function hesk_dbFormatEmail($email, $field = 'email') { global $hesk_settings; $email = hesk_dbLike($email); if ($hesk_settings['multi_eml']) { return " (`" . hesk_dbEscape($field) . "` LIKE '" . hesk_dbEscape($email) . "' OR `" . hesk_dbEscape($field) . "` LIKE '%," . hesk_dbEscape($email) . "' OR `" . hesk_dbEscape($field) . "` LIKE '" . hesk_dbEscape($email) . ",%' OR `" . hesk_dbEscape($field) . "` LIKE '%," . hesk_dbEscape($email) . ",%') "; } else { return " `" . hesk_dbEscape($field) . "` LIKE '" . hesk_dbEscape($email) . "' "; } }
function rename_cat() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $_SERVER['PHP_SELF'] = 'manage_categories.php?catid=' . intval(hesk_POST('catid')); $catid = hesk_isNumber(hesk_POST('catid'), $hesklang['choose_cat_ren'], $_SERVER['PHP_SELF']); $_SESSION['selcat'] = $catid; $_SESSION['selcat2'] = $catid; $catname = hesk_input(hesk_POST('name'), $hesklang['cat_ren_name'], $_SERVER['PHP_SELF']); $_SESSION['catname2'] = $catname; $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `name` LIKE '" . hesk_dbEscape(hesk_dbLike($catname)) . "' LIMIT 1"); if (hesk_dbNumRows($res) != 0) { $old = hesk_dbFetchAssoc($res); if ($old['id'] == $catid) { hesk_process_messages($hesklang['noch'], $_SERVER['PHP_SELF'], 'NOTICE'); } else { hesk_process_messages($hesklang['cndupl'], $_SERVER['PHP_SELF']); } } hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `name`='" . hesk_dbEscape($catname) . "' WHERE `id`='" . intval($catid) . "' LIMIT 1"); unset($_SESSION['selcat']); unset($_SESSION['catname2']); hesk_process_messages($hesklang['cat_renamed_to'] . ' <i>' . stripslashes($catname) . '</i>', $_SERVER['PHP_SELF'], 'SUCCESS'); }
function hesk_isEmailLoop($email, $message_hash) { global $hesk_settings, $hesklang, $hesk_db_link; // If $hesk_settings['loop_hits'] is set to 0 this function is disabled if (!$hesk_settings['loop_hits']) { return false; } // Escape wildcards in email $email_like = hesk_dbEscape(hesk_dbLike($email)); // Delete expired DB entries hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` WHERE `dt` < (NOW() - INTERVAL " . intval($hesk_settings['loop_time']) . " SECOND) "); // Check current entry $res = hesk_dbQuery("SELECT `hits`, `message_hash` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` WHERE `email` LIKE '{$email_like}' LIMIT 1"); // Any active entry* if (hesk_dbNumRows($res)) { list($num, $md5) = hesk_dbFetchRow($res); $num++; // Number of emails in a time period reached? if ($num >= $hesk_settings['loop_hits']) { return true; } // Message exactly the same as in previous email? if ($message_hash == $md5) { return true; } // Update DB entry hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '" . hesk_dbEscape($message_hash) . "' WHERE `email` LIKE '{$email_like}' LIMIT 1"); } else { // First instance, insert a new database row hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` (`email`, `message_hash`) VALUES ('" . hesk_dbEscape($email) . "', '" . hesk_dbEscape($message_hash) . "')"); } // No loop rule trigered return false; }