function new_article() { global $hesk_settings, $hesklang, $listBox; global $hesk_error_buffer; /* A security check */ # hesk_token_check('POST'); $_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1); $hesk_error_buffer = array(); $catid = intval(hesk_POST('catid', 1)); $type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1); $html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1); $now = hesk_date(); // Prevent submitting duplicate articles by reloading manage_knowledgebase.php page if (isset($_SESSION['article_submitted'])) { header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid); exit; } $_SESSION['KB_CATEGORY'] = $catid; $subject = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['kb_e_subj']; if ($html) { if (empty($_POST['content'])) { $hesk_error_buffer[] = $hesklang['kb_e_cont']; } $content = hesk_getHTML(hesk_POST('content')); } else { $content = hesk_input(hesk_POST('content')) or $hesk_error_buffer[] = $hesklang['kb_e_cont']; $content = nl2br($content); $content = hesk_makeURL($content); } $sticky = isset($_POST['sticky']) ? 1 : 0; $keywords = hesk_input(hesk_POST('keywords')); /* Article attachments */ define('KB', 1); require_once HESK_PATH . 'inc/posting_functions.inc.php'; require_once HESK_PATH . 'inc/attachments.inc.php'; $attachments = array(); for ($i = 1; $i <= 3; $i++) { $att = hesk_uploadFile($i); if (!empty($att)) { $attachments[$i] = $att; } } $myattachments = ''; /* Any errors? */ if (count($hesk_error_buffer)) { // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use']) { hesk_removeAttachments($attachments); } $_SESSION['new_article'] = array('type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input(hesk_POST('content')), 'keywords' => $keywords, 'sticky' => $sticky); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "<li>{$error}</li>\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'manage_knowledgebase.php'); } $revision = sprintf($hesklang['revision1'], $now, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); /* Add to database */ if (!empty($attachments)) { foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; } } /* Get the latest reply_order */ $res = hesk_dbQuery("SELECT `art_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1"); $row = hesk_dbFetchRow($res); $my_order = $row[0] + 10; /* Insert article into database */ hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES (\n '" . intval($catid) . "',\n NOW(),\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($subject) . "',\n '" . hesk_dbEscape($content) . "',\n '" . hesk_dbEscape($keywords) . "',\n '" . intval($type) . "',\n '" . intval($html) . "',\n '" . intval($sticky) . "',\n '" . intval($my_order) . "',\n '" . hesk_dbEscape($revision) . "',\n '" . hesk_dbEscape($myattachments) . "'\n )"); $_SESSION['artord'] = hesk_dbInsertID(); // Update category article count if ($type == 0) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=`articles`+1 WHERE `id`='" . intval($catid) . "'"); } else { if ($type == 1) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='" . intval($catid) . "'"); } else { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='" . intval($catid) . "'"); } } unset($_SESSION['hide']); $_SESSION['article_submitted'] = 1; hesk_process_messages($hesklang['your_kb_added'], 'NOREDIRECT', 'SUCCESS'); $_GET['catid'] = $catid; manage_category(); }
function new_sm() { global $hesk_settings, $hesklang, $listBox; global $hesk_error_buffer; // A security check # hesk_token_check('POST'); $hesk_error_buffer = array(); $style = intval(hesk_POST('style', 0)); if ($style > 4 || $style < 0) { $style = 0; } $type = empty($_POST['type']) ? 0 : 1; $title = hesk_input(hesk_POST('title')) or $hesk_error_buffer[] = $hesklang['sm_e_title']; $message = hesk_getHTML(hesk_POST('message')); // Any errors? if (count($hesk_error_buffer)) { $_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => hesk_input(hesk_POST('message'))); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "<li>{$error}</li>\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'service_messages.php'); } // Just preview the message? if (isset($_POST['sm_preview'])) { $_SESSION['preview_sm'] = true; $_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => $message); header('Location: service_messages.php'); exit; } // Get the latest service message order $res = hesk_dbQuery("SELECT `order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` ORDER BY `order` DESC LIMIT 1"); $row = hesk_dbFetchRow($res); $my_order = intval($row[0]) + 10; // Insert service message into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` (`author`,`title`,`message`,`style`,`type`,`order`) VALUES (\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($title) . "',\n '" . hesk_dbEscape($message) . "',\n '{$style}',\n '{$type}',\n '{$my_order}'\n )"); $_SESSION['smord'] = hesk_dbInsertID(); hesk_process_messages($hesklang['sm_added'], 'service_messages.php', 'SUCCESS'); }
$set['list_users'] = empty($_POST['s_list_users']) ? 0 : 1; $set['debug_mode'] = empty($_POST['s_debug_mode']) ? 0 : 1; $set['short_link'] = empty($_POST['s_short_link']) ? 0 : 1; $set['select_cat'] = empty($_POST['s_select_cat']) ? 0 : 1; $set['select_pri'] = empty($_POST['s_select_pri']) ? 0 : 1; /* --> SPAM prevention */ $set['secimg_use'] = empty($_POST['s_secimg_use']) ? 0 : (hesk_POST('s_secimg_use') == 2 ? 2 : 1); $set['secimg_sum'] = ''; for ($i = 1; $i <= 10; $i++) { $set['secimg_sum'] .= substr('AEUYBDGHJLMNPQRSTVWXZ123456789', rand(0, 29), 1); } $set['recaptcha_use'] = hesk_checkMinMax(intval(hesk_POST('s_recaptcha_use')), 0, 2, 0); $set['recaptcha_public_key'] = hesk_input(hesk_POST('s_recaptcha_public_key')); $set['recaptcha_private_key'] = hesk_input(hesk_POST('s_recaptcha_private_key')); $set['question_use'] = empty($_POST['s_question_use']) ? 0 : 1; $set['question_ask'] = hesk_getHTML(hesk_POST('s_question_ask')) or hesk_error($hesklang['err_qask']); $set['question_ans'] = hesk_input(hesk_POST('s_question_ans'), $hesklang['err_qans']); /* --> Security */ $set['attempt_limit'] = hesk_checkMinMax(intval(hesk_POST('s_attempt_limit')), 0, 999, 5); if ($set['attempt_limit'] > 0) { $set['attempt_limit']++; } $set['attempt_banmin'] = hesk_checkMinMax(intval(hesk_POST('s_attempt_banmin')), 5, 99999, 60); $set['reset_pass'] = empty($_POST['s_reset_pass']) ? 0 : 1; $set['email_view_ticket'] = empty($_POST['s_email_view_ticket']) ? 0 : 1; /* --> Attachments */ $set['attachments']['use'] = empty($_POST['s_attach_use']) ? 0 : 1; if ($set['attachments']['use']) { $set['attachments']['max_number'] = intval(hesk_POST('s_max_number', 2)); $size = floatval(hesk_POST('s_max_size', '1.0')); $unit = hesk_htmlspecialchars(hesk_POST('s_max_unit', 'MB'));