function update_profile() { global $hesk_settings, $hesklang, $can_view_unassigned; /* A security check */ hesk_token_check('POST'); $sql_pass = ''; $sql_username = ''; $hesk_error_buffer = ''; $_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>'; $_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>'; $_SESSION['new']['signature'] = hesk_input(hesk_POST('signature')); /* Signature */ if (strlen($_SESSION['new']['signature']) > 255) { $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>'; } /* Admins can change username */ if ($_SESSION['isadmin']) { $_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>'; /* Check for duplicate usernames */ $result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 0) { $hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>'; } else { $sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'"; } } /* Change password? */ $newpass = hesk_input(hesk_POST('newpass')); $passlen = strlen($newpass); if ($passlen > 0) { /* At least 5 chars? */ if ($passlen < 5) { $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>'; } else { $newpass2 = hesk_input(hesk_POST('newpass2')); if ($newpass != $newpass2) { $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>'; } else { $v = hesk_Pass2Hash($newpass); if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') { define('WARN_PASSWORD', true); } $sql_pass = '******'' . $v . '\''; } } } /* After reply */ $_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply')); if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) { $_SESSION['new']['afterreply'] = 0; } /* Auto-start ticket timer */ $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0; /* Notifications */ $_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1; $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1; $_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1; $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1; $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1; /* Any errors? */ if (strlen($hesk_error_buffer)) { /* Process the session variables */ $_SESSION['new'] = hesk_stripArray($_SESSION['new']); $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); } else { /* Update database */ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n\t `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\r\n\t `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\r\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\r\n {$sql_username}\r\n\t\t{$sql_pass} ,\r\n\t `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,\r\n `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,\r\n\t `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,\r\n `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,\r\n `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,\r\n `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,\r\n `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,\r\n `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',\r\n `notify_note`='" . intval($_SESSION['new']['notify_note']) . "'\r\n\t WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1"); /* Process the session variables */ $_SESSION['new'] = hesk_stripArray($_SESSION['new']); /* Update session variables */ foreach ($_SESSION['new'] as $k => $v) { $_SESSION[$k] = $v; } unset($_SESSION['new']); hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS'); } }
if ($is_reply) { $tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message']; if (count($hesk_error_buffer)) { $myerror = '<ul>'; foreach ($hesk_error_buffer as $error) { $myerror .= "<li>{$error}</li>\n"; } $myerror .= '</ul>'; hesk_error($myerror); } $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1"); } else { $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name']; $tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer[] = $hesklang['enter_valid_email']; $tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['enter_ticket_subject']; $tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message']; // Demo mode if (defined('HESK_DEMO')) { $tmpvar['email'] = '*****@*****.**'; } if (count($hesk_error_buffer)) { $myerror = '<ul>'; foreach ($hesk_error_buffer as $error) { $myerror .= "<li>{$error}</li>\n"; } $myerror .= '</ul>'; hesk_error($myerror); } $tmpvar['message'] = hesk_makeURL($tmpvar['message']);
function forgot_tid() { global $hesk_settings, $hesklang; require HESK_PATH . 'inc/email_functions.inc.php'; $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1'); if (isset($_POST['open_only'])) { $hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0; } /* Prepare ticket statuses */ $my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']); /* Get ticket(s) from database */ hesk_load_database_functions(); hesk_dbConnect(); // Get tickets from the database $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC '); $num = hesk_dbNumRows($res); if ($num < 1) { if ($hesk_settings['open_only']) { hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email); } else { hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email); } } $tid_list = ''; $name = ''; $email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : ''; while ($my_ticket = hesk_dbFetchAssoc($res)) { $name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0); $tid_list .= "\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\n"; } /* Get e-mail message for customer */ $msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1); $msg = str_replace('%%NAME%%', $name, $msg); $msg = str_replace('%%NUM%%', $num, $msg); $msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg); $msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg); $msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg); $subject = hesk_getEmailSubject('forgot_ticket_id'); /* Send e-mail */ hesk_mail($email, $subject, $msg); /* Show success message */ $tmp = '<b>' . $hesklang['tid_sent'] . '!</b>'; $tmp .= '<br /> <br />' . $hesklang['tid_sent2'] . '.'; $tmp .= '<br /> <br />' . $hesklang['check_spambox']; hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS'); exit; }
