function hesk_initOnline($user_id) { global $hesk_settings, $hesklang; /* Set user to online */ hesk_setOnline($user_id); /* Can this user view online staff? */ if (hesk_checkPermission('can_view_online', 0)) { $hesk_settings['users_online'] = hesk_listOnline(); define('SHOW_ONLINE', 1); } return true; }
} ?> <li role="presentation" class="active"> <a href="#"><?php echo $hesklang['email_templates']; ?> <i class="fa fa-question-circle settingsquestionmark" data-toggle="popover" title="<?php echo $hesklang['email_templates']; ?> " data-content="<?php echo $hesklang['email_templates_intro']; ?> "></i></a> </li> <?php if (hesk_checkPermission('can_man_ticket_statuses', 0)) { echo ' <li role="presentation"> <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a> </li> '; } ?> </ul> <div class="tab-content summaryList tabPadding"> <?php if ($showEditPanel) { ?> <div class="row"> <div class="col-md-12"> <div class="panel panel-default">
* https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions */ $can_view_tickets = hesk_checkPermission('can_view_tickets', 0); $can_reply_tickets = hesk_checkPermission('can_reply_tickets', 0); $can_view_unassigned = hesk_checkPermission('can_view_unassigned', 0); /* Update profile? */ if (!empty($_POST['action'])) { // Demo mode if (defined('HESK_DEMO')) { hesk_process_messages($hesklang['sdemo'], 'profile.php', 'NOTICE'); } // Update profile update_profile(); } else { $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1"); $tmp = hesk_dbFetchAssoc($res); foreach ($tmp as $k => $v) { if ($k == 'pass') { if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') { define('WARN_PASSWORD', true);
* https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_reply_tickets'); hesk_checkPermission('can_edit_tickets'); /* A security check */ hesk_token_check(); /* Ticket ID */ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']); /* New archived status */ if (empty($_GET['locked'])) { $status = 0; $tmp = $hesklang['tunlock']; $revision = sprintf($hesklang['thist6'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); } else { $status = 1; $tmp = $hesklang['tlock']; $revision = sprintf($hesklang['thist5'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); } /* Update database */
function output_user_dropdown($catId, $selectId, $userArray) { global $hesklang; if (!hesk_checkPermission('can_set_manager', 0)) { foreach ($userArray as $user) { if ($user['id'] == $selectId) { return '<p>' . $user['name'] . '</p>'; } } return '<p>' . $hesklang['no_manager'] . '</p>'; } else { $dropdownMarkup = '<select class="form-control input-sm" name="managerid"> <option value="0">' . $hesklang['no_manager'] . '</option>'; foreach ($userArray as $user) { $select = $selectId == $user['id'] ? 'selected' : ''; $dropdownMarkup .= '<option value="' . $user['id'] . '" ' . $select . '>' . $user['name'] . '</option>'; } $dropdownMarkup .= '</select>'; return '<form role="form" id="manager_form_' . $catId . '" action="manage_categories.php" method="post" class="form-inline" onchange="document.getElementById(\'manager_form_' . $catId . '\').submit();"> <input type="hidden" name="a" value="manager"> <input type="hidden" name="catid" value="' . $catId . '"> ' . $dropdownMarkup . ' </form>'; } }
if (isset($flush_me)) { if ($tickets_exported > 0) { hesk_show_success($flush_me); } else { hesk_show_notice($hesklang['n2ex']); } } ?> <!-- TABS --> <div id="tab1" class="tabberlive" style="margin-top:0px"> <ul class="tabbernav"> <?php // Show a link to reports.php if user has permission to do so if (hesk_checkPermission('can_run_reports', 0)) { echo '<li class=""><a title="' . $hesklang['reports_tab'] . '" href="reports.php">' . $hesklang['reports_tab'] . ' [+]</a></li>'; } ?> <li class="tabberactive"><a title="<?php echo $hesklang['export']; ?> " href="javascript:void(null);" onclick="javascript:alert('<?php echo $hesklang['export_intro']; ?> ')"><?php echo $hesklang['export']; ?> [?]</a></li> </ul>
/* Print main manage users page */ require_once HESK_PATH . 'inc/show_admin_nav.inc.php'; ?> </td> </tr> <tr> <td> <!-- TABS --> <div id="tab1" class="tabberlive" style="margin-top:0px"> <ul class="tabbernav"> <?php // Show a link to manage_ticket_templates.php if user has permission to do so if (hesk_checkPermission('can_man_canned', 0)) { echo '<li class=""><a title="' . $hesklang['manage_saved'] . '" href="manage_canned.php">' . $hesklang['manage_saved'] . '</a></li>'; } ?> <li class="tabberactive"><a title="<?php echo $hesklang['ticket_tpl']; ?> " href="javascript:void(null);" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['ticket_tpl_intro']); ?> ')"><?php echo $hesklang['ticket_tpl']; ?> [?]</a></li> </ul>
