function do_login()
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = array();
$user = hesk_input(hesk_POST('user'));
if (empty($user)) {
$myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
$hesk_error_buffer['user'] = $myerror;
}
define('HESK_USER', $user);
$pass = hesk_input(hesk_POST('pass'));
if (empty($pass)) {
$hesk_error_buffer['pass'] = $hesklang['enter_pass'];
}
if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use']) {
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
if ($resp->is_valid) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} else {
$mysecnum = intval(hesk_POST('mysecnum', 0));
if (empty($mysecnum)) {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
} else {
require HESK_PATH . 'inc/secimg.inc.php';
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
/* Any missing fields? */
if (count($hesk_error_buffer) != 0) {
$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
print_login();
exit;
} elseif (isset($_SESSION['img_a_verified'])) {
unset($_SESSION['img_a_verified']);
}
/* User entered all required info, now lets limit brute force attempts */
hesk_limitBfAttempts();
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('user', 'pass');
hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
print_login();
exit;
}
$res = hesk_dbFetchAssoc($result);
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check password */
if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('pass');
hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
print_login();
exit;
}
$pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Remember username? */
if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
} elseif (hesk_POST('remember_user') == 'JUSTUSER') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', '');
} else {
// Expire cookie if set otherwise
setcookie('hesk_username', '');
setcookie('hesk_p', '');
}
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape(date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400)) . "'");
}
/* Redirect to the destination page */
if (hesk_isREQUEST('goto')) {
$url = hesk_REQUEST('goto');
$url = str_replace('&', '&', $url);
/* goto parameter can be set to the local domain only */
$myurl = parse_url($hesk_settings['hesk_url']);
$goto = parse_url($url);
if (isset($myurl['host']) && isset($goto['host'])) {
if (str_replace('www.', '', strtolower($myurl['host'])) != str_replace('www.', '', strtolower($goto['host']))) {
$url = 'admin_main.php';
}
}
header('Location: ' . $url);
} else {
header('Location: admin_main.php');
}
exit;
}
function hesk_newTicket($ticket)
{
global $hesk_settings, $hesklang, $hesk_db_link;
// If language is not set or default, set it to NULL
$language = !$hesk_settings['can_sel_lang'] || $hesklang['LANGUAGE'] == HESK_DEFAULT_LANGUAGE ? "NULL" : "'" . hesk_dbEscape($hesklang['LANGUAGE']) . "'";
// Insert ticket into database
hesk_dbQuery("\n\tINSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets`\n\t(\n\t\t`trackid`,\n\t\t`name`,\n\t\t`email`,\n\t\t`category`,\n\t\t`company_ticket_id`,\n\t\t`contract_ticket_id`,\n\t\t`priority`,\n\t\t`subject`,\n\t\t`message`,\n\t\t`dt`,\n\t\t`lastchange`,\n\t\t`articles`,\n\t\t`ip`,\n\t\t`language`,\n\t\t`openedby`,\n\t\t`owner`,\n\t\t`attachments`,\n\t\t`merged`,\n\t\t`history`,\n\t\t`custom1`,\n\t\t`custom2`,\n\t\t`custom3`,\n\t\t`custom4`,\n\t\t`custom5`,\n\t\t`custom6`,\n\t\t`custom7`,\n\t\t`custom8`,\n\t\t`custom9`,\n\t\t`custom10`,\n\t\t`custom11`,\n\t\t`custom12`,\n\t\t`custom13`,\n\t\t`custom14`,\n\t\t`custom15`,\n\t\t`custom16`,\n\t\t`custom17`,\n\t\t`custom18`,\n\t\t`custom19`,\n\t\t`custom20`\n\t)\n\tVALUES\n\t(\n\t\t'" . hesk_dbEscape($ticket['trackid']) . "',\n\t\t'" . hesk_dbEscape($ticket['name']) . "',\n\t\t'" . hesk_dbEscape($ticket['email']) . "',\n\t\t'" . intval($ticket['category']) . "',\n\t\t'" . hesk_dbEscape($ticket['company_ticket_id']) . "',\n\t\t'" . hesk_dbEscape($ticket['contract_ticket_id']) . "',\n\t\t'" . intval($ticket['priority']) . "',\n\t\t'" . hesk_dbEscape($ticket['subject']) . "',\n\t\t'" . hesk_dbEscape($ticket['message']) . "',\n\t\tNOW(),\n\t\tNOW(),\n\t\t" . (isset($ticket['articles']) ? "'{$ticket['articles']}'" : 'NULL') . ",\n\t\t'" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "',\n\t\t{$language},\n\t\t'" . (isset($ticket['openedby']) ? intval($ticket['openedby']) : 0) . "',\n\t\t'" . intval($ticket['owner']) . "',\n\t\t'" . hesk_dbEscape($ticket['attachments']) . "',\n\t\t'',\n\t\t'" . hesk_dbEscape($ticket['history']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom1']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom2']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom3']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom4']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom5']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom6']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom7']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom8']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom9']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom10']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom11']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom12']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom13']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom14']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom15']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom16']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom17']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom18']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom19']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom20']) . "'\n\t)\n\t");
// Generate the array with ticket info that can be used in emails
$info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => 0, 'name' => $ticket['name'], 'lastreplier' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date(), 'lastchange' => hesk_date(), 'id' => hesk_dbInsertID());
// Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
return hesk_ticketToPlain($info, 1);
}
function hesk_newTicket($ticket, $isVerified = true)
{
global $hesk_settings, $hesklang, $hesk_db_link;
// If language is not set or default, set it to NULL.
if (!isset($ticket['language']) || empty($ticket['language'])) {
$language = !$hesk_settings['can_sel_lang'] ? HESK_DEFAULT_LANGUAGE : hesk_dbEscape($hesklang['LANGUAGE']);
} else {
$language = $ticket['language'];
}
// Get the default ticket status for new tickets and set it accordingly
$defaultNewTicketRs = hesk_dbQuery("SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsNewTicketStatus` = 1");
$defaultNewTicket = hesk_dbFetchAssoc($defaultNewTicketRs);
$ticket['status'] = $defaultNewTicket['ID'];
$tableName = $isVerified ? 'tickets' : 'stage_tickets';
// Insert ticket into database
hesk_dbQuery("\n\tINSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . $tableName . "`\n\t(\n\t\t`trackid`,\n\t\t`name`,\n\t\t`email`,\n\t\t`category`,\n\t\t`priority`,\n\t\t`subject`,\n\t\t`message`,\n\t\t`dt`,\n\t\t`lastchange`,\n\t\t`articles`,\n\t\t`ip`,\n\t\t`language`,\n\t\t`openedby`,\n\t\t`owner`,\n\t\t`attachments`,\n\t\t`merged`,\n\t\t`history`,\n\t\t`custom1`,\n\t\t`custom2`,\n\t\t`custom3`,\n\t\t`custom4`,\n\t\t`custom5`,\n\t\t`custom6`,\n\t\t`custom7`,\n\t\t`custom8`,\n\t\t`custom9`,\n\t\t`custom10`,\n\t\t`custom11`,\n\t\t`custom12`,\n\t\t`custom13`,\n\t\t`custom14`,\n\t\t`custom15`,\n\t\t`custom16`,\n\t\t`custom17`,\n\t\t`custom18`,\n\t\t`custom19`,\n\t\t`custom20`,\n\t\t`status`,\n\t\t`latitude`,\n\t\t`longitude`\n\t)\n\tVALUES\n\t(\n\t\t'" . hesk_dbEscape($ticket['trackid']) . "',\n\t\t'" . hesk_dbEscape($ticket['name']) . "',\n\t\t'" . hesk_dbEscape($ticket['email']) . "',\n\t\t'" . intval($ticket['category']) . "',\n\t\t'" . intval($ticket['priority']) . "',\n\t\t'" . hesk_dbEscape($ticket['subject']) . "',\n\t\t'" . hesk_dbEscape($ticket['message']) . "',\n\t\tNOW(),\n\t\tNOW(),\n\t\t" . (isset($ticket['articles']) ? "'{$ticket['articles']}'" : 'NULL') . ",\n\t\t'" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "',\n\t\t'" . hesk_dbEscape($language) . "',\n\t\t'" . (isset($ticket['openedby']) ? intval($ticket['openedby']) : 0) . "',\n\t\t'" . intval($ticket['owner']) . "',\n\t\t'" . hesk_dbEscape($ticket['attachments']) . "',\n\t\t'',\n\t\t'" . hesk_dbEscape($ticket['history']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom1']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom2']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom3']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom4']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom5']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom6']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom7']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom8']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom9']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom10']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom11']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom12']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom13']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom14']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom15']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom16']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom17']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom18']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom19']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom20']) . "',\n\t\t'" . intval($ticket['status']) . "',\n\t\t'" . hesk_dbEscape($ticket['latitude']) . "',\n\t\t'" . hesk_dbEscape($ticket['longitude']) . "'\n\t)\n\t");
// Generate the array with ticket info that can be used in emails
$info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date(), 'lastchange' => hesk_date(), 'id' => hesk_dbInsertID(), 'language' => $language);
// Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
return hesk_ticketToPlain($info, 1);
}
function do_login()
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = array();
$user = hesk_input(hesk_POST('user'));
if (empty($user)) {
$myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
$hesk_error_buffer['user'] = $myerror;
}
define('HESK_USER', $user);
$pass = hesk_input(hesk_POST('pass'));
if (empty($pass)) {
$hesk_error_buffer['pass'] = $hesklang['enter_pass'];
}
if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use'] == 1) {
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
if ($resp->is_valid) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} elseif ($hesk_settings['recaptcha_use'] == 2) {
require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php';
$resp = null;
$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
// Was there a reCAPTCHA response?
