function do_login() { global $hesk_settings, $hesklang; $hesk_error_buffer = array(); $user = hesk_input(hesk_POST('user')); if (empty($user)) { $myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username']; $hesk_error_buffer['user'] = $myerror; } define('HESK_USER', $user); $pass = hesk_input(hesk_POST('pass')); if (empty($pass)) { $hesk_error_buffer['pass'] = $hesklang['enter_pass']; } if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) { // Using ReCaptcha? if ($hesk_settings['recaptcha_use']) { require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php'; $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', '')); if ($resp->is_valid) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error']; } } else { $mysecnum = intval(hesk_POST('mysecnum', 0)); if (empty($mysecnum)) { $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss']; } else { require HESK_PATH . 'inc/secimg.inc.php'; $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']); if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng']; } } } } /* Any missing fields? */ if (count($hesk_error_buffer) != 0) { $_SESSION['a_iserror'] = array_keys($hesk_error_buffer); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "<li>{$error}</li>\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); print_login(); exit; } elseif (isset($_SESSION['img_a_verified'])) { unset($_SESSION['img_a_verified']); } /* User entered all required info, now lets limit brute force attempts */ hesk_limitBfAttempts(); $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_session_stop(); $_SESSION['a_iserror'] = array('user', 'pass'); hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT'); print_login(); exit; } $res = hesk_dbFetchAssoc($result); foreach ($res as $k => $v) { $_SESSION[$k] = $v; } /* Check password */ if (hesk_Pass2Hash($pass) != $_SESSION['pass']) { hesk_session_stop(); $_SESSION['a_iserror'] = array('pass'); hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT'); print_login(); exit; } $pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']); /* Check if default password */ if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') { hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE'); } unset($_SESSION['pass']); /* Login successful, clean brute force attempts */ hesk_cleanBfAttempts(); /* Regenerate session ID (security) */ hesk_session_regenerate_id(); /* Remember username? */ if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') { setcookie('hesk_username', "{$user}", strtotime('+1 year')); setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year')); } elseif (hesk_POST('remember_user') == 'JUSTUSER') { setcookie('hesk_username', "{$user}", strtotime('+1 year')); setcookie('hesk_p', ''); } else { // Expire cookie if set otherwise setcookie('hesk_username', ''); setcookie('hesk_p', ''); } /* Close any old tickets here so Cron jobs aren't necessary */ if ($hesk_settings['autoclose']) { $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape(date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400)) . "'"); } /* Redirect to the destination page */ if (hesk_isREQUEST('goto')) { $url = hesk_REQUEST('goto'); $url = str_replace('&', '&', $url); /* goto parameter can be set to the local domain only */ $myurl = parse_url($hesk_settings['hesk_url']); $goto = parse_url($url); if (isset($myurl['host']) && isset($goto['host'])) { if (str_replace('www.', '', strtolower($myurl['host'])) != str_replace('www.', '', strtolower($goto['host']))) { $url = 'admin_main.php'; } } header('Location: ' . $url); } else { header('Location: admin_main.php'); } exit; }
function hesk_iTestDatabaseConnection() { global $hesk_settings, $hesklang; $db_success = 1; $hesk_settings['db_host'] = hesk_input(hesk_POST('host')); $hesk_settings['db_name'] = hesk_input(hesk_POST('name')); $hesk_settings['db_user'] = hesk_input(hesk_POST('user')); $hesk_settings['db_pass'] = hesk_input(hesk_POST('pass')); // Allow & in password $hesk_settings['db_pass'] = str_replace('&', '&', $hesk_settings['db_pass']); // Use MySQLi extension to connect? $use_mysqli = function_exists('mysqli_connect') ? true : false; // Start output buffering ob_start(); // Connect to database if ($use_mysqli) { // Do we need a special port? Check and connect to the database if (strpos($hesk_settings['db_host'], ':')) { list($hesk_settings['db_host'], $hesk_settings['db_port']) = explode(':', $hesk_settings['db_host']); $hesk_db_link = mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name'], intval($hesk_settings['db_port'])) or $db_success = 0; } else { $hesk_db_link = mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name']) or $db_success = 0; } } else { $hesk_db_link = mysql_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass']) or $db_success = 0; // Select database works OK? if ($db_success == 1 && !mysql_select_db($hesk_settings['db_name'], $hesk_db_link)) { // No, try to create the database if (function_exists('mysql_create_db') && mysql_create_db($hesk_settings['db_name'], $hesk_db_link)) { if (mysql_select_db($hesk_settings['db_name'], $hesk_db_link)) { $db_success = 1; } else { $db_success = 0; } } else { $db_success = 0; } } } ob_end_clean(); // Any errors? if (!$db_success) { global $mysql_log; $mysql_log = $use_mysqli ? mysqli_connect_error() : mysql_error(); hesk_iDatabase(1); } // Check MySQL version define('MYSQL_VERSION', hesk_dbResult(hesk_dbQuery('SELECT VERSION() AS version'))); if (version_compare(MYSQL_VERSION, REQUIRE_MYSQL_VERSION, '<')) { hesk_iDatabase(5); } return $hesk_db_link; }
function hesk_printCustomerReplyForm($reopen = 0) { global $hesklang, $hesk_settings, $trackingID, $my_email; // Already printed? if (defined('REPLY_FORM')) { return ''; } ?> <br /> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td> <td class="roundcornerstop"></td> <td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td> </tr> <tr> <td class="roundcornersleft"> </td> <td> <h3 style="text-align:center"><?php echo $hesklang['add_reply']; ?> </h3> <form method="post" action="reply_ticket.php" enctype="multipart/form-data"> <p align="center"><?php echo $hesklang['message']; ?> : <span class="important">*</span><br /> <textarea name="message" rows="12" cols="60"><?php if (isset($_SESSION['ticket_message'])) { echo stripslashes(hesk_input($_SESSION['ticket_message'])); } ?> </textarea></p> <?php /* attachments */ if ($hesk_settings['attachments']['use']) { ?> <p align="center"> <?php echo $hesklang['attachments'] . ' (<a href="file_limits.php" target="_blank" onclick="Javascript:hesk_window(\'file_limits.php\',250,500);return false;">' . $hesklang['ful'] . '</a>):<br />'; for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) { echo '<input type="file" name="attachment[' . $i . ']" size="50" /><br />'; } ?> </p> <?php } ?> <p align="center"> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?> " /> <input type="hidden" name="orig_track" value="<?php echo $trackingID; ?> " /> <?php if ($hesk_settings['email_view_ticket']) { echo '<input type="hidden" name="e" value="' . $my_email . '" />'; } if ($reopen) { echo '<input type="hidden" name="reopen" value="1" />'; } ?> <input type="submit" value="<?php echo $hesklang['submit_reply']; ?> " class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /></p> </form> </td> <td class="roundcornersright"> </td> </tr> <tr> <td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td> <td class="roundcornersbottom"></td> <td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td> </tr> </table> <?php // Make sure the form is only printed once per page define('REPLY_FORM', true); }
function update_profile() { global $hesk_settings, $hesklang, $can_view_unassigned; /* A security check */ hesk_token_check('POST'); $sql_pass = ''; $sql_username = ''; $hesk_error_buffer = ''; $_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>'; $_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>'; $_SESSION['new']['signature'] = hesk_input(hesk_POST('signature')); /* Signature */ if (strlen($_SESSION['new']['signature']) > 255) { $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>'; } /* Admins can change username */ if ($_SESSION['isadmin']) { $_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>'; /* Check for duplicate usernames */ $result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 0) { $hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>'; } else { $sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'"; } } /* Change password? */ $newpass = hesk_input(hesk_POST('newpass')); $passlen = strlen($newpass); if ($passlen > 0) { /* At least 5 chars? */ if ($passlen < 5) { $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>'; } else { $newpass2 = hesk_input(hesk_POST('newpass2')); if ($newpass != $newpass2) { $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>'; } else { $v = hesk_Pass2Hash($newpass); if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') { define('WARN_PASSWORD', true); } $sql_pass = '******'' . $v . '\''; } } } /* After reply */ $_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply')); if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) { $_SESSION['new']['afterreply'] = 0; } /* Auto-start ticket timer */ $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0; /* Notifications */ $_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1; $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1; $_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1; $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1; $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1; /* Any errors? */ if (strlen($hesk_error_buffer)) { /* Process the session variables */ $_SESSION['new'] = hesk_stripArray($_SESSION['new']); $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); } else { /* Update database */ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n\t `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\r\n\t `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\r\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\r\n {$sql_username}\r\n\t\t{$sql_pass} ,\r\n\t `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,\r\n `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,\r\n\t `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,\r\n `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,\r\n `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,\r\n `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,\r\n `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,\r\n `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',\r\n `notify_note`='" . intval($_SESSION['new']['notify_note']) . "'\r\n\t WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1"); /* Process the session variables */ $_SESSION['new'] = hesk_stripArray($_SESSION['new']); /* Update session variables */ foreach ($_SESSION['new'] as $k => $v) { $_SESSION[$k] = $v; } unset($_SESSION['new']); hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS'); } }
