function new_sm()
{
global $hesk_settings, $hesklang, $listBox;
global $hesk_error_buffer;
// A security check
# hesk_token_check('POST');
$hesk_error_buffer = array();
$style = intval(hesk_POST('style', 0));
if ($style > 4 || $style < 0) {
$style = 0;
}
$type = empty($_POST['type']) ? 0 : 1;
$title = hesk_input(hesk_POST('title')) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
$message = hesk_getHTML(hesk_POST('message'));
// Any errors?
if (count($hesk_error_buffer)) {
$_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => hesk_input(hesk_POST('message')));
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'service_messages.php');
}
// Just preview the message?
if (isset($_POST['sm_preview'])) {
$_SESSION['preview_sm'] = true;
$_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => $message);
header('Location: service_messages.php');
exit;
}
// Get the latest service message order
$res = hesk_dbQuery("SELECT `order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` ORDER BY `order` DESC LIMIT 1");
$row = hesk_dbFetchRow($res);
$my_order = intval($row[0]) + 10;
// Insert service message into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` (`author`,`title`,`message`,`style`,`type`,`order`) VALUES (\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($title) . "',\n '" . hesk_dbEscape($message) . "',\n '{$style}',\n '{$type}',\n '{$my_order}'\n )");
$_SESSION['smord'] = hesk_dbInsertID();
hesk_process_messages($hesklang['sm_added'], 'service_messages.php', 'SUCCESS');
}
function new_saved()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check('POST');
$hesk_error_buffer = '';
$savename = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_title'] . '</li>';
$msg = hesk_input(hesk_POST('msg')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_msg'] . '</li>';
// Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
$msg = preg_replace('/\\R/u', "\r\n", $msg);
$_SESSION['canned']['what'] = 'NEW';
$_SESSION['canned']['name'] = $savename;
$_SESSION['canned']['msg'] = $msg;
/* Any errors? */
if (strlen($hesk_error_buffer)) {
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'manage_ticket_templates.php');
}
/* Get the latest tpl_order */
$result = hesk_dbQuery('SELECT `tpl_order` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'ticket_templates` ORDER BY `tpl_order` DESC LIMIT 1');
$row = hesk_dbFetchRow($result);
$my_order = $row[0] + 10;
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` (`title`,`message`,`tpl_order`) VALUES ('" . hesk_dbEscape($savename) . "','" . hesk_dbEscape($msg) . "','" . intval($my_order) . "')");
unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['name']);
unset($_SESSION['canned']['msg']);
hesk_process_messages($hesklang['ticket_tpl_saved'], 'manage_ticket_templates.php', 'SUCCESS');
}
function new_cat()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check('POST');
/* Options */
$_SESSION['cat_autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
$_SESSION['cat_type'] = hesk_POST('type') == 'Y' ? 1 : 0;
// Default priority
$_SESSION['cat_priority'] = intval(hesk_POST('priority', 3));
if ($_SESSION['cat_priority'] < 0 || $_SESSION['cat_priority'] > 3) {
$_SESSION['cat_priority'] = 3;
}
/* Category name */
$catname = hesk_input(hesk_POST('name'), $hesklang['enter_cat_name'], 'manage_categories.php');
/* Do we already have a category with this name? */
$res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `name` LIKE '" . hesk_dbEscape(hesk_dbLike($catname)) . "' LIMIT 1");
if (hesk_dbNumRows($res) != 0) {
$_SESSION['catname'] = $catname;
hesk_process_messages($hesklang['cndupl'], 'manage_categories.php');
}
/* Get the latest cat_order */
$res = hesk_dbQuery("SELECT `cat_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ORDER BY `cat_order` DESC LIMIT 1");
$row = hesk_dbFetchRow($res);
$my_order = $row[0] + 10;