function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php') { global $hesk_settings, $hesklang; $hesk_error_buffer = ''; $myuser['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_real_name'] . '</li>'; $myuser['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '<li>' . $hesklang['enter_valid_email'] . '</li>'; $myuser['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>'; $myuser['isadmin'] = empty($_POST['isadmin']) ? 0 : 1; $myuser['signature'] = hesk_input(hesk_POST('signature')); $myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0; /* If it's not admin at least one category and fature is required */ $myuser['categories'] = array(); $myuser['features'] = array(); if ($myuser['isadmin'] == 0) { if (empty($_POST['categories']) || !is_array($_POST['categories'])) { $hesk_error_buffer .= '<li>' . $hesklang['asign_one_cat'] . '</li>'; } else { foreach ($_POST['categories'] as $tmp) { if (is_array($tmp)) { continue; } if ($tmp = intval($tmp)) { $myuser['categories'][] = $tmp; } } } if (empty($_POST['features']) || !is_array($_POST['features'])) { $hesk_error_buffer .= '<li>' . $hesklang['asign_one_feat'] . '</li>'; } else { foreach ($_POST['features'] as $tmp) { if (in_array($tmp, $hesk_settings['features'])) { $myuser['features'][] = $tmp; } } } } if (strlen($myuser['signature']) > 255) { $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>'; } /* Password */ $myuser['cleanpass'] = ''; $newpass = hesk_input(hesk_POST('newpass')); $passlen = strlen($newpass); if ($pass_required || $passlen > 0) { /* At least 5 chars? */ if ($passlen < 5) { $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>'; } else { $newpass2 = hesk_input(hesk_POST('newpass2')); if ($newpass != $newpass2) { $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>'; } else { $myuser['pass'] = hesk_Pass2Hash($newpass); $myuser['cleanpass'] = $newpass; } } } /* Save entered info in session so we don't loose it in case of errors */ $_SESSION['userdata'] = $myuser; /* Any errors */ if (strlen($hesk_error_buffer)) { $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, $redirect_to); } return $myuser; }
function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority = -1) { global $hesk_settings, $hesklang, $hesk_db_link, $ticket; // Process "Reply-To:" or "From:" email $tmpvar['email'] = isset($results['reply-to'][0]['address']) ? hesk_validateEmail($results['reply-to'][0]['address'], 'ERR', 0) : hesk_validateEmail($results['from'][0]['address'], 'ERR', 0); // Email missing, invalid or banned? if (!$tmpvar['email'] || hesk_isBannedEmail($tmpvar['email'])) { return hesk_cleanExit(); } // Process "Reply-To:" or "From:" name, convert to UTF-8, set to "[Customer]" if not set if (isset($results['reply-to'][0]['name']) && strlen($results['reply-to'][0]['name'])) { $tmpvar['name'] = $results['reply-to'][0]['name']; if (!empty($results['reply-to'][0]['encoding'])) { $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['reply-to'][0]['encoding']); } } else { $tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde']; if (!empty($results['from'][0]['encoding'])) { $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']); } } $tmpvar['name'] = hesk_input($tmpvar['name'], '', '', 1, 50) or $tmpvar['name'] = $hesklang['pde']; // Process "To:" email (not yet implemented, for future use) // $tmpvar['to_email'] = hesk_validateEmail($results['to'][0]['address'],'ERR',0); // Process email subject, convert to UTF-8, set to "[Piped email]" if none set $tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem']; if (!empty($results['subject_encoding'])) { $tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']); } $tmpvar['subject'] = hesk_input($tmpvar['subject'], '', '', 1, 70) or $tmpvar['subject'] = $hesklang['pem']; // Process email message, convert to UTF-8 $tmpvar['message'] = isset($results['message']) ? $results['message'] : ''; if (!empty($results['encoding'])) { $tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']); } $tmpvar['message'] = hesk_input($tmpvar['message'], '', '', 1); // Message missing? if (strlen($tmpvar['message']) == 0) { // Message required? Ignore this email. if ($hesk_settings['eml_req_msg']) { return hesk_cleanExit(); } // Message not required? Assign a default message $tmpvar['message'] = $hesklang['def_msg']; // Track duplicate emails based on subject $message_hash = md5($tmpvar['subject']); } else { $message_hash = md5($tmpvar['message']); } // Strip quoted reply from email $tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']); // Convert URLs