function unban_email()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Delete from bans
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1");
// Redirect either to banned emails or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
// Show success
hesk_process_messages($hesklang['email_unbanned'], $redirect_to, 'SUCCESS');
}
function new_sm()
{
global $hesk_settings, $hesklang, $listBox;
global $hesk_error_buffer;
// A security check
# hesk_token_check('POST');
$hesk_error_buffer = array();
$style = intval(hesk_POST('style', 0));
if ($style > 4 || $style < 0) {
$style = 0;
}
$type = empty($_POST['type']) ? 0 : 1;
$title = hesk_input(hesk_POST('title')) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
$message = hesk_getHTML(hesk_POST('message'));
// Any errors?
if (count($hesk_error_buffer)) {
$_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => hesk_input(hesk_POST('message')));
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'service_messages.php');
}
// Just preview the message?
if (isset($_POST['sm_preview'])) {
$_SESSION['preview_sm'] = true;
$_SESSION['new_sm'] = array('style' => $style, 'type' => $type, 'title' => $title, 'message' => $message);
header('Location: service_messages.php');
exit;
}
// Get the latest service message order
$res = hesk_dbQuery("SELECT `order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` ORDER BY `order` DESC LIMIT 1");
$row = hesk_dbFetchRow($res);
$my_order = intval($row[0]) + 10;
// Insert service message into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` (`author`,`title`,`message`,`style`,`type`,`order`) VALUES (\n '" . intval($_SESSION['id']) . "',\n '" . hesk_dbEscape($title) . "',\n '" . hesk_dbEscape($message) . "',\n '{$style}',\n '{$type}',\n '{$my_order}'\n )");
$_SESSION['smord'] = hesk_dbInsertID();
hesk_process_messages($hesklang['sm_added'], 'service_messages.php', 'SUCCESS');
}
function hesk_autoLogin($noredirect = 0)
{
global $hesk_settings, $hesklang, $hesk_db_link;
if (!$hesk_settings['autologin']) {
return false;
}
$user = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
$hash = hesk_htmlspecialchars(hesk_COOKIE('hesk_p'));
define('HESK_USER', $user);
if (empty($user) || empty($hash)) {
return false;
}
/* Login cookies exist, now lets limit brute force attempts */
hesk_limitBfAttempts();
/* Check username */
$result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login¬ice=1');
exit;
}
$res = hesk_dbFetchAssoc($result);
/* Check password */
if ($hash != hesk_Pass2Hash($res['pass'] . strtolower($user) . $res['pass'])) {
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login¬ice=1');
exit;
}
// Set user details
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
// We don't need the password hash anymore
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Get allowed categories */
if (empty($_SESSION['isadmin'])) {
$_SESSION['categories'] = explode(',', $_SESSION['categories']);
}
/* Renew cookies */
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$hash}", strtotime('+1 year'));
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
$dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get list of tickets
$result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
if (hesk_dbNumRows($result) > 0) {
global $ticket;
// Load required functions?
if (!function_exists('hesk_notifyCustomer')) {
require HESK_PATH . 'inc/email_functions.inc.php';
}
while ($ticket = hesk_dbFetchAssoc($result)) {
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
$ticket = hesk_ticketToPlain($ticket, 1, 0);
hesk_notifyCustomer('ticket_closed');
}
}
}
// Update ticket statuses and history in database
hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`='3', `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
}
/* If session expired while a HESK page is open just continue using it, don't redirect */
if ($noredirect) {
return true;
}
/* Redirect to the destination page */
header('Location: ' . hesk_verifyGoto());
exit;
}
function forgot_tid()
{
global $hesk_settings, $hesklang;
require HESK_PATH . 'inc/email_functions.inc.php';
$email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
if (isset($_POST['open_only'])) {
$hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0;
}
/* Prepare ticket statuses */
$my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']);
/* Get ticket(s) from database */
hesk_load_database_functions();
hesk_dbConnect();
// Get tickets from the database
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC ');
$num = hesk_dbNumRows($res);
if ($num < 1) {
if ($hesk_settings['open_only']) {
hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email);
} else {
hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email);
}
}
$tid_list = '';
$name = '';
$email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : '';
while ($my_ticket = hesk_dbFetchAssoc($res)) {
$name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0);
