function do_login()
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = array();
$user = hesk_input(hesk_POST('user'));
if (empty($user)) {
$myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
$hesk_error_buffer['user'] = $myerror;
}
define('HESK_USER', $user);
$pass = hesk_input(hesk_POST('pass'));
if (empty($pass)) {
$hesk_error_buffer['pass'] = $hesklang['enter_pass'];
}
if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use']) {
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
if ($resp->is_valid) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} else {
$mysecnum = intval(hesk_POST('mysecnum', 0));
if (empty($mysecnum)) {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
} else {
require HESK_PATH . 'inc/secimg.inc.php';
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
/* Any missing fields? */
if (count($hesk_error_buffer) != 0) {
$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
print_login();
exit;
} elseif (isset($_SESSION['img_a_verified'])) {
unset($_SESSION['img_a_verified']);
}
/* User entered all required info, now lets limit brute force attempts */
hesk_limitBfAttempts();
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('user', 'pass');
hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
print_login();
exit;
}
$res = hesk_dbFetchAssoc($result);
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check password */
if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('pass');
hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
print_login();
exit;
}
$pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Remember username? */
if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
} elseif (hesk_POST('remember_user') == 'JUSTUSER') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', '');
} else {
// Expire cookie if set otherwise
setcookie('hesk_username', '');
setcookie('hesk_p', '');
}
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape(date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400)) . "'");
}
/* Redirect to the destination page */
if (hesk_isREQUEST('goto')) {
$url = hesk_REQUEST('goto');
$url = str_replace('&', '&', $url);
/* goto parameter can be set to the local domain only */
$myurl = parse_url($hesk_settings['hesk_url']);
$goto = parse_url($url);
if (isset($myurl['host']) && isset($goto['host'])) {
if (str_replace('www.', '', strtolower($myurl['host'])) != str_replace('www.', '', strtolower($goto['host']))) {
$url = 'admin_main.php';
}
}
header('Location: ' . $url);
} else {
header('Location: admin_main.php');
}
exit;
}
function hesk_iTestDatabaseConnection()
{
global $hesk_settings, $hesklang;
$db_success = 1;
$hesk_settings['db_host'] = hesk_input(hesk_POST('host'));
$hesk_settings['db_name'] = hesk_input(hesk_POST('name'));
$hesk_settings['db_user'] = hesk_input(hesk_POST('user'));
$hesk_settings['db_pass'] = hesk_input(hesk_POST('pass'));
// Allow & in password
$hesk_settings['db_pass'] = str_replace('&', '&', $hesk_settings['db_pass']);
// Use MySQLi extension to connect?
$use_mysqli = function_exists('mysqli_connect') ? true : false;
// Start output buffering
ob_start();
// Connect to database
if ($use_mysqli) {
// Do we need a special port? Check and connect to the database
if (strpos($hesk_settings['db_host'], ':')) {
list($hesk_settings['db_host'], $hesk_settings['db_port']) = explode(':', $hesk_settings['db_host']);
$hesk_db_link = mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name'], intval($hesk_settings['db_port'])) or $db_success = 0;
} else {
$hesk_db_link = mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name']) or $db_success = 0;
}
} else {
$hesk_db_link = mysql_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass']) or $db_success = 0;
// Select database works OK?
if ($db_success == 1 && !mysql_select_db($hesk_settings['db_name'], $hesk_db_link)) {
// No, try to create the database
if (function_exists('mysql_create_db') && mysql_create_db($hesk_settings['db_name'], $hesk_db_link)) {
if (mysql_select_db($hesk_settings['db_name'], $hesk_db_link)) {
$db_success = 1;
} else {
$db_success = 0;
}
} else {
$db_success = 0;
}
}
}
ob_end_clean();
// Any errors?
if (!$db_success) {
global $mysql_log;
$mysql_log = $use_mysqli ? mysqli_connect_error() : mysql_error();
hesk_iDatabase(1);
}
// Check MySQL version
define('MYSQL_VERSION', hesk_dbResult(hesk_dbQuery('SELECT VERSION() AS version')));
if (version_compare(MYSQL_VERSION, REQUIRE_MYSQL_VERSION, '<')) {
hesk_iDatabase(5);
}
return $hesk_db_link;
}
function hesk_printCustomerReplyForm($reopen = 0)
{
global $hesklang, $hesk_settings, $trackingID, $my_email;
// Already printed?
if (defined('REPLY_FORM')) {
return '';
}
?>
<br />
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornerstop"></td>
<td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
<td class="roundcornersleft"> </td>
<td>
<h3 style="text-align:center"><?php
echo $hesklang['add_reply'];
?>
</h3>
<form method="post" action="reply_ticket.php" enctype="multipart/form-data">
<p align="center"><?php
echo $hesklang['message'];
?>
: <span class="important">*</span><br />
<textarea name="message" rows="12" cols="60"><?php
if (isset($_SESSION['ticket_message'])) {
echo stripslashes(hesk_input($_SESSION['ticket_message']));
}
?>
</textarea></p>
<?php
/* attachments */
if ($hesk_settings['attachments']['use']) {
?>
<p align="center">
<?php
echo $hesklang['attachments'] . ' (<a href="file_limits.php" target="_blank" onclick="Javascript:hesk_window(\'file_limits.php\',250,500);return false;">' . $hesklang['ful'] . '</a>):<br />';
for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
echo '<input type="file" name="attachment[' . $i . ']" size="50" /><br />';
}
?>
</p>
<?php
}
?>
<p align="center">
<input type="hidden" name="token" value="<?php
hesk_token_echo();
?>
" />
<input type="hidden" name="orig_track" value="<?php
echo $trackingID;
?>
" />
<?php
if ($hesk_settings['email_view_ticket']) {
echo '<input type="hidden" name="e" value="' . $my_email . '" />';
}
if ($reopen) {
echo '<input type="hidden" name="reopen" value="1" />';
}
?>
<input type="submit" value="<?php
echo $hesklang['submit_reply'];
?>
" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /></p>
</form>
</td>
<td class="roundcornersright"> </td>
</tr>
<tr>
<td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornersbottom"></td>
<td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>
<?php
// Make sure the form is only printed once per page
define('REPLY_FORM', true);
}
function update_profile()
{
global $hesk_settings, $hesklang, $can_view_unassigned;
/* A security check */
hesk_token_check('POST');
$sql_pass = '';
$sql_username = '';
$hesk_error_buffer = '';
$_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
$_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
$_SESSION['new']['signature'] = hesk_input(hesk_POST('signature'));
/* Signature */
if (strlen($_SESSION['new']['signature']) > 255) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
/* Admins can change username */
if ($_SESSION['isadmin']) {
$_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
/* Check for duplicate usernames */
$result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 0) {
$hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
} else {
$sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'";
}
}
/* Change password? */
$newpass = hesk_input(hesk_POST('newpass'));
$passlen = strlen($newpass);
if ($passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2 = hesk_input(hesk_POST('newpass2'));
if ($newpass != $newpass2) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$v = hesk_Pass2Hash($newpass);
if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
define('WARN_PASSWORD', true);
}
$sql_pass = '******'' . $v . '\'';
}
}
}
/* After reply */
$_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply'));
if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) {
$_SESSION['new']['afterreply'] = 0;
}
/* Auto-start ticket timer */
$_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
/* Notifications */
$_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
/* Any errors? */
if (strlen($hesk_error_buffer)) {
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
} else {
/* Update database */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n\t `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\r\n\t `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\r\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\r\n {$sql_username}\r\n\t\t{$sql_pass} ,\r\n\t `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,\r\n `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,\r\n\t `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,\r\n `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,\r\n `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,\r\n `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,\r\n `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,\r\n `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',\r\n `notify_note`='" . intval($_SESSION['new']['notify_note']) . "'\r\n\t WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