to links, change newlines to <br /> $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); # For debugging purposes # die( bin2hex($tmpvar['message']) ); # die($tmpvar['message']); // Try to detect "delivery failed" and "noreply" emails - ignore if detected if (hesk_isReturnedEmail($tmpvar)) { return hesk_cleanExit(); } // Check for email loops if (hesk_isEmailLoop($tmpvar['email'], $message_hash)) { return hesk_cleanExit(); } // OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket if (preg_match('/\\[#([A-Z0-9]{3}\\-[A-Z0-9]{3}\\-[A-Z0-9]{4})\\]/', str_replace(' ', '', $tmpvar['subject']), $matches)) { // We found a possible tracking ID $tmpvar['trackid'] = $matches[1]; // Does it match one in the database? $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($tmpvar['trackid']) . "' LIMIT 1"); if (hesk_dbNumRows($res)) { $ticket = hesk_dbFetchAssoc($res); // Do email addresses match? if (strpos(strtolower($ticket['email']), strtolower($tmpvar['email'])) === false) { $tmpvar['trackid'] = ''; } // Is this ticket locked? Force create a new one if it is if ($ticket['locked']) { $tmpvar['trackid'] = ''; } } else { $tmpvar['trackid'] = ''; } } // If tracking ID is empty, generate a new one if (empty($tmpvar['trackid'])) { $tmpvar['trackid'] = hesk_createID(); $is_reply = 0; } else { $is_reply = 1; } // Process attachments $tmpvar['attachmment_notices'] = ''; $tmpvar['attachments'] = ''; $num = 0; if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) { foreach ($results['attachments'] as $k => $v) { // Clean attachment names $myatt['real_name'] = hesk_cleanFileName($v['orig_name']); // Check number of attachments, delete any over max number if ($num >= $hesk_settings['attachments']['max_number']) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n"; continue; } // Check file extension $ext = strtolower(strrchr($myatt['real_name'], ".")); if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n"; continue; } // Check file size $myatt['size'] = $v['size']; if ($myatt['size'] > $hesk_settings['attachments']['max_size']) { $tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n"; continue; } // Generate a random file name $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789'; $tmp = $useChars[mt_rand(0, 29)]; for ($j = 1; $j < 10; $j++) { $tmp .= $useChars[mt_rand(0, 29)]; } $myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext; // Rename the temporary file rename($v['stored_name'], HESK_PATH . $hesk_settings['attach_dir'] . '/' . $myatt['saved_name']); // Insert into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')"); $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ','; $num++; } if (strlen($tmpvar['attachmment_notices'])) { $tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'], '', '', 1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'], '', '', 1)); } } // Delete the temporary files deleteAll($results['tempdir']); // If this is a reply add a new reply if ($is_reply) { // Set last replier name to customer name $ticket['lastreplier'] = $tmpvar['name'] == $hesklang['pde'] ? $tmpvar['email'] : $tmpvar['name']; // If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff" $ticket['status'] = $ticket['status'] ? 1 : 0; // Update ticket as necessary hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); // If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened) hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' "); // Insert reply into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($ticket['lastreplier']) . "','" . hesk_dbEscape($tmpvar['message']) . "',NOW(),'" . hesk_dbEscape($tmpvar['attachments']) . "')"); // --> Prepare reply message // 1. Generate the array with ticket info that can be used in emails $info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($tmpvar['message']), 'attachments' => $tmpvar['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); // --> Process custom fields before sending foreach ($hesk_settings['custom_fields'] as $k => $v) { $ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : ''; } // --> If ticket is assigned just notify the owner if ($ticket['owner']) { hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my'); } else { hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'"); } return $ticket['trackid']; } // END REPLY // Not a reply, but a new ticket. Add it to the database $tmpvar['category'] = $set_category; $tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority; $_SERVER['REMOTE_ADDR'] = $hesklang['unknown']; // Auto assign tickets if aplicable $tmpvar['owner'] = 0; $tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date()); $tmpvar['openedby'] = $pop3 ? -2 : -1; $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']); #print_r($autoassign_owner); if ($autoassign_owner) { $tmpvar['owner'] = $autoassign_owner['id']; $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')'); } // Custom fields will be empty as there is no reliable way of detecting them foreach ($hesk_settings['custom_fields'] as $k => $v) { $tmpvar[$k] = ''; } // Insert ticket to database $ticket = hesk_newTicket($tmpvar); // Notify the customer if ($hesk_settings['notify_new']) { $possible_SPAM = false; // Do we need to check subject for SPAM tags? if ($hesk_settings['notify_skip_spam']) { foreach ($hesk_settings['notify_spam_tags'] as $tag) { if (strpos($tmpvar['subject'], $tag) !== false) { $possible_SPAM = true; break; } } } // SPAM tags not found or not checked, send email if ($possible_SPAM === false) { hesk_notifyCustomer(); } } // Need to notify staff? // --> From autoassign? if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) { hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you'); } elseif (!$tmpvar['owner']) { hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' "); } return $ticket['trackid']; }
function hesk_getCustomerEmail($can_remember = 0) { global $hesk_settings, $hesklang; /* Email required to view ticket? */ if (!$hesk_settings['email_view_ticket']) { $hesk_settings['e_param'] = ''; $hesk_settings['e_query'] = ''; return ''; } /* Is this a form that enables remembering email? */ if ($can_remember) { global $do_remember; } $my_email = ''; /* Is email in query string? */ if (isset($_GET['e']) || isset($_POST['e'])) { $my_email = hesk_validateEmail(hesk_REQUEST('e'), 'ERR', 0); } elseif (isset($_COOKIE['hesk_myemail'])) { $my_email = hesk_validateEmail(hesk_COOKIE('hesk_myemail'), 'ERR', 0); if ($can_remember && $my_email) { $do_remember = ' checked="checked" '; } } $hesk_settings['e_param'] = '&e=' . rawurlencode($my_email); $hesk_settings['e_query'] = '&e=' . rawurlencode($my_email); return $my_email; }
function forgot_tid() { global $hesk_settings, $hesklang; require HESK_PATH . 'inc/email_functions.inc.php'; $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1'); /* Prepare ticket statuses */ $my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']); /* Get ticket(s) from database */ hesk_load_database_functions(); hesk_dbConnect(); // Get tickets from the database $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC '); $num = hesk_dbNumRows($res); if ($num < 1) { if ($hesk_settings['open_only']) { hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email); } else { hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email); } } $tid_list = ''; $name = ''; $email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : ''; while ($my_ticket = hesk_dbFetchAssoc($res)) { $name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0); $tid_list .= "\r\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\r\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\r\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\r\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\r\n"; } /* Get e-mail message for customer */ $msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1); $msg = str_replace('%%NAME%%', $name, $msg); $msg = str_replace('%%NUM%%', $num, $msg); $msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg); $msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg); $msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg); $subject = hesk_getEmailSubject('forgot_ticket_id'); /* Send e-mail */ hesk_mail($email, $subject, $msg); /* Show success message */ $tmp = '<b>' . $hesklang['tid_sent'] . '!</b>'; $tmp .= '<br /> <br />' . $hesklang['tid_sent2'] . '.'; $tmp .= '<br /> <br />' . $hesklang['check_spambox']; hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS'); exit; /* Print header */ $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['tid_sent']; require_once HESK_PATH . 'inc/header.inc.php'; ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="3"><img src="img/headerleftsm.jpg" width="3" height="25" alt="" /></td> <td class="headersm"><?php hesk_showTopBar($hesklang['tid_sent']); ?> </td> <td width="3"><img src="img/headerrightsm.jpg" width="3" height="25" alt="" /></td> </tr> </table> <table width="100%" border="0" cellspacing="0" cellpadding="3"> <tr> <td><span class="smaller"><a href="<?php echo $hesk_settings['site_url']; ?> " class="smaller"><?php echo $hesk_settings['site_title']; ?> </a> > <a href="<?php echo $hesk_settings['hesk_url']; ?> " class="smaller"><?php echo $hesk_settings['hesk_title']; ?> </a> > <?php echo $hesklang['tid_sent']; ?> </span></td> </tr> </table> </td> </tr> <tr> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td> <td class="roundcornerstop"></td> <td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td> </tr> <tr> <td class="roundcornersleft"> </td> <td> <p> </p> <p align="center"><?php echo $hesklang['tid_sent2']; ?> </p> <p align="center"><b><?php echo $hesklang['check_spambox']; ?> </b></p> <p> </p> <p align="center"><a href="<?php echo $hesk_settings['hesk_url']; ?> "><?php echo $hesk_settings['hesk_title']; ?> </a></p> <p> </p> </td> <td class="roundcornersright"> </td> </tr> <tr> <td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td> <td class="roundcornersbottom"></td> <td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td> </tr> </table> <?php }