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` (`name`,`cat_order`,`autoassign`,`type`, `priority`) VALUES ('" . hesk_dbEscape($catname) . "','" . intval($my_order) . "','" . intval($_SESSION['cat_autoassign']) . "','" . intval($_SESSION['cat_type']) . "','{$_SESSION['cat_priority']}')");
hesk_cleanSessionVars('catname');
hesk_cleanSessionVars('cat_autoassign');
hesk_cleanSessionVars('cat_type');
hesk_cleanSessionVars('cat_priority');
$_SESSION['selcat2'] = hesk_dbInsertID();
hesk_process_messages(sprintf($hesklang['cat_name_added'], '<i>' . stripslashes($catname) . '</i>'), 'manage_categories.php', 'SUCCESS');
}
function hesk_isEmailLoop($email, $message_hash)
{
global $hesk_settings, $hesklang, $hesk_db_link;
// If $hesk_settings['loop_hits'] is set to 0 this function is disabled
if (!$hesk_settings['loop_hits']) {
return false;
}
// Escape wildcards in email
$email_like = hesk_dbEscape(hesk_dbLike($email));
// Delete expired DB entries
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` WHERE `dt` < (NOW() - INTERVAL " . intval($hesk_settings['loop_time']) . " SECOND) ");
// Check current entry
$res = hesk_dbQuery("SELECT `hits`, `message_hash` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` WHERE `email` LIKE '{$email_like}' LIMIT 1");
// Any active entry*
if (hesk_dbNumRows($res)) {
list($num, $md5) = hesk_dbFetchRow($res);
$num++;
// Number of emails in a time period reached?
if ($num >= $hesk_settings['loop_hits']) {
return true;
}
// Message exactly the same as in previous email?
if ($message_hash == $md5) {
return true;
}
// Update DB entry
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '" . hesk_dbEscape($message_hash) . "' WHERE `email` LIKE '{$email_like}' LIMIT 1");
} else {
// First instance, insert a new database row
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` (`email`, `message_hash`) VALUES ('" . hesk_dbEscape($email) . "', '" . hesk_dbEscape($message_hash) . "')");
}
// No loop rule trigered
return false;
}
}
// Password
$_SESSION['admin_pass'] = hesk_input(hesk_POST('admin_pass'));
if (strlen($_SESSION['admin_pass']) == 0) {
$_SESSION['admin_pass'] = substr(str_shuffle("23456789abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ"), 0, mt_rand(8, 12));
}
// Password hash for the database
$_SESSION['admin_hash'] = hesk_Pass2Hash($_SESSION['admin_pass']);
$hesk_db_link = hesk_iTestDatabaseConnection();
// Get table prefix, don't allow any special chars
$hesk_settings['db_pfix'] = preg_replace('/[^0-9a-zA-Z_]/', '', hesk_POST('pfix', 'hesk_'));
// Generate HESK table names
$hesk_tables = array($hesk_settings['db_pfix'] . 'attachments', $hesk_settings['db_pfix'] . 'banned_emails', $hesk_settings['db_pfix'] . 'banned_ips', $hesk_settings['db_pfix'] . 'categories', $hesk_settings['db_pfix'] . 'kb_articles', $hesk_settings['db_pfix'] . 'kb_attachments', $hesk_settings['db_pfix'] . 'kb_categories', $hesk_settings['db_pfix'] . 'logins', $hesk_settings['db_pfix'] . 'mail', $hesk_settings['db_pfix'] . 'notes', $hesk_settings['db_pfix'] . 'online', $hesk_settings['db_pfix'] . 'pipe_loops', $hesk_settings['db_pfix'] . 'replies', $hesk_settings['db_pfix'] . 'reply_drafts', $hesk_settings['db_pfix'] . 'reset_password', $hesk_settings['db_pfix'] . 'service_messages', $hesk_settings['db_pfix'] . 'std_replies', $hesk_settings['db_pfix'] . 'tickets', $hesk_settings['db_pfix'] . 'ticket_templates', $hesk_settings['db_pfix'] . 'users');
// Check if any of the HESK tables exists
$res = hesk_dbQuery('SHOW TABLES FROM `' . hesk_dbEscape($hesk_settings['db_name']) . '`');
while ($row = hesk_dbFetchRow($res)) {
if (in_array($row[0], $hesk_tables)) {
hesk_iDatabase(2);
}
}
// All ok, let's save settings
hesk_iSaveSettings();
// Now install HESK database tables
hesk_iTables();
// And move to the next step
$_SESSION['step'] = 4;
}
// Which step are we at?
