function hesk_newTicket($ticket) { global $hesk_settings, $hesklang, $hesk_db_link; // If language is not set or default, set it to NULL $language = !$hesk_settings['can_sel_lang'] || $hesklang['LANGUAGE'] == HESK_DEFAULT_LANGUAGE ? "NULL" : "'" . hesk_dbEscape($hesklang['LANGUAGE']) . "'"; // Insert ticket into database hesk_dbQuery("\n\tINSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets`\n\t(\n\t\t`trackid`,\n\t\t`name`,\n\t\t`email`,\n\t\t`category`,\n\t\t`company_ticket_id`,\n\t\t`contract_ticket_id`,\n\t\t`priority`,\n\t\t`subject`,\n\t\t`message`,\n\t\t`dt`,\n\t\t`lastchange`,\n\t\t`articles`,\n\t\t`ip`,\n\t\t`language`,\n\t\t`openedby`,\n\t\t`owner`,\n\t\t`attachments`,\n\t\t`merged`,\n\t\t`history`,\n\t\t`custom1`,\n\t\t`custom2`,\n\t\t`custom3`,\n\t\t`custom4`,\n\t\t`custom5`,\n\t\t`custom6`,\n\t\t`custom7`,\n\t\t`custom8`,\n\t\t`custom9`,\n\t\t`custom10`,\n\t\t`custom11`,\n\t\t`custom12`,\n\t\t`custom13`,\n\t\t`custom14`,\n\t\t`custom15`,\n\t\t`custom16`,\n\t\t`custom17`,\n\t\t`custom18`,\n\t\t`custom19`,\n\t\t`custom20`\n\t)\n\tVALUES\n\t(\n\t\t'" . hesk_dbEscape($ticket['trackid']) . "',\n\t\t'" . hesk_dbEscape($ticket['name']) . "',\n\t\t'" . hesk_dbEscape($ticket['email']) . "',\n\t\t'" . intval($ticket['category']) . "',\n\t\t'" . hesk_dbEscape($ticket['company_ticket_id']) . "',\n\t\t'" . hesk_dbEscape($ticket['contract_ticket_id']) . "',\n\t\t'" . intval($ticket['priority']) . "',\n\t\t'" . hesk_dbEscape($ticket['subject']) . "',\n\t\t'" . hesk_dbEscape($ticket['message']) . "',\n\t\tNOW(),\n\t\tNOW(),\n\t\t" . (isset($ticket['articles']) ? "'{$ticket['articles']}'" : 'NULL') . ",\n\t\t'" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "',\n\t\t{$language},\n\t\t'" . (isset($ticket['openedby']) ? intval($ticket['openedby']) : 0) . "',\n\t\t'" . intval($ticket['owner']) . "',\n\t\t'" . hesk_dbEscape($ticket['attachments']) . "',\n\t\t'',\n\t\t'" . hesk_dbEscape($ticket['history']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom1']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom2']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom3']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom4']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom5']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom6']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom7']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom8']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom9']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom10']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom11']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom12']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom13']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom14']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom15']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom16']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom17']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom18']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom19']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom20']) . "'\n\t)\n\t"); // Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => 0, 'name' => $ticket['name'], 'lastreplier' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date(), 'lastchange' => hesk_date(), 'id' => hesk_dbInsertID()); // Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } return hesk_ticketToPlain($info, 1); }
function hesk_newTicket($ticket, $isVerified = true) { global $hesk_settings, $hesklang, $hesk_db_link; // If language is not set or default, set it to NULL. if (!isset($ticket['language']) || empty($ticket['language'])) { $language = !$hesk_settings['can_sel_lang'] ? HESK_DEFAULT_LANGUAGE : hesk_dbEscape($hesklang['LANGUAGE']); } else { $language = $ticket['language']; } // Get the default ticket status for new tickets and set it accordingly $defaultNewTicketRs = hesk_dbQuery("SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsNewTicketStatus` = 1"); $defaultNewTicket = hesk_dbFetchAssoc($defaultNewTicketRs); $ticket['status'] = $defaultNewTicket['ID']; $tableName = $isVerified ? 'tickets' : 'stage_tickets'; // Insert ticket into database hesk_dbQuery("\n\tINSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . $tableName . "`\n\t(\n\t\t`trackid`,\n\t\t`name`,\n\t\t`email`,\n\t\t`category`,\n\t\t`priority`,\n\t\t`subject`,\n\t\t`message`,\n\t\t`dt`,\n\t\t`lastchange`,\n\t\t`articles`,\n\t\t`ip`,\n\t\t`language`,\n\t\t`openedby`,\n\t\t`owner`,\n\t\t`attachments`,\n\t\t`merged`,\n\t\t`history`,\n\t\t`custom1`,\n\t\t`custom2`,\n\t\t`custom3`,\n\t\t`custom4`,\n\t\t`custom5`,\n\t\t`custom6`,\n\t\t`custom7`,\n\t\t`custom8`,\n\t\t`custom9`,\n\t\t`custom10`,\n\t\t`custom11`,\n\t\t`custom12`,\n\t\t`custom13`,\n\t\t`custom14`,\n\t\t`custom15`,\n\t\t`custom16`,\n\t\t`custom17`,\n\t\t`custom18`,\n\t\t`custom19`,\n\t\t`custom20`,\n\t\t`status`,\n\t\t`latitude`,\n\t\t`longitude`\n\t)\n\tVALUES\n\t(\n\t\t'" . hesk_dbEscape($ticket['trackid']) . "',\n\t\t'" . hesk_dbEscape($ticket['name']) . "',\n\t\t'" . hesk_dbEscape($ticket['email']) . "',\n\t\t'" . intval($ticket['category']) . "',\n\t\t'" . intval($ticket['priority']) . "',\n\t\t'" . hesk_dbEscape($ticket['subject']) . "',\n\t\t'" . hesk_dbEscape($ticket['message']) . "',\n\t\tNOW(),\n\t\tNOW(),\n\t\t" . (isset($ticket['articles']) ? "'{$ticket['articles']}'" : 'NULL') . ",\n\t\t'" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "',\n\t\t'" . hesk_dbEscape($language) . "',\n\t\t'" . (isset($ticket['openedby']) ? intval($ticket['openedby']) : 0) . "',\n\t\t'" . intval($ticket['owner']) . "',\n\t\t'" . hesk_dbEscape($ticket['attachments']) . "',\n\t\t'',\n\t\t'" . hesk_dbEscape($ticket['history']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom1']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom2']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom3']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom4']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom5']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom6']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom7']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom8']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom9']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom10']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom11']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom12']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom13']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom14']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom15']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom16']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom17']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom18']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom19']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom20']) . "',\n\t\t'" . intval($ticket['status']) . "',\n\t\t'" . hesk_dbEscape($ticket['latitude']) . "',\n\t\t'" . hesk_dbEscape($ticket['longitude']) . "'\n\t)\n\t"); // Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date(), 'lastchange' => hesk_date(), 'id' => hesk_dbInsertID(), 'language' => $language); // Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } return hesk_ticketToPlain($info, 1); }
function new_sm() { global $hesk_settings, $hesklang, $listBox; global $hesk_error_buffer; // A security check # hesk_token_check('POST'); $hesk_error_buffer = array(); $style = intval(hesk_POST('style', 0)); if ($style > 4 || $style < 0) { $style = 0; } $type = empty($_POST['type']) ? 0 : 1; $title = hesk_input(hesk_POST('title')) or $hesk_error_buffer[] = $hesklang['sm_e_title']; $message = hesk_getHTML(hesk_POST('message')); // Any errors? if (count($hesk_error_buffer)) { $_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => hesk_input(hesk_POST('message'))); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "<li>{$error}</li>\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'service_messages.php'); } // Just preview the message? if (isset($_POST['sm_preview'])) { $_SESSION['preview_sm'] = true; $_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => $message); header('Location: service_messages.php'); exit; } // Get the latest service message order $res = hesk_dbQuery("SELECT `order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` ORDER BY `order` DESC LIMIT 1"); $row = hesk_dbFetchRow($res); $my_order = intval($row[0]) + 10; // Insert service message into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` (`author`,`title`,`message`,`style`,`type`,`order`) VALUES (\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($title) . "',\n '" . hesk_dbEscape($message) . "',\n '{$style}',\n '{$type}',\n '{$my_order}'\n )"); $_SESSION['smord'] = hesk_dbInsertID(); hesk_process_messages($hesklang['sm_added'], 'service_messages.php', 'SUCCESS'); }
