$email = ''; hesk_dbConnect(); $getRs = hesk_dbQuery("SELECT `Email` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pending_verification_emails`\n WHERE `ActivationKey` = '" . hesk_dbEscape($key) . "'"); while ($result = $getRs->fetch_assoc()) { $email = $result['Email']; $ticketRs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "stage_tickets`\n WHERE `email` = '" . hesk_dbEscape($result['Email']) . "'"); while ($innerResult = $ticketRs->fetch_assoc()) { $ticket = hesk_newTicket($innerResult); // Notify the customer hesk_notifyCustomer(); // Need to notify staff? // --> From autoassign? $getOwnerRs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE ID = " . hesk_dbEscape($ticket['owner'])); $autoassign_owner = $getOwnerRs->fetch_assoc(); if ($ticket['owner'] && $autoassign_owner['notify_assigned']) { hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you'); } elseif (!$ticket['owner']) { hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' "); } array_push($submittedTickets, $innerResult['trackid']); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "stage_tickets`\n WHERE `id` = " . $innerResult['id']); } //Add email address to the verified emails table hesk_dbQuery('INSERT INTO `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'verified_emails` (`Email`) VALUES (\'' . hesk_dbEscape($email) . '\')'); } hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pending_verification_emails`\n WHERE `ActivationKey` = '" . hesk_dbEscape($key) . "'"); //-- was there an email recorded for the key? if (!empty($email)) { $showForm = false; ?> <div class="alert alert-success">
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('{$trackingID}','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; } } // If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff" $ticket['status'] = $ticket['status'] ? 1 : 0; /* Update ticket as necessary */ $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}' LIMIT 1"); // Insert reply into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ({$ticket['id']},'" . hesk_dbEscape($ticket['name']) . "','" . hesk_dbEscape($message) . "',NOW(),'" . hesk_dbEscape($myattachments) . "')"); /*** Need to notify any staff? ***/ // --> Prepare reply message // 1. Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => stripslashes($message), 'attachments' => $myattachments, 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); // --> If ticket is assigned just notify the owner if ($ticket['owner']) { hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my'); } else { hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'"); } /* Clear unneeded session variables */ hesk_cleanSessionVars('ticket_message'); /* Show the ticket and the success message */ hesk_process_messages($hesklang['reply_submitted_success'], 'ticket.php?track=' . $trackingID . $hesk_settings['e_param'] . '&Refresh=' . rand(10000, 99999), 'SUCCESS'); exit;
function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority = -1) { global $hesk_settings, $hesklang, $hesk_db_link, $ticket; // Process "Reply-To:" or "From:" email $tmpvar['email'] = isset($results['reply-to'][0]['address']) ? hesk_validateEmail($results['reply-to'][0]['address'], 'ERR', 0) : hesk_validateEmail($results['from'][0]['address'], 'ERR', 0); // Email missing, invalid or banned? if (!$tmpvar['email'] || hesk_isBannedEmail($tmpvar['email'])) { return hesk_cleanExit(); } // Process "Reply-To:" or "From:" name, convert to UTF-8, set to "[Customer]" if not set if (isset($results['reply-to'][0]['name']) && strlen($results['reply-to'][0]['name'])) { $tmpvar['name'] = $results['reply-to'][0]['name']; if (!empty($results['reply-to'][0]['encoding'])) { $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['reply-to'][0]['encoding']); } } else { $tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde']; if (!empty($results['from'][0]['encoding'])) { $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']); } } $tmpvar['name'] = hesk_input($tmpvar['name'], '', '', 1, 50) or $tmpvar['name'] = $hesklang['pde']; // Process "To:" email (not yet implemented, for future use) // $tmpvar['to_email'] = hesk_validateEmail($results['to'][0]['address'],'ERR',0); // Process email subject, convert to UTF-8, set to "[Piped email]" if none set $tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem']; if (!empty($results['subject_encoding'])) { $tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']); } $tmpvar['subject'] = hesk_input($tmpvar['subject'], '', '', 1, 70) or $tmpvar['subject'] = $hesklang['pem']; // Process email message, convert to UTF-8 $tmpvar['message'] = isset($results['message']) ? $results['message'] : ''; if (!empty($results['encoding'])) { $tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']); } $tmpvar['message'] = hesk_input($tmpvar['message'], '', '', 1); // Message missing? if (strlen($tmpvar['message']) == 0) { // Message required? Ignore this email. if ($hesk_settings['eml_req_msg']) { return hesk_cleanExit(); } // Message not required? Assign a default message $tmpvar['message'] = $hesklang['def_msg']; // Track duplicate emails based on subject $message_hash = md5($tmpvar['subject']); } else { $message_hash = md5($tmpvar['message']); } // Strip quoted reply from email $tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']); // Convert URLs to links, change newlines to <br /> $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); # For debugging purposes # die( bin2hex($tmpvar['message']) ); # die($tmpvar['message']); // Try to detect "delivery failed" and "noreply" emails - ignore if detected if (hesk_isReturnedEmail($tmpvar)) { return hesk_cleanExit(); } // Check for email loops if (hesk_isEmailLoop($tmpvar['email'], $message_hash)) { return hesk_cleanExit(); } // OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket if (preg_match('/\\[#([A-Z0-9]{3}\\-[A-Z0-9]{3}\\-[A-Z0-9]{4})\\]/', str_replace(' ', '', $tmpvar['subject']), $matches)) { // We