$tid_list .= "\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\n";
}
/* Get e-mail message for customer */
$msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1);
$msg = str_replace('%%NAME%%', $name, $msg);
$msg = str_replace('%%NUM%%', $num, $msg);
$msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg);
$msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg);
$msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
$subject = hesk_getEmailSubject('forgot_ticket_id');
/* Send e-mail */
hesk_mail($email, $subject, $msg);
/* Show success message */
$tmp = '<b>' . $hesklang['tid_sent'] . '!</b>';
$tmp .= '<br /> <br />' . $hesklang['tid_sent2'] . '.';
$tmp .= '<br /> <br />' . $hesklang['check_spambox'];
hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS');
exit;
}
//exit();
$params['subject'] = $ticket['subject'];
$params['user_id'] = 11;
// Do krijohet nga ERP nje user default dhe do vendosim ID e tij
$params['body_text'] = stripslashes($message);
$params['date'] = hesk_date($ticket['dt'], true);
$params['res_id'] = $data[0];
$params['model'] = "project.issue";
$params['email_from'] = $ticket['email'];
$params['email_to'] = $ulist_emails;
$data = $oeapi->create_record($params, $valid_services["SCA"]);
// dergojme te dhenat e reply_message tek ceshtje e duhur
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
// --> If ticket is assigned just notify the owner
if ($ticket['owner']) {
//hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
hesk_notifyCustomer_multiple('new_reply_by_customer', $array_email);
} else {
hesk_notifyCustomer_multiple('new_reply_by_customer', $array_email);
}
/* Clear unneeded session variables */
hesk_cleanSessionVars('ticket_message');
/* Show the ticket and the success message */
hesk_process_messages($hesklang['reply_submitted_success'], 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
exit;
$_SESSION[$k] = $v;
}
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['user'], $_SESSION['pass']);
// We don't need the password hash anymore
unset($_SESSION['pass']);
// Clean brute force attempts
hesk_cleanBfAttempts();
// Regenerate session ID (security)
hesk_session_regenerate_id();
// Get allowed categories
if (empty($_SESSION['isadmin'])) {
$_SESSION['categories'] = explode(',', $_SESSION['categories']);
}
// Redirect to the profile page
hesk_process_messages($hesklang['resim'], 'profile.php', 'NOTICE');
exit;
}
// End IP matches
}
}
// Tell header to load reCaptcha API if needed
if ($hesk_settings['recaptcha_use'] == 2) {
define('RECAPTCHA', 1);
}
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['passr'];
require_once HESK_PATH . 'inc/header.inc.php';
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="3"><img src="../img/headerleftsm.jpg" width="3" height="25" alt="" /></td>
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';
}
$tmpvar[$k] = substr($tmpvar[$k], 0, -6);
} else {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k])));
}
} else {
$tmpvar[$k] = '';
}
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET\n\t\t`name`='" . hesk_dbEscape($tmpvar['name']) . "',\n\t\t`email`='" . hesk_dbEscape($tmpvar['email']) . "',\n\t\t`subject`='" . hesk_dbEscape($tmpvar['subject']) . "',\n\t\t`message`='" . hesk_dbEscape($tmpvar['message']) . "',\n\t\t`custom1`='" . hesk_dbEscape($tmpvar['custom1']) . "',\n\t\t`custom2`='" . hesk_dbEscape($tmpvar['custom2']) . "',\n\t\t`custom3`='" . hesk_dbEscape($tmpvar['custom3']) . "',\n\t\t`custom4`='" . hesk_dbEscape($tmpvar['custom4']) . "',\n\t\t`custom5`='" . hesk_dbEscape($tmpvar['custom5']) . "',\n\t\t`custom6`='" . hesk_dbEscape($tmpvar['custom6']) . "',\n\t\t`custom7`='" . hesk_dbEscape($tmpvar['custom7']) . "',\n\t\t`custom8`='" . hesk_dbEscape($tmpvar['custom8']) . "',\n\t\t`custom9`='" . hesk_dbEscape($tmpvar['custom9']) . "',\n\t\t`custom10`='" . hesk_dbEscape($tmpvar['custom10']) . "',\n\t\t`custom11`='" . hesk_dbEscape($tmpvar['custom11']) . "',\n\t\t`custom12`='" . hesk_dbEscape($tmpvar['custom12']) . "',\n\t\t`custom13`='" . hesk_dbEscape($tmpvar['custom13']) . "',\n\t\t`custom14`='" . hesk_dbEscape($tmpvar['custom14']) . "',\n\t\t`custom15`='" . hesk_dbEscape($tmpvar['custom15']) . "',\n\t\t`custom16`='" . hesk_dbEscape($tmpvar['custom16']) . "',\n\t\t`custom17`='" . hesk_dbEscape($tmpvar['custom17']) . "',\n\t\t`custom18`='" . hesk_dbEscape($tmpvar['custom18']) . "',\n\t\t`custom19`='" . hesk_dbEscape($tmpvar['custom19']) . "',\n\t\t`custom20`='" . hesk_dbEscape($tmpvar['custom20']) . "'\n\t\tWHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
}
unset($tmpvar);
hesk_cleanSessionVars('tmpvar');
hesk_process_messages($hesklang['edt2'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
$ticket['message'] = hesk_msgToPlain($ticket['message'], 0, 0);
/* Print header */
require_once HESK_PATH . 'inc/header.inc.php';
/* Print admin navigation */
require_once HESK_PATH . 'inc/show_admin_nav.inc.php';
?>
<!--
</td>
</tr>-->
<!-- start in this page end somewhere...