function hesk_testLanguage($return_options = 0) { global $hesk_settings, $hesklang; /* Get a list of valid emails */ include_once HESK_PATH . 'inc/email_functions.inc.php'; $valid_emails = array_keys(hesk_validEmails()); $dir = HESK_PATH . 'language/'; $path = opendir($dir); $text = ''; $html = ''; $text .= "/language\n"; /* Test all folders inside the language folder */ while (false !== ($subdir = readdir($path))) { if ($subdir == "." || $subdir == "..") { continue; } if (filetype($dir . $subdir) == 'dir') { $add = 1; $langu = $dir . $subdir . '/text.php'; $email = $dir . $subdir . '/emails'; /* Check the text.php */ $text .= " |-> /{$subdir}\n"; $text .= " |-> text.php: "; if (file_exists($langu)) { $tmp = file_get_contents($langu); // Some servers add slashes to file_get_contents output if (strpos($tmp, '[\\\'LANGUAGE\\\']') !== false) { $tmp = stripslashes($tmp); } $err = ''; if (!preg_match('/\\$hesklang\\[\'LANGUAGE\'\\]\\=\'(.*)\'\\;/', $tmp, $l)) { $err .= " |----> MISSING: \$hesklang['LANGUAGE']\n"; } if (strpos($tmp, '$hesklang[\'ENCODING\']') === false) { $err .= " |----> MISSING: \$hesklang['ENCODING']\n"; } if (strpos($tmp, '$hesklang[\'_COLLATE\']') === false) { $err .= " |----> MISSING: \$hesklang['_COLLATE']\n"; } if (strpos($tmp, '$hesklang[\'EMAIL_HR\']') === false) { $err .= " |----> MISSING: \$hesklang['EMAIL_HR']\n"; } /* Check if language file is for current version */ if (strpos($tmp, '$hesklang[\'recaptcha_error\']') === false) { $err .= " |----> WRONG VERSION (not " . $hesk_settings['hesk_version'] . ")\n"; } if ($err) { $text .= "ERROR\n" . $err; $add = 0; } else { $l[1] = hesk_input($l[1]); $l[1] = str_replace('|', ' ', $l[1]); $text .= "OK ({$l['1']})\n"; } } else { $text .= "ERROR\n"; $text .= " |----> MISSING: text.php\n"; $add = 0; } /* Check emails folder */ $text .= " |-> /emails: "; if (file_exists($email) && filetype($email) == 'dir') { $err = ''; foreach ($valid_emails as $eml) { if (!file_exists($email . '/' . $eml . '.txt')) { $err .= " |----> MISSING: {$eml}.txt\n"; } } if ($err) { $text .= "ERROR\n" . $err; $add = 0; } else { $text .= "OK\n"; } } else { $text .= "ERROR\n"; $text .= " |----> MISSING: /emails folder\n"; $add = 0; } $text .= "\n"; /* Add an option for the <select> if needed */ if ($add) { if ($l[1] == $hesk_settings['language']) { $html .= '<option value="' . $subdir . '|' . $l[1] . '" selected="selected">' . $l[1] . '</option>'; } else { $html .= '<option value="' . $subdir . '|' . $l[1] . '">' . $l[1] . '</option>'; } } } } closedir($path); /* Output select options or the test log for debugging */ if ($return_options) { return $html; } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML; 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <title><?php echo $hesklang['s_inl']; ?> </title> <meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?> " /> <style type="text/css"> body { margin:5px 5px; padding:0; background:#fff; color: black; font : 68.8%/1.5 Verdana, Geneva, Arial, Helvetica, sans-serif; text-align:left; } p { color : black; font-family : Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 1.0em; } h3 { color : #AF0000; font-family : Verdana, Geneva, Arial, Helvetica, sans-serif; font-weight: bold; font-size: 1.0em; text-align:center; } .title { color : black; font-family : Verdana, Geneva, Arial, Helvetica, sans-serif; font-weight: bold; font-size: 1.0em; } .wrong {color : red;} .correct {color : green;} pre {font-size:1.2em;} </style> </head> <body> <h3><?php echo $hesklang['s_inl']; ?> </h3> <p><i><?php echo $hesklang['s_inle']; ?> </i></p> <pre><?php echo $text; ?> </pre> <p> </p> <p align="center"><a href="admin_settings.php?test_languages=1&<?php echo rand(10000, 99999); ?> "><?php echo $hesklang['ta']; ?> </a> | <a href="#" onclick="Javascript:window.close()"><?php echo $hesklang['cwin']; ?> </a></p> <p> </p> </body> </html> <?php exit; } }
function rename_cat() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $_SERVER['PHP_SELF'] = 'manage_categories.php?catid=' . intval(hesk_POST('catid')); $catid = hesk_isNumber(hesk_POST('catid'), $hesklang['choose_cat_ren'], $_SERVER['PHP_SELF']); $_SESSION['selcat'] = $catid; $_SESSION['selcat2'] = $catid; $catname = hesk_input(hesk_POST('name'), $hesklang['cat_ren_name'], $_SERVER['PHP_SELF']); $_SESSION['catname2'] = $catname; $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `name` LIKE '" . hesk_dbEscape(hesk_dbLike($catname)) . "' LIMIT 1"); if (hesk_dbNumRows($res) != 0) { $old = hesk_dbFetchAssoc($res); if ($old['id'] == $catid) { hesk_process_messages($hesklang['noch'], $_SERVER['PHP_SELF'], 'NOTICE'); } else { hesk_process_messages($hesklang['cndupl'], $_SERVER['PHP_SELF']); } } hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `name`='" . hesk_dbEscape($catname) . "' WHERE `id`='" . intval($catid) . "' LIMIT 1"); unset($_SESSION['selcat']); unset($_SESSION['catname2']); hesk_process_messages($hesklang['cat_renamed_to'] . ' <i>' . stripslashes($catname) . '</i>', $_SERVER['PHP_SELF'], 'SUCCESS'); }
} $myerror .= '</ul>'; hesk_error($myerror); } $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); foreach ($hesk_settings['custom_fields'] as $k => $v) { if ($v['use'] && isset($_POST[$k])) { if (is_array($_POST[$k])) { $tmpvar[$k] = ''; foreach ($_POST[$k] as $myCB) { $tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />'; } $tmpvar[$k] = substr($tmpvar[$k], 0, -6); } else { $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k]))); } } else { $tmpvar[$k] = ''; } } hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET\n\t\t`name`='" . hesk_dbEscape($tmpvar['name']) . "',\n\t\t`email`='" . hesk_dbEscape($tmpvar['email']) . "',\n\t\t`subject`='" . hesk_dbEscape($tmpvar['subject']) . "',\n\t\t`message`='" . hesk_dbEscape($tmpvar['message']) . "',\n\t\t`custom1`='" . hesk_dbEscape($tmpvar['custom1']) . "',\n\t\t`custom2`='" . hesk_dbEscape($tmpvar['custom2']) . "',\n\t\t`custom3`='" . hesk_dbEscape($tmpvar['custom3']) . "',\n\t\t`custom4`='" . hesk_dbEscape($tmpvar['custom4']) . "',\n\t\t`custom5`='" . hesk_dbEscape($tmpvar['custom5']) . "',\n\t\t`custom6`='" . hesk_dbEscape($tmpvar['custom6']) . "',\n\t\t`custom7`='" . hesk_dbEscape($tmpvar['custom7']) . "',\n\t\t`custom8`='" . hesk_dbEscape($tmpvar['custom8']) . "',\n\t\t`custom9`='" . hesk_dbEscape($tmpvar['custom9']) . "',\n\t\t`custom10`='" . hesk_dbEscape($tmpvar['custom10']) . "',\n\t\t`custom11`='" . hesk_dbEscape($tmpvar['custom11']) . "',\n\t\t`custom12`='" . hesk_dbEscape($tmpvar['custom12']) . "',\n\t\t`custom13`='" . hesk_dbEscape($tmpvar['custom13']) . "',\n\t\t`custom14`='" . hesk_dbEscape($tmpvar['custom14']) . "',\n\t\t`custom15`='" . hesk_dbEscape($tmpvar['custom15']) . "',\n\t\t`custom16`='" . hesk_dbEscape($tmpvar['custom16']) . "',\n\t\t`custom17`='" . hesk_dbEscape($tmpvar['custom17']) . "',\n\t\t`custom18`='" . hesk_dbEscape($tmpvar['custom18']) . "',\n\t\t`custom19`='" . hesk_dbEscape($tmpvar['custom19']) . "',\n\t\t`custom20`='" . hesk_dbEscape($tmpvar['custom20']) . "'\n\t\tWHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); } unset($tmpvar); hesk_cleanSessionVars('tmpvar'); hesk_process_messages($hesklang['edt2'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); } $ticket['message'] = hesk_msgToPlain($ticket['message'], 0, 0); /* Print header */ require_once HESK_PATH . 'inc/header.inc.php'; /* Print admin navigation */
?> </a></b></p> </td> </tr> <tr> <td width="60"> </td> <td> </td> </tr> <tr> <td width="60"> </td> <td><?php echo $hesklang['passe']; ?> :<br /><input type="text" name="email" size="35" value="<?php if (isset($email)) { echo stripslashes(hesk_input($email)); } ?> " <?php echo in_array('email', $_SESSION['a_iserror']) ? ' class="isError" ' : ''; ?> /></td> </tr> <?php if ($hesk_settings['secimg_use']) { ?> <tr> <td width="60"> </td> <td> <hr /> <?php
*******************************************************************************/ /* Check if this is a valid include */ if (!defined('IN_SCRIPT')) { die('Invalid attempt'); } /* Acceptable $sort values and default asc(1)/desc(0) setting */ $sort_possible = array('trackid' => 1, 'lastchange' => 0, 'name' => 1, 'subject' => 1, 'status' => 1, 'lastreplier' => 1, 'priority' => 1, 'category' => 1, 'dt' => 0, 'id' => 1); // These values should have collate appended in SQL $sort_collation = array('name', 'subject'); // DATE $sql .= " AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' "; // Start the order by part of the SQL query $sql .= " ORDER BY "; /* Sort by which field? */ if (isset($_GET['sort']) && !is_array($_GET['sort']) && isset($sort_possible[$_GET['sort']])) { $sort = hesk_input($_GET['sort']); $sql .= ' `' . hesk_dbEscape($sort) . '` '; // Need to set MySQL collation? if (in_array($_GET['sort'], $sort_collation)) { $sql .= " COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' "; } } else { /* Default sorting by ticket status */ $sql .= ' `id` '; $sort = 'id'; } /* Ascending or Descending? */ if (isset($_GET['asc']) && intval($_GET['asc']) == 0) { $sql .= ' DESC '; $asc = 0; $asc_rev = 1;
* a license please visit the page below: * https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Set correct return URL */ if (isset($_SERVER['HTTP_REFERER'])) { $url = hesk_input($_SERVER['HTTP_REFERER']); $url = str_replace('&', '&', $url); if ($tmp = strstr($url, 'show_tickets.php')) { $referer = $tmp; } elseif ($tmp = strstr($url, 'find_tickets.php')) { $referer = $tmp; } elseif ($tmp = strstr($url, 'admin_main.php')) { $referer = $tmp; } else { $referer = 'admin_main.php'; } } else { $referer = 'admin_main.php'; } /* Is this a delete ticket request from within a ticket ("delete" icon)? */ if (isset($_GET['delete_ticket'])) {
