function mail_send()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check('POST');
$hesk_error_buffer = '';
/* Recipient */
$_SESSION['mail']['to'] = intval(hesk_POST('to'));
/* Valid recipient? */
if (empty($_SESSION['mail']['to'])) {
$hesk_error_buffer .= '<li>' . $hesklang['m_rec'] . '</li>';
} elseif ($_SESSION['mail']['to'] == $_SESSION['id']) {
$hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>';
} else {
$res = hesk_dbQuery("SELECT `name`,`email`,`notify_pm` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($_SESSION['mail']['to']) . "' LIMIT 1");
$num = hesk_dbNumRows($res);
if (!$num) {
$hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>';
} else {
$pm_recipient = hesk_dbFetchAssoc($res);
}
}
/* Subject */
$_SESSION['mail']['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer .= '<li>' . $hesklang['m_esu'] . '</li>';
/* Message */
$_SESSION['mail']['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_message'] . '</li>';
// Attach signature to the message?
if (!empty($_POST['signature'])) {
$_SESSION['mail']['message'] .= "\n\n" . addslashes($_SESSION['signature']) . "\n";
}
/* Any errors? */
if (strlen($hesk_error_buffer)) {
$_SESSION['hide']['list'] = 1;
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
} else {
$_SESSION['mail']['message'] = hesk_makeURL($_SESSION['mail']['message']);
$_SESSION['mail']['message'] = nl2br($_SESSION['mail']['message']);
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`from`,`to`,`subject`,`message`,`dt`,`read`) VALUES ('" . intval($_SESSION['id']) . "','" . intval($_SESSION['mail']['to']) . "','" . hesk_dbEscape($_SESSION['mail']['subject']) . "','" . hesk_dbEscape($_SESSION['mail']['message']) . "',NOW(),'0')");
/* Notify receiver via e-mail? */
if (isset($pm_recipient) && $pm_recipient['notify_pm']) {
$pm_id = hesk_dbInsertID();
$pm = array('name' => hesk_msgToPlain(addslashes($_SESSION['name']), 1, 1), 'subject' => hesk_msgToPlain($_SESSION['mail']['subject'], 1, 1), 'message' => hesk_msgToPlain($_SESSION['mail']['message'], 1, 1), 'id' => $pm_id);
/* Format email subject and message for recipient */
$subject = hesk_getEmailSubject('new_pm', $pm, 0);
$message = hesk_getEmailMessage('new_pm', $pm, 1, 0);
$htmlMessage = hesk_getHtmlMessage('new_pm', $pm, 1, 0);
$hasMessage = hesk_doesTemplateHaveTag('new_pm', '%%MESSAGE%%');
/* Send e-mail */
hesk_mail($pm_recipient['email'], $subject, $message, $htmlMessage, array(), array(), $hasMessage);
}
unset($_SESSION['mail']);
hesk_process_messages($hesklang['m_pms'], './mail.php', 'SUCCESS');
}
}
function hesk_notifyStaff($email_template, $sql_where, $is_ticket = 1)
{
global $hesk_settings, $hesklang, $ticket;
// Demo mode
if (defined('HESK_DEMO')) {
return true;
}
$admins = array();
$res = hesk_dbQuery("SELECT `email`,`language`,`isadmin`,`categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE {$sql_where} ORDER BY `language`");
while ($myuser = hesk_dbFetchAssoc($res)) {
/* Is this an administrator? */
if ($myuser['isadmin']) {
$admins[] = array('email' => $myuser['email'], 'language' => $myuser['language']);
continue;
}
/* Not admin, is he/she allowed this category? */
$myuser['categories'] = explode(',', $myuser['categories']);
if (in_array($ticket['category'], $myuser['categories'])) {
$admins[] = array('email' => $myuser['email'], 'language' => $myuser['language']);
continue;
}
}
if (count($admins) > 0) {
/* Make sure each user gets email in his/her preferred language */
$current_language = 'NONE';
$recipients = array();
$hasMessage = hesk_doesTemplateHaveTag($email_template, '%%MESSAGE%%');
/* Loop through staff */
foreach ($admins as $admin) {
/* If admin language is NULL force default HESK language */
if (!$admin['language'] || !isset($hesk_settings['languages'][$admin['language']])) {
$admin['language'] = HESK_DEFAULT_LANGUAGE;
}
/* Generate message or add email to the list of recepients */
if ($admin['language'] == $current_language) {
/* We already have the message, just add email to the recipients list */
$recipients[] = $admin['email'];
} else {
/* Send email messages in previous languages (if required) */
if ($current_language != 'NONE') {
/* Send e-mail to staff */
hesk_mail(implode(',', $recipients), $subject, $message, $htmlMessage, array(), array(), $hasMessage);
/* Reset list of email addresses */
$recipients = array();
}
/* Set new language */
hesk_setLanguage($admin['language']);
/* Format staff email subject and message for this language */
$subject = hesk_getEmailSubject($email_template, $ticket);
$message = hesk_getEmailMessage($email_template, $ticket, $is_ticket);
$htmlMessage = hesk_getHtmlMessage($email_template, $ticket, $is_ticket);
$hasMessage = hesk_doesTemplateHaveTag($email_template, '%%MESSAGE%%');
/* Add email to the recipients list */
$recipients[] = $admin['email'];
/* Remember the last processed language */
$current_language = $admin['language'];
}
}
/* Send email messages to the remaining staff */
hesk_mail(implode(',', $recipients), $subject, $message, $htmlMessage, array(), array(), $hasMessage);
/* Reset language to original one */
hesk_resetLanguage();
}
return true;
}
if (hesk_dbNumRows($users) > 0) {
// 1. Generate the array with ticket info that can be used in emails
$info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $_SESSION['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($msg), 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'attachments' => $myattachments, 'id' => $ticket['id']);
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
/* Get email functions */
require HESK_PATH . 'inc/email_functions.inc.php';
/* Format email subject and message for staff */
$subject = hesk_getEmailSubject('new_note', $ticket);
$message = hesk_getEmailMessage('new_note', $ticket, 1);
$htmlMessage = hesk_getHtmlMessage('new_note', $ticket, 1);
$hasMessage = hesk_doesTemplateHaveTag('new_note', '%%MESSAGE%%');
/* Send email to staff */
while ($user = hesk_dbFetchAssoc($users)) {
hesk_mail($user['email'], $subject, $message, $htmlMessage, array(), array(), $hasMessage);
}
}
}
header('Location: admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
exit;
}
/* Update time worked */
if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST')) {
$h = intval(hesk_POST('h'));
$m = intval(hesk_POST('m'));
$s = intval(hesk_POST('s'));
/* Get time worked in proper format */