/* Update session variables */
foreach ($_SESSION['new'] as $k => $v) {
$_SESSION[$k] = $v;
}
unset($_SESSION['new']);
hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS');
}
}
function hesk_testLanguage($return_options = 0)
{
global $hesk_settings, $hesklang;
/* Get a list of valid emails */
include_once HESK_PATH . 'inc/email_functions.inc.php';
$valid_emails = array_keys(hesk_validEmails());
$dir = HESK_PATH . 'language/';
$path = opendir($dir);
$text = '';
$html = '';
$text .= "/language\n";
/* Test all folders inside the language folder */
while (false !== ($subdir = readdir($path))) {
if ($subdir == "." || $subdir == "..") {
continue;
}
if (filetype($dir . $subdir) == 'dir') {
$add = 1;
$langu = $dir . $subdir . '/text.php';
$email = $dir . $subdir . '/emails';
/* Check the text.php */
$text .= " |-> /{$subdir}\n";
$text .= " |-> text.php: ";
if (file_exists($langu)) {
$tmp = file_get_contents($langu);
// Some servers add slashes to file_get_contents output
if (strpos($tmp, '[\\\'LANGUAGE\\\']') !== false) {
$tmp = stripslashes($tmp);
}
$err = '';
if (!preg_match('/\\$hesklang\\[\'LANGUAGE\'\\]\\=\'(.*)\'\\;/', $tmp, $l)) {
$err .= " |----> MISSING: \$hesklang['LANGUAGE']\n";
}
if (strpos($tmp, '$hesklang[\'ENCODING\']') === false) {
$err .= " |----> MISSING: \$hesklang['ENCODING']\n";
}
if (strpos($tmp, '$hesklang[\'_COLLATE\']') === false) {
$err .= " |----> MISSING: \$hesklang['_COLLATE']\n";
}
if (strpos($tmp, '$hesklang[\'EMAIL_HR\']') === false) {
$err .= " |----> MISSING: \$hesklang['EMAIL_HR']\n";
}
/* Check if language file is for current version */
if (strpos($tmp, '$hesklang[\'recaptcha_error\']') === false) {
$err .= " |----> WRONG VERSION (not " . $hesk_settings['hesk_version'] . ")\n";
}
if ($err) {
$text .= "ERROR\n" . $err;
$add = 0;
} else {
$l[1] = hesk_input($l[1]);
$l[1] = str_replace('|', ' ', $l[1]);
$text .= "OK ({$l['1']})\n";
}
} else {
$text .= "ERROR\n";
$text .= " |----> MISSING: text.php\n";
$add = 0;
}
/* Check emails folder */
$text .= " |-> /emails: ";
if (file_exists($email) && filetype($email) == 'dir') {
$err = '';
foreach ($valid_emails as $eml) {
if (!file_exists($email . '/' . $eml . '.txt')) {
$err .= " |----> MISSING: {$eml}.txt\n";
}
}
if ($err) {
$text .= "ERROR\n" . $err;
$add = 0;
} else {
$text .= "OK\n";
}
} else {
$text .= "ERROR\n";
$text .= " |----> MISSING: /emails folder\n";
$add = 0;
}
$text .= "\n";
/* Add an option for the <select> if needed */
if ($add) {
if ($l[1] == $hesk_settings['language']) {
$html .= '<option value="' . $subdir . '|' . $l[1] . '" selected="selected">' . $l[1] . '</option>';
} else {
$html .= '<option value="' . $subdir . '|' . $l[1] . '">' . $l[1] . '</option>';
}
}
}
}
closedir($path);
/* Output select options or the test log for debugging */
if ($return_options) {
return $html;
} else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML; 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title><?php
echo $hesklang['s_inl'];
?>
</title>
<meta http-equiv="Content-Type" content="text/html;charset=<?php
echo $hesklang['ENCODING'];
?>
" />
<style type="text/css">
body
{
margin:5px 5px;
padding:0;
background:#fff;
color: black;
font : 68.8%/1.5 Verdana, Geneva, Arial, Helvetica, sans-serif;
text-align:left;
}
p
{
color : black;
font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
font-size: 1.0em;
}
h3
{
color : #AF0000;
font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
font-weight: bold;
font-size: 1.0em;
text-align:center;
}
.title
{
color : black;
font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
font-weight: bold;
font-size: 1.0em;
}
.wrong {color : red;}
.correct {color : green;}
pre {font-size:1.2em;}
</style>
</head>
<body>
<h3><?php
echo $hesklang['s_inl'];
?>
</h3>
<p><i><?php
echo $hesklang['s_inle'];
?>
</i></p>
<pre><?php
echo $text;
?>
</pre>
<p> </p>
<p align="center"><a href="admin_settings.php?test_languages=1&<?php
echo rand(10000, 99999);
?>
"><?php
echo $hesklang['ta'];
?>
</a> | <a href="#" onclick="Javascript:window.close()"><?php
echo $hesklang['cwin'];
?>
</a></p>
<p> </p>
</body>
</html>
<?php
exit;
}
}
function rename_cat()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check('POST');
$_SERVER['PHP_SELF'] = 'manage_categories.php?catid=' . intval(hesk_POST('catid'));
$catid = hesk_isNumber(hesk_POST('catid'), $hesklang['choose_cat_ren'], $_SERVER['PHP_SELF']);
$_SESSION['selcat'] = $catid;
$_SESSION['selcat2'] = $catid;
$catname = hesk_input(hesk_POST('name'), $hesklang['cat_ren_name'], $_SERVER['PHP_SELF']);
$_SESSION['catname2'] = $catname;
$res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `name` LIKE '" . hesk_dbEscape(hesk_dbLike($catname)) . "' LIMIT 1");
if (hesk_dbNumRows($res) != 0) {
$old = hesk_dbFetchAssoc($res);
if ($old['id'] == $catid) {
hesk_process_messages($hesklang['noch'], $_SERVER['PHP_SELF'], 'NOTICE');
} else {
hesk_process_messages($hesklang['cndupl'], $_SERVER['PHP_SELF']);
}
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `name`='" . hesk_dbEscape($catname) . "' WHERE `id`='" . intval($catid) . "' LIMIT 1");
unset($_SESSION['selcat']);
unset($_SESSION['catname2']);
hesk_process_messages($hesklang['cat_renamed_to'] . ' <i>' . stripslashes($catname) . '</i>', $_SERVER['PHP_SELF'], 'SUCCESS');
}
}
$myerror .= '</ul>';
hesk_error($myerror);
}
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && isset($_POST[$k])) {
if (is_array($_POST[$k])) {
$tmpvar[$k] = '';
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';
}
$tmpvar[$k] = substr($tmpvar[$k], 0, -6);
} else {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k])));
}
} else {
$tmpvar[$k] = '';
}
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET\n\t\t`name`='" . hesk_dbEscape($tmpvar['name']) . "',\n\t\t`email`='" . hesk_dbEscape($tmpvar['email']) . "',\n\t\t`subject`='" . hesk_dbEscape($tmpvar['subject']) . "',\n\t\t`message`='" . hesk_dbEscape($tmpvar['message']) . "',\n\t\t`custom1`='" . hesk_dbEscape($tmpvar['custom1']) . "',\n\t\t`custom2`='" . hesk_dbEscape($tmpvar['custom2']) . "',\n\t\t`custom3`='" . hesk_dbEscape($tmpvar['custom3']) . "',\n\t\t`custom4`='" . hesk_dbEscape($tmpvar['custom4']) . "',\n\t\t`custom5`='" . hesk_dbEscape($tmpvar['custom5']) . "',\n\t\t`custom6`='" . hesk_dbEscape($tmpvar['custom6']) . "',\n\t\t`custom7`='" . hesk_dbEscape($tmpvar['custom7']) . "',\n\t\t`custom8`='" . hesk_dbEscape($tmpvar['custom8']) . "',\n\t\t`custom9`='" . hesk_dbEscape($tmpvar['custom9']) . "',\n\t\t`custom10`='" . hesk_dbEscape($tmpvar['custom10']) . "',\n\t\t`custom11`='" . hesk_dbEscape($tmpvar['custom11']) . "',\n\t\t`custom12`='" . hesk_dbEscape($tmpvar['custom12']) . "',\n\t\t`custom13`='" . hesk_dbEscape($tmpvar['custom13']) . "',\n\t\t`custom14`='" . hesk_dbEscape($tmpvar['custom14']) . "',\n\t\t`custom15`='" . hesk_dbEscape($tmpvar['custom15']) . "',\n\t\t`custom16`='" . hesk_dbEscape($tmpvar['custom16']) . "',\n\t\t`custom17`='" . hesk_dbEscape($tmpvar['custom17']) . "',\n\t\t`custom18`='" . hesk_dbEscape($tmpvar['custom18']) . "',\n\t\t`custom19`='" . hesk_dbEscape($tmpvar['custom19']) . "',\n\t\t`custom20`='" . hesk_dbEscape($tmpvar['custom20']) . "'\n\t\tWHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
}
unset($tmpvar);
hesk_cleanSessionVars('tmpvar');
hesk_process_messages($hesklang['edt2'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
$ticket['message'] = hesk_msgToPlain($ticket['message'], 0, 0);
/* Print header */
require_once HESK_PATH . 'inc/header.inc.php';
/* Print admin navigation */
?>
</a></b></p>
</td>
</tr>
<tr>
<td width="60"> </td>
<td> </td>
</tr>
<tr>
<td width="60"> </td>
<td><?php
echo $hesklang['passe'];
?>
:<br /><input type="text" name="email" size="35" value="<?php
if (isset($email)) {
echo stripslashes(hesk_input($email));
}
?>
" <?php
echo in_array('email', $_SESSION['a_iserror']) ? ' class="isError" ' : '';
?>
/></td>
</tr>
<?php
if ($hesk_settings['secimg_use']) {
?>
<tr>
<td width="60"> </td>
<td>
<hr />
<?php
*******************************************************************************/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {
die('Invalid attempt');
}
/* Acceptable $sort values and default asc(1)/desc(0) setting */
$sort_possible = array('trackid' => 1, 'lastchange' => 0, 'name' => 1, 'subject' => 1, 'status' => 1, 'lastreplier' => 1, 'priority' => 1, 'category' => 1, 'dt' => 0, 'id' => 1);
// These values should have collate appended in SQL
$sort_collation = array('name', 'subject');
// DATE
$sql .= " AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' ";
// Start the order by part of the SQL query
$sql .= " ORDER BY ";
/* Sort by which field? */
if (isset($_GET['sort']) && !is_array($_GET['sort']) && isset($sort_possible[$_GET['sort']])) {
$sort = hesk_input($_GET['sort']);
$sql .= ' `' . hesk_dbEscape($sort) . '` ';
// Need to set MySQL collation?