$res = hesk_dbQuery("SELECT `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='{$ticket['id']}' AND `dt` > DATE_SUB(NOW(), INTERVAL 10 MINUTE) ORDER BY `id` ASC"); if (hesk_dbNumRows($res) > 0) { $sequential_customer_replies = 0; while ($tmp = hesk_dbFetchAssoc($res)) { $sequential_customer_replies = $tmp['staffid'] ? 0 : $sequential_customer_replies + 1; } if ($sequential_customer_replies > 10) { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` (`ip`, `number`) VALUES ('" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "', " . intval($hesk_settings['attempt_limit'] + 1) . ")"); hesk_error(sprintf($hesklang['yhbr'], $hesk_settings['attempt_banmin']), 0); } } /* Insert attachments */ if ($hesk_settings['attachments']['use'] && !empty($attachments)) { foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('{$trackingID}','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; } } // If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff" $ticket['status'] = $ticket['status'] ? 1 : 0; /* Update ticket as necessary */ $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}' LIMIT 1"); if (isset($_SESSION['id']['user'])) { $name = $_SESSION['id']['user']; } else { $name = $ticket['name']; } // Insert reply into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ({$ticket['id']},'" . hesk_dbEscape($name) . "','" . hesk_dbEscape($message) . "',NOW(),'" . hesk_dbEscape($myattachments) . "')"); /*** Need to notify any staff? ***/ // --> Prepare reply message
function new_cat() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); /* Options */ $_SESSION['cat_autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0; $_SESSION['cat_type'] = hesk_POST('type') == 'Y' ? 1 : 0; // Default priority $_SESSION['cat_priority'] = intval(hesk_POST('priority', 3)); if ($_SESSION['cat_priority'] < 0 || $_SESSION['cat_priority'] > 3) { $_SESSION['cat_priority'] = 3; } /* Category name */ $catname = hesk_input(hesk_POST('name'), $hesklang['enter_cat_name'], 'manage_categories.php'); /* Do we already have a category with this name? */ $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `name` LIKE '" . hesk_dbEscape(hesk_dbLike($catname)) . "' LIMIT 1"); if (hesk_dbNumRows($res) != 0) { $_SESSION['catname'] = $catname; hesk_process_messages($hesklang['cndupl'], 'manage_categories.php'); } /* Get the latest cat_order */ $res = hesk_dbQuery("SELECT `cat_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ORDER BY `cat_order` DESC LIMIT 1"); $row = hesk_dbFetchRow($res); $my_order = $row[0] + 10; hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` (`name`,`cat_order`,`autoassign`,`type`, `priority`) VALUES ('" . hesk_dbEscape($catname) . "','" . intval($my_order) . "','" . intval($_SESSION['cat_autoassign']) . "','" . intval($_SESSION['cat_type']) . "','{$_SESSION['cat_priority']}')"); hesk_cleanSessionVars('catname'); hesk_cleanSessionVars('cat_autoassign'); hesk_cleanSessionVars('cat_type'); hesk_cleanSessionVars('cat_priority'); $_SESSION['selcat2'] = hesk_dbInsertID(); hesk_process_messages(sprintf($hesklang['cat_name_added'], '<i>' . stripslashes($catname) . '</i>'), 'manage_categories.php', 'SUCCESS'); }
function mail_send() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $hesk_error_buffer = ''; /* Recipient */ $_SESSION['mail']['to'] = intval(hesk_POST('to')); /* Valid recipient? */ if (empty($_SESSION['mail']['to'])) { $hesk_error_buffer .= '<li>' . $hesklang['m_rec'] . '</li>'; } elseif ($_SESSION['mail']['to'] == $_SESSION['id']) { $hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>'; } else { $res = hesk_dbQuery("SELECT `name`,`email`,`notify_pm` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($_SESSION['mail']['to']) . "' LIMIT 1"); $num = hesk_dbNumRows($res); if (!$num) { $hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>'; } else { $pm_recipient = hesk_dbFetchAssoc($res); } } /* Subject */ $_SESSION['mail']['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer .= '<li>' . $hesklang['m_esu'] . '</li>'; /* Message */ $_SESSION['mail']['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_message'] . '</li>'; /* Any errors? */ if (strlen($hesk_error_buffer)) { $_SESSION['hide']['list'] = 1; $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); } else { $_SESSION['mail']['message'] = hesk_makeURL($_SESSION['mail']['message']); $_SESSION['mail']['message'] = nl2br($_SESSION['mail']['message']); hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`from`,`to`,`subject`,`message`,`dt`,`read`) VALUES ('" . intval($_SESSION['id']) . "','" . intval($_SESSION['mail']['to']) . "','" . hesk_dbEscape($_SESSION['mail']['subject']) . "','" . hesk_dbEscape($_SESSION['mail']['message']) . "',NOW(),'0')"); /* Notify receiver via e-mail? */ if (isset($pm_recipient) && $pm_recipient['notify_pm']) { $pm_id = hesk_dbInsertID(); $pm = array('name' => hesk_msgToPlain(addslashes($_SESSION['name']), 1, 1), 'subject' => hesk_msgToPlain($_SESSION['mail']['subject'], 1, 1), 'message' => hesk_msgToPlain($_SESSION['mail']['message'], 1, 1), 'id' => $pm_id); /* Format email subject and message for recipient */ $subject = hesk_getEmailSubject('new_pm', $pm, 0); $message = hesk_getEmailMessage('new_pm', $pm, 1, 0); /* Send e-mail */ hesk_mail($pm_recipient['email'], $subject, $message); } unset($_SESSION['mail']); hesk_process_messages($hesklang['m_pms'], './mail.php', 'SUCCESS'); } }
function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority = -1) { global $hesk_settings, $hesklang, $hesk_db_link, $ticket; // Process "Reply-To:" or "From:" email $tmpvar['email'] = isset($results['reply-to'][0]['address']) ? hesk_validateEmail($results['reply-to'][0]['address'], 'ERR', 0) : hesk_validateEmail($results['from'][0]['address'], 'ERR', 0); // Email missing, invalid or banned? if (!$tmpvar['email'] || hesk_isBannedEmail($tmpvar['email'])) { return hesk_cleanExit(); } // Process "Reply-To:" or "From:" name, convert to UTF-8, set to "[Customer]" if not set if (isset($results['reply-to'][0]['name']) && strlen($results['reply-to'][0]['name'])) { $tmpvar['name'] = $results['reply-to'][0]['name']; if (!empty($results['reply-to'][0]['encoding'])) { $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['reply-to'][0]['encoding']); } } else { $tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde']; if (!empty($results['from'][0]['encoding'])) { $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']); } } $tmpvar['name'] = hesk_input($tmpvar['name'], '', '', 1, 50) or $tmpvar['name'] = $hesklang['pde']; // Process "To:" email (not yet implemented, for future use) // $tmpvar['to_email'] = hesk_validateEmail($results['to'][0]['address'],'ERR',0); // Process email subject, convert to UTF-8, set to "[Piped email]" if none set $tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem']; if (!empty($results['subject_encoding'])) { $tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']); } $tmpvar['subject'] = hesk_input($tmpvar['subject'], '', '', 1, 70) or $tmpvar['subject'] = $hesklang['pem']; // Process email message, convert to UTF-8 $tmpvar['message'] = isset($results['message']) ? $results['message'] : ''; if (!empty($results['encoding'])) { $tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']); } $tmpvar['message'] = hesk_input($tmpvar['message'], '', '', 1); // Message missing? if (strlen($tmpvar['message']) == 0) { // Message required? Ignore this email. if ($hesk_settings['eml_req_msg']) { return hesk_cleanExit(); } // Message not required? Assign a default message $tmpvar['message'] = $hesklang['def_msg']; // Track duplicate emails based on subject $message_hash = md5($tmpvar['subject']); } else { $message_hash = md5($tmpvar['message']); } // Strip quoted reply from email $tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']); // Convert URLs to links, change newlines to <br /> $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); # For debugging purposes # die( bin2hex($tmpvar['message']) ); # die($tmpvar['message']); // Try to detect "delivery failed" and "noreply" emails - ignore if detected if (hesk_isReturnedEmail($tmpvar)) { return hesk_cleanExit(); } // Check for email