function hesk_getCategoryPriority($id)
{
global $hesk_settings, $hesklang, $hesk_db_link;
$priority = 3;
// Does the category have a different default priority?
$res = hesk_dbQuery("SELECT `priority` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`=" . intval($id) . " LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
$priority = hesk_dbResult($res);
}
return $priority;
}
function hesk_iSaveSettings()
{
global $hesk_settings, $hesklang;
$spam_question = hesk_generate_SPAM_question();
$hesk_settings['secimg_use'] = empty($_SESSION['set_captcha']) ? 0 : 1;
$hesk_settings['use_spamq'] = empty($_SESSION['use_spamq']) ? 0 : 1;
$hesk_settings['question_ask'] = $spam_question[0];
$hesk_settings['question_ans'] = $spam_question[1];
$hesk_settings['set_attachments'] = empty($_SESSION['set_attachments']) ? 0 : 1;
$hesk_settings['hesk_version'] = HESK_NEW_VERSION;
if (isset($_SERVER['HTTP_HOST'])) {
$hesk_settings['site_url'] = 'http://' . $_SERVER['HTTP_HOST'];
if (isset($_SERVER['REQUEST_URI'])) {
$hesk_settings['hesk_url'] = 'http://' . $_SERVER['HTTP_HOST'] . str_replace('/install/install.php', '', $_SERVER['REQUEST_URI']);
}
}
/* Encode and escape characters */
$set = $hesk_settings;
foreach ($hesk_settings as $k => $v) {
if (is_array($v)) {
continue;
}
$set[$k] = addslashes($v);
}
$set['debug_mode'] = 0;
$set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", $set['email_providers']) . "'" : '';
// Check if PHP version is 5.2.3+ and MySQL is 5.0.7+
$res = hesk_dbQuery('SELECT VERSION() AS version');
$set['db_vrsn'] = version_compare(PHP_VERSION, '5.2.3') >= 0 && version_compare(hesk_dbResult($res), '5.0.7') >= 0 ? 1 : 0;
hesk_iSaveSettingsFile($set);
return true;
}
function hesk_iTestDatabaseConnection()
{
global $hesk_settings, $hesklang;
$db_success = 1;
$hesk_settings['db_host'] = hesk_input(hesk_POST('host'));
$hesk_settings['db_name'] = hesk_input(hesk_POST('name'));
$hesk_settings['db_user'] = hesk_input(hesk_POST('user'));
$hesk_settings['db_pass'] = hesk_input(hesk_POST('pass'));
// Allow & in password
$hesk_settings['db_pass'] = str_replace('&', '&', $hesk_settings['db_pass']);
// Use MySQLi extension to connect?
$use_mysqli = function_exists('mysqli_connect') ? true : false;
// Start output buffering
ob_start();
// Connect to database
if ($use_mysqli) {
// Do we need a special port? Check and connect to the database
if (strpos($hesk_settings['db_host'], ':')) {
list($hesk_settings['db_host'], $hesk_settings['db_port']) = explode(':', $hesk_settings['db_host']);
$hesk_db_link = mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name'], intval($hesk_settings['db_port'])) or $db_success = 0;
} else {
$hesk_db_link = mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name']) or $db_success = 0;
}
} else {
$hesk_db_link = mysql_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass']) or $db_success = 0;
// Select database works OK?
if ($db_success == 1 && !mysql_select_db($hesk_settings['db_name'], $hesk_db_link)) {
// No, try to create the database
if (function_exists('mysql_create_db') && mysql_create_db($hesk_settings['db_name'], $hesk_db_link)) {
if (mysql_select_db($hesk_settings['db_name'], $hesk_db_link)) {
$db_success = 1;
} else {
$db_success = 0;
}
} else {
$db_success = 0;
}
}
}
ob_end_clean();
// Any errors?
if (!$db_success) {
global $mysql_log;
$mysql_log = $use_mysqli ? mysqli_connect_error() : mysql_error();
hesk_iDatabase(1);
}
// Check MySQL version
define('MYSQL_VERSION', hesk_dbResult(hesk_dbQuery('SELECT VERSION() AS version')));
if (version_compare(MYSQL_VERSION, REQUIRE_MYSQL_VERSION, '<')) {
hesk_iDatabase(5);
}
return $hesk_db_link;
}
function hesk_dbTime()
{
$res = hesk_dbQuery("SELECT NOW()");
return strtotime(hesk_dbResult($res, 0, 0));
}
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
$_SESSION["c_{$k}"] = hesk_POST($k);
}
} else {
$tmpvar[$k] = '';
}
}
// Check bans
if (!isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
hesk_error($hesklang['baned_e']);
}
// Check maximum open tickets limit
$below_limit = true;
if ($hesk_settings['max_open'] && !isset($hesk_error_buffer['email'])) {
$res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN ('0', '1', '2', '4', '5') AND " . hesk_dbFormatEmail($tmpvar['email']));
$num = hesk_dbResult($res);
if ($num >= $hesk_settings['max_open']) {
$hesk_error_buffer = array('max_open' => sprintf($hesklang['maxopen'], $num, $hesk_settings['max_open']));
$below_limit = false;
}
}
// If we reached max tickets let's save some resources
if ($below_limit) {
// Generate tracking ID
$tmpvar['trackid'] = hesk_createID();
// Attachments
if ($hesk_settings['attachments']['use']) {
require_once HESK_PATH . 'inc/attachments.inc.php';
$attachments = array();
$trackingID = $tmpvar['trackid'];
for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
function manage_category()
{
global $hesk_settings, $hesklang;
$catid = intval(hesk_GET('catid')) or hesk_error($hesklang['kb_cat_inv']);
$result = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'kb_categories` ORDER BY `parent` ASC, `cat_order` ASC');
$kb_cat = array();
while ($cat = hesk_dbFetchAssoc($result)) {
$kb_cat[] = $cat;
if ($cat['id'] == $catid) {
$this_cat = $cat;
}
}
if (isset($_SESSION['manage_cat'])) {
$_SESSION['manage_cat'] = hesk_stripArray($_SESSION['manage_cat']);
$this_cat['type'] = $_SESSION['manage_cat']['type'];
$this_cat['parent'] = $_SESSION['manage_cat']['parent'];
$this_cat['name'] = $_SESSION['manage_cat']['title'];
}
/* Translate main category "Knowledgebase" if needed */
$kb_cat[0]['name'] = $hesklang['kb_text'];
require HESK_PATH . 'inc/treemenu/TreeMenu.php';
$icon = HESK_PATH . 'img/folder.gif';
$expandedIcon = HESK_PATH . 'img/folder-expanded.gif';
$menu = new HTML_TreeMenu();
$thislevel = array('0');
$nextlevel = array();
$i = 1;
$j = 1;
while (count($kb_cat) > 0) {
foreach ($kb_cat as $k => $cat) {
if (in_array($cat['parent'], $thislevel)) {
$up = $cat['parent'];
$my = $cat['id'];
$type = $cat['type'] ? '*' : '';
$text_short = $cat['name'] . $type . ' (' . $cat['articles'] . ', ' . $cat['articles_private'] . ', ' . $cat['articles_draft'] . ')';
if (isset($node[$up])) {
$node[$my] =& $node[$up]->addItem(new HTML_TreeNode(array('hesk_parent' => $this_cat['parent'], 'text' => 'Text', 'text_short' => $text_short, 'hesk_catid' => $cat['id'], 'hesk_select' => 'option' . $j, 'icon' => $icon, 'expandedIcon' => $expandedIcon, 'expanded' => true)));
} else {
