function do_login()
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = array();
$user = hesk_input(hesk_POST('user'));
if (empty($user)) {
$myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
$hesk_error_buffer['user'] = $myerror;
}
define('HESK_USER', $user);
$pass = hesk_input(hesk_POST('pass'));
if (empty($pass)) {
$hesk_error_buffer['pass'] = $hesklang['enter_pass'];
}
if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use']) {
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
if ($resp->is_valid) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} else {
$mysecnum = intval(hesk_POST('mysecnum', 0));
if (empty($mysecnum)) {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
} else {
require HESK_PATH . 'inc/secimg.inc.php';
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
/* Any missing fields? */
if (count($hesk_error_buffer) != 0) {
$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
print_login();
exit;
} elseif (isset($_SESSION['img_a_verified'])) {
unset($_SESSION['img_a_verified']);
}
/* User entered all required info, now lets limit brute force attempts */
hesk_limitBfAttempts();
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('user', 'pass');
hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
print_login();
exit;
}
$res = hesk_dbFetchAssoc($result);
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check password */
if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('pass');
hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
print_login();
exit;
}
$pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Remember username? */
if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
} elseif (hesk_POST('remember_user') == 'JUSTUSER') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', '');
} else {
// Expire cookie if set otherwise
setcookie('hesk_username', '');
setcookie('hesk_p', '');
}
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape(date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400)) . "'");
}
/* Redirect to the destination page */
if (hesk_isREQUEST('goto')) {
$url = hesk_REQUEST('goto');
$url = str_replace('&', '&', $url);
/* goto parameter can be set to the local domain only */
$myurl = parse_url($hesk_settings['hesk_url']);
$goto = parse_url($url);
if (isset($myurl['host']) && isset($goto['host'])) {
if (str_replace('www.', '', strtolower($myurl['host'])) != str_replace('www.', '', strtolower($goto['host']))) {
$url = 'admin_main.php';
}
}
header('Location: ' . $url);
} else {
header('Location: admin_main.php');
}
exit;
}
function show_message()
{
global $hesk_settings, $hesklang, $admins;
$id = intval(hesk_GET('id'));
/* Get the message details */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "' LIMIT 1");
$num = hesk_dbNumRows($res);
if ($num) {
$pm = hesk_dbFetchAssoc($res);
/* Allowed to read the message? */
if ($pm['to'] == $_SESSION['id']) {
if (!isset($_SESSION['mail']['subject'])) {
$_SESSION['mail']['subject'] = $hesklang['m_re'] . ' ' . $pm['subject'];
}
if (!isset($_SESSION['mail']['to'])) {
$_SESSION['mail']['to'] = $pm['from'];
}
} elseif ($pm['from'] == $_SESSION['id']) {
if (!isset($_SESSION['mail']['subject'])) {
$_SESSION['mail']['subject'] = $hesklang['m_fwd'] . ' ' . $pm['subject'];
}
if (!isset($_SESSION['mail']['to'])) {
$_SESSION['mail']['to'] = $pm['to'];
}
$hesk_settings['mailtmp']['this'] = 'from';
$hesk_settings['mailtmp']['other'] = 'to';
$hesk_settings['mailtmp']['m_from'] = $hesklang['m_to'];
$hesk_settings['mailtmp']['outbox'] = '<b>' . $hesklang['outbox'] . '</b>';
$hesk_settings['mailtmp']['inbox'] = '<a href="mail.php">' . $hesklang['inbox'] . '</a>';
$hesk_settings['mailtmp']['outbox'] = '<a href="mail.php?folder=outbox">' . $hesklang['outbox'] . '</a>';
} else {
hesk_process_message($hesklang['m_ena'], 'mail.php');
}
/* Mark as read */
if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read']) {
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' LIMIT 1");
}
$pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&id=' . $pm[$hesk_settings['mailtmp']['other']] . '">' . $admins[$pm[$hesk_settings['mailtmp']['other']]] . '</a>' : ($pm['from'] == 9999 ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']);
$pm['dt'] = hesk_dateToString($pm['dt'], 0, 1, 0, true);
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="7" height="7"><img src="../img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornerstop"></td>
<td><img src="../img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
<td class="roundcornersleft"> </td>
<td>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td valign="top">
<table border="0">
<tr>
<td><b><?php
echo $hesk_settings['mailtmp']['m_from'];
?>
</b></td>
<td><?php
echo $pm['name'];
?>
</td>
</tr>
<tr>
<td><b><?php
echo $hesklang['date'];
?>
</b></td>
<td><?php
echo $pm['dt'];
?>
</td>
</tr>
<tr>
<td><b><?php
echo $hesklang['m_sub'];
?>
</b></td>
<td><?php
echo $pm['subject'];
?>
</td>
</tr>
</table>
</td>
<td style="text-align:right; vertical-align:top;">
<?php
$folder = '&folder=outbox';
if ($pm['to'] == $_SESSION['id']) {
echo '<a href="mail.php?a=mark_unread&id=' . $id . '&token=' . hesk_token_echo(0) . '"><img src="../img/mail.png" width="16" height="16" alt="' . $hesklang['mau'] . '" title="' . $hesklang['mau'] . '" class="optionWhiteOFF" onmouseover="this.className=\'optionWhiteON\'" onmouseout="this.className=\'optionWhiteOFF\'" /></a> ';
$folder = '';
}
echo '<a href="mail.php?a=delete&id=' . $id . '&token=' . hesk_token_echo(0) . $folder . '" onclick="return hesk_confirmExecute(\'' . hesk_makeJsString($hesklang['delm']) . '?\');"><img src="../img/delete.png" width="16" height="16" alt="' . $hesklang['delm'] . '" title="' . $hesklang['delm'] . '" class="optionWhiteOFF" onmouseover="this.className=\'optionWhiteON\'" onmouseout="this.className=\'optionWhiteOFF\'" /></a>';
?>
</td>
</tr>
</table>
<hr />
<p><?php
echo $pm['message'];
?>
</p>
</td>
<td class="roundcornersright"> </td>
</tr>
<tr>
<td><img src="../img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornersbottom"></td>
<td width="7" height="7"><img src="../img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>
<br /><hr />
<?php
}
// END if $num
$_SESSION['hide']['list'] = 1;
}
if (empty($ticket['repliername'])) {
$ticket['repliername'] = $hesklang['staff'];
}
} else {
$ticket['repliername'] = $ticket['name'];
}
/* Get category name and ID */
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($ticket['category']) . "' LIMIT 1");
/* If this category has been deleted use the default category with ID 1 */
if (hesk_dbNumRows($result) != 1) {
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='1' LIMIT 1");
}
$category = hesk_dbFetchAssoc($result);
/* Get replies */
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` " . ($hesk_settings['new_top'] ? 'DESC' : 'ASC'));
$replies = hesk_dbNumRows($result);
$unread_replies = array();
