function hesk_processMessage($msg, $ticket, $is_admin, $is_ticket, $just_message, $isForHtml = 0)
{
    global $hesk_settings, $hesklang, $modsForHesk_settings;
    /* Return just the message without any processing? */
    if ($just_message) {
        return $msg;
    }
    // Convert any entities in site title to plain text
    $hesk_settings['site_title'] = hesk_msgToPlain($hesk_settings['site_title'], 1);
    /* If it's not a ticket-related mail (like "a new PM") just process quickly */
    if (!$is_ticket) {
        $trackingURL = $hesk_settings['hesk_url'] . '/' . $hesk_settings['admin_dir'] . '/mail.php?a=read&id=' . intval($ticket['id']);
        $msg = str_replace('%%NAME%%', $ticket['name'], $msg);
        $msg = str_replace('%%SUBJECT%%', $ticket['subject'], $msg);
        $msg = str_replace('%%TRACK_URL%%', $trackingURL, $msg);
        $msg = str_replace('%%SITE_TITLE%%', $hesk_settings['site_title'], $msg);
        $msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
        if (isset($ticket['message'])) {
            if ($isForHtml) {
                $htmlMessage = nl2br($ticket['message']);
                return str_replace('%%MESSAGE%%', $htmlMessage, $msg);
            }
            return str_replace('%%MESSAGE%%', $ticket['message'], $msg);
        } else {
            return $msg;
        }
    }
    // Is email required to view ticket (for customers only)?
    $hesk_settings['e_param'] = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($ticket['email']) : '';
    /* Generate the ticket URLs */
    $trackingURL = $hesk_settings['hesk_url'];
    $trackingURL .= $is_admin ? '/' . $hesk_settings['admin_dir'] . '/admin_ticket.php' : '/ticket.php';
    $trackingURL .= '?track=' . $ticket['trackid'] . ($is_admin ? '' : $hesk_settings['e_param']) . '&Refresh=' . rand(10000, 99999);
    /* Set category title */
    $ticket['category'] = hesk_msgToPlain(hesk_getCategoryName($ticket['category']), 1);
    /* Set priority title */
    switch ($ticket['priority']) {
        case 0:
            $ticket['priority'] = $hesklang['critical'];
            break;
        case 1:
            $ticket['priority'] = $hesklang['high'];
            break;
        case 2:
            $ticket['priority'] = $hesklang['medium'];
            break;
        default:
            $ticket['priority'] = $hesklang['low'];
    }
    /* Get owner name */
    $ticket['owner'] = hesk_msgToPlain(hesk_getOwnerName($ticket['owner']), 1);
    /* Set status */
    $statusRs = hesk_dbQuery("SELECT `Key` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `ID` = " . $ticket['status']);
    $row = hesk_dbFetchAssoc($statusRs);
    $ticket['status'] = $hesklang[$row['Key']];
    /* Replace all special tags */
    $msg = str_replace('%%NAME%%', $ticket['name'], $msg);
    $msg = str_replace('%%SUBJECT%%', $ticket['subject'], $msg);
    $msg = str_replace('%%TRACK_ID%%', $ticket['trackid'], $msg);
    $msg = str_replace('%%TRACK_URL%%', $trackingURL, $msg);
    $msg = str_replace('%%SITE_TITLE%%', $hesk_settings['site_title'], $msg);
    $msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
    $msg = str_replace('%%CATEGORY%%', $ticket['category'], $msg);
    $msg = str_replace('%%PRIORITY%%', $ticket['priority'], $msg);
    $msg = str_replace('%%OWNER%%', $ticket['owner'], $msg);
    $msg = str_replace('%%STATUS%%', $ticket['status'], $msg);
    $msg = str_replace('%%EMAIL%%', $ticket['email'], $msg);
    $msg = str_replace('%%CREATED%%', $ticket['dt'], $msg);
    $msg = str_replace('%%UPDATED%%', $ticket['lastchange'], $msg);
    $msg = str_replace('%%ID%%', $ticket['id'], $msg);
    /* All custom fields */
    foreach ($hesk_settings['custom_fields'] as $k => $v) {
        if ($v['use']) {
            if ($v['type'] == 'checkbox') {
                $ticket[$k] = str_replace("<br />", "\n", $ticket[$k]);
            }
            $msg = str_replace('%%' . strtoupper($k) . '%%', stripslashes($ticket[$k]), $msg);
        } else {
            $msg = str_replace('%%' . strtoupper($k) . '%%', '', $msg);
        }
    }
    // Is message tag in email template?
    if (strpos($msg, '%%MESSAGE%%') !== false) {
        // Replace message
        if ($isForHtml) {
            $htmlMessage = nl2br($ticket['message']);
            $msg = str_replace('%%MESSAGE%%', $htmlMessage, $msg);
        } else {
            $msg = str_replace('%%MESSAGE%%', $ticket['message'], $msg);
        }
        // Add direct links to any attachments at the bottom of the email message OR add them as attachments, depending on the settings
        // if ($modsForHesk_settings['attachments'] == 'inline' (other is 'attachment') {...}
        if ($hesk_settings['attachments']['use'] && isset($ticket['attachments']) && strlen($ticket['attachments'])) {
            if (!$modsForHesk_settings['attachments']) {
                if ($isForHtml) {
                    $msg .= "<br><br><br>" . $hesklang['fatt'];
                } else {
                    $msg .= "\n\n\n" . $hesklang['fatt'];
                }
                $att = explode(',', substr($ticket['attachments'], 0, -1));
                foreach ($att as $myatt) {
                    list($att_id, $att_name, $saved_name) = explode('#', $myatt);
                    if ($isForHtml) {
                        $msg .= "<br><br>" . $att_name . "<br>";
                    } else {
                        $msg .= "\n\n" . $att_name . "\n";
                    }
                    $msg .= $hesk_settings['hesk_url'] . '/download_attachment.php?att_id=' . $att_id . '&track=' . $ticket['trackid'] . $hesk_settings['e_param'];
                }
            }
            // If attachments setting is set to 1, we'll add the attachments separately later; otherwise we'll duplicate the number of attachments.
        }
        // For customer notifications: if we allow email piping/pop 3 fetching and
        // stripping quoted replies add an "reply above this line" tag
        if (!$is_admin && ($hesk_settings['email_piping'] || $hesk_settings['pop3']) && $hesk_settings['strip_quoted']) {
            $msg = $hesklang['EMAIL_HR'] . "\n\n" . $msg;
        }
    }
    return $msg;
}
Esempio n. 2
0
hesk_isLoggedIn();
/* Check permissions */
$can_view_tickets = hesk_checkPermission('can_view_tickets', 0);
$can_reply_tickets = hesk_checkPermission('can_reply_tickets', 0);
$can_view_unassigned = hesk_checkPermission('can_view_unassigned', 0);
/* Update profile? */
if (!empty($_POST['action'])) {
    // Demo mode
    if (defined('HESK_DEMO')) {
        hesk_process_messages($hesklang['sdemo'], 'profile.php', 'NOTICE');
    }
    // Update profile
    update_profile();
} else {
    $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
    $tmp = hesk_dbFetchAssoc($res);
    foreach ($tmp as $k => $v) {
        if ($k == 'pass') {
            if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
                define('WARN_PASSWORD', true);
            }
            continue;
        } elseif ($k == 'categories') {
            continue;
        }
        $_SESSION['new'][$k] = $v;
    }
}
if (!isset($_SESSION['new']['username'])) {
    $_SESSION['new']['username'] = '';
}
Esempio n. 3
0
function hesk_printCustomerTicketReplies()
{
    global $hesklang, $hesk_settings, $result, $reply, $trackingID, $unread_replies;
    $i = $hesk_settings['new_top'] ? 0 : 1;
    while ($reply = hesk_dbFetchAssoc($result)) {
        if ($i) {
            $color = 'class="ticketrow"';
            $i = 0;
        } else {
            $color = 'class="ticketalt"';
            $i = 1;
        }
        /* Store unread reply IDs for later */
        if ($reply['staffid'] && !$reply['read']) {
            $unread_replies[] = $reply['id'];
        }
        $reply['dt'] = hesk_date($reply['dt']);
        ?>
		<tr>
			<td <?php 
        echo $color;
        ?>
>

				<table border="0" cellspacing="0" cellpadding="0" width="100%">
					<tr>
						<td valign="top">
							<table border="0" cellspacing="1">
								<tr>
									<td><?php 
        echo $hesklang['date'];
        ?>
:</td>
									<td><?php 
        echo $reply['dt'];
        ?>
</td>
								</tr>
								<tr>
									<td><?php 
        echo $hesklang['name'];
        ?>
:</td>
									<td><?php 
        echo $reply['name'];
        ?>
</td>
								</tr>
							</table>
						</td>
						<td style="text-align:right; vertical-align:top;">
							<?php 
        echo hesk_getCustomerButtons($i);
        ?>
						</td>
					</tr>
				</table>

