function hesk_newTicket($ticket)
{
    global $hesk_settings, $hesklang, $hesk_db_link;
    // If language is not set or default, set it to NULL
    $language = !$hesk_settings['can_sel_lang'] || $hesklang['LANGUAGE'] == HESK_DEFAULT_LANGUAGE ? "NULL" : "'" . hesk_dbEscape($hesklang['LANGUAGE']) . "'";
    // Insert ticket into database
    hesk_dbQuery("\n\tINSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets`\n\t(\n\t\t`trackid`,\n\t\t`name`,\n\t\t`email`,\n\t\t`category`,\n\t\t`company_ticket_id`,\n\t\t`contract_ticket_id`,\n\t\t`priority`,\n\t\t`subject`,\n\t\t`message`,\n\t\t`dt`,\n\t\t`lastchange`,\n\t\t`articles`,\n\t\t`ip`,\n\t\t`language`,\n\t\t`openedby`,\n\t\t`owner`,\n\t\t`attachments`,\n\t\t`merged`,\n\t\t`history`,\n\t\t`custom1`,\n\t\t`custom2`,\n\t\t`custom3`,\n\t\t`custom4`,\n\t\t`custom5`,\n\t\t`custom6`,\n\t\t`custom7`,\n\t\t`custom8`,\n\t\t`custom9`,\n\t\t`custom10`,\n\t\t`custom11`,\n\t\t`custom12`,\n\t\t`custom13`,\n\t\t`custom14`,\n\t\t`custom15`,\n\t\t`custom16`,\n\t\t`custom17`,\n\t\t`custom18`,\n\t\t`custom19`,\n\t\t`custom20`\n\t)\n\tVALUES\n\t(\n\t\t'" . hesk_dbEscape($ticket['trackid']) . "',\n\t\t'" . hesk_dbEscape($ticket['name']) . "',\n\t\t'" . hesk_dbEscape($ticket['email']) . "',\n\t\t'" . intval($ticket['category']) . "',\n\t\t'" . hesk_dbEscape($ticket['company_ticket_id']) . "',\n\t\t'" . hesk_dbEscape($ticket['contract_ticket_id']) . "',\n\t\t'" . intval($ticket['priority']) . "',\n\t\t'" . hesk_dbEscape($ticket['subject']) . "',\n\t\t'" . hesk_dbEscape($ticket['message']) . "',\n\t\tNOW(),\n\t\tNOW(),\n\t\t" . (isset($ticket['articles']) ? "'{$ticket['articles']}'" : 'NULL') . ",\n\t\t'" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "',\n\t\t{$language},\n\t\t'" . (isset($ticket['openedby']) ? intval($ticket['openedby']) : 0) . "',\n\t\t'" . intval($ticket['owner']) . "',\n\t\t'" . hesk_dbEscape($ticket['attachments']) . "',\n\t\t'',\n\t\t'" . hesk_dbEscape($ticket['history']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom1']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom2']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom3']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom4']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom5']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom6']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom7']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom8']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom9']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom10']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom11']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom12']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom13']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom14']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom15']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom16']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom17']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom18']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom19']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom20']) . "'\n\t)\n\t");
    // Generate the array with ticket info that can be used in emails
    $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => 0, 'name' => $ticket['name'], 'lastreplier' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date(), 'lastchange' => hesk_date(), 'id' => hesk_dbInsertID());
    // Add custom fields to the array
    foreach ($hesk_settings['custom_fields'] as $k => $v) {
        $info[$k] = $v['use'] ? $ticket[$k] : '';
    }
    return hesk_ticketToPlain($info, 1);
}
function hesk_newTicket($ticket, $isVerified = true)
{
    global $hesk_settings, $hesklang, $hesk_db_link;
    // If language is not set or default, set it to NULL.