* https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); define('CALENDAR', 1); $_SESSION['hide']['ticket_list'] = true; /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); $_SERVER['PHP_SELF'] = './admin_main.php'; /* Print header */ require_once HESK_PATH . 'inc/header.inc.php'; /* Print admin navigation */ require_once HESK_PATH . 'inc/show_admin_nav.inc.php'; ?> </td> </tr> <tr> <td> <div class="container tickets-found"><?php echo $hesklang['tickets_found']; ?>
/* A list of all categories */ $hesk_settings['categories'] = array(); $res = hesk_dbQuery('SELECT `id`,`name` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` ORDER BY `cat_order` ASC'); while ($row = hesk_dbFetchAssoc($res)) { if (hesk_okCategory($row['id'], 0)) { $hesk_settings['categories'][$row['id']] = $row['name']; } } /* Non-admin users may not create users with more permissions than they have */ if (!$_SESSION['isadmin']) { /* Can't create admin users */ $_POST['isadmin'] = 0; /* Can only add features he/she has access to */ $hesk_settings['features'] = array_intersect(explode(',', $_SESSION['heskprivileges']), $hesk_settings['features']); /* Can user modify auto-assign setting? */ if ($hesk_settings['autoassign'] && (!hesk_checkPermission('can_assign_self', 0) || !hesk_checkPermission('can_assign_others', 0))) { $hesk_settings['autoassign'] = 0; } } /* Use any set values, default otherwise */ foreach ($default_userdata as $k => $v) { if (!isset($_SESSION['userdata'][$k])) { $_SESSION['userdata'][$k] = $v; } } $_SESSION['userdata'] = hesk_stripArray($_SESSION['userdata']); /* What should we do? */ if ($action = hesk_REQUEST('a')) { if ($action == 'reset_form') { $_SESSION['edit_userdata'] = TRUE; header('Location: ./manage_users.php');
// Note ID $noteID = intval(hesk_REQUEST('note')) or die($hesklang['int_error'] . ': ' . $hesklang['mis_note']); // Get ticket info $result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_error($hesklang['ticket_not_found']); } $ticket = hesk_dbFetchAssoc($result); // Get note info $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}"); if (hesk_dbNumRows($result) != 1) { hesk_error($hesklang['no_note']); } $note = hesk_dbFetchAssoc($result); // Make sure the note matches the ticket and the user has permission to edit it if ($note['ticket'] != $ticket['id'] || !hesk_checkPermission('can_del_notes', 0) && $note['who'] != $_SESSION['id']) { hesk_error($hesklang['perm_deny']); } // Save changes? if (isset($_POST['save'])) { // A security check hesk_token_check('POST'); // Get message $tmpvar['message'] = nl2br(hesk_makeURL(hesk_input(hesk_POST('message')))); // If we have message or attachments do the update if (strlen($tmpvar['message']) || strlen($note['attachments'])) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`={$noteID}"); hesk_process_messages($hesklang['ednote2'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); } else { hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}"); header('Location: admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
// Is this person allowed access to this attachment? $res = hesk_dbQuery("SELECT `t1`.`type` as `cat_type`, `t2`.`type` as `art_type`\r\n\t\t\t\t\t\tFROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t2`\r\n JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t1`\r\n ON `t2`.`catid` = `t1`.`id`\r\n WHERE (`t2`.`attachments` LIKE '{$att_id}#%' OR `t2`.`attachments` LIKE '%,{$att_id}#%' )\r\n LIMIT 1"); // If no attachment found, throw an error if (hesk_dbNumRows($res) != 1) { hesk_error($hesklang['id_not_valid'] . ' (no_art)'); } $row = hesk_dbFetchAssoc($res); // Private or draft article or category? if ($row['cat_type'] || $row['art_type']) { if (empty($_SESSION['id'])) { // This is a staff-only attachment hesk_error($hesklang['attpri']); } elseif ($row['art_type'] == 2) { // Need permission to manage KB to access draft attachments require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_checkPermission('can_man_kb'); } } } else { // Attachmend ID and ticket tracking ID $att_id = intval(hesk_GET('att_id', 0)) or die($hesklang['id_not_valid']); $tic_id = hesk_cleanID() or die("{$hesklang['int_error']}: {$hesklang['no_trackID']}"); // Connect to database hesk_dbConnect(); // Get attachment info $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='{$att_id}' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { hesk_error($hesklang['id_not_valid'] . ' (att_id)'); } $file = hesk_dbFetchAssoc($res); // Is ticket ID valid for this attachment?