			<p><b><?php 
        echo $hesklang['message'];
        ?>
:</b></p>
			<p><?php 
        echo $reply['message'];
        ?>
</p>

			<?php 
        /* Attachments */
        hesk_listAttachments($reply['attachments'], $i);
        /* Staff rating */
        if ($hesk_settings['rating'] && $reply['staffid']) {
            if ($reply['rating'] == 1) {
                echo '<p class="rate">' . $hesklang['rnh'] . '</p>';
            } elseif ($reply['rating'] == 5) {
                echo '<p class="rate">' . $hesklang['rh'] . '</p>';
            } else {
                echo '
					<div id="rating' . $reply['id'] . '" class="rate">
					' . $hesklang['r'] . '
					<a href="Javascript:void(0)" onclick="Javascript:hesk_rate(\'rate.php?rating=5&amp;id=' . $reply['id'] . '&amp;track=' . $trackingID . '\',\'rating' . $reply['id'] . '\')">' . strtolower($hesklang['yes']) . '</a> /
					<a href="Javascript:void(0)" onclick="Javascript:hesk_rate(\'rate.php?rating=1&amp;id=' . $reply['id'] . '&amp;track=' . $trackingID . '\',\'rating' . $reply['id'] . '\')">' . strtolower($hesklang['no']) . '</a>
					</div>
					';
            }
        }
        ?>
	        </td>
        </tr>
        <?php 
    }
    return $i;
}
Esempio n. 4
0
} else {
    $status = 1;
    $tmp = $hesklang['tlock'];
    $revision = sprintf($hesklang['thist5'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    $closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' ';
    // Notify customer of closed ticket?
    if ($hesk_settings['notify_closed']) {
        // Get ticket info
        $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
        if (hesk_dbNumRows($result) != 1) {
            hesk_error($hesklang['ticket_not_found']);
        }
        $ticket = hesk_dbFetchAssoc($result);
        $closedStatusRS = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsClosed` = 1');
        $ticketIsOpen = true;
        while ($row = hesk_dbFetchAssoc($closedStatusRS)) {
            if ($ticket['status'] == $row['ID']) {
                $ticketIsOpen = false;
            }
        }
        // Notify customer, but only if ticket is not already closed
        if ($ticketIsOpen) {
            require HESK_PATH . 'inc/email_functions.inc.php';
            $ticket['dt'] = hesk_date($ticket['dt'], true);
            $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
            hesk_notifyCustomer('ticket_closed');
        }
    }
}
/* Update database */
$statusSql = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `LockedTicketStatus` = 1';
Esempio n. 5
0
        ?>
:</td>
		<td><?php 
        echo hesk_unhortenUrl($ticket[$k]);
        ?>
</td>
	</tr>
	<?php 
    }
}
// Close ticket head table
echo '</table>';
// Print initial ticket message
echo '<p>' . hesk_unhortenUrl($ticket['message']) . '</p>';
// Print replies
while ($reply = hesk_dbFetchAssoc($res)) {
    $reply['dt'] = hesk_date($reply['dt'], true);
    echo '
    <hr />

	<table border="0">
	<tr>
		<td>' . $hesklang['date'] . ':</td>
		<td>' . $reply['dt'] . '</td>
	</tr>
	<tr>
		<td>' . $hesklang['name'] . ':</td>
		<td>' . $reply['name'] . '</td>
	</tr>
	</table>
Esempio n. 6
0
    hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
// Demo mode
if (defined('HESK_DEMO')) {
    $ticket['email'] = '*****@*****.**';
}
/* Is this user allowed to view tickets inside this category? */
hesk_okCategory($ticket['category']);
if (hesk_isREQUEST('reply')) {
    $tmpvar['id'] = intval(hesk_REQUEST('reply')) or die($hesklang['id_not_valid']);
    $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='{$tmpvar['id']}' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
        hesk_error($hesklang['id_not_valid']);
    }
    $reply = hesk_dbFetchAssoc($result);
    $ticket['message'] = $reply['message'];
    $is_reply = 1;
}
if (isset($_POST['save'])) {
    /* A security check */
    hesk_token_check('POST');
    $hesk_error_buffer = array();
    if ($is_reply) {
        $tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
        if (count($hesk_error_buffer)) {
            $myerror = '<ul>';
            foreach ($hesk_error_buffer as $error) {
                $myerror .= "<li>{$error}</li>\n";
            }
            $myerror .= '</ul>';
Esempio n. 7
0
function forgot_tid()
{
    global $hesk_settings, $hesklang;
    require HESK_PATH . 'inc/email_functions.inc.php';
    $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
    if (isset($_POST['open_only'])) {
        $hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0;
    }
    /* Prepare ticket statuses */
    $my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']);
    /* Get ticket(s) from database */
    hesk_load_database_functions();
    hesk_dbConnect();
    // Get tickets from the database
    $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC ');
    $num = hesk_dbNumRows($res);
    if ($num < 1) {
        if ($hesk_settings['open_only']) {
            hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email);
        } else {
            hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email);
        }
    }
    $tid_list = '';
    $name = '';
    $email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : '';
    while ($my_ticket = hesk_dbFetchAssoc($res)) {
        $name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0);
        $tid_list .= "\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\n";
    }
    /* Get e-mail message for customer */
    $msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1);
    $msg = str_replace('%%NAME%%', $name, $msg);
    $msg = str_replace('%%NUM%%', $num, $msg);
    $msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg);
    $msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg);
    $msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
    $subject = hesk_getEmailSubject('forgot_ticket_id');
    /* Send e-mail */
    hesk_mail($email, $subject, $msg);
    /* Show success message */
    $tmp = '<b>' . $hesklang['tid_sent'] . '!</b>';
    $tmp .= '<br />&nbsp;<br />' . $hesklang['tid_sent2'] . '.';
    $tmp .= '<br />&nbsp;<br />' . $hesklang['check_spambox'];
    hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS');
    exit;
}
        $selected = $row['id'] == $category ? 'selected="selected"' : '';
        $category_options .= '<option value="' . $row['id'] . '" ' . $selected . '>' . $row['name'] . '</option>';
    }
} else {
    $res2 = hesk_dbQuery('SELECT `id`, `name` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` WHERE ' . hesk_myCategories('id') . ' ORDER BY `cat_order` ASC');
    while ($row = hesk_dbFetchAssoc($res2)) {
        $row['name'] = strlen($row['name']) > 30 ? substr($row['name'], 0, 30) . '...' : $row['name'];
        $selected = $row['id'] == $category ? 'selected="selected"' : '';
        $category_options .= '<option value="' . $row['id'] . '" ' . $selected . '>' . $row['name'] . '</option>';
    }
}
/* List of staff */
if ($can_view_ass_others && !isset($admins)) {
    $admins = array();
    $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ORDER BY `name` ASC");
    while ($row = hesk_dbFetchAssoc($res2)) {
        $admins[$row['id']] = $row['name'];
    }
}
$more = empty($_GET['more']) ? 0 : 1;
$more2 = empty($_GET['more2']) ? 0 : 1;
#echo "SQL: $sql";
?>

<!-- ** START SHOW TICKET FORM ** -->
<div class="panel panel-default">
<div class="panel-heading">
    <h4><?php 
echo $hesklang['show_tickets'];
?>
</h4>
Esempio n. 9
0
function hesk_ticketsByDay()
{
    global $hesk_settings, $hesklang, $date_from, $date_to, $can_run_reports_full;
    $tickets = array();
    $totals = array('all' => 0, 'resolved' => 0, 'worked' => 0);
    $dt = DateArray($date_from, $date_to);
    // Pre-populate date values
    foreach ($dt as $day) {
        $tickets[$day] = array('all' => 0, 'resolved' => 0, 'worked' => '');
    }
    // SQL query for all
    $res = hesk_dbQuery("SELECT DATE(`dt`) AS `mydt`, COUNT(*) AS `cnt`" . ($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '') . " FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE " . ($can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'") . " AND {$hesk_settings['dt_sql']} GROUP BY `mydt`");
    // Update ticket values
    while ($row = hesk_dbFetchAssoc($res)) {
        if (!$hesk_settings['time_worked']) {
            $row['seconds_worked'] = 0;
        }
        $tickets[$row['mydt']]['all'] += $row['cnt'];
        $tickets[$row['mydt']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0;
        $totals['all'] += $row['cnt'];
        $totals['worked'] += $row['seconds_worked'];
    }
    // SQL query for resolved
    $res = hesk_dbQuery("SELECT DATE(`dt`) AS `mydt`, COUNT(*) AS `cnt` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE " . ($can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'") . " AND `status`='3' AND {$hesk_settings['dt_sql']} GROUP BY `mydt`");
    // Update ticket values
    while ($row = hesk_dbFetchAssoc($res)) {
        $tickets[$row['mydt']]['resolved'] += $row['cnt'];
        $totals['resolved'] += $row['cnt'];
    }
    // Convert total seconds worked to HH:MM:SS
    $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;
    ?>
	    <table width="100%" cellpadding="5" style="text-align:justify;border-collapse:collapse;padding:10px;">
	      <tr style="border-bottom:1px solid #000000;">
	        <td><?php 
    echo $hesklang['date'];
    ?>
</td>
	        <td><?php 
    echo $hesklang['atik'];
    ?>
</td>
	        <td><?php 
    echo $hesklang['topen'];
    ?>
</td>
	        <td><?php 
    echo $hesklang['closed'];
    ?>
</td>
			<?php 
    if ($hesk_settings['time_worked']) {
        echo '<td>' . $hesklang['ts'] . '</td>';
    }
    ?>
	      </tr>