if (in_array($_GET['sort'], $sort_collation)) {
$sql .= " COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ";
}
} else {
/* Default sorting by ticket status */
$sql .= ' `id` ';
$sort = 'id';
}
/* Ascending or Descending? */
if (isset($_GET['asc']) && intval($_GET['asc']) == 0) {
$sql .= ' DESC ';
$asc = 0;
$asc_rev = 1;
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Set correct return URL */
if (isset($_SERVER['HTTP_REFERER'])) {
$url = hesk_input($_SERVER['HTTP_REFERER']);
$url = str_replace('&', '&', $url);
if ($tmp = strstr($url, 'show_tickets.php')) {
$referer = $tmp;
} elseif ($tmp = strstr($url, 'find_tickets.php')) {
$referer = $tmp;
} elseif ($tmp = strstr($url, 'admin_main.php')) {
$referer = $tmp;
} else {
$referer = 'admin_main.php';
}
} else {
$referer = 'admin_main.php';
}
/* Is this a delete ticket request from within a ticket ("delete" icon)? */
if (isset($_GET['delete_ticket'])) {
}
} else {
if ($v['req']) {
$hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name'];
}
$_POST[$k] = '';
}
$_SESSION["c_{$k}"] = hesk_POST_array($k);
} elseif ($v['req']) {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
if (!strlen($tmpvar[$k])) {
$hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name'];
}
$_SESSION["c_{$k}"] = hesk_POST($k);
} else {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
$_SESSION["c_{$k}"] = hesk_POST($k);
}
} else {
$tmpvar[$k] = '';
}
}
// Check bans
if (!isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
hesk_error($hesklang['baned_e']);
}
// Check maximum open tickets limit
$below_limit = true;
if ($hesk_settings['max_open'] && !isset($hesk_error_buffer['email'])) {
$res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN ('0', '1', '2', '4', '5') AND " . hesk_dbFormatEmail($tmpvar['email']));
$num = hesk_dbResult($res);
?>
<div class="notice">
<span style="font-size:12px;font-weight:bold"><?php
echo $hesklang['sc'];
?>
:</span><br /> <br />
<?php
if (!$num) {
echo '<i>' . $hesklang['nsfo'] . '</i>';
} else {
$max_score = 0;
while ($article = hesk_dbFetchAssoc($res)) {
if ($article['score'] > $max_score) {
$max_score = $article['score'];
}
if ($max_score && $article['score'] / $max_score < 0.25) {
break;
}
$txt = strip_tags($article['content']);
if (strlen($txt) > $hesk_settings['kb_substrart']) {
$txt = substr($txt, 0, $hesk_settings['kb_substrart']) . '...';
}
echo '
<a href="knowledgebase.php?article=' . $article['id'] . '&suggest=1" target="_blank">' . $article['subject'] . '</a>
<input type="hidden" name="suggested[]" value="' . $article['id'] . '|' . stripslashes(hesk_input($article['subject'])) . '">
<br />' . $txt . '<br /><br />';
}
}
?>
</div>
function new_article()
{
global $hesk_settings, $hesklang, $listBox;
global $hesk_error_buffer;
/* A security check */
# hesk_token_check('POST');
$_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1);
$hesk_error_buffer = array();
$catid = intval(hesk_POST('catid', 1));
$type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1);
$html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1);
$now = hesk_date();
// Prevent submitting duplicate articles by reloading manage_knowledgebase.php page
if (isset($_SESSION['article_submitted'])) {
header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid);
exit;
}
$_SESSION['KB_CATEGORY'] = $catid;
$subject = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['kb_e_subj'];
if ($html) {
if (empty($_POST['content'])) {
$hesk_error_buffer[] = $hesklang['kb_e_cont'];
}
$content = hesk_getHTML(hesk_POST('content'));
} else {
$content = hesk_input(hesk_POST('content')) or $hesk_error_buffer[] = $hesklang['kb_e_cont'];
$content = nl2br($content);
$content = hesk_makeURL($content);
}
$sticky = isset($_POST['sticky']) ? 1 : 0;
$keywords = hesk_input(hesk_POST('keywords'));
/* Article attachments */
define('KB', 1);
require_once HESK_PATH . 'inc/posting_functions.inc.php';
require_once HESK_PATH . 'inc/attachments.inc.php';
$attachments = array();
for ($i = 1; $i <= 3; $i++) {
$att = hesk_uploadFile($i);
if (!empty($att)) {
$attachments[$i] = $att;
}
}
$myattachments = '';
/* Any errors? */
if (count($hesk_error_buffer)) {
// Remove any successfully uploaded attachments
if ($hesk_settings['attachments']['use']) {
hesk_removeAttachments($attachments);
}
$_SESSION['new_article'] = array('type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input(hesk_POST('content')), 'keywords' => $keywords, 'sticky' => $sticky);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'manage_knowledgebase.php');
}
$revision = sprintf($hesklang['revision1'], $now, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
/* Add to database */
if (!empty($attachments)) {
foreach ($attachments as $myatt) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
$myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
}
}
/* Get the latest reply_order */
$res = hesk_dbQuery("SELECT `art_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1");
$row = hesk_dbFetchRow($res);
$my_order = $row[0] + 10;
/* Insert article into database */
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES (\n '" . intval($catid) . "',\n NOW(),\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($subject) . "',\n '" . hesk_dbEscape($content) . "',\n '" . hesk_dbEscape($keywords) . "',\n '" . intval($type) . "',\n '" . intval($html) . "',\n '" . intval($sticky) . "',\n '" . intval($my_order) . "',\n '" . hesk_dbEscape($revision) . "',\n '" . hesk_dbEscape($myattachments) . "'\n )");
$_SESSION['artord'] = hesk_dbInsertID();
// Update category article count
if ($type == 0) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=`articles`+1 WHERE `id`='" . intval($catid) . "'");
} else {
if ($type == 1) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='" . intval($catid) . "'");
} else {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='" . intval($catid) . "'");
}
}
unset($_SESSION['hide']);
$_SESSION['article_submitted'] = 1;
hesk_process_messages($hesklang['your_kb_added'], 'NOREDIRECT', 'SUCCESS');
$_GET['catid'] = $catid;
manage_category();
}
function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php')
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = '';
$myuser['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_real_name'] . '</li>';
$myuser['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '<li>' . $hesklang['enter_valid_email'] . '</li>';
$myuser['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
$myuser['isadmin'] = empty($_POST['isadmin']) ? 0 : 1;
$myuser['signature'] = hesk_input(hesk_POST('signature'));
$myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
/* If it's not admin at least one category and fature is required */
$myuser['categories'] = array();
$myuser['features'] = array();
if ($myuser['isadmin'] == 0) {
if (empty($_POST['categories']) || !is_array($_POST['categories'])) {
$hesk_error_buffer .= '<li>' . $hesklang['asign_one_cat'] . '</li>';
} else {
foreach ($_POST['categories'] as $tmp) {
if (is_array($tmp)) {
continue;
}
if ($tmp = intval($tmp)) {
$myuser['categories'][] = $tmp;
}
}
}
if (empty($_POST['features']) || !is_array($_POST['features'])) {
$hesk_error_buffer .= '<li>' . $hesklang['asign_one_feat'] . '</li>';
} else {
foreach ($_POST['features'] as $tmp) {
if (in_array($tmp, $hesk_settings['features'])) {
$myuser['features'][] = $tmp;
}
}
}
}
if (strlen($myuser['signature']) > 255) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
/* Password */
$myuser['cleanpass'] = '';
$newpass = hesk_input(hesk_POST('newpass'));
$passlen = strlen($newpass);
if ($pass_required || $passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2 = hesk_input(hesk_POST('newpass2'));
if ($newpass != $newpass2) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$myuser['pass'] = hesk_Pass2Hash($newpass);
$myuser['cleanpass'] = $newpass;
}
}
}
/* Save entered info in session so we don't loose it in case of errors */
$_SESSION['userdata'] = $myuser;
/* Any errors */
if (strlen($hesk_error_buffer)) {
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, $redirect_to);
}
return $myuser;
}
// Get note info
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}");
if (hesk_dbNumRows($result) != 1) {
hesk_error($hesklang['no_note']);
}
$note = hesk_dbFetchAssoc($result);
// Make sure the note matches the ticket and the user has permission to edit it
if ($note['ticket'] != $ticket['id'] || !hesk_checkPermission('can_del_notes', 0) && $note['who'] != $_SESSION['id']) {
hesk_error($hesklang['perm_deny']);
}
// Save changes?
if (isset($_POST['save'])) {
// A security check
hesk_token_check('POST');
// Get message
$tmpvar['message'] = nl2br(hesk_makeURL(hesk_input(hesk_POST('message'))));
// If we have message or attachments do the update
if (strlen($tmpvar['message']) || strlen($note['attachments'])) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`={$noteID}");
hesk_process_messages($hesklang['ednote2'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
} else {
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}");
header('Location: admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
exit;
}
}
$note['message'] = hesk_msgToPlain($note['message'], 0, 0);
/* Print header */
require_once HESK_PATH . 'inc/header.inc.php';
/* Print admin navigation */
require_once HESK_PATH . 'inc/show_admin_nav.inc.php';
function mail_send()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check('POST');
$hesk_error_buffer = '';
/* Recipient */
$_SESSION['mail']['to'] = intval(hesk_POST('to'));
/* Valid recipient? */
if (empty($_SESSION['mail']['to'])) {
$hesk_error_buffer .= '<li>' . $hesklang['m_rec'] . '</li>';
} elseif ($_SESSION['mail']['to'] == $_SESSION['id']) {
$hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>';
} else {
$res = hesk_dbQuery("SELECT `name`,`email`,`notify_pm` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($_SESSION['mail']['to']) . "' LIMIT 1");
$num = hesk_dbNumRows($res);
if (!$num) {
$hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>';
} else {
$pm_recipient = hesk_dbFetchAssoc($res);
}
}
/* Subject */
$_SESSION['mail']['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer .= '<li>' . $hesklang['m_esu'] . '</li>';
/* Message */
$_SESSION['mail']['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_message'] . '</li>';
/* Any errors? */
if (strlen($hesk_error_buffer)) {
$_SESSION['hide']['list'] = 1;
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
} else {
$_SESSION['mail']['message'] = hesk_makeURL($_SESSION['mail']['message']);
$_SESSION['mail']['message'] = nl2br($_SESSION['mail']['message']);
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`from`,`to`,`subject`,`message`,`dt`,`read`) VALUES ('" . intval($_SESSION['id']) . "','" . intval($_SESSION['mail']['to']) . "','" . hesk_dbEscape($_SESSION['mail']['subject']) . "','" . hesk_dbEscape($_SESSION['mail']['message']) . "',NOW(),'0')");
/* Notify receiver via e-mail? */
if (isset($pm_recipient) && $pm_recipient['notify_pm']) {
$pm_id = hesk_dbInsertID();
$pm = array('name' => hesk_msgToPlain(addslashes($_SESSION['name']), 1, 1), 'subject' => hesk_msgToPlain($_SESSION['mail']['subject'], 1, 1), 'message' => hesk_msgToPlain($_SESSION['mail']['message'], 1, 1), 'id' => $pm_id);
/* Format email subject and message for recipient */
$subject = hesk_getEmailSubject('new_pm', $pm, 0);
$message = hesk_getEmailMessage('new_pm', $pm, 1, 0);
/* Send e-mail */
hesk_mail($pm_recipient['email'], $subject, $message);
}
unset($_SESSION['mail']);
hesk_process_messages($hesklang['m_pms'], './mail.php', 'SUCCESS');
}
}
$sql .= " `category`='{$category}' ";
} else {
$sql .= hesk_myCategories();
}
// Show only tagged tickets?