if (isset($_POST["g-recaptcha-response"])) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
}
if ($resp != null && $resp->success) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} else {
$mysecnum = intval(hesk_POST('mysecnum', 0));
if (empty($mysecnum)) {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
} else {
require HESK_PATH . 'inc/secimg.inc.php';
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
/* Any missing fields? */
if (count($hesk_error_buffer) != 0) {
$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
print_login();
exit;
} elseif (isset($_SESSION['img_a_verified'])) {
unset($_SESSION['img_a_verified']);
}
/* User entered all required info, now lets limit brute force attempts */
hesk_limitBfAttempts();
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('user', 'pass');
hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
print_login();
exit;
}
$res = hesk_dbFetchAssoc($result);
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check password */
if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('pass');
hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
print_login();
exit;
}
$pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
// We don't need the password hash anymore
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Make sure our user is active */
if (!$_SESSION['active']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('active');
hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT');
print_login();
exit;
}
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Remember username? */
if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
} elseif (hesk_POST('remember_user') == 'JUSTUSER') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', '');
} else {
// Expire cookie if set otherwise
setcookie('hesk_username', '');
setcookie('hesk_p', '');
}
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
$dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
$closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
$closedStatus = hesk_dbFetchAssoc($closedStatusRs);
// Are we allowed to close tickets in this status?
if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') {
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get list of tickets
$result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
if (hesk_dbNumRows($result) > 0) {
global $ticket;
// Load required functions?
if (!function_exists('hesk_notifyCustomer')) {
require HESK_PATH . 'inc/email_functions.inc.php';
}
while ($ticket = hesk_dbFetchAssoc($result)) {
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
$ticket = hesk_ticketToPlain($ticket, 1, 0);
hesk_notifyCustomer('ticket_closed');
}
}
}
// Update ticket statuses and history in database if we're allowed to do so
$defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1');
$defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs);
hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
}
}
/* Redirect to the destination page */
header('Location: ' . hesk_verifyGoto());
exit;
}
function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority = -1)
{
global $hesk_settings, $hesklang, $hesk_db_link, $ticket;
// Process "Reply-To:" or "From:" email
$tmpvar['email'] = isset($results['reply-to'][0]['address']) ? hesk_validateEmail($results['reply-to'][0]['address'], 'ERR', 0) : hesk_validateEmail($results['from'][0]['address'], 'ERR', 0);
// Email missing, invalid or banned?
if (!$tmpvar['email'] || hesk_isBannedEmail($tmpvar['email'])) {
return hesk_cleanExit();
}
// Process "Reply-To:" or "From:" name, convert to UTF-8, set to "[Customer]" if not set
if (isset($results['reply-to'][0]['name']) && strlen($results['reply-to'][0]['name'])) {
$tmpvar['name'] = $results['reply-to'][0]['name'];
if (!empty($results['reply-to'][0]['encoding'])) {
$tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['reply-to'][0]['encoding']);
}
} else {
$tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde'];
if (!empty($results['from'][0]['encoding'])) {
$tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']);
}
}
$tmpvar['name'] = hesk_input($tmpvar['name'], '', '', 1, 50) or $tmpvar['name'] = $hesklang['pde'];
// Process "To:" email (not yet implemented, for future use)
// $tmpvar['to_email'] = hesk_validateEmail($results['to'][0]['address'],'ERR',0);
// Process email subject, convert to UTF-8, set to "[Piped email]" if none set
$tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem'];
if (!empty($results['subject_encoding'])) {
$tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']);
}
$tmpvar['subject'] = hesk_input($tmpvar['subject'], '', '', 1, 70) or $tmpvar['subject'] = $hesklang['pem'];
// Process email message, convert to UTF-8
$tmpvar['message'] = isset($results['message']) ? $results['message'] : '';
if (!empty($results['encoding'])) {
$tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']);
}
$tmpvar['message'] = hesk_input($tmpvar['message'], '', '', 1);
// Message missing?
if (strlen($tmpvar['message']) == 0) {
// Message required? Ignore this email.
if ($hesk_settings['eml_req_msg']) {
return hesk_cleanExit();
}
// Message not required? Assign a default message
$tmpvar['message'] = $hesklang['def_msg'];
// Track duplicate emails based on subject
$message_hash = md5($tmpvar['subject']);
} else {
$message_hash = md5($tmpvar['message']);
}
// Strip quoted reply from email
$tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']);
// Convert URLs to links, change newlines to <br />
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
# For debugging purposes
# die( bin2hex($tmpvar['message']) );
# die($tmpvar['message']);
// Try to detect "delivery failed" and "noreply" emails - ignore if detected
if (hesk_isReturnedEmail($tmpvar)) {
return hesk_cleanExit();
}
// Check for email loops
if (hesk_isEmailLoop($tmpvar['email'], $message_hash)) {
return hesk_cleanExit();
}
// OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket
if (preg_match('/\\[#([A-Z0-9]{3}\\-[A-Z0-9]{3}\\-[A-Z0-9]{4})\\]/', str_replace(' ', '', $tmpvar['subject']), $matches)) {
// We found a possible tracking ID
$tmpvar['trackid'] = $matches[1];
// Does it match one in the database?