    if (!isset($ticket['language']) || empty($ticket['language'])) {
        $language = !$hesk_settings['can_sel_lang'] ? HESK_DEFAULT_LANGUAGE : hesk_dbEscape($hesklang['LANGUAGE']);
    } else {
        $language = $ticket['language'];
    }
    // Get the default ticket status for new tickets and set it accordingly
    $defaultNewTicketRs = hesk_dbQuery("SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsNewTicketStatus` = 1");
    $defaultNewTicket = hesk_dbFetchAssoc($defaultNewTicketRs);
    $ticket['status'] = $defaultNewTicket['ID'];
    $tableName = $isVerified ? 'tickets' : 'stage_tickets';
    // Insert ticket into database
    hesk_dbQuery("\n\tINSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . $tableName . "`\n\t(\n\t\t`trackid`,\n\t\t`name`,\n\t\t`email`,\n\t\t`category`,\n\t\t`priority`,\n\t\t`subject`,\n\t\t`message`,\n\t\t`dt`,\n\t\t`lastchange`,\n\t\t`articles`,\n\t\t`ip`,\n\t\t`language`,\n\t\t`openedby`,\n\t\t`owner`,\n\t\t`attachments`,\n\t\t`merged`,\n\t\t`history`,\n\t\t`custom1`,\n\t\t`custom2`,\n\t\t`custom3`,\n\t\t`custom4`,\n\t\t`custom5`,\n\t\t`custom6`,\n\t\t`custom7`,\n\t\t`custom8`,\n\t\t`custom9`,\n\t\t`custom10`,\n\t\t`custom11`,\n\t\t`custom12`,\n\t\t`custom13`,\n\t\t`custom14`,\n\t\t`custom15`,\n\t\t`custom16`,\n\t\t`custom17`,\n\t\t`custom18`,\n\t\t`custom19`,\n\t\t`custom20`,\n\t\t`status`,\n\t\t`latitude`,\n\t\t`longitude`\n\t)\n\tVALUES\n\t(\n\t\t'" . hesk_dbEscape($ticket['trackid']) . "',\n\t\t'" . hesk_dbEscape($ticket['name']) . "',\n\t\t'" . hesk_dbEscape($ticket['email']) . "',\n\t\t'" . intval($ticket['category']) . "',\n\t\t'" . intval($ticket['priority']) . "',\n\t\t'" . hesk_dbEscape($ticket['subject']) . "',\n\t\t'" . hesk_dbEscape($ticket['message']) . "',\n\t\tNOW(),\n\t\tNOW(),\n\t\t" . (isset($ticket['articles']) ? "'{$ticket['articles']}'" : 'NULL') . ",\n\t\t'" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "',\n\t\t'" . hesk_dbEscape($language) . "',\n\t\t'" . (isset($ticket['openedby']) ? intval($ticket['openedby']) : 0) . "',\n\t\t'" . intval($ticket['owner']) . "',\n\t\t'" . hesk_dbEscape($ticket['attachments']) . "',\n\t\t'',\n\t\t'" . hesk_dbEscape($ticket['history']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom1']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom2']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom3']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom4']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom5']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom6']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom7']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom8']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom9']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom10']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom11']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom12']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom13']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom14']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom15']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom16']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom17']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom18']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom19']) . "',\n\t\t'" . hesk_dbEscape($ticket['custom20']) . "',\n\t\t'" . intval($ticket['status']) . "',\n\t\t'" . hesk_dbEscape($ticket['latitude']) . "',\n\t\t'" . hesk_dbEscape($ticket['longitude']) . "'\n\t)\n\t");
    // Generate the array with ticket info that can be used in emails
    $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date(), 'lastchange' => hesk_date(), 'id' => hesk_dbInsertID(), 'language' => $language);
    // Add custom fields to the array
    foreach ($hesk_settings['custom_fields'] as $k => $v) {
        $info[$k] = $v['use'] ? $ticket[$k] : '';
    }
    return hesk_ticketToPlain($info, 1);
}
Пример #3
0
function hesk_autoLogin($noredirect = 0)
{
    global $hesk_settings, $hesklang, $hesk_db_link;
    if (!$hesk_settings['autologin']) {
        return false;
    }
    $user = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
    $hash = hesk_htmlspecialchars(hesk_COOKIE('hesk_p'));
    define('HESK_USER', $user);
    if (empty($user) || empty($hash)) {
        return false;
    }
    /* Login cookies exist, now lets limit brute force attempts */
    hesk_limitBfAttempts();
    /* Check username */
    $result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
        setcookie('hesk_username', '');
        setcookie('hesk_p', '');
        header('Location: index.php?a=login&notice=1');
        exit;
    }
    $res = hesk_dbFetchAssoc($result);
    /* Check password */
    if ($hash != hesk_Pass2Hash($res['pass'] . strtolower($user) . $res['pass'])) {
        setcookie('hesk_username', '');
        setcookie('hesk_p', '');
        header('Location: index.php?a=login&notice=1');
        exit;
    }
    // Set user details
    foreach ($res as $k => $v) {
        $_SESSION[$k] = $v;
    }
    /* Check if default password */
    if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
        hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
    }
    // Set a tag that will be used to expire sessions after username or password change
    $_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
    // We don't need the password hash anymore
    unset($_SESSION['pass']);
    /* Login successful, clean brute force attempts */
    hesk_cleanBfAttempts();
    /* Regenerate session ID (security) */
    hesk_session_regenerate_id();
    /* Get allowed categories */
    if (empty($_SESSION['isadmin'])) {
        $_SESSION['categories'] = explode(',', $_SESSION['categories']);
    }
    /* Renew cookies */
    setcookie('hesk_username', "{$user}", strtotime('+1 year'));
    setcookie('hesk_p', "{$hash}", strtotime('+1 year'));
    /* Close any old tickets here so Cron jobs aren't necessary */
    if ($hesk_settings['autoclose']) {
        $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
        $dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
        // Notify customer of closed ticket?