// Demo mode
if (defined('HESK_DEMO')) {
$ticket['email'] = '*****@*****.**';
}
/* Print header */
require_once HESK_PATH . 'inc/header.inc.php';
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="3"><img src="img/headerleftsm.jpg" width="3" height="25" alt="" /></td>
<td class="headersm"><?php
hesk_showTopBar($hesklang['cid'] . ': ' . $trackingID);
?>
function update_profile()
{
global $hesk_settings, $hesklang, $can_view_unassigned;
/* A security check */
hesk_token_check('POST');
$sql_pass = '';
$sql_username = '';
$hesk_error_buffer = '';
$_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
$_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
$_SESSION['new']['signature'] = hesk_input(hesk_POST('signature'));
/* Signature */
if (strlen($_SESSION['new']['signature']) > 255) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
/* Admins can change username */
if ($_SESSION['isadmin']) {
$_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
/* Check for duplicate usernames */
$result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 0) {
$hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
} else {
$sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'";
}
}
/* Change password? */
$newpass = hesk_input(hesk_POST('newpass'));
$passlen = strlen($newpass);
if ($passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2 = hesk_input(hesk_POST('newpass2'));
if ($newpass != $newpass2) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$v = hesk_Pass2Hash($newpass);
if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
define('WARN_PASSWORD', true);
}
$sql_pass = '******'' . $v . '\'';
}
}
}
/* After reply */
$_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply'));
if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) {
$_SESSION['new']['afterreply'] = 0;
}
/* Auto-start ticket timer */
$_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
/* Notifications */
$_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
/* Any errors? */
if (strlen($hesk_error_buffer)) {
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
} else {
/* Update database */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n\t `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\r\n\t `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\r\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\r\n {$sql_username}\r\n\t\t{$sql_pass} ,\r\n\t `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,\r\n `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,\r\n\t `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,\r\n `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,\r\n `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,\r\n `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,\r\n `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,\r\n `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',\r\n `notify_note`='" . intval($_SESSION['new']['notify_note']) . "'\r\n\t WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
/* Update session variables */
foreach ($_SESSION['new'] as $k => $v) {
$_SESSION[$k] = $v;
}
unset($_SESSION['new']);
hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS');
}
}
$ticket = hesk_dbFetchAssoc($res);
// Demo mode
if (defined('HESK_DEMO')) {
$ticket['email'] = '*****@*****.**';
$ticket['ip'] = '127.0.0.1';
}
/* Get category name and ID */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='{$ticket['category']}' LIMIT 1");
/* If this category has been deleted use the default category with ID 1 */
if (hesk_dbNumRows($res) != 1) {
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='1' LIMIT 1");
}
$category = hesk_dbFetchAssoc($res);
/* Get replies */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='{$ticket['id']}' ORDER BY `id` ASC");
$replies = hesk_dbNumRows($res);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title><?php
echo $hesk_settings['hesk_title'];
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $hesklang['ENCODING'];
?>
">
<style type="text/css">
body, table, td, p
{
/* New locked status */
if (empty($_GET['locked'])) {
$status = 0;
$tmp = $hesklang['tunlock'];
$revision = sprintf($hesklang['thist6'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
} else {
$status = 1;
$tmp = $hesklang['tlock'];
$revision = sprintf($hesklang['thist5'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' ';
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get ticket info
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
$closedStatusRS = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsClosed` = 1');
$ticketIsOpen = true;
while ($row = hesk_dbFetchAssoc($closedStatusRS)) {
if ($ticket['status'] == $row['ID']) {
$ticketIsOpen = false;
}
}
// Notify customer, but only if ticket is not already closed
if ($ticketIsOpen) {
require HESK_PATH . 'inc/email_functions.inc.php';
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
function forgot_tid()
{
global $hesk_settings, $hesklang;
require HESK_PATH . 'inc/email_functions.inc.php';
$email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
if (isset($_POST['open_only'])) {
$hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0;
}
/* Prepare ticket statuses */
$my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']);
/* Get ticket(s) from database */
hesk_load_database_functions();
hesk_dbConnect();
// Get tickets from the database
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC ');
$num = hesk_dbNumRows($res);
if ($num < 1) {
if ($hesk_settings['open_only']) {
hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email);
} else {
hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email);
}
}
$tid_list = '';
$name = '';
$email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : '';
while ($my_ticket = hesk_dbFetchAssoc($res)) {
$name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0);
$tid_list .= "\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\n";
}
/* Get e-mail message for customer */
$msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1);
$msg = str_replace('%%NAME%%', $name, $msg);
$msg = str_replace('%%NUM%%', $num, $msg);
$msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg);
$msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg);
$msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
$subject = hesk_getEmailSubject('forgot_ticket_id');
/* Send e-mail */
hesk_mail($email, $subject, $msg);
/* Show success message */
$tmp = '<b>' . $hesklang['tid_sent'] . '!</b>';
$tmp .= '<br /> <br />' . $hesklang['tid_sent2'] . '.';
$tmp .= '<br /> <br />' . $hesklang['check_spambox'];
hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS');
exit;
}
function hesk_kbLatestArticles($how_many, $index = 1)
{
global $hesk_settings, $hesklang;
// Index page or KB main page?
if ($index) {
// Disabled?
if (!$hesk_settings['kb_index_latest']) {
return true;
}
// Show title in italics
$font_weight = 'i';
} else {
// Disabled?
