*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', './');
define('HESK_NO_ROBOTS', 1);
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
hesk_load_database_functions();
hesk_session_start();
$hesk_error_buffer = array();
$do_remember = '';
$display = 'none';
/* Was this accessed by the form or link? */
$is_form = isset($_GET['f']) ? 1 : 0;
/* Get the tracking ID */
$trackingID = hesk_cleanID();
/* Email required to view ticket? */
$my_email = hesk_getCustomerEmail(1);
/* A message from ticket reminder? */
if (!empty($_GET['remind'])) {
$display = 'block';
print_form();
}
/* Any errors? Show the form */
if ($is_form) {
if (empty($trackingID)) {
$hesk_error_buffer[] = $hesklang['eytid'];
}
if ($hesk_settings['email_view_ticket'] && empty($my_email)) {
$hesk_error_buffer[] = $hesklang['enter_valid_email'];
}
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', './');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
hesk_load_database_functions();
hesk_session_start();
/* Get the tracking ID */
$trackingID = hesk_cleanID() or die("{$hesklang['int_error']}: {$hesklang['no_trackID']}");
/* Connect to database */
hesk_dbConnect();
// Perform additional checks for customers
if (empty($_SESSION['id'])) {
// Are we in maintenance mode?
hesk_check_maintenance();
// Verify email address match
hesk_verifyEmailMatch($trackingID);
}
/* Get ticket info */
$res = hesk_dbQuery("SELECT `t1`.* , `t2`.name AS `repliername`\n\t\t\t\t\tFROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id`\n\t\t\t\t\tWHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($res);
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
hesk_checkPermission('can_edit_tickets');
/* A security check */
hesk_token_check();
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
/* New archived status */
if (empty($_GET['locked'])) {
$status = 0;
$tmp = $hesklang['tunlock'];
$revision = sprintf($hesklang['thist6'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
} else {
$status = 1;
$tmp = $hesklang['tlock'];
$revision = sprintf($hesklang['thist5'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
}
/* Update database */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3',`locked`='{$status}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
/* Back to ticket page and show a success message */
hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
require HESK_PATH . 'inc/posting_functions.inc.php';
// We only allow POST requests to this file
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
header('Location: index.php');
exit;
}
// Check for POST requests larger than what the server can handle
if (empty($_POST) && !empty($_SERVER['CONTENT_LENGTH'])) {
hesk_error($hesklang['maxpost']);
}
session_start();
/* A security check */
# hesk_token_check('POST');
$hesk_error_buffer = array();
// Tracking ID
$trackingID = hesk_cleanID('orig_track') or die($hesklang['int_error'] . ': No orig_track');
// Email required to view ticket?
$my_email = hesk_getCustomerEmail();
// Get message
$message = hesk_input(hesk_POST('message'));
// If the message was entered, further parse it
if (strlen($message)) {
// Make links clickable
$message = hesk_makeURL($message);
// Turn newlines into <br />
$message = nl2br($message);
} else {
$hesk_error_buffer[] = $hesklang['enter_message'];
}
/* Attachments */
if ($hesk_settings['attachments']['use']) {
require HESK_PATH . 'inc/common.inc.php';
hesk_load_database_functions();
// Is rating enabled?
if (!$hesk_settings['rating']) {
die($hesklang['rdis']);
}
// Rating value
$rating = intval(hesk_GET('rating', 0));
// Rating can only be 1 or 5
if ($rating != 1 && $rating != 5) {
die($hesklang['attempt']);
}
// Reply ID
$reply_id = intval(hesk_GET('id', 0)) or die($hesklang['attempt']);
// Ticket tracking ID
$trackingID = hesk_cleanID() or die($hesklang['attempt']);
// Connect to database
hesk_dbConnect();
// Get reply info to verify tickets match
$result = hesk_dbQuery("SELECT `replyto`,`rating`,`staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='{$reply_id}' LIMIT 1");
$reply = hesk_dbFetchAssoc($result);
// Does the ticket ID match the one in the request?