switch ($_SESSION['step']) {
case 2:
hesk_iCheckSetup();
// Lets handle ticket templates
$can_options = '';
// Get ticket templates from the database
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` ORDER BY `tpl_order` ASC");
// If we have any templates print them out
if (hesk_dbNumRows($res)) {
?>
<script language="javascript" type="text/javascript"><!--
// -->
var myMsgTxt = new Array();
var mySubjectTxt = new Array();
myMsgTxt[0]='';
mySubjectTxt[0]='';
<?php
while ($mysaved = hesk_dbFetchRow($res)) {
$can_options .= '<option value="' . $mysaved[0] . '">' . $mysaved[1] . "</option>\n";
echo 'myMsgTxt[' . $mysaved[0] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved[2])) . "';\n";
echo 'mySubjectTxt[' . $mysaved[0] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved[1])) . "';\n";
}
?>
function setMessage(msgid)
{
var myMsg=myMsgTxt[msgid];
var mySubject=mySubjectTxt[msgid];
if (myMsg == '')
{
if (document.form1.mode[1].checked)
{
function new_article()
{
global $hesk_settings, $hesklang, $listBox;
global $hesk_error_buffer;
/* A security check */
# hesk_token_check('POST');
$_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1);
$hesk_error_buffer = array();
$catid = intval(hesk_POST('catid', 1));
$type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1);
$html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1);
$now = hesk_date();
// Prevent submitting duplicate articles by reloading manage_knowledgebase.php page
if (isset($_SESSION['article_submitted'])) {
header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid);
exit;
}
$_SESSION['KB_CATEGORY'] = $catid;
$subject = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['kb_e_subj'];
if ($html) {
if (empty($_POST['content'])) {
$hesk_error_buffer[] = $hesklang['kb_e_cont'];
}
$content = hesk_getHTML(hesk_POST('content'));
} else {
$content = hesk_input(hesk_POST('content')) or $hesk_error_buffer[] = $hesklang['kb_e_cont'];
$content = nl2br($content);
$content = hesk_makeURL($content);
}
$sticky = isset($_POST['sticky']) ? 1 : 0;
$keywords = hesk_input(hesk_POST('keywords'));
/* Article attachments */
define('KB', 1);
require_once HESK_PATH . 'inc/posting_functions.inc.php';
require_once HESK_PATH . 'inc/attachments.inc.php';
$attachments = array();
for ($i = 1; $i <= 3; $i++) {
$att = hesk_uploadFile($i);
if (!empty($att)) {
$attachments[$i] = $att;
}
}
$myattachments = '';
/* Any errors? */
if (count($hesk_error_buffer)) {
// Remove any successfully uploaded attachments
if ($hesk_settings['attachments']['use']) {
hesk_removeAttachments($attachments);
}
$_SESSION['new_article'] = array('type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input(hesk_POST('content')), 'keywords' => $keywords, 'sticky' => $sticky);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'manage_knowledgebase.php');
}
$revision = sprintf($hesklang['revision1'], $now, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
/* Add to database */
if (!empty($attachments)) {
foreach ($attachments as $myatt) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
$myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
}
}
/* Get the latest reply_order */
$res = hesk_dbQuery("SELECT `art_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1");
$row = hesk_dbFetchRow($res);
$my_order = $row[0] + 10;
/* Insert article into database */
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES (\n '" . intval($catid) . "',\n NOW(),\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($subject) . "',\n '" . hesk_dbEscape($content) . "',\n '" . hesk_dbEscape($keywords) . "',\n '" . intval($type) . "',\n '" . intval($html) . "',\n '" . intval($sticky) . "',\n '" . intval($my_order) . "',\n '" . hesk_dbEscape($revision) . "',\n '" . hesk_dbEscape($myattachments) . "'\n )");
$_SESSION['artord'] = hesk_dbInsertID();
// Update category article count
if ($type == 0) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=`articles`+1 WHERE `id`='" . intval($catid) . "'");
} else {
if ($type == 1) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='" . intval($catid) . "'");
} else {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='" . intval($catid) . "'");
}
}
unset($_SESSION['hide']);
$_SESSION['article_submitted'] = 1;
hesk_process_messages($hesklang['your_kb_added'], 'NOREDIRECT', 'SUCCESS');
$_GET['catid'] = $catid;
manage_category();
}
function hesk_iDetectVersion()
{
global $hesk_settings, $hesklang;
// Get a list of tables from the database
$tables = array();
$res = hesk_dbQuery('SHOW TABLES FROM `' . hesk_dbEscape($hesk_settings['db_name']) . '`');
while ($row = hesk_dbFetchRow($res)) {
$tables[] = $row[0];
}
// Version 2.4/2.5 tables installed?