if (!$hesk_settings['kb_latest']) {
return true;
}
// Show title in bold
$font_weight = 'b';
// Print a line for spacing if we don't show popular articles
if (!$hesk_settings['kb_popart']) {
echo '<hr />';
}
}
?>
<table border="0" width="100%">
<tr>
<td>» <<?php
echo $font_weight;
?>
><?php
echo $hesklang['latart'];
?>
</<?php
echo $font_weight;
?>
></td>
<?php
/* Show number of views? */
if ($hesk_settings['kb_date']) {
echo '<td style="text-align:right"><i>' . $hesklang['dta'] . '</i></td>';
}
?>
</tr>
</table>
<?php
/* Get list of articles from the database */
$res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`subject`,`t1`.`dt` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t1`\r\n\t\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`\r\n\t\t\tWHERE `t1`.`type`='0' AND `t2`.`type`='0'\r\n\t\t\tORDER BY `t1`.`dt` DESC LIMIT " . intval($how_many));
/* If no results found end here */
if (hesk_dbNumRows($res) == 0) {
echo '<p><i>' . $hesklang['noa'] . '</i><br /> </p>';
return true;
}
/* We have some results, print them out */
?>
<div align="center">
<table border="0" cellspacing="1" cellpadding="3" width="100%">
<?php
while ($article = hesk_dbFetchAssoc($res)) {
echo '
<tr>
<td>
<table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td width="1" valign="top"><img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" /></td>
<td valign="top"> <a href="knowledgebase.php?article=' . $article['id'] . '">' . $article['subject'] . '</a></td>
';
if ($hesk_settings['kb_date']) {
echo '<td valign="top" style="text-align:right" width="200">' . hesk_date($article['dt'], true) . '</td>';
}
echo '
</tr>
</table>
</td>
</tr>
';
}
?>
</table>
</div>
<?php
}
function update_user()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check('POST');
$_SESSION['save_userdata'] = TRUE;
$tmp = intval(hesk_POST('userid')) or hesk_error("{$hesklang['int_error']}: {$hesklang['no_valid_id']}");
/* To edit self fore using "Profile" page */
if ($tmp == $_SESSION['id']) {
hesk_process_messages($hesklang['eyou'], 'profile.php', 'NOTICE');
}
$_SERVER['PHP_SELF'] = './manage_users.php?a=edit&id=' . $tmp;
$myuser = hesk_validateUserInfo(0, $_SERVER['PHP_SELF']);
$myuser['id'] = $tmp;
/* If can't view assigned changes this */
if (in_array('can_view_unassigned', $myuser['features'])) {
$sql_where = "";
} else {
$sql_where = " , `notify_new_unassigned`='0', `notify_reply_unassigned`='0' ";
}
/* Check for duplicate usernames */
$res = hesk_dbQuery("SELECT `id`,`isadmin`,`categories`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
$tmp = hesk_dbFetchAssoc($res);
/* Duplicate? */
if ($tmp['id'] != $myuser['id']) {
hesk_process_messages($hesklang['duplicate_user'], $_SERVER['PHP_SELF']);
}
/* Do we have permission to edit this user? */
if (!compare_user_permissions($tmp['id'], $tmp['isadmin'], explode(',', $tmp['categories']), explode(',', $tmp['heskprivileges']))) {
hesk_process_messages($hesklang['npea'], 'manage_users.php');
}
}
/* Admins will have access to all features and categories */
if ($myuser['isadmin']) {
$myuser['categories'] = '';
$myuser['features'] = '';
} else {
/* Categories and Features will be stored as a string */
$myuser['categories'] = implode(',', $myuser['categories']);
$myuser['features'] = implode(',', $myuser['features']);
/* Unassign tickets from categories that the user had access before but doesn't anymore */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser['id']) . "' AND `category` NOT IN (" . $myuser['categories'] . ")");
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n `user`='" . hesk_dbEscape($myuser['user']) . "',\r\n `name`='" . hesk_dbEscape($myuser['name']) . "',\r\n `email`='" . hesk_dbEscape($myuser['email']) . "',\r\n `signature`='" . hesk_dbEscape($myuser['signature']) . "'," . (isset($myuser['pass']) ? "`pass`='" . hesk_dbEscape($myuser['pass']) . "'," : '') . "\r\n `categories`='" . hesk_dbEscape($myuser['categories']) . "',\r\n `isadmin`='" . intval($myuser['isadmin']) . "',\r\n `autoassign`='" . intval($myuser['autoassign']) . "',\r\n `heskprivileges`='" . hesk_dbEscape($myuser['features']) . "'\r\n {$sql_where}\r\n WHERE `id`='" . intval($myuser['id']) . "' LIMIT 1");
unset($_SESSION['save_userdata']);
unset($_SESSION['userdata']);
hesk_process_messages($hesklang['user_profile_updated_success'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
function hesk_isLoggedIn()
{
global $hesk_settings;
$referer = hesk_input($_SERVER['REQUEST_URI']);
$referer = str_replace('&', '&', $referer);
if (empty($_SESSION['id'])) {
if ($hesk_settings['autologin'] && hesk_autoLogin(1)) {
// Users online
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_initOnline($_SESSION['id']);
}
return true;
}
// Some pages cannot be redirected to
$modify_redirect = array('admin_reply_ticket.php' => 'admin_main.php', 'admin_settings_save.php' => 'admin_settings.php', 'delete_tickets.php' => 'admin_main.php', 'move_category.php' => 'admin_main.php', 'priority.php' => 'admin_main.php');
foreach ($modify_redirect as $from => $to) {
if (strpos($referer, $from) !== false) {
$referer = $to;
}
}
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
} else {
hesk_session_regenerate_id();
// Need to update permissions?
if (empty($_SESSION['isadmin'])) {
$res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
$me = hesk_dbFetchAssoc($res);
foreach ($me as $k => $v) {
$_SESSION[$k] = $v;
}
// Get allowed categories
if (empty($_SESSION['isadmin'])) {
$_SESSION['categories'] = explode(',', $_SESSION['categories']);
}
} else {
hesk_session_stop();
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
}
}
// Users online
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_initOnline($_SESSION['id']);
}
return true;
}
}
function forgot_tid()
{
global $hesk_settings, $hesklang;
require HESK_PATH . 'inc/email_functions.inc.php';
$email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
/* Prepare ticket statuses */
$my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']);
/* Get ticket(s) from database */
hesk_load_database_functions();
hesk_dbConnect();
// Get tickets from the database
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC ');
$num = hesk_dbNumRows($res);
if ($num < 1) {
if ($hesk_settings['open_only']) {
hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email);
} else {
hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email);
}
}
$tid_list = '';
$name = '';
$email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : '';
while ($my_ticket = hesk_dbFetchAssoc($res)) {
$name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0);
$tid_list .= "\r\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\r\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\r\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\r\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\r\n";
}
/* Get e-mail message for customer */
$msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1);
$msg = str_replace('%%NAME%%', $name, $msg);
$msg = str_replace('%%NUM%%', $num, $msg);
$msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg);
$msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg);
$msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
$subject = hesk_getEmailSubject('forgot_ticket_id');
/* Send e-mail */
hesk_mail($email, $subject, $msg);
/* Show success message */
$tmp = '<b>' . $hesklang['tid_sent'] . '!</b>';
$tmp .= '<br /> <br />' . $hesklang['tid_sent2'] . '.';