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($tmpvar['trackid']) . "' LIMIT 1");
if (hesk_dbNumRows($res)) {
$ticket = hesk_dbFetchAssoc($res);
// Do email addresses match?
if (strpos(strtolower($ticket['email']), strtolower($tmpvar['email'])) === false) {
$tmpvar['trackid'] = '';
}
// Is this ticket locked? Force create a new one if it is
if ($ticket['locked']) {
$tmpvar['trackid'] = '';
}
} else {
$tmpvar['trackid'] = '';
}
}
// If tracking ID is empty, generate a new one
if (empty($tmpvar['trackid'])) {
$tmpvar['trackid'] = hesk_createID();
$is_reply = 0;
} else {
$is_reply = 1;
}
// Process attachments
$tmpvar['attachmment_notices'] = '';
$tmpvar['attachments'] = '';
$num = 0;
if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) {
foreach ($results['attachments'] as $k => $v) {
// Clean attachment names
$myatt['real_name'] = hesk_cleanFileName($v['orig_name']);
// Check number of attachments, delete any over max number
if ($num >= $hesk_settings['attachments']['max_number']) {
$tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n";
continue;
}
// Check file extension
$ext = strtolower(strrchr($myatt['real_name'], "."));
if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) {
$tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n";
continue;
}
// Check file size
$myatt['size'] = $v['size'];
if ($myatt['size'] > $hesk_settings['attachments']['max_size']) {
$tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n";
continue;
}
// Generate a random file name
$useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789';
$tmp = $useChars[mt_rand(0, 29)];
for ($j = 1; $j < 10; $j++) {
$tmp .= $useChars[mt_rand(0, 29)];
}
$myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext;
// Rename the temporary file
rename($v['stored_name'], HESK_PATH . $hesk_settings['attach_dir'] . '/' . $myatt['saved_name']);
// Insert into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
$tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
$num++;
}
if (strlen($tmpvar['attachmment_notices'])) {
$tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'], '', '', 1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'], '', '', 1));
}
}
// Delete the temporary files
deleteAll($results['tempdir']);
// If this is a reply add a new reply
if ($is_reply) {
// Set last replier name to customer name
$ticket['lastreplier'] = $tmpvar['name'] == $hesklang['pde'] ? $tmpvar['email'] : $tmpvar['name'];
// If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff"
$ticket['status'] = $ticket['status'] ? 1 : 0;
// Update ticket as necessary
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
// If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened)
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' ");
// Insert reply into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($ticket['lastreplier']) . "','" . hesk_dbEscape($tmpvar['message']) . "',NOW(),'" . hesk_dbEscape($tmpvar['attachments']) . "')");
// --> Prepare reply message
// 1. Generate the array with ticket info that can be used in emails
$info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($tmpvar['message']), 'attachments' => $tmpvar['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']);
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
// --> Process custom fields before sending
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : '';
}
// --> If ticket is assigned just notify the owner
if ($ticket['owner']) {
hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
} else {
hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'");
}
return $ticket['trackid'];
}
// END REPLY
// Not a reply, but a new ticket. Add it to the database
$tmpvar['category'] = $set_category;
$tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority;
$_SERVER['REMOTE_ADDR'] = $hesklang['unknown'];
// Auto assign tickets if aplicable
$tmpvar['owner'] = 0;
$tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date());
$tmpvar['openedby'] = $pop3 ? -2 : -1;
$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
#print_r($autoassign_owner);
if ($autoassign_owner) {
$tmpvar['owner'] = $autoassign_owner['id'];
$tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
}
// Custom fields will be empty as there is no reliable way of detecting them
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$tmpvar[$k] = '';
}
// Insert ticket to database
$ticket = hesk_newTicket($tmpvar);
// Notify the customer
if ($hesk_settings['notify_new']) {
$possible_SPAM = false;
// Do we need to check subject for SPAM tags?
if ($hesk_settings['notify_skip_spam']) {
foreach ($hesk_settings['notify_spam_tags'] as $tag) {
if (strpos($tmpvar['subject'], $tag) !== false) {
$possible_SPAM = true;
break;
}
}
}
// SPAM tags not found or not checked, send email
if ($possible_SPAM === false) {
hesk_notifyCustomer();
}
}
// Need to notify staff?
// --> From autoassign?
if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) {
hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
} elseif (!$tmpvar['owner']) {
hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' ");
}
return $ticket['trackid'];
}
function hesk_printCustomerTicketReplies()
{
global $hesklang, $hesk_settings, $result, $reply, $trackingID, $unread_replies;
$i = $hesk_settings['new_top'] ? 0 : 1;
while ($reply = hesk_dbFetchAssoc($result)) {
if ($i) {
$color = 'class="ticketrow"';
$i = 0;
} else {
$color = 'class="ticketalt"';
$i = 1;
}
/* Store unread reply IDs for later */
if ($reply['staffid'] && !$reply['read']) {
$unread_replies[] = $reply['id'];
}
$reply['dt'] = hesk_date($reply['dt']);
?>
<tr>
<td <?php
echo $color;
?>
>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td valign="top">
<table border="0" cellspacing="1">
<tr>
<td><?php
echo $hesklang['date'];
?>
:</td>
<td><?php
echo $reply['dt'];
?>
</td>
</tr>
<tr>
<td><?php
echo $hesklang['name'];
?>
:</td>
<td><?php
echo $reply['name'];
?>
</td>
</tr>
</table>
</td>
<td style="text-align:right; vertical-align:top;">
<?php
echo hesk_getCustomerButtons($i);
?>
</td>
</tr>
</table>
<p><b><?php
echo $hesklang['message'];
?>
:</b></p>
<p><?php
echo $reply['message'];
?>
</p>
<?php
/* Attachments */
hesk_listAttachments($reply['attachments'], $i);
/* Staff rating */
if ($hesk_settings['rating'] && $reply['staffid']) {
if ($reply['rating'] == 1) {
echo '<p class="rate">' . $hesklang['rnh'] . '</p>';
} elseif ($reply['rating'] == 5) {
echo '<p class="rate">' . $hesklang['rh'] . '</p>';
} else {
echo '
<div id="rating' . $reply['id'] . '" class="rate">
' . $hesklang['r'] . '
<a href="Javascript:void(0)" onclick="Javascript:hesk_rate(\'rate.php?rating=5&id=' . $reply['id'] . '&track=' . $trackingID . '\',\'rating' . $reply['id'] . '\')">' . strtolower($hesklang['yes']) . '</a> /
<a href="Javascript:void(0)" onclick="Javascript:hesk_rate(\'rate.php?rating=1&id=' . $reply['id'] . '&track=' . $trackingID . '\',\'rating' . $reply['id'] . '\')">' . strtolower($hesklang['no']) . '</a>
</div>
';
}
}
?>
</td>
</tr>
<?php
}
return $i;
}
function hesk_printTicketReplies()
{