function hesk_getAdminButtons($reply = 0, $white = 1) { global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete; $options = ''; /* Style and mousover/mousout */ $tmp = $white ? 'White' : 'Blue'; $style = 'class="option' . $tmp . 'OFF" onmouseover="this.className=\'option' . $tmp . 'ON\'" onmouseout="this.className=\'option' . $tmp . 'OFF\'"'; /* Lock ticket button */ if ($can_edit) { if ($ticket['locked']) { $des = $hesklang['tul'] . ' - ' . $hesklang['isloc']; $options .= '<a href="lock.php?track=' . $trackingID . '&locked=0&Refresh=' . mt_rand(10000, 99999) . '&token=' . hesk_token_echo(0) . '"><img src="../img/unlock.png" width="16" height="16" alt="' . $des . '" title="' . $des . '" ' . $style . ' /></a> '; } else { $des = $hesklang['tlo'] . ' - ' . $hesklang['isloc']; $options .= '<a href="lock.php?track=' . $trackingID . '&locked=1&Refresh=' . mt_rand(10000, 99999) . '&token=' . hesk_token_echo(0) . '"><img src="../img/lock.png" width="16" height="16" alt="' . $des . '" title="' . $des . '" ' . $style . ' /></a> '; } } /* Tag ticket button */ if ($can_archive) { if ($ticket['archive']) { $options .= '<a href="archive.php?track=' . $trackingID . '&archived=0&Refresh=' . mt_rand(10000, 99999) . '&token=' . hesk_token_echo(0) . '"><img src="../img/tag.png" width="16" height="16" alt="' . $hesklang['remove_archive'] . '" title="' . $hesklang['remove_archive'] . '" ' . $style . ' /></a> '; } else { $options .= '<a href="archive.php?track=' . $trackingID . '&archived=1&Refresh=' . mt_rand(10000, 99999) . '&token=' . hesk_token_echo(0) . '"><img src="../img/tag_off.png" width="16" height="16" alt="' . $hesklang['add_archive'] . '" title="' . $hesklang['add_archive'] . '" ' . $style . ' /></a> '; } } /* Import to knowledgebase button */ if ($hesk_settings['kb_enable'] && hesk_checkPermission('can_man_kb', 0)) { $options .= '<a href="manage_knowledgebase.php?a=import_article&track=' . $trackingID . '"><img src="../img/import_kb.png" width="16" height="16" alt="' . $hesklang['import_kb'] . '" title="' . $hesklang['import_kb'] . '" ' . $style . ' /></a> '; } /* Print ticket button */ $options .= '<a href="../print.php?track=' . $trackingID . '"><img src="../img/print.png" width="16" height="16" alt="' . $hesklang['printer_friendly'] . '" title="' . $hesklang['printer_friendly'] . '" ' . $style . ' /></a> '; /* Edit post */ if ($can_edit) { $tmp = $reply ? '&reply=' . $reply['id'] : ''; $options .= '<a href="edit_post.php?track=' . $trackingID . $tmp . '"><img src="../img/edit.png" width="16" height="16" alt="' . $hesklang['edtt'] . '" title="' . $hesklang['edtt'] . '" ' . $style . ' /></a> '; } /* Delete ticket */ if ($can_delete) { if ($reply) { $url = 'admin_ticket.php'; $tmp = 'delete_post=' . $reply['id']; $img = 'delete.png'; $txt = $hesklang['delt']; } else { $url = 'delete_tickets.php'; $tmp = 'delete_ticket=1'; $img = 'delete_ticket.png'; $txt = $hesklang['dele']; } $options .= '<a href="' . $url . '?track=' . $trackingID . '&' . $tmp . '&Refresh=' . mt_rand(10000, 99999) . '&token=' . hesk_token_echo(0) . '" onclick="return hesk_confirmExecute(\'' . hesk_makeJsString($txt) . '?\');"><img src="../img/' . $img . '" width="16" height="16" alt="' . $txt . '" title="' . $txt . '" ' . $style . ' /></a> '; } /* Return generated HTML */ return $options; }
* a license for this script. For more information on how to obtain * a license please visit the page below: * https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_man_ticket_tpl'); // Define required constants define('LOAD_TABS', 1); /* What should we do? */ if ($action = hesk_REQUEST('a')) { if (defined('HESK_DEMO')) { hesk_process_messages($hesklang['ddemo'], 'manage_ticket_templates.php', 'NOTICE'); } elseif ($action == 'new') { new_saved(); } elseif ($action == 'edit') { edit_saved(); } elseif ($action == 'remove') { remove(); } elseif ($action == 'order') { order_saved(); }
echo $hesklang['banemail']; ?> " href="#b-email" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banemail_intro']); ?> ')"><?php echo $hesklang['banemail']; ?> [?]</a></li> <?php // Show a link to banned_ips.php if user has permission to do so if (hesk_checkPermission('can_ban_ips', 0)) { echo '<li id="banned-ips"><a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a></li> '; } // Show a link to status_message.php if user has permission to do so if (hesk_checkPermission('can_service_msg', 0)) { echo '<li id="service-msg-tools"><a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a></li> '; } ?> </ul> <script language="javascript" type="text/javascript"><!-- function confirm_delete() { if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?> ')) {return true;} else {return false;} } //-->