$tmp .= '<br /> <br />' . $hesklang['check_spambox'];
hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS');
exit;
/* Print header */
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['tid_sent'];
require_once HESK_PATH . 'inc/header.inc.php';
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="3"><img src="img/headerleftsm.jpg" width="3" height="25" alt="" /></td>
<td class="headersm"><?php
hesk_showTopBar($hesklang['tid_sent']);
?>
</td>
<td width="3"><img src="img/headerrightsm.jpg" width="3" height="25" alt="" /></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><span class="smaller"><a href="<?php
echo $hesk_settings['site_url'];
?>
" class="smaller"><?php
echo $hesk_settings['site_title'];
?>
</a> >
<a href="<?php
echo $hesk_settings['hesk_url'];
?>
" class="smaller"><?php
echo $hesk_settings['hesk_title'];
?>
</a>
> <?php
echo $hesklang['tid_sent'];
?>
</span></td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornerstop"></td>
<td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
<td class="roundcornersleft"> </td>
<td>
<p> </p>
<p align="center"><?php
echo $hesklang['tid_sent2'];
?>
</p>
<p align="center"><b><?php
echo $hesklang['check_spambox'];
?>
</b></p>
<p> </p>
<p align="center"><a href="<?php
echo $hesk_settings['hesk_url'];
?>
"><?php
echo $hesk_settings['hesk_title'];
?>
</a></p>
<p> </p>
</td>
<td class="roundcornersright"> </td>
</tr>
<tr>
<td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornersbottom"></td>
<td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>
<?php
}
function checkForIpOrEmailBans()
{
global $hesk_settings;
hesk_dbConnect();
$banRS = executeQuery("SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "denied_emails`\n UNION ALL SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "denied_ips`");
return hesk_dbNumRows($banRS);
}
function hesk_getOwnerName($id)
{
global $hesk_settings, $hesklang;
if (empty($id)) {
return $hesklang['unas'];
}
// If we already have the name no need to query DB another time
if (isset($hesk_settings['user_data'][$id]['name'])) {
return $hesk_settings['user_data'][$id]['name'];
}
$res = hesk_dbQuery("SELECT `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($id) . "' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
return $hesklang['unas'];
}
$hesk_settings['user_data'][$id]['name'] = hesk_dbResult($res, 0, 0);
return $hesk_settings['user_data'][$id]['name'];
}
function hesk_show_kb_category($catid, $is_search = 0)
{
global $hesk_settings, $hesklang;
$res = hesk_dbQuery("SELECT `name`,`parent` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` WHERE `id`='{$catid}' AND `type`='0' LIMIT 1");
$thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']);
if ($is_search == 0) {
/* Print header */
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . hesk_htmlspecialchars($thiscat['name']);
require_once HESK_PATH . 'inc/header.inc.php';
hesk_kb_header($hesk_settings['kb_link']);
// If we are in "Knowledgebase only" mode show system messages
if ($catid == 1 && hesk_check_kb_only(false)) {
// Service messages
$res = hesk_dbQuery('SELECT `title`, `message`, `style` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `type`='0' ORDER BY `order` ASC");
while ($sm = hesk_dbFetchAssoc($res)) {
hesk_service_message($sm);
}
}
}
if ($thiscat['parent']) {
$link = $thiscat['parent'] == 1 ? 'knowledgebase.php' : 'knowledgebase.php?category=' . $thiscat['parent'];
echo '<span class="homepageh3">» ' . $hesklang['kb_cat'] . ': ' . $thiscat['name'] . '</span>
(<a href="javascript:history.go(-1)">' . $hesklang['back'] . '</a>)
';
}
$result = hesk_dbQuery("SELECT `id`,`name`,`articles` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` WHERE `parent`='{$catid}' AND `type`='0' ORDER BY `cat_order` ASC");
if (hesk_dbNumRows($result) > 0) {
?>
<p>» <b><?php
echo $hesklang['kb_cat_sub'];
?>
:</b></p>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornerstop"></td>
<td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
<td class="roundcornersleft"> </td>
<td>
<table border="0" cellspacing="1" cellpadding="3" width="100%">
<?php
$per_col = $hesk_settings['kb_cols'];
$i = 1;
while ($cat = hesk_dbFetchAssoc($result)) {
if ($i == 1) {
echo '<tr>';
}
echo '
<td width="50%" valign="top">
<table border="0">
<tr><td><img src="img/folder.gif" width="20" height="20" alt="" style="vertical-align:middle" /><a href="knowledgebase.php?category=' . $cat['id'] . '">' . $cat['name'] . '</a></td></tr>
';
/* Print most popular/sticky articles */
if ($hesk_settings['kb_numshow'] && $cat['articles']) {
$res = hesk_dbQuery("SELECT `id`,`subject` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='{$cat['id']}' AND `type`='0' ORDER BY `sticky` DESC, `views` DESC, `art_order` ASC LIMIT " . (intval($hesk_settings['kb_numshow']) + 1));
$num = 1;
while ($art = hesk_dbFetchAssoc($res)) {
echo '
<tr>
<td><img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" />
<a href="knowledgebase.php?article=' . $art['id'] . '" class="article">' . $art['subject'] . '</a></td>
</tr>';
if ($num == $hesk_settings['kb_numshow']) {
break;
} else {
$num++;
}
}
if (hesk_dbNumRows($res) > $hesk_settings['kb_numshow']) {
echo '<tr><td>» <a href="knowledgebase.php?category=' . $cat['id'] . '"><i>' . $hesklang['m'] . '</i></a></td></tr>';
}
}
echo '
</table>
</td>
';
if ($i == $per_col) {
echo '</tr>';
$i = 0;
}
$i++;
}
/* Finish the table if needed */
if ($i != 1) {
for ($j = 1; $j <= $per_col; $j++) {
echo '<td width="50%"> </td>';
if ($i == $per_col) {
echo '</tr>';
break;
}
$i++;
}
}
?>
</table>
</td>
<td class="roundcornersright"> </td>
</tr>
<tr>
<td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornersbottom"></td>
<td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>
<?php
}
// END if NumRows > 0
?>
<p>» <b><?php
echo $hesklang['ac'];
?>
</b></p>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornerstop"></td>
<td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
<td class="roundcornersleft"> </td>
<td>
<?php
$res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, " . max(200, $hesk_settings['kb_substrart'] * 2) . ") AS `content`, `rating` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='{$catid}' AND `type`='0' ORDER BY `sticky` DESC, `art_order` ASC");
if (hesk_dbNumRows($res) == 0) {
echo '<p><i>' . $hesklang['noac'] . '</i></p>';
} else {
echo '<div align="center"><table border="0" cellspacing="1" cellpadding="3" width="100%">';
while ($article = hesk_dbFetchAssoc($res)) {
$txt = hesk_kbArticleContentPreview($article['content']);
if ($hesk_settings['kb_rating']) {
$alt = $article['rating'] ? sprintf($hesklang['kb_rated'], sprintf("%01.1f", $article['rating'])) : $hesklang['kb_not_rated'];
$rat = '<td width="1" valign="top"><img src="img/star_' . hesk_round_to_half($article['rating']) * 10 . '.png" width="85" height="16" alt="' . $alt . '" title="' . $alt . '" border="0" style="vertical-align:text-bottom" /></td>';
} else {
$rat = '';
}
echo '
<tr>
<td>
<table border="0" width="100%" cellspacing="0" cellpadding="1">
<tr>
<td width="1" valign="top"><img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" /></td>
<td valign="top"><a href="knowledgebase.php?article=' . $article['id'] . '">' . $article['subject'] . '</a></td>
' . $rat . '
</tr>
</table>
<table border="0" width="100%" cellspacing="0" cellpadding="1">
<tr>
<td width="1" valign="top"><img src="img/blank.gif" width="16" height="10" style="vertical-align:middle" alt="" /></td>