$node[$my] = new HTML_TreeNode(array('hesk_parent' => $this_cat['parent'], 'text' => 'Text', 'text_short' => $text_short, 'hesk_catid' => $cat['id'], 'hesk_select' => 'option' . $j, 'icon' => $icon, 'expandedIcon' => $expandedIcon, 'expanded' => true));
}
$nextlevel[] = $cat['id'];
$j++;
unset($kb_cat[$k]);
}
}
$thislevel = $nextlevel;
$nextlevel = array();
/* Break after 20 recursions to avoid hang-ups in case of any problems */
if ($i > 20) {
break;
}
$i++;
}
$menu->addItem($node[1]);
// Create the presentation class
$listBox =& ref_new(new HTML_TreeMenu_Listbox($menu));
/* Print header */
require_once HESK_PATH . 'inc/header.inc.php';
/* Print main manage users page */
require_once HESK_PATH . 'inc/show_admin_nav.inc.php';
?>
<div class="container manage-kb-category-title"><a href="manage_knowledgebase.php" class="smaller"><b><?php
echo $hesklang['kb'];
?>
</b></a> > <?php
echo $hesklang['kb_cat_man'];
?>
</div>
<!-- SUB NAVIGATION -->
<?php
show_subnav('', $catid);
?>
<!-- SUB NAVIGATION -->
<?php
if (!isset($_SESSION['hide']['article_list'])) {
?>
<div class="container category-kb"><?php
echo $hesklang['category'];
?>
: <span class="black"><?php
echo $this_cat['name'];
?>
</span></div>
<br />
<?php
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='{$catid}' ORDER BY `sticky` DESC, `art_order` ASC");
$num = hesk_dbNumRows($result);
if ($num == 0) {
echo '<div class="container kb_no_article">' . $hesklang['kb_no_art'] . ' <br/><br/>
<a href="manage_knowledgebase.php?a=add_article&catid=' . $catid . '"><img src="../img/add_article.png" width="16" height="16" alt="' . $hesklang['kb_i_art2'] . '" title="' . $hesklang['kb_i_art2'] . '" border="0" style="border:none;vertical-align:text-bottom" /></a>' . '<a href="manage_knowledgebase.php?a=add_article&catid=' . $catid . '"><b>' . $hesklang['kb_i_art2'] . '</b></a></div>';
} else {
/* Get number of sticky articles */
$res2 = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='{$catid}' AND `sticky` = '1' ");
$num_sticky = hesk_dbResult($res2);
$num_nosticky = $num - $num_sticky;
?>
<div class="container insertArticle">
<?php
echo '<a href="manage_knowledgebase.php?a=add_article&catid=' . $catid . '"><img src="../img/add_article.png" width="16" height="16" alt="' . $hesklang['kb_i_art2'] . '" title="' . $hesklang['kb_i_art2'] . '" border="0" style="border:none;vertical-align:text-bottom" /></a> <a href="manage_knowledgebase.php?a=add_article&catid=' . $catid . '"><b>' . $hesklang['kb_i_art2'] . '</b></a>';
?>
</div>
<div class="container kb_cat_art_title"><?php
echo $hesklang['kb_cat_art'];
?>
</div>
<div class="container">
<table class="table table-bordered table-responsive kb_cat_art_table">
<tr>
<th class="admin_white"> </th>
<th class="admin_white"><b><i><?php
echo $hesklang['kb_subject'];
?>
</i></b></th>
<th class="admin_white"><b><i><?php
echo $hesklang['kb_type'];
?>
</i></b></th>
<th class="admin_white"><b><i><?php
echo $hesklang['views'];
?>
</i></b></th>
<?php
if ($hesk_settings['kb_rating']) {
?>
<th class="admin_white" style="white-space:nowrap" nowrap="nowrap" width="130"><b><i><?php
echo $hesklang['rating'] . ' (' . $hesklang['votes'] . ')';
?>
</i></b></th>
<?php
}
?>
<th class="admin_white" style="width:120px"><b><i> <?php
echo $hesklang['opt'];
?>
</i></b></th>
</tr>
<?php
$i = 1;
$j = 1;
$k = 1;
$previous_sticky = 1;
$num = $num_sticky;
while ($article = hesk_dbFetchAssoc($result)) {
if ($previous_sticky != $article['sticky']) {
$k = 1;
$num = $num_nosticky;
$previous_sticky = $article['sticky'];
}
if (isset($_SESSION['artord']) && $article['id'] == $_SESSION['artord']) {
$color = 'admin_green';
unset($_SESSION['artord']);
} elseif ($article['sticky']) {
$color = 'admin_yellow';
} else {
$color = $i ? 'admin_white' : 'admin_gray';
}
$tmp = $i ? 'White' : 'Blue';
$style = 'class="option' . $tmp . 'OFF" onmouseover="this.className=\'option' . $tmp . 'ON\'" onmouseout="this.className=\'option' . $tmp . 'OFF\'"';
$i = $i ? 0 : 1;
switch ($article['type']) {
case '1':
$type = '<span class="kb_private">' . $hesklang['kb_private'] . '</span>';
break;
case '2':
$type = '<span class="kb_draft">' . $hesklang['kb_draft'] . '</span>';
break;
default:
$type = '<span class="kb_published">' . $hesklang['kb_published'] . '</span>';
}
if ($hesk_settings['kb_rating']) {
$alt = $article['rating'] ? sprintf($hesklang['kb_rated'], sprintf("%01.1f", $article['rating'])) : $hesklang['kb_not_rated'];
$rat = '<td class="' . $color . '" style="white-space:nowrap;"><img src="../img/star_' . hesk_round_to_half($article['rating']) * 10 . '.png" width="85" height="16" alt="' . $alt . '" title="' . $alt . '" border="0" style="vertical-align:text-bottom" /> (' . $article['votes'] . ') </td>';
} else {
$rat = '';
}
?>
<tr>
<td class="<?php
echo $color;
?>
"><?php
echo $j;
?>
.</td>
<td class="<?php
echo $color;
?>
"><?php
echo $article['subject'];
?>
</td>
<td class="<?php
echo $color;
?>
"><?php
echo $type;
?>
</td>
<td class="<?php
echo $color;
?>
"><?php
echo $article['views'];
?>
</td>
<?php
echo $rat;
?>
<td class="<?php
echo $color;
?>
" style="text-align:center; white-space:nowrap;">
<?php
if ($num > 1) {
if ($k == 1) {
?>
<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
<a href="manage_knowledgebase.php?a=order_article&id=<?php
echo $article['id'];
?>
&catid=<?php
echo $catid;
?>
&move=15&token=<?php
hesk_token_echo();
?>
"><img src="../img/move_down.png" width="16" height="16" alt="<?php
echo $hesklang['move_dn'];
?>
" title="<?php
echo $hesklang['move_dn'];
?>
" <?php
echo $style;
?>
/></a>
<?php
} elseif ($k == $num) {
?>
<a href="manage_knowledgebase.php?a=order_article&id=<?php
echo $article['id'];
?>
&catid=<?php
echo $catid;
?>
&move=-15&token=<?php
hesk_token_echo();
?>
"><img src="../img/move_up.png" width="16" height="16" alt="<?php
echo $hesklang['move_up'];
?>
" title="<?php
echo $hesklang['move_up'];
?>
" <?php
echo $style;
?>
/></a>
<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
<?php
} else {
?>
<a href="manage_knowledgebase.php?a=order_article&id=<?php
echo $article['id'];
?>
&catid=<?php
echo $catid;
?>
&move=-15&token=<?php
hesk_token_echo();
?>
"><img src="../img/move_up.png" width="16" height="16" alt="<?php
echo $hesklang['move_up'];
?>
" title="<?php
echo $hesklang['move_up'];
?>
" <?php
echo $style;
?>
/></a>
<a href="manage_knowledgebase.php?a=order_article&id=<?php
echo $article['id'];
?>
&catid=<?php
echo $catid;
?>
&move=15&token=<?php
hesk_token_echo();
?>
"><img src="../img/move_down.png" width="16" height="16" alt="<?php
echo $hesklang['move_dn'];
?>