if (!empty($_GET['archive'])) {
$archive[2] = 1;
$sql .= " AND `archive`='1' ";
}
// Ticket owner preferences
$fid = 2;
require HESK_PATH . 'inc/assignment_search.inc.php';
$hesk_error_buffer = '';
$no_query = 0;
// Search query
$q = stripslashes(hesk_input(hesk_GET('q', '')));
// No query entered?
if (!strlen($q)) {
$hesk_error_buffer .= $hesklang['fsq'];
$no_query = 1;
}
// What field are we searching in
$what = hesk_GET('what', '') or $hesk_error_buffer .= '<br />' . $hesklang['wsel'];
// Sequential ID supported?
if ($what == 'seqid' && !$hesk_settings['sequential']) {
$what = 'trackid';
}
// Setup SQL based on searching preferences
if (!$no_query) {
$sql .= " AND ";
switch ($what) {
if ($print_table == 0) {
echo '<table border="0" width="100%">';
$print_table = 1;
}
# $v['req'] = $v['req'] ? '<font class="important">*</font>' : '';
# Staff doesn't need to fill in required custom fields
$v['req'] = '';
if ($v['type'] == 'checkbox') {
$k_value = array();
if (isset($_SESSION["as_{$k}"]) && is_array($_SESSION["as_{$k}"])) {
foreach ($_SESSION["as_{$k}"] as $myCB) {
$k_value[] = stripslashes(hesk_input($myCB));
}
}
} elseif (isset($_SESSION["as_{$k}"])) {
$k_value = stripslashes(hesk_input($_SESSION["as_{$k}"]));
} else {
$k_value = '';
}
switch ($v['type']) {
/* Radio box */
case 'radio':
echo '
<tr>
<td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td>
<td width="80%">';
$options = explode('#HESK#', $v['value']);
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
foreach ($options as $option) {
if (strlen($k_value) == 0 || $k_value == $option) {
$k_value = $option;
function new_saved()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check('POST');
$hesk_error_buffer = '';
$savename = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_title'] . '</li>';
$msg = hesk_input(hesk_POST('msg')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_msg'] . '</li>';
// Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
$msg = preg_replace('/\\R/u', "\r\n", $msg);
$_SESSION['canned']['what'] = 'NEW';
$_SESSION['canned']['name'] = $savename;
$_SESSION['canned']['msg'] = $msg;
/* Any errors? */
if (strlen($hesk_error_buffer)) {
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'manage_ticket_templates.php');
}
/* Get the latest tpl_order */
$result = hesk_dbQuery('SELECT `tpl_order` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'ticket_templates` ORDER BY `tpl_order` DESC LIMIT 1');
$row = hesk_dbFetchRow($result);
$my_order = $row[0] + 10;
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` (`title`,`message`,`tpl_order`) VALUES ('" . hesk_dbEscape($savename) . "','" . hesk_dbEscape($msg) . "','" . intval($my_order) . "')");
unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['name']);
unset($_SESSION['canned']['msg']);
hesk_process_messages($hesklang['ticket_tpl_saved'], 'manage_ticket_templates.php', 'SUCCESS');
}
function do_login()
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = array();
$user = hesk_input(hesk_POST('user'));
if (empty($user)) {
$myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
$hesk_error_buffer['user'] = $myerror;
}
define('HESK_USER', $user);
$pass = hesk_input(hesk_POST('pass'));
if (empty($pass)) {
$hesk_error_buffer['pass'] = $hesklang['enter_pass'];
}
if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use'] == 1) {
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
if ($resp->is_valid) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} elseif ($hesk_settings['recaptcha_use'] == 2) {
require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php';
$resp = null;
$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
// Was there a reCAPTCHA response?
if (isset($_POST["g-recaptcha-response"])) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
}
if ($resp != null && $resp->success) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} else {
$mysecnum = intval(hesk_POST('mysecnum', 0));
if (empty($mysecnum)) {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
} else {
require HESK_PATH . 'inc/secimg.inc.php';
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
/* Any missing fields? */
if (count($hesk_error_buffer) != 0) {
$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
print_login();
exit;
} elseif (isset($_SESSION['img_a_verified'])) {
unset($_SESSION['img_a_verified']);
}
/* User entered all required info, now lets limit brute force attempts */
hesk_limitBfAttempts();
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('user', 'pass');
hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
print_login();
exit;
}
$res = hesk_dbFetchAssoc($result);
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check password */
if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('pass');
hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
print_login();
exit;
}
$pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
// We don't need the password hash anymore
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Make sure our user is active */
if (!$_SESSION['active']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('active');
hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT');
print_login();
exit;
}
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Remember username? */
if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
} elseif (hesk_POST('remember_user') == 'JUSTUSER') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', '');
} else {
// Expire cookie if set otherwise
setcookie('hesk_username', '');
setcookie('hesk_p', '');
}
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
$dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
$closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
$closedStatus = hesk_dbFetchAssoc($closedStatusRs);
// Are we allowed to close tickets in this status?
if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') {
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get list of tickets
$result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
if (hesk_dbNumRows($result) > 0) {
global $ticket;
// Load required functions?
if (!function_exists('hesk_notifyCustomer')) {
require HESK_PATH . 'inc/email_functions.inc.php';
}
while ($ticket = hesk_dbFetchAssoc($result)) {
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
$ticket = hesk_ticketToPlain($ticket, 1, 0);
hesk_notifyCustomer('ticket_closed');
}
}
}
// Update ticket statuses and history in database if we're allowed to do so
$defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1');
$defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs);
hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
}
}
/* Redirect to the destination page */
header('Location: ' . hesk_verifyGoto());
exit;
}
function print_add_ticket()
{
global $hesk_settings, $hesklang;
// Auto-focus first empty or error field
define('AUTOFOCUS', true);
// Pre-populate fields
// Customer name
if (isset($_REQUEST['name'])) {
$_SESSION['c_name'] = $_REQUEST['name'];
}
// Customer email address
if (isset($_REQUEST['email'])) {
$_SESSION['c_email'] = $_REQUEST['email'];
$_SESSION['c_email2'] = $_REQUEST['email'];
}
// Category ID
if (isset($_REQUEST['catid'])) {
$_SESSION['c_category'] = intval($_REQUEST['catid']);
}
if (isset($_REQUEST['category'])) {
$_SESSION['c_category'] = intval($_REQUEST['category']);
}
// Priority
if (isset($_REQUEST['priority'])) {
$_SESSION['c_priority'] = intval($_REQUEST['priority']);
}
// Subject
if (isset($_REQUEST['subject'])) {
$_SESSION['c_subject'] = $_REQUEST['subject'];
}
// Message
if (isset($_REQUEST['message'])) {
$_SESSION['c_message'] = $_REQUEST['message'];
}
// Custom fields
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && isset($_REQUEST[$k])) {
$_SESSION['c_' . $k] = $_REQUEST[$k];
}
}
// Varibles for coloring the fields in case of errors
if (!isset($_SESSION['iserror'])) {
$_SESSION['iserror'] = array();
}
if (!isset($_SESSION['isnotice'])) {
$_SESSION['isnotice'] = array();
}
if (!isset($_SESSION['c_category']) && !$hesk_settings['select_cat']) {
$_SESSION['c_category'] = 0;
}
hesk_cleanSessionVars('already_submitted');
// Tell header to load reCaptcha API if needed
if ($hesk_settings['recaptcha_use'] == 2) {
define('RECAPTCHA', 1);
}
// Print header
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['submit_ticket'];
require_once HESK_PATH . 'inc/header.inc.php';
//box hijau
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="3"><img src="img/headerleftsm.jpg" width="3" height="25" alt="" /></td>
<td class="headersm"><?php
hesk_showTopBar($hesklang['submit_ticket']);
?>
</td>
<td width="3"><img src="img/headerrightsm.jpg" width="3" height="25" alt="" /></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><span class="smaller"><a href="<?php
echo $hesk_settings['site_url'];
?>
" class="smaller"><?php
echo $hesk_settings['site_title'];
?>
</a> >
<a href="<?php
echo $hesk_settings['hesk_url'];
?>
" class="smaller"><?php
echo $hesk_settings['hesk_title'];
?>
</a>
> <?php
echo $hesklang['submit_ticket'];
?>
</span></td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<?php
// This will handle error, success and notice messages
hesk_handle_messages();
//table ni yang box untuk form
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornerstop"></td>
<td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
<td class="roundcornersleft"> </td>
<td>
<!-- START FORM -->
<p style="text-align:center"><?php
echo $hesklang['use_form_below'];
?>
<font class="important"> *</font></p>
<form method="post" action="submit_ticket.php?submit=1" name="form1" enctype="multipart/form-data">
<!-- Contact info -->
<table border="0" width="100%">
<tr>
<td style="text-align:right" width="150"><?php
echo $hesklang['name'];
?>
: <font class="important">*</font></td>
<td width="80%"><input type="text" name="name" size="40" maxlength="30" value="<?php
if (isset($_SESSION['c_name'])) {