<td><span class="article_list">' . $txt . '</span></td>
</tr>
</table>
</td>
</tr>';
}
echo '</table></div>';
}
?>
</td>
<td class="roundcornersright"> </td>
</tr>
<tr>
<td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornersbottom"></td>
<td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>
<?php
/* On the main KB page print out top and latest articles if needed */
if ($catid == 1) {
/* Get list of top articles */
hesk_kbTopArticles($hesk_settings['kb_popart'], 0);
/* Get list of latest articles */
hesk_kbLatestArticles($hesk_settings['kb_latest'], 0);
}
}
hesk_mail($email, $hesklang['reset_password'], $msg);
// Show success
hesk_process_messages($hesklang['pemls'], 'NOREDIRECT', 'SUCCESS');
}
}
} elseif (isset($_GET['h'])) {
// Get the hash
$hash = preg_replace('/[^a-zA-Z0-9]/', '', $_GET['h']);
// Connect to database
hesk_load_database_functions();
hesk_dbConnect();
// Expire verification hashes older than 2 hours
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` WHERE `dt` < (NOW() - INTERVAL 2 HOUR)");
// Verify the hash exists
$res = hesk_dbQuery("SELECT `user`, `ip` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` WHERE `hash` = '{$hash}' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
// Not a valid hash
hesk_limitBfAttempts();
hesk_process_messages($hesklang['ehash'], 'NOREDIRECT');
} else {
// Get info from database
$row = hesk_dbFetchAssoc($res);
// Only allow resetting password from the same IP address that submitted password reset request
if ($row['ip'] != $_SERVER['REMOTE_ADDR']) {
hesk_limitBfAttempts();
hesk_process_messages($hesklang['ehaip'], 'NOREDIRECT');
} else {
// Expire all verification hashes for this user
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` WHERE `user`=" . intval($row['user']));
// Load additional required functions
require HESK_PATH . 'inc/admin_functions.inc.php';
function delete_kb_attachments($attachments)
{
global $hesk_settings, $hesklang;
// If nothing to delete just return
if (empty($attachments)) {
return true;
}
// Do the delete
$att = explode(',', substr($attachments, 0, -1));
foreach ($att as $myatt) {
list($att_id, $att_name) = explode('#', $myatt);
// Get attachment saved name
$result = hesk_dbQuery("SELECT `saved_name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
if (hesk_dbNumRows($result) == 1) {
$file = hesk_dbFetchAssoc($result);
hesk_unlink(HESK_PATH . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
}
$result = hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
}
return true;
}
else {return false;}
}
//-->
</script>
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
// Get canned responses from database
$result = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'ticket_templates` ORDER BY `tpl_order` ASC');
$options = '';
$javascript_messages = '';
$javascript_titles = '';
$i = 1;
$j = 0;
$num = hesk_dbNumRows($result);
if ($num < 1) {
echo '<p>' . $hesklang['no_ticket_tpl'] . '</p>';
} else {
?>
<div align="center">
<table border="0" cellspacing="1" cellpadding="3" class="white" width="100%">
<tr>
<th class="admin_white" style="text-align:left"><b><i><?php
echo $hesklang['ticket_tpl_title'];
?>
</i></b></th>
<th class="admin_white" style="width:80px"><b><i> <?php
echo $hesklang['opt'];
?>
</i></b></th>
// Do we allow customer to select priority?
if ($hesk_settings['cust_urgency']) {
$tmpvar['priority'] = intval(hesk_POST('priority'));
// We don't allow customers select "Critical". If priority is not valid set it to "low".
if ($tmpvar['priority'] < 1 || $tmpvar['priority'] > 3) {
// If we are showing "Click to select" priority needs to be selected
if ($hesk_settings['select_pri']) {
$tmpvar['priority'] = -1;
$hesk_error_buffer['priority'] = $hesklang['select_priority'];
} else {
$tmpvar['priority'] = 3;
}
}
} else {
$res = hesk_dbQuery("SELECT `priority` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`=" . intval($tmpvar['category']));
if (hesk_dbNumRows($res) == 1) {
$tmpvar['priority'] = intval(hesk_dbResult($res));
} else {
$tmpvar['priority'] = 3;
}
}
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer['message'] = $hesklang['enter_message'];
$tmpvar['contract_ticket_id'] = hesk_input(hesk_POST('contract_name'));
$tmpvar['company_ticket_id'] = hesk_input(hesk_POST('company_name'));
// Is category a valid choice?
if ($tmpvar['category']) {
hesk_verifyCategory();
// Is auto-assign of tickets disabled in this category?
if (empty($hesk_settings['category_data'][$tmpvar['category']]['autoassign'])) {
$hesk_settings['autoassign'] = false;
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Print XML header */
header('Content-Type: text/html; charset=' . $hesklang['ENCODING']);
/* Get the search query composed of the subject and message */
$query = hesk_REQUEST('q') or die('');
/* Get relevant articles from the database, include private ones */
$res = hesk_dbQuery("SELECT `id`, `subject`, `content` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('" . hesk_dbEscape($query) . "') LIMIT " . intval($hesk_settings['kb_search_limit']));
$num = hesk_dbNumRows($res);
/* Solve some spacing issues */
if (hesk_isREQUEST('p')) {
echo ' <br />';
}
/* Return found articles */
?>
<div class="conatiner notice">
<span style="font-size:12px;font-weight:bold"><?php
echo $hesklang['sc'];
?>
:</span><br /> <br />
<?php
if (!$num) {
echo '<i>' . $hesklang['nsfo'] . '</i>';
} else {
function hesk_fullyDeleteTicket()
{
global $hesk_settings, $hesklang, $ticket;
/* Delete attachment files */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
if (hesk_dbNumRows($res)) {
$hesk_settings['server_path'] = dirname(dirname(__FILE__));
while ($file = hesk_dbFetchAssoc($res)) {
hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
}
}
/* Delete attachments info from the database */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
/* Delete the ticket */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($ticket['id']) . "'");
/* Delete replies to the ticket */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "'");
/* Delete ticket notes */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `ticket`='" . intval($ticket['id']) . "'");
return true;
}
function rename_cat()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check('POST');
$_SERVER['PHP_SELF'] = 'manage_categories.php?catid=' . intval(hesk_POST('catid'));
$catid = hesk_isNumber(hesk_POST('catid'), $hesklang['choose_cat_ren'], $_SERVER['PHP_SELF']);
$_SESSION['selcat'] = $catid;
$_SESSION['selcat2'] = $catid;
$catname = hesk_input(hesk_POST('name'), $hesklang['cat_ren_name'], $_SERVER['PHP_SELF']);
$_SESSION['catname2'] = $catname;
$res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `name` LIKE '" . hesk_dbEscape(hesk_dbLike($catname)) . "' LIMIT 1");
if (hesk_dbNumRows($res) != 0) {
$old = hesk_dbFetchAssoc($res);
if ($old['id'] == $catid) {
hesk_process_messages($hesklang['noch'], $_SERVER['PHP_SELF'], 'NOTICE');
} else {
hesk_process_messages($hesklang['cndupl'], $_SERVER['PHP_SELF']);
}
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `name`='" . hesk_dbEscape($catname) . "' WHERE `id`='" . intval($catid) . "' LIMIT 1");
unset($_SESSION['selcat']);
unset($_SESSION['catname2']);
hesk_process_messages($hesklang['cat_renamed_to'] . ' <i>' . stripslashes($catname) . '</i>', $_SERVER['PHP_SELF'], 'SUCCESS');
}
if ($print_table) {
echo '</table>';
$print_table = 0;
}
?>
<!-- END CUSTOM BEFORE -->
<!-- ticket info -->
<div class="form-group ticket-info">