" title="<?php
echo $hesklang['move_dn'];
?>
" <?php
echo $style;
?>
/></a>
<?php
}
} elseif ($num_sticky > 1 || $num_nosticky > 1) {
echo '<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;vertical-align:text-bottom;" /> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;vertical-align:text-bottom;" />';
}
?>
<a href="manage_knowledgebase.php?a=sticky&s=<?php
echo $article['sticky'] ? 0 : 1;
?>
&id=<?php
echo $article['id'];
?>
&catid=<?php
echo $catid;
?>
&token=<?php
hesk_token_echo();
?>
"><img src="../img/sticky<?php
if (!$article['sticky']) {
echo '_off';
}
?>
.png" width="16" height="16" alt="<?php
echo $article['sticky'] ? $hesklang['stickyoff'] : $hesklang['stickyon'];
?>
" title="<?php
echo $article['sticky'] ? $hesklang['stickyoff'] : $hesklang['stickyon'];
?>
" <?php
echo $style;
?>
/></a>
<a href="knowledgebase_private.php?article=<?php
echo $article['id'];
?>
&back=1<?php
if ($article['type'] == 2) {
echo '&draft=1';
}
?>
" target="_blank"><img src="../img/article_text.png" width="16" height="16" alt="<?php
echo $hesklang['viewart'];
?>
" title="<?php
echo $hesklang['viewart'];
?>
" <?php
echo $style;
?>
/></a>
<a href="manage_knowledgebase.php?a=edit_article&id=<?php
echo $article['id'];
?>
"><img src="../img/edit.png" width="16" height="16" alt="<?php
echo $hesklang['edit'];
?>
" title="<?php
echo $hesklang['edit'];
?>
" <?php
echo $style;
?>
/></a>
<a href="manage_knowledgebase.php?a=remove_article&id=<?php
echo $article['id'];
?>
&token=<?php
hesk_token_echo();
?>
" onclick="return hesk_confirmExecute('<?php
echo hesk_makeJsString($hesklang['del_art']);
?>
');"><img src="../img/delete.png" width="16" height="16" alt="<?php
echo $hesklang['delete'];
?>
" title="<?php
echo $hesklang['delete'];
?>
" <?php
echo $style;
?>
/></a> </td>
</tr>
<?php
$j++;
$k++;
}
// End while
?>
</table>
</div>
<?php
}
}
// END if hide article list
/* Manage Category (except the default one) */
if ($catid != 1) {
?>
<br />
<div class="container insertCategory">
<?php
echo '<a href="manage_knowledgebase.php?a=add_category&parent=' . $catid . '"><img src="../img/add_category.png" width="16" height="16" alt="' . $hesklang['kb_i_cat2'] . '" title="' . $hesklang['kb_i_cat2'] . '" border="0" style="border:none;vertical-align:text-bottom" /></a> <a href="manage_knowledgebase.php?a=add_category&parent=' . $catid . '"><b>' . $hesklang['kb_i_cat2'] . '</b></a>';
?>
</div>
<div class="container category-settings-title"><?php
echo $hesklang['catset'];
?>
</div>
<div class="container category-settings-form">
<br/>
<form action="manage_knowledgebase.php" method="post" name="form1" onsubmit="Javascript:return hesk_deleteIfSelected('dodelete','<?php
echo hesk_makeJsString($hesklang['kb_delcat']);
?>
')">
<div class="form-inline">
<span class="col-sm-2"><b><?php
echo $hesklang['kb_cat_title'];
?>
:</b></span>
<span><input class="form-control" type="text" name="title" size="70" maxlength="255" value="<?php
echo $this_cat['name'];
?>
" /></span>
</div>
<br/>
<div class="form-inline">
<span class="col-sm-2"><b><?php
echo $hesklang['kb_cat_parent'];
?>
:</b></span>
<span><select class="form-control" name="parent"><?php
$listBox->printMenu();
?>
</select></span>
</div>
<br/>
<div class="form-inline">
<span class="col-sm-2"><b><?php
echo $hesklang['kb_type'];
?>
:</b></span>
<div class="form-group">
<label><input type="radio" name="type" value="0" <?php
if (!$this_cat['type']) {
echo 'checked="checked"';
}
?>
/> <b><i><?php
echo $hesklang['kb_published'];
?>
</i></b></label><br />
<span><?php
echo $hesklang['kb_cat_published'];
?>
</span><br/><br/>
<label><input type="radio" name="type" value="1" <?php
if ($this_cat['type']) {
echo 'checked="checked"';
}
?>
/> <b><i><?php
echo $hesklang['kb_private'];
?>
</i></b></label><br />
<span><?php
echo $hesklang['kb_cat_private'];
?>
</span>
</div>
</div>
<br/>
<div class="form-inline">
<span class="col-sm-2"><b><?php
echo $hesklang['opt'];
?>
:</b></span>
<div class="form-group">
<label><input type="checkbox" name="dodelete" id="dodelete" value="Y" onclick="Javascript:hesk_toggleLayerDisplay('deleteoptions')" /> <i><?php
echo $hesklang['delcat'];
?>
</i></label>
<div id="deleteoptions" style="display: none;">
<label><input type="radio" name="movearticles" value="Y" checked="checked" /> <?php
echo $hesklang['move1'];
?>
</label><br />
<label><input type="radio" name="movearticles" value="N" /> <?php
echo $hesklang['move2'];
?>
</label>
</div>
</div>
</div>
<br/>
</div>
<br/>
<div class="col-sm-6 col-sm-offset-6">
<input type="hidden" name="a" value="edit_category" />
<input type="hidden" name="token" value="<?php
hesk_token_echo();
?>
" />
<input type="hidden" name="catid" value="<?php
echo $catid;
?>
" /><input type="submit" value="<?php
echo $hesklang['save_changes'];
?>
" class="btn btn-default save-cat-changes-btn" />
</div>
</form>
<?php
}
// END if $catid != 1
/* Clean unneeded session variables */
hesk_cleanSessionVars(array('hide', 'manage_cat', 'edit_article'));
require_once HESK_PATH . 'inc/footer.inc.php';
exit;
}
function ban_ip()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Get the ip
$ip = preg_replace('/[^0-9\\.\\-\\/\\*]/', '', hesk_REQUEST('ip'));
$ip_display = str_replace('-', ' - ', $ip);
// Nothing entered?
if (!strlen($ip)) {
hesk_process_messages($hesklang['enterbanip'], 'banned_ips.php');
}
// Convert asterisk to ranges
if (strpos($ip, '*') !== false) {
$ip = str_replace('*', '0', $ip) . '-' . str_replace('*', '255', $ip);
}
$ip_regex = '(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])';
// Is this a single IP address?
if (preg_match('/^' . $ip_regex . '$/', $ip)) {
$ip_from = ip2long($ip);
$ip_to = $ip_from;
} elseif (preg_match('/^' . $ip_regex . '\\-' . $ip_regex . '$/', $ip)) {
list($ip_from, $ip_to) = explode('-', $ip);
$ip_from = ip2long($ip_from);
$ip_to = ip2long($ip_to);
} elseif (preg_match('/^' . $ip_regex . '\\/([0-9]{1,2})$/', $ip, $matches) && $matches[4] >= 0 && $matches[4] <= 32) {
list($ip_from, $ip_to) = hesk_cidr_to_range($ip);
} else {
hesk_process_messages($hesklang['validbanip'], 'banned_ips.php');
}
// Make sure we have valid ranges
if ($ip_from < 0) {
$ip_from += 4294967296.0;
} elseif ($ip_from > 4294967296.0) {
$ip_from = 4294967296.0;
}
if ($ip_to < 0) {
$ip_to += 4294967296.0;
} elseif ($ip_to > 4294967296.0) {
$ip_to = 4294967296.0;
}
// Make sure $ip_to is not lower that $ip_from
if ($ip_to < $ip_from) {
$tmp = $ip_to;
$ip_to = $ip_from;
$ip_from = $tmp;
}
// Is this IP address already banned?