echo stripslashes(hesk_input($_SESSION['c_name']));
}
?>
" <?php
if (in_array('name', $_SESSION['iserror'])) {
echo ' class="isError" ';
}
?>
/></td>
</tr>
<tr>
<td style="text-align:right" width="150"><?php
echo $hesklang['email'];
?>
: <font class="important">*</font></td>
<td width="80%"><input type="text" name="email" size="40" maxlength="1000" value="<?php
if (isset($_SESSION['c_email'])) {
echo stripslashes(hesk_input($_SESSION['c_email']));
}
?>
" <?php
if (in_array('email', $_SESSION['iserror'])) {
echo ' class="isError" ';
} elseif (in_array('email', $_SESSION['isnotice'])) {
echo ' class="isNotice" ';
}
?>
<?php
if ($hesk_settings['detect_typos']) {
echo ' onblur="Javascript:hesk_suggestEmail(0)"';
}
?>
/></td>
</tr>
<?php
if ($hesk_settings['confirm_email']) {
?>
<tr>
<td style="text-align:right" width="150"><?php
echo $hesklang['confemail'];
?>
: <font class="important">*</font></td>
<td width="80%"><input type="text" name="email2" size="40" maxlength="1000" value="<?php
if (isset($_SESSION['c_email2'])) {
echo stripslashes(hesk_input($_SESSION['c_email2']));
}
?>
" <?php
if (in_array('email2', $_SESSION['iserror'])) {
echo ' class="isError" ';
}
?>
/></td>
</tr>
<?php
}
// End if $hesk_settings['confirm_email']
?>
</table>
<div id="email_suggestions"></div>
<hr />
<!-- Department and priority -->
<?php
$is_table = 0;
hesk_load_database_functions();
// Get categories
hesk_dbConnect();
$res = hesk_dbQuery("SELECT `id`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `type`='0' ORDER BY `cat_order` ASC");
if (hesk_dbNumRows($res) == 1) {
// Only 1 public category, no need for a select box
$row = hesk_dbFetchAssoc($res);
echo '<input type="hidden" name="category" value="' . $row['id'] . '" />';
} elseif (hesk_dbNumRows($res) < 1) {
// No public categories, set it to default one
echo '<input type="hidden" name="category" value="1" />';
} else {
// List available categories
$is_table = 1;
?>
<table border="0" width="100%">
<tr>
<td style="text-align:right" width="150"><?php
echo $hesklang['category'];
?>
: <font class="important">*</font></td>
<td width="80%"><select name="category" <?php
if (in_array('category', $_SESSION['iserror'])) {
echo ' class="isError" ';
}
?>
>
<?php
// Show the "Click to select"?
if ($hesk_settings['select_cat']) {
echo '<option value="">' . $hesklang['select'] . '</option>';
}
// List categories
while ($row = hesk_dbFetchAssoc($res)) {
echo '<option value="' . $row['id'] . '"' . ($_SESSION['c_category'] == $row['id'] ? ' selected="selected"' : '') . '>' . $row['name'] . '</option>';
}
?>
</select></td>
</tr>
<?php
}
/* Can customer assign urgency? */
if ($hesk_settings['cust_urgency']) {
if (!$is_table) {
echo '<table border="0" width="100%">';
$is_table = 1;
}
?>
<tr>
<td style="text-align:right" width="150"><?php
echo $hesklang['priority'];
?>
: <font class="important">*</font></td>
<td width="80%"><select name="priority" <?php
if (in_array('priority', $_SESSION['iserror'])) {
echo ' class="isError" ';
}
?>
>
<?php
// Show the "Click to select"?
if ($hesk_settings['select_pri']) {
echo '<option value="">' . $hesklang['select'] . '</option>';
}
?>
<option value="3" <?php
if (isset($_SESSION['c_priority']) && $_SESSION['c_priority'] == 3) {
echo 'selected="selected"';
}
?>
><?php
echo $hesklang['low'];
?>
</option>
<option value="2" <?php
if (isset($_SESSION['c_priority']) && $_SESSION['c_priority'] == 2) {
echo 'selected="selected"';
}
?>
><?php
echo $hesklang['medium'];
?>
</option>
<option value="1" <?php
if (isset($_SESSION['c_priority']) && $_SESSION['c_priority'] == 1) {
echo 'selected="selected"';
}
?>
><?php
echo $hesklang['high'];
?>
</option>
</select></td>
</tr>
<?php
}
/* Need to close the table? */
if ($is_table) {
echo '</table> <hr />';
}
?>
<!-- START CUSTOM BEFORE -->
<?php
/* custom fields BEFORE comments */
$print_table = 0;
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && $v['place'] == 0) {
if ($print_table == 0) {
echo '<table border="0" width="100%">';
$print_table = 1;
}
$v['req'] = $v['req'] ? '<font class="important">*</font>' : '';
if ($v['type'] == 'checkbox') {
$k_value = array();
if (isset($_SESSION["c_{$k}"]) && is_array($_SESSION["c_{$k}"])) {
foreach ($_SESSION["c_{$k}"] as $myCB) {
$k_value[] = stripslashes(hesk_input($myCB));
}
}
} elseif (isset($_SESSION["c_{$k}"])) {
$k_value = stripslashes(hesk_input($_SESSION["c_{$k}"]));
} else {
$k_value = '';
}
switch ($v['type']) {
/* Radio box */
case 'radio':
echo '
<tr>
<td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td>
<td width="80%">';
$options = explode('#HESK#', $v['value']);
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
foreach ($options as $option) {
if (strlen($k_value) == 0 || $k_value == $option) {
$k_value = $option;
$checked = 'checked="checked"';
} else {
$checked = '';
}
echo '<label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br />';
}
echo '</td>
</tr>
';
break;
/* Select drop-down box */
/* Select drop-down box */
case 'select':
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
echo '
<tr>
<td style="text-align:right" width="150">' . $v['name'] . ': ' . $v['req'] . '</td>
<td width="80%"><select name="' . $k . '" ' . $cls . '>';
// Show "Click to select"?
$v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
if ($num) {
echo '<option value="">' . $hesklang['select'] . '</option>';
}
$options = explode('#HESK#', $v['value']);
foreach ($options as $option) {
if ($k_value == $option) {
$k_value = $option;
$selected = 'selected="selected"';
} else {
$selected = '';
}
echo '<option ' . $selected . '>' . $option . '</option>';
}
echo '</select></td>
</tr>
';
break;
/* Checkbox */
/* Checkbox */
case 'checkbox':
echo '
<tr>
<td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td>
<td width="80%">';
$options = explode('#HESK#', $v['value']);
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
foreach ($options as $option) {
if (in_array($option, $k_value)) {
$checked = 'checked="checked"';
} else {
$checked = '';
}
echo '<label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br />';
}
echo '</td>
</tr>
';
break;
/* Large text box */
/* Large text box */
case 'textarea':
$size = explode('#', $v['value']);
$size[0] = empty($size[0]) ? 5 : intval($size[0]);
$size[1] = empty($size[1]) ? 30 : intval($size[1]);
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
echo '
<tr>
<td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td>
<td width="80%"><textarea name="' . $k . '" rows="' . $size[0] . '" cols="' . $size[1] . '" ' . $cls . '>' . $k_value . '</textarea></td>
</tr>
';
break;
/* Default text input */
/* Default text input */
default:
if (strlen($k_value) != 0) {
$v['value'] = $k_value;
}
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
echo '
<tr>
<td style="text-align:right" width="150">' . $v['name'] . ': ' . $v['req'] . '</td>
<td width="80%"><input type="text" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' /></td>
</tr>
';
}
}
}
/* If table was started we need to close it */
if ($print_table) {
echo '</table> <hr />';
$print_table = 0;
}
?>
<!-- END CUSTOM BEFORE -->
<!-- ticket info -->
<table border="0" width="100%">
<tr>
<td style="text-align:right" width="150"><?php
echo $hesklang['subject'];
?>
: <font class="important">*</font></td>
<td width="80%"><input type="text" name="subject" size="40" maxlength="40" value="<?php
if (isset($_SESSION['c_subject'])) {
echo stripslashes(hesk_input($_SESSION['c_subject']));
}
?>
" <?php
if (in_array('subject', $_SESSION['iserror'])) {
echo ' class="isError" ';
}
?>
/></td>
</tr>
<tr>
<td style="text-align:right" width="150" valign="top"><?php
echo $hesklang['message'];
?>
: <font class="important">*</font></td>
<td width="80%"><textarea name="message" rows="12" cols="60" <?php
if (in_array('message', $_SESSION['iserror'])) {
echo ' class="isError" ';
}
?>
><?php
if (isset($_SESSION['c_message'])) {
echo stripslashes(hesk_input($_SESSION['c_message']));
}
?>
</textarea>
<!-- START KNOWLEDGEBASE SUGGEST -->
<?php
if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers']) {
?>
<div id="kb_suggestions" style="display:none">
<br /> <br />
<img src="img/loading.gif" width="24" height="24" alt="" border="0" style="vertical-align:text-bottom" /> <i><?php
echo $hesklang['lkbs'];
?>
</i>
</div>
<script language="Javascript" type="text/javascript"><!--
hesk_suggestKB();
//-->
</script>
<?php
}
?>
<!-- END KNOWLEDGEBASE SUGGEST -->
</td>
</tr>
</table>
<!-- START CUSTOM AFTER -->
<?php
/* custom fields AFTER comments */
$print_table = 0;
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && $v['place']) {
if ($print_table == 0) {
echo '
<hr />
<table border="0" width="100%">
';
$print_table = 1;
}
$v['req'] = $v['req'] ? '<font class="important">*</font>' : '';
if ($v['type'] == 'checkbox') {
$k_value = array();
if (isset($_SESSION["c_{$k}"]) && is_array($_SESSION["c_{$k}"])) {
foreach ($_SESSION["c_{$k}"] as $myCB) {
$k_value[] = stripslashes(hesk_input($myCB));
}
}
} elseif (isset($_SESSION["c_{$k}"])) {
$k_value = stripslashes(hesk_input($_SESSION["c_{$k}"]));
} else {
$k_value = '';
}
switch ($v['type']) {
/* Radio box */
case 'radio':
echo '
<tr>
<td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td>
<td width="80%">';
$options = explode('#HESK#', $v['value']);
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
foreach ($options as $option) {
if (strlen($k_value) == 0 || $k_value == $option) {
$k_value = $option;
$checked = 'checked="checked"';
} else {
$checked = '';
}
echo '<label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br />';
}
echo '</td>
</tr>
';
break;
/* Select drop-down box */
/* Select drop-down box */
case 'select':
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
echo '
<tr>
<td style="text-align:right" width="150">' . $v['name'] . ': ' . $v['req'] . '</td>
<td width="80%"><select name="' . $k . '" ' . $cls . '>';
// Show "Click to select"?
