function update_profile() { global $hesk_settings, $hesklang, $can_view_unassigned; /* A security check */ hesk_token_check('POST'); $sql_pass = ''; $sql_username = ''; $hesk_error_buffer = ''; $_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>'; $_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>'; $_SESSION['new']['signature'] = hesk_input(hesk_POST('signature')); /* Signature */ if (strlen($_SESSION['new']['signature']) > 255) { $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>'; } /* Admins can change username */ if ($_SESSION['isadmin']) { $_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>'; /* Check for duplicate usernames */ $result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 0) { $hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>'; } else { $sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'"; } } /* Change password? */ $newpass = hesk_input(hesk_POST('newpass')); $passlen = strlen($newpass); if ($passlen > 0) { /* At least 5 chars? */ if ($passlen < 5) { $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>'; } else { $newpass2 = hesk_input(hesk_POST('newpass2')); if ($newpass != $newpass2) { $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>'; } else { $v = hesk_Pass2Hash($newpass); if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') { define('WARN_PASSWORD', true); } $sql_pass = '******'' . $v . '\''; } } } /* After reply */ $_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply')); if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) { $_SESSION['new']['afterreply'] = 0; } /* Auto-start ticket timer */ $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0; /* Notifications */ $_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1; $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1; $_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1; $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1; $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1; /* Any errors? */ if (strlen($hesk_error_buffer)) { /* Process the session variables */ $_SESSION['new'] = hesk_stripArray($_SESSION['new']); $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); } else { /* Update database */ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n\t `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\r\n\t `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\r\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\r\n {$sql_username}\r\n\t\t{$sql_pass} ,\r\n\t `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,\r\n `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,\r\n\t `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,\r\n `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,\r\n `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,\r\n `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,\r\n `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,\r\n `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',\r\n `notify_note`='" . intval($_SESSION['new']['notify_note']) . "'\r\n\t WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1"); /* Process the session variables */ $_SESSION['new'] = hesk_stripArray($_SESSION['new']); /* Update session variables */ foreach ($_SESSION['new'] as $k => $v) { $_SESSION[$k] = $v; } unset($_SESSION['new']); hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS'); } }
define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_reply_tickets'); hesk_checkPermission('can_edit_tickets'); /* A security check */ hesk_token_check(); /* Ticket ID */ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']); /* New archived status */ if (empty($_GET['locked'])) { $status = 0; $tmp = $hesklang['tunlock']; $revision = sprintf($hesklang['thist6'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); } else { $status = 1; $tmp = $hesklang['tlock']; $revision = sprintf($hesklang['thist5'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); } /* Update database */ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='3',`locked`='{$status}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); /* Back to ticket page and show a success message */
function remove_sm() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get ID $id = intval(hesk_GET('id')) or hesk_error($hesklang['sm_e_id']); // Delete the service message hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `id`={$id} LIMIT 1"); // Were we successful? if (hesk_dbAffectedRows() == 1) { hesk_process_messages($hesklang['sm_deleted'], './service_messages.php', 'SUCCESS'); } else { hesk_process_messages($hesklang['sm_not_found'], './service_messages.php'); } }
* a license please visit the page below: * https://www.hesk.com/buy.php *******************************************************************************/ define('IN_SCRIPT', 1); define('HESK_PATH', '../'); /* Get all the required files and functions */ require HESK_PATH . 'hesk_settings.inc.php'; require HESK_PATH . 'inc/common.inc.php'; require HESK_PATH . 'inc/admin_functions.inc.php'; hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_reply_tickets'); /* A security check */ hesk_token_check('POST'); /* Ticket ID */ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']); $priority = intval(hesk_POST('priority')); if ($priority < 0 || $priority > 3) { hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE'); } $options = array(0 => '<font class="critical">' . $hesklang['critical'] . '</font>', 1 => '<font class="important">' . $hesklang['high'] . '</font>', 2 => '<font class="medium">' . $hesklang['medium'] . '</font>', 3 => $hesklang['low']); $revision = sprintf($hesklang['thist8'], hesk_date(), $options[$priority], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['inpr'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE'); } hesk_process_messages(sprintf($hesklang['chpri2'], $options[$priority]), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
function toggle_type() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $catid = intval(hesk_GET('catid')) or hesk_error($hesklang['cat_move_id']); $_SESSION['selcat2'] = $catid; if (intval(hesk_GET('s'))) { $type = 1; $tmp = $hesklang['cpriv']; } else { $type = 0; $tmp = $hesklang['cpub']; } /* Update auto-assign settings */ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `type`='{$type}' WHERE `id`='" . intval($catid) . "' LIMIT 1"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php'); } hesk_process_messages($tmp, './manage_categories.php', 'SUCCESS'); }
function mail_send() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $hesk_error_buffer = ''; /* Recipient */ $_SESSION['mail']['to'] = intval(hesk_POST('to')); /* Valid recipient? */ if (empty($_SESSION['mail']['to'])) { $hesk_error_buffer .= '<li>' . $hesklang['m_rec'] . '</li>'; } elseif ($_SESSION['mail']['to'] == $_SESSION['id']) { $hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>'; } else { $res = hesk_dbQuery("SELECT `name`,`email`,`notify_pm` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($_SESSION['mail']['to']) . "' LIMIT 1"); $num = hesk_dbNumRows($res); if (!$num) { $hesk_error_buffer .= '<li>' . $hesklang['m_inr'] . '</li>'; } else { $pm_recipient = hesk_dbFetchAssoc($res); } } /* Subject */ $_SESSION['mail']['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer .= '<li>' . $hesklang['m_esu'] . '</li>'; /* Message */ $_SESSION['mail']['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_message'] . '</li>'; /* Any errors? */ if (strlen($hesk_error_buffer)) { $_SESSION['hide']['list'] = 1; $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); } else { $_SESSION['mail']['message'] = hesk_makeURL($_SESSION['mail']['message']); $_SESSION['mail']['message'] = nl2br($_SESSION['mail']['message']); hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`from`,`to`,`subject`,`message`,`dt`,`read`) VALUES ('" . intval($_SESSION['id']) . "','" . intval($_SESSION['mail']['to']) . "','" . hesk_dbEscape($_SESSION['mail']['subject']) . "','" . hesk_dbEscape($_SESSION['mail']['message']) . "',NOW(),'0')"); /* Notify receiver via e-mail? */ if (isset($pm_recipient) && $pm_recipient['notify_pm']) { $pm_id = hesk_dbInsertID(); $pm = array('name' => hesk_msgToPlain(addslashes($_SESSION['name']), 1, 1), 'subject' => hesk_msgToPlain($_SESSION['mail']['subject'], 1, 1), 'message' => hesk_msgToPlain($_SESSION['mail']['message'], 1, 1), 'id' => $pm_id); /* Format email subject and message for recipient */ $subject = hesk_getEmailSubject('new_pm', $pm, 0); $message = hesk_getEmailMessage('new_pm', $pm, 1, 0); /* Send e-mail */ hesk_mail($pm_recipient['email'], $subject, $message); } unset($_SESSION['mail']); hesk_process_messages($hesklang['m_pms'], './mail.php', 'SUCCESS'); } }
function order_saved() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $tplid = intval(hesk_GET('replyid')) or hesk_error($hesklang['ticket_tpl_id']); $_SESSION['canned']['selcat2'] = $tplid; $tpl_move = intval(hesk_GET('move')); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=`tpl_order`+" . intval($tpl_move) . " WHERE `id`='" . intval($tplid) . "' LIMIT 1"); if (hesk_dbAffectedRows() != 1) { hesk_error("{$hesklang['int_error']}: {$hesklang['ticket_tpl_not_found']}."); } /* Update all category fields with new order */ $result = hesk_dbQuery('SELECT `id` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'ticket_templates` ORDER BY `tpl_order` ASC'); $i = 10; while ($mytpl = hesk_dbFetchAssoc($result)) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=" . intval($i) . " WHERE `id`='" . intval($mytpl['id']) . "' LIMIT 1"); $i += 10; } header('Location: manage_ticket_templates.php'); exit; }
function logout() { global $hesk_settings, $hesklang; if (!hesk_token_check('GET', 0)) { print_login(); exit; } /* Delete from Who's online database */ if ($hesk_settings['online']) { require HESK_PATH . 'inc/users_online.inc.php'; hesk_setOffline($_SESSION['id']); } /* Destroy session and cookies */ hesk_session_stop(); /* If we're using the security image for admin login start a new session */ if ($hesk_settings['secimg_use'] == 2) { hesk_session_start(); } /* Show success message and reset the cookie */ hesk_process_messages($hesklang['logout_success'], 'NOREDIRECT', 'SUCCESS'); setcookie('hesk_p', ''); /* Print the login form */ print_login(); exit; }
?> <input name="submitbutton_tickets" type="submit" class="btn btn-default filter-ticket-btn" value="Search"/> <button name="clearbutton_tickets" onclick="deleteticket_admin();return false;" class="btn btn-default filter-ticket-btn" value="">Clear</button> </form> </div> <!--end div i filtrave --> <?php if (!isset($_SESSION['hide']['ticket_list'])) { echo '<br/><br/> <div class="container open-new-ticket"> <div class="form-inline col-sm-10"><img src="../img/open-tickets.png" alt="open-tickets" /><span id="openTicket">' . $hesklang['open_tickets'] . '</span></div> <span class="col-sm-2 newTicket"><a href="new_ticket.php"><button type="submit" class="btn btn-default new-ticket-btn">' . $hesklang['nti'] . '</button></a></span> </div> '; } /* Reset default settings? */ if (isset($_GET['reset']) && hesk_token_check()) { $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1"); $_SESSION['default_list'] = ''; } else { parse_str($_SESSION['default_list'], $defaults); $_GET = isset($_GET) && is_array($_GET) ? array_merge($_GET, $defaults) : $defaults; } /* Print the list of tickets */ require HESK_PATH . 'inc/print_tickets.inc.php'; /* Print forms for listing and searching tickets */ /*require(HESK_PATH . 'inc/show_search_form.inc.php');*/ } else { echo '<p><i>' . $hesklang['na_view_tickets'] . '</i></p>'; } /* Clean unneeded session variables */ hesk_cleanSessionVars('hide');
function toggle_autoassign() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']); $_SESSION['seluser'] = $myuser; if (intval(hesk_GET('s'))) { $autoassign = 1; $tmp = $hesklang['uaaon']; } else { $autoassign = 0; $tmp = $hesklang['uaaoff']; } /* Update auto-assign settings */ $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `autoassign`='{$autoassign}' WHERE `id`='" . intval($myuser) . "'"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['user_not_found'], './manage_users.php'); } hesk_process_messages($tmp, './manage_users.php', 'SUCCESS'); }
function toggle_sticky() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $id = intval(hesk_GET('id')) or hesk_error($hesklang['kb_art_id']); $catid = intval(hesk_GET('catid')) or hesk_error($hesklang['kb_cat_inv']); $sticky = empty($_GET['s']) ? 0 : 1; $_SESSION['artord'] = $id; /* Update article "sticky" status */ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `sticky`='" . intval($sticky) . " ' WHERE `id`='" . intval($id) . "' LIMIT 1"); /* Update article order */ update_article_order($catid); $tmp = $sticky ? $hesklang['ason'] : $hesklang['asoff']; hesk_process_messages($tmp, './manage_knowledgebase.php?a=manage_cat&catid=' . $catid, 'SUCCESS'); }
} /* Update time worked */ if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST')) { $h = intval(hesk_POST('h')); $m = intval(hesk_POST('m')); $s = intval(hesk_POST('s')); /* Get time worked in proper format */ $time_worked = hesk_getTime($h . ':' . $m . ':' . $s); /* Update database */ $revision = sprintf($hesklang['thist14'], hesk_date(), $time_worked, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); /* Show ticket */ hesk_process_messages($hesklang['twu'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); } /* Delete attachment action */ if (isset($_GET['delatt']) && hesk_token_check()) { if (!$can_delete || !$can_edit) { hesk_process_messages($hesklang['no_permission'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999)); } $att_id = intval(hesk_GET('delatt')) or hesk_error($hesklang['inv_att_id']); $reply = intval(hesk_GET('reply', 0)); if ($reply < 1) { $reply = 0; } $note = intval(hesk_GET('note', 0)); if ($note < 1) { $note = 0; } /* Get attachment info */ $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1"); if (hesk_dbNumRows($res) != 1) {
function remove_contract() { global $hesk_settings, $hesklang; hesk_token_check(); $_SERVER['PHP_SELF'] = 'contracts.php#tab_edit-cont'; $con = intval(hesk_GET('id')); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contracts` WHERE NOT EXISTS\n\t(SELECT NULL FROM`" . hesk_dbEscape($hesk_settings['db_pfix']) . "contractforclient` as `cc` WHERE `cc`.`contract_Id`='" . intval($con) . "') && `id`='" . intval($con) . "' LIMIT 1"); if (hesk_dbAffectedRows() != 1) { hesk_error("{$hesklang['con_req']}."); } hesk_process_messages($hesklang['con_removed_db'], $_SERVER['PHP_SELF'], 'SUCCESS'); }
function unban_email() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Delete from bans hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1"); // Redirect either to banned emails or ticket page from now on $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php'; // Show success hesk_process_messages($hesklang['email_unbanned'], $redirect_to, 'SUCCESS'); }
function update_profile() { global $hesk_settings, $hesklang, $can_view_unassigned; /* A security check */ hesk_token_check('POST'); $sql_pass = ''; $sql_username = ''; $hesk_error_buffer = ''; $newvar['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>'; $newvar['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>'; $newvar['new']['signature'] = hesk_input(hesk_POST('signature')); $newvar['new']['user'] = hesk_input(hesk_POST('user')); $newvar['new']['address'] = hesk_input(hesk_POST('address')); $newvar['new']['phonenumber'] = hesk_input(hesk_POST('phonenumber')); $newvar['new']['poz_detyres'] = hesk_input(hesk_POST('poz_detyres')); /* Signature */ if (strlen($newvar['new']['signature']) > 1000) { $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>'; } $sql_username = "******" . hesk_dbEscape($newvar['new']['user']) . "'"; /* Change password? */ $newpass_cl = hesk_input(hesk_POST('newpass_cl')); $passlen = strlen($newpass_cl); if ($passlen > 0) { /* At least 5 chars? */ if ($passlen < 5) { $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>'; } else { $newpass2_cl = hesk_input(hesk_POST('newpass2_cl')); if ($newpass_cl != $newpass2_cl) { $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>'; } else { $v = hesk_Pass2Hash($newpass_cl); if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') { define('WARN_PASSWORD', true); } $sql_pass = '******'' . $v . '\''; } } } $id = hesk_input(hesk_POST('userid')); /* Any errors? */ if (strlen($hesk_error_buffer)) { /* Process the session variables */ $newvar['new'] = hesk_stripArray($newvar['new']); $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; //hesk_process_messages($hesk_error_buffer,'NOREDIRECT'); } //else //{ $query = "UPDATE " . hesk_dbEscape($hesk_settings['db_pfix']) . "clients SET \n\t\t\tname='" . hesk_dbEscape($newvar['new']['name']) . "', \n\t\t\temail='" . hesk_dbEscape($newvar['new']['email']) . "', \n\t\t\tuser='******'new']['user']) . "',\n\t\t\taddress='" . hesk_dbEscape($newvar['new']['address']) . "',\n\t\t\tphonenumber='" . hesk_dbEscape($newvar['new']['phonenumber']) . "',\n\t\t\tpoz_detyres='" . hesk_dbEscape($newvar['new']['poz_detyres']) . "',\n\t\t\tsignature='" . hesk_dbEscape($newvar['new']['signature']) . "'\n\t\t\t{$sql_pass}\n\t\t\tWHERE id=" . $id . " LIMIT 1"; /* Update database */ $result = hesk_dbQuery($query); /* Process the session variables */ $newvar['new'] = hesk_stripArray($newvar['new']); $tmp = $_SESSION['id']['id']; $_SESSION['id'] = $newvar['new']; $_SESSION['id']['id'] = $tmp; /* Update session variables */ /*foreach ($newvar['new'] as $k => $v) { $_SESSION[$k] = $v; }*/ unset($newvar['new']); hesk_cleanSessionVars('as_notify'); hesk_process_messages($hesklang['profile_updated_success'], 'client_profile.php', 'SUCCESS'); // } }
function toggle_active() { global $hesk_settings, $hesklang; /* Security check */ hesk_token_check(); $myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']); $_SESSION['seluser'] = $myuser; if (intval($myuser) == $_SESSION['id']) { //-- You can't deactivate yourself! hesk_process_messages($hesklang['self_deactivation'], './manage_users.php'); } if (intval(hesk_GET('s'))) { $active = 1; $tmp = $hesklang['user_activated']; $notificationSql = ""; } else { $active = 0; $tmp = $hesklang['user_deactivated']; // Revoke any manager rights hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser)); $notificationSql = ", `autoassign` = 0, `notify_new_unassigned` = 0, `notify_new_my` = 0, `notify_reply_unassigned` = 0,\n `notify_reply_my` = 0, `notify_assigned` = 0, `notify_pm` = 0, `notify_note` = 0, `notify_note_unassigned` = 0"; } hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `active` = '" . $active . "'" . $notificationSql . " WHERE `id` = '" . intval($myuser) . "'"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['user_not_found'], './manage_users.php'); } hesk_process_messages($tmp, './manage_users.php', 'SUCCESS'); }