<tr>
<td>-->
function toggle_autoassign()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check();
$myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']);
$_SESSION['seluser'] = $myuser;
if (intval(hesk_GET('s'))) {
$autoassign = 1;
$tmp = $hesklang['uaaon'];
} else {
$autoassign = 0;
$tmp = $hesklang['uaaoff'];
}
/* Update auto-assign settings */
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `autoassign`='{$autoassign}' WHERE `id`='" . intval($myuser) . "'");
if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['user_not_found'], './manage_users.php');
}
hesk_process_messages($tmp, './manage_users.php', 'SUCCESS');
}
hesk_dbConnect();
// Verify email address match if needed
hesk_verifyEmailMatch($trackingID);
// Lets make status assignment a bit smarter when reopening tickets
if ($oldStatus == 2) {
// Get number of replies and last replier (customer or staff)
$ticket = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `staffreplies`, `lastreplier` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"));
// If ticket has no staff replies set the status to "New"
if ($ticket['staffreplies'] < 1) {
$statusRes = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1');
$statusRow = hesk_dbFetchAssoc($statusRes);
$status = $statusRow['ID'];
} elseif ($ticket['lastreplier'] == 0) {
$statusRes = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsCustomerReplyStatus` = 1');
$statusRow = hesk_dbFetchAssoc($statusRes);
$status = $statusRow['ID'];
}
// If nothing matches: last reply was from staff, keep status "Waiting reply from customer"
}
// Modify values in the database
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' {$closedby_sql} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND `locked` != '1' LIMIT 1");
// Did we modify anything*
if (hesk_dbAffectedRows() != 1) {
hesk_error($hesklang['elocked']);
}
// Show success message
if ($status != $closedStatus) {
hesk_process_messages($hesklang['wrepo'], 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999), 'NOTICE');
} else {
hesk_process_messages($hesklang['your_ticket_been'] . ' ' . $action, 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
}
function hesk_autoLogin($noredirect = 0)
{
global $hesk_settings, $hesklang, $hesk_db_link;
if (!$hesk_settings['autologin']) {
return false;
}
$user = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
$hash = hesk_htmlspecialchars(hesk_COOKIE('hesk_p'));
define('HESK_USER', $user);
if (empty($user) || empty($hash)) {
return false;
}
/* Login cookies exist, now lets limit brute force attempts */
hesk_limitBfAttempts();
/* Check username */
$result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login¬ice=1');
exit;
}
$res = hesk_dbFetchAssoc($result);
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check password */
if ($hash != hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass'])) {
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login¬ice=1');
exit;
}
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Get allowed categories */
if (empty($_SESSION['isadmin'])) {
$_SESSION['categories'] = explode(',', $_SESSION['categories']);
}
/* Renew cookies */
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$hash}", strtotime('+1 year'));
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
$dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
}
/* If session expired while a HESK page is open just continue using it, don't redirect */
if ($noredirect) {
return true;
}
/* Redirect to the destination page */
if (hesk_isREQUEST('goto') && ($url = hesk_REQUEST('goto'))) {
$url = str_replace('&', '&', $url);
header('Location: ' . $url);
} else {
header('Location: admin_main.php');
}
exit;
}
function forgot_tid()
{
global $hesk_settings, $hesklang;
require HESK_PATH . 'inc/email_functions.inc.php';
$email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
/* Prepare ticket statuses */
$my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']);
/* Get ticket(s) from database */
hesk_load_database_functions();
hesk_dbConnect();
// Get tickets from the database
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC ');
$num = hesk_dbNumRows($res);
if ($num < 1) {