	<?php 
    $num_tickets = count($tickets);
    if ($num_tickets > 10) {
        ?>
	      <tr style="border-bottom:1px solid #000000;">
	        <td><b><?php 
        echo $hesklang['totals'];
        ?>
</b></td>
	        <td><b><?php 
        echo $totals['all'];
        ?>
</b></td>
	        <td><b><?php 
        echo $totals['all'] - $totals['resolved'];
        ?>
</b></td>
	        <td><b><?php 
        echo $totals['resolved'];
        ?>
</b></td>
			<?php 
        if ($hesk_settings['time_worked']) {
            echo '<td><b>' . $totals['worked'] . '</b></td>';
        }
        ?>
	      </tr>
	<?php 
    }
    $cls = '';
    foreach ($tickets as $k => $d) {
        $cls = $cls ? '' : 'style="background:#EEEEE8;"';
        ?>
	      <tr <?php 
        echo $cls;
        ?>
>
	        <td><?php 
        echo hesk_dateToString($k);
        ?>
</td>
	        <td><?php 
        echo $d['all'];
        ?>
</td>
	        <td><?php 
        echo $d['all'] - $d['resolved'];
        ?>
</td>
	        <td><?php 
        echo $d['resolved'];
        ?>
</td>
			<?php 
        if ($hesk_settings['time_worked']) {
            echo '<td>' . $d['worked'] . '</td>';
        }
        ?>
	      </tr>
	    <?php 
    }
    ?>
	      <tr style="border-top:1px solid #000000;">
	        <td><b><?php 
    echo $hesklang['totals'];
    ?>
</b></td>
	        <td><b><?php 
    echo $totals['all'];
    ?>
</b></td>
	        <td><b><?php 
    echo $totals['all'] - $totals['resolved'];
    ?>
</b></td>
	        <td><b><?php 
    echo $totals['resolved'];
    ?>
</b></td>
			<?php 
    if ($hesk_settings['time_worked']) {
        echo '<td><b>' . $totals['worked'] . '</b></td>';
    }
    ?>
	      </tr>
	    </table>

	    <p>&nbsp;</p>
    <?php 
}
Esempio n. 10
0
function print_login()
{
    global $hesk_settings, $hesklang;
    // Tell header to load reCaptcha API if needed
    if ($hesk_settings['recaptcha_use'] == 2) {
        define('RECAPTCHA', 1);
    }
    $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['admin_login'];
    require_once HESK_PATH . 'inc/header.inc.php';
    if (hesk_isREQUEST('notice')) {
        hesk_process_messages($hesklang['session_expired'], 'NOREDIRECT');
    }
    if (!isset($_SESSION['a_iserror'])) {
        $_SESSION['a_iserror'] = array();
    }
    ?>
    <div class="loginError"><?php 
    /* This will handle error, success and notice messages */
    hesk_handle_messages();
    ?>
</div>
    <div>
    <div class="panel panel-default form-signin">
        <div class="panel-heading">
            <h4><span <?php 
    echo $iconDisplay;
    ?>
><span class="mega-octicon octicon-sign-in"></span>&nbsp;</span><?php 
    echo $hesklang['admin_login'];
    ?>
</a></h4>
        </div>
        <div class="panel-body">
            <form class="form-signin form-horizontal" role="form" action="index.php" method="post" name="form1">
                <?php 
    if (in_array('pass', $_SESSION['a_iserror'])) {
        echo '<div class="form-group has-error">';
    } else {
        echo '<div class="form-group">';
    }
    ?>
                <label for="user" class="col-sm-4 control-label"><?php 
    echo $hesklang['username'];
    ?>
:</label>
                <div class="col-sm-8">
                    <?php 
    if (defined('HESK_USER')) {
        $savedUser = HESK_USER;
    } else {
        $savedUser = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
    }
    $is_1 = '';
    $is_2 = '';
    $is_3 = '';
    $remember_user = hesk_POST('remember_user');
    if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN')) {
        $is_1 = 'checked="checked"';
    } elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER') {
        $is_2 = 'checked="checked"';
    } else {
        $is_3 = 'checked="checked"';
    }
    if ($hesk_settings['list_users']) {
        echo '<select class="form-control" name="user">';
        $res = hesk_dbQuery('SELECT `user` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` ORDER BY `user` ASC');
        while ($row = hesk_dbFetchAssoc($res)) {
            $sel = strtolower($savedUser) == strtolower($row['user']) ? 'selected="selected"' : '';
            echo '<option value="' . $row['user'] . '" ' . $sel . '>' . $row['user'] . '</option>';
        }
        echo '</select>';
    } else {
        echo '<input class="form-control" type="text" name="user" size="35" placeholder="' . htmlspecialchars($hesklang['username']) . '" value="' . $savedUser . '" />';
    }
    ?>
                </div>
            </div>
            <?php 
    if (in_array('pass', $_SESSION['a_iserror'])) {
        echo '<div class="form-group has-error">';
    } else {
        echo '<div class="form-group">';
    }
    ?>
            <label for="pass" class="col-sm-4 control-label"><?php 
    echo $hesklang['pass'];
    ?>
:</label>
            <div class="col-sm-8">
                <input type="password" class="form-control" id="pass" name="pass" size="35" placeholder="<?php 
    echo htmlspecialchars($hesklang['pass']);
    ?>
"  />
            </div>
        </div>
            <?php 
    if ($hesk_settings['secimg_use'] == 2) {
        // SPAM prevention verified for this session
        if (isset($_SESSION['img_a_verified'])) {
            echo '<img src="' . HESK_PATH . 'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> ' . $hesklang['vrfy'];
        } elseif ($hesk_settings['recaptcha_use'] == 1) {
            ?>
                    <script type="text/javascript">
                        var RecaptchaOptions = {
                            theme : '<?php 
            echo isset($_SESSION['a_iserror']) && in_array('mysecnum', $_SESSION['a_iserror']) ? 'red' : 'white';
            ?>
',
                            custom_translations : {
                                visual_challenge : "<?php 
            echo hesk_slashJS($hesklang['visual_challenge']);
            ?>
",
                                audio_challenge : "<?php 
            echo hesk_slashJS($hesklang['audio_challenge']);
            ?>
",
                                refresh_btn : "<?php 
            echo hesk_slashJS($hesklang['refresh_btn']);
            ?>
",
                                instructions_visual : "<?php 
            echo hesk_slashJS($hesklang['instructions_visual']);
            ?>
",
                                instructions_context : "<?php 
            echo hesk_slashJS($hesklang['instructions_context']);
            ?>
",
                                instructions_audio : "<?php 
            echo hesk_slashJS($hesklang['instructions_audio']);
            ?>
",
                                help_btn : "<?php 
            echo hesk_slashJS($hesklang['help_btn']);
            ?>
",
                                play_again : "<?php 
            echo hesk_slashJS($hesklang['play_again']);
            ?>
",
                                cant_hear_this : "<?php 
            echo hesk_slashJS($hesklang['cant_hear_this']);
            ?>
",
                                incorrect_try_again : "<?php 
            echo hesk_slashJS($hesklang['incorrect_try_again']);
            ?>
",
                                image_alt_text : "<?php 
            echo hesk_slashJS($hesklang['image_alt_text']);
            ?>
"
                            }
                        };
                    </script>
                    <?php 
            require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
            echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">';
            echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
            echo '</div></div>';
        } elseif ($hesk_settings['recaptcha_use'] == 2) {
            ?>
                    <div class="form-group">
                        <div class="col-md-8 col-md-offset-4">
                            <div class="g-recaptcha" data-sitekey="<?php 
            echo $hesk_settings['recaptcha_public_key'];
            ?>
"></div>
                        </div>
                    </div>
                <?php 
        } else {
            echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">';
            $cls = in_array('mysecnum', $_SESSION['a_iserror']) ? ' class="isError" ' : '';
            echo $hesklang['sec_enter'] . '<br />&nbsp;<br /><img src="' . HESK_PATH . 'print_sec_img.php?' . rand(10000, 99999) . '" width="150" height="40" alt="' . $hesklang['sec_img'] . '" title="' . $hesklang['sec_img'] . '" border="1" name="secimg" style="vertical-align:text-bottom" /> ' . '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\'' . HESK_PATH . 'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="' . HESK_PATH . 'img/reload.png" height="24" width="24" alt="' . $hesklang['reload'] . '" title="' . $hesklang['reload'] . '" border="0" style="vertical-align:text-bottom" /></a>' . '<br />&nbsp;<br /><input type="text" name="mysecnum" size="20" maxlength="5" ' . $cls . ' />';
            echo '</div></div>';
        }
    }
    // End if $hesk_settings['secimg_use'] == 2
    if ($hesk_settings['autologin']) {
        ?>
                <div class="form-group">
                    <div class="col-md-offset-4 col-md-8">
                        <div class="radio">
                            <label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php 
        echo $is_1;
        ?>
 /> <?php 
        echo $hesklang['autologin'];
        ?>
</label>
                        </div>
                        <div class="radio">
                            <label><input type="radio" name="remember_user" value="JUSTUSER" <?php 
        echo $is_2;
        ?>
 /> <?php 
        echo $hesklang['just_user'];
        ?>
</label>
                        </div>
                        <div class="radio">
                            <label><input type="radio" name="remember_user" value="NOTHANKS" <?php 
        echo $is_3;
        ?>
 /> <?php 
        echo $hesklang['nothx'];
        ?>
</label>
                        </div>
                    </div>
                </div>
            <?php 
    } else {
        ?>
                <div class="form-group">
                    <div class="col-md-offset-4 col-md-8">
                        <div class="checkbox">
                            <label><input type="checkbox" name="remember_user" value="JUSTUSER" <?php 
        echo $is_2;
        ?>
 /> <?php 
        echo $hesklang['remember_user'];
        ?>
</label>
                        </div>
                    </div>
                </div>
            <?php 
    }
    // End if $hesk_settings['autologin']
    ?>
            <div class="form-group">
                <div class="col-md-offset-4 col-md-8">
                    <input type="submit" value="<?php 
    echo $hesklang['click_login'];
    ?>
" class="btn btn-default" />
                    <input type="hidden" name="a" value="do_login" />
                    <?php 
    if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) {
        echo '<input type="hidden" name="goto" value="' . $url . '" />';
    }
    // Do we allow staff password reset?
    if ($hesk_settings['reset_pass']) {
        echo '<br />&nbsp;<br /><a href="password.php" class="smaller">' . $hesklang['fpass'] . '</a>';
    }
    ?>
                </div>
            </div>