} } else { if ($v['req']) { $hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name']; } $_POST[$k] = ''; } $_SESSION["c_{$k}"] = hesk_POST_array($k); } elseif ($v['req']) { $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k)))); if (!strlen($tmpvar[$k])) { $hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name']; } $_SESSION["c_{$k}"] = hesk_POST($k); } else { $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k)))); $_SESSION["c_{$k}"] = hesk_POST($k); } } else { $tmpvar[$k] = ''; } } // Check bans if (!isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) { hesk_error($hesklang['baned_e']); } // Check maximum open tickets limit $below_limit = true; if ($hesk_settings['max_open'] && !isset($hesk_error_buffer['email'])) { $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN ('0', '1', '2', '4', '5') AND " . hesk_dbFormatEmail($tmpvar['email'])); $num = hesk_dbResult($res);
?> <div class="notice"> <span style="font-size:12px;font-weight:bold"><?php echo $hesklang['sc']; ?> :</span><br /> <br /> <?php if (!$num) { echo '<i>' . $hesklang['nsfo'] . '</i>'; } else { $max_score = 0; while ($article = hesk_dbFetchAssoc($res)) { if ($article['score'] > $max_score) { $max_score = $article['score']; } if ($max_score && $article['score'] / $max_score < 0.25) { break; } $txt = strip_tags($article['content']); if (strlen($txt) > $hesk_settings['kb_substrart']) { $txt = substr($txt, 0, $hesk_settings['kb_substrart']) . '...'; } echo ' <a href="knowledgebase.php?article=' . $article['id'] . '&suggest=1" target="_blank">' . $article['subject'] . '</a> <input type="hidden" name="suggested[]" value="' . $article['id'] . '|' . stripslashes(hesk_input($article['subject'])) . '"> <br />' . $txt . '<br /><br />'; } } ?> </div>
function new_article() { global $hesk_settings, $hesklang, $listBox; global $hesk_error_buffer; /* A security check */ # hesk_token_check('POST'); $_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1); $hesk_error_buffer = array(); $catid = intval(hesk_POST('catid', 1)); $type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1); $html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1); $now = hesk_date(); // Prevent submitting duplicate articles by reloading manage_knowledgebase.php page if (isset($_SESSION['article_submitted'])) { header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid); exit; } $_SESSION['KB_CATEGORY'] = $catid; $subject = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['kb_e_subj']; if ($html) { if (empty($_POST['content'])) { $hesk_error_buffer[] = $hesklang['kb_e_cont']; } $content = hesk_getHTML(hesk_POST('content')); } else { $content = hesk_input(hesk_POST('content')) or $hesk_error_buffer[] = $hesklang['kb_e_cont']; $content = nl2br($content); $content = hesk_makeURL($content); } $sticky = isset($_POST['sticky']) ? 1 : 0; $keywords = hesk_input(hesk_POST('keywords')); /* Article attachments */ define('KB', 1); require_once HESK_PATH . 'inc/posting_functions.inc.php'; require_once HESK_PATH . 'inc/attachments.inc.php'; $attachments = array(); for ($i = 1; $i <= 3; $i++) { $att = hesk_uploadFile($i); if (!empty($att)) { $attachments[$i] = $att; } } $myattachments = ''; /* Any errors? */ if (count($hesk_error_buffer)) { // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use']) { hesk_removeAttachments($attachments); } $_SESSION['new_article'] = array('type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input(hesk_POST('content')), 'keywords' => $keywords, 'sticky' => $sticky); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "<li>{$error}</li>\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'manage_knowledgebase.php'); } $revision = sprintf($hesklang['revision1'], $now, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); /* Add to database */ if (!empty($attachments)) { foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; } } /* Get the latest reply_order */ $res = hesk_dbQuery("SELECT `art_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1"); $row = hesk_dbFetchRow($res); $my_order = $row[0] + 10; /* Insert article into database */ hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES (\n '" . intval($catid) . "',\n NOW(),\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($subject) . "',\n '" . hesk_dbEscape($content) . "',\n '" . hesk_dbEscape($keywords) . "',\n '" . intval($type) . "',\n '" . intval($html) . "',\n '" . intval($sticky) . "',\n '" . intval($my_order) . "',\n '" . hesk_dbEscape($revision) . "',\n '" . hesk_dbEscape($myattachments) . "'\n )"); $_SESSION['artord'] = hesk_dbInsertID(); // Update category article count if ($type == 0) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=`articles`+1 WHERE `id`='" . intval($catid) . "'"); } else { if ($type == 1) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='" . intval($catid) . "'"); } else { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='" . intval($catid) . "'"); } } unset($_SESSION['hide']); $_SESSION['article_submitted'] = 1; hesk_process_messages($hesklang['your_kb_added'], 'NOREDIRECT', 'SUCCESS'); $_GET['catid'] = $catid; manage_category(); }
function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php') { global $hesk_settings, $hesklang; $hesk_error_buffer = ''; $myuser['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_real_name'] . '</li>'; $myuser['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '<li>' . $hesklang['enter_valid_email'] . '</li>'; $myuser['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>'; $myuser['isadmin'] = empty($_POST['isadmin']) ? 0 : 1; $myuser['signature'] = hesk_input(hesk_POST('signature')); $myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0; /* If it's not admin at least one category and fature is required */ $myuser['categories'] = array(); $myuser['features'] = array(); if ($myuser['isadmin'] == 0) { if (empty($_POST['categories']) || !is_array($_POST['categories'])) { $hesk_error_buffer .= '<li>' . $hesklang['asign_one_cat'] . '</li>'; } else { foreach ($_POST['categories'] as $tmp) { if (is_array($tmp)) { continue; } if ($tmp = intval($tmp)) { $myuser['categories'][] = $tmp; } } } if (empty($_POST['features']) || !is_array($_POST['features'])) { $hesk_error_buffer .= '<li>' . $hesklang['asign_one_feat'] . '</li>'; } else { foreach ($_POST['features'] as $tmp) { if (in_array($tmp, $hesk_settings['features'])) { $myuser['features'][] = $tmp; } } } } if (strlen($myuser['signature']) > 255) { $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>'; } /* Password */ $myuser['cleanpass'] = ''; $newpass = hesk_input(hesk_POST('newpass')); $passlen = strlen($newpass); if ($pass_required || $passlen > 0) { /* At least 5 chars? */ if ($passlen < 5) { $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>'; } else { $newpass2 = hesk_input(hesk_POST('newpass2')); if ($newpass != $newpass2) { $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>'; } else { $myuser['pass'] = hesk_Pass2Hash($newpass); $myuser['cleanpass'] = $newpass; } } } /* Save entered info in session so we don't loose it in case of errors */ $_SESSION['userdata'] = $myuser; /* Any errors */ if (strlen($hesk_error_buffer)) { $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, $redirect_to); } return $myuser; }
// Get note info $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}"); if (hesk_dbNumRows($result) != 1) { hesk_error($hesklang['no_note']); } $note = hesk_dbFetchAssoc($result); // Make sure the note matches the ticket and the user has permission to edit it if ($note['ticket'] != $ticket['id'] || !hesk_checkPermission('can_del_notes', 0) && $note['who'] != $_SESSION['id']) { hesk_error($hesklang['perm_deny']); } // Save changes? if (isset($_POST['save'])) { // A security check hesk_token_check('POST'); // Get message $tmpvar['message'] = nl2br(hesk_makeURL(hesk_input(hesk_POST('message')))); // If we have message or attachments do the update if (strlen($tmpvar['message']) || strlen($note['attachments'])) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`={$noteID}"); hesk_process_messages($hesklang['ednote2'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); } else { hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}"); header('Location: admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999)); exit; } } $note['message'] = hesk_msgToPlain($note['message'], 0, 0); /* Print header */ require_once HESK_PATH . 'inc/header.inc.php'; /* Print admin navigation */ require_once HESK_PATH . 'inc/show_admin_nav.inc.php';