global $hesklang, $hesk_settings, $result, $reply, $isManager;
$i = $hesk_settings['new_top'] ? 0 : 1;
if ($reply === false) {
return $i;
}
while ($reply = hesk_dbFetchAssoc($result)) {
$color = 'class="ticketMessageContainer"';
$reply['dt'] = hesk_date($reply['dt'], true);
?>
<div class="row ticketMessageContainer">
<div class="col-md-3 col-xs-12">
<div class="ticketName"><?php
echo $reply['name'];
?>
</div>
</div>
<div class="col-md-9 col-xs-12 pushMarginLeft">
<div class="ticketMessageTop withBorder">
<?php
echo hesk_getAdminButtonsInTicket();
?>
<div class="blankSpace"></div>
<p><?php
echo $hesklang['date'];
?>
: <?php
echo $reply['dt'];
?>
</p>
</div>
<div class="ticketMessageBottom">
<p><b><?php
echo $hesklang['message'];
?>
:</b></p>
<p><?php
echo $reply['message'];
?>
</p>
</div>
<div class="ticketMessageTop pushMargin">
<?php
hesk_listAttachments($reply['attachments'], $reply['id']);
/* Staff rating */
if ($hesk_settings['rating'] && $reply['staffid']) {
if ($reply['rating'] == 1) {
echo '<p class="rate">' . $hesklang['rnh'] . '</p>';
} elseif ($reply['rating'] == 5) {
echo '<p class="rate">' . $hesklang['rh'] . '</p>';
}
}
/* Show "unread reply" message? */
if ($reply['staffid'] && !$reply['read']) {
echo '<p class="rate">' . $hesklang['unread'] . '</p>';
}
?>
</div>
</div>
</div>
<?php
}
return $i;
}
:</td>
<td><?php
echo hesk_unhortenUrl($ticket[$k]);
?>
</td>
</tr>
<?php
}
}
// Close ticket head table
echo '</table>';
// Print initial ticket message
echo '<p>' . hesk_unhortenUrl($ticket['message']) . '</p>';
// Print replies
while ($reply = hesk_dbFetchAssoc($res)) {
$reply['dt'] = hesk_date($reply['dt'], true);
echo '
<hr />
<table border="0">
<tr>
<td>' . $hesklang['date'] . ':</td>
<td>' . $reply['dt'] . '</td>
</tr>
<tr>
<td>' . $hesklang['name'] . ':</td>
<td>' . $reply['name'] . '</td>
</tr>
</table>
<p>' . hesk_unhortenUrl($reply['message']) . '</p>
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
hesk_checkPermission('can_edit_tickets');
/* A security check */
hesk_token_check();
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
/* New archived status */
if (empty($_GET['locked'])) {
$status = 0;
$tmp = $hesklang['tunlock'];
$revision = sprintf($hesklang['thist6'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
} else {
$status = 1;
$tmp = $hesklang['tlock'];
$revision = sprintf($hesklang['thist5'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
}
/* Update database */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3',`locked`='{$status}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
/* Back to ticket page and show a success message */
hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
require HESK_PATH . 'inc/zip/Zip.php';
$zip = new Zip();
$zip->addLargeFile($save_to, "{$export_name}.xml");
$zip->finalize();
$zip->setZipFile($save_to_zip);
} else {
require HESK_PATH . 'inc/zip/pclzip.lib.php';
$zip = new PclZip($save_to_zip);
$zip->add($save_to, PCLZIP_OPT_REMOVE_ALL_PATH);
}
// Delete XML, just leave the Zip archive
hesk_unlink($save_to);
// Echo memory peak usage
$flush_me .= hesk_date() . " | " . sprintf($hesklang['pmem'], @memory_get_peak_usage(true) / 1048576) . "<br />\r\n";
// We're done!
$flush_me .= hesk_date() . " | {$hesklang['fZIP']}<br /><br />";
$flush_me .= '<a href="' . $save_to_zip . '">' . $hesklang['ch2d'] . "</a>\n";
} else {
hesk_unlink($save_to);
}
}
/* Print header */
require_once HESK_PATH . 'inc/header.inc.php';
/* Print main manage users page */
require_once HESK_PATH . 'inc/show_admin_nav.inc.php';
?>
</td>
</tr>
<tr>
<td>
function hesk_show_kb_article($artid)
{
global $hesk_settings, $hesklang, $article;
// Print header
$hesk_settings['tmp_title'] = $article['subject'];
hesk_kb_header($hesk_settings['kb_link'], $article['catid']);
// Update views by 1
hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
echo '<h3>' . $article['subject'] . '</h3>
<div class="footerWithBorder blankSpace"></div>
<h4>' . $hesklang['as'] . '</h4>
' . $article['content'];
if (!empty($article['attachments'])) {
echo '<p><b>' . $hesklang['attachments'] . ':</b><br />';
$att = explode(',', substr($article['attachments'], 0, -1));
foreach ($att as $myatt) {
list($att_id, $att_name) = explode('#', $myatt);
echo '<i class="fa fa-papercip"></i> <a href="../download_attachment.php?kb_att=' . $att_id . '" rel="nofollow">' . $att_name . '</a><br />';
}
echo '</p>';
}
if ($article['catid'] == 1) {
$link = 'knowledgebase_private.php';
} else {
$link = 'knowledgebase_private.php?category=' . $article['catid'];
}
?>
<br><br>
<div class="row">
<?php
$showRelated = false;
$column = 'col-md-12';
require HESK_PATH . 'inc/mail/email_parser.php';
$query = hesk_dbEscape($article['subject'] . ' ' . convert_html_to_text($article['content']));
// Get relevant articles from the database
$res = hesk_dbQuery("SELECT `id`, `subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT " . intval($hesk_settings['kb_related'] + 1));
// Array with related articles
$related_articles = array();
while ($related = hesk_dbFetchAssoc($res)) {
// Get base match score from the first (this) article
if (!isset($base_score)) {
$base_score = $related['score'];
}
// Ignore this article
if ($related['id'] == $artid) {
continue;
}
// Stop when articles reach less than 10% of base score
if ($related['score'] / $base_score < 0.1) {
break;
}
// This is a valid related article
$related_articles[$related['id']] = $related['subject'];
}
// Print related articles if we have any valid matches
if (count($related_articles)) {
$column = 'col-md-6';
$showRelated = true;
}
?>
<div class="<?php
echo $column;
?>
col-sm-12">
<h4><?php
echo $hesklang['ad'];
?>
</h4>
<div class="footerWithBorder blankSpace"></div>
<table border="0">
<tr>
<td><?php
echo $hesklang['aid'];
?>
: </td>
<td><?php
echo $article['id'];
?>
</td>
</tr>
<tr>
<td><?php
echo $hesklang['category'];
?>
: </td>
<td><a href="<?php
echo $link;
?>
"><?php
echo $article['cat_name'];
?>
</a></td>
</tr>
<tr>
<td><?php
echo $hesklang['dta'];
?>
: </td>
<td><?php
echo hesk_date($article['dt'], true);
?>
</td>
</tr>
<tr>
<td><?php
echo $hesklang['views'];
?>
: </td>
<td><?php
echo isset($_GET['rated']) ? $article['views'] : $article['views'] + 1;
?>
</td>
</tr>
</table>
</div>
<?php
if ($showRelated) {
?>
<div class="col-md-6 col-sm-12">
<h4><?php
echo $hesklang['relart'];
?>
</h4>
<div class="footerWithBorder blankSpace"></div>
<?php
// Related articles
foreach ($related_articles as $id => $subject) {
echo '<span class="glyphicon glyphicon-file" style="font-size: 16px;"></span> <a href="knowledgebase_private.php?article=' . $id . '">' . $subject . '</a><br />';
}
?>
</div>
<?php
}
?>
</div>
<?php
if (!isset($_GET['back'])) {
?>
<p><br /><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span> <?php
echo $hesklang['back'];
?>
</a></p>
<?php
} else {
?>
<p> </p>
<?php
}
}
function hesk_show_kb_article($artid)
{
global $hesk_settings, $hesklang, $article;
// Print header
$hesk_settings['tmp_title'] = $article['subject'];
require_once HESK_PATH . 'inc/header.inc.php';
hesk_kb_header($hesk_settings['kb_link']);