<?php
// Lets handle ticket templates
$can_options = '';
// Get ticket templates from the database
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` ORDER BY `tpl_order` ASC");
// If we have any templates print them out
if (hesk_dbNumRows($res)) {
?>
<script language="javascript" type="text/javascript"><!--
// -->
var myMsgTxt = new Array();
var mySubjectTxt = new Array();
myMsgTxt[0]='';
mySubjectTxt[0]='';
<?php
while ($mysaved = hesk_dbFetchRow($res)) {
$can_options .= '<option value="' . $mysaved[0] . '">' . $mysaved[1] . "</option>\n";
echo 'myMsgTxt[' . $mysaved[0] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved[2])) . "';\n";
echo 'mySubjectTxt[' . $mysaved[0] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved[1])) . "';\n";
}
?>
/* Get details about the original ticket */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='{$trackingID}' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($res);
/* If we require e-mail to view tickets check if it matches the one in database */
hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']);
/* Ticket locked? */
if ($ticket['locked']) {
hesk_process_messages($hesklang['tislock2'], 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999));
exit;
}
// Prevent flooding ticket replies
$res = hesk_dbQuery("SELECT `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='{$ticket['id']}' AND `dt` > DATE_SUB(NOW(), INTERVAL 10 MINUTE) ORDER BY `id` ASC");
if (hesk_dbNumRows($res) > 0) {
$sequential_customer_replies = 0;
while ($tmp = hesk_dbFetchAssoc($res)) {
$sequential_customer_replies = $tmp['staffid'] ? 0 : $sequential_customer_replies + 1;
}
if ($sequential_customer_replies > 10) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` (`ip`, `number`) VALUES ('" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "', " . intval($hesk_settings['attempt_limit'] + 1) . ")");
hesk_error(sprintf($hesklang['yhbr'], $hesk_settings['attempt_banmin']), 0);
}
}
/* Insert attachments */
if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
foreach ($attachments as $myatt) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('{$trackingID}','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
$myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
}
function do_login()
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = array();
$user = hesk_input(hesk_POST('user'));
if (empty($user)) {
$myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
$hesk_error_buffer['user'] = $myerror;
}
define('HESK_USER', $user);
$pass = hesk_input(hesk_POST('pass'));
if (empty($pass)) {
$hesk_error_buffer['pass'] = $hesklang['enter_pass'];
}
if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use'] == 1) {
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
if ($resp->is_valid) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} elseif ($hesk_settings['recaptcha_use'] == 2) {
require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php';
$resp = null;
$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
// Was there a reCAPTCHA response?
if (isset($_POST["g-recaptcha-response"])) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
}
if ($resp != null && $resp->success) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} else {
$mysecnum = intval(hesk_POST('mysecnum', 0));
if (empty($mysecnum)) {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
} else {
require HESK_PATH . 'inc/secimg.inc.php';
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
/* Any missing fields? */
if (count($hesk_error_buffer) != 0) {
$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
print_login();
exit;
} elseif (isset($_SESSION['img_a_verified'])) {
unset($_SESSION['img_a_verified']);
}
/* User entered all required info, now lets limit brute force attempts */
hesk_limitBfAttempts();
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('user', 'pass');
hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
print_login();
exit;
}
$res = hesk_dbFetchAssoc($result);
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check password */
if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('pass');
hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
print_login();
exit;
}
$pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
// We don't need the password hash anymore
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Make sure our user is active */
if (!$_SESSION['active']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('active');
hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT');
print_login();
exit;
}
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Remember username? */
if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
} elseif (hesk_POST('remember_user') == 'JUSTUSER') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', '');
} else {
// Expire cookie if set otherwise
setcookie('hesk_username', '');
setcookie('hesk_p', '');
}
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
$dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
$closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
$closedStatus = hesk_dbFetchAssoc($closedStatusRs);
// Are we allowed to close tickets in this status?
if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') {
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get list of tickets
$result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
if (hesk_dbNumRows($result) > 0) {
global $ticket;
// Load required functions?
if (!function_exists('hesk_notifyCustomer')) {
require HESK_PATH . 'inc/email_functions.inc.php';
}
while ($ticket = hesk_dbFetchAssoc($result)) {
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
$ticket = hesk_ticketToPlain($ticket, 1, 0);
hesk_notifyCustomer('ticket_closed');
}
}
}
// Update ticket statuses and history in database if we're allowed to do so
$defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1');
$defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs);
hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
}
}
/* Redirect to the destination page */
header('Location: ' . hesk_verifyGoto());
exit;
}
function edit_sm()
{
global $hesk_settings, $hesklang;
// Get service messageID
$id = intval(hesk_GET('id')) or hesk_error($hesklang['sm_e_id']);
// Get details from the database
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `id`={$id} LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
hesk_error($hesklang['sm_not_found']);
}
$sm = hesk_dbFetchAssoc($res);
$_SESSION['new_sm'] = $sm;
$_SESSION['edit_sm'] = true;
$hesklang['new_sm'] = $hesklang['edit_sm'];
}
function hesk_isEmailLoop($email, $message_hash)
{
global $hesk_settings, $hesklang, $hesk_db_link;
// If $hesk_settings['loop_hits'] is set to 0 this function is disabled
if (!$hesk_settings['loop_hits']) {
return false;
}
// Escape wildcards in email
$email_like = hesk_dbEscape(hesk_dbLike($email));
// Delete expired DB entries
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` WHERE `dt` < (NOW() - INTERVAL " . intval($hesk_settings['loop_time']) . " SECOND) ");
// Check current entry
$res = hesk_dbQuery("SELECT `hits`, `message_hash` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` WHERE `email` LIKE '{$email_like}' LIMIT 1");
// Any active entry*
if (hesk_dbNumRows($res)) {
list($num, $md5) = hesk_dbFetchRow($res);
$num++;
// Number of emails in a time period reached?
if ($num >= $hesk_settings['loop_hits']) {
return true;
}
// Message exactly the same as in previous email?