loops if (hesk_isEmailLoop($tmpvar['email'], $message_hash)) { return hesk_cleanExit(); } // OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket if (preg_match('/\\[#([A-Z0-9]{3}\\-[A-Z0-9]{3}\\-[A-Z0-9]{4})\\]/', str_replace(' ', '', $tmpvar['subject']), $matches)) { // We found a possible tracking ID $tmpvar['trackid'] = $matches[1]; // Does it match one in the database? $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($tmpvar['trackid']) . "' LIMIT 1"); if (hesk_dbNumRows($res)) { $ticket = hesk_dbFetchAssoc($res); // Do email addresses match? if (strpos(strtolower($ticket['email']), strtolower($tmpvar['email'])) === false) { $tmpvar['trackid'] = ''; } // Is this ticket locked? Force create a new one if it is if ($ticket['locked']) { $tmpvar['trackid'] = ''; } } else { $tmpvar['trackid'] = ''; } } // If tracking ID is empty, generate a new one if (empty($tmpvar['trackid'])) { $tmpvar['trackid'] = hesk_createID(); $is_reply = 0; } else { $is_reply = 1; } // Process attachments $tmpvar['attachmment_notices'] = ''; $tmpvar['attachments'] = ''; $num = 0; if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) { foreach ($results['attachments'] as $k => $v) { // Clean attachment names $myatt['real_name'] = hesk_cleanFileName($v['orig_name']); // Check number of attachments, delete any over max number if ($num >= $hesk_settings['attachments']['max_number']) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n"; continue; } // Check file extension $ext = strtolower(strrchr($myatt['real_name'], ".")); if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n"; continue; } // Check file size $myatt['size'] = $v['size']; if ($myatt['size'] > $hesk_settings['attachments']['max_size']) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n"; continue; } // Generate a random file name $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789'; $tmp = $useChars[mt_rand(0, 29)]; for ($j = 1; $j < 10; $j++) { $tmp .= $useChars[mt_rand(0, 29)]; } $myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext; // Rename the temporary file rename($v['stored_name'], HESK_PATH . $hesk_settings['attach_dir'] . '/' . $myatt['saved_name']); // Insert into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; $num++; } if (strlen($tmpvar['attachmment_notices'])) { $tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'], '', '', 1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'], '', '', 1)); } } // Delete the temporary files deleteAll($results['tempdir']); // If this is a reply add a new reply if ($is_reply) { // Set last replier name to customer name $ticket['lastreplier'] = $tmpvar['name'] == $hesklang['pde'] ? $tmpvar['email'] : $tmpvar['name']; // If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff" $ticket['status'] = $ticket['status'] ? 1 : 0; // Update ticket as necessary hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); // If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened) hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' "); // Insert reply into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($ticket['lastreplier']) . "','" . hesk_dbEscape($tmpvar['message']) . "',NOW(),'" . hesk_dbEscape($tmpvar['attachments']) . "')"); // --> Prepare reply message // 1. Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($tmpvar['message']), 'attachments' => $tmpvar['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); // --> Process custom fields before sending foreach ($hesk_settings['custom_fields'] as $k => $v) { $ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : ''; } // --> If ticket is assigned just notify the owner if ($ticket['owner']) { hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my'); } else { hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'"); } return $ticket['trackid']; } // END REPLY // Not a reply, but a new ticket. Add it to the database $tmpvar['category'] = $set_category; $tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority; $_SERVER['REMOTE_ADDR'] = $hesklang['unknown']; // Auto assign tickets if aplicable $tmpvar['owner'] = 0; $tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date()); $tmpvar['openedby'] = $pop3 ? -2 : -1; $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']); #print_r($autoassign_owner); if ($autoassign_owner) { $tmpvar['owner'] = $autoassign_owner['id']; $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')'); } // Custom fields will be empty as there is no reliable way of detecting them foreach ($hesk_settings['custom_fields'] as $k => $v) { $tmpvar[$k] = ''; } // Insert ticket to database $ticket = hesk_newTicket($tmpvar); // Notify the customer if ($hesk_settings['notify_new']) { $possible_SPAM = false; // Do we need to check subject for SPAM tags? if ($hesk_settings['notify_skip_spam']) { foreach ($hesk_settings['notify_spam_tags'] as $tag) { if (strpos($tmpvar['subject'], $tag) !== false) { $possible_SPAM = true; break; } } } // SPAM tags not found or not checked, send email if ($possible_SPAM === false) { hesk_notifyCustomer(); } } // Need to notify staff? // --> From autoassign? if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) { hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you'); } elseif (!$tmpvar['owner']) { hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' "); } return $ticket['trackid']; }
$tmpvar['articles'] = implode(',', array_unique(array_map('intval', $_POST['suggested']))); } // All good now, continue with ticket creation $tmpvar['owner'] = 0; $tmpvar['history'] = sprintf($hesklang['thist15'], hesk_date(), $tmpvar['name']); // Auto assign tickets if aplicable $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']); if ($autoassign_owner) { $tmpvar['owner'] = $autoassign_owner['id']; $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')'); } // Insert attachments if ($hesk_settings['attachments']['use'] && !empty($attachments)) { foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; } } // Insert ticket to database $ticket = hesk_newTicket($tmpvar); //insert to ERP ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// include 'oe_api.php'; $valid_services = array("SCA" => "project.issue"); //klasat e ERP me te cilat do te punojme $params = array(); $params['name'] = hesk_POST('subject'); $params['description'] = hesk_POST('message'); $params['email_from'] = hesk_POST('email'); $params['priority'] = hesk_POST('priority'); $params['categ_id'] = hesk_POST('category');
function new_article() { global $hesk_settings, $hesklang, $listBox; global $hesk_error_buffer; /* A security check */ # hesk_token_check('POST'); $_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1); $hesk_error_buffer = array(); $catid = intval(hesk_POST('catid', 1)); $type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1); $html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1); $now = hesk_date(); // Prevent submitting duplicate articles by reloading manage_knowledgebase.php page if (isset($_SESSION['article_submitted'])) { header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid); exit; } $_SESSION['KB_CATEGORY'] = $catid; $subject = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['kb_e_subj']; if ($html) { if (empty($_POST['content'])) { $hesk_error_buffer[] = $hesklang['kb_e_cont']; } $content = hesk_getHTML(hesk_POST('content')); } else { $content = hesk_input(hesk_POST('content')) or $hesk_error_buffer[] = $hesklang['kb_e_cont']; $content = nl2br($content); $content = hesk_makeURL($content); } $sticky = isset($_POST['sticky']) ? 1 : 0; $keywords = hesk_input(hesk_POST('keywords')); /* Article attachments */ define('KB', 1); require_once HESK_PATH . 'inc/posting_functions.inc.php'; require_once HESK_PATH . 