        if ($hesk_settings['notify_closed']) {
            // Get list of tickets
            $result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
            if (hesk_dbNumRows($result) > 0) {
                global $ticket;
                // Load required functions?
                if (!function_exists('hesk_notifyCustomer')) {
                    require HESK_PATH . 'inc/email_functions.inc.php';
                }
                while ($ticket = hesk_dbFetchAssoc($result)) {
                    $ticket['dt'] = hesk_date($ticket['dt'], true);
                    $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
                    $ticket = hesk_ticketToPlain($ticket, 1, 0);
                    hesk_notifyCustomer('ticket_closed');
                }
            }
        }
        // Update ticket statuses and history in database
        hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`='3', `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '2' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
    }
    /* If session expired while a HESK page is open just continue using it, don't redirect */
    if ($noredirect) {
        return true;
    }
    /* Redirect to the destination page */
    header('Location: ' . hesk_verifyGoto());
    exit;
}
Пример #4
0
//exit();
$params['subject'] = $ticket['subject'];
$params['user_id'] = 11;
// Do krijohet nga ERP nje user default dhe do vendosim ID e tij
$params['body_text'] = stripslashes($message);
$params['date'] = hesk_date($ticket['dt'], true);
$params['res_id'] = $data[0];
$params['model'] = "project.issue";
$params['email_from'] = $ticket['email'];
$params['email_to'] = $ulist_emails;
$data = $oeapi->create_record($params, $valid_services["SCA"]);
// dergojme te dhenat e reply_message tek ceshtje e duhur
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
    $info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
// --> If ticket is assigned just notify the owner
if ($ticket['owner']) {
    //hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
    hesk_notifyCustomer_multiple('new_reply_by_customer', $array_email);
} else {
    hesk_notifyCustomer_multiple('new_reply_by_customer', $array_email);
}
/* Clear unneeded session variables */
hesk_cleanSessionVars('ticket_message');
/* Show the ticket and the success message */
hesk_process_messages($hesklang['reply_submitted_success'], 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
exit;
Пример #5
0
    $action = $hesklang['ticket_been'] . ' ' . $hesklang['closed'];
    $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    if ($hesk_settings['custopen'] != 1) {
        $locked = 1;
    }
    // Notify customer of closed ticket?
    if ($hesk_settings['notify_closed']) {
        // Get ticket info
        $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
        if (hesk_dbNumRows($result) != 1) {
            hesk_error($hesklang['ticket_not_found']);
        }
        $ticket = hesk_dbFetchAssoc($result);
        $ticket['dt'] = hesk_date($ticket['dt'], true);
        $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
        $ticket = hesk_ticketToPlain($ticket, 1, 0);
        // Notify customer
        require HESK_PATH . 'inc/email_functions.inc.php';
        hesk_notifyCustomer('ticket_closed');
    }
    // Log who marked the ticket resolved
    $closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' ';
} elseif ($status == 1 || $status == 2 || $status == 4 || $status == 5) {
    $action = sprintf($hesklang['tsst'], $status_options[$status]);
    $revision = sprintf($hesklang['thist9'], hesk_date(), $status_options[$status], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    // Ticket is not resolved
    $closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
} else {
    $action = $hesklang['ticket_been'] . ' ' . $hesklang['opened'];
    $revision = sprintf($hesklang['thist4'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    // Ticket is not resolved
Пример #6
0
function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority = -1)
{
    global $hesk_settings, $hesklang, $hesk_db_link, $ticket;
    // Process "Reply-To:" or "From:" email
    $tmpvar['email'] = isset($results['reply-to'][0]['address']) ? hesk_validateEmail($results['reply-to'][0]['address'], 'ERR', 0) : hesk_validateEmail($results['from'][0]['address'], 'ERR', 0);
    // Email missing, invalid or banned?