            </form>
        </div>
    </div>

    </div>

    <p>&nbsp;</p>

	<?php 
    hesk_cleanSessionVars('a_iserror');
    require_once HESK_PATH . 'inc/footer.inc.php';
    exit;
}
Esempio n. 11
0
function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority = -1)
{
    global $hesk_settings, $hesklang, $hesk_db_link, $ticket;
    // Process "Reply-To:" or "From:" email
    $tmpvar['email'] = isset($results['reply-to'][0]['address']) ? hesk_validateEmail($results['reply-to'][0]['address'], 'ERR', 0) : hesk_validateEmail($results['from'][0]['address'], 'ERR', 0);
    // Email missing, invalid or banned?
    if (!$tmpvar['email'] || hesk_isBannedEmail($tmpvar['email'])) {
        return hesk_cleanExit();
    }
    // Process "Reply-To:" or "From:" name, convert to UTF-8, set to "[Customer]" if not set
    if (isset($results['reply-to'][0]['name']) && strlen($results['reply-to'][0]['name'])) {
        $tmpvar['name'] = $results['reply-to'][0]['name'];
        if (!empty($results['reply-to'][0]['encoding'])) {
            $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['reply-to'][0]['encoding']);
        }
    } else {
        $tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde'];
        if (!empty($results['from'][0]['encoding'])) {
            $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']);
        }
    }
    $tmpvar['name'] = hesk_input($tmpvar['name'], '', '', 1, 50) or $tmpvar['name'] = $hesklang['pde'];
    // Process "To:" email (not yet implemented, for future use)
    // $tmpvar['to_email']	= hesk_validateEmail($results['to'][0]['address'],'ERR',0);
    // Process email subject, convert to UTF-8, set to "[Piped email]" if none set
    $tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem'];
    if (!empty($results['subject_encoding'])) {
        $tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']);
    }
    $tmpvar['subject'] = hesk_input($tmpvar['subject'], '', '', 1, 70) or $tmpvar['subject'] = $hesklang['pem'];
    // Process email message, convert to UTF-8
    $tmpvar['message'] = isset($results['message']) ? $results['message'] : '';
    if (!empty($results['encoding'])) {
        $tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']);
    }
    $tmpvar['message'] = hesk_input($tmpvar['message'], '', '', 1);
    // Message missing?
    if (strlen($tmpvar['message']) == 0) {
        // Message required? Ignore this email.
        if ($hesk_settings['eml_req_msg']) {
            return hesk_cleanExit();
        }
        // Message not required? Assign a default message
        $tmpvar['message'] = $hesklang['def_msg'];
        // Track duplicate emails based on subject
        $message_hash = md5($tmpvar['subject']);
    } else {
        $message_hash = md5($tmpvar['message']);
    }
    // Strip quoted reply from email
    $tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']);
    // Convert URLs to links, change newlines to <br />
    $tmpvar['message'] = hesk_makeURL($tmpvar['message']);
    $tmpvar['message'] = nl2br($tmpvar['message']);
    # For debugging purposes
    # die( bin2hex($tmpvar['message']) );
    # die($tmpvar['message']);
    // Try to detect "delivery failed" and "noreply" emails - ignore if detected
    if (hesk_isReturnedEmail($tmpvar)) {
        return hesk_cleanExit();
    }
    // Check for email loops
    if (hesk_isEmailLoop($tmpvar['email'], $message_hash)) {
        return hesk_cleanExit();
    }
    // OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket
    if (preg_match('/\\[#([A-Z0-9]{3}\\-[A-Z0-9]{3}\\-[A-Z0-9]{4})\\]/', str_replace(' ', '', $tmpvar['subject']), $matches)) {
        // We found a possible tracking ID
        $tmpvar['trackid'] = $matches[1];
        // Does it match one in the database?
        $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($tmpvar['trackid']) . "' LIMIT 1");
        if (hesk_dbNumRows($res)) {
            $ticket = hesk_dbFetchAssoc($res);
            // Do email addresses match?
            if (strpos(strtolower($ticket['email']), strtolower($tmpvar['email'])) === false) {
                $tmpvar['trackid'] = '';
            }
            // Is this ticket locked? Force create a new one if it is
            if ($ticket['locked']) {
                $tmpvar['trackid'] = '';
            }
        } else {
            $tmpvar['trackid'] = '';
        }
    }
    // If tracking ID is empty, generate a new one
    if (empty($tmpvar['trackid'])) {
        $tmpvar['trackid'] = hesk_createID();
        $is_reply = 0;
    } else {
        $is_reply = 1;
    }
    // Process attachments
    $tmpvar['attachmment_notices'] = '';
    $tmpvar['attachments'] = '';
    $num = 0;
    if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) {
        foreach ($results['attachments'] as $k => $v) {
            // Clean attachment names
            $myatt['real_name'] = hesk_cleanFileName($v['orig_name']);
            // Check number of attachments, delete any over max number
            if ($num >= $hesk_settings['attachments']['max_number']) {
                $tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n";
                continue;
            }
            // Check file extension
            $ext = strtolower(strrchr($myatt['real_name'], "."));
            if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) {
                $tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n";
                continue;
            }
            // Check file size
            $myatt['size'] = $v['size'];
            if ($myatt['size'] > $hesk_settings['attachments']['max_size']) {
                $tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n";
                continue;
            }
            // Generate a random file name
            $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789';
            $tmp = $useChars[mt_rand(0, 29)];
            for ($j = 1; $j < 10; $j++) {
                $tmp .= $useChars[mt_rand(0, 29)];
            }
            $myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext;
            // Rename the temporary file
            rename($v['stored_name'], HESK_PATH . $hesk_settings['attach_dir'] . '/' . $myatt['saved_name']);
            // Insert into database
            hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
            $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
            $num++;
        }
        if (strlen($tmpvar['attachmment_notices'])) {
            $tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'], '', '', 1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'], '', '', 1));
        }
    }
    // Delete the temporary files
    deleteAll($results['tempdir']);
    // If this is a reply add a new reply
    if ($is_reply) {
        // Set last replier name to customer name
        $ticket['lastreplier'] = $tmpvar['name'] == $hesklang['pde'] ? $tmpvar['email'] : $tmpvar['name'];
        // If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff"
        $ticket['status'] = $ticket['status'] ? 1 : 0;
        // Update ticket as necessary
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
        // If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened)
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' ");
        // Insert reply into database
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($ticket['lastreplier']) . "','" . hesk_dbEscape($tmpvar['message']) . "',NOW(),'" . hesk_dbEscape($tmpvar['attachments']) . "')");
        // --> Prepare reply message
        // 1. Generate the array with ticket info that can be used in emails
        $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($tmpvar['message']), 'attachments' => $tmpvar['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']);
        // 2. Add custom fields to the array
        foreach ($hesk_settings['custom_fields'] as $k => $v) {
            $info[$k] = $v['use'] ? $ticket[$k] : '';
        }
        // 3. Make sure all values are properly formatted for email
        $ticket = hesk_ticketToPlain($info, 1, 0);
        // --> Process custom fields before sending
        foreach ($hesk_settings['custom_fields'] as $k => $v) {
            $ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : '';
        }
        // --> If ticket is assigned just notify the owner
        if ($ticket['owner']) {
            hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
        } else {
            hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'");
        }
        return $ticket['trackid'];
    }
    // END REPLY
    // Not a reply, but a new ticket. Add it to the database
    $tmpvar['category'] = $set_category;
    $tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority;
    $_SERVER['REMOTE_ADDR'] = $hesklang['unknown'];
    // Auto assign tickets if aplicable
    $tmpvar['owner'] = 0;
    $tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date());
    $tmpvar['openedby'] = $pop3 ? -2 : -1;
    $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
    #print_r($autoassign_owner);
    if ($autoassign_owner) {
        $tmpvar['owner'] = $autoassign_owner['id'];
        $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
    }
    // Custom fields will be empty as there is no reliable way of detecting them
    foreach ($hesk_settings['custom_fields'] as $k => $v) {
        $tmpvar[$k] = '';
    }
    // Insert ticket to database
    $ticket = hesk_newTicket($tmpvar);
    // Notify the customer
    if ($hesk_settings['notify_new']) {
        $possible_SPAM = false;
        // Do we need to check subject for SPAM tags?
        if ($hesk_settings['notify_skip_spam']) {
            foreach ($hesk_settings['notify_spam_tags'] as $tag) {
                if (strpos($tmpvar['subject'], $tag) !== false) {
                    $possible_SPAM = true;
                    break;
                }
            }
        }
        // SPAM tags not found or not checked, send email
        if ($possible_SPAM === false) {
            hesk_notifyCustomer();
        }
    }
    // Need to notify staff?
    // --> From autoassign?
    if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) {
        hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
    } elseif (!$tmpvar['owner']) {
        hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' ");
    }
    return $ticket['trackid'];
}
Esempio n. 12
0
						<select class="form-control contact-newTicket" id="new-ticket-category" name="category" <?php 
if (in_array('category', $_SESSION['iserror'])) {
    echo ' class="isError" ';
} elseif (in_array('category', $_SESSION['isnotice'])) {
    echo ' class="isNotice" ';
}
?>
 >
							<?php 
// Show the "Click to select"?
if ($hesk_settings['select_cat']) {
    echo '<option value="">' . $hesklang['select'] . '</option>';
}
// List categories
$result = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` ORDER BY `cat_order` ASC');
while ($row = hesk_dbFetchAssoc($result)) {
    if (isset($_SESSION['as_category']) && $_SESSION['as_category'] == $row['id']) {
        $selected = ' selected="selected"';
    } else {
        $selected = '';
    }
    echo '<option value="' . $row['id'] . '"' . $selected . '>' . $row['name'] . '</option>';
}
?>
						</select>
					</div>
					