* a license please visit the page below: * https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_add_archive'); /* A security check */ hesk_token_check(); /* Ticket ID */ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']); /* New archived status */ if (empty($_GET['archived'])) { $status = 0; $tmp = $hesklang['removedfromarchive']; } else { $status = 1; $tmp = $hesklang['added2archive']; } /* Update database */ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `archive`='{$status}' WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); /* Back to ticket page and show a success message */
/* Print header */ require_once HESK_PATH . 'inc/header.inc.php'; /* Print admin navigation */ require_once HESK_PATH . 'inc/show_admin_nav.inc.php'; ?> <div class="container filter-ticket-title"><?php echo $hesklang['filter_ticket']; ?> </div> <?php /* This will handle error, success and notice messages */ hesk_handle_messages(); /* Print tickets? */ if (hesk_checkPermission('can_view_tickets', 0)) { $sql = hesk_dbQuery("SELECT id FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets`"); $sql_description = hesk_dbQuery("SELECT subject, id FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets`"); $sql_category = hesk_dbQuery("SELECT name, id FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories`"); $sql_client = hesk_dbQuery("SELECT user, id FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "clients`"); ?> <div class="container filter-ticket-admin" id="filter-ticket-admin"> <!-- Krijojme nje div per filtrat --> <form method="post" autocomplete = "off" action=""> <datalist id="ticket_id_list"> <?php while ($tmp = hesk_dbFetchAssoc($sql)) { echo '<option value=' . $tmp["id"] . '>'; } ?> </datalist>
* a license for this script. For more information on how to obtain * a license please visit the page below: * https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_man_cat'); // Possible priorities $priorities = array(3 => array('value' => 3, 'text' => $hesklang['low'], 'formatted' => $hesklang['low']), 2 => array('value' => 2, 'text' => $hesklang['medium'], 'formatted' => '<font class="medium">' . $hesklang['medium'] . '</font>'), 1 => array('value' => 1, 'text' => $hesklang['high'], 'formatted' => '<font class="important">' . $hesklang['high'] . '</font>'), 0 => array('value' => 0, 'text' => $hesklang['critical'], 'formatted' => '<font class="critical">' . $hesklang['critical'] . '</font>')); /* What should we do? */ if ($action = hesk_REQUEST('a')) { if ($action == 'linkcode') { generate_link_code(); } elseif (defined('HESK_DEMO')) { hesk_process_messages($hesklang['ddemo'], 'manage_categories.php', 'NOTICE'); } elseif ($action == 'new') { new_cat(); } elseif ($action == 'rename') { rename_cat(); } elseif ($action == 'remove') { remove(); } elseif ($action == 'order') {
// -> Setup SQL based on selected ticket assignments /* Make sure at least one is chosen */ if (!$s_my[$fid] && !$s_ot[$fid] && !$s_un[$fid]) { $s_my[$fid] = 1; $s_ot[$fid] = 1; $s_un[$fid] = 1; if (!defined('MAIN_PAGE')) { hesk_show_notice($hesklang['e_nose']); } } /* If the user doesn't have permission to view assigned to others block those */ if (!hesk_checkPermission('can_view_ass_others', 0)) { $s_ot[$fid] = 0; } /* If the user doesn't have permission to view unassigned tickets block those */ if (!hesk_checkPermission('can_view_unassigned', 0)) { $s_un[$fid] = 0; } /* Process assignments */ if (!$s_my[$fid] || !$s_ot[$fid] || !$s_un[$fid]) { if ($s_my[$fid] && $s_ot[$fid]) { // All but unassigned $sql .= " AND `owner` > 0 "; } elseif ($s_my[$fid] && $s_un[$fid]) { // My tickets + unassigned $sql .= " AND `owner` IN ('0', '" . intval($_SESSION['id']) . "') "; } elseif ($s_ot[$fid] && $s_un[$fid]) { // Assigned to others + unassigned $sql .= " AND `owner` != '" . intval($_SESSION['id']) . "' "; } elseif ($s_my[$fid]) { // Assigned to me only