if ($hesk_settings['open_only']) {
hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email);
} else {
hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email);
}
}
$tid_list = '';
$name = '';
$email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : '';
while ($my_ticket = hesk_dbFetchAssoc($res)) {
$name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0);
$tid_list .= "\r\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\r\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\r\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\r\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\r\n";
}
/* Get e-mail message for customer */
$msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1);
$msg = str_replace('%%NAME%%', $name, $msg);
$msg = str_replace('%%NUM%%', $num, $msg);
$msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg);
$msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg);
$msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
$subject = hesk_getEmailSubject('forgot_ticket_id');
/* Send e-mail */
hesk_mail($email, $subject, $msg);
/* Show success message */
$tmp = '<b>' . $hesklang['tid_sent'] . '!</b>';
$tmp .= '<br /> <br />' . $hesklang['tid_sent2'] . '.';
$tmp .= '<br /> <br />' . $hesklang['check_spambox'];
hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS');
exit;
/* Print header */
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['tid_sent'];
require_once HESK_PATH . 'inc/header.inc.php';
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="3"><img src="img/headerleftsm.jpg" width="3" height="25" alt="" /></td>
<td class="headersm"><?php
hesk_showTopBar($hesklang['tid_sent']);
?>
</td>
<td width="3"><img src="img/headerrightsm.jpg" width="3" height="25" alt="" /></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><span class="smaller"><a href="<?php
echo $hesk_settings['site_url'];
?>
" class="smaller"><?php
echo $hesk_settings['site_title'];
?>
</a> >
<a href="<?php
echo $hesk_settings['hesk_url'];
?>
" class="smaller"><?php
echo $hesk_settings['hesk_title'];
?>
</a>
> <?php
echo $hesklang['tid_sent'];
?>
</span></td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornerstop"></td>
<td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
<td class="roundcornersleft"> </td>
<td>
<p> </p>
<p align="center"><?php
echo $hesklang['tid_sent2'];
?>
</p>
<p align="center"><b><?php
echo $hesklang['check_spambox'];
?>
</b></p>
<p> </p>
<p align="center"><a href="<?php
echo $hesk_settings['hesk_url'];
?>
"><?php
echo $hesk_settings['hesk_title'];
?>
</a></p>
<p> </p>
</td>
<td class="roundcornersright"> </td>
</tr>
<tr>
<td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornersbottom"></td>
<td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>
<?php
}
function hesk_input($in, $error = 0, $redirect_to = '', $force_slashes = 0, $max_length = 0)
{
// Strip whitespace
$in = trim($in);
// Is value length 0 chars?
if (strlen($in) == 0) {
// Do we need to throw an error?
if ($error) {
if ($redirect_to == 'NOREDIRECT') {
hesk_process_messages($error, 'NOREDIRECT');
} elseif ($redirect_to) {
hesk_process_messages($error, $redirect_to);
} else {
hesk_error($error);
}
} else {
return $in;
}
}
// Sanitize input
$in = hesk_clean_utf8($in);
$in = hesk_htmlspecialchars($in);
$in = preg_replace('/&(\\#[0-9]+;)/', '&$1', $in);
// Add slashes
if (HESK_SLASH || $force_slashes) {
$in = addslashes($in);
}
// Check length
if ($max_length) {
$in = substr($in, 0, $max_length);
}
// Return processed value
return $in;
}
function remove_contract()
{
global $hesk_settings, $hesklang;
hesk_token_check();
$_SERVER['PHP_SELF'] = 'contracts.php#tab_edit-cont';
$con = intval(hesk_GET('id'));
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contracts` WHERE NOT EXISTS\n\t(SELECT NULL FROM`" . hesk_dbEscape($hesk_settings['db_pfix']) . "contractforclient` as `cc` WHERE `cc`.`contract_Id`='" . intval($con) . "') && `id`='" . intval($con) . "' LIMIT 1");
if (hesk_dbAffectedRows() != 1) {
hesk_error("{$hesklang['con_req']}.");
}
hesk_process_messages($hesklang['con_removed_db'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
hesk_error($hesklang['err_openset']);
}
// Any settings problems?