function mail_send() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $hesk_error_buffer = ''; /* Recipient */ $_SESSION['mail']['to'] = intval(hesk_POST('to')); /* Valid recipient? */ if (empty($_SESSION['mail']['to'])) { $hesk_error_buffer .= '<li>' . $hesklang['m_rec'] . '</li>'; } elseif ($_SESSION['mail']['to'] == $_SESSION['id']) { $hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>'; } else { $res = hesk_dbQuery("SELECT `name`,`email`,`notify_pm` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($_SESSION['mail']['to']) . "' LIMIT 1"); $num = hesk_dbNumRows($res); if (!$num) { $hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>'; } else { $pm_recipient = hesk_dbFetchAssoc($res); } } /* Subject */ $_SESSION['mail']['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer .= '<li>' . $hesklang['m_esu'] . '</li>'; /* Message */ $_SESSION['mail']['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_message'] . '</li>'; /* Any errors? */ if (strlen($hesk_error_buffer)) { $_SESSION['hide']['list'] = 1; $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); } else { $_SESSION['mail']['message'] = hesk_makeURL($_SESSION['mail']['message']); $_SESSION['mail']['message'] = nl2br($_SESSION['mail']['message']); hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`from`,`to`,`subject`,`message`,`dt`,`read`) VALUES ('" . intval($_SESSION['id']) . "','" . intval($_SESSION['mail']['to']) . "','" . hesk_dbEscape($_SESSION['mail']['subject']) . "','" . hesk_dbEscape($_SESSION['mail']['message']) . "',NOW(),'0')"); /* Notify receiver via e-mail? */ if (isset($pm_recipient) && $pm_recipient['notify_pm']) { $pm_id = hesk_dbInsertID(); $pm = array('name' => hesk_msgToPlain(addslashes($_SESSION['name']), 1, 1), 'subject' => hesk_msgToPlain($_SESSION['mail']['subject'], 1, 1), 'message' => hesk_msgToPlain($_SESSION['mail']['message'], 1, 1), 'id' => $pm_id); /* Format email subject and message for recipient */ $subject = hesk_getEmailSubject('new_pm', $pm, 0); $message = hesk_getEmailMessage('new_pm', $pm, 1, 0); /* Send e-mail */ hesk_mail($pm_recipient['email'], $subject, $message); } unset($_SESSION['mail']); hesk_process_messages($hesklang['m_pms'], './mail.php', 'SUCCESS'); } }
$sql .= " `category`='{$category}' "; } else { $sql .= hesk_myCategories(); } // Show only tagged tickets? if (!empty($_GET['archive'])) { $archive[2] = 1; $sql .= " AND `archive`='1' "; } // Ticket owner preferences $fid = 2; require HESK_PATH . 'inc/assignment_search.inc.php'; $hesk_error_buffer = ''; $no_query = 0; // Search query $q = stripslashes(hesk_input(hesk_GET('q', ''))); // No query entered? if (!strlen($q)) { $hesk_error_buffer .= $hesklang['fsq']; $no_query = 1; } // What field are we searching in $what = hesk_GET('what', '') or $hesk_error_buffer .= '<br />' . $hesklang['wsel']; // Sequential ID supported? if ($what == 'seqid' && !$hesk_settings['sequential']) { $what = 'trackid'; } // Setup SQL based on searching preferences if (!$no_query) { $sql .= " AND "; switch ($what) {
if ($print_table == 0) { echo '<table border="0" width="100%">'; $print_table = 1; } # $v['req'] = $v['req'] ? '<font class="important">*</font>' : ''; # Staff doesn't need to fill in required custom fields $v['req'] = ''; if ($v['type'] == 'checkbox') { $k_value = array(); if (isset($_SESSION["as_{$k}"]) && is_array($_SESSION["as_{$k}"])) { foreach ($_SESSION["as_{$k}"] as $myCB) { $k_value[] = stripslashes(hesk_input($myCB)); } } } elseif (isset($_SESSION["as_{$k}"])) { $k_value = stripslashes(hesk_input($_SESSION["as_{$k}"])); } else { $k_value = ''; } switch ($v['type']) { /* Radio box */ case 'radio': echo ' <tr> <td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td> <td width="80%">'; $options = explode('#HESK#', $v['value']); $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : ''; foreach ($options as $option) { if (strlen($k_value) == 0 || $k_value == $option) { $k_value = $option;
function new_saved() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $hesk_error_buffer = ''; $savename = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_title'] . '</li>'; $msg = hesk_input(hesk_POST('msg')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_msg'] . '</li>'; // Avoid problems with utf-8 newline chars in Javascript code, detect and remove them $msg = preg_replace('/\\R/u', "\r\n", $msg); $_SESSION['canned']['what'] = 'NEW'; $_SESSION['canned']['name'] = $savename; $_SESSION['canned']['msg'] = $msg; /* Any errors? */ if (strlen($hesk_error_buffer)) { $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'manage_ticket_templates.php'); } /* Get the latest tpl_order */ $result = hesk_dbQuery('SELECT `tpl_order` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'ticket_templates` ORDER BY `tpl_order` DESC LIMIT 1'); $row = hesk_dbFetchRow($result); $my_order = $row[0] + 10; hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` (`title`,`message`,`tpl_order`) VALUES ('" . hesk_dbEscape($savename) . "','" . hesk_dbEscape($msg) . "','" . intval($my_order) . "')"); unset($_SESSION['canned']['what']); unset($_SESSION['canned']['name']); unset($_SESSION['canned']['msg']); hesk_process_messages($hesklang['ticket_tpl_saved'], 'manage_ticket_templates.php', 'SUCCESS'); }
function do_login() { global $hesk_settings, $hesklang; $hesk_error_buffer = array(); $user = hesk_input(hesk_POST('user')); if (empty($user)) { $myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username']; $hesk_error_buffer['user'] = $myerror; } define('HESK_USER', $user); $pass = hesk_input(hesk_POST('pass')); if (empty($pass)) { $hesk_error_buffer['pass'] = $hesklang['enter_pass']; } if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) { // Using ReCaptcha? if ($hesk_settings['recaptcha_use'] == 1) { require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php'; $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', '')); if ($resp->is_valid) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error']; } } elseif ($hesk_settings['recaptcha_use'] == 2) { require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php'; $resp = null; $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']); // Was there a reCAPTCHA response? if (isset($_POST["g-recaptcha-response"])) { $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response")); } if ($resp != null && $resp->success) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error']; } } else { $mysecnum = intval(hesk_POST('mysecnum', 0)); if (empty($mysecnum)) { $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss']; } else { require HESK_PATH . 'inc/secimg.inc.php'; $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']); if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng']; } } } } /* Any missing fields? */ if (count($hesk_error_buffer) != 0) { $_SESSION['a_iserror'] = array_keys($hesk_error_buffer); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "<li>{$error}</li>\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); print_login(); exit; } elseif (isset($_SESSION['img_a_verified'])) { unset($_SESSION['img_a_verified']); } /* User entered all required info, now lets limit brute force attempts */ hesk_limitBfAttempts(); $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_session_stop(); $_SESSION['a_iserror'] = array('user', 'pass'); hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT'); print_login(); exit; } $res = hesk_dbFetchAssoc($result); foreach ($res as $k => $v) { $_SESSION[$k] = $v; } /* Check password */ if (hesk_Pass2Hash($pass) != $_SESSION['pass']) { hesk_session_stop(); $_SESSION['a_iserror'] = array('pass'); hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT'); print_login(); exit; } $pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']); /* Check if default password */ if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') { hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE'); } // Set a tag that will be used to expire sessions after username or password change $_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']); // We don't need the password hash anymore unset($_SESSION['pass']); /* Login successful, clean brute force attempts */ hesk_cleanBfAttempts(); /* Make sure our user is active */ if (!$_SESSION['active']) { hesk_session_stop(); $_SESSION['a_iserror'] = array('active'); hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT'); print_login(); exit; } /* Regenerate session ID (security) */ hesk_session_regenerate_id(); /* Remember username? */ if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') { setcookie('hesk_username', "{$user}", strtotime('+1 year')); setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year')); } elseif (hesk_POST('remember_user') == 'JUSTUSER') { setcookie('hesk_username', "{$user}", strtotime('+1 year')); setcookie('hesk_p', ''); } else { // Expire cookie if set otherwise setcookie('hesk_username', ''); setcookie('hesk_p', ''); } /* Close any old tickets here so Cron jobs aren't necessary */ if ($hesk_settings['autoclose']) { $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']); $dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400); $closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1'); $closedStatus = hesk_dbFetchAssoc($closedStatusRs); // Are we allowed to close tickets in this status? if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') { // Notify customer of closed ticket? if ($hesk_settings['notify_closed']) { // Get list of tickets $result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' "); if (hesk_dbNumRows($result) > 0) { global $ticket; // Load required functions? if (!function_exists('hesk_notifyCustomer')) { require HESK_PATH . 'inc/email_functions.inc.php'; } while ($ticket = hesk_dbFetchAssoc($result)) { $ticket['dt'] = hesk_date($ticket['dt'], true); $ticket['lastchange'] = hesk_date($ticket['lastchange'], true); $ticket = hesk_ticketToPlain($ticket, 1, 0); hesk_notifyCustomer('ticket_closed'); } } } // Update ticket statuses and history in database if we're allowed to do so $defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1'); $defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs); hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' "); } } /* Redirect to the destination page */ header('Location: ' . hesk_verifyGoto()); exit; }