found a possible tracking ID $tmpvar['trackid'] = $matches[1]; // Does it match one in the database? $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($tmpvar['trackid']) . "' LIMIT 1"); if (hesk_dbNumRows($res)) { $ticket = hesk_dbFetchAssoc($res); // Do email addresses match? if (strpos(strtolower($ticket['email']), strtolower($tmpvar['email'])) === false) { $tmpvar['trackid'] = ''; } // Is this ticket locked? Force create a new one if it is if ($ticket['locked']) { $tmpvar['trackid'] = ''; } } else { $tmpvar['trackid'] = ''; } } // If tracking ID is empty, generate a new one if (empty($tmpvar['trackid'])) { $tmpvar['trackid'] = hesk_createID(); $is_reply = 0; } else { $is_reply = 1; } // Process attachments $tmpvar['attachmment_notices'] = ''; $tmpvar['attachments'] = ''; $num = 0; if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) { foreach ($results['attachments'] as $k => $v) { // Clean attachment names $myatt['real_name'] = hesk_cleanFileName($v['orig_name']); // Check number of attachments, delete any over max number if ($num >= $hesk_settings['attachments']['max_number']) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n"; continue; } // Check file extension $ext = strtolower(strrchr($myatt['real_name'], ".")); if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n"; continue; } // Check file size $myatt['size'] = $v['size']; if ($myatt['size'] > $hesk_settings['attachments']['max_size']) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n"; continue; } // Generate a random file name $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789'; $tmp = $useChars[mt_rand(0, 29)]; for ($j = 1; $j < 10; $j++) { $tmp .= $useChars[mt_rand(0, 29)]; } $myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext; // Rename the temporary file rename($v['stored_name'], HESK_PATH . $hesk_settings['attach_dir'] . '/' . $myatt['saved_name']); // Insert into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; $num++; } if (strlen($tmpvar['attachmment_notices'])) { $tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'], '', '', 1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'], '', '', 1)); } } // Delete the temporary files deleteAll($results['tempdir']); // If this is a reply add a new reply if ($is_reply) { // Set last replier name to customer name $ticket['lastreplier'] = $tmpvar['name'] == $hesklang['pde'] ? $tmpvar['email'] : $tmpvar['name']; // If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff" $ticket['status'] = $ticket['status'] ? 1 : 0; // Update ticket as necessary hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); // If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened) hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' "); // Insert reply into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($ticket['lastreplier']) . "','" . hesk_dbEscape($tmpvar['message']) . "',NOW(),'" . hesk_dbEscape($tmpvar['attachments']) . "')"); // --> Prepare reply message // 1. Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($tmpvar['message']), 'attachments' => $tmpvar['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); // --> Process custom fields before sending foreach ($hesk_settings['custom_fields'] as $k => $v) { $ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : ''; } // --> If ticket is assigned just notify the owner if ($ticket['owner']) { hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my'); } else { hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'"); } return $ticket['trackid']; } // END REPLY // Not a reply, but a new ticket. Add it to the database $tmpvar['category'] = $set_category; $tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority; $_SERVER['REMOTE_ADDR'] = $hesklang['unknown']; // Auto assign tickets if aplicable $tmpvar['owner'] = 0; $tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date()); $tmpvar['openedby'] = $pop3 ? -2 : -1; $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']); #print_r($autoassign_owner); if ($autoassign_owner) { $tmpvar['owner'] = $autoassign_owner['id']; $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')'); } // Custom fields will be empty as there is no reliable way of detecting them foreach ($hesk_settings['custom_fields'] as $k => $v) { $tmpvar[$k] = ''; } // Insert ticket to database $ticket = hesk_newTicket($tmpvar); // Notify the customer if ($hesk_settings['notify_new']) { $possible_SPAM = false; // Do we need to check subject for SPAM tags? if ($hesk_settings['notify_skip_spam']) { foreach ($hesk_settings['notify_spam_tags'] as $tag) { if (strpos($tmpvar['subject'], $tag) !== false) { $possible_SPAM = true; break; } } } // SPAM tags not found or not checked, send email if ($possible_SPAM === false) { hesk_notifyCustomer(); } } // Need to notify staff? // --> From autoassign? if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) { hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you'); } elseif (!$tmpvar['owner']) { hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' "); } return $ticket['trackid']; }
$row['categories'] = explode(',', $row['categories']); if (!in_array($ticket['category'], $row['categories'])) { hesk_error($hesklang['unoa']); } } /* Assigning to self? */ if ($can_assign_others || $owner == $_SESSION['id'] && $can_assign_self) { $revision = sprintf($hesklang['thist2'], hesk_date(), $row['name'] . ' (' . $row['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) { $_SERVER['PHP_SELF'] = 'admin_main.php'; } } else { hesk_error($hesklang['no_permission']); } $ticket['owner'] = $owner; /* --> Prepare message */ // 1. Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); /* Notify the new owner? */ if ($ticket['owner'] != intval($_SESSION['id'])) { hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you'); } $tmp = $owner == $_SESSION['id'] ? $hesklang['tasy'] : $hesklang['taso']; hesk_process_messages($tmp, $_SERVER['PHP_SELF'], 'SUCCESS');