$tmp = array();
if (!$smtp_OK) {
$tmp[] = '<span style="color:red; font-weight:bold">' . $hesklang['sme'] . ':</span> ' . $smtp_error . '<br /><br /><a href="Javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay(\'smtplog\')">' . $hesklang['scl'] . '</a><div id="smtplog" style="display:none"> <br /><textarea name="log" rows="10" cols="60">' . $smtp_log . '</textarea></div>';
}
if (!$pop3_OK) {
$tmp[] = '<span style="color:red; font-weight:bold">' . $hesklang['pop3e'] . ':</span> ' . $pop3_error . '<br /><br /><a href="Javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay(\'pop3log\')">' . $hesklang['pop3log'] . '</a><div id="pop3log" style="display:none"> <br /><textarea name="log" rows="10" cols="60">' . $pop3_log . '</textarea></div>';
}
// Show the settings page and display any notices or success
if (count($tmp)) {
$errors = implode('<br /><br />', $tmp);
hesk_process_messages($hesklang['sns'] . '<br /><br />' . $errors, 'admin_settings.php', 'NOTICE');
} else {
hesk_process_messages($hesklang['set_were_saved'], 'admin_settings.php', 'SUCCESS');
}
exit;
/** FUNCTIONS **/
function hesk_checkMinMax($myint, $min, $max, $defval)
{
if ($myint > $max || $myint < $min) {
return $defval;
}
return $myint;
}
// END hesk_checkMinMax()
function hesk_getLanguagesArray($returnArray = 0)
{
global $hesk_settings, $hesklang;
/* Get a list of valid emails */
function mail_send()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check('POST');
$hesk_error_buffer = '';
/* Recipient */
$_SESSION['mail']['to'] = intval(hesk_POST('to'));
/* Valid recipient? */
if (empty($_SESSION['mail']['to'])) {
$hesk_error_buffer .= '<li>' . $hesklang['m_rec'] . '</li>';
} elseif ($_SESSION['mail']['to'] == $_SESSION['id']) {
$hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>';
} else {
$res = hesk_dbQuery("SELECT `name`,`email`,`notify_pm` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($_SESSION['mail']['to']) . "' LIMIT 1");
$num = hesk_dbNumRows($res);
if (!$num) {
$hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>';
} else {
$pm_recipient = hesk_dbFetchAssoc($res);
}
}
/* Subject */
$_SESSION['mail']['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer .= '<li>' . $hesklang['m_esu'] . '</li>';
/* Message */
$_SESSION['mail']['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_message'] . '</li>';
/* Any errors? */
if (strlen($hesk_error_buffer)) {
$_SESSION['hide']['list'] = 1;
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
} else {
$_SESSION['mail']['message'] = hesk_makeURL($_SESSION['mail']['message']);
$_SESSION['mail']['message'] = nl2br($_SESSION['mail']['message']);
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`from`,`to`,`subject`,`message`,`dt`,`read`) VALUES ('" . intval($_SESSION['id']) . "','" . intval($_SESSION['mail']['to']) . "','" . hesk_dbEscape($_SESSION['mail']['subject']) . "','" . hesk_dbEscape($_SESSION['mail']['message']) . "',NOW(),'0')");
/* Notify receiver via e-mail? */
if (isset($pm_recipient) && $pm_recipient['notify_pm']) {
$pm_id = hesk_dbInsertID();
$pm = array('name' => hesk_msgToPlain(addslashes($_SESSION['name']), 1, 1), 'subject' => hesk_msgToPlain($_SESSION['mail']['subject'], 1, 1), 'message' => hesk_msgToPlain($_SESSION['mail']['message'], 1, 1), 'id' => $pm_id);
/* Format email subject and message for recipient */
$subject = hesk_getEmailSubject('new_pm', $pm, 0);
$message = hesk_getEmailMessage('new_pm', $pm, 1, 0);
/* Send e-mail */
hesk_mail($pm_recipient['email'], $subject, $message);
}
unset($_SESSION['mail']);
hesk_process_messages($hesklang['m_pms'], './mail.php', 'SUCCESS');
}
}
$time_worked = hesk_getTime(hesk_POST('time_worked'));
/* Any errors? */
if (count($hesk_error_buffer) != 0) {
$_SESSION['ticket_message'] = hesk_POST('message');
$_SESSION['time_worked'] = $time_worked;
// Remove any successfully uploaded attachments
if ($hesk_settings['attachments']['use']) {
hesk_removeAttachments($attachments);
}
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . rand(10000, 99999));
}
if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
foreach ($attachments as $myatt) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($trackingID) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
$myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
}
}
/* Add reply */
$result = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`) VALUES ('" . intval($replyto) . "','" . hesk_dbEscape(addslashes($_SESSION['name'])) . "','" . hesk_dbEscape($message) . "',NOW(),'" . hesk_dbEscape($myattachments) . "','" . intval($_SESSION['id']) . "')");