// Update views by 1 - exclude known bots and reloads because of ratings
if (!isset($_GET['rated']) && !hesk_detect_bots()) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
}
echo '<h1>' . $article['subject'] . '</h1>
<fieldset>
<legend>' . $hesklang['as'] . '</legend>
' . $article['content'];
if (!empty($article['attachments'])) {
echo '<p><b>' . $hesklang['attachments'] . ':</b><br />';
$att = explode(',', substr($article['attachments'], 0, -1));
foreach ($att as $myatt) {
list($att_id, $att_name) = explode('#', $myatt);
echo '<img src="img/clip.png" width="16" height="16" alt="' . $att_name . '" style="align:text-bottom" /> <a href="download_attachment.php?kb_att=' . $att_id . '" rel="nofollow">' . $att_name . '</a><br />';
}
echo '</p>';
}
// Article rating
if ($hesk_settings['kb_rating'] && strpos(hesk_COOKIE('hesk_kb_rate'), 'a' . $artid . '%') === false) {
echo '
<div id="rating" class="rate" align="right"> <br />' . $hesklang['rart'] . '
<a href="Javascript:void(0)" onclick="Javascript:window.location=\'knowledgebase.php?rating=5&id=' . $article['id'] . '\'" rel="nofollow">' . strtolower($hesklang['yes']) . '</a> /
<a href="Javascript:void(0)" onclick="Javascript:window.location=\'knowledgebase.php?rating=1&id=' . $article['id'] . '\'" rel="nofollow">' . strtolower($hesklang['no']) . '</a>
</div>
';
}
echo '</fieldset>';
// Related articles
if ($hesk_settings['kb_related']) {
require HESK_PATH . 'inc/mail/email_parser.php';
$query = hesk_dbEscape($article['subject'] . ' ' . convert_html_to_text($article['content']));
// Get relevant articles from the database
$res = hesk_dbQuery("SELECT t1.`id`, t1.`subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . 'kb_articles` AS t1 LEFT JOIN `' . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS t2 ON t1.`catid` = t2.`id` WHERE t1.`type`='0' AND t2.`type`='0' AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT " . intval($hesk_settings['kb_related'] + 1));
// Array with related articles
$related_articles = array();
while ($related = hesk_dbFetchAssoc($res)) {
// Get base match score from the first article
if (!isset($base_score)) {
$base_score = $related['score'];
}
// Ignore this article
if ($related['id'] == $artid) {
continue;
}
// Stop when articles reach less than 10% of base score
if ($related['score'] / $base_score < 0.1) {
break;
}
// This is a valid related article
$related_articles[$related['id']] = $related['subject'];
}
// Print related articles if we have any valid matches
if (count($related_articles)) {
echo '<fieldset><legend>' . $hesklang['relart'] . '</legend>';
foreach ($related_articles as $id => $subject) {
echo '<img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle;padding:2px;" /> <a href="knowledgebase.php?article=' . $id . '">' . $subject . '</a><br />';
}
echo '</fieldset>';
}
}
if ($article['catid'] == 1) {
$link = 'knowledgebase.php';
} else {
$link = 'knowledgebase.php?category=' . $article['catid'];
}
?>
<fieldset>
<legend><?php
echo $hesklang['ad'];
?>
</legend>
<table border="0">
<tr>
<td><?php
echo $hesklang['aid'];
?>
: </td>
<td><?php
echo $article['id'];
?>
</td>
</tr>
<tr>
<td><?php
echo $hesklang['category'];
?>
: </td>
<td><a href="<?php
echo $link;
?>
"><?php
echo $article['cat_name'];
?>
</a></td>
</tr>
<?php
if ($hesk_settings['kb_date']) {
?>
<tr>
<td><?php
echo $hesklang['dta'];
?>
: </td>
<td><?php
echo hesk_date($article['dt'], true);
?>
</td>
</tr>
<?php
}
if ($hesk_settings['kb_views']) {
?>
<tr>
<td><?php
echo $hesklang['views'];
?>
: </td>
<td><?php
echo isset($_GET['rated']) ? $article['views'] : $article['views'] + 1;
?>
</td>
</tr>
<?php
}
if ($hesk_settings['kb_rating']) {
$alt = $article['rating'] ? sprintf($hesklang['kb_rated'], sprintf("%01.1f", $article['rating'])) : $hesklang['kb_not_rated'];
echo '
<tr>
<td>' . $hesklang['rating'] . ' (' . $hesklang['votes'] . '):</td>
<td><img src="img/star_' . hesk_round_to_half($article['rating']) * 10 . '.png" width="85" height="16" alt="' . $alt . '" title="' . $alt . '" border="0" style="vertical-align:text-bottom" /> (' . $article['votes'] . ')</td>
</tr>
';
}
?>
</table>
</fieldset>
<?php
if (!isset($_GET['suggest'])) {
?>
<p> <br />« <a href="javascript:history.go(<?php
echo isset($_GET['rated']) ? '-2' : '-1';
?>
)"><?php
echo $hesklang['back'];
?>
</a></p>
<?php
} else {
?>
<p> </p>
<?php
}
}
function hesk_formatDate($dt)
{
$dt = hesk_date($dt);
$dt = str_replace(' ', '<br />', $dt);
return $dt;
}
function hesk_printTicketReplies()
{
global $hesklang, $hesk_settings, $result, $reply;
$i = $hesk_settings['new_top'] ? 0 : 1;
if ($reply === false) {
return $i;
}
while ($reply = hesk_dbFetchAssoc($result)) {
if ($i) {
$color = 'class="ticketrow"';
$i = 0;
} else {
$color = 'class="ticketalt"';
$i = 1;
}
$reply['dt'] = hesk_date($reply['dt'], true);
?>
<tr>
<td <?php
echo $color;
?>
>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td valign="top">
<table border="0" cellspacing="1">
<tr>
<td><?php
echo $hesklang['date'];
?>
:</td>
<td><?php
echo $reply['dt'];
?>
</td>
</tr>
<tr>
<td><?php
echo $hesklang['name'];
?>
:</td>
<td><?php
echo $reply['name'];
?>
</td>
</tr>
</table>
</td>
<td style="text-align:right; vertical-align:top;">
<?php
echo hesk_getAdminButtons(1, $i);
?>
</td>
</tr>
</table>
<p><b><?php
echo $hesklang['message'];
?>
:</b></p>
<p><?php
echo $reply['message'];
?>
</p>
<?php
/* Attachments */
hesk_listAttachments($reply['attachments'], $reply['id'], $i);
/* Staff rating */
if ($hesk_settings['rating'] && $reply['staffid']) {
if ($reply['rating'] == 1) {
echo '<p class="rate">' . $hesklang['rnh'] . '</p>';
} elseif ($reply['rating'] == 5) {
echo '<p class="rate">' . $hesklang['rh'] . '</p>';
}
}
/* Show "unread reply" message? */
if ($reply['staffid'] && !$reply['read']) {
echo '<p class="rate">' . $hesklang['unread'] . '</p>';
}
?>
</td>
</tr>
<?php
}
return $i;
}
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "contracts` WHERE `id` = '" . $_GET['id'] . "' LIMIT 1");
if (mysqli_num_rows($res) == 1) {
$row = mysqli_fetch_array($res);
$value_id = $row['id'];
$value_contract_name = $row['contract_name'];
$value_company_id = $row['company_id'];
$value_project_id = $row['project_id'];
$value_staff_id = $row['staff_id'];
$value_starting_date = $row['starting_date'];
$value_ending_date = $row['ending_date'];
$value_active = $row['active'];
$value_sla = $row['sla'];
$value_priority = $row['priority'];
$value_reply_time = $row['reply_time'];
$value_resolved_time = $row['resolved_time'];
$value['lastchange'] = hesk_date($value['lastchange'], true);
}
}
?>
<!-- Edit Contract-->
<div role="tabpanel" class="tab-pane" id="edit-cont">
<div class="edit-contract">
<form method="post" action="contracts.php" name="form2">
<input type="hidden" name="id" value="<?php
echo $value_id;
?>
"/>
<div class="form-inline contr-row1" id="contract_row">
<label class="col-xs-6 col-sm-3 control-label"><?php
echo $hesklang['contract_name'];
function hesk_kbLatestArticles($how_many, $index = 1)
{
global $hesk_settings, $hesklang;
// Index page or KB main page?
