Exemplo n.º 1
0
 //$_SESSION['_client']=array(); #Uncomment to disable login strikes.
 //Check time for last max failed login attempt strike.
 $loginmsg = 'Invalid login';
 if ($_SESSION['_client']['laststrike']) {
     if (time() - $_SESSION['_client']['laststrike'] < $cfg->getClientLoginTimeout()) {
         $loginmsg = 'Excessive failed login attempts';
         $errors['err'] = 'You\'ve reached maximum failed login attempts allowed. Try again later or <a href="open.php">open a new ticket</a>';
     } else {
         //Timeout is over.
         //Reset the counter for next round of attempts after the timeout.
         $_SESSION['_client']['laststrike'] = null;
         $_SESSION['_client']['strikes'] = 0;
     }
 }
 //See if we can fetch local ticket id associated with the ID given
 if (!$errors && is_numeric($ticketID) && Validator::is_email($email) && ($tid = Ticket::getIdByExtId($ticketID))) {
     //At this point we know the ticket is valid.
     $ticket = new Ticket($tid);
     //TODO: 1) Check how old the ticket is...3 months max?? 2) Must be the latest 5 tickets??
     //Check the email given.
     if ($ticket->getId() && strcasecmp($ticket->getEMail(), $email) == 0) {
         //valid match...create session goodies for the client.
         $user = new ClientSession($email, $ticket->getId());
         $_SESSION['_client'] = array();
         //clear.
         $_SESSION['_client']['userID'] = $ticket->getEmail();
         //Email
         $_SESSION['_client']['key'] = $ticket->getExtId();
         //Ticket ID --acts as password when used with email. See above.
         $_SESSION['_client']['token'] = $user->getSessionToken();
         $_SESSION['TZ_OFFSET'] = $cfg->getTZoffset();
Exemplo n.º 2
0
$subj = utf8_encode($parser->getSubject());
if (!($body = Format::stripEmptyLines($parser->getBody())) && $subj) {
    $body = $subj;
}
$var['mid'] = $parser->getMessageId();
$var['email'] = $from->mailbox . '@' . $from->host;
$var['name'] = $name ? utf8_encode($name) : $var['email'];
$var['emailId'] = $emailId ? $emailId : $cfg->getDefaultEmailId();
$var['subject'] = $subj ? $subj : '[No Subject]';
$var['message'] = utf8_encode(Format::stripEmptyLines($body));
$var['header'] = $parser->getHeader();
$var['priorityId'] = $cfg->useEmailPriority() ? $parser->getPriority() : 0;
$ticket = null;
if (preg_match("[[#][0-9]{1,10}]", $var['subject'], $regs)) {
    $extid = trim(preg_replace("/[^0-9]/", "", $regs[0]));
    $ticket = new Ticket(Ticket::getIdByExtId($extid));
    //Allow mismatched emails?? For now hell NO.
    if (!is_object($ticket) || strcasecmp($ticket->getEmail(), $var['email'])) {
        $ticket = null;
    }
}
$errors = array();
$msgid = 0;
if (!$ticket) {
    //New tickets...
    $ticket = Ticket::create($var, $errors, 'email');
    if (!is_object($ticket) || $errors) {
        api_exit(EX_DATAERR, 'Ticket create Failed ' . implode("\n", $errors) . "\n\n");
    }
    $msgid = $ticket->getLastMsgId();
} else {
Exemplo n.º 3
0
    function createTicket($mid,$emailid=0){
        global $cfg;

        $mailinfo=$this->getHeaderInfo($mid);

        //Make sure the email is NOT one of the undeleted emails.
        if($mailinfo['mid'] && ($id=Ticket::getIdByMessageId(trim($mailinfo['mid']),$mailinfo['from']['email']))){
            //TODO: Move emails to a fetched folder when delete is false?? 
            return false;
        }

        $var['name']=$this->mime_decode($mailinfo['from']['name']);
        $var['email']=$mailinfo['from']['email'];
        $var['subject']=$mailinfo['subject']?$this->mime_decode($mailinfo['subject']):'[No Subject]';
        $var['message']=Format::stripEmptyLines($this->getBody($mid));
        $var['header']=$this->getHeader($mid);
        $var['emailId']=$emailid?$emailid:$cfg->getDefaultEmailId(); //ok to default?
        $var['name']=$var['name']?$var['name']:$var['email']; //No name? use email
        $var['mid']=$mailinfo['mid'];

        if($cfg->useEmailPriority())
            $var['pri']=$this->getPriority($mid);
       
        $ticket=null;
        $newticket=true;
        //Check the subject line for possible ID.
        if(preg_match ("[[#][0-9]{1,10}]",$var['subject'],$regs)) {
            $extid=trim(preg_replace("/[^0-9]/", "", $regs[0]));
            $ticket= new Ticket(Ticket::getIdByExtId($extid));
            //Allow mismatched emails?? For now NO.
            if(!$ticket || strcasecmp($ticket->getEmail(),$var['email']))
                $ticket=null;
        }
        