$res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE {$ip_from} BETWEEN `ip_from` AND `ip_to` AND {$ip_to} BETWEEN `ip_from` AND `ip_to` LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
$_SESSION['ban_ip']['id'] = hesk_dbResult($res);
$hesklang['ipbanexists'] = $ip_to == $ip_from ? sprintf($hesklang['ipbanexists'], long2ip($ip_to)) : sprintf($hesklang['iprbanexists'], long2ip($ip_from) . ' - ' . long2ip($ip_to));
hesk_process_messages($hesklang['ipbanexists'], 'banned_ips.php', 'NOTICE');
}
// Delete any duplicate banned IP or ranges that are within the new banned range
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `ip_from` >= {$ip_from} AND `ip_to` <= {$ip_to}");
// Delete temporary bans from logins table
if ($ip_to == $ip_from) {
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "' LIMIT 1");
}
// Redirect either to banned ips or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_ips.php';
// Insert the ip address into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` (`ip_from`,`ip_to`,`ip_display`,`banned_by`) VALUES ({$ip_from}, {$ip_to},'" . hesk_dbEscape($ip_display) . "','" . intval($_SESSION['id']) . "')");
// Remember ip that got banned
$_SESSION['ban_ip']['id'] = hesk_dbInsertID();
// Generate success message
$hesklang['ip_banned'] = $ip_to == $ip_from ? sprintf($hesklang['ip_banned'], long2ip($ip_to)) : sprintf($hesklang['ip_rbanned'], long2ip($ip_from) . ' - ' . long2ip($ip_to));
// Show success
hesk_process_messages(sprintf($hesklang['ip_banned'], $ip), $redirect_to, 'SUCCESS');
}
<td width="200" valign="top"><?php
echo $hesklang['phpv'];
?>
:</td>
<td><?php
echo defined('HESK_DEMO') ? $hesklang['hdemo'] : PHP_VERSION . ' ' . (function_exists('mysqli_connect') ? '(MySQLi)' : '(MySQL)');
?>
</td>
</tr>
<tr>
<td width="200" valign="top"><?php
echo $hesklang['mysqlv'];
?>
:</td>
<td><?php
echo defined('HESK_DEMO') ? $hesklang['hdemo'] : hesk_dbResult(hesk_dbQuery('SELECT VERSION() AS version'));
?>
</td>
</tr>
<tr>
<td width="200" valign="top">/hesk_settings.inc.php</td>
<td>
<?php
if (is_writable(HESK_PATH . 'hesk_settings.inc.php')) {
$enable_save_settings = 1;
echo '<font class="success">' . $hesklang['exists'] . '</font>, <font class="success">' . $hesklang['writable'] . '</font>';
} else {
echo '<font class="success">' . $hesklang['exists'] . '</font>, <font class="error">' . $hesklang['not_writable'] . '</font><br />' . $hesklang['e_settings'];
}
?>
</td>
function hesk_getOwnerName($id)
{
global $hesk_settings, $hesklang;
if (empty($id)) {
return $hesklang['unas'];
}
// If we already have the name no need to query DB another time
if (isset($hesk_settings['user_data'][$id]['name'])) {
return $hesk_settings['user_data'][$id]['name'];
}
$res = hesk_dbQuery("SELECT `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($id) . "' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
return $hesklang['unas'];
}
$hesk_settings['user_data'][$id]['name'] = hesk_dbResult($res, 0, 0);
return $hesk_settings['user_data'][$id]['name'];
}
function hesk_printReplyForm()
{
global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self;
?>
<!-- START REPLY FORM -->
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="7" height="7"><img src="../img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornerstop"></td>
<td><img src="../img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
<td class="roundcornersleft"> </td>
<td>
<h3 align="center"><?php
echo $hesklang['add_reply'];
?>
</h3>
<form method="post" action="admin_reply_ticket.php" enctype="multipart/form-data" name="form1" onsubmit="javascript:force_stop();return true;">
<br />
<?php
/* Ticket assigned to someone else? */
if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && isset($admins[$ticket['owner']])) {
hesk_show_notice($hesklang['nyt'] . ' ' . $admins[$ticket['owner']]);
}
/* Ticket locked? */
if ($ticket['locked']) {
hesk_show_notice($hesklang['tislock']);
}
// Track time worked?
if ($hesk_settings['time_worked']) {
?>
<div align="center">
<table class="white" style="min-width:600px;">
<tr>
<td colspan="2">
» <?php
echo $hesklang['ts'];
?>
<input type="text" name="time_worked" id="time_worked" size="10" value="<?php
echo isset($_SESSION['time_worked']) ? hesk_getTime($_SESSION['time_worked']) : '00:00:00';
?>
" />
<input type="button" class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" onclick="ss()" id="startb" value="<?php
echo $hesklang['start'];
?>
" />
<input type="button" class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" onclick="r()" value="<?php
echo $hesklang['reset'];
?>
" />
<br />
</td>
</tr>
</table>
</div>
<?php
}
/* Do we have any canned responses? */
if (strlen($can_options)) {
?>
<div align="center">
<table class="white" style="min-width:600px;">
<tr>
<td class="admin_gray" colspan="2"><b>» <?php
echo $hesklang['saved_replies'];
?>
</b></td>
</tr>
<tr>
<td class="admin_gray">
<label><input type="radio" name="mode" id="modeadd" value="1" checked="checked" /> <?php
echo $hesklang['madd'];
?>
</label><br />
<label><input type="radio" name="mode" id="moderep" value="0" /> <?php
echo $hesklang['mrep'];
?>
</label>
</td>
<td class="admin_gray">
<?php
echo $hesklang['select_saved'];
?>
:<br />
<select name="saved_replies" onchange="setMessage(this.value)">
<option value="0"> - <?php
echo $hesklang['select_empty'];
?>
- </option>
<?php
echo $can_options;
?>
</select>
</td>
</tr>
</table>
</div>
<?php
}
?>
<p align="center"><?php
echo $hesklang['message'];
?>
: <font class="important">*</font><br />
<span id="HeskMsg"><textarea name="message" id="message" rows="12" cols="72"><?php
// Do we have any message stored in session?