function print_add_ticket() { global $hesk_settings, $hesklang; // Auto-focus first empty or error field define('AUTOFOCUS', true); // Pre-populate fields // Customer name if (isset($_REQUEST['name'])) { $_SESSION['c_name'] = $_REQUEST['name']; } // Customer email address if (isset($_REQUEST['email'])) { $_SESSION['c_email'] = $_REQUEST['email']; $_SESSION['c_email2'] = $_REQUEST['email']; } // Category ID if (isset($_REQUEST['catid'])) { $_SESSION['c_category'] = intval($_REQUEST['catid']); } if (isset($_REQUEST['category'])) { $_SESSION['c_category'] = intval($_REQUEST['category']); } // Priority if (isset($_REQUEST['priority'])) { $_SESSION['c_priority'] = intval($_REQUEST['priority']); } // Subject if (isset($_REQUEST['subject'])) { $_SESSION['c_subject'] = $_REQUEST['subject']; } // Message if (isset($_REQUEST['message'])) { $_SESSION['c_message'] = $_REQUEST['message']; } // Custom fields foreach ($hesk_settings['custom_fields'] as $k => $v) { if ($v['use'] && isset($_REQUEST[$k])) { $_SESSION['c_' . $k] = $_REQUEST[$k]; } } // Varibles for coloring the fields in case of errors if (!isset($_SESSION['iserror'])) { $_SESSION['iserror'] = array(); } if (!isset($_SESSION['isnotice'])) { $_SESSION['isnotice'] = array(); } if (!isset($_SESSION['c_category']) && !$hesk_settings['select_cat']) { $_SESSION['c_category'] = 0; } hesk_cleanSessionVars('already_submitted'); // Tell header to load reCaptcha API if needed if ($hesk_settings['recaptcha_use'] == 2) { define('RECAPTCHA', 1); } // Print header $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['submit_ticket']; require_once HESK_PATH . 'inc/header.inc.php'; //box hijau ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="3"><img src="img/headerleftsm.jpg" width="3" height="25" alt="" /></td> <td class="headersm"><?php hesk_showTopBar($hesklang['submit_ticket']); ?> </td> <td width="3"><img src="img/headerrightsm.jpg" width="3" height="25" alt="" /></td> </tr> </table> <table width="100%" border="0" cellspacing="0" cellpadding="3"> <tr> <td><span class="smaller"><a href="<?php echo $hesk_settings['site_url']; ?> " class="smaller"><?php echo $hesk_settings['site_title']; ?> </a> > <a href="<?php echo $hesk_settings['hesk_url']; ?> " class="smaller"><?php echo $hesk_settings['hesk_title']; ?> </a> > <?php echo $hesklang['submit_ticket']; ?> </span></td> </tr> </table> </td> </tr> <tr> <td> <?php // This will handle error, success and notice messages hesk_handle_messages(); //table ni yang box untuk form ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td> <td class="roundcornerstop"></td> <td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td> </tr> <tr> <td class="roundcornersleft"> </td> <td> <!-- START FORM --> <p style="text-align:center"><?php echo $hesklang['use_form_below']; ?> <font class="important"> *</font></p> <form method="post" action="submit_ticket.php?submit=1" name="form1" enctype="multipart/form-data"> <!-- Contact info --> <table border="0" width="100%"> <tr> <td style="text-align:right" width="150"><?php echo $hesklang['name']; ?> : <font class="important">*</font></td> <td width="80%"><input type="text" name="name" size="40" maxlength="30" value="<?php if (isset($_SESSION['c_name'])) { echo stripslashes(hesk_input($_SESSION['c_name'])); } ?> " <?php if (in_array('name', $_SESSION['iserror'])) { echo ' class="isError" '; } ?> /></td> </tr> <tr> <td style="text-align:right" width="150"><?php echo $hesklang['email']; ?> : <font class="important">*</font></td> <td width="80%"><input type="text" name="email" size="40" maxlength="1000" value="<?php if (isset($_SESSION['c_email'])) { echo stripslashes(hesk_input($_SESSION['c_email'])); } ?> " <?php if (in_array('email', $_SESSION['iserror'])) { echo ' class="isError" '; } elseif (in_array('email', $_SESSION['isnotice'])) { echo ' class="isNotice" '; } ?> <?php if ($hesk_settings['detect_typos']) { echo ' onblur="Javascript:hesk_suggestEmail(0)"'; } ?> /></td> </tr> <?php if ($hesk_settings['confirm_email']) { ?> <tr> <td style="text-align:right" width="150"><?php echo $hesklang['confemail']; ?> : <font class="important">*</font></td> <td width="80%"><input type="text" name="email2" size="40" maxlength="1000" value="<?php if (isset($_SESSION['c_email2'])) { echo stripslashes(hesk_input($_SESSION['c_email2'])); } ?> " <?php if (in_array('email2', $_SESSION['iserror'])) { echo ' class="isError" '; } ?> /></td> </tr> <?php } // End if $hesk_settings['confirm_email'] ?> </table> <div id="email_suggestions"></div> <hr /> <!-- Department and priority --> <?php $is_table = 0; hesk_load_database_functions(); // Get categories hesk_dbConnect(); $res = hesk_dbQuery("SELECT `id`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `type`='0' ORDER BY `cat_order` ASC"); if (hesk_dbNumRows($res) == 1) { // Only 1 public category, no need for a select box $row = hesk_dbFetchAssoc($res); echo '<input type="hidden" name="category" value="' . $row['id'] . '" />'; } elseif (hesk_dbNumRows($res) < 1) { // No public categories, set it to default one echo '<input type="hidden" name="category" value="1" />'; } else { // List available categories $is_table = 1; ?> <table border="0" width="100%"> <tr> <td style="text-align:right" width="150"><?php echo $hesklang['category']; ?> : <font class="important">*</font></td> <td width="80%"><select name="category" <?php if (in_array('category', $_SESSION['iserror'])) { echo ' class="isError" '; } ?> > <?php // Show the "Click to select"? if ($hesk_settings['select_cat']) { echo '<option value="">' . $hesklang['select'] . '</option>'; } // List categories while ($row = hesk_dbFetchAssoc($res)) { echo '<option value="' . $row['id'] . '"' . ($_SESSION['c_category'] == $row['id'] ? ' selected="selected"' : '') . '>' . $row['name'] . '</option>'; } ?> </select></td> </tr> <?php } /* Can customer assign urgency? */ if ($hesk_settings['cust_urgency']) { if (!$is_table) { echo '<table border="0" width="100%">'; $is_table = 1; } ?> <tr> <td style="text-align:right" width="150"><?php echo $hesklang['priority']; ?> : <font class="important">*</font></td> <td width="80%"><select name="priority" <?php if (in_array('priority', $_SESSION['iserror'])) { echo ' class="isError" '; } ?> > <?php // Show the "Click to select"? if ($hesk_settings['select_pri']) { echo '<option value="">' . $hesklang['select'] . '</option>'; } ?> <option value="3" <?php if (isset($_SESSION['c_priority']) && $_SESSION['c_priority'] == 3) { echo 'selected="selected"'; } ?> ><?php echo $hesklang['low']; ?> </option> <option value="2" <?php if (isset($_SESSION['c_priority']) && $_SESSION['c_priority'] == 2) { echo 'selected="selected"'; } ?> ><?php echo $hesklang['medium']; ?> </option> <option value="1" <?php if (isset($_SESSION['c_priority']) && $_SESSION['c_priority'] == 1) { echo 'selected="selected"'; } ?> ><?php echo $hesklang['high']; ?> </option> </select></td> </tr> <?php } /* Need to close the table? */ if ($is_table) { echo '</table> <hr />'; } ?> <!-- START CUSTOM BEFORE --> <?php /* custom fields BEFORE comments */ $print_table = 0; foreach ($hesk_settings['custom_fields'] as $k => $v) { if ($v['use'] && $v['place'] == 0) { if ($print_table == 0) { echo '<table border="0" width="100%">'; $print_table = 1; } $v['req'] = $v['req'] ? '<font class="important">*</font>' : ''; if ($v['type'] == 'checkbox') { $k_value = array(); if (isset($_SESSION["c_{$k}"]) && is_array($_SESSION["c_{$k}"])) { foreach ($_SESSION["c_{$k}"] as $myCB) { $k_value[] = stripslashes(hesk_input($myCB)); } } } elseif (isset($_SESSION["c_{$k}"])) { $k_value = stripslashes(hesk_input($_SESSION["c_{$k}"])); } else { $k_value = ''; } switch ($v['type']) { /* Radio box */ case 'radio': echo ' <tr> <td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td> <td width="80%">'; $options = explode('#HESK#', $v['value']); $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : ''; foreach ($options as $option) { if (strlen($k_value) == 0 || $k_value == $option) { $k_value = $option; $checked = 'checked="checked"'; } else { $checked = ''; } echo '<label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br />'; } echo '</td> </tr> '; break; /* Select drop-down box */ /* Select drop-down box */ case 'select': $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : ''; echo ' <tr> <td style="text-align:right" width="150">' . $v['name'] . ': ' . $v['req'] . '</td> <td width="80%"><select name="' . $k . '" ' . $cls . '>'; // Show "Click to select"? $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num); if ($num) { echo '<option value="">' . $hesklang['select'] . '</option>'; } $options = explode('#HESK#', $v['value']); foreach ($options as $option) { if ($k_value == $option) { $k_value = $option; $selected = 'selected="selected"'; } else { $selected = ''; } echo '<option ' . $selected . '>' . $option . '</option>'; } echo '</select></td> </tr> '; break; /* Checkbox */ /* Checkbox */ case 'checkbox': echo ' <tr> <td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td> <td width="80%">'; $options = explode('#HESK#', $v['value']); $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : ''; foreach ($options as $option) { if (in_array($option, $k_value)) { $checked = 'checked="checked"'; } else { $checked = ''; } echo '<label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br />'; } echo '</td> </tr> '; break; /* Large text box */ /* Large text box */ case 'textarea': $size = explode('#', $v['value']); $size[0] = empty($size[0]) ? 5 : intval($size[0]); $size[1] = empty($size[1]) ? 30 : intval($size[1]); $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : ''; echo ' <tr> <td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td> <td width="80%"><textarea name="' . $k . '" rows="' . $size[0] . '" cols="' . $size[1] . '" ' . $cls . '>' . $k_value . '</textarea></td> </tr> '; break; /* Default text input */ /* Default text input */ default: if (strlen($k_value) != 0) { $v['value'] = $k_value; } $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : ''; echo ' <tr> <td style="text-align:right" width="150">' . $v['name'] . ': ' . $v['req'] . '</td> <td width="80%"><input type="text" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' /></td> </tr> '; } } } /* If table was started we need to close it */ if ($print_table) { echo '</table> <hr />'; $print_table = 0; } ?