/* Track ticket status changes for history */
$revision = '';
/* Change the status of priority? */
if (!empty($_POST['set_priority'])) {
$priority = intval(hesk_POST('priority'));
if ($priority < 0 || $priority > 3) {
$dt = preg_replace('/[^0-9]/', '', hesk_GET('dt'));
if (strlen($dt) == 8) {
$date = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2);
$date_input = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4);
/* This search is valid even if no query is entered */
if ($no_query) {
$hesk_error_buffer = str_replace($hesklang['fsq'], '', $hesk_error_buffer);
}
$sql .= " AND `dt` BETWEEN '{$date} 00:00:00' AND '{$date} 23:59:59' ";
} else {
$date = '';
$date_input = '';
}
/* Any errors? */
if (strlen($hesk_error_buffer)) {
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
}
/* This will handle error, success and notice messages */
$handle = hesk_handle_messages();
# echo "$sql<br/>";
// That's all the SQL we need for count
$sql_count .= $sql;
$sql = $sql_final . $sql;
/* Prepare variables used in search and forms */
require_once HESK_PATH . 'inc/prepare_ticket_search.inc.php';
/* If there has been an error message skip searching for tickets */
if ($handle !== FALSE) {
$href = 'find_tickets.php';
require_once HESK_PATH . 'inc/ticket_list.inc.php';
}
?>
} elseif (!$ticket['owner']) {
hesk_notifyStaff('new_ticket_staff', " `id` != " . intval($_SESSION['id']) . " AND `notify_new_unassigned` = '1' ");
}
// Unset temporary variables
unset($tmpvar);
hesk_cleanSessionVars('tmpvar');
hesk_cleanSessionVars('as_name');
hesk_cleanSessionVars('as_email');
hesk_cleanSessionVars('as_category');
hesk_cleanSessionVars('as_priority');
hesk_cleanSessionVars('as_subject');
hesk_cleanSessionVars('as_message');
hesk_cleanSessionVars('as_owner');
hesk_cleanSessionVars('as_notify');
hesk_cleanSessionVars('as_show');
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
hesk_cleanSessionVars("as_{$k}");
}
}
// If ticket has been assigned to the person submitting it lets show a message saying so
if ($ticket['owner'] && $ticket['owner'] == intval($_SESSION['id'])) {
$hesklang['new_ticket_submitted'] .= '<br /> <br />
<img src="' . HESK_PATH . 'img/notice.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> <b>' . (isset($autoassign_owner) ? $hesklang['taasy'] : $hesklang['tasy']) . '</b>';
}
// Show the ticket or just the success message
if ($show) {
hesk_process_messages($hesklang['new_ticket_submitted'], 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
} else {
hesk_process_messages($hesklang['new_ticket_submitted'] . '. <a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999) . '">' . $hesklang['view_ticket'] . '</a>', 'new_ticket.php', 'SUCCESS');
}
function remove()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check();
$mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']);
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` WHERE `id`='" . intval($mysaved) . "' LIMIT 1");
if (hesk_dbAffectedRows() != 1) {
hesk_error("{$hesklang['int_error']}: {$hesklang['ticket_tpl_not_found']}.");
}
hesk_process_messages($hesklang['ticket_tpl_removed'], 'manage_ticket_templates.php', 'SUCCESS');
}
function update_count($show_success = 0)
{
global $hesk_settings, $hesklang;
$update_these = array();
// Get a count of all articles grouped by category and type
$res = hesk_dbQuery('SELECT `catid`, `type`, COUNT(*) AS `num` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'kb_articles` GROUP BY `catid`, `type`');
while ($row = hesk_dbFetchAssoc($res)) {
switch ($row['type']) {
case 0:
$update_these[$row['catid']]['articles'] = $row['num'];
break;
case 1:
$update_these[$row['catid']]['articles_private'] = $row['num'];
break;
default:
$update_these[$row['catid']]['articles_draft'] = $row['num'];
}
}
// Set all article counts to 0
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`=0, `articles_private`=0, `articles_draft`=0");
// Now update categories that have articles with correct values
foreach ($update_these as $catid => $value) {
$value['articles'] = isset($value['articles']) ? $value['articles'] : 0;
$value['articles_private'] = isset($value['articles_private']) ? $value['articles_private'] : 0;
$value['articles_draft'] = isset($value['articles_draft']) ? $value['articles_draft'] : 0;
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_categories` SET `articles`={$value['articles']}, `articles_private`={$value['articles_private']}, `articles_draft`={$value['articles_draft']} WHERE `id`='{$catid}' LIMIT 1");
}
// Show a success message?
if ($show_success) {
hesk_process_messages($hesklang['acv'], 'NOREDIRECT', 'SUCCESS');
}
return true;
}
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
/* A security check */
hesk_token_check('POST');
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
$priority = intval(hesk_POST('priority'));
if ($priority < 0 || $priority > 3) {
hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE');
}
$options = array(0 => '<font class="critical">' . $hesklang['critical'] . '</font>', 1 => '<font class="important">' . $hesklang['high'] . '</font>', 2 => '<font class="medium">' . $hesklang['medium'] . '</font>', 3 => $hesklang['low']);
$revision = sprintf($hesklang['thist8'], hesk_date(), $options[$priority], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE');
}
hesk_process_messages(sprintf($hesklang['chpri2'], $options[$priority]), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
$_SESSION['c_name'] = hesk_POST('name');
$_SESSION['c_email'] = hesk_POST('email');
$_SESSION['c_category'] = hesk_POST('category');
$_SESSION['c_priority'] = hesk_POST('priority');
$_SESSION['c_subject'] = hesk_POST('subject');
$_SESSION['c_message'] = hesk_POST('message');
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
// Remove any successfully uploaded attachments
if ($below_limit && $hesk_settings['attachments']['use']) {
hesk_removeAttachments($attachments);
}
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $tmp . '</ul>';
hesk_process_messages($hesk_error_buffer, 'index.php?a=add');
}
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
// Track suggested knowledgebase articles
if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && isset($_POST['suggested']) && is_array($_POST['suggested'])) {
$tmpvar['articles'] = implode(',', array_unique(array_map('intval', $_POST['suggested'])));
}
// All good now, continue with ticket creation
$tmpvar['owner'] = 0;
$tmpvar['history'] = sprintf($hesklang['thist15'], hesk_date(), $tmpvar['name']);
// Auto assign tickets if aplicable
$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
if ($autoassign_owner) {
$tmpvar['owner'] = $autoassign_owner['id'];
$tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
function change_manager()
{
global $hesklang, $hesk_settings;
$catid = hesk_POST('catid');
$newManagerId = hesk_POST('managerid');
hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` SET `manager` = ' . intval($newManagerId) . ' WHERE `id` = ' . intval($catid));
if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
}
if ($newManagerId == 0) {
// There is no new manager.
return;
}
// Add the category to the user's categories list, if not already present
$currentCatRs = hesk_dbQuery('SELECT `categories` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` WHERE `id` = ' . intval($newManagerId));
$currentCategories = hesk_dbFetchAssoc($currentCatRs);
$categories = explode(',', $currentCategories['categories']);
if (!in_array($catid, $categories)) {
hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` SET `categories` = \'' . $currentCategories['categories'] . ',' . $catid . '\' WHERE `id` = ' . intval($newManagerId));
}
hesk_process_messages($hesklang['manager_updated'], './manage_categories.php', 'SUCCESS');
}
hesk_checkPermission('can_reply_tickets');
/* A security check */
hesk_token_check('POST');
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
foreach ($_POST['id'] as $this_id) {
if (is_array($this_id)) {
continue;
}
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
$result = hesk_dbQuery("SELECT `category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($this_id) . "' LIMIT 1");
$ticket = hesk_dbFetchAssoc($result);
hesk_okCategory($ticket['category']);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($this_id) . "' LIMIT 1");
$i++;
}
hesk_process_messages(sprintf($hesklang['num_tickets_closed'], $i), $referer, 'SUCCESS');
}
/*** START FUNCTIONS ***/
function hesk_fullyDeleteTicket()
{
global $hesk_settings, $hesklang, $ticket;
/* Delete attachment files */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
if (hesk_dbNumRows($res)) {
$hesk_settings['server_path'] = dirname(dirname(__FILE__));
while ($file = hesk_dbFetchAssoc($res)) {
hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
}
}
/* Delete attachments info from the database */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
hesk_checkPermission('can_edit_tickets');
/* A security check */
hesk_token_check();
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
/* New archived status */
if (empty($_GET['locked'])) {
$status = 0;
$tmp = $hesklang['tunlock'];
$revision = sprintf($hesklang['thist6'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
} else {
$status = 1;
$tmp = $hesklang['tlock'];
$revision = sprintf($hesklang['thist5'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
}
/* Update database */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3',`locked`='{$status}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
/* Back to ticket page and show a success message */
hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
function logout()
{
global $hesk_settings, $hesklang;
if (!hesk_token_check('GET', 0)) {
print_login();
exit;
}
/* Delete from Who's online database */
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_setOffline($_SESSION['id']);
}
/* Destroy session and cookies */
hesk_session_stop();
/* If we're using the security image for admin login start a new session */
if ($hesk_settings['secimg_use'] == 2) {
hesk_session_start();
}
/* Show success message and reset the cookie */