					<div class="form-inline new-ticket-contact-row">
						<label class="col-sm-2 control-label" for="new-ticket-priority"><?php 
echo $hesklang['priority'];
?>
Esempio n. 13
0
function hesk_fullyDeleteTicket()
{
    global $hesk_settings, $hesklang, $ticket;
    /* Delete attachment files */
    $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
    if (hesk_dbNumRows($res)) {
        $hesk_settings['server_path'] = dirname(dirname(__FILE__));
        while ($file = hesk_dbFetchAssoc($res)) {
            hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
        }
    }
    /* Delete attachments info from the database */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
    /* Delete the ticket */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($ticket['id']) . "'");
    /* Delete replies to the ticket */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "'");
    /* Delete ticket notes */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `ticket`='" . intval($ticket['id']) . "'");
    return true;
}
Esempio n. 14
0
    $ulist = implode(',', $u);
    $u_emails = hesk_dbQuery("SELECT `email` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` IN (" . $ulist . ")");
    //ndertojme template e emailit ne rastin kur SKA probleme
    $email_body = "<p> Përshendetje,</p>" . "<p> U Hap Ceshtja: " . hesk_POST('subject') . " me ID: " . $ticket['id'] . "</p>";
    $email_body .= "<div style='color:blue'>" . hesk_POST('message') . "</div>";
    $email_body .= "<p>Cështja u hap nga useri: " . hesk_POST('name') . "</p>";
    $email_body .= "<p>Ju do te njoftoheni me nje email per zgjidhjen e ceshtjes.</p>";
    $email_body .= "<p>Faleminderit!</p>";
    $email_body .= "<p>Stafi Commprog!</p>";
    //ndertojme template e emailit ne rastin kur KA probleme
    $email_body2 = "<p> Përshendetje,</p>" . "<p> U Hap Ceshtja: " . hesk_POST('subject') . " me ID: " . $ticket['id'] . "</p>";
    $email_body2 .= "<div style='color:blue'>" . hesk_POST('message') . "</div>";
    $email_body2 .= "<p>Cështja u hap nga useri: " . hesk_POST('name') . "</p>";
    $email_body2 .= "<p>KUJDES! Cështja nuk eshte e lidhur me nje projekt ne Impro. Beni lidhjen!</p>";
    $email_body2 .= "<p>Faleminderit!</p>";
    while ($u_email = hesk_dbFetchAssoc($u_emails)) {
        if (!empty($data)) {
            // Notify the customer
            hesk_notifyCustomer();
            hesk_mail($u_email['email'], hesk_POST('subject'), $email_body);
        } else {
            hesk_mail($u_email['email'], hesk_POST('subject'), $email_body2);
        }
    }
}
// Need to notify staff?
// --> From autoassign?
if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) {
    hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
} elseif (!$tmpvar['owner']) {
    hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' ");
function hesk_kbLatestArticles($how_many, $index = 1)
{
    global $hesk_settings, $hesklang;
    // Index page or KB main page?
    if ($index) {
        // Disabled?
        if (!$hesk_settings['kb_index_latest']) {
            return true;
        }
        // Show title in italics
        $font_weight = 'i';
    } else {
        // Disabled?
        if (!$hesk_settings['kb_latest']) {
            return true;
        }
        // Show title in bold
        $font_weight = 'b';
        // Print a line for spacing if we don't show popular articles
        if (!$hesk_settings['kb_popart']) {
            echo '<hr />';
        }
    }
    ?>

    <table border="0" width="100%">
	<tr>
	<td>&raquo; <<?php 
    echo $font_weight;
    ?>
><?php 
    echo $hesklang['latart'];
    ?>
</<?php 
    echo $font_weight;
    ?>
></td>

	<?php 
    /* Show number of views? */
    if ($hesk_settings['kb_date']) {
        echo '<td style="text-align:right"><i>' . $hesklang['dta'] . '</i></td>';
    }
    ?>

	</tr>
	</table>

	<?php 
    /* Get list of articles from the database */
    $res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`subject`,`t1`.`dt` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t1`\r\n\t\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`\r\n\t\t\tWHERE `t1`.`type`='0' AND `t2`.`type`='0'\r\n\t\t\tORDER BY `t1`.`dt` DESC LIMIT " . intval($how_many));
    /* If no results found end here */
    if (hesk_dbNumRows($res) == 0) {
        echo '<p><i>' . $hesklang['noa'] . '</i><br />&nbsp;</p>';
        return true;
    }
    /* We have some results, print them out */
    ?>
    <div align="center">
    <table border="0" cellspacing="1" cellpadding="3" width="100%">
    <?php 
    while ($article = hesk_dbFetchAssoc($res)) {
        echo '
		<tr>
		<td>
		<table border="0" width="100%" cellspacing="0" cellpadding="0">
		<tr>
		<td width="1" valign="top"><img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" /></td>
		<td valign="top">&nbsp;<a href="knowledgebase.php?article=' . $article['id'] . '">' . $article['subject'] . '</a></td>
		';
        if ($hesk_settings['kb_date']) {
            echo '<td valign="top" style="text-align:right" width="200">' . hesk_date($article['dt'], true) . '</td>';
        }
        echo '
		</tr>
		</table>
		</td>
		</tr>
		';
    }
    ?>