'inc/attachments.inc.php'; $attachments = array(); for ($i = 1; $i <= 3; $i++) { $att = hesk_uploadFile($i); if (!empty($att)) { $attachments[$i] = $att; } } $myattachments = ''; /* Any errors? */ if (count($hesk_error_buffer)) { // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use']) { hesk_removeAttachments($attachments); } $_SESSION['new_article'] = array('type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input(hesk_POST('content')), 'keywords' => $keywords, 'sticky' => $sticky); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "<li>{$error}</li>\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'manage_knowledgebase.php'); } $revision = sprintf($hesklang['revision1'], $now, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); /* Add to database */ if (!empty($attachments)) { foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; } } /* Get the latest reply_order */ $res = hesk_dbQuery("SELECT `art_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1"); $row = hesk_dbFetchRow($res); $my_order = $row[0] + 10; /* Insert article into database */ hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES (\n '" . intval($catid) . "',\n NOW(),\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($subject) . "',\n '" . hesk_dbEscape($content) . "',\n '" . hesk_dbEscape($keywords) . "',\n '" . intval($type) . "',\n '" . intval($html) . "',\n '" . intval($sticky) . "',\n '" . intval($my_order) . "',\n '" . hesk_dbEscape($revision) . "',\n '" . hesk_dbEscape($myattachments) . "'\n )"); $_SESSION['artord'] = hesk_dbInsertID(); // Update category article count if ($type == 0) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=`articles`+1 WHERE `id`='" . intval($catid) . "'"); } else { if ($type == 1) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='" . intval($catid) . "'"); } else { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='" . intval($catid) . "'"); } } unset($_SESSION['hide']); $_SESSION['article_submitted'] = 1; hesk_process_messages($hesklang['your_kb_added'], 'NOREDIRECT', 'SUCCESS'); $_GET['catid'] = $catid; manage_category(); }
function hesk_iUpdateTables() { global $hesk_settings, $hesklang; $update_all_next = 0; // Updating version 0.90 to 0.91 if ($hesk_settings['update_from'] == '0.90') { hesk_dbQuery("ALTER TABLE `hesk_users` ADD `notify` CHAR( 1 ) DEFAULT '1' NOT NULL"); $update_all_next = 1; } // END version 0.90 to 0.91 // Updating versions 0.91 through 0.93.1 to 0.94 if ($update_all_next || $hesk_settings['update_from'] == '0.91-0.93.1') { hesk_dbQuery("CREATE TABLE `hesk_attachments` (\r\n\t\t `att_id` mediumint(8) unsigned NOT NULL auto_increment,\r\n\t\t `ticket_id` varchar(10) NOT NULL default '',\r\n\t\t `saved_name` varchar(255) NOT NULL default '',\r\n\t\t `real_name` varchar(255) NOT NULL default '',\r\n\t\t `size` int(10) unsigned NOT NULL default '0',\r\n\t\t PRIMARY KEY (`att_id`),\r\n\t\t KEY `ticket_id` (`ticket_id`)\r\n\t\t) ENGINE=MyISAM"); hesk_dbQuery("CREATE TABLE `hesk_std_replies` (\r\n\t\t`id` smallint(5) unsigned NOT NULL auto_increment,\r\n\t\t`title` varchar(70) NOT NULL default '',\r\n\t\t`message` text NOT NULL,\r\n\t\t`reply_order` smallint(5) unsigned NOT NULL default '0',\r\n\t\tPRIMARY KEY (`id`)\r\n\t\t) ENGINE=MyISAM"); hesk_dbQuery("ALTER TABLE `hesk_categories`\r\n\t\tCHANGE `name` `name` varchar(60) NOT NULL default '',\r\n\t\tADD `cat_order` smallint(5) unsigned NOT NULL default '0'"); hesk_dbQuery("ALTER TABLE `hesk_replies`\r\n\t\tCHANGE `name` `name` varchar(50) NOT NULL default '',\r\n\t\tADD `attachments` TEXT"); hesk_dbQuery("ALTER TABLE `hesk_tickets`\r\n\t\tCHANGE `name` `name` varchar(50) NOT NULL default '',\r\n\t\tCHANGE `category` `category` SMALLINT(5) UNSIGNED NOT NULL DEFAULT '1',\r\n\t\tCHANGE `priority` `priority` enum('1','2','3') NOT NULL default '3',\r\n\t\tCHANGE `subject` `subject` varchar(70) NOT NULL default '',\r\n\t\tADD `lastchange` datetime NOT NULL default '0000-00-00 00:00:00' AFTER `dt`,\r\n\t\tCHANGE `status` `status` enum('0','1','2','3') default '1',\r\n\t\tADD `lastreplier` enum('0','1') NOT NULL default '0',\r\n\t\tADD `archive` enum('0','1') NOT NULL default '0',\r\n\t\tADD `attachments` text,\r\n\t\tADD `custom1` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD `custom2` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD `custom3` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD `custom4` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD `custom5` VARCHAR( 255 ) NOT NULL default '',\r\n\t\tADD INDEX `archive` ( `archive` )"); // Change status of closed tickets to the new "Resolved" status hesk_dbQuery("UPDATE `hesk_tickets` SET `status`='3' WHERE `status`='0'"); // Populate lastchange hesk_dbQuery("UPDATE `hesk_tickets` SET `lastchange`=`dt`"); // Update categories with order values $res = hesk_dbQuery("SELECT `id` FROM `hesk_categories`"); $i = 10; while ($mycat = hesk_dbFetchAssoc($res)) { hesk_dbQuery("UPDATE `hesk_categories` SET `cat_order`={$i} WHERE `id`=" . intval($mycat['id']) . " LIMIT 1"); $i += 10; } $update_all_next = 1; } // END versions 0.91 through 0.93.1 to 0.94 // Updating version 0.94 to 0.94.1 if ($hesk_settings['update_from'] == '0.94') { hesk_dbQuery("CREATE TABLE `hesk_attachments` (\r\n\t\t `att_id` mediumint(8) unsigned NOT NULL auto_increment,\r\n\t\t `ticket_id` varchar(10) NOT NULL default '',\r\n\t\t `saved_name` varchar(255) NOT NULL default '',\r\n\t\t `real_name` varchar(255) NOT NULL default '',\r\n\t\t `size` int(10) unsigned NOT NULL default '0',\r\n\t\t PRIMARY KEY (`att_id`),\r\n\t\t KEY `ticket_id` (`ticket_id`)\r\n\t\t) ENGINE=MyISAM"); if ($hesk_settings['attachments']['use']) { /* Update attachments for tickets */ $res = hesk_dbQuery("SELECT * FROM `hesk_tickets` WHERE `attachments` != '' "); while ($ticket = hesk_dbFetchAssoc($res)) { $att = explode('#####', substr($ticket['attachments'], 0, -5)); $myattachments = ''; foreach ($att as $myatt) { $name = substr(strstr($myatt, $ticket['trackid']), 16); $saved_name = strstr($myatt, $ticket['trackid']); $size = filesize($hesk_settings['server_path'] . '/attachments/' . $saved_name); hesk_dbQuery("INSERT INTO `hesk_attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($ticket['trackid']) . "', '" . hesk_dbEscape($saved_name) . "', '" . hesk_dbEscape($name) . "', '" . intval($size) . "')"); $myattachments .= hesk_dbInsertID() . '#' . $name . ','; } hesk_dbQuery("UPDATE `hesk_tickets` SET `attachments` = '" . hesk_dbEscape($myattachments) . "' WHERE `id` = " . intval($ticket['id']) . " LIMIT 1"); } // Update attachments for replies $res = hesk_dbQuery("SELECT * FROM `hesk_replies` WHERE `attachments` != '' "); while ($ticket = hesk_dbFetchAssoc($res)) { $res2 = hesk_dbQuery("SELECT `trackid` FROM `hesk_tickets` WHERE `id` = '" . intval($ticket['replyto']) . "' LIMIT 1"); $trackingID = hesk_dbResult($res2, 0, 0); $att = explode('#####', substr($ticket['attachments'], 0, -5)); $myattachments = ''; foreach ($att as $myatt) { $name = substr(strstr($myatt, $trackingID), 16); $saved_name = strstr($myatt, $trackingID); $size = filesize($hesk_settings['server_path'] . '/attachments/' . $saved_name); hesk_dbQuery("INSERT INTO `hesk_attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($trackingID) . "', '" . hesk_dbEscape($saved_name) . "', '" . hesk_dbEscape($name) . "', '" . intval($size) . "')"); $myattachments .= hesk_dbInsertID() . '#' . $name . ','; } hesk_dbQuery("UPDATE `hesk_replies` SET `attachments` = '" . hesk_dbEscape($myattachments) . "' WHERE `id` = " . intval($ticket['id']) . " LIMIT 1"); } } // END if attachments use $update_all_next = 1; } // END version 0.94 to 0.94.1 // Updating version 0.94.1 to 2.0 if ($update_all_next || $hesk_settings['update_from'] == '0.94.1') { hesk_dbQuery("CREATE TABLE `hesk_kb_articles` (\r\n\t\t `id` smallint(5) unsigned NOT NULL auto_increment,\r\n\t\t `catid` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `dt` timestamp NOT NULL default CURRENT_TIMESTAMP,\r\n\t\t `author` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `subject` varchar(255) NOT NULL default '',\r\n\t\t `content` text NOT NULL,\r\n\t\t `rating` float NOT NULL default '0',\r\n\t\t `votes` mediumint(8) unsigned NOT NULL default '0',\r\n\t\t `views` mediumint(8) unsigned NOT NULL default '0',\r\n\t\t `type` enum('0','1','2') NOT NULL default '0',\r\n\t\t `html` enum('0','1') NOT NULL default '0',\r\n\t\t `art_order` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `history` text NOT NULL,\r\n\t\t PRIMARY KEY (`id`),\r\n\t\t KEY `catid` (`catid`),\r\n\t\t KEY `type` (`type`),\r\n\t\t FULLTEXT KEY `subject` (`subject`,`content`)\r\n\t\t) ENGINE=MyISAM"); hesk_dbQuery("CREATE TABLE `hesk_kb_categories` (\r\n\t\t `id` smallint(5) unsigned NOT NULL auto_increment,\r\n\t\t `name` varchar(255) NOT NULL default '',\r\n\t\t `parent` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `articles` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `cat_order` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `type` enum('0','1') NOT NULL default '0',\r\n\t\t PRIMARY KEY (`id`),\r\n\t\t KEY `type` (`type`)\r\n\t\t) ENGINE=MyISAM"); hesk_dbQuery("INSERT INTO `hesk_kb_categories` VALUES (1, 'Knowledgebase', 0, 0, 10, '0')"); hesk_dbQuery("CREATE TABLE `hesk_notes` (\r\n\t\t `id` mediumint(8) unsigned NOT NULL auto_increment,\r\n\t\t `ticket` mediumint(8) unsigned NOT NULL default '0',\r\n\t\t `who` smallint(5) unsigned NOT NULL default '0',\r\n\t\t `dt` datetime NOT NULL default '0000-00-00 00:00:00',\r\n\t\t `message` text NOT NULL,\r\n\t\t PRIMARY KEY (`id`),\r\n\t\t KEY `ticketid` (`ticket`)\r\n\t\t) ENGINE=MyISAM"); $sql = array(); $sql[] = "ALTER TABLE `hesk_replies` ADD `staffid` SMALLINT UNSIGNED NOT NULL DEFAULT '0'"; $sql[] = "ALTER TABLE `hesk_replies` ADD `rating` ENUM( '1', '5' ) default NULL"; $sql[] = "ALTER TABLE `hesk_tickets` ADD INDEX `categories` ( `category` )"; $sql[] = "ALTER TABLE `hesk_tickets` ADD INDEX `statuses` ( `status` ) "; $sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom1` `custom1` text NOT NULL"; $sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom2` `custom2` text NOT NULL"; $sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom3` `custom3` text NOT NULL"; $sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom4` `custom4` text NOT NULL"; $sql[] = "ALTER TABLE `hesk_tickets` CHANGE `custom5` `custom5` text NOT NULL"; $sql[] = "ALTER TABLE `hesk_tickets` ADD `custom6` text NOT NULL"; $sql[] = "ALTER TABLE `hesk_tickets` ADD `custom7` text NOT NULL"; $sql[] = "ALTER TABLE `hesk_tickets` ADD `custom8` text NOT NULL"; $sql[] = "ALTER TABLE `hesk_tickets` ADD `custom9` text NOT NULL"; $sql[] = "ALTER TABLE `hesk_tickets` ADD `custom10` text NOT NULL"; $sql[] = "ALTER TABLE `hesk_users` CHANGE `pass` `pass` CHAR( 40 ) NOT NULL"; $sql[] = "ALTER TABLE `hesk_users` CHANGE `isadmin` `isadmin` ENUM( '0', '1' ) NOT NULL DEFAULT '0'"; $sql[] = "ALTER TABLE `hesk_users` CHANGE `notify` `notify` ENUM( '0', '1' ) NOT NULL DEFAULT '1'"; $sql[] = "ALTER TABLE `hesk_users` ADD `heskprivileges` VARCHAR( 255 ) NOT NULL"; $sql[] = "ALTER TABLE `hesk_users` ADD `ratingneg` mediumint(8) unsigned NOT NULL default '0'"; $sql[] = "ALTER TABLE `hesk_users` ADD `ratingpos` mediumint(8) unsigned NOT NULL default '0'"; $sql[] = "ALTER TABLE `hesk_users` ADD `rating` float NOT NULL default '0'"; $sql[] = "ALTER TABLE `hesk_users` ADD `replies` mediumint(8) unsigned NOT NULL default '0'"; $sql[] = "ALTER TABLE `hesk_std_replies` CHANGE `title` `title` VARCHAR( 100 ) NOT NULL"; foreach ($sql as $s) { hesk_dbQuery($s); } // Update passwords to the new type and hesk privileges for non-admins */ $res = hesk_dbQuery('SELECT `id`,`pass`,`isadmin` FROM `hesk_users` ORDER BY `id` ASC'); $sql = array(); while ($row = hesk_dbFetchAssoc($res)) { $new_pass = hesk_Pass2Hash($row['pass']); $s = "UPDATE `hesk_users` SET `pass`='" . hesk_dbEscape($new_pass) . "' "; if ($row['isadmin'] == 0) { $s .= ", `heskprivileges`='can_view_tickets,can_reply_tickets,can_change_cat,' "; } $s .= "WHERE `id`=" . intval($row['id']); $sql[] = $s; } foreach ($sql as $s) { hesk_dbQuery($s); } $update_all_next = 1; } // END version 0.94.1 to 2.0 // Updating version 2.0 to 2.1 if ($update_all_next || $hesk_settings['update_from'] == '2.0') { hesk_dbQuery("CREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (\r\n\t\t `att_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,\r\n\t\t `saved_name` varchar(255) NOT NULL DEFAULT '',\r\n\t\t `real_name` varchar(255) NOT NULL DEFAULT '',\r\n\t\t `size` int(10) unsigned NOT NULL DEFAULT '0',\r\n\t\t PRIMARY KEY (`att_id`)\r\n\t\t) ENGINE=MyISAM"); $sql = array(); $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` ADD `attachments` TEXT NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom11` text NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom12` text NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom13` text NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom14` text NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom15` text NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom16` text NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom17` text NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom18` text NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom19` text NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `custom20` text NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `afterreply` ENUM( '0', '1', '2' ) NOT NULL DEFAULT '0' AFTER `categories`"; foreach ($sql as $s) { hesk_dbQuery($s); } $update_all_next = 1; } // END version 2.0 to 2.1 // Updating version 2.1 to 2.2 if ($update_all_next || $hesk_settings['update_from'] == '2.1') { hesk_dbQuery("\r\n\t\tCREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (\r\n\t\t `id` int(10) unsigned NOT NULL AUTO_INCREMENT,\r\n\t\t `from` smallint(5) unsigned NOT NULL,\r\n\t\t `to` smallint(5) unsigned NOT NULL,\r\n\t\t `subject` varchar(255) NOT NULL,\r\n\t\t `message` text NOT NULL,\r\n\t\t `dt` datetime NOT NULL,\r\n\t\t `read` enum('0','1') NOT NULL DEFAULT '0',\r\n\t\t `deletedby` smallint(5) unsigned NOT NULL DEFAULT '0',\r\n\t\t PRIMARY KEY (`id`),\r\n\t\t KEY `recipients` (`from`,`to`)\r\n\t\t) ENGINE=MyISAM\r\n\t\t"); $sql = array(); $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `replierid` SMALLINT UNSIGNED NULL AFTER `lastreplier`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `owner` SMALLINT UNSIGNED NOT NULL DEFAULT '0' AFTER `status`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `locked` ENUM( '0', '1' ) NOT NULL DEFAULT '0' AFTER `archive`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `history` TEXT NOT NULL AFTER `attachments`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` CHANGE `notify` `notify_new_unassigned` ENUM( '0', '1' ) NOT NULL DEFAULT '1'"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_new_my` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_new_unassigned`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_reply_unassigned` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_new_my`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_reply_my` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_reply_unassigned`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_assigned` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_reply_my`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_pm` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_assigned`"; $sql[] = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `categories` = TRIM(TRAILING ',' FROM `categories`)"; $sql[] = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges` = TRIM(TRAILING ',' FROM `heskprivileges`)"; foreach ($sql as $s) { hesk_dbQuery($s); } // Update privileges - anyone can assign ticket to himself/herself by default hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges`=CONCAT(`heskprivileges`,',can_assign_self') WHERE `isadmin`!='1' "); $update_all_next = 1; } // END version 2.1 to 2.2 // Updating version 2.2 to 2.3 if ($update_all_next || $hesk_settings['update_from'] == '2.2') { // Logins table hesk_dbQuery("\r\n\t\tCREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` (\r\n\t\t `ip` varchar(46) NOT NULL,\r\n\t\t `number` tinyint(3) unsigned NOT NULL DEFAULT '1',\r\n\t\t `last_attempt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\r\n\t\t UNIQUE KEY `ip` (`ip`)\r\n\t\t) ENGINE=MyISAM\r\n\t\t"); // Online table hesk_dbQuery("\r\n\t\tCREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "online` (\r\n\t\t `user_id` smallint(5) unsigned NOT NULL,\r\n\t\t `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\r\n\t\t `tmp` int(11) unsigned NOT NULL DEFAULT '0',\r\n\t\t UNIQUE KEY `user_id` (`user_id`),\r\n\t\t KEY `dt` (`dt`)\r\n\t\t) ENGINE=MyISAM\r\n\t\t"); $sql = array(); $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `trackid` `trackid` VARCHAR( 13 ) NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `priority` `priority` ENUM( '0', '1', '2', '3' ) NOT NULL DEFAULT '3'"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `status` `status` ENUM('0','1','2','3','4','5') NOT NULL DEFAULT '0'"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `ip` `ip` VARCHAR( 46 ) NOT NULL DEFAULT ''"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `lastchange` `lastchange` TIMESTAMP on update CURRENT_TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP "; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `email` `email` VARCHAR(255) NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD INDEX (`owner`) "; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` CHANGE `heskprivileges` `heskprivileges` TEXT NOT NULL"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `autoassign` ENUM('0','1') NOT NULL DEFAULT '1' AFTER `notify_pm`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `default_list` VARCHAR( 255) NOT NULL DEFAULT '' AFTER `notify_pm`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD INDEX (`autoassign`) "; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` CHANGE `ticket_id` `ticket_id` VARCHAR(13) NOT NULL DEFAULT ''"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` CHANGE `replyto` `replyto` MEDIUMINT(8) UNSIGNED NOT NULL DEFAULT '0'"; foreach ($sql as $s) { hesk_dbQuery($s); } // Update staff with new permissions (allowed by default) $res = hesk_dbQuery("SELECT `id`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `isadmin` != '1' "); while ($row = hesk_dbFetchAssoc($res)) { // Not admin, is user allowed to view tickets? if (strpos($row['heskprivileges'], 'can_view_tickets') !