if (isset($_SESSION['ticket_message'])) {
echo stripslashes(hesk_input($_SESSION['ticket_message']));
} else {
$res = hesk_dbQuery("SELECT `message` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
echo hesk_dbResult($res);
}
}
?>
</textarea></span></p>
<?php
/* attachments */
if ($hesk_settings['attachments']['use']) {
?>
<p align="center">
<?php
echo $hesklang['attachments'] . ' (<a href="Javascript:void(0)" onclick="Javascript:hesk_window(\'../file_limits.php\',250,500);return false;">' . $hesklang['ful'] . '</a>):<br />';
for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
echo '<input type="file" name="attachment[' . $i . ']" size="50" /><br />';
}
?>
</p>
<?php
}
?>
<div align="center">
<center>
<table>
<tr>
<td>
<?php
if ($ticket['owner'] != $_SESSION['id'] && $can_assign_self) {
if (empty($ticket['owner'])) {
echo '<label><input type="checkbox" name="assign_self" value="1" checked="checked" /> <b>' . $hesklang['asss2'] . '</b></label><br />';
} else {
echo '<label><input type="checkbox" name="assign_self" value="1" /> ' . $hesklang['asss2'] . '</label><br />';
}
}
?>
<label><input type="checkbox" name="set_priority" value="1" /> <?php
echo $hesklang['change_priority'];
?>
</label>
<select name="priority">
<?php
echo implode('', $options);
?>
</select><br />
<label><input type="checkbox" name="signature" value="1" checked="checked" /> <?php
echo $hesklang['attach_sign'];
?>
</label>
(<a href="profile.php"><?php
echo $hesklang['profile_settings'];
?>
</a>)<br />
<label><input type="checkbox" name="no_notify" value="1" <?php
echo $_SESSION['notify_customer_reply'] ? '' : 'checked="checked"';
?>
/> <?php
echo $hesklang['dsen'];
?>
</label>
</td>
</tr>
</table>
</center>
</div>
<p align="center">
<input type="hidden" name="orig_id" value="<?php
echo $ticket['id'];
?>
" />
<input type="hidden" name="token" value="<?php
hesk_token_echo();
?>
" />
<input type="submit" value=" <?php
echo $hesklang['submit_reply'];
?>
" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" />
<input type="submit" name="save_reply" value="<?php
echo $hesklang['sacl'];
?>
" class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" />
</p>
<?php
// If ticket is not locked, show additional submit options
if (!$ticket['locked']) {
?>
<p> </p>
<p align="center">
<input type="submit" name="submit_as_customer" value="<?php
echo $hesklang['sasc'];
?>
" class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" />
<input type="submit" name="submit_as_resolved" value="<?php
echo $hesklang['submit_as'] . ' ' . $hesklang['closed'];
?>
" class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" />
<input type="submit" name="submit_as_in_progress" value="<?php
echo $hesklang['submit_as'] . ' ' . $hesklang['in_progress'];
?>
" class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" />
<input type="submit" name="submit_as_on_hold" value="<?php
echo $hesklang['submit_as'] . ' ' . $hesklang['on_hold'];
?>
" class="orangebuttonsec" onmouseover="hesk_btn(this,'orangebuttonsecover');" onmouseout="hesk_btn(this,'orangebuttonsec');" />
</p>
<?php
}
?>
</form>
</td>
<td class="roundcornersright"> </td>
</tr>
<tr>
<td><img src="../img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornersbottom"></td>
<td width="7" height="7"><img src="../img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>
<!-- END REPLY FORM -->
<?php
}
function update_profile()
{
global $hesk_settings, $hesklang, $can_view_unassigned;
/* A security check */
hesk_token_check('POST');
$sql_pass = '';
$sql_username = '';
$hesk_error_buffer = '';
$_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
$_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
$_SESSION['new']['signature'] = hesk_input(hesk_POST('signature'));
/* Signature */
if (strlen($_SESSION['new']['signature']) > 1000) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
/* Admins can change username */
if ($_SESSION['isadmin']) {
$_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
/* Check for duplicate usernames */
$result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 0) {
$hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
} else {
$sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'";
}
}
/* Change password? */
$newpass = hesk_input(hesk_POST('newpass'));
$passlen = strlen($newpass);
if ($passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2 = hesk_input(hesk_POST('newpass2'));
if ($newpass != $newpass2) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$newpass_hash = hesk_Pass2Hash($newpass);
if ($newpass_hash == '499d74967b28a841c98bb4baaabaad699ff3c079') {
define('WARN_PASSWORD', true);
}
$sql_pass = '******'' . $newpass_hash . '\'';
}
}
}
/* After reply */
$_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply'));
if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) {
$_SESSION['new']['afterreply'] = 0;
}
// Defaults
$_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
$_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
$_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
$_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
/* Notifications */
$_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
/* Any errors? */
if (strlen($hesk_error_buffer)) {
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
} else {
/* Update database */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\n\t\t`name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\n\t\t`email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\n\t\t{$sql_username}\n\t\t{$sql_pass} ,\n\t\t`afterreply`='" . $_SESSION['new']['afterreply'] . "' ,\n\t\t" . ($hesk_settings['time_worked'] ? "`autostart`='" . $_SESSION['new']['autostart'] . "'," : '') . "\n\t\t`notify_customer_new`='" . $_SESSION['new']['notify_customer_new'] . "' ,\n\t\t`notify_customer_reply`='" . $_SESSION['new']['notify_customer_reply'] . "' ,\n\t\t`show_suggested`='" . $_SESSION['new']['show_suggested'] . "' ,\n\t\t`notify_new_unassigned`='" . $_SESSION['new']['notify_new_unassigned'] . "' ,\n\t\t`notify_new_my`='" . $_SESSION['new']['notify_new_my'] . "' ,\n\t\t`notify_reply_unassigned`='" . $_SESSION['new']['notify_reply_unassigned'] . "' ,\n\t\t`notify_reply_my`='" . $_SESSION['new']['notify_reply_my'] . "' ,\n\t\t`notify_assigned`='" . $_SESSION['new']['notify_assigned'] . "' ,\n\t\t`notify_pm`='" . $_SESSION['new']['notify_pm'] . "',\n\t\t`notify_note`='" . $_SESSION['new']['notify_note'] . "'\n\t\tWHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
// Do we need a new session_veify tag?
if (strlen($sql_username) && strlen($sql_pass)) {
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], $newpass_hash);
} elseif (strlen($sql_pass)) {
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['user'], $newpass_hash);
} elseif (strlen($sql_username)) {
$res = hesk_dbQuery('SELECT `pass` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], hesk_dbResult($res));
}
/* Update session variables */
foreach ($_SESSION['new'] as $k => $v) {
$_SESSION[$k] = $v;
}
unset($_SESSION['new']);
hesk_cleanSessionVars('as_notify');
hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS');
}
}
function hesk_printReplyForm()
{
global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self, $isManager;
?>
<!-- START REPLY FORM -->
<h3 class="text-left"><?php
echo $hesklang['add_reply'];
?>
</h3>
<div class="footerWithBorder"></div>
<div class="blankSpace"></div>
<form role="form" class="form-horizontal" method="post" action="admin_reply_ticket.php" enctype="multipart/form-data" name="form1" onsubmit="javascript:force_stop();return true;">
<?php
/* Ticket assigned to someone else? */
if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && isset($admins[$ticket['owner']])) {
hesk_show_notice($hesklang['nyt'] . ' ' . $admins[$ticket['owner']]);
}
/* Ticket locked? */
if ($ticket['locked']) {
hesk_show_notice($hesklang['tislock']);
}
// Track time worked?
if ($hesk_settings['time_worked']) {
?>
<div class="form-group">
<label for="time_worked" class="col-sm-3 control-label"><?php
echo $hesklang['ts'];
?>
:</label>
<div class="col-sm-6">
<input type="text" class="form-control" name="time_worked" id="time_worked" size="10"
value="<?php
echo isset($_SESSION['time_worked']) ? hesk_getTime($_SESSION['time_worked']) : '00:00:00';
?>
"/>
</div>
<div class="col-sm-3 text-right">
<input type="button" class="btn btn-success" onclick="ss()" id="startb"
value="<?php
echo $hesklang['start'];
?>
"/>
<input type="button" class="btn btn-danger" onclick="r()"
value="<?php
echo $hesklang['reset'];
?>
"/>
</div>
</div>
<?php
}
/* Do we have any canned responses? */
if (strlen($can_options)) {
?>
<div class="form-group">
<label for="saved_replies" class="col-sm-3 control-label"><?php
echo $hesklang['saved_replies'];
?>
:</label>
<div class="col-sm-9">
<label><input type="radio" name="mode" id="modeadd" value="1" checked="checked" /> <?php
echo $hesklang['madd'];
?>
</label><br />
<label><input type="radio" name="mode" id="moderep" value="0" /> <?php
echo $hesklang['mrep'];
?>
</label>
<select class="form-control" name="saved_replies" onchange="setMessage(this.value)">
<option value="0"> - <?php
echo $hesklang['select_empty'];
?>
- </option>
<?php
echo $can_options;
?>
</select>
</div>
</div>
<?php
}
?>
<div class="form-group">
<label for="message" class="col-sm-3 control-label"><?php
echo $hesklang['message'];
?>
: <font class="important">*</font></label>
<div class="col-sm-9">
<span id="HeskMsg">
<textarea class="form-control" name="message" id="message" rows="12" placeholder="<?php
echo htmlspecialchars($hesklang['message']);
?>
" cols="72"><?php
// Do we have any message stored in session?