    if (!$tmpvar['email'] || hesk_isBannedEmail($tmpvar['email'])) {
        return hesk_cleanExit();
    }
    // Process "Reply-To:" or "From:" name, convert to UTF-8, set to "[Customer]" if not set
    if (isset($results['reply-to'][0]['name']) && strlen($results['reply-to'][0]['name'])) {
        $tmpvar['name'] = $results['reply-to'][0]['name'];
        if (!empty($results['reply-to'][0]['encoding'])) {
            $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['reply-to'][0]['encoding']);
        }
    } else {
        $tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde'];
        if (!empty($results['from'][0]['encoding'])) {
            $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']);
        }
    }
    $tmpvar['name'] = hesk_input($tmpvar['name'], '', '', 1, 50) or $tmpvar['name'] = $hesklang['pde'];
    // Process "To:" email (not yet implemented, for future use)
    // $tmpvar['to_email']	= hesk_validateEmail($results['to'][0]['address'],'ERR',0);
    // Process email subject, convert to UTF-8, set to "[Piped email]" if none set
    $tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem'];
    if (!empty($results['subject_encoding'])) {
        $tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']);
    }
    $tmpvar['subject'] = hesk_input($tmpvar['subject'], '', '', 1, 70) or $tmpvar['subject'] = $hesklang['pem'];
    // Process email message, convert to UTF-8
    $tmpvar['message'] = isset($results['message']) ? $results['message'] : '';
    if (!empty($results['encoding'])) {
        $tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']);
    }
    $tmpvar['message'] = hesk_input($tmpvar['message'], '', '', 1);
    // Message missing?
    if (strlen($tmpvar['message']) == 0) {
        // Message required? Ignore this email.
        if ($hesk_settings['eml_req_msg']) {
            return hesk_cleanExit();
        }
        // Message not required? Assign a default message
        $tmpvar['message'] = $hesklang['def_msg'];
        // Track duplicate emails based on subject
        $message_hash = md5($tmpvar['subject']);
    } else {
        $message_hash = md5($tmpvar['message']);
    }
    // Strip quoted reply from email
    $tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']);
    // Convert URLs to links, change newlines to <br />
    $tmpvar['message'] = hesk_makeURL($tmpvar['message']);
    $tmpvar['message'] = nl2br($tmpvar['message']);
    # For debugging purposes
    # die( bin2hex($tmpvar['message']) );
    # die($tmpvar['message']);
    // Try to detect "delivery failed" and "noreply" emails - ignore if detected
    if (hesk_isReturnedEmail($tmpvar)) {
        return hesk_cleanExit();
    }
    // Check for email loops
    if (hesk_isEmailLoop($tmpvar['email'], $message_hash)) {
        return hesk_cleanExit();
    }
    // OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket
    if (preg_match('/\\[#([A-Z0-9]{3}\\-[A-Z0-9]{3}\\-[A-Z0-9]{4})\\]/', str_replace(' ', '', $tmpvar['subject']), $matches)) {
        // We found a possible tracking ID
        $tmpvar['trackid'] = $matches[1];
        // Does it match one in the database?
        $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($tmpvar['trackid']) . "' LIMIT 1");
        if (hesk_dbNumRows($res)) {
            $ticket = hesk_dbFetchAssoc($res);
            // Do email addresses match?