$priority_sql = ""; } /* Update the original ticket */ $new_status = empty($_POST['close']) ? 2 : 3; /* --> If a ticket is locked keep it closed */ if ($ticket['locked']) { $new_status = 3; } $sql = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$new_status}', `lastreplier`='1', `replierid`='" . intval($_SESSION['id']) . "' "; /* Update time_worked or force update lastchange */ if ($time_worked == '00:00:00') { $sql .= ", `lastchange` = NOW() "; } else { $sql .= ",`time_worked` = ADDTIME(`time_worked`,'" . hesk_dbEscape($time_worked) . "') "; } if (!empty($_POST['assign_self']) && hesk_checkPermission('can_assign_self', 0)) { $revision = sprintf($hesklang['thist2'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $sql .= " , `owner`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') "; } $sql .= " {$priority_sql} "; if ($new_status == 3) { $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $sql .= " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') "; if ($hesk_settings['custopen'] != 1) { $sql .= " , `locked`='1' "; } } $sql .= " WHERE `id`='{$replyto}' LIMIT 1"; hesk_dbQuery($sql); unset($sql); /* Update number of replies in the users table */
<option value="untag"><?php echo $hesklang['remove_archive_quick']; ?> </option> <?php } if (!defined('HESK_DEMO')) { if (hesk_checkPermission('can_merge_tickets', 0)) { ?> <option value="merge"><?php echo $hesklang['mer_selected']; ?> </option> <?php } if (hesk_checkPermission('can_del_tickets', 0)) { ?> <option value="delete"><?php echo $hesklang['del_selected']; ?> </option> <?php } } // End demo ?> </select> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?> " />
<td> </td> '; } } if (hesk_checkPermission('can_run_reports', 0)) { echo ' <td><a href="reports.php"><img src="../img/ico_reports.gif" width="26" height="26" border="0" alt="' . $hesklang['reports'] . '" title="' . $hesklang['reports'] . '" /><br />' . $hesklang['reports'] . '</a><br /><img src="../img/blank.gif" width="50" height="1" alt="" /></td> <td> </td> '; } elseif (hesk_checkPermission('can_export', 0)) { echo ' <td><a href="export.php"><img src="../img/ico_reports.gif" width="26" height="26" border="0" alt="' . $hesklang['reports'] . '" title="' . $hesklang['reports'] . '" /><br />' . $hesklang['reports'] . '</a><br /><img src="../img/blank.gif" width="50" height="1" alt="" /></td> <td> </td> '; } if (hesk_checkPermission('can_man_settings', 0)) { echo ' <td><a href="admin_settings.php"><img src="../img/ico_settings.gif" width="26" height="26" border="0" alt="' . $hesklang['settings'] . '" title="' . $hesklang['settings'] . '" /><br />' . $hesklang['settings'] . '</a><br /><img src="../img/blank.gif" width="50" height="1" alt="" /></td> <td> </td> '; } ?> <td><a href="profile.php"><img src="../img/ico_profile.gif" width="26" height="26" border="0" alt="<?php echo $hesklang['menu_profile']; ?> " title="<?php echo $hesklang['menu_profile']; ?> " /><br /><?php echo $hesklang['menu_profile'];
$res = hesk_dbQuery("SELECT `name`,`isadmin`,`categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='{$tmpvar['owner']}' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $row = hesk_dbFetchAssoc($res); if (!$row['isadmin']) { $row['categories'] = explode(',', $row['categories']); if (!in_array($tmpvar['category'], $row['categories'])) { $_SESSION['isnotice'][] = 'category'; $hesk_error_buffer['owner'] = $hesklang['onasc']; } } } else { $_SESSION['isnotice'][] = 'category'; $hesk_error_buffer['owner'] = $hesklang['onasc']; } } } elseif (hesk_checkPermission('can_assign_self', 0) && hesk_okCategory($tmpvar['category'], 0) && !empty($_POST['assing_to_self'])) { $tmpvar['owner'] = intval($_SESSION['id']); } // Notify customer of the ticket? $notify = !empty($_POST['notify']) ? 1 : 0; // Show ticket after submission? $show = !empty($_POST['show']) ? 1 : 0; // Attachments if ($hesk_settings['attachments']['use']) { require_once HESK_PATH . 'inc/attachments.inc.php'; $attachments = array(); $trackingID = $tmpvar['trackid']; for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) { $att = hesk_uploadFile($i); if ($att !== false && !empty($att)) { $attachments[$i] = $att;