if ($index) {
// Disabled?
if (!$hesk_settings['kb_index_latest']) {
return true;
}
// Show title in italics
$font_weight = 'i';
} else {
// Disabled?
if (!$hesk_settings['kb_latest']) {
return true;
}
// Show title in bold
$font_weight = 'b';
// Print a line for spacing if we don't show popular articles
if (!$hesk_settings['kb_popart']) {
echo '<br/><br/>';
}
}
?>
<?php
/* Get list of articles from the database */
$res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`subject`,`t1`.`dt` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t1`\n\t\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`\n\t\t\tWHERE `t1`.`type`='0' AND `t2`.`type`='0'\n\t\t\tORDER BY `t1`.`dt` DESC LIMIT " . intval($how_many));
/* If no results found end here */
if (hesk_dbNumRows($res) == 0) {
echo '<div class="container noarticles"><i>' . $hesklang['noa'] . '</i><br /> </div></div>';
return true;
}
/* We have some results, print them out */
?>
<div role="tabpanel" class="tab-pane" id="profile">
<table class="table">
<?php
while ($article = hesk_dbFetchAssoc($res)) {
echo '<tbody>
<tr>
<td width="84%"><img src="img/article_text.jpg" width="16" height="16" border="0" alt="" style="vertical-align:middle" />
<span class="latest-kb-date-added1"><a href="knowledgebase.php?article=' . $article['id'] . '">' . $article['subject'] . '</a></span></td>
';
if ($hesk_settings['kb_date']) {
echo '<td><span class="latest-kb-date-added2">' . hesk_date($article['dt'], true) . '</span></td>';
}
echo '
</tr>
</tbody>
';
}
?>
</table>
</div>
<script type="text/javascript">
jQuery(document).ready(function ($) {
$('#tabs').tab();
});
</script>
</div>
<?php
}
function hesk_show_kb_article($artid)
{
global $hesk_settings, $hesklang, $article;
// Print header
$hesk_settings['tmp_title'] = $article['subject'];
require_once HESK_PATH . 'inc/header.inc.php';
hesk_kb_header($hesk_settings['kb_link'], $article['catid']);
// Update views by 1
hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`='" . intval($artid) . "' LIMIT 1");
echo '<h1>' . $article['subject'] . '</h1>
<fieldset>
<legend>' . $hesklang['as'] . '</legend>
' . $article['content'];
if (!empty($article['attachments'])) {
echo '<p><b>' . $hesklang['attachments'] . ':</b><br />';
$att = explode(',', substr($article['attachments'], 0, -1));
foreach ($att as $myatt) {
list($att_id, $att_name) = explode('#', $myatt);
echo '<img src="../img/clip.png" width="16" height="16" alt="' . $att_name . '" style="align:text-bottom" /> <a href="../download_attachment.php?kb_att=' . $att_id . '" rel="nofollow">' . $att_name . '</a><br />';
}
echo '</p>';
}
echo '</fieldset>';
if ($article['catid'] == 1) {
$link = 'knowledgebase_private.php';
} else {
$link = 'knowledgebase_private.php?category=' . $article['catid'];
}
?>
<fieldset>
<legend><?php
echo $hesklang['ad'];
?>
</legend>
<table border="0">
<tr>
<td><?php
echo $hesklang['aid'];
?>
: </td>
<td><?php
echo $article['id'];
?>
</td>
</tr>
<tr>
<td><?php
echo $hesklang['category'];
?>
: </td>
<td><a href="<?php
echo $link;
?>
"><?php
echo $article['cat_name'];
?>
</a></td>
</tr>
<tr>
<td><?php
echo $hesklang['dta'];
?>
: </td>
<td><?php
echo hesk_date($article['dt']);
?>
</td>
</tr>
<tr>
<td><?php
echo $hesklang['views'];
?>
: </td>
<td><?php
echo isset($_GET['rated']) ? $article['views'] : $article['views'] + 1;
?>
</td>
</tr>
</table>
</fieldset>
<?php
if (!isset($_GET['back'])) {
?>
<p> <br />« <a href="javascript:history.go(-1)"><?php
echo $hesklang['back'];
?>
</a></p>
<?php
} else {
?>
<p> </p>
<?php
}
}
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get ticket info
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
$closedStatusRS = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsClosed` = 1');
$ticketIsOpen = true;
while ($row = hesk_dbFetchAssoc($closedStatusRS)) {
if ($ticket['status'] == $row['ID']) {
$ticketIsOpen = false;
}
}
// Notify customer, but only if ticket is not already closed
if ($ticketIsOpen) {
require HESK_PATH . 'inc/email_functions.inc.php';
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
hesk_notifyCustomer('ticket_closed');
}
}
}
/* Update database */
$statusSql = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `LockedTicketStatus` = 1';
$statusRow = hesk_dbQuery($statusSql)->fetch_assoc();
$statusId = $statusRow['ID'];
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$statusId}',`locked`='{$status}' {$closedby_sql} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
/* Back to ticket page and show a success message */
hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
function hesk_kbLatestArticles($how_many, $index = 1)
{
global $hesk_settings, $hesklang;
// Index page or KB main page?
if ($index) {
// Disabled?
if (!$hesk_settings['kb_index_latest']) {
return true;
}
// Show title in italics
$font_weight = 'i';
} else {
// Disabled?
if (!$hesk_settings['kb_latest']) {
return true;
}
// Show title in bold
$font_weight = 'b';
// Print a line for spacing if we don't show popular articles
if (!$hesk_settings['kb_popart']) {
echo '<hr />';
}
}
?>
<table border="0" width="100%">
<tr>
<td>» <<?php
echo $font_weight;
?>
><?php
echo $hesklang['latart'];
?>
</<?php
echo $font_weight;
?>
></td>
<?php
/* Show number of views? */
if ($hesk_settings['kb_date']) {
echo '<td style="text-align:right"><i>' . $hesklang['dta'] . '</i></td>';
}
?>
</tr>
</table>
<?php
/* Get list of articles from the database */
$res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`subject`,`t1`.`dt` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` AS `t1`\r\n\t\t\tLEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`\r\n\t\t\tWHERE `t1`.`type`='0' AND `t2`.`type`='0'\r\n\t\t\tORDER BY `t1`.`dt` DESC LIMIT " . intval($how_many));
/* If no results found end here */
if (hesk_dbNumRows($res) == 0) {
echo '<p><i>' . $hesklang['noa'] . '</i><br /> </p>';
return true;
}
/* We have some results, print them out */
?>
<div align="center">
<table border="0" cellspacing="1" cellpadding="3" width="100%">
<?php
while ($article = hesk_dbFetchAssoc($res)) {
echo '
<tr>
<td>
<table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td width="1" valign="top"><img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle" /></td>
<td valign="top"> <a href="knowledgebase.php?article=' . $article['id'] . '">' . $article['subject'] . '</a></td>
';
if ($hesk_settings['kb_date']) {
echo '<td valign="top" style="text-align:right" width="200">' . hesk_date($article['dt'], true) . '</td>';
}
echo '
</tr>
</table>
</td>
</tr>
';
}
?>
</table>
</div>
<?php
}
$row['categories'] = explode(',', $row['categories']);
if (!in_array($ticket['category'], $row['categories'])) {
hesk_error($hesklang['unoa']);
}
}
/* Assigning to self? */
if ($can_assign_others || $owner == $_SESSION['id'] && $can_assign_self) {
$revision = sprintf($hesklang['thist2'], hesk_date(), $row['name'] . ' (' . $row['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) {
$_SERVER['PHP_SELF'] = 'admin_main.php';
}
} else {
hesk_error($hesklang['no_permission']);
}
$ticket['owner'] = $owner;
/* --> Prepare message */
// 1. Generate the array with ticket info that can be used in emails
$info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']);
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
/* Notify the new owner? */
if ($ticket['owner'] != intval($_SESSION['id'])) {
hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you');
}
$tmp = $owner == $_SESSION['id'] ? $hesklang['tasy'] : $hesklang['taso'];
hesk_process_messages($tmp, $_SERVER['PHP_SELF'], 'SUCCESS');
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
/* A security check */
hesk_token_check('POST');
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
$priority = intval(hesk_POST('priority'));
if ($priority < 0 || $priority > 3) {
hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE');
}
$options = array(0 => '<font class="critical">' . $hesklang['critical'] . '</font>', 1 => '<font class="important">' . $hesklang['high'] . '</font>', 2 => '<font class="medium">' . $hesklang['medium'] . '</font>', 3 => $hesklang['low']);
$revision = sprintf($hesklang['thist8'], hesk_date(), $options[$priority], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE');
}
hesk_process_messages(sprintf($hesklang['chpri2'], $options[$priority]), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
if ($hesk_settings['custopen'] != 1) {
$locked = 1;
}
// Mark that customer resolved the ticket
$closedby_sql = ' , `closedat`=NOW(), `closedby`=0 ';
} elseif ($status == 2) {
// Is customer reopening tickets enabled?