> <!-- END CUSTOM BEFORE --> <!-- ticket info --> <table border="0" width="100%"> <tr> <td style="text-align:right" width="150"><?php echo $hesklang['subject']; ?> : <font class="important">*</font></td> <td width="80%"><input type="text" name="subject" size="40" maxlength="40" value="<?php if (isset($_SESSION['c_subject'])) { echo stripslashes(hesk_input($_SESSION['c_subject'])); } ?> " <?php if (in_array('subject', $_SESSION['iserror'])) { echo ' class="isError" '; } ?> /></td> </tr> <tr> <td style="text-align:right" width="150" valign="top"><?php echo $hesklang['message']; ?> : <font class="important">*</font></td> <td width="80%"><textarea name="message" rows="12" cols="60" <?php if (in_array('message', $_SESSION['iserror'])) { echo ' class="isError" '; } ?> ><?php if (isset($_SESSION['c_message'])) { echo stripslashes(hesk_input($_SESSION['c_message'])); } ?> </textarea> <!-- START KNOWLEDGEBASE SUGGEST --> <?php if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers']) { ?> <div id="kb_suggestions" style="display:none"> <br /> <br /> <img src="img/loading.gif" width="24" height="24" alt="" border="0" style="vertical-align:text-bottom" /> <i><?php echo $hesklang['lkbs']; ?> </i> </div> <script language="Javascript" type="text/javascript"><!-- hesk_suggestKB(); //--> </script> <?php } ?> <!-- END KNOWLEDGEBASE SUGGEST --> </td> </tr> </table> <!-- START CUSTOM AFTER --> <?php /* custom fields AFTER comments */ $print_table = 0; foreach ($hesk_settings['custom_fields'] as $k => $v) { if ($v['use'] && $v['place']) { if ($print_table == 0) { echo ' <hr /> <table border="0" width="100%"> '; $print_table = 1; } $v['req'] = $v['req'] ? '<font class="important">*</font>' : ''; if ($v['type'] == 'checkbox') { $k_value = array(); if (isset($_SESSION["c_{$k}"]) && is_array($_SESSION["c_{$k}"])) { foreach ($_SESSION["c_{$k}"] as $myCB) { $k_value[] = stripslashes(hesk_input($myCB)); } } } elseif (isset($_SESSION["c_{$k}"])) { $k_value = stripslashes(hesk_input($_SESSION["c_{$k}"])); } else { $k_value = ''; } switch ($v['type']) { /* Radio box */ case 'radio': echo ' <tr> <td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td> <td width="80%">'; $options = explode('#HESK#', $v['value']); $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : ''; foreach ($options as $option) { if (strlen($k_value) == 0 || $k_value == $option) { $k_value = $option; $checked = 'checked="checked"'; } else { $checked = ''; } echo '<label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br />'; } echo '</td> </tr> '; break; /* Select drop-down box */ /* Select drop-down box */ case 'select': $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : ''; echo ' <tr> <td style="text-align:right" width="150">' . $v['name'] . ': ' . $v['req'] . '</td> <td width="80%"><select name="' . $k . '" ' . $cls . '>'; // Show "Click to select"? $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num); if ($num) { echo '<option value="">' . $hesklang['select'] . '</option>'; } $options = explode('#HESK#', $v['value']); foreach ($options as $option) { if ($k_value == $option) { $k_value = $option; $selected = 'selected="selected"'; } else { $selected = ''; } echo '<option ' . $selected . '>' . $option . '</option>'; } echo '</select></td> </tr> '; break; /* Checkbox */ /* Checkbox */ case 'checkbox': echo ' <tr> <td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td> <td width="80%">'; $options = explode('#HESK#', $v['value']); $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : ''; foreach ($options as $option) { if (in_array($option, $k_value)) { $checked = 'checked="checked"'; } else { $checked = ''; } echo '<label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br />'; } echo '</td> </tr> '; break; /* Large text box */ /* Large text box */ case 'textarea': $size = explode('#', $v['value']); $size[0] = empty($size[0]) ? 5 : intval($size[0]); $size[1] = empty($size[1]) ? 30 : intval($size[1]); $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : ''; echo ' <tr> <td style="text-align:right" width="150" valign="top">' . $v['name'] . ': ' . $v['req'] . '</td> <td width="80%"><textarea name="' . $k . '" rows="' . $size[0] . '" cols="' . $size[1] . '" ' . $cls . '>' . $k_value . '</textarea></td> </tr> '; break; /* Default text input */ /* Default text input */ default: if (strlen($k_value) != 0) { $v['value'] = $k_value; } $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : ''; echo ' <tr> <td style="text-align:right" width="150">' . $v['name'] . ': ' . $v['req'] . '</td> <td width="80%"><input type="text" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' /></td> </tr> '; } } } /* If table was started we need to close it */ if ($print_table) { echo '</table>'; $print_table = 0; } ?> <!-- END CUSTOM AFTER --> <?php /* attachments */ if ($hesk_settings['attachments']['use']) { ?> <hr /> <table border="0" width="100%"> <tr> <td style="text-align:right" width="150" valign="top"><?php echo $hesklang['attachments']; ?> :</td> <td width="80%" valign="top"> <?php for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) { $cls = $i == 1 && in_array('attachments', $_SESSION['iserror']) ? ' class="isError" ' : ''; echo '<input type="file" name="attachment[' . $i . ']" size="50" ' . $cls . ' /><br />'; } ?> <a href="file_limits.php" target="_blank" onclick="Javascript:hesk_window('file_limits.php',250,500);return false;"><?php echo $hesklang['ful']; ?> </a> </td> </tr> </table> <?php } if ($hesk_settings['question_use'] || $hesk_settings['secimg_use']) { ?> <hr /> <!-- Security checks --> <table border="0" width="100%"> <?php if ($hesk_settings['question_use']) { ?> <tr> <td style="text-align:right;vertical-align:top" width="150"><?php echo $hesklang['verify_q']; ?> <font class="important">*</font></td> <td width="80%"> <?php $value = ''; if (isset($_SESSION['c_question'])) { $value = stripslashes(hesk_input($_SESSION['c_question'])); } $cls = in_array('question', $_SESSION['iserror']) ? ' class="isError" ' : ''; echo $hesk_settings['question_ask'] . '<br /><input type="text" name="question" size="20" value="' . $value . '" ' . $cls . ' />'; ?> <br /> </td> </tr> <?php } if ($hesk_settings['secimg_use']) { ?> <tr> <td style="text-align:right;vertical-align:top" width="150"><?php echo $hesklang['verify_i']; ?> <font class="important">*</font></td> <td width="80%"> <?php // SPAM prevention verified for this session if (isset($_SESSION['img_verified'])) { echo '<img src="' . HESK_PATH . 'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> ' . $hesklang['vrfy']; } elseif ($hesk_settings['recaptcha_use'] == 1) { ?> <script type="text/javascript"> var RecaptchaOptions = { theme : '<?php echo isset($_SESSION['iserror']) && in_array('mysecnum', $_SESSION['iserror']) ? 'red' : 'white'; ?> ', custom_translations : { visual_challenge : "<?php echo hesk_slashJS($hesklang['visual_challenge']); ?> ", audio_challenge : "<?php echo hesk_slashJS($hesklang['audio_challenge']); ?> ", refresh_btn : "<?php echo hesk_slashJS($hesklang['refresh_btn']); ?> ", instructions_visual : "<?php echo hesk_slashJS($hesklang['instructions_visual']); ?> ", instructions_context : "<?php echo hesk_slashJS($hesklang['instructions_context']); ?> ", instructions_audio : "<?php echo hesk_slashJS($hesklang['instructions_audio']); ?> ", help_btn : "<?php echo hesk_slashJS($hesklang['help_btn']); ?> ", play_again : "<?php echo hesk_slashJS($hesklang['play_again']); ?> ", cant_hear_this : "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?> ", incorrect_try_again : "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?> ", image_alt_text : "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?> ", }, }; </script> <?php require HESK_PATH . 'inc/recaptcha/recaptchalib.php'; echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true); } elseif ($hesk_settings['recaptcha_use'] == 2) { ?> <div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?> "></div> <?php } else { $cls = in_array('mysecnum', $_SESSION['iserror']) ? ' class="isError" ' : ''; echo $hesklang['sec_enter'] . '<br /> <br /><img src="print_sec_img.php?' . rand(10000, 99999) . '" width="150" height="40" alt="' . $hesklang['sec_img'] . '" title="' . $hesklang['sec_img'] . '" border="1" name="secimg" style="vertical-align:text-bottom" /> ' . '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="img/reload.png" height="24" width="24" alt="' . $hesklang['reload'] . '" title="' . $hesklang['reload'] . '" border="0" style="vertical-align:text-bottom" /></a>' . '<br /> <br /><input type="text" name="mysecnum" size="20" maxlength="5" ' . $cls . ' />'; } ?> </td> </tr> <?php } ?> </table> <?php } ?> <!-- Submit --> <?php if ($hesk_settings['submit_notice']) { ?> <hr /> <div align="center"> <table border="0"> <tr> <td> <b><?php echo $hesklang['before_submit']; ?> </b> <ul> <li><?php echo $hesklang['all_info_in']; ?> .</li> <li><?php echo $hesklang['all_error_free']; ?> .</li> </ul> <b><?php echo $hesklang['we_have']; ?> :</b> <ul> <li><?php echo hesk_htmlspecialchars($_SERVER['REMOTE_ADDR']) . ' ' . $hesklang['recorded_ip']; ?> </li> <li><?php echo $hesklang['recorded_time']; ?> </li> </ul> <p align="center"><input type="hidden" name="token" value="<?php hesk_token_echo(); ?> " /> <input type="submit" value="<?php echo $hesklang['sub_ticket']; ?> " class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /></p> </td> </tr> </table> </div> <?php } else { ?> <br /> <br /> <table border="0" width="100%"> <tr> <td style="text-align:right" width="150"> </td> <td width="80%"><input type="hidden" name="token" value="<?php hesk_token_echo(); ?> " /> <input type="submit" value="<?php echo $hesklang['sub_ticket']; ?> " class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /><br /> <br /> </td> </tr> </table> <?php } // End ELSE submit_notice ?> <!-- Do not delete or modify the code below, it is used to detect simple SPAM bots --> <input type="hidden" name="hx" value="3" /><input type="hidden" name="hy" value="" /> <!-- > <input type="text" name="phone" value="3" /> < --> </form> <!-- END FORM --> </td> <td class="roundcornersright"> </td> </tr> <tr> <td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td> <td class="roundcornersbottom"></td> <td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td> </tr> </table> <?php hesk_cleanSessionVars('iserror'); hesk_cleanSessionVars('isnotice'); }