* a license please visit the page below: * https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_reply_tickets'); /* A security check */ hesk_token_check('POST'); /* Ticket ID */ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']); $priority = intval(hesk_POST('priority')); if ($priority < 0 || $priority > 3) { hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE'); } $options = array(0 => '<font class="critical">' . $hesklang['critical'] . '</font>', 1 => '<font class="important">' . $hesklang['high'] . '</font>', 2 => '<font class="medium">' . $hesklang['medium'] . '</font>', 3 => $hesklang['low']); $revision = sprintf($hesklang['thist8'], hesk_date(), $options[$priority], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE'); } hesk_process_messages(sprintf($hesklang['chpri2'], $options[$priority]), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
function import_article() { global $hesk_settings, $hesklang, $listBox; $_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1); $_SESSION['KB_CATEGORY'] = 1; // Get ticket ID $trackingID = hesk_cleanID(); if (empty($trackingID)) { return false; } // Get ticket info $res = hesk_dbQuery("SELECT `id`,`category`,`subject`,`message`,`owner` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { return false; } $ticket = hesk_dbFetchAssoc($res); // Permission to view this ticket? if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) { return false; } if (!$ticket['owner'] && !hesk_checkPermission('can_view_unassigned', 0)) { return false; } // Is this user allowed to view tickets inside this category? if (!hesk_okCategory($ticket['category'], 0)) { return false; } // Set article contents if ($hesk_settings['kb_wysiwyg']) { // With WYSIWYG editor $_SESSION['new_article'] = array('html' => 1, 'subject' => $ticket['subject'], 'content' => hesk_htmlspecialchars($ticket['message'])); } else { // Without WYSIWYG editor * $_SESSION['new_article'] = array('html' => 0, 'subject' => $ticket['subject'], 'content' => hesk_msgToPlain($ticket['message'])); } // Get messages from replies to the ticket $res = hesk_dbQuery("SELECT `message` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` ASC"); while ($reply = hesk_dbFetchAssoc($res)) { if ($hesk_settings['kb_wysiwyg']) { $_SESSION['new_article']['content'] .= "<br /><br />" . hesk_htmlspecialchars($reply['message']); } else { $_SESSION['new_article']['content'] .= "\n\n" . hesk_msgToPlain($reply['message']); } } hesk_process_messages($hesklang['import'], 'NOREDIRECT', 'NOTICE'); }
if (is_dir(HESK_PATH . 'install')) { die('Please delete the <b>install</b> folder from your server for security reasons then refresh this page!'); } // Get all the required files and functions require HESK_PATH . 'hesk_settings.inc.php'; // Save the default language for the settings page before choosing user's preferred one $hesk_settings['language_default'] = $hesk_settings['language']; require HESK_PATH . 'inc/common.inc.php'; $hesk_settings['language'] = $hesk_settings['language_default']; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); // Check permissions for this feature hesk_checkPermission('can_man_settings'); // Test languages function if (isset($_GET['test_languages'])) { hesk_testLanguage(0); } $help_folder = '../language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/help_files/'; $enable_save_settings = 0; $enable_use_attachments = 0; $server_time = date('H:i', strtotime(hesk_date())); // Print header require_once HESK_PATH . 'inc/header.inc.php'; // Print main manage users page require_once HESK_PATH . 'inc/show_admin_nav.inc.php'; // Demo mode? Hide values of sensitive settings if (defined('HESK_DEMO')) { $hesk_settings['db_host'] = $hesklang['hdemo'];
if ($hesk_settings['autoassign']) { echo '<option value="-2"> > ' . $hesklang['aass'] . ' < </option>'; } $owner = isset($_SESSION['as_owner']) ? intval($_SESSION['as_owner']) : 0; foreach ($admins as $k => $v) { if ($k == $owner) { echo '<option value="' . $k . '" selected="selected">' . $v . '</option>'; } else { echo '<option value="' . $k . '">' . $v . '</option>'; } } ?> </select></label> </div> <?php } elseif (hesk_checkPermission('can_assign_self', 0)) { $checked = !isset($_SESSION['as_owner']) || !empty($_SESSION['as_owner']) ? 'checked="checked"' : ''; ?> <div class="form-inline"> <span><b><?php echo $hesklang['owner']; ?> :</b></span> <label><input class="contact-newTicket" type="checkbox" name="assing_to_self" value="1" <?php echo $checked; ?> /> <?php echo $hesklang['asss2']; ?> </label> </div>
