function hesk_isLoggedIn()
{
global $hesk_settings;
$referer = hesk_input($_SERVER['REQUEST_URI']);
$referer = str_replace('&', '&', $referer);
if (empty($_SESSION['id']) || empty($_SESSION['session_verify'])) {
if ($hesk_settings['autologin'] && hesk_autoLogin(1)) {
// Users online
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_initOnline($_SESSION['id']);
}
return true;
}
hesk_session_stop();
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
} else {
hesk_session_regenerate_id();
// Let's make sure access data is up-to-date
$res = hesk_dbQuery("SELECT `user`, `pass`, `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
// Exit if user not found
if (hesk_dbNumRows($res) != 1) {
hesk_session_stop();
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
}
// Fetch results from database
$me = hesk_dbFetchAssoc($res);
// Verify this session is still valid
if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) {
hesk_session_stop();
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
}
// Update session variables as needed
if ($me['isadmin'] == 1) {
$_SESSION['isadmin'] = 1;
} else {
$_SESSION['isadmin'] = 0;
$_SESSION['categories'] = explode(',', $me['categories']);
$_SESSION['heskprivileges'] = $me['heskprivileges'];
}
// Users online
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_initOnline($_SESSION['id']);
}
return true;
}
}
function hesk_iSessionError()
{
hesk_session_stop();
hesk_iHeader();
?>
<br />
<div class="error">
<img src="<?php
echo HESK_PATH;
?>
img/error.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" />
<b>Error:</b> PHP sessions not working!<br /><br />Note that this is a server configuration issue, not a HESK issue.<br /><br />Please contact your hosting company and ask them to verify why PHP sessions aren't working on your server!
</div>
<br />
<form method="get" action="<?php
echo INSTALL_PAGE;
?>
">
<p align="center"><input type="submit" value="« Start over" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /></p>
</form>
<?php
hesk_iFooter();
}
function hesk_isLoggedIn()
{
global $hesk_settings;
$referer = hesk_input($_SERVER['REQUEST_URI']);
$referer = str_replace('&', '&', $referer);
if (empty($_SESSION['id'])) {
if ($hesk_settings['autologin'] && hesk_autoLogin(1)) {
// Users online
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_initOnline($_SESSION['id']);
}
return true;
}
// Some pages cannot be redirected to
$modify_redirect = array('admin_reply_ticket.php' => 'admin_main.php', 'admin_settings_save.php' => 'admin_settings.php', 'delete_tickets.php' => 'admin_main.php', 'move_category.php' => 'admin_main.php', 'priority.php' => 'admin_main.php');
foreach ($modify_redirect as $from => $to) {
if (strpos($referer, $from) !== false) {
$referer = $to;
}
}
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
} else {
hesk_session_regenerate_id();
// Need to update permissions?
if (empty($_SESSION['isadmin'])) {
$res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `" . $hesk_settings['db_pfix'] . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
$me = hesk_dbFetchAssoc($res);
foreach ($me as $k => $v) {
$_SESSION[$k] = $v;
}
// Get allowed categories
if (empty($_SESSION['isadmin'])) {
$_SESSION['categories'] = explode(',', $_SESSION['categories']);
}
} else {
hesk_session_stop();
$url = 'index.php?a=login¬ice=1&goto=' . urlencode($referer);
header('Location: ' . $url);
exit;
}
}
// Users online
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_initOnline($_SESSION['id']);
}
return true;
}
}
function logout()
{
global $hesk_settings, $hesklang;
if (!hesk_token_check('GET', 0)) {
print_login();
exit;
}
/* Delete from Who's online database */
if ($hesk_settings['online']) {
require HESK_PATH . 'inc/users_online.inc.php';
hesk_setOffline($_SESSION['id']);
}
/* Destroy session and cookies */
hesk_session_stop();
/* If we're using the security image for admin login start a new session */
if ($hesk_settings['secimg_use'] == 2) {
hesk_session_start();
}
/* Show success message and reset the cookie */
hesk_process_messages($hesklang['logout_success'], 'NOREDIRECT', 'SUCCESS');
setcookie('hesk_p', '');
/* Print the login form */
print_login();
exit;
}
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
require HESK_PATH . 'install/install_functions.inc.php';
// Reset installation steps
hesk_session_stop();
hesk_iHeader();
?>
<h3>Thank you for downloading HESK!</h3>
<p>This script will help you install and configure HESK <?php
echo HESK_NEW_VERSION;
?>
</p>
<hr />
<form method="get" action="install.php">
<p align="center"><input type="submit" value="New install »" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /></p>
<p align="center">Install a new copy of HESK on your server</p>