    </table>
    </div>

    &nbsp;

    <?php 
}
Esempio n. 16
0
        echo '<option value=' . $tmp["user"] . '>';
    }
    ?>
				</datalist>
				<input placeholder="Select by client" type="text" list="ticket_klient_list" name="search_by_client_open_ticket" <?php 
    if (isset($_POST["search_by_client_open_ticket"])) {
        echo "value='" . $_POST["search_by_client_open_ticket"] . "'";
    }
    ?>
 class="form-control-1 ticket_id_list_style" />

			<?php 
    echo "<select class='form-control-1 ticket_id_list_style' name='search_by_ticket_category' id='ticket_cat_list'>";
    // list box select command
    echo "<option value=''>Select category</option>";
    while ($tmp = hesk_dbFetchAssoc($sql_category)) {
        if (isset($_POST["search_by_ticket_category"]) && $_POST["search_by_ticket_category"] == $tmp['id']) {
            echo "<option selected=selected value={$tmp['id']}> {$tmp['name']} </option>";
        } else {
            echo "<option value={$tmp['id']}> {$tmp['name']} </option>";
        }
    }
    echo "</select>";
    ?>
			<?php 
    echo "<select class='form-control-1' name='search_by_ticket_status' id='ticket_status_list'>";
    // list box select command
    echo "<option value=''>Select status</option>";
    echo "<option value='0'";
    if (isset($_POST["search_by_ticket_status"]) && $_POST["search_by_ticket_status"] == '0') {
        echo "selected=selected";
Esempio n. 17
0
 foreach ($hesk_settings['custom_fields'] as $k => $v) {
     if ($v['use']) {
         $tmp .= '<Cell><Data ss:Type="String">' . $v['name'] . '</Data></Cell>' . "\n";
     }
 }
 $tmp .= "</Row>\n";
 // Write what we have by now into the XML file
 file_put_contents($save_to, $tmp, FILE_APPEND);
 $flush_me .= hesk_date() . " | {$hesklang['gXML']}<br />\n";
 // OK, now start dumping data and writing it into the file
 $tickets_exported = 0;
 $save_after = 100;
 $this_round = 0;
 $tmp = '';
 $result = hesk_dbQuery($sql);
 while ($ticket = hesk_dbFetchAssoc($result)) {
     switch ($ticket['status']) {
         case 0:
             $ticket['status'] = $hesklang['open'];
             break;
         case 1:
             $ticket['status'] = $hesklang['wait_reply'];
             break;
         case 2:
             $ticket['status'] = $hesklang['replied'];
             break;
         case 4:
             $ticket['status'] = $hesklang['in_progress'];
             break;
         case 5:
             $ticket['status'] = $hesklang['on_hold'];
Esempio n. 18
0
function order_cat()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check();
    $catid = intval(hesk_GET('catid')) or hesk_error($hesklang['cat_move_id']);
    $_SESSION['selcat2'] = $catid;
    $cat_move = intval(hesk_GET('move'));
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=`cat_order`+" . intval($cat_move) . " WHERE `id`='" . intval($catid) . "' LIMIT 1");
    if (hesk_dbAffectedRows() != 1) {
        hesk_error("{$hesklang['int_error']}: {$hesklang['cat_not_found']}.");
    }
    /* Update all category fields with new order */
    $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ORDER BY `cat_order` ASC");
    $i = 10;
    while ($mycat = hesk_dbFetchAssoc($res)) {
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($mycat['id']) . "' LIMIT 1");
        $i += 10;
    }
    header('Location: manage_categories.php');
    exit;
}
$res = hesk_dbQuery("SELECT `id`, `subject`, `content` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('" . hesk_dbEscape($query) . "') LIMIT " . intval($hesk_settings['kb_search_limit']));
$num = hesk_dbNumRows($res);
/* Solve some spacing issues */
if (hesk_isREQUEST('p')) {
    echo '&nbsp;<br />';
}
/* Return found articles */
?>
<div class="conatiner notice">
<span style="font-size:12px;font-weight:bold"><?php 
echo $hesklang['sc'];
?>
:</span><br />&nbsp;<br />
    <?php 
if (!$num) {
    echo '<i>' . $hesklang['nsfo'] . '</i>';
} else {
    while ($article = hesk_dbFetchAssoc($res)) {
        $txt = strip_tags($article['content']);
        if (strlen($txt) > $hesk_settings['kb_substrart']) {
            $txt = substr($txt, 0, $hesk_settings['kb_substrart']) . '...';
        }
        echo '
			<a href="knowledgebase_private.php?article=' . $article['id'] . '&amp;suggest=1" target="_blank">' . $article['subject'] . '</a>
		    <br />' . $txt . '<br /><br />';
    }
}
?>
</div>
<?php 
exit;
Esempio n. 20
0
function mail_list_messages()
{
    global $hesk_settings, $hesklang, $admins;
    $href = 'mail.php';
    $query = '';
    if ($hesk_settings['mailtmp']['folder'] == 'outbox') {
        $query .= 'folder=outbox&amp;';
    }
    $query .= 'page=';
    $maxresults = 30;
    $tmp = intval(hesk_POST('page', 1));
    $page = $tmp > 1 ? $tmp : 1;
    /* List of private messages */
    $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `" . hesk_dbEscape($hesk_settings['mailtmp']['this']) . "`='" . intval($_SESSION['id']) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "'");
    $total = hesk_dbResult($res, 0, 0);
    if ($total > 0) {
        $pages = ceil($total / $maxresults) or $pages = 1;
        if ($page > $pages) {
            $page = $pages;
        }
        $limit_down = $page * $maxresults - $maxresults;
        $prev_page = $page - 1 <= 0 ? 0 : $page - 1;
        $next_page = $page + 1 > $pages ? 0 : $page + 1;
        if ($pages > 1) {
            echo $hesklang['pg'] . ': ';
            /* List pages */
            if ($pages >= 7) {
                if ($page > 2) {
                    echo '<a href="' . $href . '?' . $query . '1"><b>&laquo;</b></a> &nbsp; ';
                }
                if ($prev_page) {
                    echo '<a href="' . $href . '?' . $query . $prev_page . '"><b>&lsaquo;</b></a> &nbsp; ';
                }
            }
            for ($i = 1; $i <= $pages; $i++) {
                if ($i <= $page + 5 && $i >= $page - 5) {
                    if ($i == $page) {
                        echo ' <b>' . $i . '</b> ';
                    } else {
                        echo ' <a href="' . $href . '?' . $query . $i . '">' . $i . '</a> ';
                    }
                }
            }
            if ($pages >= 7) {
                if ($next_page) {
                    echo ' &nbsp; <a href="' . $href . '?' . $query . $next_page . '"><b>&rsaquo;</b></a> ';
                }
                if ($page < $pages - 1) {
                    echo ' &nbsp; <a href="' . $href . '?' . $query . $pages . '"><b>&raquo;</b></a>';
                }
            }
            echo '<br />&nbsp;';
        }
        // end PAGES > 1
        // Get messages from the database
        $res = hesk_dbQuery("SELECT `id`, `from`, `to`, `subject`, `dt`, `read` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `" . hesk_dbEscape($hesk_settings['mailtmp']['this']) . "`='" . intval($_SESSION['id']) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "' ORDER BY `id` DESC LIMIT " . intval($limit_down) . " , " . intval($maxresults) . " ");
        ?>

		<form action="mail.php<?php 
        if ($hesk_settings['mailtmp']['folder'] == 'outbox') {
            echo '?folder=outbox';
        }
        ?>
" name="form1" method="post">

		<div class="container table-responsive">
			<table class="table table-bordered table-hover" style="background: #E0EEEE;">
				<tr>
					<th class="admin_white" style="width:1px"><input type="checkbox" name="checkall" value="2" onclick="hesk_changeAll(this)" /></th>
					<th class="admin_white" style="text-align:left; white-space:nowrap;"><?php 
        echo $hesklang['m_sub'];
        ?>
</th>
					<th class="admin_white" style="text-align:left; white-space:nowrap;"><?php 
        echo $hesk_settings['mailtmp']['m_from'];
        ?>
</th>
					<th class="admin_white" style="text-align:left; white-space:nowrap;"><?php 
        echo $hesklang['date'];
        ?>
</th>
				</tr>