function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority = -1) { global $hesk_settings, $hesklang, $hesk_db_link, $ticket; // Process "Reply-To:" or "From:" email $tmpvar['email'] = isset($results['reply-to'][0]['address']) ? hesk_validateEmail($results['reply-to'][0]['address'], 'ERR', 0) : hesk_validateEmail($results['from'][0]['address'], 'ERR', 0); // Email missing, invalid or banned? if (!$tmpvar['email'] || hesk_isBannedEmail($tmpvar['email'])) { return hesk_cleanExit(); } // Process "Reply-To:" or "From:" name, convert to UTF-8, set to "[Customer]" if not set if (isset($results['reply-to'][0]['name']) && strlen($results['reply-to'][0]['name'])) { $tmpvar['name'] = $results['reply-to'][0]['name']; if (!empty($results['reply-to'][0]['encoding'])) { $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['reply-to'][0]['encoding']); } } else { $tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde']; if (!empty($results['from'][0]['encoding'])) { $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']); } } $tmpvar['name'] = hesk_input($tmpvar['name'], '', '', 1, 50) or $tmpvar['name'] = $hesklang['pde']; // Process "To:" email (not yet implemented, for future use) // $tmpvar['to_email'] = hesk_validateEmail($results['to'][0]['address'],'ERR',0); // Process email subject, convert to UTF-8, set to "[Piped email]" if none set $tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem']; if (!empty($results['subject_encoding'])) { $tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']); } $tmpvar['subject'] = hesk_input($tmpvar['subject'], '', '', 1, 70) or $tmpvar['subject'] = $hesklang['pem']; // Process email message, convert to UTF-8 $tmpvar['message'] = isset($results['message']) ? $results['message'] : ''; if (!empty($results['encoding'])) { $tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']); } $tmpvar['message'] = hesk_input($tmpvar['message'], '', '', 1); // Message missing? if (strlen($tmpvar['message']) == 0) { // Message required? Ignore this email. if ($hesk_settings['eml_req_msg']) { return hesk_cleanExit(); } // Message not required? Assign a default message $tmpvar['message'] = $hesklang['def_msg']; // Track duplicate emails based on subject $message_hash = md5($tmpvar['subject']); } else { $message_hash = md5($tmpvar['message']); } // Strip quoted reply from email $tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']); // Convert URLs to links, change newlines to <br /> $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); # For debugging purposes # die( bin2hex($tmpvar['message']) ); # die($tmpvar['message']); // Try to detect "delivery failed" and "noreply" emails - ignore if detected if (hesk_isReturnedEmail($tmpvar)) { return hesk_cleanExit(); } // Check for email loops if (hesk_isEmailLoop($tmpvar['email'], $message_hash)) { return hesk_cleanExit(); } // OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket if (preg_match('/\\[#([A-Z0-9]{3}\\-[A-Z0-9]{3}\\-[A-Z0-9]{4})\\]/', str_replace(' ', '', $tmpvar['subject']), $matches)) { // We found a possible tracking ID $tmpvar['trackid'] = $matches[1]; // Does it match one in the database? $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($tmpvar['trackid']) . "' LIMIT 1"); if (hesk_dbNumRows($res)) { $ticket = hesk_dbFetchAssoc($res); // Do email addresses match? if (strpos(strtolower($ticket['email']), strtolower($tmpvar['email'])) === false) { $tmpvar['trackid'] = ''; } // Is this ticket locked? Force create a new one if it is if ($ticket['locked']) { $tmpvar['trackid'] = ''; } } else { $tmpvar['trackid'] = ''; } } // If tracking ID is empty, generate a new one if (empty($tmpvar['trackid'])) { $tmpvar['trackid'] = hesk_createID(); $is_reply = 0; } else { $is_reply = 1; } // Process attachments $tmpvar['attachmment_notices'] = ''; $tmpvar['attachments'] = ''; $num = 0; if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) { foreach ($results['attachments'] as $k => $v) { // Clean attachment names $myatt['real_name'] = hesk_cleanFileName($v['orig_name']); // Check number of attachments, delete any over max number if ($num >= $hesk_settings['attachments']['max_number']) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n"; continue; } // Check file extension $ext = strtolower(strrchr($myatt['real_name'], ".")); if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n"; continue; } // Check file size $myatt['size'] = $v['size']; if ($myatt['size'] > $hesk_settings['attachments']['max_size']) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n"; continue; } // Generate a random file name $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789'; $tmp = $useChars[mt_rand(0, 29)]; for ($j = 1; $j < 10; $j++) { $tmp .= $useChars[mt_rand(0, 29)]; } $myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext; // Rename the temporary file rename($v['stored_name'], HESK_PATH . $hesk_settings['attach_dir'] . '/' . $myatt['saved_name']); // Insert into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; $num++; } if (strlen($tmpvar['attachmment_notices'])) { $tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'], '', '', 1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'], '', '', 1)); } } // Delete the temporary files deleteAll($results['tempdir']); // If this is a reply add a new reply if ($is_reply) { // Set last replier name to customer name $ticket['lastreplier'] = $tmpvar['name'] == $hesklang['pde'] ? $tmpvar['email'] : $tmpvar['name']; // If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff" $ticket['status'] = $ticket['status'] ? 1 : 0; // Update ticket as necessary hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); // If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened) hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' "); // Insert reply into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($ticket['lastreplier']) . "','" . hesk_dbEscape($tmpvar['message']) . "',NOW(),'" . hesk_dbEscape($tmpvar['attachments']) . "')"); // --> Prepare reply message // 1. Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($tmpvar['message']), 'attachments' => $tmpvar['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); // --> Process custom fields before sending foreach ($hesk_settings['custom_fields'] as $k => $v) { $ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : ''; } // --> If ticket is assigned just notify the owner if ($ticket['owner']) { hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my'); } else { hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'"); } return $ticket['trackid']; } // END REPLY // Not a reply, but a new ticket. Add it to the database $tmpvar['category'] = $set_category; $tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority; $_SERVER['REMOTE_ADDR'] = $hesklang['unknown']; // Auto assign tickets if aplicable $tmpvar['owner'] = 0; $tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date()); $tmpvar['openedby'] = $pop3 ? -2 : -1; $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']); #print_r($autoassign_owner); if ($autoassign_owner) { $tmpvar['owner'] = $autoassign_owner['id']; $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')'); } // Custom fields will be empty as there is no reliable way of detecting them foreach ($hesk_settings['custom_fields'] as $k => $v) { $tmpvar[$k] = ''; } // Insert ticket to database $ticket = hesk_newTicket($tmpvar); // Notify the customer if ($hesk_settings['notify_new']) { $possible_SPAM = false; // Do we need to check subject for SPAM tags? if ($hesk_settings['notify_skip_spam']) { foreach ($hesk_settings['notify_spam_tags'] as $tag) { if (strpos($tmpvar['subject'], $tag) !== false) { $possible_SPAM = true; break; } } } // SPAM tags not found or not checked, send email if ($possible_SPAM === false) { hesk_notifyCustomer(); } } // Need to notify staff? // --> From autoassign? if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) { hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you'); } elseif (!$tmpvar['owner']) { hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' "); } return $ticket['trackid']; }
exit; } // Check for POST requests larger than what the server can handle if (empty($_POST) && !empty($_SERVER['CONTENT_LENGTH'])) { hesk_error($hesklang['maxpost']); } session_start(); /* A security check */ # hesk_token_check('POST'); $hesk_error_buffer = array(); // Tracking ID $trackingID = hesk_cleanID('orig_track') or die($hesklang['int_error'] . ': No orig_track'); // Email required to view ticket? $my_email = hesk_getCustomerEmail(); // Get message $message = hesk_input(hesk_POST('message')); // If the message was entered, further parse it if (strlen($message)) { // Make links clickable $message = hesk_makeURL($message); // Turn newlines into <br /> $message = nl2br($message); } else { $hesk_error_buffer[] = $hesklang['enter_message']; } /* Attachments */ if ($hesk_settings['attachments']['use']) { require HESK_PATH . 'inc/attachments.inc.php'; $attachments = array(); for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) { $att = hesk_uploadFile($i);