== false) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges`=CONCAT(`heskprivileges`,',can_view_unassigned,can_view_online') WHERE `id`=" . intval($row['id']) . " LIMIT 1"); } else { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges`=CONCAT(`heskprivileges`,',can_view_online') WHERE `id`=" . intval($row['id']) . " LIMIT 1"); } } $update_all_next = 1; } // END version 2.2 to 2.3 // Updating version 2.3 to 2.4 if ($update_all_next || $hesk_settings['update_from'] == '2.3') { // Email loops table hesk_dbQuery("\r\n\t\tCREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` (\r\n\t\t `email` varchar(255) CHARACTER SET latin1 NOT NULL,\r\n\t\t `hits` smallint(1) unsigned NOT NULL DEFAULT '0',\r\n\t\t `message_hash` char(32) NOT NULL,\r\n\t\t `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\r\n\t\t KEY `email` (`email`,`hits`)\r\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci\r\n\t\t"); $sql = array(); $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "online` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `language` VARCHAR(50) NULL DEFAULT NULL AFTER `ip`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `merged` MEDIUMTEXT NOT NULL AFTER `attachments`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ADD `time_worked` TIME NOT NULL DEFAULT '00:00:00' AFTER `owner`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` CHANGE `status` `status` ENUM( '0', '1', '2', '3', '4', '5' ) NOT NULL DEFAULT '0'"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `language` VARCHAR(50) NULL DEFAULT NULL AFTER `signature`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `notify_note` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `notify_pm`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ADD `autostart` ENUM( '0', '1' ) NOT NULL DEFAULT '1' AFTER `afterreply`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ADD `autoassign` ENUM( '0', '1' ) NOT NULL DEFAULT '1', ADD `type` ENUM( '0', '1' ) NOT NULL DEFAULT '0', ADD INDEX ( `type` )"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` ADD `keywords` MEDIUMTEXT NOT NULL AFTER `content`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` ADD `sticky` ENUM( '0', '1' ) NOT NULL DEFAULT '0' AFTER `html` , ADD INDEX ( `sticky` )"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` DROP INDEX `subject` , ADD FULLTEXT `subject` (`subject` , `content` , `keywords`)"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` ADD `read` ENUM( '0', '1' ) NOT NULL DEFAULT '1'"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` CHANGE `read` `read` ENUM( '0', '1' ) NOT NULL DEFAULT '0'"; foreach ($sql as $s) { hesk_dbQuery($s); } // Update staff with new permissions (allowed by default) $res = hesk_dbQuery("SELECT `id`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `isadmin` != '1' "); while ($row = hesk_dbFetchAssoc($res)) { // Not admin, is user allowed to view tickets? if (strpos($row['heskprivileges'], 'can_edit_tickets') !== false) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges`=CONCAT(`heskprivileges`,',can_merge_tickets') WHERE `id`=" . intval($row['id']) . " LIMIT 1"); } } $update_all_next = 1; } // END version 2.3 to 2.4 // Upgrade version 2.4.x to 2.5.0 if ($update_all_next || $hesk_settings['update_from'] == '2.4') { $sql = array(); // Make sure the 2.4 to 2.4.1 change is made $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` CHANGE `hits` `hits` SMALLINT( 1 ) UNSIGNED NOT NULL DEFAULT '0' "; // 2.4.2 to 2.5.0 specific changes $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` CHANGE `articles` `articles` SMALLINT( 5 ) UNSIGNED NOT NULL DEFAULT '0'"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` ADD `articles_private` SMALLINT UNSIGNED NOT NULL DEFAULT '0' AFTER `articles` , ADD `articles_draft` SMALLINT UNSIGNED NOT NULL DEFAULT '0' AFTER `articles_private`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` ADD INDEX ( `parent` )"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` DROP INDEX `recipients`"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` ADD INDEX ( `to`, `read`, `deletedby` )"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` ADD INDEX ( `from` )"; $sql[] = "ALTER TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` CHANGE `rating` `rating` ENUM( '0', '1', '5' ) DEFAULT '0' "; $sql[] = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `rating` = '0' WHERE `rating` IS NULL OR `rating` = '' "; foreach ($sql as $s) { hesk_dbQuery($s); } // Update knowledgebase category article counts to reflect new fields $update_these = array(); // Get a count of all articles grouped by category and type $res = hesk_dbQuery('SELECT `catid`, `type`, COUNT(*) AS `num` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'kb_articles` GROUP BY `catid`, `type`'); while ($row = hesk_dbFetchAssoc($res)) { switch ($row['type']) { case 0: $update_these[$row['catid']]['articles'] = $row['num']; break; case 1: $update_these[$row['catid']]['articles_private'] = $row['num']; break; default: $update_these[$row['catid']]['articles_draft'] = $row['num']; } } // Set all article counts to 0 hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=0, `articles_private`=0, `articles_draft`=0"); // Now update categories that have articles with correct values foreach ($update_these as $catid => $value) { $value['articles'] = isset($value['articles']) ? $value['articles'] : 0; $value['articles_private'] = isset($value['articles_private']) ? $value['articles_private'] : 0; $value['articles_draft'] = isset($value['articles_draft']) ? $value['articles_draft'] : 0; hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`={$value['articles']}, `articles_private`={$value['articles_private']}, `articles_draft`={$value['articles_draft']} WHERE `id`='{$catid}' LIMIT 1"); // Force order articles $res = hesk_dbQuery("SELECT `id`, `sticky` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='{$catid}' ORDER BY `sticky` DESC, `art_order` ASC"); $i = 10; $previous_sticky = 1; while ($article = hesk_dbFetchAssoc($res)) { if ($previous_sticky != $article['sticky']) { $i = 10; $previous_sticky = $article['sticky']; } hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `art_order`=" . intval($i) . " WHERE `id`='" . intval($article['id']) . "' LIMIT 1"); $i += 10; } } // Force order categories $res = hesk_dbQuery('SELECT `id`, `parent` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'kb_categories` ORDER BY `parent` ASC, `cat_order` ASC'); $i = 10; while ($category = hesk_dbFetchAssoc($res)) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($category['id']) . "' LIMIT 1"); $i += 10; } $update_all_next = 1; } // END version 2.4.0 to 2.5.0 // 2.5.1 no changes // 2.5.2 no changes // Insert the "HESK updated to latest version" mail for the administrator if (file_exists(HESK_PATH . 'hesk_license.php')) { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`id`, `from`, `to`, `subject`, `message`, `dt`, `read`, `deletedby`) VALUES (NULL, 9999, 1, 'HESK updated to latest version', '<div style=\"text-align:justify;padding:3px\">\r\n\r\n<p><i>Congratulations, your HESK has been updated to the latest version!</i><br /> </p>\r\n\r\n<p style=\"color:green;font-weight:bold\">» Enjoy using HESK? Please let others know!</p>\r\n\r\n<p>You are invited to rate HESK or even write a short review here:<br /> <br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://www.hotscripts.com/Detailed/46973.html\" target=\"_blank\">Rate this script @ Hot Scripts</a><br /> <br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://php.resourceindex.com/detail/04946.html\" target=\"_blank\">Rate this script @ The PHP Resource Index</a><br /> </p>\r\n\r\n<p>Thank you,<br /> <br />Klemen,<br />\r\n<a href=\"http://www.hesk.com/\" target=\"_blank\">www.hesk.com</a>\r\n\r\n<p> </p>', NOW(), '0', 9999)"); } else { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`id`, `from`, `to`, `subject`, `message`, `dt`, `read`, `deletedby`) VALUES (NULL, 9999, 1, 'HESK updated to latest version', '<div style=\"text-align:justify;padding:3px\">\r\n\r\n<p><i>Congratulations, your HESK has been updated to the latest version!