$result = hesk_dbQuery("SELECT `trackid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='{$reply['replyto']}' LIMIT 1");
// -> Ticket found?
if (hesk_dbNumRows($result) != 1) {
die($hesklang['attempt']);
}
// -> Does the tracking ID match?
$ticket = hesk_dbFetchAssoc($result);
if ($ticket['trackid'] != $trackingID) {
die($hesklang['attempt']);
function import_article()
{
global $hesk_settings, $hesklang, $listBox;
$_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1);
$_SESSION['KB_CATEGORY'] = 1;
// Get ticket ID
$trackingID = hesk_cleanID();
if (empty($trackingID)) {
return false;
}
// Get ticket info
$res = hesk_dbQuery("SELECT `id`,`category`,`subject`,`message`,`owner` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
return false;
}
$ticket = hesk_dbFetchAssoc($res);
// Permission to view this ticket?
if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) {
return false;
}
if (!$ticket['owner'] && !hesk_checkPermission('can_view_unassigned', 0)) {
return false;
}
// Is this user allowed to view tickets inside this category?
if (!hesk_okCategory($ticket['category'], 0)) {
return false;
}
// Set article contents
if ($hesk_settings['kb_wysiwyg']) {
// With WYSIWYG editor
$_SESSION['new_article'] = array('html' => 1, 'subject' => $ticket['subject'], 'content' => hesk_htmlspecialchars($ticket['message']));
} else {
// Without WYSIWYG editor *
$_SESSION['new_article'] = array('html' => 0, 'subject' => $ticket['subject'], 'content' => hesk_msgToPlain($ticket['message']));
}
// Get messages from replies to the ticket
$res = hesk_dbQuery("SELECT `message` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` ASC");
while ($reply = hesk_dbFetchAssoc($res)) {
if ($hesk_settings['kb_wysiwyg']) {
$_SESSION['new_article']['content'] .= "<br /><br />" . hesk_htmlspecialchars($reply['message']);
} else {
$_SESSION['new_article']['content'] .= "\n\n" . hesk_msgToPlain($reply['message']);
}
}
hesk_process_messages($hesklang['import'], 'NOREDIRECT', 'NOTICE');
}
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
$can_del_notes = hesk_checkPermission('can_del_notes', 0);
$can_reply = hesk_checkPermission('can_reply_tickets', 0);
$can_delete = hesk_checkPermission('can_del_tickets', 0);
$can_edit = hesk_checkPermission('can_edit_tickets', 0);
$can_archive = hesk_checkPermission('can_add_archive', 0);
$can_assign_self = hesk_checkPermission('can_assign_self', 0);
$can_view_unassigned = hesk_checkPermission('can_view_unassigned', 0);
$can_change_cat = hesk_checkPermission('can_change_cat', 0);
$can_ban_emails = hesk_checkPermission('can_ban_emails', 0);
$can_unban_emails = hesk_checkPermission('can_unban_emails', 0);
$can_ban_ips = hesk_checkPermission('can_ban_ips', 0);
$can_unban_ips = hesk_checkPermission('can_unban_ips', 0);
// Get ticket ID
$trackingID = hesk_cleanID() or print_form();
$_SERVER['PHP_SELF'] = 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999);
/* We will need timer function */
define('TIMER', 1);
/* Get ticket info */
$res = hesk_dbQuery("SELECT `t1`.* , `t2`.name AS `repliername` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
/* Ticket found? */
if (hesk_dbNumRows($res) != 1) {
/* Ticket not found, perhaps it was merged with another ticket? */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `merged` LIKE '%#" . hesk_dbEscape($trackingID) . "#%' LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
/* OK, found in a merged ticket. Get info */
$ticket = hesk_dbFetchAssoc($res);
hesk_process_messages(sprintf($hesklang['tme'], $trackingID, $ticket['trackid']), 'NOREDIRECT', 'NOTICE');
$trackingID = $ticket['trackid'];
} else {
function unban_email()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Delete from bans
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1");
// Redirect either to banned emails or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
// Show success
hesk_process_messages($hesklang['email_unbanned'], $redirect_to, 'SUCCESS');
}