if (!$hesk_settings['custopen']) {
hesk_error($hesklang['attempt']);
}
//-- They want to close the ticket, so get the status that is the default for client-side closes
$statusRes = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
$statusRow = hesk_dbFetchAssoc($statusRes);
$status = $statusRow['ID'];
$action = $hesklang['opened'];
$revision = sprintf($hesklang['thist4'], hesk_date(), $hesklang['customer']);
// We will ask the customer why is the ticket being reopened
$_SESSION['force_form_top'] = true;
// Ticket is not resolved
$closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
} else {
die("{$hesklang['int_error']}: {$hesklang['status_not_valid']}.");
}
// Connect to database
hesk_dbConnect();
// Verify email address match if needed
hesk_verifyEmailMatch($trackingID);
// Lets make status assignment a bit smarter when reopening tickets
if ($oldStatus == 2) {
// Get number of replies and last replier (customer or staff)
$ticket = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `staffreplies`, `lastreplier` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"));
$u[] = $user['userId'];
}
$ulist = implode(',', $u);
$u_emails = hesk_dbQuery("SELECT `email` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` IN (" . $ulist . ")");
$array_email = array();
while ($e = mysqli_fetch_array($u_emails)) {
$array_email[] = $e['email'];
}
$ulist_emails = implode(',', $array_email);
//var_dump($ulist_emails);
//exit();
$params['subject'] = $ticket['subject'];
$params['user_id'] = 11;
// Do krijohet nga ERP nje user default dhe do vendosim ID e tij
$params['body_text'] = stripslashes($message);
$params['date'] = hesk_date($ticket['dt'], true);
$params['res_id'] = $data[0];
$params['model'] = "project.issue";
$params['email_from'] = $ticket['email'];
$params['email_to'] = $ulist_emails;
$data = $oeapi->create_record($params, $valid_services["SCA"]);
// dergojme te dhenat e reply_message tek ceshtje e duhur
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
// --> If ticket is assigned just notify the owner
if ($ticket['owner']) {
$sql .= " {$priority_sql} ";
if ($new_status == 3) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql .= " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
if ($hesk_settings['custopen'] != 1) {
$sql .= " , `locked`='1' ";
}
}
$sql .= " WHERE `id`='{$replyto}' LIMIT 1";
hesk_dbQuery($sql);
unset($sql);
/* Update number of replies in the users table */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
// --> Prepare reply message
// 1. Generate the array with ticket info that can be used in emails
$info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $new_status, 'name' => $ticket['name'], 'lastreplier' => $_SESSION['name'], 'subject' => $ticket['subject'], 'message' => stripslashes($message), 'attachments' => $myattachments, 'dt' => hesk_date($ticket['dt']), 'lastchange' => hesk_date($ticket['lastchange']));
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
// Notify the customer
if (!isset($_POST['no_notify']) || intval(hesk_POST('no_notify')) != 1) {
hesk_notifyCustomer('new_reply_by_staff');
}
/* Set reply submitted message */
$_SESSION['HESK_SUCCESS'] = TRUE;
$_SESSION['HESK_MESSAGE'] = $hesklang['reply_submitted'];
if (!empty($_POST['close'])) {
$_SESSION['HESK_MESSAGE'] .= '<br /><br />' . $hesklang['ticket_marked'] . ' <span class="resolved">' . $hesklang['closed'] . '</span>';
$hesk_settings['language'] = $hesk_settings['language_default'];
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
// Check permissions for this feature
hesk_checkPermission('can_man_settings');
// Test languages function
if (isset($_GET['test_languages'])) {
hesk_testLanguage(0);
}
$help_folder = '../language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/help_files/';
$enable_save_settings = 0;
$enable_use_attachments = 0;
$server_time = date('H:i', strtotime(hesk_date()));
// Print header
require_once HESK_PATH . 'inc/header.inc.php';
// Print main manage users page
require_once HESK_PATH . 'inc/show_admin_nav.inc.php';
// Demo mode? Hide values of sensitive settings
if (defined('HESK_DEMO')) {
$hesk_settings['db_host'] = $hesklang['hdemo'];
$hesk_settings['db_name'] = $hesklang['hdemo'];
$hesk_settings['db_user'] = $hesklang['hdemo'];
$hesk_settings['db_pass'] = $hesklang['hdemo'];
$hesk_settings['db_pfix'] = $hesklang['hdemo'];
$hesk_settings['smtp_host_name'] = $hesklang['hdemo'];
$hesk_settings['smtp_user'] = $hesklang['hdemo'];
$hesk_settings['smtp_password'] = $hesklang['hdemo'];
$hesk_settings['pop3_host_name'] = $hesklang['hdemo'];
function hesk_time_lastchange($original)
{
global $hesk_settings, $hesklang;
// Save time format setting so we can restore it later
$copy = $hesk_settings['timeformat'];
// We need this time format for this function
$hesk_settings['timeformat'] = 'Y-m-d H:i:s';
// Get HESK time-adjusted start of today if not already
if (!defined('HESK_TIME_TODAY')) {
// Adjust for HESK time and define constants for alter use
define('HESK_TIME_TODAY', date('Y-m-d 00:00:00', hesk_date(NULL, false, false, false)));
define('HESK_TIME_YESTERDAY', date('Y-m-d 00:00:00', strtotime(HESK_TIME_TODAY) - 86400));
}
// Adjust HESK time difference and get day name
$ticket_time = hesk_date($original, true);
if ($ticket_time >= HESK_TIME_TODAY) {
// For today show HH:MM
$day = substr($ticket_time, 11, 5);
} elseif ($ticket_time >= HESK_TIME_YESTERDAY) {
// For yesterday show word "Yesterday"
$day = $hesklang['r2'];
} else {
// For other days show DD MMM YY
list($y, $m, $d) = explode('-', substr($ticket_time, 0, 10));
$day = '<span style="white-space: nowrap;">' . $d . ' ' . $hesklang['ms' . $m] . ' ' . substr($y, 2) . '</span>';
}
// Restore original time format setting
$hesk_settings['timeformat'] = $copy;
// Return value to display
return $day;
}
function hesk_formatDate($dt, $from_database = true)
{
$dt = hesk_date($dt, $from_database);
$dt = str_replace(' ', '<br />', $dt);
return $dt;
}
function new_article()
{
global $hesk_settings, $hesklang, $listBox;
global $hesk_error_buffer;
/* A security check */
# hesk_token_check('POST');
$_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1);
$hesk_error_buffer = array();
$catid = intval(hesk_POST('catid', 1));
$type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1);
$html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1);
$now = hesk_date();
// Prevent submitting duplicate articles by reloading manage_knowledgebase.php page
if (isset($_SESSION['article_submitted'])) {
header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid);
exit;
}
$_SESSION['KB_CATEGORY'] = $catid;
$subject = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['kb_e_subj'];
if ($html) {
if (empty($_POST['content'])) {
$hesk_error_buffer[] = $hesklang['kb_e_cont'];
}
$content = hesk_getHTML(hesk_POST('content'));
} else {
$content = hesk_input(hesk_POST('content')) or $hesk_error_buffer[] = $hesklang['kb_e_cont'];