        $errors=array();
        if(!$ticket) {
            if(!($ticket=Ticket::create($var,$errors,'Email')) || $errors)
                return null;
            $msgid=$ticket->getLastMsgId();
        }else{
            $message=$var['message'];
            //Strip quoted reply...TODO: figure out how mail clients do it without special tag..
            if($cfg->stripQuotedReply() && ($tag=$cfg->getReplySeparator()) && strpos($var['message'],$tag))
                list($message)=split($tag,$var['message']);
            $msgid=$ticket->postMessage($message,'Email',$var['mid'],$var['header']);
        }
        //Save attachments if any.
        if($msgid && $cfg->allowEmailAttachments()){
            if(($struct = imap_fetchstructure($this->mbox,$mid)) && $struct->parts) {
                if($ticket->getLastMsgId()!=$msgid)
                    $ticket->setLastMsgId($msgid);
                $this->saveAttachments($ticket,$mid,$struct);

            }
        } 
        return $ticket;
    }
Exemplo n.º 4
0
    vim: expandtab sw=4 ts=4 sts=4:
    $Id: $
**********************************************************************/
require 'secure.inc.php';
if (!is_object($thisclient) || !$thisclient->isValid()) {
    die('Access denied');
}
//Double check again.
require_once INCLUDE_DIR . 'class.ticket.php';
$ticket = null;
$inc = 'tickets.inc.php';
//Default page...show all tickets.
//Check if any id is given...
if (($id = $_REQUEST['id'] ? $_REQUEST['id'] : $_POST['ticket_id']) && is_numeric($id)) {
    //id given fetch the ticket info and check perm.
    $ticket = new Ticket(Ticket::getIdByExtId((int) $id));
    if (!$ticket or !$ticket->getEmail()) {
        $ticket = null;
        //clear.
        $errors['err'] = 'Access Denied. Possibly invalid ticket ID';
    } elseif (strcasecmp($thisclient->getEmail(), $ticket->getEmail())) {
        $errors['err'] = 'Security violation. Repeated violations will result in your account being locked.';
        $ticket = null;
        //clear.
    } else {
        //Everything checked out.
        $inc = 'viewticket.inc.php';
    }
}
//Process post...depends on $ticket object above.
if ($_POST && is_object($ticket) && $ticket->getId()) {
Exemplo n.º 5
0
 /**
  * Parameters:
  * mailinfo (hash<String>) email header information. Must include keys
  *  - "mid" => Message-Id header of incoming mail
  *  - "in-reply-to" => Message-Id the email is a direct response to
  *  - "references" => List of Message-Id's the email is in response
  *  - "subject" => Find external ticket number in the subject line
  *
  *  seen (by-ref:bool) a flag that will be set if the message-id was
  *      positively found, indicating that the message-id has been
  *      previously seen. This is useful if no thread-id is associated
  *      with the email (if it was rejected for instance).
  */
 function lookupByEmailHeaders($mailinfo, &$seen = false)
 {
     // Search for messages using the References header, then the
     // in-reply-to header
     $search = 'SELECT message_id, email_mid FROM ' . TICKET_EMAIL_INFO_TABLE . ' WHERE email_mid=%s ORDER BY message_id DESC';
     if (list($id, $mid) = db_fetch_row(db_query(sprintf($search, db_input($mailinfo['mid']))))) {
         $seen = true;
         return ThreadEntry::lookup($id);
     }
     foreach (array('mid', 'in-reply-to', 'references') as $header) {
         $matches = array();
         if (!isset($mailinfo[$header]) || !$mailinfo[$header]) {
             continue;
         } elseif (!preg_match_all('/<[^>@]+@[^>]+>/', $mailinfo[$header], $matches)) {
             continue;
         }
         // The References header will have the most recent message-id
         // (parent) on the far right.
         // @see rfc 1036, section 2.2.5
         // @see http://www.jwz.org/doc/threading.html
         foreach (array_reverse($matches[0]) as $mid) {
             $res = db_query(sprintf($search, db_input($mid)));
             while (list($id) = db_fetch_row($res)) {
                 if ($t = ThreadEntry::lookup($id)) {
                     return $t;
                 }
             }
         }
     }
     // Search for ticket by the [#123456] in the subject line
     // This is the last resort -  emails must match to avoid message
     // injection by third-party.
     $subject = $mailinfo['subject'];
     $match = array();
     if ($subject && $mailinfo['email'] && preg_match("/#(?:[\\p{L}-]+)?([0-9]{1,10})/u", $subject, $match) && ($tid = Ticket::getIdByExtId((int) $match[1], $mailinfo['email']))) {
         // Return last message for the thread
         return Message::lastByTicketId($tid);
     }
     return null;
 }