$v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
if ($num) {
echo '<option value="">' . $hesklang['select'] . '</option>';
}
$options = explode('#HESK#', $v['value']);
foreach ($options as $option) {
if ($k_value == $option) {
$k_value = $option;
$selected = 'selected="selected"';
} else {
$selected = '';
}
echo '<option ' . $selected . '>' . $option . '</option>';
}
echo '</select></td>
</tr>
';
break;
/* Checkbox */
/* Checkbox */
case 'checkbox':
echo '
<tr>
<td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td>
<td width="80%">';
$options = explode('#HESK#', $v['value']);
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
foreach ($options as $option) {
if (in_array($option, $k_value)) {
$checked = 'checked="checked"';
} else {
$checked = '';
}
echo '<label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br />';
}
echo '</td>
</tr>
';
break;
/* Large text box */
/* Large text box */
case 'textarea':
$size = explode('#', $v['value']);
$size[0] = empty($size[0]) ? 5 : intval($size[0]);
$size[1] = empty($size[1]) ? 30 : intval($size[1]);
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
echo '
<tr>
<td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td>
<td width="80%"><textarea name="' . $k . '" rows="' . $size[0] . '" cols="' . $size[1] . '" ' . $cls . '>' . $k_value . '</textarea></td>
</tr>
';
break;
/* Default text input */
/* Default text input */
default:
if (strlen($k_value) != 0) {
$v['value'] = $k_value;
}
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
echo '
<tr>
<td style="text-align:right" width="150">' . $v['name'] . ': ' . $v['req'] . '</td>
<td width="80%"><input type="text" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' /></td>
</tr>
';
}
}
}
/* If table was started we need to close it */
if ($print_table) {
echo '</table>';
$print_table = 0;
}
?>
<!-- END CUSTOM AFTER -->
<?php
/* attachments */
if ($hesk_settings['attachments']['use']) {
?>
<hr />
<table border="0" width="100%">
<tr>
<td style="text-align:right" width="150" valign="top"><?php
echo $hesklang['attachments'];
?>
:</td>
<td width="80%" valign="top">
<?php
for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
$cls = $i == 1 && in_array('attachments', $_SESSION['iserror']) ? ' class="isError" ' : '';
echo '<input type="file" name="attachment[' . $i . ']" size="50" ' . $cls . ' /><br />';
}
?>
<a href="file_limits.php" target="_blank" onclick="Javascript:hesk_window('file_limits.php',250,500);return false;"><?php
echo $hesklang['ful'];
?>
</a>
</td>
</tr>
</table>
<?php
}
if ($hesk_settings['question_use'] || $hesk_settings['secimg_use']) {
?>
<hr />
<!-- Security checks -->
<table border="0" width="100%">
<?php
if ($hesk_settings['question_use']) {
?>
<tr>
<td style="text-align:right;vertical-align:top" width="150"><?php
echo $hesklang['verify_q'];
?>
<font class="important">*</font></td>
<td width="80%">
<?php
$value = '';
if (isset($_SESSION['c_question'])) {
$value = stripslashes(hesk_input($_SESSION['c_question']));
}
$cls = in_array('question', $_SESSION['iserror']) ? ' class="isError" ' : '';
echo $hesk_settings['question_ask'] . '<br /><input type="text" name="question" size="20" value="' . $value . '" ' . $cls . ' />';
?>
<br />
</td>
</tr>
<?php
}
if ($hesk_settings['secimg_use']) {
?>
<tr>
<td style="text-align:right;vertical-align:top" width="150"><?php
echo $hesklang['verify_i'];
?>
<font class="important">*</font></td>
<td width="80%">
<?php
// SPAM prevention verified for this session
if (isset($_SESSION['img_verified'])) {
echo '<img src="' . HESK_PATH . 'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> ' . $hesklang['vrfy'];
} elseif ($hesk_settings['recaptcha_use'] == 1) {
?>
<script type="text/javascript">
var RecaptchaOptions = {
theme : '<?php
echo isset($_SESSION['iserror']) && in_array('mysecnum', $_SESSION['iserror']) ? 'red' : 'white';
?>
',
custom_translations : {
visual_challenge : "<?php
echo hesk_slashJS($hesklang['visual_challenge']);
?>
",
audio_challenge : "<?php
echo hesk_slashJS($hesklang['audio_challenge']);
?>
",
refresh_btn : "<?php
echo hesk_slashJS($hesklang['refresh_btn']);
?>
",
instructions_visual : "<?php
echo hesk_slashJS($hesklang['instructions_visual']);
?>
",
instructions_context : "<?php
echo hesk_slashJS($hesklang['instructions_context']);
?>
",
instructions_audio : "<?php
echo hesk_slashJS($hesklang['instructions_audio']);
?>
",
help_btn : "<?php
echo hesk_slashJS($hesklang['help_btn']);
?>
",
play_again : "<?php
echo hesk_slashJS($hesklang['play_again']);
?>
",
cant_hear_this : "<?php
echo hesk_slashJS($hesklang['cant_hear_this']);
?>
",
incorrect_try_again : "<?php
echo hesk_slashJS($hesklang['incorrect_try_again']);
?>
",
image_alt_text : "<?php
echo hesk_slashJS($hesklang['image_alt_text']);
?>
",
},
};
</script>
<?php
require HESK_PATH . 'inc/recaptcha/recaptchalib.php';
echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
} elseif ($hesk_settings['recaptcha_use'] == 2) {
?>
<div class="g-recaptcha" data-sitekey="<?php
echo $hesk_settings['recaptcha_public_key'];
?>
"></div>
<?php
} else {
$cls = in_array('mysecnum', $_SESSION['iserror']) ? ' class="isError" ' : '';
echo $hesklang['sec_enter'] . '<br /> <br /><img src="print_sec_img.php?' . rand(10000, 99999) . '" width="150" height="40" alt="' . $hesklang['sec_img'] . '" title="' . $hesklang['sec_img'] . '" border="1" name="secimg" style="vertical-align:text-bottom" /> ' . '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="img/reload.png" height="24" width="24" alt="' . $hesklang['reload'] . '" title="' . $hesklang['reload'] . '" border="0" style="vertical-align:text-bottom" /></a>' . '<br /> <br /><input type="text" name="mysecnum" size="20" maxlength="5" ' . $cls . ' />';
}
?>
</td>
</tr>
<?php
}
?>
</table>
<?php
}
?>
<!-- Submit -->
<?php
if ($hesk_settings['submit_notice']) {
?>
<hr />
<div align="center">
<table border="0">
<tr>
<td>
<b><?php
echo $hesklang['before_submit'];
?>
</b>
<ul>
<li><?php
echo $hesklang['all_info_in'];
?>
.</li>
<li><?php
echo $hesklang['all_error_free'];
?>
.</li>
</ul>
<b><?php
echo $hesklang['we_have'];
?>
:</b>
<ul>
<li><?php
echo hesk_htmlspecialchars($_SERVER['REMOTE_ADDR']) . ' ' . $hesklang['recorded_ip'];
?>
</li>
<li><?php
echo $hesklang['recorded_time'];
?>
</li>
</ul>
<p align="center"><input type="hidden" name="token" value="<?php
hesk_token_echo();
?>
" />
<input type="submit" value="<?php
echo $hesklang['sub_ticket'];
?>
" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /></p>
</td>
</tr>
</table>
</div>
<?php
} else {
?>
<br /> <br />
<table border="0" width="100%">
<tr>
<td style="text-align:right" width="150"> </td>
<td width="80%"><input type="hidden" name="token" value="<?php
hesk_token_echo();
?>
" />
<input type="submit" value="<?php
echo $hesklang['sub_ticket'];
?>
" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /><br />
<br /> </td>
</tr>
</table>
<?php
}
// End ELSE submit_notice
?>
<!-- Do not delete or modify the code below, it is used to detect simple SPAM bots -->
<input type="hidden" name="hx" value="3" /><input type="hidden" name="hy" value="" />
<!-- >
<input type="text" name="phone" value="3" />
< -->
</form>
<!-- END FORM -->
</td>
<td class="roundcornersright"> </td>
</tr>
<tr>
<td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornersbottom"></td>
<td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>
<?php
hesk_cleanSessionVars('iserror');
hesk_cleanSessionVars('isnotice');
}
function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority = -1)
{
global $hesk_settings, $hesklang, $hesk_db_link, $ticket;
// Process "Reply-To:" or "From:" email
$tmpvar['email'] = isset($results['reply-to'][0]['address']) ? hesk_validateEmail($results['reply-to'][0]['address'], 'ERR', 0) : hesk_validateEmail($results['from'][0]['address'], 'ERR', 0);
// Email missing, invalid or banned?