if (in_array($hesk_settings['db_pfix'] . 'pipe_loops', $tables)) {
// Version 2.4 didn't have articles_private in kb_categories
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` WHERE `id`=1 LIMIT 1");
$row = hesk_dbFetchAssoc($res);
if (isset($row['articles_private'])) {
// Version 2.5.0 doesn't have file "inc/zip/pclzip.lib.php"
if (!file_exists(HESK_PATH . 'inc/zip/pclzip.lib.php')) {
return '2.5';
} elseif (file_exists(HESK_PATH . 'inc/tiny_mce/3.5.9/tiny_mce.js')) {
return '2.5.2';
} else {
return '2.5.1';
}
} else {
return '2.4';
}
} elseif (in_array($hesk_settings['db_pfix'] . 'online', $tables) || in_array($hesk_settings['db_pfix'] . 'logins', $tables)) {
return '2.3';
} elseif (in_array($hesk_settings['db_pfix'] . 'mail', $tables)) {
return '2.2';
} elseif (in_array($hesk_settings['db_pfix'] . 'kb_attachments', $tables)) {
return '2.1';
} elseif (in_array($hesk_settings['db_pfix'] . 'kb_articles', $tables)) {
return '2.0';
} elseif (in_array('hesk_attachments', $tables)) {
return '0.94.1';
} elseif (in_array('hesk_std_replies', $tables)) {
return '0.94';
} else {
// If we don't have four basic tables this is not a valid HESK install
if (!in_array('hesk_categories', $tables) || !in_array('hesk_replies', $tables) || !in_array('hesk_tickets', $tables) || !in_array('hesk_users', $tables)) {
hesk_iDatabase(3);
}
// Version 0.90 didn't have the notify column in users table
$res = hesk_dbQuery("SELECT * FROM `hesk_users` WHERE `id`=1 LIMIT 1");
$row = hesk_dbFetchAssoc($res);
if (isset($row['notify'])) {
return '0.91-0.93.1';
} else {
// Wow, we found someone using the very first HESK version :-)
return '0.90';
}
}
}
function hesk_printCanned()
{
global $hesklang, $hesk_settings, $can_reply, $ticket, $admins;
/* Can user reply to tickets? */
if (!$can_reply) {
return '';
}
/* Get canned replies from the database */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` ORDER BY `reply_order` ASC");
/* If no canned replies return empty */
if (!hesk_dbNumRows($res)) {
return '';
}
/* We do have some replies, print the required Javascript and select field options */
$can_options = '';
?>
<script language="javascript" type="text/javascript"><!--
// -->
var myMsgTxt = new Array();
myMsgTxt[0]='';
<?php
while ($mysaved = hesk_dbFetchRow($res)) {
$can_options .= '<option value="' . $mysaved[0] . '">' . $mysaved[1] . "</option>\n";
echo 'myMsgTxt[' . $mysaved[0] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved[2])) . "';\n";
}
?>
function setMessage(msgid)
{
var myMsg=myMsgTxt[msgid];
if (myMsg == '')
{
if (document.form1.mode[1].checked)
{
document.getElementById('message').value = '';
}
return true;
}
myMsg = myMsg.replace(/%%HESK_ID%%/g, '<?php
echo hesk_jsString($ticket['id']);
?>
');
myMsg = myMsg.replace(/%%HESK_TRACKID%%/g, '<?php
echo hesk_jsString($ticket['trackid']);
?>
');
myMsg = myMsg.replace(/%%HESK_TRACK_ID%%/g, '<?php
echo hesk_jsString($ticket['trackid']);
?>
');
myMsg = myMsg.replace(/%%HESK_NAME%%/g, '<?php
echo hesk_jsString($ticket['name']);
?>
');
myMsg = myMsg.replace(/%%HESK_EMAIL%%/g, '<?php
echo hesk_jsString($ticket['email']);
?>
');
myMsg = myMsg.replace(/%%HESK_OWNER%%/g, '<?php
echo hesk_jsString(isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] : '');
?>
');
myMsg = myMsg.replace(/%%HESK_custom1%%/g, '<?php
echo hesk_jsString($ticket['custom1']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom2%%/g, '<?php
echo hesk_jsString($ticket['custom2']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom3%%/g, '<?php
echo hesk_jsString($ticket['custom3']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom4%%/g, '<?php