            if (strpos(strtolower($ticket['email']), strtolower($tmpvar['email'])) === false) {
                $tmpvar['trackid'] = '';
            }
            // Is this ticket locked? Force create a new one if it is
            if ($ticket['locked']) {
                $tmpvar['trackid'] = '';
            }
        } else {
            $tmpvar['trackid'] = '';
        }
    }
    // If tracking ID is empty, generate a new one
    if (empty($tmpvar['trackid'])) {
        $tmpvar['trackid'] = hesk_createID();
        $is_reply = 0;
    } else {
        $is_reply = 1;
    }
    // Process attachments
    $tmpvar['attachmment_notices'] = '';
    $tmpvar['attachments'] = '';
    $num = 0;
    if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) {
        foreach ($results['attachments'] as $k => $v) {
            // Clean attachment names
            $myatt['real_name'] = hesk_cleanFileName($v['orig_name']);
            // Check number of attachments, delete any over max number
            if ($num >= $hesk_settings['attachments']['max_number']) {
                $tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n";
                continue;
            }
            // Check file extension
            $ext = strtolower(strrchr($myatt['real_name'], "."));
            if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) {
                $tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n";
                continue;
            }
            // Check file size
            $myatt['size'] = $v['size'];
            if ($myatt['size'] > $hesk_settings['attachments']['max_size']) {
                $tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n";
                continue;
            }
            // Generate a random file name
            $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789';
            $tmp = $useChars[mt_rand(0, 29)];
            for ($j = 1; $j < 10; $j++) {
                $tmp .= $useChars[mt_rand(0, 29)];
            }
            $myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext;
            // Rename the temporary file
            rename($v['stored_name'], HESK_PATH . $hesk_settings['attach_dir'] . '/' . $myatt['saved_name']);
            // Insert into database
            hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
            $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
            $num++;
        }
        if (strlen($tmpvar['attachmment_notices'])) {
            $tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'], '', '', 1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'], '', '', 1));
        }
    }
    // Delete the temporary files
    deleteAll($results['tempdir']);
    // If this is a reply add a new reply
    if ($is_reply) {
        // Set last replier name to customer name
        $ticket['lastreplier'] = $tmpvar['name'] == $hesklang['pde'] ? $tmpvar['email'] : $tmpvar['name'];
        // If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff"
        $ticket['status'] = $ticket['status'] ? 1 : 0;
        // Update ticket as necessary
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
        // If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened)
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' ");
        // Insert reply into database
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($ticket['lastreplier']) . "','" . hesk_dbEscape($tmpvar['message']) . "',NOW(),'" . hesk_dbEscape($tmpvar['attachments']) . "')");
        // --> Prepare reply message
        // 1. Generate the array with ticket info that can be used in emails
        $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($tmpvar['message']), 'attachments' => $tmpvar['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']);
        // 2. Add custom fields to the array
        foreach ($hesk_settings['custom_fields'] as $k => $v) {
            $info[$k] = $v['use'] ? $ticket[$k] : '';
        }
        // 3. Make sure all values are properly formatted for email
        $ticket = hesk_ticketToPlain($info, 1, 0);
        // --> Process custom fields before sending
        foreach ($hesk_settings['custom_fields'] as $k => $v) {
            $ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : '';
        }
        // --> If ticket is assigned just notify the owner
        if ($ticket['owner']) {
            hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
        } else {
            hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'");
        }
        return $ticket['trackid'];
    }
    // END REPLY
    // Not a reply, but a new ticket. Add it to the database
    $tmpvar['category'] = $set_category;
    $tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority;
    $_SERVER['REMOTE_ADDR'] = $hesklang['unknown'];
    // Auto assign tickets if aplicable
    $tmpvar['owner'] = 0;
    $tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date());
    $tmpvar['openedby'] = $pop3 ? -2 : -1;
    $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
    #print_r($autoassign_owner);
    if ($autoassign_owner) {
        $tmpvar['owner'] = $autoassign_owner['id'];
        $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
    }
    // Custom fields will be empty as there is no reliable way of detecting them
    foreach ($hesk_settings['custom_fields'] as $k => $v) {
        $tmpvar[$k] = '';
    }
    // Insert ticket to database
    $ticket = hesk_newTicket($tmpvar);
    // Notify the customer
    if ($hesk_settings['notify_new']) {
        $possible_SPAM = false;
        // Do we need to check subject for SPAM tags?
        if ($hesk_settings['notify_skip_spam']) {
            foreach ($hesk_settings['notify_spam_tags'] as $tag) {
                if (strpos($tmpvar['subject'], $tag) !== false) {
                    $possible_SPAM = true;
                    break;
                }
            }
        }
        // SPAM tags not found or not checked, send email
        if ($possible_SPAM === false) {
            hesk_notifyCustomer();
        }
    }
    // Need to notify staff?
    // --> From autoassign?
    if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) {
        hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
    } elseif (!$tmpvar['owner']) {
        hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' ");
    }
    return $ticket['trackid'];
}
Пример #7
0
function do_login()
{
    global $hesk_settings, $hesklang;
    $hesk_error_buffer = array();
    $user = hesk_input(hesk_POST('user'));
    if (empty($user)) {
        $myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
        $hesk_error_buffer['user'] = $myerror;
    }
    define('HESK_USER', $user);
    $pass = hesk_input(hesk_POST('pass'));
    if (empty($pass)) {
        $hesk_error_buffer['pass'] = $hesklang['enter_pass'];
    }
    if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
        // Using ReCaptcha?