if (isset($_SESSION['ticket_message'])) {
echo stripslashes(hesk_input($_SESSION['ticket_message']));
} else {
$res = hesk_dbQuery("SELECT `message` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
echo hesk_dbResult($res);
}
}
?>
</textarea></span>
</div>
</div>
<?php
/* attachments */
if ($hesk_settings['attachments']['use']) {
?>
<div class="form-group">
<label for="attachments" class="col-sm-3 control-label"><?php
echo $hesklang['attachments'];
?>
:</label>
<div class="col-sm-9">
<?php
for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
echo '<input type="file" name="attachment[' . $i . ']" size="50" /><br />';
}
echo '<a href="Javascript:void(0)" onclick="Javascript:hesk_window(\'../file_limits.php\',250,500);return false;">' . $hesklang['ful'] . '</a>';
?>
</div>
</div>
<?php
}
?>
<div class="form-group">
<label for="options" class="col-sm-3 control-label"><?php
echo $hesklang['addop'];
?>
:</label>
<div class="col-sm-9">
<?php
if ($ticket['owner'] != $_SESSION['id'] && $can_assign_self) {
if (empty($ticket['owner'])) {
echo '<label><input type="checkbox" name="assign_self" value="1" checked="checked" /> <b>' . $hesklang['asss2'] . '</b></label><br />';
} else {
echo '<label><input type="checkbox" name="assign_self" value="1" /> ' . $hesklang['asss2'] . '</label><br />';
}
}
$statusSql = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsStaffClosedOption` = 1';
$statusRow = hesk_dbQuery($statusSql)->fetch_assoc();
$staffClosedOptionStatus = array();
$staffClosedOptionStatus['ID'] = $statusRow['ID'];
?>
<div class="form-inline">
<label>
<input type="checkbox" name="set_priority" value="1" /> <?php
echo $hesklang['change_priority'];
?>
</label>
<select class="form-control" name="priority">
<?php
echo implode('', $options);
?>
</select>
</div>
<br />
<label>
<input type="checkbox" name="signature" value="1" checked="checked" /> <?php
echo $hesklang['attach_sign'];
?>
</label>
(<a href="profile.php"><?php
echo $hesklang['profile_settings'];
?>
</a>)
<br />
<label>
<input type="checkbox" name="no_notify" value="1" <?php
echo $_SESSION['notify_customer_reply'] && !empty($ticket['email']) ? '' : 'checked="checked" ';
?>
<?php
if (empty($ticket['email'])) {
echo 'disabled';
}
?>
> <?php
echo $hesklang['dsen'];
?>
</label><br/><br/>
<?php
if (empty($ticket['email'])) {
echo '<input type="hidden" name="no_notify" value="1">';
}
?>
<input type="hidden" name="orig_id" value="<?php
echo $ticket['id'];
?>
" />
<input type="hidden" name="token" value="<?php
hesk_token_echo();
?>
" />
<div class="btn-group">
<input class="btn btn-primary" type="submit" value="<?php
echo $hesklang['submit_reply'];
?>
">
<button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-expanded="false">
<span class="caret"></span>
<span class="sr-only">Toggle Dropdown</span>
</button>
<ul class="dropdown-menu" role="menu">
<li><a>
<button class="dropdown-submit" type="submit" name="submit_as_customer">
<?php
echo $hesklang['sasc'];
?>
</button>
</a></li>
<li class="divider"></li>
<?php
$allStatusesRs = hesk_dbQuery('SELECT `ID`, `Key`, `TextColor` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses`');
$statuses = array();
while ($row = hesk_dbFetchAssoc($allStatusesRs)) {
array_push($statuses, $row);
}
foreach ($statuses as $status) {
echo '<li><a>
<button class="dropdown-submit" type="submit" name="submit_as_status" value="' . $status['ID'] . '"">
' . $hesklang['submit_reply'] . ' ' . $hesklang['and_change_status_to'] . ' <b>
<span style="color:' . $status['TextColor'] . '">' . $hesklang[$status['Key']] . '</span></b>
</button>
</a></li>';
}
?>
</ul>
</div>
<input class="btn btn-default" type="submit" name="save_reply" value="<?php
echo $hesklang['sacl'];
?>
">
<?php
if ($isManager) {
?>
<input type="hidden" name="isManager" value="1">
<?php
}
?>
</div>
</div>
</form>
<!-- END REPLY FORM -->
<?php
}
function hesk_printReplyForm()
{
global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self;
?>
<!-- START REPLY FORM -->
<div class="container addReply-title"><?php
echo $hesklang['add_reply'];
?>
</div>
<div class="container replyTicket-form">
<form method="post" action="admin_reply_ticket.php" enctype="multipart/form-data" name="form1" onsubmit="javascript:force_stop();return true;">
<br/>
<?php
/* Ticket assigned to someone else? */
/*if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && isset($admins[$ticket['owner']]) )
{
hesk_show_notice($hesklang['nyt'] . ' ' . $admins[$ticket['owner']]);
}*/
/* Ticket locked? */
if ($ticket['locked']) {
hesk_show_notice($hesklang['tislock']);
}
// Track time worked?
if ($hesk_settings['time_worked']) {
?>
<div class="white table-track-time-worked">
<div class="form-inline time_worked">
<label class="col-sm-2"><?php
echo $hesklang['ts'];
?>
</label>
<input class="form-control" type="text" name="time_worked" id="time_worked" size="10" value="<?php
echo isset($_SESSION['time_worked']) ? hesk_getTime($_SESSION['time_worked']) : '00:00:00';
?>
" />
<button type="button" class="btn btn-default" onclick="ss()" id="startb"><?php
echo $hesklang['start'];
?>
</button>
<button type="button" class="btn btn-default" onclick="r()"><?php
echo $hesklang['reset'];
?>
</button>
</div>
</div><!-- end table-track-time-worked-->
<br/>
<?php
}
/* Do we have any canned responses? */
if (strlen($can_options)) {
?>
<div class="white table-track-time-worked">
<div class="form-inline" style=" margin-bottom: 10px;">
<span class="admin_gray"><b>» <?php
echo $hesklang['saved_replies'];
?>
</b></span>
<div class="form-group admin_gray" style="vertical-align: top;">
<label for="modeadd"><input type="radio" name="mode" id="modeadd" value="1" checked="checked" /> <?php
echo $hesklang['madd'];
?>
</label><br />
<label for="moderep"><input type="radio" name="mode" id="moderep" value="0" /> <?php
echo $hesklang['mrep'];
?>
</label>
</div>
</div>
<div class="form-inline admin_gray" style="margin-bottom: 10px;">
<label for="selec-canned-response"><?php
echo $hesklang['select_saved'];
?>
:</label>
<select id="selec-canned-response" name="saved_replies" onchange="setMessage(this.value)">
<option value="0"> - <?php
echo $hesklang['select_empty'];
?>
- </option>
<?php
echo $can_options;
?>
</select>
</div>
</div><!-- end table-track-time-worked-->
<?php
}
?>
<div class="form-inline">
<span class="col-sm-2"><?php
echo $hesklang['message'];
?>
: <font class="important">*</font></span>
<span id="HeskMsg"><textarea name="message" id="message" rows="12" cols="72" class="HeskMsg-addReply form-control">
<?php
// Do we have any message stored in session?
