define('HESK_PATH', './'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; hesk_load_database_functions(); hesk_session_start(); /* Get the tracking ID */ $trackingID = hesk_cleanID() or die("{$hesklang['int_error']}: {$hesklang['no_trackID']}"); /* Connect to database */ hesk_dbConnect(); // Perform additional checks for customers if (empty($_SESSION['id'])) { // Are we in maintenance mode? hesk_check_maintenance(); // Verify email address match hesk_verifyEmailMatch($trackingID); } /* Get ticket info */ $res = hesk_dbQuery("SELECT `t1`.* , `t2`.name AS `repliername`\n\t\t\t\t\tFROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id`\n\t\t\t\t\tWHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { hesk_error($hesklang['ticket_not_found']); } $ticket = hesk_dbFetchAssoc($res); // Demo mode if (defined('HESK_DEMO')) { $ticket['email'] = '*****@*****.**'; $ticket['ip'] = '127.0.0.1'; } /* Get category name and ID */ $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='{$ticket['category']}' LIMIT 1"); /* If this category has been deleted use the default category with ID 1 */
$trackingID = $ticket['trackid']; } else { hesk_process_messages(sprintf($hesklang['tme1'], $trackingID, $ticket['trackid']) . '<br /><br />' . sprintf($hesklang['tme2'], $ticket['trackid']), 'NOREDIRECT', 'NOTICE'); $trackingID = $ticket['trackid']; print_form(); } } else { /* Nothing found, error out */ hesk_process_messages($hesklang['ticket_not_found'], 'NOREDIRECT'); print_form(); } } else { /* We have a match, get ticket info */ $ticket = hesk_dbFetchAssoc($res); /* If we require e-mail to view tickets check if it matches the one in database */ hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']); } /* Ticket exists, clean brute force attempts */ hesk_cleanBfAttempts(); /* Remember email address? */ if ($is_form) { if (!empty($_GET['r'])) { setcookie('hesk_myemail', $my_email, strtotime('+1 year')); $do_remember = ' checked="checked" '; } elseif (isset($_COOKIE['hesk_myemail'])) { setcookie('hesk_myemail', ''); } } /* Set last replier name */ if ($ticket['lastreplier']) { if (empty($ticket['repliername'])) {
$tic_id = hesk_cleanID() or die("{$hesklang['int_error']}: {$hesklang['no_trackID']}"); // Connect to database hesk_dbConnect(); // Get attachment info $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='{$att_id}' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { hesk_error($hesklang['id_not_valid'] . ' (att_id)'); } $file = hesk_dbFetchAssoc($res); // Is ticket ID valid for this attachment? if ($file['ticket_id'] != $tic_id) { hesk_error($hesklang['trackID_not_found']); } // Verify email address match if needed if (empty($_SESSION['id'])) { hesk_verifyEmailMatch($tic_id); } } // Path of the file on the server $realpath = $hesk_settings['attach_dir'] . '/' . $file['saved_name']; // Perhaps the file has been deleted? if (!file_exists($realpath)) { hesk_error($hesklang['attdel']); } // Send the file as an attachment to prevent malicious code from executing header("Pragma: "); # To fix a bug in IE when running https header("Cache-Control: "); # To fix a bug in IE when running https header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream');