示例#1
0
function update_profile()
{
    global $hesk_settings, $hesklang, $can_view_unassigned;
    /* A security check */
    hesk_token_check('POST');
    $sql_pass = '';
    $sql_username = '';
    $hesk_error_buffer = '';
    $_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
    $_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
    $_SESSION['new']['signature'] = hesk_input(hesk_POST('signature'));
    /* Signature */
    if (strlen($_SESSION['new']['signature']) > 255) {
        $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
    }
    /* Admins can change username */
    if ($_SESSION['isadmin']) {
        $_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
        /* Check for duplicate usernames */
        $result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1");
        if (hesk_dbNumRows($result) != 0) {
            $hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
        } else {
            $sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'";
        }
    }
    /* Change password? */
    $newpass = hesk_input(hesk_POST('newpass'));
    $passlen = strlen($newpass);
    if ($passlen > 0) {
        /* At least 5 chars? */
        if ($passlen < 5) {
            $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
        } else {
            $newpass2 = hesk_input(hesk_POST('newpass2'));
            if ($newpass != $newpass2) {
                $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
            } else {
                $v = hesk_Pass2Hash($newpass);
                if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
                    define('WARN_PASSWORD', true);
                }
                $sql_pass = '******'' . $v . '\'';
            }
        }
    }
    /* After reply */
    $_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply'));
    if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) {
        $_SESSION['new']['afterreply'] = 0;
    }
    /* Auto-start ticket timer */
    $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
    /* Notifications */
    $_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1;
    $_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
    $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1;
    $_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
    $_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
    $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
    $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
    /* Any errors? */
    if (strlen($hesk_error_buffer)) {
        /* Process the session variables */
        $_SESSION['new'] = hesk_stripArray($_SESSION['new']);
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
    } else {
        /* Update database */
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n\t    `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\r\n\t    `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\r\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\r\n        {$sql_username}\r\n\t\t{$sql_pass} ,\r\n\t    `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,\r\n        `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,\r\n\t    `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,\r\n        `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,\r\n        `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,\r\n        `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,\r\n        `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,\r\n        `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',\r\n        `notify_note`='" . intval($_SESSION['new']['notify_note']) . "'\r\n\t    WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
        /* Process the session variables */
        $_SESSION['new'] = hesk_stripArray($_SESSION['new']);
        /* Update session variables */
        foreach ($_SESSION['new'] as $k => $v) {
            $_SESSION[$k] = $v;
        }
        unset($_SESSION['new']);
        hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS');
    }
}
示例#2
0
文件: lock.php 项目: riansopian/hesk
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
hesk_checkPermission('can_edit_tickets');
/* A security check */
hesk_token_check();
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
/* New archived status */
if (empty($_GET['locked'])) {
    $status = 0;
    $tmp = $hesklang['tunlock'];
    $revision = sprintf($hesklang['thist6'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
} else {
    $status = 1;
    $tmp = $hesklang['tlock'];
    $revision = sprintf($hesklang['thist5'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
}
/* Update database */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3',`locked`='{$status}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
/* Back to ticket page and show a success message */
示例#3
0
function remove_sm()
{
    global $hesk_settings, $hesklang;
    // A security check
    hesk_token_check();
    // Get ID
    $id = intval(hesk_GET('id')) or hesk_error($hesklang['sm_e_id']);
    // Delete the service message
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `id`={$id} LIMIT 1");
    // Were we successful?
    if (hesk_dbAffectedRows() == 1) {
        hesk_process_messages($hesklang['sm_deleted'], './service_messages.php', 'SUCCESS');
    } else {
        hesk_process_messages($hesklang['sm_not_found'], './service_messages.php');
    }
}
示例#4
0
*  a license please visit the page below:
*  https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
/* Get all the required files and functions */
require HESK_PATH . 'hesk_settings.inc.php';
require HESK_PATH . 'inc/common.inc.php';
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
/* A security check */
hesk_token_check('POST');
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
$priority = intval(hesk_POST('priority'));
if ($priority < 0 || $priority > 3) {
    hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE');
}
$options = array(0 => '<font class="critical">' . $hesklang['critical'] . '</font>', 1 => '<font class="important">' . $hesklang['high'] . '</font>', 2 => '<font class="medium">' . $hesklang['medium'] . '</font>', 3 => $hesklang['low']);
$revision = sprintf($hesklang['thist8'], hesk_date(), $options[$priority], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbAffectedRows() != 1) {
    hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE');
}
hesk_process_messages(sprintf($hesklang['chpri2'], $options[$priority]), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
function toggle_type()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check();
    $catid = intval(hesk_GET('catid')) or hesk_error($hesklang['cat_move_id']);
    $_SESSION['selcat2'] = $catid;
    if (intval(hesk_GET('s'))) {
        $type = 1;
        $tmp = $hesklang['cpriv'];
    } else {
        $type = 0;
        $tmp = $hesklang['cpub'];
    }
    /* Update auto-assign settings */
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `type`='{$type}' WHERE `id`='" . intval($catid) . "' LIMIT 1");
    if (hesk_dbAffectedRows() != 1) {
        hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
    }
    hesk_process_messages($tmp, './manage_categories.php', 'SUCCESS');
}
示例#6
0
function mail_send()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    $hesk_error_buffer = '';
    /* Recipient */
    $_SESSION['mail']['to'] = intval(hesk_POST('to'));
    /* Valid recipient? */
    if (empty($_SESSION['mail']['to'])) {
        $hesk_error_buffer .= '<li>' . $hesklang['m_rec'] . '</li>';
    } elseif ($_SESSION['mail']['to'] == $_SESSION['id']) {
        $hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>';
    } else {
        $res = hesk_dbQuery("SELECT `name`,`email`,`notify_pm` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($_SESSION['mail']['to']) . "' LIMIT 1");
        $num = hesk_dbNumRows($res);
        if (!$num) {
            $hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>';
        } else {
            $pm_recipient = hesk_dbFetchAssoc($res);
        }
    }
    /* Subject */
    $_SESSION['mail']['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer .= '<li>' . $hesklang['m_esu'] . '</li>';
    /* Message */
    $_SESSION['mail']['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_message'] . '</li>';
    /* Any errors? */
    if (strlen($hesk_error_buffer)) {
        $_SESSION['hide']['list'] = 1;
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
    } else {
        $_SESSION['mail']['message'] = hesk_makeURL($_SESSION['mail']['message']);
        $_SESSION['mail']['message'] = nl2br($_SESSION['mail']['message']);
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`from`,`to`,`subject`,`message`,`dt`,`read`) VALUES ('" . intval($_SESSION['id']) . "','" . intval($_SESSION['mail']['to']) . "','" . hesk_dbEscape($_SESSION['mail']['subject']) . "','" . hesk_dbEscape($_SESSION['mail']['message']) . "',NOW(),'0')");
        /* Notify receiver via e-mail? */
        if (isset($pm_recipient) && $pm_recipient['notify_pm']) {
            $pm_id = hesk_dbInsertID();
            $pm = array('name' => hesk_msgToPlain(addslashes($_SESSION['name']), 1, 1), 'subject' => hesk_msgToPlain($_SESSION['mail']['subject'], 1, 1), 'message' => hesk_msgToPlain($_SESSION['mail']['message'], 1, 1), 'id' => $pm_id);
            /* Format email subject and message for recipient */
            $subject = hesk_getEmailSubject('new_pm', $pm, 0);
            $message = hesk_getEmailMessage('new_pm', $pm, 1, 0);
            /* Send e-mail */
            hesk_mail($pm_recipient['email'], $subject, $message);
        }
        unset($_SESSION['mail']);
        hesk_process_messages($hesklang['m_pms'], './mail.php', 'SUCCESS');
    }
}
function order_saved()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check();
    $tplid = intval(hesk_GET('replyid')) or hesk_error($hesklang['ticket_tpl_id']);
    $_SESSION['canned']['selcat2'] = $tplid;
    $tpl_move = intval(hesk_GET('move'));
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=`tpl_order`+" . intval($tpl_move) . " WHERE `id`='" . intval($tplid) . "' LIMIT 1");
    if (hesk_dbAffectedRows() != 1) {
        hesk_error("{$hesklang['int_error']}: {$hesklang['ticket_tpl_not_found']}.");
    }
    /* Update all category fields with new order */
    $result = hesk_dbQuery('SELECT `id` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'ticket_templates` ORDER BY `tpl_order` ASC');
    $i = 10;
    while ($mytpl = hesk_dbFetchAssoc($result)) {
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=" . intval($i) . " WHERE `id`='" . intval($mytpl['id']) . "' LIMIT 1");
        $i += 10;
    }
    header('Location: manage_ticket_templates.php');
    exit;
}
示例#8
0
function logout()
{
    global $hesk_settings, $hesklang;
    if (!hesk_token_check('GET', 0)) {
        print_login();
        exit;
    }
    /* Delete from Who's online database */
    if ($hesk_settings['online']) {
        require HESK_PATH . 'inc/users_online.inc.php';
        hesk_setOffline($_SESSION['id']);
    }
    /* Destroy session and cookies */
    hesk_session_stop();
    /* If we're using the security image for admin login start a new session */
    if ($hesk_settings['secimg_use'] == 2) {
        hesk_session_start();
    }
    /* Show success message and reset the cookie */
    hesk_process_messages($hesklang['logout_success'], 'NOREDIRECT', 'SUCCESS');
    setcookie('hesk_p', '');
    /* Print the login form */
    print_login();
    exit;
}
示例#9
0
    ?>
			<input name="submitbutton_tickets" type="submit" class="btn btn-default filter-ticket-btn" value="Search"/>
			<button name="clearbutton_tickets" onclick="deleteticket_admin();return false;" class="btn btn-default filter-ticket-btn" value="">Clear</button>
		</form>
	</div> <!--end div i filtrave -->	
	<?php 
    if (!isset($_SESSION['hide']['ticket_list'])) {
        echo '<br/><br/>
        <div class="container open-new-ticket">
        <div class="form-inline col-sm-10"><img src="../img/open-tickets.png" alt="open-tickets" /><span id="openTicket">' . $hesklang['open_tickets'] . '</span></div>
        <span class="col-sm-2 newTicket"><a href="new_ticket.php"><button type="submit" class="btn btn-default new-ticket-btn">' . $hesklang['nti'] . '</button></a></span>
		</div>
        ';
    }
    /* Reset default settings? */
    if (isset($_GET['reset']) && hesk_token_check()) {
        $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
        $_SESSION['default_list'] = '';
    } else {
        parse_str($_SESSION['default_list'], $defaults);
        $_GET = isset($_GET) && is_array($_GET) ? array_merge($_GET, $defaults) : $defaults;
    }
    /* Print the list of tickets */
    require HESK_PATH . 'inc/print_tickets.inc.php';
    /* Print forms for listing and searching tickets */
    /*require(HESK_PATH . 'inc/show_search_form.inc.php');*/
} else {
    echo '<p><i>' . $hesklang['na_view_tickets'] . '</i></p>';
}
/* Clean unneeded session variables */
hesk_cleanSessionVars('hide');
示例#10
0
function toggle_autoassign()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check();
    $myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']);
    $_SESSION['seluser'] = $myuser;
    if (intval(hesk_GET('s'))) {
        $autoassign = 1;
        $tmp = $hesklang['uaaon'];
    } else {
        $autoassign = 0;
        $tmp = $hesklang['uaaoff'];
    }
    /* Update auto-assign settings */
    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `autoassign`='{$autoassign}' WHERE `id`='" . intval($myuser) . "'");
    if (hesk_dbAffectedRows() != 1) {
        hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['user_not_found'], './manage_users.php');
    }
    hesk_process_messages($tmp, './manage_users.php', 'SUCCESS');
}
function toggle_sticky()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check();
    $id = intval(hesk_GET('id')) or hesk_error($hesklang['kb_art_id']);
    $catid = intval(hesk_GET('catid')) or hesk_error($hesklang['kb_cat_inv']);
    $sticky = empty($_GET['s']) ? 0 : 1;
    $_SESSION['artord'] = $id;
    /* Update article "sticky" status */
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `sticky`='" . intval($sticky) . " ' WHERE `id`='" . intval($id) . "' LIMIT 1");
    /* Update article order */
    update_article_order($catid);
    $tmp = $sticky ? $hesklang['ason'] : $hesklang['asoff'];
    hesk_process_messages($tmp, './manage_knowledgebase.php?a=manage_cat&catid=' . $catid, 'SUCCESS');
}
示例#12
0
}
/* Update time worked */
if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST')) {
    $h = intval(hesk_POST('h'));
    $m = intval(hesk_POST('m'));
    $s = intval(hesk_POST('s'));
    /* Get time worked in proper format */
    $time_worked = hesk_getTime($h . ':' . $m . ':' . $s);
    /* Update database */
    $revision = sprintf($hesklang['thist14'], hesk_date(), $time_worked, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
    /* Show ticket */
    hesk_process_messages($hesklang['twu'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
/* Delete attachment action */
if (isset($_GET['delatt']) && hesk_token_check()) {
    if (!$can_delete || !$can_edit) {
        hesk_process_messages($hesklang['no_permission'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
    }
    $att_id = intval(hesk_GET('delatt')) or hesk_error($hesklang['inv_att_id']);
    $reply = intval(hesk_GET('reply', 0));
    if ($reply < 1) {
        $reply = 0;
    }
    $note = intval(hesk_GET('note', 0));
    if ($note < 1) {
        $note = 0;
    }
    /* Get attachment info */
    $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
    if (hesk_dbNumRows($res) != 1) {
示例#13
0
function remove_contract()
{
    global $hesk_settings, $hesklang;
    hesk_token_check();
    $_SERVER['PHP_SELF'] = 'contracts.php#tab_edit-cont';
    $con = intval(hesk_GET('id'));
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contracts` WHERE NOT EXISTS\n\t(SELECT NULL FROM`" . hesk_dbEscape($hesk_settings['db_pfix']) . "contractforclient` as `cc` WHERE `cc`.`contract_Id`='" . intval($con) . "') && `id`='" . intval($con) . "' LIMIT 1");
    if (hesk_dbAffectedRows() != 1) {
        hesk_error("{$hesklang['con_req']}.");
    }
    hesk_process_messages($hesklang['con_removed_db'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
示例#14
0
function unban_email()
{
    global $hesk_settings, $hesklang;
    // A security check
    hesk_token_check();
    // Delete from bans
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1");
    // Redirect either to banned emails or ticket page from now on
    $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
    // Show success
    hesk_process_messages($hesklang['email_unbanned'], $redirect_to, 'SUCCESS');
}
示例#15
0
function update_profile()
{
    global $hesk_settings, $hesklang, $can_view_unassigned;
    /* A security check */
    hesk_token_check('POST');
    $sql_pass = '';
    $sql_username = '';
    $hesk_error_buffer = '';
    $newvar['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
    $newvar['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
    $newvar['new']['signature'] = hesk_input(hesk_POST('signature'));
    $newvar['new']['user'] = hesk_input(hesk_POST('user'));
    $newvar['new']['address'] = hesk_input(hesk_POST('address'));
    $newvar['new']['phonenumber'] = hesk_input(hesk_POST('phonenumber'));
    $newvar['new']['poz_detyres'] = hesk_input(hesk_POST('poz_detyres'));
    /* Signature */
    if (strlen($newvar['new']['signature']) > 1000) {
        $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
    }
    $sql_username = "******" . hesk_dbEscape($newvar['new']['user']) . "'";
    /* Change password? */
    $newpass_cl = hesk_input(hesk_POST('newpass_cl'));
    $passlen = strlen($newpass_cl);
    if ($passlen > 0) {
        /* At least 5 chars? */
        if ($passlen < 5) {
            $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
        } else {
            $newpass2_cl = hesk_input(hesk_POST('newpass2_cl'));
            if ($newpass_cl != $newpass2_cl) {
                $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
            } else {
                $v = hesk_Pass2Hash($newpass_cl);
                if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
                    define('WARN_PASSWORD', true);
                }
                $sql_pass = '******'' . $v . '\'';
            }
        }
    }
    $id = hesk_input(hesk_POST('userid'));
    /* Any errors? */
    if (strlen($hesk_error_buffer)) {
        /* Process the session variables */
        $newvar['new'] = hesk_stripArray($newvar['new']);
        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        //hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
    }
    //else
    //{
    $query = "UPDATE " . hesk_dbEscape($hesk_settings['db_pfix']) . "clients SET \n\t\t\tname='" . hesk_dbEscape($newvar['new']['name']) . "', \n\t\t\temail='" . hesk_dbEscape($newvar['new']['email']) . "', \n\t\t\tuser='******'new']['user']) . "',\n\t\t\taddress='" . hesk_dbEscape($newvar['new']['address']) . "',\n\t\t\tphonenumber='" . hesk_dbEscape($newvar['new']['phonenumber']) . "',\n\t\t\tpoz_detyres='" . hesk_dbEscape($newvar['new']['poz_detyres']) . "',\n\t\t\tsignature='" . hesk_dbEscape($newvar['new']['signature']) . "'\n\t\t\t{$sql_pass}\n\t\t\tWHERE id=" . $id . " LIMIT 1";
    /* Update database */
    $result = hesk_dbQuery($query);
    /* Process the session variables */
    $newvar['new'] = hesk_stripArray($newvar['new']);
    $tmp = $_SESSION['id']['id'];
    $_SESSION['id'] = $newvar['new'];
    $_SESSION['id']['id'] = $tmp;
    /* Update session variables */
    /*foreach ($newvar['new'] as $k => $v)
      {
      	$_SESSION[$k] = $v;
      }*/
    unset($newvar['new']);
    hesk_cleanSessionVars('as_notify');
    hesk_process_messages($hesklang['profile_updated_success'], 'client_profile.php', 'SUCCESS');
    // }
}
示例#16
0
function toggle_active()
{
    global $hesk_settings, $hesklang;
    /* Security check */
    hesk_token_check();
    $myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']);
    $_SESSION['seluser'] = $myuser;
    if (intval($myuser) == $_SESSION['id']) {
        //-- You can't deactivate yourself!
        hesk_process_messages($hesklang['self_deactivation'], './manage_users.php');
    }
    if (intval(hesk_GET('s'))) {
        $active = 1;
        $tmp = $hesklang['user_activated'];
        $notificationSql = "";
    } else {
        $active = 0;
        $tmp = $hesklang['user_deactivated'];
        // Revoke any manager rights
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser));
        $notificationSql = ", `autoassign` = 0, `notify_new_unassigned` = 0, `notify_new_my` = 0, `notify_reply_unassigned` = 0,\n        `notify_reply_my` = 0, `notify_assigned` = 0, `notify_pm` = 0, `notify_note` = 0, `notify_note_unassigned` = 0";
    }
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `active` = '" . $active . "'" . $notificationSql . " WHERE `id` = '" . intval($myuser) . "'");
    if (hesk_dbAffectedRows() != 1) {
        hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['user_not_found'], './manage_users.php');
    }
    hesk_process_messages($tmp, './manage_users.php', 'SUCCESS');
}