</td> </tr> <tr> <td> <!-- TABS --> <div id="tab1" class="tabberlive" style="margin-top:0px"> <ul class="tabbernav"> <?php // Show a link to banned_emails.php if user has permission to do so if (hesk_checkPermission('can_ban_emails', 0)) { echo '<li class=""><a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a></li> '; } if (hesk_checkPermission('can_ban_ips', 0)) { echo '<li class=""><a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a></li> '; } ?> <li class="tabberactive"><a title="<?php echo $hesklang['sm_title']; ?> " href="javascript:void(null);" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['sm_intro']); ?> ')"><?php echo $hesklang['sm_title']; ?> [?]</a></li> </ul>
function hesk_ticketsByUser() { global $hesk_settings, $hesklang, $date_from, $date_to; // Some variables we will need $tickets = array(); $totals = array('asstickets' => 0, 'resolved' => 0, 'tickets' => 0, 'replies' => 0, 'worked' => 0); // Get list of users $admins = array(); // I. ADMINISTRATORS can view all users if ($_SESSION['isadmin'] || hesk_checkPermission('can_run_reports_full', 0)) { // -> get list of users $res = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ORDER BY `name` ASC"); // -> populate $admins and $tickets arrays while ($row = hesk_dbFetchAssoc($res)) { $admins[$row['id']] = $row['name']; $tickets[$row['id']] = array('asstickets' => 0, 'resolved' => 0, 'tickets' => 0, 'replies' => 0, 'worked' => ''); } // -> get list of tickets $res = hesk_dbQuery("SELECT `owner`, COUNT(*) AS `cnt`" . ($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '') . " FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `owner` IN ('" . implode("','", array_keys($admins)) . "') AND {$hesk_settings['dt_sql']} GROUP BY `owner`"); // -> update ticket list values while ($row = hesk_dbFetchAssoc($res)) { if (!$hesk_settings['time_worked']) { $row['seconds_worked'] = 0; } $tickets[$row['owner']]['asstickets'] += $row['cnt']; $totals['asstickets'] += $row['cnt']; $tickets[$row['owner']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0; $totals['worked'] += $row['seconds_worked']; } // -> get list of resolved tickets $res = hesk_dbQuery("SELECT `owner`, COUNT(*) AS `cnt` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `owner` IN ('" . implode("','", array_keys($admins)) . "') AND `status`='3' AND {$hesk_settings['dt_sql']} GROUP BY `owner`"); // -> update resolved ticket list values while ($row = hesk_dbFetchAssoc($res)) { $tickets[$row['owner']]['resolved'] += $row['cnt']; $totals['resolved'] += $row['cnt']; } // -> get number of replies $res = hesk_dbQuery("SELECT `staffid`, COUNT(*) AS `cnt`, COUNT(DISTINCT `replyto`) AS `tcnt` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `staffid` IN ('" . implode("','", array_keys($admins)) . "') AND {$hesk_settings['dt_sql']} GROUP BY `staffid`"); // -> update number of replies values while ($row = hesk_dbFetchAssoc($res)) { $tickets[$row['staffid']]['tickets'] += $row['tcnt']; $tickets[$row['staffid']]['replies'] += $row['cnt']; $totals['tickets'] += $row['tcnt']; $totals['replies'] += $row['cnt']; } } else { $admins[$_SESSION['id']] = $_SESSION['name']; // -> get list of tickets $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`" . ($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '') . " FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `owner` = '" . intval($_SESSION['id']) . "' AND {$hesk_settings['dt_sql']}"); $row = hesk_dbFetchAssoc($res); // -> update ticket values $tickets[$_SESSION['id']]['asstickets'] = $row['cnt']; $totals['asstickets'] = $row['cnt']; $tickets[$_SESSION['id']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0; $totals['worked'] += $row['seconds_worked']; // -> get list of resolved tickets $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `owner` = '" . intval($_SESSION['id']) . "' AND `status`='3' AND {$hesk_settings['dt_sql']}"); $row = hesk_dbFetchAssoc($res); // -> update resolved ticket values $tickets[$_SESSION['id']]['resolved'] = $row['cnt']; $totals['resolved'] = $row['cnt']; // -> get number of replies $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`, COUNT(DISTINCT `replyto`) AS `tcnt` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `staffid` = '" . intval($_SESSION['id']) . "' AND {$hesk_settings['dt_sql']}"); $row = hesk_dbFetchAssoc($res); $tickets[$_SESSION['id']]['tickets'] = $row['tcnt']; $tickets[$_SESSION['id']]['replies'] = $row['cnt']; $totals['tickets'] = $row['tcnt']; $totals['replies'] = $row['cnt']; } // Convert total seconds worked to HH:MM:SS $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0; ?