if (!$tmpvar['email'] || hesk_isBannedEmail($tmpvar['email'])) {
return hesk_cleanExit();
}
// Process "Reply-To:" or "From:" name, convert to UTF-8, set to "[Customer]" if not set
if (isset($results['reply-to'][0]['name']) && strlen($results['reply-to'][0]['name'])) {
$tmpvar['name'] = $results['reply-to'][0]['name'];
if (!empty($results['reply-to'][0]['encoding'])) {
$tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['reply-to'][0]['encoding']);
}
} else {
$tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde'];
if (!empty($results['from'][0]['encoding'])) {
$tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']);
}
}
$tmpvar['name'] = hesk_input($tmpvar['name'], '', '', 1, 50) or $tmpvar['name'] = $hesklang['pde'];
// Process "To:" email (not yet implemented, for future use)
// $tmpvar['to_email'] = hesk_validateEmail($results['to'][0]['address'],'ERR',0);
// Process email subject, convert to UTF-8, set to "[Piped email]" if none set
$tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem'];
if (!empty($results['subject_encoding'])) {
$tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']);
}
$tmpvar['subject'] = hesk_input($tmpvar['subject'], '', '', 1, 70) or $tmpvar['subject'] = $hesklang['pem'];
// Process email message, convert to UTF-8
$tmpvar['message'] = isset($results['message']) ? $results['message'] : '';
if (!empty($results['encoding'])) {
$tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']);
}
$tmpvar['message'] = hesk_input($tmpvar['message'], '', '', 1);
// Message missing?
if (strlen($tmpvar['message']) == 0) {
// Message required? Ignore this email.
if ($hesk_settings['eml_req_msg']) {
return hesk_cleanExit();
}
// Message not required? Assign a default message
$tmpvar['message'] = $hesklang['def_msg'];
// Track duplicate emails based on subject
$message_hash = md5($tmpvar['subject']);
} else {
$message_hash = md5($tmpvar['message']);
}
// Strip quoted reply from email
$tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']);
// Convert URLs to links, change newlines to <br />
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
# For debugging purposes
# die( bin2hex($tmpvar['message']) );
# die($tmpvar['message']);
// Try to detect "delivery failed" and "noreply" emails - ignore if detected
if (hesk_isReturnedEmail($tmpvar)) {
return hesk_cleanExit();
}
// Check for email loops
if (hesk_isEmailLoop($tmpvar['email'], $message_hash)) {
return hesk_cleanExit();
}
// OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket
if (preg_match('/\\[#([A-Z0-9]{3}\\-[A-Z0-9]{3}\\-[A-Z0-9]{4})\\]/', str_replace(' ', '', $tmpvar['subject']), $matches)) {
// We found a possible tracking ID
$tmpvar['trackid'] = $matches[1];
// Does it match one in the database?
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($tmpvar['trackid']) . "' LIMIT 1");
if (hesk_dbNumRows($res)) {
$ticket = hesk_dbFetchAssoc($res);
// Do email addresses match?
if (strpos(strtolower($ticket['email']), strtolower($tmpvar['email'])) === false) {
$tmpvar['trackid'] = '';
}
// Is this ticket locked? Force create a new one if it is
if ($ticket['locked']) {
$tmpvar['trackid'] = '';
}
} else {
$tmpvar['trackid'] = '';
}
}
// If tracking ID is empty, generate a new one
if (empty($tmpvar['trackid'])) {
$tmpvar['trackid'] = hesk_createID();
$is_reply = 0;
} else {
$is_reply = 1;
}
// Process attachments
$tmpvar['attachmment_notices'] = '';
$tmpvar['attachments'] = '';
$num = 0;
if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) {
foreach ($results['attachments'] as $k => $v) {
// Clean attachment names
$myatt['real_name'] = hesk_cleanFileName($v['orig_name']);
// Check number of attachments, delete any over max number
if ($num >= $hesk_settings['attachments']['max_number']) {
$tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n";
continue;
}
// Check file extension
$ext = strtolower(strrchr($myatt['real_name'], "."));
if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) {
$tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n";
continue;
}
// Check file size
$myatt['size'] = $v['size'];
if ($myatt['size'] > $hesk_settings['attachments']['max_size']) {
$tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n";
continue;
}
// Generate a random file name
$useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789';
$tmp = $useChars[mt_rand(0, 29)];
for ($j = 1; $j < 10; $j++) {
$tmp .= $useChars[mt_rand(0, 29)];
}
$myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext;
// Rename the temporary file
rename($v['stored_name'], HESK_PATH . $hesk_settings['attach_dir'] . '/' . $myatt['saved_name']);
// Insert into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
$tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
$num++;
}
if (strlen($tmpvar['attachmment_notices'])) {
$tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'], '', '', 1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'], '', '', 1));
}
}
// Delete the temporary files
deleteAll($results['tempdir']);
// If this is a reply add a new reply
if ($is_reply) {
// Set last replier name to customer name
$ticket['lastreplier'] = $tmpvar['name'] == $hesklang['pde'] ? $tmpvar['email'] : $tmpvar['name'];
// If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff"
$ticket['status'] = $ticket['status'] ? 1 : 0;
// Update ticket as necessary
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
// If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened)
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' ");
// Insert reply into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($ticket['lastreplier']) . "','" . hesk_dbEscape($tmpvar['message']) . "',NOW(),'" . hesk_dbEscape($tmpvar['attachments']) . "')");
// --> Prepare reply message
// 1. Generate the array with ticket info that can be used in emails
$info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($tmpvar['message']), 'attachments' => $tmpvar['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']);
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
// --> Process custom fields before sending
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : '';
}
// --> If ticket is assigned just notify the owner
if ($ticket['owner']) {
hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
} else {
hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'");
}
return $ticket['trackid'];
}
// END REPLY
// Not a reply, but a new ticket. Add it to the database
$tmpvar['category'] = $set_category;
$tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority;
$_SERVER['REMOTE_ADDR'] = $hesklang['unknown'];
// Auto assign tickets if aplicable
$tmpvar['owner'] = 0;
$tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date());
$tmpvar['openedby'] = $pop3 ? -2 : -1;
$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
#print_r($autoassign_owner);
if ($autoassign_owner) {
$tmpvar['owner'] = $autoassign_owner['id'];
$tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
}
// Custom fields will be empty as there is no reliable way of detecting them
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$tmpvar[$k] = '';
}
// Insert ticket to database
$ticket = hesk_newTicket($tmpvar);
// Notify the customer
if ($hesk_settings['notify_new']) {
$possible_SPAM = false;
// Do we need to check subject for SPAM tags?
if ($hesk_settings['notify_skip_spam']) {
foreach ($hesk_settings['notify_spam_tags'] as $tag) {
if (strpos($tmpvar['subject'], $tag) !== false) {
$possible_SPAM = true;
break;
}
}
}
// SPAM tags not found or not checked, send email
if ($possible_SPAM === false) {
hesk_notifyCustomer();
}
}
// Need to notify staff?
// --> From autoassign?
if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) {
hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
} elseif (!$tmpvar['owner']) {
hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' ");
}
return $ticket['trackid'];
}
exit;
}
// Check for POST requests larger than what the server can handle
if (empty($_POST) && !empty($_SERVER['CONTENT_LENGTH'])) {
hesk_error($hesklang['maxpost']);
}
session_start();
/* A security check */
# hesk_token_check('POST');
$hesk_error_buffer = array();
// Tracking ID
$trackingID = hesk_cleanID('orig_track') or die($hesklang['int_error'] . ': No orig_track');
// Email required to view ticket?