if (isset($_SESSION['ticket_message'])) {
echo stripslashes(hesk_input($_SESSION['ticket_message']));
} else {
$res = hesk_dbQuery("SELECT `message` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
echo hesk_dbResult($res);
}
}
?>
</textarea></span></div>
<br/>
<div class="form-inline">
<?php
/* attachments */
if ($hesk_settings['attachments']['use']) {
?>
<?php
echo '<span class="col-sm-2">' . $hesklang['attachments'] . ':' . '</span>';
echo '<div class="form-group" id="attachments-addReply">';
for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
echo '<input id="chooseFile-addReply" type="file" name="attachment[' . $i . ']" size="50" />';
}
echo '<span>(<a href="Javascript:void(0)" onclick="Javascript:hesk_window(\'../file_limits.php\',250,500);return false;">' . $hesklang['ful'] . '</a>)</span>';
echo ' </div>';
?>
<?php
}
?>
</div>
<br/>
<div class="first-table">
<?php
/*if ($ticket['owner'] != $_SESSION['id'] && $can_assign_self)
{
if (empty($ticket['owner']))
{
echo '<label class="container"><input type="checkbox" name="assign_self" value="1" checked="checked" /> <b>'.$hesklang['asss2'].'</b></label><br />';
}
else
{
echo '<label class="container"><input type="checkbox" name="assign_self" value="1" /> '.$hesklang['asss2'].'</label><br />';
}
}*/
?>
<div class="form-inline">
<label class="col-sm-2 control-label"><input type="checkbox" name="set_priority" value="1" /> <?php
echo $hesklang['change_priority'];
?>
</label>
<select class="form-control" name="priority">
<?php
echo implode('', $options);
?>
</select>
</div>
<br />
<!--<div class="form-inline">
<label class="col-sm-2"><input type="checkbox" name="signature" value="1" checked="checked" /> <?php
//echo $hesklang['attach_sign'];
?>
</label>
<span>(<a href="profile.php"><?php
//echo $hesklang['profile_settings'];
?>
</a>)</span>
</div>-->
<label class="container"><input type="checkbox" name="no_notify" value="1" <?php
echo $_SESSION['notify_customer_reply'] ? '' : 'checked="checked"';
?>
/> <?php
echo $hesklang['dsen'];
?>
</label>
</div><!-- end first-table-->
<br/>
<div>
<input type="hidden" name="orig_id" value="<?php
echo $ticket['id'];
?>
" />
<input type="hidden" name="token" value="<?php
hesk_token_echo();
?>
" />
<input type="submit" value="<?php
echo $hesklang['submit_reply'];
?>
" class="btn btn-default submit_reply_btn" />
<input type="submit" name="save_reply" value="<?php
echo $hesklang['sacl'];
?>
" class="btn btn-default sacl_btn" />
</div>
<br/>
<?php
// If ticket is not locked, show additional submit options
if (!$ticket['locked']) {
?>
<div>
<input type="submit" name="submit_as_customer" value="<?php
echo $hesklang['sasc'];
?>
" class="btn btn-default sasc_btn" />
<input type="submit" name="submit_as_resolved" value="<?php
echo $hesklang['submit_as'] . ' ' . $hesklang['closed'];
?>
" class="btn btn-default submit_as_closed_btn" />
<input type="submit" name="submit_as_in_progress" value="<?php
echo $hesklang['submit_as'] . ' ' . $hesklang['in_progress'];
?>
" class="btn btn-default submit_as_in_progress_btn" />
<input type="submit" name="submit_as_on_hold" value="<?php
echo $hesklang['submit_as'] . ' ' . $hesklang['on_hold'];
?>
" class="btn btn-default submit_as_on_hold_btn" />
</div>
<br/>
<?php
}
?>
</form>
</div><!-- end reply-form-admin-ticket -->
<!-- END REPLY FORM -->
<?php
}
function mail_list_messages()
{
global $hesk_settings, $hesklang, $admins;
$href = 'mail.php';
$query = '';
if ($hesk_settings['mailtmp']['folder'] == 'outbox') {
$query .= 'folder=outbox&';
}
$query .= 'page=';
$maxresults = 30;
$tmp = intval(hesk_POST('page', 1));
$page = $tmp > 1 ? $tmp : 1;
/* List of private messages */
$res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `" . hesk_dbEscape($hesk_settings['mailtmp']['this']) . "`='" . intval($_SESSION['id']) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "'");
$total = hesk_dbResult($res, 0, 0);
if ($total > 0) {
$pages = ceil($total / $maxresults) or $pages = 1;
if ($page > $pages) {
$page = $pages;
}
$limit_down = $page * $maxresults - $maxresults;
$prev_page = $page - 1 <= 0 ? 0 : $page - 1;
$next_page = $page + 1 > $pages ? 0 : $page + 1;
if ($pages > 1) {
echo $hesklang['pg'] . ': ';
/* List pages */
if ($pages >= 7) {
if ($page > 2) {
echo '<a href="' . $href . '?' . $query . '1"><b>«</b></a> ';
}
if ($prev_page) {
echo '<a href="' . $href . '?' . $query . $prev_page . '"><b>‹</b></a> ';
}
}
for ($i = 1; $i <= $pages; $i++) {
if ($i <= $page + 5 && $i >= $page - 5) {
if ($i == $page) {
echo ' <b>' . $i . '</b> ';
} else {
echo ' <a href="' . $href . '?' . $query . $i . '">' . $i . '</a> ';
}
}
}
if ($pages >= 7) {
if ($next_page) {
echo ' <a href="' . $href . '?' . $query . $next_page . '"><b>›</b></a> ';
}
if ($page < $pages - 1) {
echo ' <a href="' . $href . '?' . $query . $pages . '"><b>»</b></a>';
}
}
echo '<br /> ';
}
// end PAGES > 1
// Get messages from the database
$res = hesk_dbQuery("SELECT `id`, `from`, `to`, `subject`, `dt`, `read` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `" . hesk_dbEscape($hesk_settings['mailtmp']['this']) . "`='" . intval($_SESSION['id']) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "' ORDER BY `id` DESC LIMIT " . intval($limit_down) . " , " . intval($maxresults) . " ");
?>
<form action="mail.php<?php
if ($hesk_settings['mailtmp']['folder'] == 'outbox') {
echo '?folder=outbox';
}
?>
" name="form1" method="post">
<div class="container table-responsive">
<table class="table table-bordered table-hover" style="background: #E0EEEE;">
<tr>
<th class="admin_white" style="width:1px"><input type="checkbox" name="checkall" value="2" onclick="hesk_changeAll(this)" /></th>
<th class="admin_white" style="text-align:left; white-space:nowrap;"><?php
echo $hesklang['m_sub'];
?>
</th>
<th class="admin_white" style="text-align:left; white-space:nowrap;"><?php
echo $hesk_settings['mailtmp']['m_from'];
?>
</th>
<th class="admin_white" style="text-align:left; white-space:nowrap;"><?php
echo $hesklang['date'];
?>
</th>
</tr>
<?php
$i = 0;
while ($pm = hesk_dbFetchAssoc($res)) {
if ($i) {
$color = "admin_gray";
$i = 0;
} else {
$color = "admin_white";
$i = 1;
}
$pm['subject'] = '<a href="mail.php?a=read&id=' . $pm['id'] . '">' . $pm['subject'] . '</a>';
if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read']) {
$pm['subject'] = '<b>' . $pm['subject'] . '</b>';
}
$pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&id=' . $pm[$hesk_settings['mailtmp']['other']] . '">' . $admins[$pm[$hesk_settings['mailtmp']['other']]] . '</a>' : ($pm['from'] == 9999 ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']);
$pm['dt'] = hesk_dateToString($pm['dt'], 0, 0, 0, true);
echo <<<EOC
\t\t\t\t\t<tr>
\t\t\t\t\t<td class="{$color}" style="text-align:left; white-space:nowrap;"><input type="checkbox" name="id[]" value="{$pm['id']}" /> </td>
\t\t\t\t\t<td class="{$color}">{$pm['subject']}</td>
\t\t\t\t\t<td class="{$color}">{$pm['name']}</td>
\t\t\t\t\t<td class="{$color}">{$pm['dt']}</td>
\t\t\t\t\t</tr>
EOC;
}
// End while
?>
</table><!-- end table table-bordered table-hover table-responsive -->
</div>
<div class="container" align="right"><select name="a">
<?php
if ($hesk_settings['mailtmp']['this'] == 'to') {
?>
<option value="mark_read" selected="selected"><?php
