function hesk_isLoggedIn() { global $hesk_settings; $referer = hesk_input($_SERVER['REQUEST_URI']); $referer = str_replace('&', '&', $referer); if (empty($_SESSION['id']) || empty($_SESSION['session_verify'])) { if ($hesk_settings['autologin'] && hesk_autoLogin(1)) { // Users online if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_initOnline($_SESSION['id']); } return true; } hesk_session_stop(); $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } else { hesk_session_regenerate_id(); // Let's make sure access data is up-to-date $res = hesk_dbQuery("SELECT `user`, `pass`, `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1"); // Exit if user not found if (hesk_dbNumRows($res) != 1) { hesk_session_stop(); $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } // Fetch results from database $me = hesk_dbFetchAssoc($res); // Verify this session is still valid if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) { hesk_session_stop(); $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } // Update session variables as needed if ($me['isadmin'] == 1) { $_SESSION['isadmin'] = 1; } else { $_SESSION['isadmin'] = 0; $_SESSION['categories'] = explode(',', $me['categories']); $_SESSION['heskprivileges'] = $me['heskprivileges']; } // Users online if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_initOnline($_SESSION['id']); } return true; } }
function hesk_iSessionError() { hesk_session_stop(); hesk_iHeader(); ?> <br /> <div class="error"> <img src="<?php echo HESK_PATH; ?> img/error.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> <b>Error:</b> PHP sessions not working!<br /><br />Note that this is a server configuration issue, not a HESK issue.<br /><br />Please contact your hosting company and ask them to verify why PHP sessions aren't working on your server! </div> <br /> <form method="get" action="<?php echo INSTALL_PAGE; ?> "> <p align="center"><input type="submit" value="« Start over" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /></p> </form> <?php hesk_iFooter(); }
function hesk_isLoggedIn() { global $hesk_settings; $referer = hesk_input($_SERVER['REQUEST_URI']); $referer = str_replace('&', '&', $referer); if (empty($_SESSION['id'])) { if ($hesk_settings['autologin'] && hesk_autoLogin(1)) { // Users online if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_initOnline($_SESSION['id']); } return true; } // Some pages cannot be redirected to $modify_redirect = array('admin_reply_ticket.php' => 'admin_main.php', 'admin_settings_save.php' => 'admin_settings.php', 'delete_tickets.php' => 'admin_main.php', 'move_category.php' => 'admin_main.php', 'priority.php' => 'admin_main.php'); foreach ($modify_redirect as $from => $to) { if (strpos($referer, $from) !== false) { $referer = $to; } } $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } else { hesk_session_regenerate_id(); // Need to update permissions? if (empty($_SESSION['isadmin'])) { $res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $me = hesk_dbFetchAssoc($res); foreach ($me as $k => $v) { $_SESSION[$k] = $v; } // Get allowed categories if (empty($_SESSION['isadmin'])) { $_SESSION['categories'] = explode(',', $_SESSION['categories']); } } else { hesk_session_stop(); $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } } // Users online if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_initOnline($_SESSION['id']); } return true; } }
function logout() { global $hesk_settings, $hesklang; if (!hesk_token_check('GET', 0)) { print_login(); exit; } /* Delete from Who's online database */ if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_setOffline($_SESSION['id']); } /* Destroy session and cookies */ hesk_session_stop(); /* If we're using the security image for admin login start a new session */ if ($hesk_settings['secimg_use'] == 2) { hesk_session_start(); } /* Show success message and reset the cookie */ hesk_process_messages($hesklang['logout_success'], 'NOREDIRECT', 'SUCCESS'); setcookie('hesk_p', ''); /* Print the login form */ print_login(); exit; }
* any other medium. In all cases copyright and header must remain intact. * This Copyright is in full effect in any country that has International * Trade Agreements with the United States of America or * with the European Union. * Removing any of the copyright notices without purchasing a license * is expressly forbidden. To remove HESK copyright notice you must purchase * a license for this script. For more information on how to obtain * a license please visit the page below: * https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); require HESK_PATH . 'install/install_functions.inc.php'; // Reset installation steps hesk_session_stop(); hesk_iHeader(); ?> <h3>Thank you for downloading HESK!</h3> <p>This script will help you install and configure HESK <?php echo HESK_NEW_VERSION; ?> </p> <hr /> <form method="get" action="install.php"> <p align="center"><input type="submit" value="New install »" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /></p> <p align="center">Install a new copy of HESK on your server</p>