if ($message_hash == $md5) {
return true;
}
// Update DB entry
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '" . hesk_dbEscape($message_hash) . "' WHERE `email` LIKE '{$email_like}' LIMIT 1");
} else {
// First instance, insert a new database row
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` (`email`, `message_hash`) VALUES ('" . hesk_dbEscape($email) . "', '" . hesk_dbEscape($message_hash) . "')");
}
// No loop rule trigered
return false;
}
function hesk_isLoggedIn()
{
global $hesk_settings;
$referer = hesk_input($_SERVER['REQUEST_URI']);
$referer = str_replace('&', '&', $referer);
if (empty($_SESSION['id']) || empty($_SESSION['session_verify'])) {
if ($hesk_settings['autologin'] && hesk_autoLogin(1)) {
// Users online
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_initOnline($_SESSION['id']);
}
return true;
}
hesk_session_stop();
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
} else {
hesk_session_regenerate_id();
// Let's make sure access data is up-to-date
$res = hesk_dbQuery("SELECT `user`, `pass`, `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
// Exit if user not found
if (hesk_dbNumRows($res) != 1) {
hesk_session_stop();
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
}
// Fetch results from database
$me = hesk_dbFetchAssoc($res);
// Verify this session is still valid
if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) {
hesk_session_stop();
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
}
// Update session variables as needed
if ($me['isadmin'] == 1) {
$_SESSION['isadmin'] = 1;
} else {
$_SESSION['isadmin'] = 0;
$_SESSION['categories'] = explode(',', $me['categories']);
$_SESSION['heskprivileges'] = $me['heskprivileges'];
}
// Users online
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_initOnline($_SESSION['id']);
}
return true;
}
}
function show_message()
{
global $hesk_settings, $hesklang, $admins;
$id = intval(hesk_GET('id'));
/* Get the message details */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "' LIMIT 1");
$num = hesk_dbNumRows($res);
if ($num) {
$pm = hesk_dbFetchAssoc($res);
/* Allowed to read the message? */
if ($pm['to'] == $_SESSION['id']) {
if (!isset($_SESSION['mail']['subject'])) {
$_SESSION['mail']['subject'] = $hesklang['m_re'] . ' ' . $pm['subject'];
}
if (!isset($_SESSION['mail']['to'])) {
$_SESSION['mail']['to'] = $pm['from'];
}
} elseif ($pm['from'] == $_SESSION['id']) {
if (!isset($_SESSION['mail']['subject'])) {
$_SESSION['mail']['subject'] = $hesklang['m_fwd'] . ' ' . $pm['subject'];
}
if (!isset($_SESSION['mail']['to'])) {
$_SESSION['mail']['to'] = $pm['to'];
}
$hesk_settings['mailtmp']['this'] = 'from';
$hesk_settings['mailtmp']['other'] = 'to';
$hesk_settings['mailtmp']['m_from'] = $hesklang['m_to'];
$hesk_settings['mailtmp']['outbox'] = '<b>' . $hesklang['outbox'] . '</b>';
$hesk_settings['mailtmp']['inbox'] = '<a href="mail.php">' . $hesklang['inbox'] . '</a>';
$hesk_settings['mailtmp']['outbox'] = '<a href="mail.php?folder=outbox">' . $hesklang['outbox'] . '</a>';
} else {
hesk_process_message($hesklang['m_ena'], 'mail.php');
}
/* Mark as read */
if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read']) {
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' LIMIT 1");
}
$pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&id=' . $pm[$hesk_settings['mailtmp']['other']] . '">' . $admins[$pm[$hesk_settings['mailtmp']['other']]] . '</a>' : ($pm['from'] == 9999 ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']);
$pm['dt'] = hesk_dateToString($pm['dt'], 0, 1, 0, true);
?>
<div class="container mail-from-user-table">
<div>
<div>
<div class="form-inline mail-info-table">
<div class="form-group mail-from-date-subject">
<div class="form-inline">
<span><b><?php
echo $hesk_settings['mailtmp']['m_from'];
?>
</b></span>
<span><?php
echo $pm['name'];
?>
</span>
</div>
<div class="form-inline">
<span><b><?php
echo $hesklang['date'];
?>
</b></span>
<span><?php
echo $pm['dt'];
?>
</span>
</div>
<div class="form-inline">
<span><b><?php
echo $hesklang['m_sub'];
?>
</b></span>
<span><?php
echo $pm['subject'];
?>
</span>
</div>
</div><!-- end mail-from-date-subject -->
<div class="form-group mail-icons" style="float: right;">
<?php
$folder = '&folder=outbox';
if ($pm['to'] == $_SESSION['id']) {
echo '<a href="mail.php?a=mark_unread&id=' . $id . '&token=' . hesk_token_echo(0) . '"><img src="../img/mail.png" width="16" height="16" alt="' . $hesklang['mau'] . '" title="' . $hesklang['mau'] . '" class="optionWhiteOFF" onmouseover="this.className=\'optionWhiteON\'" onmouseout="this.className=\'optionWhiteOFF\'" /></a> ';
$folder = '';
}
echo '<a href="mail.php?a=delete&id=' . $id . '&token=' . hesk_token_echo(0) . $folder . '" onclick="return hesk_confirmExecute(\'' . hesk_makeJsString($hesklang['delm']) . '?\');"><img src="../img/delete.png" width="16" height="16" alt="' . $hesklang['delm'] . '" title="' . $hesklang['delm'] . '" class="optionWhiteOFF" onmouseover="this.className=\'optionWhiteON\'" onmouseout="this.className=\'optionWhiteOFF\'" /></a>';
?>
</div><!-- end mail-icons -->
</div>
<br/><br/>
<p><?php
echo strip_tags($pm['message']);
?>
</p>
</div>
</div>
</div><!-- end mail-from-user-table -->
<br /><br/><br/>
<?php
}
// END if $num
$_SESSION['hide']['list'] = 1;
}
function hesk_show_kb_category($catid, $is_search = 0)
{
global $hesk_settings, $hesklang;
if ($is_search == 0) {
/* Print header */
require_once HESK_PATH . 'inc/header.inc.php';
hesk_kb_header($hesk_settings['kb_link'], $catid);
if ($catid == 1) {
echo '<br/><div class="container priv-kb-text">' . $hesklang['priv'] . '</div><br/>';
}
}
$res = hesk_dbQuery("SELECT `name`,`parent` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` WHERE `id`='" . intval($catid) . "' LIMIT 1");
$thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']);
if ($thiscat['parent']) {
$link = $thiscat['parent'] == 1 ? 'knowledgebase_private.php' : 'knowledgebase_private.php?category=' . $thiscat['parent'];
echo '<br/><div class="container homepageh3"> ' . $hesklang['kb_cat'] . ': ' . $thiscat['name'] . '</div><br/>
<div class="container"><a href="javascript:history.go(-1)">' . '<button type="submit" class="btn btn-default goback-btn">' . $hesklang['back'] . '</button>' . '</a></div>
';
}
$result = hesk_dbQuery("SELECT `id`,`name`,`articles`,`type` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` WHERE `parent`='" . intval($catid) . "' ORDER BY `parent` ASC, `cat_order` ASC");
if (hesk_dbNumRows($result) > 0) {
?>
<div class="container"><b><?php
echo $hesklang['kb_cat_sub'];
?>
:</b></div><br/>
<div class="container">
<?php
$per_col = $hesk_settings['kb_cols'];
$i = 1;
while ($cat = hesk_dbFetchAssoc($result)) {
if ($i == 1) {
echo '<tr>';
}
$private = $cat['type'] == 1 ? ' *' : '';
echo '
<td width="50%" valign="top">
<table border="0">
<tr><td><img src="../img/folder.gif" width="20" height="20" alt="" style="vertical-align:middle" /><a href="knowledgebase_private.php?category=' . $cat['id'] . '">' . $cat['name'] . '</a>' . $private . '</td></tr>
