'" . hesk_dbEscape($ip_display) . "','" . intval($_SESSION['id']) . "')");
    // Remember ip that got banned
    $_SESSION['ban_ip']['id'] = hesk_dbInsertID();
    // Generate success message
    $hesklang['ip_banned'] = $ip_to == $ip_from ? sprintf($hesklang['ip_banned'], long2ip($ip_to)) : sprintf($hesklang['ip_rbanned'], long2ip($ip_from) . ' - ' . long2ip($ip_to));
    // Show success
    hesk_process_messages(sprintf($hesklang['ip_banned'], $ip), $redirect_to, 'SUCCESS');
}