</i><br /> </p>\r\n\r\n<p style=\"color:green;font-weight:bold\">» Enjoy using HESK? Please let others know!</p>\r\n\r\n<p>You are invited to rate HESK or even write a short review here:<br /> <br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://www.hotscripts.com/Detailed/46973.html\" target=\"_blank\">Rate this script @ Hot Scripts</a><br /> <br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://php.resourceindex.com/detail/04946.html\" target=\"_blank\">Rate this script @ The PHP Resource Index</a><br /> </p>\r\n\r\n<p style=\"color:green;font-weight:bold\">» Support HESK development, buy a license.</p>\r\n\r\n<p>A lot of time and effort went into developing HESK. Support me by purchasing a license that removes "Powered by" credits from your help desk!<br /> <br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"https://www.hesk.com/buy.php\" target=\"_blank\">Buy a HESK license</a><br /> </p>\r\n\r\n<p>Thank you,<br /> <br />Klemen,<br />\r\n<a href=\"http://www.hesk.com/\" target=\"_blank\">www.hesk.com</a>\r\n\r\n<p> </p>', NOW(), '0', 9999)"); } return true; }
function new_user() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $myuser = hesk_validateUserInfo(); /* Can view unassigned tickets? */ if (in_array('can_view_unassigned', $myuser['features'])) { $sql_where = ''; $sql_what = ''; } else { $sql_where = ' , `notify_new_unassigned`, `notify_reply_unassigned` '; $sql_what = " , '0', '0' "; } /* Categories and Features will be stored as a string */ $myuser['categories'] = implode(',', $myuser['categories']); $myuser['features'] = implode(',', $myuser['features']); /* Check for duplicate usernames */ $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 0) { hesk_process_messages($hesklang['duplicate_user'], 'manage_users.php'); } /* Admins will have access to all features and categories */ if ($myuser['isadmin']) { $myuser['categories'] = ''; $myuser['features'] = ''; } hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` (`user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`,`autoassign`,`heskprivileges` {$sql_where}) VALUES (\r\n\t'" . hesk_dbEscape($myuser['user']) . "',\r\n\t'" . hesk_dbEscape($myuser['pass']) . "',\r\n\t'" . intval($myuser['isadmin']) . "',\r\n\t'" . hesk_dbEscape($myuser['name']) . "',\r\n\t'" . hesk_dbEscape($myuser['email']) . "',\r\n\t'" . hesk_dbEscape($myuser['signature']) . "',\r\n\t'" . hesk_dbEscape($myuser['categories']) . "',\r\n\t'" . intval($myuser['autoassign']) . "',\r\n\t'" . hesk_dbEscape($myuser['features']) . "'\r\n\t{$sql_what} )"); $_SESSION['seluser'] = hesk_dbInsertID(); unset($_SESSION['userdata']); hesk_process_messages(sprintf($hesklang['user_added_success'], $myuser['user'], $myuser['cleanpass']), './manage_users.php', 'SUCCESS'); }
if (isset($_POST['resolved_time'])) { $value_resolved_time = hesk_input(hesk_POST('resolved_time')); } else { $value_resolved_time = ''; } if (!empty($value_contract_name) && !empty($value_company_id) && !empty($value_project_id) && !empty($value_starting_date) && !empty($value_ending_date) && !empty($value_sla) && !empty($value_priority) && !empty($value_reply_time) && !empty($value_resolved_time)) { if (isset($_POST['action']) && $_POST['action'] == 'save') { if (date("Y-m-d") >= hesk_dbEscape($value_starting_date) && date("Y-m-d") <= hesk_dbEscape($value_ending_date)) { $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contracts` (\n\t\t\t`id`,\n\t\t\t`contract_name`,\n\t\t\t`company_id`,\n\t\t\t`project_id`,\n\t\t\t`starting_date`,\n\t\t\t`ending_date`,\n\t\t\t`created_by`,\n\t\t\t`sla`,\n\t\t\t`priority`,\n\t\t\t`reply_time`,\n\t\t\t`resolved_time`,\n\t\t\t`active`\n\t\t\t) VALUES (\n\t\t\t'" . hesk_dbEscape($value_id) . "',\n\t\t\t'" . hesk_dbEscape($value_contract_name) . "',\n\t\t\t'" . hesk_dbEscape($value_company_id) . "',\n\t\t\t'" . hesk_dbEscape($value_project_id) . "',\n\t\t\t'" . hesk_dbEscape($value_starting_date) . "',\n\t\t\t'" . hesk_dbEscape($value_ending_date) . "',\n\t\t\t'" . hesk_dbEscape($_SESSION['id']) . "',\n\t\t\t'" . hesk_dbEscape($value_sla) . "',\n\t\t\t'" . hesk_dbEscape($value_priority) . "',\n\t\t\t'" . hesk_dbEscape($value_reply_time) . "',\n\t\t\t'" . hesk_dbEscape($value_resolved_time) . "',\n\t\t\t'" . hesk_dbEscape(1) . "'\n\t\t\t)"); $id = hesk_dbInsertID(); foreach ($_POST['staff_id'] as $staff) { $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "userforcontract` (\n\t\t\t\t\t`userId`, `contractId`) VALUES('" . hesk_dbEscape($staff) . "', '" . $id . "')"); } } else { $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contracts` (\n\t\t\t`id`,\n\t\t\t`contract_name`,\n\t\t\t`company_id`,\n\t\t\t`project_id`,\n\t\t\t`starting_date`,\n\t\t\t`ending_date`,\n\t\t\t`created_by`,\n\t\t\t`sla`,\n\t\t\t`priority`,\n\t\t\t`reply_time`,\n\t\t\t`resolved_time`,\n\t\t\t`active`\n\t\t\t) VALUES (\n\t\t\t'" . hesk_dbEscape($value_id) . "',\n\t\t\t'" . hesk_dbEscape($value_contract_name) . "',\n\t\t\t'" . hesk_dbEscape($value_company_id) . "',\n\t\t\t'" . hesk_dbEscape($value_project_id) . "',\n\t\t\t'" . hesk_dbEscape($value_starting_date) . "',\n\t\t\t'" . hesk_dbEscape($value_ending_date) . "',\n\t\t\t'" . hesk_dbEscape($_SESSION['id']) . "',\n\t\t\t'" . hesk_dbEscape($value_sla) . "',\n\t\t\t'" . hesk_dbEscape($value_priority) . "',\n\t\t\t'" . hesk_dbEscape($value_reply_time) . "',\n\t\t\t'" . hesk_dbEscape($value_resolved_time) . "',\n\t\t\t'" . hesk_dbEscape(0) . "'\n\t\t\t)"); $id = hesk_dbInsertID(); foreach ($_POST['staff_id'] as $staff) { $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "userforcontract` (\n\t\t\t\t\t`userId`, `contractId`) VALUES('" . hesk_dbEscape($staff) . "', '" . $id . "')"); } } } } /* Print header */ require_once HESK_PATH . 'inc/header.inc.php'; /* Print admin navigation */ require_once HESK_PATH . 'inc/show_admin_nav.inc.php'; ?> <div class="container manage-contract-title"><?php echo $hesklang['manage_contracts']; ?>
function ban_email() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get the email $email = strtolower(hesk_input(hesk_REQUEST('email'))); // Nothing entered? if (!strlen($email)) { hesk_process_messages($hesklang['enterbanemail'], 'banned_emails.php'); } // Only allow one email to be entered $email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email; $email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email; // Validate email address $hesk_settings['multi_eml'] = 0; if (!hesk_validateEmail($email, '', 0) && !verify_email_domain($email)) { hesk_process_messages($hesklang['validbanemail'], 'banned_emails.php'); } // Redirect either to banned emails or ticket page from now on $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php'; // Prevent duplicate rows if ($_SESSION['ban_email']['id'] = hesk_isBannedEmail($email)) { hesk_process_messages(sprintf($hesklang['emailbanexists'], $email), $redirect_to, 'NOTICE'); } // Insert the email address into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` (`email`,`banned_by`) VALUES ('" . hesk_dbEscape($email) . "','" . intval($_SESSION['id']) . "')"); // Remember email that got banned $_SESSION['ban_email']['id'] = hesk_dbInsertID(); // Show success hesk_process_messages(sprintf($hesklang['email_banned'], $email), $redirect_to, 'SUCCESS'); }