echo $hesklang['mo1'];
?>
</option>
<option value="mark_unread"><?php
echo $hesklang['mo2'];
?>
</option>
<?php
}
?>
<option value="delete"><?php
echo $hesklang['mo3'];
?>
</option>
</select>
<input type="hidden" name="token" value="<?php
hesk_token_echo();
?>
" />
<input type="submit" value="<?php
echo $hesklang['execute'];
?>
" onclick="Javascript:if (document.form1.a.value=='delete') return hesk_confirmExecute('<?php
echo hesk_makeJsString($hesklang['mo3']);
?>
?');" class="btn btn-default" />
</form>
<br/><br/>
</div>
<?php
} else {
echo '<div class="container"><i>' . $hesklang['npm'] . '</i></div><br/>';
}
}
function hesk_iSaveSettings()
{
global $hesk_settings, $hesklang;
// Get default settings
$hesk_default = hesk_defaultSettings();
// Set a new version number
$hesk_settings['hesk_version'] = HESK_NEW_VERSION;
// Correct typos in variable names before 2.4
$hesk_settings['smtp_host_port'] = isset($hesk_settings['stmp_host_port']) ? $hesk_settings['stmp_host_port'] : 25;
$hesk_settings['smtp_timeout'] = isset($hesk_settings['stmp_timeout']) ? $hesk_settings['stmp_timeout'] : 10;
$hesk_settings['smtp_user'] = isset($hesk_settings['stmp_user']) ? $hesk_settings['stmp_user'] : '';
$hesk_settings['smtp_password'] = isset($hesk_settings['stmp_password']) ? $hesk_settings['stmp_password'] : '';
// Assign all required values
foreach ($hesk_default as $k => $v) {
if (is_array($v)) {
// Arrays will be processed separately
continue;
}
if (!isset($hesk_settings[$k])) {
$hesk_settings[$k] = $v;
}
}
// Arrays need special care
$hesk_settings['attachments'] = isset($hesk_settings['attachments']) ? $hesk_settings['attachments'] : $hesk_default['attachments'];
$hesk_settings['email_providers'] = isset($hesk_settings['email_providers']) ? $hesk_settings['email_providers'] : $hesk_default['email_providers'];
// Attachments max size must be multiplied by 1024 since version 2.4
if ($hesk_settings['attachments']['max_size'] < 102400) {
$hesk_settings['attachments']['max_size'] = $hesk_settings['attachments']['max_size'] * 1024;
}
// Custom fields
for ($i = 1; $i <= 20; $i++) {
$this_field = 'custom' . $i;
if (isset($hesk_settings['custom_fields'][$this_field]) && $hesk_settings['custom_fields'][$this_field]['use']) {
if (!isset($hesk_settings['custom_fields'][$this_field]['place'])) {
$hesk_settings['custom_fields'][$this_field]['place'] = 0;
$hesk_settings['custom_fields'][$this_field]['type'] = 'text';
$hesk_settings['custom_fields'][$this_field]['value'] = '';
}
$hesk_settings['custom_fields'][$this_field]['name'] = addslashes($hesk_settings['custom_fields'][$this_field]['name']);
$hesk_settings['custom_fields'][$this_field]['value'] = addslashes($hesk_settings['custom_fields'][$this_field]['value']);
} else {
$hesk_settings['custom_fields'][$this_field] = $hesk_default['custom_fields'][$this_field];
}
}
// Encode and escape characters
$set = $hesk_settings;
foreach ($hesk_settings as $k => $v) {
if (is_array($v)) {
continue;
}
$set[$k] = addslashes($v);
}
$set['debug_mode'] = 0;
$set['email_providers'] = count($hesk_settings['email_providers']) ? "'" . implode("','", $hesk_settings['email_providers']) . "'" : '';
// Check if PHP version is 5.2.3+ and MySQL is 5.0.7+
$res = hesk_dbQuery('SELECT VERSION() AS version');
$set['db_vrsn'] = version_compare(PHP_VERSION, '5.2.3') >= 0 && version_compare(hesk_dbResult($res), '5.0.7') >= 0 ? 1 : 0;
hesk_iSaveSettingsFile($set);
return true;
}
hesk_removeAttachments($attachments);
}
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999));
}
/* Connect to database */
hesk_dbConnect();
// Check if this IP is temporarily locked out
$res = hesk_dbQuery("SELECT `number` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' AND `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW() LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
if (hesk_dbResult($res) >= $hesk_settings['attempt_limit']) {
unset($_SESSION);
hesk_error(sprintf($hesklang['yhbb'], $hesk_settings['attempt_banmin']), 0);
}
}
/* Get details about the original ticket */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='{$trackingID}' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($res);
/* If we require e-mail to view tickets check if it matches the one in database */
hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']);
/* Ticket locked? */
if ($ticket['locked']) {
hesk_process_messages($hesklang['tislock2'], 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999));
while ($row = hesk_dbFetchAssoc($res2)) {
$admins[$row['id']] = $row['name'];
}
}
/* List of categories */
$orderBy = $modsForHesk_settings['category_order_column'];
$hesk_settings['categories'] = array();
$res2 = hesk_dbQuery('SELECT `id`, `name` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` WHERE ' . hesk_myCategories('id') . ' ORDER BY `' . $orderBy . '` ASC');
while ($row = hesk_dbFetchAssoc($res2)) {
$hesk_settings['categories'][$row['id']] = $row['name'];
}
/* Current MySQL time */
$mysql_time = hesk_dbTime();
/* Get number of tickets and page number */
$result = hesk_dbQuery($sql_count);
$total = hesk_dbResult($result);
//-- Precondition: The panel has already been created, and there is NO open <div class="panel-body"> tag yet.
echo '<div class="panel-body">';
if ($total > 0) {
/* This query string will be used to browse pages */
if ($href == 'show_tickets.php') {
#$query = 'status='.$status;
$query = '';
$query .= 's' . implode('=1&s', array_keys($status)) . '=1';
$query .= '&p' . implode('=1&p', array_keys($priority)) . '=1';
$query .= '&category=' . $category;
$query .= '&sort=' . $sort;
$query .= '&asc=' . $asc;
$query .= '&limit=' . $maxresults;
$query .= '&archive=' . $archive[1];
$query .= '&s_my=' . $s_my[1];
function hesk_checkNewMail()
{
global $hesk_settings, $hesklang;
$res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `to`='" . intval($_SESSION['id']) . "' AND `read`='0' AND `deletedby`!='" . intval($_SESSION['id']) . "' ");
$num = hesk_dbResult($res, 0, 0);
return $num;
}
hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
}
/* Delete attachments info from the database */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
}
}
/* Delete this reply */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
/* Reply wasn't deleted */
if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['repl1'], $_SERVER['PHP_SELF']);
} else {
/* Reply deleted. Need to update status and last replier? */
$res = hesk_dbQuery("SELECT `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` DESC LIMIT 1");
if (hesk_dbNumRows($res)) {
$replier_id = hesk_dbResult($res, 0, 0);
$last_replier = $replier_id ? 1 : 0;
/* Change status? */
$status_sql = '';
if ($last_reply_id == $n) {
$status = $ticket['locked'] ? 3 : ($last_replier ? 2 : 1);
$status_sql = " , `status`='" . intval($status) . "' ";
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='" . intval($replier_id) . "' {$status_sql} WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
} else {
$status = $ticket['locked'] ? 3 : 0;
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='{$status}' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
}
hesk_process_messages($hesklang['repl'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
} else {