echo hesk_jsString($ticket['custom4']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom5%%/g, '<?php
echo hesk_jsString($ticket['custom5']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom6%%/g, '<?php
echo hesk_jsString($ticket['custom6']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom7%%/g, '<?php
echo hesk_jsString($ticket['custom7']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom8%%/g, '<?php
echo hesk_jsString($ticket['custom8']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom9%%/g, '<?php
echo hesk_jsString($ticket['custom9']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom10%%/g, '<?php
echo hesk_jsString($ticket['custom10']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom11%%/g, '<?php
echo hesk_jsString($ticket['custom11']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom12%%/g, '<?php
echo hesk_jsString($ticket['custom12']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom13%%/g, '<?php
echo hesk_jsString($ticket['custom13']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom14%%/g, '<?php
echo hesk_jsString($ticket['custom14']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom15%%/g, '<?php
echo hesk_jsString($ticket['custom15']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom16%%/g, '<?php
echo hesk_jsString($ticket['custom16']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom17%%/g, '<?php
echo hesk_jsString($ticket['custom17']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom18%%/g, '<?php
echo hesk_jsString($ticket['custom18']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom19%%/g, '<?php
echo hesk_jsString($ticket['custom19']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom20%%/g, '<?php
echo hesk_jsString($ticket['custom20']);
?>
');
if (document.getElementById)
{
if (document.getElementById('moderep').checked)
{
document.getElementById('HeskMsg').innerHTML='<textarea name="message" id="message" rows="12" cols="72">'+myMsg+'</textarea>';
}
else
{
var oldMsg = document.getElementById('message').value;
document.getElementById('HeskMsg').innerHTML='<textarea name="message" id="message" rows="12" cols="72">'+oldMsg+myMsg+'</textarea>';
}
}
else
{
if (document.form1.mode[0].checked)
{
document.form1.message.value=myMsg;
}
else
{
var oldMsg = document.form1.message.value;
document.form1.message.value=oldMsg+myMsg;
}
}
}
//-->
</script>
<?php
/* Return options for select box */
return $can_options;
}
function new_saved()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check('POST');
$hesk_error_buffer = '';
$savename = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_saved_title'] . '</li>';
$msg = hesk_input(hesk_POST('msg')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_saved_msg'] . '</li>';
$_SESSION['canned']['what'] = 'NEW';
$_SESSION['canned']['name'] = $savename;
$_SESSION['canned']['msg'] = $msg;
/* Any errors? */
if (strlen($hesk_error_buffer)) {
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'manage_canned.php');
}
/* Get the latest reply_order */
$result = hesk_dbQuery('SELECT `reply_order` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'std_replies` ORDER BY `reply_order` DESC LIMIT 1');
$row = hesk_dbFetchRow($result);
$my_order = $row[0] + 10;
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` (`title`,`message`,`reply_order`) VALUES ('" . hesk_dbEscape($savename) . "','" . hesk_dbEscape($msg) . "','" . intval($my_order) . "')");
unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['name']);
unset($_SESSION['canned']['msg']);
hesk_process_messages($hesklang['your_saved'], 'manage_canned.php', 'SUCCESS');
}