function new_user() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $myuser = hesk_validateUserInfo(); /* Categories and Features will be stored as a string */ $myuser['categories'] = implode(',', $myuser['categories']); $myuser['features'] = implode(',', $myuser['features']); /* Check for duplicate usernames */ $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 0) { hesk_process_messages($hesklang['duplicate_user'], 'manage_users.php'); } /* Admins will have access to all features and categories */ if ($myuser['isadmin']) { $myuser['categories'] = ''; $myuser['features'] = ''; } hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` (\r\n\t`user`,\r\n\t`pass`,\r\n\t`isadmin`,\r\n\t`name`,\r\n\t`email`,\r\n\t`signature`,\r\n\t`categories`,\r\n\t`autoassign`,\r\n\t`heskprivileges`,\r\n\t`afterreply`,\r\n\t`autostart`,\r\n\t`notify_customer_new`,\r\n\t`notify_customer_reply`,\r\n\t`show_suggested`,\r\n\t`notify_new_unassigned`,\r\n\t`notify_new_my`,\r\n\t`notify_reply_unassigned`,\r\n\t`notify_reply_my`,\r\n\t`notify_assigned`,\r\n\t`notify_pm`,\r\n\t`notify_note`\r\n\t) VALUES (\r\n\t'" . hesk_dbEscape($myuser['user']) . "',\r\n\t'" . hesk_dbEscape($myuser['pass']) . "',\r\n\t'" . intval($myuser['isadmin']) . "',\r\n\t'" . hesk_dbEscape($myuser['name']) . "',\r\n\t'" . hesk_dbEscape($myuser['email']) . "',\r\n\t'" . hesk_dbEscape($myuser['signature']) . "',\r\n\t'" . hesk_dbEscape($myuser['categories']) . "',\r\n\t'" . intval($myuser['autoassign']) . "',\r\n\t'" . hesk_dbEscape($myuser['features']) . "',\r\n\t'" . $myuser['afterreply'] . "' ,\r\n\t'" . $myuser['autostart'] . "' ,\r\n\t'" . $myuser['notify_customer_new'] . "' ,\r\n\t'" . $myuser['notify_customer_reply'] . "' ,\r\n\t'" . $myuser['show_suggested'] . "' ,\r\n\t'" . $myuser['notify_new_unassigned'] . "' ,\r\n\t'" . $myuser['notify_new_my'] . "' ,\r\n\t'" . $myuser['notify_reply_unassigned'] . "' ,\r\n\t'" . $myuser['notify_reply_my'] . "' ,\r\n\t'" . $myuser['notify_assigned'] . "' ,\r\n\t'" . $myuser['notify_pm'] . "',\r\n\t'" . $myuser['notify_note'] . "'\r\n\t)"); $_SESSION['seluser'] = hesk_dbInsertID(); unset($_SESSION['userdata']); hesk_process_messages(sprintf($hesklang['user_added_success'], $myuser['user'], $myuser['cleanpass']), './manage_users.php', 'SUCCESS'); }
function new_user() { global $hesk_settings, $hesklang; global $hesk_db_link; /* A security check */ hesk_token_check('POST'); $myuser = hesk_validateUserInfo(0, $_SERVER['HTTP_REFERER']); /* Categories and Features will be stored as a string */ $myuser['categories'] = implode(',', $myuser['categories']); $myuser['features'] = implode(',', $myuser['features']); /* user active */ $user_active = hesk_input(hesk_POST('prof_active')); if (empty($user_active)) { $user_active = "0"; } /* Check for duplicate usernames */ if ($myuser['isclient'] == "1") { $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "clients` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 0) { hesk_process_messages($hesklang['duplicate_user'], 'manage_users.php'); } } else { $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 0) { hesk_process_messages($hesklang['duplicate_user'], 'manage_users.php'); } } /* Admins will have access to all features and categories */ if ($myuser['isadmin']) { $myuser['categories'] = ''; $myuser['features'] = ''; } // Check if user is client if (hesk_dbEscape($myuser['isclient']) == "1") { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "clients` (\n\t\t`user`,\n\t\t`pass`,\n\t\t`isclient`,\n\t\t`name`,\n\t\t`email`,\n\t\t`address`,\n\t\t`phonenumber`,\n\t\t`poz_detyres`,\n\t\t`company_id`,\n\t\t`active`,\n\t\t`signature`\n\t\t) VALUES (\n\t\t'" . hesk_dbEscape($myuser['user']) . "',\n\t\t'" . hesk_dbEscape($myuser['pass']) . "',\n\t\t'" . intval($myuser['isclient']) . "',\n\t\t'" . hesk_dbEscape($myuser['name']) . "',\n\t\t'" . hesk_dbEscape($myuser['email']) . "',\n\t\t'" . hesk_dbEscape($myuser['address']) . "',\n\t\t'" . hesk_dbEscape($myuser['phonenumber']) . "',\n\t\t'" . hesk_dbEscape($myuser['poz_detyres']) . "',\n\t\t'" . hesk_dbEscape($myuser['company_id']) . "',\n\t\t'" . hesk_dbEscape($user_active) . "',\n\t\t'" . hesk_dbEscape($myuser['signature']) . "'\n\t\t)"); $id = hesk_dbInsertID(); foreach ($_POST['contract_id'] as $contract) { $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contractforclient` (\n\t\t\t\t\t`contract_Id`, `client_Id`) VALUES('" . hesk_dbEscape($contract) . "', '" . $id . "')"); } } else { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` (\n\t\t`user`,\n\t\t`pass`,\n\t\t`isadmin`,\n\t\t`name`,\n\t\t`email`,\n\t\t`address`,\n\t\t`phonenumber`,\n\t\t`poz_detyres`,\n\t\t`active`,\n\t\t`signature`,\n\t\t`categories`,\n\t\t`autoassign`,\n\t\t`heskprivileges`,\n\t\t`afterreply`,\n\t\t`autostart`,\n\t\t`notify_customer_new`,\n\t\t`notify_customer_reply`,\n\t\t`show_suggested`,\n\t\t`notify_new_unassigned`,\n\t\t`notify_new_my`,\n\t\t`notify_reply_unassigned`,\n\t\t`notify_reply_my`,\n\t\t`notify_assigned`,\n\t\t`notify_pm`,\n\t\t`notify_note`\n\t\t) VALUES (\n\t\t'" . hesk_dbEscape($myuser['user']) . "',\n\t\t'" . hesk_dbEscape($myuser['pass']) . "',\n\t\t'" . intval($myuser['isadmin']) . "',\n\t\t'" . hesk_dbEscape($myuser['name']) . "',\n\t\t'" . hesk_dbEscape($myuser['email']) . "',\n\t\t'" . hesk_dbEscape($myuser['address']) . "',\n\t\t'" . hesk_dbEscape($myuser['phonenumber']) . "',\n\t\t'" . hesk_dbEscape($myuser['poz_detyres']) . "',\n\t\t'" . hesk_dbEscape($user_active) . "',\n\t\t'" . hesk_dbEscape($myuser['signature']) . "',\n\t\t'" . hesk_dbEscape($myuser['categories']) . "',\n\t\t'" . intval($myuser['autoassign']) . "',\n\t\t'" . hesk_dbEscape($myuser['features']) . "',\n\t\t'" . $myuser['afterreply'] . "' ,\n\t\t'" . $myuser['autostart'] . "' ,\n\t\t'" . $myuser['notify_customer_new'] . "' ,\n\t\t'" . $myuser['notify_customer_reply'] . "' ,\n\t\t'" . $myuser['show_suggested'] . "' ,\n\t\t'" . $myuser['notify_new_unassigned'] . "' ,\n\t\t'" . $myuser['notify_new_my'] . "' ,\n\t\t'" . $myuser['notify_reply_unassigned'] . "' ,\n\t\t'" . $myuser['notify_reply_my'] . "' ,\n\t\t'" . $myuser['notify_assigned'] . "' ,\n\t\t'" . $myuser['notify_pm'] . "',\n\t\t'" . $myuser['notify_note'] . "'\n\t\t)"); $_SESSION['seluser'] = hesk_dbInsertID(); } unset($_SESSION['userdata']); hesk_process_messages(sprintf($hesklang['user_added_success'], $myuser['user'], $myuser['cleanpass']), './manage_users.php', 'SUCCESS'); }
function ban_ip() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get the ip $ip = preg_replace('/[^0-9\\.\\-\\/\\*]/', '', hesk_REQUEST('ip')); $ip_display = str_replace('-', ' - ', $ip); // Nothing entered? if (!strlen($ip)) { hesk_process_messages($hesklang['enterbanip'], 'banned_ips.php'); } // Convert asterisk to ranges if (strpos($ip, '*') !== false) { $ip = str_replace('*', '0', $ip) . '-' . str_replace('*', '255', $ip); } $ip_regex = '(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])'; // Is this a single IP address? if (preg_match('/^' . $ip_regex . '$/', $ip)) { $ip_from = ip2long($ip); $ip_to = $ip_from; } elseif (preg_match('/^' . $ip_regex . '\\-' . $ip_regex . '$/', $ip)) { list($ip_from, $ip_to) = explode('-', $ip); $ip_from = ip2long($ip_from); $ip_to = ip2long($ip_to); } elseif (preg_match('/^' . $ip_regex . '\\/([0-9]{1,2})$/', $ip, $matches) && $matches[4] >= 0 && $matches[4] <= 32) { list($ip_from, $ip_to) = hesk_cidr_to_range($ip); } else { hesk_process_messages($hesklang['validbanip'], 'banned_ips.php'); } // Make sure we have valid ranges if ($ip_from < 0) { $ip_from += 4294967296.0; } elseif ($ip_from > 4294967296.0) { $ip_from = 4294967296.0; } if ($ip_to < 0) { $ip_to += 4294967296.0; } elseif ($ip_to > 4294967296.0) { $ip_to = 4294967296.0; } // Make sure $ip_to is not lower that $ip_from if ($ip_to < $ip_from) { $tmp = $ip_to; $ip_to = $ip_from; $ip_from = $tmp; } // Is this IP address already banned? $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE {$ip_from} BETWEEN `ip_from` AND `ip_to` AND {$ip_to} BETWEEN `ip_from` AND `ip_to` LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $_SESSION['ban_ip']['id'] = hesk_dbResult($res); $hesklang['ipbanexists'] = $ip_to == $ip_from ? sprintf($hesklang['ipbanexists'], long2ip($ip_to)) : sprintf($hesklang['iprbanexists'], long2ip($ip_from) . ' - ' . long2ip($ip_to)); hesk_process_messages($hesklang['ipbanexists'], 'banned_ips.php', 'NOTICE'); } // Delete any duplicate banned IP or ranges that are within the new banned range hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `ip_from` >= {$ip_from} AND `ip_to` <= {$ip_to}"); // Delete temporary bans from logins table if ($ip_to == $ip_from) { hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "' LIMIT 1"); } // Redirect either to banned ips or ticket page from now on $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_ips.php'; // Insert the ip address into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` (`ip_from`,`ip_to`,`ip_display`,`banned_by`) VALUES ({$ip_from}, {$ip_to},'" . hesk_dbEscape($ip_display) . "','" . intval($_SESSION['id']) . "')"); // Remember ip that got banned $_SESSION['ban_ip']['id'] = hesk_dbInsertID(); // Generate success message $hesklang['ip_banned'] = $ip_to == $ip_from ? sprintf($hesklang['ip_banned'], long2ip($ip_to)) : sprintf($hesklang['ip_rbanned'], long2ip($ip_from) . ' - ' . long2ip($ip_to)); // Show success hesk_process_messages(sprintf($hesklang['ip_banned'], $ip), $redirect_to, 'SUCCESS'); }