';
/* Print most popular/sticky articles */
if ($hesk_settings['kb_numshow'] && $cat['articles']) {
$res = hesk_dbQuery("SELECT `id`,`subject`,`type` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($cat['id']) . "' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `views` DESC, `art_order` ASC LIMIT " . (intval($hesk_settings['kb_numshow']) + 1));
$num = 1;
while ($art = hesk_dbFetchAssoc($res)) {
$private = $art['type'] == 1 ? ' *' : '';
echo '
<tr>
<td><img src="../img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" />
<a href="knowledgebase_private.php?article=' . $art['id'] . '" class="article">' . $art['subject'] . '</a>' . $private . '</td>
</tr>';
if ($num == $hesk_settings['kb_numshow']) {
break;
} else {
$num++;
}
}
if (hesk_dbNumRows($res) > $hesk_settings['kb_numshow']) {
echo '<tr><td>» <a href="knowledgebase_private.php?category=' . $cat['id'] . '"><i>' . $hesklang['m'] . '</i></a></td></tr>';
}
}
echo '
</table>
</td>
';
if ($i == $per_col) {
echo '</tr>';
$i = 0;
}
$i++;
}
/* Finish the table if needed */
if ($i != 1) {
for ($j = 1; $j <= $per_col; $j++) {
echo '<td width="50%"> </td>';
if ($i == $per_col) {
echo '</tr>';
break;
}
$i++;
}
}
?>
</div>
<?php
}
// END if NumRows > 0
?>
<br/>
<div class="container articles_categ"><b><?php
echo $hesklang['ac'];
?>
</b></div>
<div>
<?php
$res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, " . max(200, $hesk_settings['kb_substrart'] * 2) . ") AS `content`, `rating`, `type` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `art_order` ASC");
if (hesk_dbNumRows($res) == 0) {
echo '<div class="container"><i>' . $hesklang['noac'] . '</i></div>';
} else {
echo '<div class="container table-responsive"><table class="table table-bordered" style="background-color: white;">';
while ($article = hesk_dbFetchAssoc($res)) {
$private = $article['type'] == 1 ? ' *' : '';
$txt = hesk_kbArticleContentPreview($article['content']);
echo '
<tr>
<td>
<table>
<tr>
<td width="1" valign="top"><img src="../img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" /></td>
<td valign="top"><a href="knowledgebase_private.php?article=' . $article['id'] . '">' . $article['subject'] . '</a>' . $private . '</td>
</tr>
</table>
<table border="0" width="100%" cellspacing="0" cellpadding="1">
<tr>
<td width="1" valign="top"><img src="../img/blank.gif" width="16" height="10" style="vertical-align:middle" alt="" /></td>
<td><span class="article_list" style="word-break: break-all;">' . $txt . '</span></td>
</tr>
</table>
</td>
</tr>';
}
echo '</table></div>';
}
?>
</div>
<?php
}
function hesk_printCanned()
{
global $hesklang, $hesk_settings, $can_reply, $ticket, $admins;
/* Can user reply to tickets? */
if (!$can_reply) {
return '';
}
/* Get canned replies from the database */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` ORDER BY `reply_order` ASC");
/* If no canned replies return empty */
if (!hesk_dbNumRows($res)) {
return '';
}
/* We do have some replies, print the required Javascript and select field options */
$can_options = '';
?>
<script language="javascript" type="text/javascript"><!--
// -->
var myMsgTxt = new Array();
myMsgTxt[0]='';
<?php
while ($mysaved = hesk_dbFetchRow($res)) {
$can_options .= '<option value="' . $mysaved[0] . '">' . $mysaved[1] . "</option>\n";
echo 'myMsgTxt[' . $mysaved[0] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved[2])) . "';\n";
}
?>
function setMessage(msgid)
{
var myMsg=myMsgTxt[msgid];
if (myMsg == '')
{
if (document.form1.mode[1].checked)
{
document.getElementById('message').value = '';
}
return true;
}
myMsg = myMsg.replace(/%%HESK_ID%%/g, '<?php
echo hesk_jsString($ticket['id']);
?>
');
myMsg = myMsg.replace(/%%HESK_TRACKID%%/g, '<?php
echo hesk_jsString($ticket['trackid']);
?>
');
myMsg = myMsg.replace(/%%HESK_TRACK_ID%%/g, '<?php
echo hesk_jsString($ticket['trackid']);
?>
');
myMsg = myMsg.replace(/%%HESK_NAME%%/g, '<?php
echo hesk_jsString($ticket['name']);
?>
');
myMsg = myMsg.replace(/%%HESK_EMAIL%%/g, '<?php
echo hesk_jsString($ticket['email']);
?>
');
myMsg = myMsg.replace(/%%HESK_OWNER%%/g, '<?php
echo hesk_jsString(isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] : '');
?>
');
myMsg = myMsg.replace(/%%HESK_custom1%%/g, '<?php
echo hesk_jsString($ticket['custom1']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom2%%/g, '<?php
echo hesk_jsString($ticket['custom2']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom3%%/g, '<?php
echo hesk_jsString($ticket['custom3']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom4%%/g, '<?php
echo hesk_jsString($ticket['custom4']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom5%%/g, '<?php
echo hesk_jsString($ticket['custom5']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom6%%/g, '<?php
echo hesk_jsString($ticket['custom6']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom7%%/g, '<?php
echo hesk_jsString($ticket['custom7']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom8%%/g, '<?php
echo hesk_jsString($ticket['custom8']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom9%%/g, '<?php
echo hesk_jsString($ticket['custom9']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom10%%/g, '<?php
echo hesk_jsString($ticket['custom10']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom11%%/g, '<?php
echo hesk_jsString($ticket['custom11']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom12%%/g, '<?php
echo hesk_jsString($ticket['custom12']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom13%%/g, '<?php
echo hesk_jsString($ticket['custom13']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom14%%/g, '<?php
echo hesk_jsString($ticket['custom14']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom15%%/g, '<?php
echo hesk_jsString($ticket['custom15']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom16%%/g, '<?php
echo hesk_jsString($ticket['custom16']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom17%%/g, '<?php
echo hesk_jsString($ticket['custom17']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom18%%/g, '<?php
echo hesk_jsString($ticket['custom18']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom19%%/g, '<?php
echo hesk_jsString($ticket['custom19']);
?>
');
myMsg = myMsg.replace(/%%HESK_custom20%%/g, '<?php
echo hesk_jsString($ticket['custom20']);
?>
');
if (document.getElementById)
{
if (document.getElementById('moderep').checked)
{
document.getElementById('HeskMsg').innerHTML='<textarea name="message" id="message" rows="12" cols="72">'+myMsg+'</textarea>';
}
else
{
var oldMsg = document.getElementById('message').value;
document.getElementById('HeskMsg').innerHTML='<textarea name="message" id="message" rows="12" cols="72">'+oldMsg+myMsg+'</textarea>';
}
}
else
{
if (document.form1.mode[0].checked)
{
document.form1.message.value=myMsg;
}
else
{
var oldMsg = document.form1.message.value;
document.form1.message.value=oldMsg+myMsg;
}
}
}
//-->
</script>
<?php
/* Return options for select box */
return $can_options;
}