$my_email = hesk_getCustomerEmail();
// Get message
$message = hesk_input(hesk_POST('message'));
// If the message was entered, further parse it
if (strlen($message)) {
// Make links clickable
$message = hesk_makeURL($message);
// Turn newlines into <br />
$message = nl2br($message);
} else {
$hesk_error_buffer[] = $hesklang['enter_message'];
}
/* Attachments */
if ($hesk_settings['attachments']['use']) {
require HESK_PATH . 'inc/attachments.inc.php';
$attachments = array();
for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
$att = hesk_uploadFile($i);
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
$id = hesk_input(hesk_GET('i'));
$query = hesk_input(hesk_utf8_urldecode(hesk_GET('q')));
$type = hesk_input(hesk_GET('t', 'text'));
$maxlen = intval(hesk_GET('m', 255));
$query = stripslashes($query);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML; 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title><?php
echo $hesklang['opt'];
?>
</title>
<meta http-equiv="Content-Type" content="text/html;charset=<?php
echo $hesklang['ENCODING'];
?>
" />
<style type="text/css">
function new_sm()
{
global $hesk_settings, $hesklang, $listBox;
global $hesk_error_buffer;
// A security check
# hesk_token_check('POST');
$hesk_error_buffer = array();
$style = intval(hesk_POST('style', 0));
if ($style > 4 || $style < 0) {
$style = 0;
}
$type = empty($_POST['type']) ? 0 : 1;
$title = hesk_input(hesk_POST('title')) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
$message = hesk_getHTML(hesk_POST('message'));
// Any errors?
if (count($hesk_error_buffer)) {
$_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => hesk_input(hesk_POST('message')));
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'service_messages.php');
}
// Just preview the message?
if (isset($_POST['sm_preview'])) {
$_SESSION['preview_sm'] = true;
$_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => $message);
header('Location: service_messages.php');
exit;
}
// Get the latest service message order
$res = hesk_dbQuery("SELECT `order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` ORDER BY `order` DESC LIMIT 1");
$row = hesk_dbFetchRow($res);
$my_order = intval($row[0]) + 10;
// Insert service message into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` (`author`,`title`,`message`,`style`,`type`,`order`) VALUES (\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($title) . "',\n '" . hesk_dbEscape($message) . "',\n '{$style}',\n '{$type}',\n '{$my_order}'\n )");
$_SESSION['smord'] = hesk_dbInsertID();
hesk_process_messages($hesklang['sm_added'], 'service_messages.php', 'SUCCESS');
}
function hesk_testSMTP()
{
global $hesk_settings, $hesklang, $set;
// Get variables
$set['smtp_host_name'] = hesk_input(hesk_POST('s_smtp_host_name', 'localhost'));
$set['smtp_host_port'] = intval(hesk_POST('s_smtp_host_port', 25));
$set['smtp_timeout'] = intval(hesk_POST('s_smtp_timeout', 10));
$set['smtp_ssl'] = empty($_POST['s_smtp_ssl']) ? 0 : 1;
$set['smtp_tls'] = empty($_POST['s_smtp_tls']) ? 0 : 1;
$set['smtp_user'] = hesk_input(hesk_POST('s_smtp_user'));
$set['smtp_password'] = hesk_input(hesk_POST('s_smtp_password'));
// Initiate SMTP class and set parameters
require_once HESK_PATH . 'inc/mail/smtp.php';
$smtp = new smtp_class();
$smtp->host_name = $set['smtp_host_name'];
$smtp->host_port = $set['smtp_host_port'];
$smtp->timeout = $set['smtp_timeout'];
$smtp->ssl = $set['smtp_ssl'];
$smtp->start_tls = $set['smtp_tls'];
$smtp->user = $set['smtp_user'];
$smtp->password = hesk_htmlspecialchars_decode(stripslashes($set['smtp_password']));
$smtp->debug = 1;
if (strlen($set['smtp_user']) || strlen($set['smtp_password'])) {
require_once HESK_PATH . 'inc/mail/sasl/sasl.php';
}
$connection_OK = false;
ob_start();
// Test connection
if ($smtp->Connect()) {
// SMTP connect successful
$connection_OK = true;
$smtp->Disconnect();
} else {
global $smtp_error, $smtp_log;
$smtp_error = ucfirst($smtp->error);
$smtp_log = ob_get_contents();
}
$smtp_log = ob_get_contents();
ob_end_clean();
return $connection_OK;
}
function hesk_isLoggedIn()
{
global $hesk_settings;
$referer = hesk_input($_SERVER['REQUEST_URI']);
$referer = str_replace('&', '&', $referer);
if (empty($_SESSION['id']) || empty($_SESSION['session_verify'])) {
if ($hesk_settings['autologin'] && hesk_autoLogin(1)) {
// Users online
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_initOnline($_SESSION['id']);
}
return true;
}
hesk_session_stop();
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
} else {
hesk_session_regenerate_id();
// Let's make sure access data is up-to-date
$res = hesk_dbQuery("SELECT `user`, `pass`, `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
// Exit if user not found
if (hesk_dbNumRows($res) != 1) {
hesk_session_stop();
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
}
// Fetch results from database
$me = hesk_dbFetchAssoc($res);
// Verify this session is still valid
if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) {
hesk_session_stop();
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
}
// Update session variables as needed
if ($me['isadmin'] == 1) {
$_SESSION['isadmin'] = 1;
} else {
$_SESSION['isadmin'] = 0;
$_SESSION['categories'] = explode(',', $me['categories']);
$_SESSION['heskprivileges'] = $me['heskprivileges'];
}
// Users online
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_initOnline($_SESSION['id']);
}
return true;
}
}
// All OK, continue
$_SESSION['license_agree'] = 1;
$_SESSION['step'] = 2;
} else {
$_SESSION['step'] = 1;
}
}
// Test database connection?
if ($_SESSION['step'] == 3 && isset($_POST['dbtest'])) {
// Username
$_SESSION['admin_user'] = hesk_input(hesk_POST('admin_user'));
if (strlen($_SESSION['admin_user']) == 0) {
$_SESSION['admin_user'] = '******';
}
// Password
$_SESSION['admin_pass'] = hesk_input(hesk_POST('admin_pass'));
if (strlen($_SESSION['admin_pass']) == 0) {
$_SESSION['admin_pass'] = substr(str_shuffle("23456789abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ"), 0, mt_rand(8, 12));
}
// Password hash for the database
$_SESSION['admin_hash'] = hesk_Pass2Hash($_SESSION['admin_pass']);
$hesk_db_link = hesk_iTestDatabaseConnection();
// Get table prefix, don't allow any special chars
$hesk_settings['db_pfix'] = preg_replace('/[^0-9a-zA-Z_]/', '', hesk_POST('pfix', 'hesk_'));
// Generate HESK table names
$hesk_tables = array($hesk_settings['db_pfix'] . 'attachments', $hesk_settings['db_pfix'] . 'banned_emails', $hesk_settings['db_pfix'] . 'banned_ips', $hesk_settings['db_pfix'] . 'categories', $hesk_settings['db_pfix'] . 'kb_articles', $hesk_settings['db_pfix'] . 'kb_attachments', $hesk_settings['db_pfix'] . 'kb_categories', $hesk_settings['db_pfix'] . 'logins', $hesk_settings['db_pfix'] . 'mail', $hesk_settings['db_pfix'] . 'notes', $hesk_settings['db_pfix'] . 'online', $hesk_settings['db_pfix'] . 'pipe_loops', $hesk_settings['db_pfix'] . 'replies', $hesk_settings['db_pfix'] . 'reply_drafts', $hesk_settings['db_pfix'] . 'reset_password', $hesk_settings['db_pfix'] . 'service_messages', $hesk_settings['db_pfix'] . 'std_replies', $hesk_settings['db_pfix'] . 'tickets', $hesk_settings['db_pfix'] . 'ticket_templates', $hesk_settings['db_pfix'] . 'users');
// Check if any of the HESK tables exists
$res = hesk_dbQuery('SHOW TABLES FROM `' . hesk_dbEscape($hesk_settings['db_name']) . '`');
while ($row = hesk_dbFetchRow($res)) {
if (in_array($row[0], $hesk_tables)) {
hesk_iDatabase(2);
require_once HESK_PATH . 'inc/knowledgebase_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Is Knowledgebase enabled? */
if (!$hesk_settings['kb_enable']) {
hesk_error($hesklang['kbdis']);
}
/* Can this user manage Knowledgebase or just view it? */
$can_man_kb = hesk_checkPermission('can_man_kb', 0);
/* Any category ID set? */
$catid = intval(hesk_GET('category', 1));
$artid = intval(hesk_GET('article', 0));
if (isset($_GET['search'])) {
$query = hesk_input(hesk_GET('search'));
} else {
$query = 0;
}
$hesk_settings['kb_link'] = $artid || $catid != 1 || $query ? '<a href="knowledgebase_private.php" class="smaller">' . $hesklang['gopr'] . '</a>' : ($can_man_kb ? $hesklang['gopr'] : '');
if ($hesk_settings['kb_search'] && $query) {
hesk_kb_search($query);
} elseif ($artid) {
// Show drafts only to staff who can manage knowledgebase
if ($can_man_kb) {
$result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`\n\t\tFROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t1`\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`\n\t\tWHERE `t1`.`id` = '{$artid}'\n\t\t");
} else {
$result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`\n\t\tFROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t1`\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`\n\t\tWHERE `t1`.`id` = '{$artid}' AND `t1`.`type` IN ('0', '1')\n\t\t");
}
$article = hesk_dbFetchAssoc($result) or hesk_error($hesklang['kb_art_id']);
hesk_show_kb_article($artid);
function hesk_isLoggedIn()
{
global $hesk_settings;
$referer = hesk_input($_SERVER['REQUEST_URI']);
$referer = str_replace('&', '&', $referer);
if (empty($_SESSION['id'])) {
if ($hesk_settings['autologin'] && hesk_autoLogin(1)) {
// Users online
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_initOnline($_SESSION['id']);
}
return true;
}
// Some pages cannot be redirected to
$modify_redirect = array('admin_reply_ticket.php' => 'admin_main.php', 'admin_settings_save.php' => 'admin_settings.php', 'delete_tickets.php' => 'admin_main.php', 'move_category.php' => 'admin_main.php', 'priority.php' => 'admin_main.php');
foreach ($modify_redirect as $from => $to) {
if (strpos($referer, $from) !== false) {
$referer = $to;
}
}
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
} else {
hesk_session_regenerate_id();
// Need to update permissions?
if (empty($_SESSION['isadmin'])) {
$res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
$me = hesk_dbFetchAssoc($res);
foreach ($me as $k => $v) {
$_SESSION[$k] = $v;
}
// Get allowed categories
if (empty($_SESSION['isadmin'])) {
$_SESSION['categories'] = explode(',', $_SESSION['categories']);
}
} else {
hesk_session_stop();
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
}
}
// Users online
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_initOnline($_SESSION['id']);
}
return true;
}
}