        if ($hesk_settings['recaptcha_use'] == 1) {
            require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
            $resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
            if ($resp->is_valid) {
                $_SESSION['img_a_verified'] = true;
            } else {
                $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
            }
        } elseif ($hesk_settings['recaptcha_use'] == 2) {
            require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php';
            $resp = null;
            $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
            // Was there a reCAPTCHA response?
            if (isset($_POST["g-recaptcha-response"])) {
                $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
            }
            if ($resp != null && $resp->success) {
                $_SESSION['img_a_verified'] = true;
            } else {
                $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
            }
        } else {
            $mysecnum = intval(hesk_POST('mysecnum', 0));
            if (empty($mysecnum)) {
                $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
            } else {
                require HESK_PATH . 'inc/secimg.inc.php';
                $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
                if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
                    $_SESSION['img_a_verified'] = true;
                } else {
                    $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
                }
            }
        }
    }
    /* Any missing fields? */
    if (count($hesk_error_buffer) != 0) {
        $_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
        $tmp = '';
        foreach ($hesk_error_buffer as $error) {
            $tmp .= "<li>{$error}</li>\n";
        }
        $hesk_error_buffer = $tmp;
        $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
        print_login();
        exit;
    } elseif (isset($_SESSION['img_a_verified'])) {
        unset($_SESSION['img_a_verified']);
    }
    /* User entered all required info, now lets limit brute force attempts */
    hesk_limitBfAttempts();
    $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('user', 'pass');
        hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
        print_login();
        exit;
    }
    $res = hesk_dbFetchAssoc($result);
    foreach ($res as $k => $v) {
        $_SESSION[$k] = $v;
    }
    /* Check password */
    if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('pass');
        hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
        print_login();
        exit;
    }
    $pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
    /* Check if default password */
    if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
        hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
    }
    // Set a tag that will be used to expire sessions after username or password change
    $_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
    // We don't need the password hash anymore
    unset($_SESSION['pass']);
    /* Login successful, clean brute force attempts */
    hesk_cleanBfAttempts();
    /* Make sure our user is active */
    if (!$_SESSION['active']) {
        hesk_session_stop();
        $_SESSION['a_iserror'] = array('active');
        hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT');
        print_login();
        exit;
    }
    /* Regenerate session ID (security) */
    hesk_session_regenerate_id();
    /* Remember username? */
    if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
        setcookie('hesk_username', "{$user}", strtotime('+1 year'));
        setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
    } elseif (hesk_POST('remember_user') == 'JUSTUSER') {
        setcookie('hesk_username', "{$user}", strtotime('+1 year'));
        setcookie('hesk_p', '');
    } else {
        // Expire cookie if set otherwise
        setcookie('hesk_username', '');
        setcookie('hesk_p', '');
    }
    /* Close any old tickets here so Cron jobs aren't necessary */
    if ($hesk_settings['autoclose']) {
        $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
        $dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
        $closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
        $closedStatus = hesk_dbFetchAssoc($closedStatusRs);
        // Are we allowed to close tickets in this status?
        if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') {
            // Notify customer of closed ticket?
            if ($hesk_settings['notify_closed']) {
                // Get list of tickets
                $result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
                if (hesk_dbNumRows($result) > 0) {
                    global $ticket;
                    // Load required functions?
                    if (!function_exists('hesk_notifyCustomer')) {
                        require HESK_PATH . 'inc/email_functions.inc.php';
                    }
                    while ($ticket = hesk_dbFetchAssoc($result)) {
                        $ticket['dt'] = hesk_date($ticket['dt'], true);
                        $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
                        $ticket = hesk_ticketToPlain($ticket, 1, 0);
                        hesk_notifyCustomer('ticket_closed');
                    }
                }
            }
            // Update ticket statuses and history in database if we're allowed to do so
            $defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1');
            $defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs);
            hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
        }
    }
    /* Redirect to the destination page */
    header('Location: ' . hesk_verifyGoto());
    exit;
}
Пример #8
0
function hesk_ticketToPlain($ticket, $specialchars = 0, $strip = 1)
{
    if (is_array($ticket)) {
        foreach ($ticket as $key => $value) {
            $ticket[$key] = is_array($ticket[$key]) ? hesk_ticketToPlain($value, $specialchars, $strip) : hesk_msgToPlain($value, $specialchars, $strip);
        }
        return $ticket;
    } else {
        return hesk_msgToPlain($ticket, $specialchars, $strip);
    }
}