				<?php 
        $i = 0;
        while ($pm = hesk_dbFetchAssoc($res)) {
            if ($i) {
                $color = "admin_gray";
                $i = 0;
            } else {
                $color = "admin_white";
                $i = 1;
            }
            $pm['subject'] = '<a href="mail.php?a=read&amp;id=' . $pm['id'] . '">' . $pm['subject'] . '</a>';
            if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read']) {
                $pm['subject'] = '<b>' . $pm['subject'] . '</b>';
            }
            $pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&amp;id=' . $pm[$hesk_settings['mailtmp']['other']] . '">' . $admins[$pm[$hesk_settings['mailtmp']['other']]] . '</a>' : ($pm['from'] == 9999 ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']);
            $pm['dt'] = hesk_dateToString($pm['dt'], 0, 0, 0, true);
            echo <<<EOC
\t\t\t\t\t<tr>
\t\t\t\t\t<td class="{$color}" style="text-align:left; white-space:nowrap;"><input type="checkbox" name="id[]" value="{$pm['id']}" />&nbsp;</td>
\t\t\t\t\t<td class="{$color}">{$pm['subject']}</td>
\t\t\t\t\t<td class="{$color}">{$pm['name']}</td>
\t\t\t\t\t<td class="{$color}">{$pm['dt']}</td>
\t\t\t\t\t</tr> 
EOC;
        }
        // End while
        ?>
				</table><!-- end table table-bordered table-hover table-responsive -->
			</div>

			<div class="container" align="right"><select name="a">
			<?php 
        if ($hesk_settings['mailtmp']['this'] == 'to') {
            ?>
				<option value="mark_read" selected="selected"><?php 
            echo $hesklang['mo1'];
            ?>
</option>
				<option value="mark_unread"><?php 
            echo $hesklang['mo2'];
            ?>
</option>
				<?php 
        }
        ?>
			<option value="delete"><?php 
        echo $hesklang['mo3'];
        ?>
</option>
			</select>
			<input type="hidden" name="token" value="<?php 
        hesk_token_echo();
        ?>
" />
			<input type="submit" value="<?php 
        echo $hesklang['execute'];
        ?>
" onclick="Javascript:if (document.form1.a.value=='delete') return hesk_confirmExecute('<?php 
        echo hesk_makeJsString($hesklang['mo3']);
        ?>
?');" class="btn btn-default" />

		</form>
<br/><br/>
		</div>
	    <?php 
    } else {
        echo '<div class="container"><i>' . $hesklang['npm'] . '</i></div><br/>';
    }
}
Esempio n. 21
0
function change_manager()
{
    global $hesklang, $hesk_settings;
    $catid = hesk_POST('catid');
    $newManagerId = hesk_POST('managerid');
    hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` SET `manager` = ' . intval($newManagerId) . ' WHERE `id` = ' . intval($catid));
    if (hesk_dbAffectedRows() != 1) {
        hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
    }
    if ($newManagerId == 0) {
        // There is no new manager.
        return;
    }
    // Add the category to the user's categories list, if not already present
    $currentCatRs = hesk_dbQuery('SELECT `categories` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` WHERE `id` = ' . intval($newManagerId));
    $currentCategories = hesk_dbFetchAssoc($currentCatRs);
    $categories = explode(',', $currentCategories['categories']);
    if (!in_array($catid, $categories)) {
        hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` SET `categories` = \'' . $currentCategories['categories'] . ',' . $catid . '\' WHERE `id` = ' . intval($newManagerId));
    }
    hesk_process_messages($hesklang['manager_updated'], './manage_categories.php', 'SUCCESS');
}
Esempio n. 22
0
     hesk_process_messages($hesklang['ehash'], 'NOREDIRECT');
 } else {
     // Get info from database
     $row = hesk_dbFetchAssoc($res);
     // Only allow resetting password from the same IP address that submitted password reset request
     if ($row['ip'] != $_SERVER['REMOTE_ADDR']) {
         hesk_limitBfAttempts();
         hesk_process_messages($hesklang['ehaip'], 'NOREDIRECT');
     } else {
         // Expire all verification hashes for this user
         hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` WHERE `user`=" . intval($row['user']));
         // Load additional required functions
         require HESK_PATH . 'inc/admin_functions.inc.php';
         // Get user details
         $res = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `id`=" . intval($row['user']) . " LIMIT 1");
         $row = hesk_dbFetchAssoc($res);
         foreach ($row as $k => $v) {
             $_SESSION[$k] = $v;
         }
         // Set a tag that will be used to expire sessions after username or password change
         $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['user'], $_SESSION['pass']);
         // We don't need the password hash anymore
         unset($_SESSION['pass']);
         // Clean brute force attempts
         hesk_cleanBfAttempts();
         // Regenerate session ID (security)
         hesk_session_regenerate_id();
         // Get allowed categories
         if (empty($_SESSION['isadmin'])) {
             $_SESSION['categories'] = explode(',', $_SESSION['categories']);
         }
Esempio n. 23
0
if (hesk_dbNumRows($res) != 1) {
    hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($res);
/* If we require e-mail to view tickets check if it matches the one in database */
hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']);
/* Ticket locked? */
if ($ticket['locked']) {
    hesk_process_messages($hesklang['tislock2'], 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999));
    exit;
}
// Prevent flooding ticket replies
$res = hesk_dbQuery("SELECT `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='{$ticket['id']}' AND `dt` > DATE_SUB(NOW(), INTERVAL 10 MINUTE) ORDER BY `id` ASC");
if (hesk_dbNumRows($res) > 0) {
    $sequential_customer_replies = 0;
    while ($tmp = hesk_dbFetchAssoc($res)) {
        $sequential_customer_replies = $tmp['staffid'] ? 0 : $sequential_customer_replies + 1;
    }
    if ($sequential_customer_replies > 10) {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` (`ip`, `number`) VALUES ('" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "', " . intval($hesk_settings['attempt_limit'] + 1) . ")");
        hesk_error(sprintf($hesklang['yhbr'], $hesk_settings['attempt_banmin']), 0);
    }
}
/* Insert attachments */
if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
    foreach ($attachments as $myatt) {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('{$trackingID}','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
        $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
    }
}
// If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff"
Esempio n. 24
0
if (empty($_GET['locked'])) {
    $status = 0;
    $tmp = $hesklang['tunlock'];
    $revision = sprintf($hesklang['thist6'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    $closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
} else {
    $status = 1;
    $tmp = $hesklang['tlock'];
    $revision = sprintf($hesklang['thist5'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    $closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' ';
    // Notify customer of closed ticket?
    if ($hesk_settings['notify_closed']) {
        // Get ticket info
        $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
        if (hesk_dbNumRows($result) != 1) {
            hesk_error($hesklang['ticket_not_found']);
        }
        $ticket = hesk_dbFetchAssoc($result);
        // Notify customer, but only if ticket is not already closed
        if ($ticket['status'] != 3) {
            require HESK_PATH . 'inc/email_functions.inc.php';
            $ticket['dt'] = hesk_date($ticket['dt'], true);
            $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
            hesk_notifyCustomer('ticket_closed');
        }
    }
}
/* Update database */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3',`locked`='{$status}' {$closedby_sql} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
/* Back to ticket page and show a success message */
hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
Esempio n. 25
0
function update_sm_order()
{
    global $hesk_settings, $hesklang;
    // Get list of current service messages
    $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` ORDER BY `order` ASC");
    // Update database
    $i = 10;
    while ($sm = hesk_dbFetchAssoc($res)) {
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=" . intval($i) . " WHERE `id`='" . intval($sm['id']) . "' LIMIT 1");
        $i += 10;
    }
    return true;
}
Esempio n. 26
0
function hesk_listOnline($list_names = 1)
{
    global $hesk_settings, $hesklang, $hesk_db_link;
    $users_online = array();
    /* Clean expired entries */
    hesk_cleanOnline();
    /* Get a list of online users */
    /* --> With names */
    if ($list_names) {
        $res = hesk_dbQuery("SELECT `t1`.`user_id` , `t2`.`name` , `t2`.`isadmin` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "online` AS `t1` INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`user_id` = `t2`.`id`");
        while ($tmp = hesk_dbFetchAssoc($res)) {
            $users_online[$tmp['user_id']] = array('id' => $tmp['user_id'], 'name' => $tmp['name'], 'isadmin' => $tmp['isadmin']);
        }
    } else {
        $res = hesk_dbQuery("SELECT `user_id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "online`");
        while ($tmp = hesk_dbFetchAssoc($res)) {
            $users_online[] = $tmp['user_id'];
        }
    }
    return $users_online;
}
Esempio n. 27
0
function hesk_isLoggedIn()
{
    global $hesk_settings;
    $referer = hesk_input($_SERVER['REQUEST_URI']);
    $referer = str_replace('&amp;', '&', $referer);
    if (empty($_SESSION['id']) || empty($_SESSION['session_verify'])) {
        if ($hesk_settings['autologin'] && hesk_autoLogin(1)) {
            // Users online
            if ($hesk_settings['online']) {
                require HESK_PATH . 'inc/users_online.inc.php';
                hesk_initOnline($_SESSION['id']);
            }
            return true;
        }
        hesk_session_stop();
        $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
        header('Location: ' . $url);
        exit;
    } else {
        hesk_session_regenerate_id();
        // Let's make sure access data is up-to-date
        $res = hesk_dbQuery("SELECT `user`, `pass`, `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
        // Exit if user not found
        if (hesk_dbNumRows($res) != 1) {
            hesk_session_stop();
            $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
            header('Location: ' . $url);
            exit;
        }
        // Fetch results from database
        $me = hesk_dbFetchAssoc($res);
        // Verify this session is still valid
        if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) {
            hesk_session_stop();
            $url = 'index.php?a=login&notice=1&goto=' . urlencode($referer);
            header('Location: ' . $url);
            exit;
        }
        // Update session variables as needed
        if ($me['isadmin'] == 1) {
            $_SESSION['isadmin'] = 1;
        } else {
            $_SESSION['isadmin'] = 0;
            $_SESSION['categories'] = explode(',', $me['categories']);
            $_SESSION['heskprivileges'] = $me['heskprivileges'];
        }
        // Users online
        if ($hesk_settings['online']) {
            require HESK_PATH . 'inc/users_online.inc.php';
            hesk_initOnline($_SESSION['id']);
        }
        return true;
    }
}
function order_saved()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check();
    $tplid = intval(hesk_GET('replyid')) or hesk_error($hesklang['ticket_tpl_id']);
    $_SESSION['canned']['selcat2'] = $tplid;
    $tpl_move = intval(hesk_GET('move'));
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=`tpl_order`+" . intval($tpl_move) . " WHERE `id`='" . intval($tplid) . "' LIMIT 1");
    if (hesk_dbAffectedRows() != 1) {
        hesk_error("{$hesklang['int_error']}: {$hesklang['ticket_tpl_not_found']}.");
    }
    /* Update all category fields with new order */
    $result = hesk_dbQuery('SELECT `id` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'ticket_templates` ORDER BY `tpl_order` ASC');
    $i = 10;
    while ($mytpl = hesk_dbFetchAssoc($result)) {
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=" . intval($i) . " WHERE `id`='" . intval($mytpl['id']) . "' LIMIT 1");
        $i += 10;
    }
    header('Location: manage_ticket_templates.php');
    exit;
}
function hesk_show_kb_category($catid, $is_search = 0)
{
    global $hesk_settings, $hesklang;
    if ($is_search == 0) {
        /* Print header */
        require_once HESK_PATH . 'inc/header.inc.php';
        hesk_kb_header($hesk_settings['kb_link'], $catid);
        if ($catid == 1) {
            echo '<br/><div class="container priv-kb-text">' . $hesklang['priv'] . '</div><br/>';
        }
    }
    $res = hesk_dbQuery("SELECT `name`,`parent` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` WHERE `id`='" . intval($catid) . "' LIMIT 1");
    $thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']);
    if ($thiscat['parent']) {
        $link = $thiscat['parent'] == 1 ? 'knowledgebase_private.php' : 'knowledgebase_private.php?category=' . $thiscat['parent'];
        echo '<br/><div class="container homepageh3"> ' . $hesklang['kb_cat'] . ': ' . $thiscat['name'] . '</div><br/>
        <div class="container"><a href="javascript:history.go(-1)">' . '<button type="submit" class="btn btn-default goback-btn">' . $hesklang['back'] . '</button>' . '</a></div>
		';
    }
    $result = hesk_dbQuery("SELECT `id`,`name`,`articles`,`type` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` WHERE `parent`='" . intval($catid) . "' ORDER BY `parent` ASC, `cat_order` ASC");
    if (hesk_dbNumRows($result) > 0) {
        ?>