hesk_process_messages($hesklang['logout_success'], 'NOREDIRECT', 'SUCCESS');
setcookie('hesk_p', '');
/* Print the login form */
print_login();
exit;
}
function update_profile()
{
global $hesk_settings, $hesklang, $can_view_unassigned;
/* A security check */
hesk_token_check('POST');
$sql_pass = '';
$sql_username = '';
$hesk_error_buffer = '';
$_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
$_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
$_SESSION['new']['signature'] = hesk_input(hesk_POST('signature'));
/* Signature */
if (strlen($_SESSION['new']['signature']) > 255) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
/* Admins can change username */
if ($_SESSION['isadmin']) {
$_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
/* Check for duplicate usernames */
$result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 0) {
$hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
} else {
$sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'";
}
}
/* Change password? */
$newpass = hesk_input(hesk_POST('newpass'));
$passlen = strlen($newpass);
if ($passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2 = hesk_input(hesk_POST('newpass2'));
if ($newpass != $newpass2) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$v = hesk_Pass2Hash($newpass);
if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
define('WARN_PASSWORD', true);
}
$sql_pass = '******'' . $v . '\'';
}
}
}
/* After reply */
$_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply'));
if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) {
$_SESSION['new']['afterreply'] = 0;
}
/* Auto-start ticket timer */
$_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
/* Notifications */
$_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
/* Any errors? */
if (strlen($hesk_error_buffer)) {
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
} else {
/* Update database */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n\t `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\r\n\t `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\r\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\r\n {$sql_username}\r\n\t\t{$sql_pass} ,\r\n\t `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,\r\n `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,\r\n\t `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,\r\n `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,\r\n `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,\r\n `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,\r\n `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,\r\n `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',\r\n `notify_note`='" . intval($_SESSION['new']['notify_note']) . "'\r\n\t WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
/* Update session variables */
foreach ($_SESSION['new'] as $k => $v) {
$_SESSION[$k] = $v;
}
unset($_SESSION['new']);
hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS');
}
}
function toggle_type()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check();
$catid = intval(hesk_GET('catid')) or hesk_error($hesklang['cat_move_id']);
$_SESSION['selcat2'] = $catid;
if (intval(hesk_GET('s'))) {
$type = 1;
$tmp = $hesklang['cpriv'];
} else {
$type = 0;
$tmp = $hesklang['cpub'];
}
/* Update auto-assign settings */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `type`='{$type}' WHERE `id`='" . intval($catid) . "' LIMIT 1");
if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
}
hesk_process_messages($tmp, './manage_categories.php', 'SUCCESS');
}
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `merged` LIKE '%#" . hesk_dbEscape($trackingID) . "#%' LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
/* OK, found in a merged ticket. Get info */
$ticket = hesk_dbFetchAssoc($res);
/* If we require e-mail to view tickets check if it matches the one from merged ticket */
if (hesk_verifyEmailMatch($ticket['trackid'], $my_email, $ticket['email'], 0)) {
hesk_process_messages(sprintf($hesklang['tme'], $trackingID, $ticket['trackid']), 'NOREDIRECT', 'NOTICE');
$trackingID = $ticket['trackid'];
} else {
hesk_process_messages(sprintf($hesklang['tme1'], $trackingID, $ticket['trackid']) . '<br /><br />' . sprintf($hesklang['tme2'], $ticket['trackid']), 'NOREDIRECT', 'NOTICE');
$trackingID = $ticket['trackid'];
print_form();
}
} else {
/* Nothing found, error out */
hesk_process_messages($hesklang['ticket_not_found'], 'NOREDIRECT');
print_form();
}
} else {
/* We have a match, get ticket info */
$ticket = hesk_dbFetchAssoc($res);
/* If we require e-mail to view tickets check if it matches the one in database */
hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']);
}
/* Ticket exists, clean brute force attempts */
hesk_cleanBfAttempts();
/* Remember email address? */
if ($is_form) {
if (!empty($_GET['r'])) {
setcookie('hesk_myemail', $my_email, strtotime('+1 year'));
$do_remember = ' checked="checked" ';
function save()
{
global $hesklang;
$filePath = HESK_PATH . 'language/' . $_POST['language'] . '/emails/' . $_POST['template'];
if ($_POST['html'] == '1') {
$filePath = HESK_PATH . 'language/' . $_POST['language'] . '/emails/html/' . $_POST['template'];
}
$success = file_put_contents($filePath, $_POST['text']);
if ($success === false) {
hesk_process_messages($hesklang['email_template_not_saved'], 'manage_email_templates.php');
} else {
$message = sprintf($hesklang['email_template_saved'], $_POST['template']);
hesk_process_messages($message, 'manage_email_templates.php', 'SUCCESS');
}
}