$content = nl2br($content);
$content = hesk_makeURL($content);
}
$sticky = isset($_POST['sticky']) ? 1 : 0;
$keywords = hesk_input(hesk_POST('keywords'));
/* Article attachments */
define('KB', 1);
require_once HESK_PATH . 'inc/posting_functions.inc.php';
require_once HESK_PATH . 'inc/attachments.inc.php';
$attachments = array();
for ($i = 1; $i <= 3; $i++) {
$att = hesk_uploadFile($i);
if (!empty($att)) {
$attachments[$i] = $att;
}
}
$myattachments = '';
/* Any errors? */
if (count($hesk_error_buffer)) {
// Remove any successfully uploaded attachments
if ($hesk_settings['attachments']['use']) {
hesk_removeAttachments($attachments);
}
$_SESSION['new_article'] = array('type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input(hesk_POST('content')), 'keywords' => $keywords, 'sticky' => $sticky);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'manage_knowledgebase.php');
}
$revision = sprintf($hesklang['revision1'], $now, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
/* Add to database */
if (!empty($attachments)) {
foreach ($attachments as $myatt) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
$myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
}
}
/* Get the latest reply_order */
$res = hesk_dbQuery("SELECT `art_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `catid`='" . intval($catid) . "' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1");
$row = hesk_dbFetchRow($res);
$my_order = $row[0] + 10;
/* Insert article into database */
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES (\n '" . intval($catid) . "',\n NOW(),\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($subject) . "',\n '" . hesk_dbEscape($content) . "',\n '" . hesk_dbEscape($keywords) . "',\n '" . intval($type) . "',\n '" . intval($html) . "',\n '" . intval($sticky) . "',\n '" . intval($my_order) . "',\n '" . hesk_dbEscape($revision) . "',\n '" . hesk_dbEscape($myattachments) . "'\n )");
$_SESSION['artord'] = hesk_dbInsertID();
// Update category article count
if ($type == 0) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=`articles`+1 WHERE `id`='" . intval($catid) . "'");
} else {
if ($type == 1) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='" . intval($catid) . "'");
} else {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='" . intval($catid) . "'");
}
}
unset($_SESSION['hide']);
$_SESSION['article_submitted'] = 1;
hesk_process_messages($hesklang['your_kb_added'], 'NOREDIRECT', 'SUCCESS');
$_GET['catid'] = $catid;
manage_category();
}
function hesk_show_kb_article($artid)
{
global $hesk_settings, $hesklang, $article;
// Print header
$hesk_settings['tmp_title'] = $article['subject'];
require_once HESK_PATH . 'inc/header.inc.php';
hesk_kb_header($hesk_settings['kb_link'], $article['catid']);
// Update views by 1
hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
echo '<h1>' . $article['subject'] . '</h1>
<fieldset>
<legend>' . $hesklang['as'] . '</legend>
' . $article['content'];
if (!empty($article['attachments'])) {
echo '<p><b>' . $hesklang['attachments'] . ':</b><br />';
$att = explode(',', substr($article['attachments'], 0, -1));
foreach ($att as $myatt) {
list($att_id, $att_name) = explode('#', $myatt);
echo '<img src="../img/clip.png" width="16" height="16" alt="' . $att_name . '" style="align:text-bottom" /> <a href="../download_attachment.php?kb_att=' . $att_id . '" rel="nofollow">' . $att_name . '</a><br />';
}
echo '</p>';
}
echo '</fieldset>';
// Related articles
if ($hesk_settings['kb_related']) {
require HESK_PATH . 'inc/mail/email_parser.php';
$query = hesk_dbEscape($article['subject'] . ' ' . convert_html_to_text($article['content']));
// Get relevant articles from the database
$res = hesk_dbQuery("SELECT `id`, `subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT " . intval($hesk_settings['kb_related'] + 1));
// Array with related articles
$related_articles = array();
while ($related = hesk_dbFetchAssoc($res)) {
// Get base match score from the first article
if (!isset($base_score)) {
$base_score = $related['score'];
}
// Ignore this article
if ($related['id'] == $artid) {
continue;
}
// Stop when articles reach less than 10% of base score
if ($related['score'] / $base_score < 0.1) {
break;
}
// This is a valid related article
$related_articles[$related['id']] = $related['subject'];
}
// Print related articles if we have any valid matches
if (count($related_articles)) {
echo '<fieldset><legend>' . $hesklang['relart'] . '</legend>';
foreach ($related_articles as $id => $subject) {
echo '<img src="' . HESK_PATH . 'img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle;padding:2px;" /> <a href="knowledgebase_private.php?article=' . $id . '">' . $subject . '</a><br />';
}
echo '</fieldset>';
}
}
if ($article['catid'] == 1) {
$link = 'knowledgebase_private.php';
} else {
$link = 'knowledgebase_private.php?category=' . $article['catid'];
}
?>
<fieldset>
<legend><?php
echo $hesklang['ad'];
?>
</legend>
<table border="0">
<tr>
<td><?php
echo $hesklang['aid'];
?>
: </td>
<td><?php
echo $article['id'];
?>
</td>
</tr>
<tr>
<td><?php
echo $hesklang['category'];
?>
: </td>
<td><a href="<?php
echo $link;
?>
"><?php
echo $article['cat_name'];
?>
</a></td>
</tr>
<tr>
<td><?php
echo $hesklang['dta'];
?>
: </td>
<td><?php
echo hesk_date($article['dt'], true);
?>
</td>
</tr>
<tr>
<td><?php
echo $hesklang['views'];
?>
: </td>
<td><?php
echo isset($_GET['rated']) ? $article['views'] : $article['views'] + 1;
?>
</td>
</tr>
</table>
</fieldset>
<?php
if (!isset($_GET['back'])) {
?>
<p> <br />« <a href="javascript:history.go(-1)"><?php
echo $hesklang['back'];
?>
</a></p>
<?php
} else {
?>
<p> </p>
<?php
}
}
hesk_process_messages($hesk_error_buffer, 'index.php?a=add');
}
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
// Track suggested knowledgebase articles
if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && isset($_POST['suggested']) && is_array($_POST['suggested'])) {
$tmpvar['articles'] = implode(',', array_unique(array_map('intval', $_POST['suggested'])));
}
// All good now, continue with ticket creation
$tmpvar['owner'] = 0;
$tmpvar['history'] = sprintf($hesklang['thist15'], hesk_date(), $tmpvar['name']);
// Auto assign tickets if aplicable
$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
if ($autoassign_owner) {
$tmpvar['owner'] = $autoassign_owner['id'];
$tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
}
// Insert attachments
if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
foreach ($attachments as $myatt) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
$tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
}
}
// Insert ticket to database
$ticket = hesk_newTicket($tmpvar);
//insert to ERP
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
include 'oe_api.php';
$valid_services = array("SCA" => "project.issue");
//klasat e ERP me te cilat do te punojme