		<div class="container"><b><?php 
        echo $hesklang['kb_cat_sub'];
        ?>
:</b></div><br/>

	<div class="container">
		<?php 
        $per_col = $hesk_settings['kb_cols'];
        $i = 1;
        while ($cat = hesk_dbFetchAssoc($result)) {
            if ($i == 1) {
                echo '<tr>';
            }
            $private = $cat['type'] == 1 ? ' *' : '';
            echo '
		    <td width="50%" valign="top">
			<table border="0">
			<tr><td><img src="../img/folder.gif" width="20" height="20" alt="" style="vertical-align:middle" /><a href="knowledgebase_private.php?category=' . $cat['id'] . '">' . $cat['name'] . '</a>' . $private . '</td></tr>
			';
            /* Print most popular/sticky articles */
            if ($hesk_settings['kb_numshow'] && $cat['articles']) {
                $res = hesk_dbQuery("SELECT `id`,`subject`,`type` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($cat['id']) . "' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `views` DESC, `art_order` ASC LIMIT " . (intval($hesk_settings['kb_numshow']) + 1));
                $num = 1;
                while ($art = hesk_dbFetchAssoc($res)) {
                    $private = $art['type'] == 1 ? ' *' : '';
                    echo '
		            <tr>
		            <td><img src="../img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" />
		            <a href="knowledgebase_private.php?article=' . $art['id'] . '" class="article">' . $art['subject'] . '</a>' . $private . '</td>
		            </tr>';
                    if ($num == $hesk_settings['kb_numshow']) {
                        break;
                    } else {
                        $num++;
                    }
                }
                if (hesk_dbNumRows($res) > $hesk_settings['kb_numshow']) {
                    echo '<tr><td>&raquo; <a href="knowledgebase_private.php?category=' . $cat['id'] . '"><i>' . $hesklang['m'] . '</i></a></td></tr>';
                }
            }
            echo '
			</table>
		    </td>
			';
            if ($i == $per_col) {
                echo '</tr>';
                $i = 0;
            }
            $i++;
        }
        /* Finish the table if needed */
        if ($i != 1) {
            for ($j = 1; $j <= $per_col; $j++) {
                echo '<td width="50%">&nbsp;</td>';
                if ($i == $per_col) {
                    echo '</tr>';
                    break;
                }
                $i++;
            }
        }
        ?>
	</div>
	
	<?php 
    }
    // END if NumRows > 0
    ?>

	<br/>
	<div class="container articles_categ"><b><?php 
    echo $hesklang['ac'];
    ?>
</b></div>


	<div>
	<?php 
    $res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, " . max(200, $hesk_settings['kb_substrart'] * 2) . ") AS `content`, `rating`, `type` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `art_order` ASC");
    if (hesk_dbNumRows($res) == 0) {
        echo '<div class="container"><i>' . $hesklang['noac'] . '</i></div>';
    } else {
        echo '<div class="container table-responsive"><table class="table table-bordered" style="background-color: white;">';
        while ($article = hesk_dbFetchAssoc($res)) {
            $private = $article['type'] == 1 ? ' *' : '';
            $txt = hesk_kbArticleContentPreview($article['content']);
            echo '
				<tr>
				<td>
	                <table>
	                <tr>
	                <td width="1" valign="top"><img src="../img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" /></td>
	                <td valign="top"><a href="knowledgebase_private.php?article=' . $article['id'] . '">' . $article['subject'] . '</a>' . $private . '</td>
                    </tr>
	                </table>
	                <table border="0" width="100%" cellspacing="0" cellpadding="1">
	                <tr>
	                <td width="1" valign="top"><img src="../img/blank.gif" width="16" height="10" style="vertical-align:middle" alt="" /></td>
	                <td><span class="article_list" style="word-break: break-all;">' . $txt . '</span></td>
                    </tr>
	                </table>
	            </td>
				</tr>';
        }
        echo '</table></div>';
    }
    ?>

	</div>

<?php 
}
function delete_kb_attachments($attachments)
{
    global $hesk_settings, $hesklang;
    // If nothing to delete just return
    if (empty($attachments)) {
        return true;
    }
    // Do the delete
    $att = explode(',', substr($attachments, 0, -1));
    foreach ($att as $myatt) {
        list($att_id, $att_name) = explode('#', $myatt);
        // Get attachment saved name
        $result = hesk_dbQuery("SELECT `saved_name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
        if (hesk_dbNumRows($result) == 1) {
            $file = hesk_dbFetchAssoc($result);
            hesk_unlink(HESK_PATH . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
        }
        $result = hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
    }
    return true;
}