* Removing any of the copyright notices without purchasing a license * is expressly forbidden. To remove HESK copyright notice you must purchase * a license for this script. For more information on how to obtain * a license please visit the page below: * https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; $id = hesk_input(hesk_GET('i')); $query = hesk_input(hesk_utf8_urldecode(hesk_GET('q'))); $type = hesk_input(hesk_GET('t', 'text')); $maxlen = intval(hesk_GET('m', 255)); $query = stripslashes($query); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML; 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <title><?php echo $hesklang['opt']; ?> </title> <meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?> " /> <style type="text/css">
function new_sm() { global $hesk_settings, $hesklang, $listBox; global $hesk_error_buffer; // A security check # hesk_token_check('POST'); $hesk_error_buffer = array(); $style = intval(hesk_POST('style', 0)); if ($style > 4 || $style < 0) { $style = 0; } $type = empty($_POST['type']) ? 0 : 1; $title = hesk_input(hesk_POST('title')) or $hesk_error_buffer[] = $hesklang['sm_e_title']; $message = hesk_getHTML(hesk_POST('message')); // Any errors? if (count($hesk_error_buffer)) { $_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => hesk_input(hesk_POST('message'))); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "<li>{$error}</li>\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'service_messages.php'); } // Just preview the message? if (isset($_POST['sm_preview'])) { $_SESSION['preview_sm'] = true; $_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => $message); header('Location: service_messages.php'); exit; } // Get the latest service message order $res = hesk_dbQuery("SELECT `order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` ORDER BY `order` DESC LIMIT 1"); $row = hesk_dbFetchRow($res); $my_order = intval($row[0]) + 10; // Insert service message into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` (`author`,`title`,`message`,`style`,`type`,`order`) VALUES (\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($title) . "',\n '" . hesk_dbEscape($message) . "',\n '{$style}',\n '{$type}',\n '{$my_order}'\n )"); $_SESSION['smord'] = hesk_dbInsertID(); hesk_process_messages($hesklang['sm_added'], 'service_messages.php', 'SUCCESS'); }
function hesk_testSMTP() { global $hesk_settings, $hesklang, $set; // Get variables $set['smtp_host_name'] = hesk_input(hesk_POST('s_smtp_host_name', 'localhost')); $set['smtp_host_port'] = intval(hesk_POST('s_smtp_host_port', 25)); $set['smtp_timeout'] = intval(hesk_POST('s_smtp_timeout', 10)); $set['smtp_ssl'] = empty($_POST['s_smtp_ssl']) ? 0 : 1; $set['smtp_tls'] = empty($_POST['s_smtp_tls']) ? 0 : 1; $set['smtp_user'] = hesk_input(hesk_POST('s_smtp_user')); $set['smtp_password'] = hesk_input(hesk_POST('s_smtp_password')); // Initiate SMTP class and set parameters require_once HESK_PATH . 'inc/mail/smtp.php'; $smtp = new smtp_class(); $smtp->host_name = $set['smtp_host_name']; $smtp->host_port = $set['smtp_host_port']; $smtp->timeout = $set['smtp_timeout']; $smtp->ssl = $set['smtp_ssl']; $smtp->start_tls = $set['smtp_tls']; $smtp->user = $set['smtp_user']; $smtp->password = hesk_htmlspecialchars_decode(stripslashes($set['smtp_password'])); $smtp->debug = 1; if (strlen($set['smtp_user']) || strlen($set['smtp_password'])) { require_once HESK_PATH . 'inc/mail/sasl/sasl.php'; } $connection_OK = false; ob_start(); // Test connection if ($smtp->Connect()) { // SMTP connect successful $connection_OK = true; $smtp->Disconnect(); } else { global $smtp_error, $smtp_log; $smtp_error = ucfirst($smtp->error); $smtp_log = ob_get_contents(); } $smtp_log = ob_get_contents(); ob_end_clean(); return $connection_OK; }
function hesk_isLoggedIn() { global $hesk_settings; $referer = hesk_input($_SERVER['REQUEST_URI']); $referer = str_replace('&', '&', $referer); if (empty($_SESSION['id']) || empty($_SESSION['session_verify'])) { if ($hesk_settings['autologin'] && hesk_autoLogin(1)) { // Users online if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_initOnline($_SESSION['id']); } return true; } hesk_session_stop(); $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } else { hesk_session_regenerate_id(); // Let's make sure access data is up-to-date $res = hesk_dbQuery("SELECT `user`, `pass`, `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1"); // Exit if user not found if (hesk_dbNumRows($res) != 1) { hesk_session_stop(); $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } // Fetch results from database $me = hesk_dbFetchAssoc($res); // Verify this session is still valid if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) { hesk_session_stop(); $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } // Update session variables as needed if ($me['isadmin'] == 1) { $_SESSION['isadmin'] = 1; } else { $_SESSION['isadmin'] = 0; $_SESSION['categories'] = explode(',', $me['categories']); $_SESSION['heskprivileges'] = $me['heskprivileges']; } // Users online if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_initOnline($_SESSION['id']); } return true; } }
// All OK, continue $_SESSION['license_agree'] = 1; $_SESSION['step'] = 2; } else { $_SESSION['step'] = 1; } } // Test database connection? if ($_SESSION['step'] == 3 && isset($_POST['dbtest'])) { // Username $_SESSION['admin_user'] = hesk_input(hesk_POST('admin_user')); if (strlen($_SESSION['admin_user']) == 0) { $_SESSION['admin_user'] = '******'; } // Password $_SESSION['admin_pass'] = hesk_input(hesk_POST('admin_pass')); if (strlen($_SESSION['admin_pass']) == 0) { $_SESSION['admin_pass'] = substr(str_shuffle("23456789abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ"), 0, mt_rand(8, 12)); } // Password hash for the database $_SESSION['admin_hash'] = hesk_Pass2Hash($_SESSION['admin_pass']); $hesk_db_link = hesk_iTestDatabaseConnection(); // Get table prefix, don't allow any special chars $hesk_settings['db_pfix'] = preg_replace('/[^0-9a-zA-Z_]/', '', hesk_POST('pfix', 'hesk_')); // Generate HESK table names $hesk_tables = array($hesk_settings['db_pfix'] . 'attachments', $hesk_settings['db_pfix'] . 'banned_emails', $hesk_settings['db_pfix'] . 'banned_ips', $hesk_settings['db_pfix'] . 'categories', $hesk_settings['db_pfix'] . 'kb_articles', $hesk_settings['db_pfix'] . 'kb_attachments', $hesk_settings['db_pfix'] . 'kb_categories', $hesk_settings['db_pfix'] . 'logins', $hesk_settings['db_pfix'] . 'mail', $hesk_settings['db_pfix'] . 'notes', $hesk_settings['db_pfix'] . 'online', $hesk_settings['db_pfix'] . 'pipe_loops', $hesk_settings['db_pfix'] . 'replies', $hesk_settings['db_pfix'] . 'reply_drafts', $hesk_settings['db_pfix'] . 'reset_password', $hesk_settings['db_pfix'] . 'service_messages', $hesk_settings['db_pfix'] . 'std_replies', $hesk_settings['db_pfix'] . 'tickets', $hesk_settings['db_pfix'] . 'ticket_templates', $hesk_settings['db_pfix'] . 'users'); // Check if any of the HESK tables exists $res = hesk_dbQuery('SHOW TABLES FROM `' . hesk_dbEscape($hesk_settings['db_name']) . '`'); while ($row = hesk_dbFetchRow($res)) { if (in_array($row[0], $hesk_tables)) { hesk_iDatabase(2);
require_once HESK_PATH . 'inc/knowledgebase_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Is Knowledgebase enabled? */ if (!$hesk_settings['kb_enable']) { hesk_error($hesklang['kbdis']); } /* Can this user manage Knowledgebase or just view it? */ $can_man_kb = hesk_checkPermission('can_man_kb', 0); /* Any category ID set? */ $catid = intval(hesk_GET('category', 1)); $artid = intval(hesk_GET('article', 0)); if (isset($_GET['search'])) { $query = hesk_input(hesk_GET('search')); } else { $query = 0; } $hesk_settings['kb_link'] = $artid || $catid != 1 || $query ? '<a href="knowledgebase_private.php" class="smaller">' . $hesklang['gopr'] . '</a>' : ($can_man_kb ? $hesklang['gopr'] : ''); if ($hesk_settings['kb_search'] && $query) { hesk_kb_search($query); } elseif ($artid) { // Show drafts only to staff who can manage knowledgebase if ($can_man_kb) { $result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`\n\t\tFROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t1`\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`\n\t\tWHERE `t1`.`id` = '{$artid}'\n\t\t"); } else { $result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`\n\t\tFROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t1`\n\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`\n\t\tWHERE `t1`.`id` = '{$artid}' AND `t1`.`type` IN ('0', '1')\n\t\t"); } $article = hesk_dbFetchAssoc($result) or hesk_error($hesklang['kb_art_id']); hesk_show_kb_article($artid);
function hesk_isLoggedIn() { global $hesk_settings; $referer = hesk_input($_SERVER['REQUEST_URI']); $referer = str_replace('&', '&', $referer); if (empty($_SESSION['id'])) { if ($hesk_settings['autologin'] && hesk_autoLogin(1)) { // Users online if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_initOnline($_SESSION['id']); } return true; } // Some pages cannot be redirected to $modify_redirect = array('admin_reply_ticket.php' => 'admin_main.php', 'admin_settings_save.php' => 'admin_settings.php', 'delete_tickets.php' => 'admin_main.php', 'move_category.php' => 'admin_main.php', 'priority.php' => 'admin_main.php'); foreach ($modify_redirect as $from => $to) { if (strpos($referer, $from) !== false) { $referer = $to; } } $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } else { hesk_session_regenerate_id(); // Need to update permissions? if (empty($_SESSION['isadmin'])) { $res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $me = hesk_dbFetchAssoc($res); foreach ($me as $k => $v) { $_SESSION[$k] = $v; } // Get allowed categories if (empty($_SESSION['isadmin'])) { $_SESSION['categories'] = explode(',', $_SESSION['categories']); } } else { hesk_session_stop(); $url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer); header('Location: ' . $url); exit; } } // Users online if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_initOnline($_SESSION['id']); } return true; } }