> <table width="100%" cellpadding="5" style="text-align:justify;border-collapse:collapse;padding:10px;"> <tr style="border-bottom:1px solid #000000;"> <td><?php echo $hesklang['user']; ?> </td> <td><?php echo $hesklang['ticass']; ?> </td> <td><?php echo $hesklang['topen']; ?> </td> <td><?php echo $hesklang['closed']; ?> </td> <td><?php echo $hesklang['ticall']; ?> </td> <td><?php echo $hesklang['replies']; ?> </td> <?php if ($hesk_settings['time_worked']) { echo '<td>' . $hesklang['ts'] . '</td>'; } ?> </tr> <?php $num_tickets = count($tickets); if ($num_tickets > 10) { ?> <tr style="border-bottom:1px solid #000000;"> <td><b><?php echo $hesklang['totals']; ?> </b></td> <td><b><?php echo $totals['asstickets']; ?> </b></td> <td><b><?php echo $totals['asstickets'] - $totals['resolved']; ?> </b></td> <td><b><?php echo $totals['resolved']; ?> </b></td> <td><b><?php echo $totals['tickets']; ?> </b></td> <td><b><?php echo $totals['replies']; ?> </b></td> <?php if ($hesk_settings['time_worked']) { echo '<td><b>' . $totals['worked'] . '</b></td>'; } ?> </tr> <?php } $cls = ''; foreach ($tickets as $k => $d) { $cls = $cls ? '' : 'style="background:#EEEEE8;"'; ?> <tr <?php echo $cls; ?> > <td><?php echo $admins[$k]; ?> </td> <td><?php echo $d['asstickets']; ?> </td> <td><?php echo $d['asstickets'] - $d['resolved']; ?> </td> <td><?php echo $d['resolved']; ?> </td> <td><?php echo $d['tickets']; ?> </td> <td><?php echo $d['replies']; ?> </td> <?php if ($hesk_settings['time_worked']) { echo '<td>' . $d['worked'] . '</td>'; } ?> </tr> <?php } ?> <tr style="border-top:1px solid #000000;"> <td><b><?php echo $hesklang['totals']; ?> </b></td> <td><b><?php echo $totals['asstickets']; ?> </b></td> <td><b><?php echo $totals['asstickets'] - $totals['resolved']; ?> </b></td> <td><b><?php echo $totals['resolved']; ?> </b></td> <td><b><?php echo $totals['tickets']; ?> </b></td> <td><b><?php echo $totals['replies']; ?> </b></td> <?php if ($hesk_settings['time_worked']) { echo '<td><b>' . $totals['worked'] . '</b></td>'; } ?> </tr> </table> <p> </p> <?php }
define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; require_once HESK_PATH . 'inc/knowledgebase_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Is Knowledgebase enabled? */ if (!$hesk_settings['kb_enable']) { hesk_error($hesklang['kbdis']); } /* Can this user manage Knowledgebase or just view it? */ $can_man_kb = hesk_checkPermission('can_man_kb', 0); /* Any category ID set? */ $catid = intval(hesk_GET('category', 1)); $artid = intval(hesk_GET('article', 0)); if (isset($_GET['search'])) { $query = hesk_input(hesk_GET('search')); } else { $query = 0; } $hesk_settings['kb_link'] = $artid || $catid != 1 || $query ? '<a href="knowledgebase_private.php" class="smaller">' . $hesklang['gopr'] . '</a>' : ($can_man_kb ? $hesklang['gopr'] : ''); if ($hesk_settings['kb_search'] && $query) { hesk_kb_search($query); } elseif ($artid) { // Show drafts only to staff who can manage knowledgebase if ($can_man_kb) { $result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`\n\t\tFROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t1`\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`\n\t\tWHERE `t1`.`id` = '{$artid}'\n\t\t");
} /* Verify the new owner and permissions */ $res = hesk_dbQuery("SELECT `id`,`user`,`name`,`email`,`isadmin`,`categories`,`notify_assigned` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='{$owner}' LIMIT 1"); $row = hesk_dbFetchAssoc($res); /* Has new owner access to the category? */ if (!$row['isadmin']) { $row['categories'] = explode(',', $row['categories']); if (!in_array($ticket['category'], $row['categories'])) { hesk_error($hesklang['unoa']); } } /* Assigning to self? */ if ($can_assign_others || $owner == $_SESSION['id'] && $can_assign_self) { $revision = sprintf($hesklang['thist2'], hesk_date(), $row['name'] . ' (' . $row['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) { $_SERVER['PHP_SELF'] = 'admin_main.php'; } } else { hesk_error($hesklang['no_permission']); } $ticket['owner'] = $owner; /* --> Prepare message */ // 1. Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0);