function ban_email() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get the email $email = strtolower(hesk_input(hesk_REQUEST('email'))); // Nothing entered? if (!strlen($email)) { hesk_process_messages($hesklang['enterbanemail'], 'banned_emails.php'); } // Only allow one email to be entered $email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email; $email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email; // Validate email address $hesk_settings['multi_eml'] = 0; if (!hesk_validateEmail($email, '', 0) && !verify_email_domain($email)) { hesk_process_messages($hesklang['validbanemail'], 'banned_emails.php'); } // Redirect either to banned emails or ticket page from now on $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php'; // Prevent duplicate rows if ($_SESSION['ban_email']['id'] = hesk_isBannedEmail($email)) { hesk_process_messages(sprintf($hesklang['emailbanexists'], $email), $redirect_to, 'NOTICE'); } // Insert the email address into database hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` (`email`,`banned_by`) VALUES ('" . hesk_dbEscape($email) . "','" . intval($_SESSION['id']) . "')"); // Remember email that got banned $_SESSION['ban_email']['id'] = hesk_dbInsertID(); // Show success hesk_process_messages(sprintf($hesklang['email_banned'], $email), $redirect_to, 'SUCCESS'); }
// Check permissions for this feature hesk_checkPermission('can_manage_settings'); // A security check hesk_token_check('POST'); // Demo mode if (defined('HESK_DEMO')) { hesk_process_messages($hesklang['sdemo'], 'admin_settings.php'); } $set = array(); /*** GENERAL ***/ /* --> General settings */ $set['site_title'] = hesk_input(hesk_POST('s_site_title'), $hesklang['err_sname']); $set['site_title'] = str_replace('\\"', '"', $set['site_title']); $set['site_url'] = hesk_input(hesk_POST('s_site_url'), $hesklang['err_surl']); $set['webmaster_mail'] = hesk_validateEmail(hesk_POST('s_webmaster_mail'), $hesklang['err_wmmail']); $set['noreply_mail'] = hesk_validateEmail(hesk_POST('s_noreply_mail'), $hesklang['err_nomail']); $set['noreply_name'] = hesk_input(hesk_POST('s_noreply_name')); $set['noreply_name'] = str_replace(array('\\"', '<', '>'), '', $set['noreply_name']); $set['noreply_name'] = trim(preg_replace('/\\s{2,}/', ' ', $set['noreply_name'])); /* --> Language settings */ $set['can_sel_lang'] = empty($_POST['s_can_sel_lang']) ? 0 : 1; $set['languages'] = hesk_getLanguagesArray(); $lang = explode('|', hesk_input(hesk_POST('s_language'))); if (isset($lang[1]) && in_array($lang[1], hesk_getLanguagesArray(1))) { $set['language'] = $lang[1]; } else { hesk_error($hesklang['err_lang']); } /* --> Database settings */ hesk_dbClose(); if (hesk_testMySQL()) {
function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php') { global $hesk_settings, $hesklang; $hesk_error_buffer = ''; $myuser['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_real_name'] . '</li>'; $myuser['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '<li>' . $hesklang['enter_valid_email'] . '</li>'; $myuser['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>'; $myuser['isadmin'] = empty($_POST['isadmin']) ? 0 : 1; $myuser['signature'] = hesk_input(hesk_POST('signature')); $myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0; /* If it's not admin at least one category and fature is required */ $myuser['categories'] = array(); $myuser['features'] = array(); if ($myuser['isadmin'] == 0) { if (empty($_POST['categories']) || !is_array($_POST['categories'])) { $hesk_error_buffer .= '<li>' . $hesklang['asign_one_cat'] . '</li>'; } else { foreach ($_POST['categories'] as $tmp) { if (is_array($tmp)) { continue; } if ($tmp = intval($tmp)) { $myuser['categories'][] = $tmp; } } } if (empty($_POST['features']) || !is_array($_POST['features'])) { $hesk_error_buffer .= '<li>' . $hesklang['asign_one_feat'] . '</li>'; } else { foreach ($_POST['features'] as $tmp) { if (in_array($tmp, $hesk_settings['features'])) { $myuser['features'][] = $tmp; } } } } if (strlen($myuser['signature']) > 1000) { $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>'; } /* Password */ $myuser['cleanpass'] = ''; $newpass = hesk_input(hesk_POST('newpass')); $passlen = strlen($newpass); if ($pass_required || $passlen > 0) { /* At least 5 chars? */ if ($passlen < 5) { $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>'; } else { $newpass2 = hesk_input(hesk_POST('newpass2')); if ($newpass != $newpass2) { $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>'; } else { $myuser['pass'] = hesk_Pass2Hash($newpass); $myuser['cleanpass'] = $newpass; } } } /* After reply */ $myuser['afterreply'] = intval(hesk_POST('afterreply')); if ($myuser['afterreply'] != 1 && $myuser['afterreply'] != 2) { $myuser['afterreply'] = 0; } // Defaults $myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0; $myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0; $myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0; $myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0; /* Notifications */ $myuser['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) ? 0 : 1; $myuser['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1; $myuser['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) ? 0 : 1; $myuser['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1; $myuser['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1; $myuser['notify_note'] = empty($_POST['notify_note']) ? 0 : 1; $myuser['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1; /* Save entered info in session so we don't loose it in case of errors */ $_SESSION['userdata'] = $myuser; /* Any errors */ if (strlen($hesk_error_buffer)) { if ($myuser['isadmin']) { // Preserve default staff data for the form global $default_userdata; $_SESSION['userdata']['features'] = $default_userdata['features']; $_SESSION['userdata']['categories'] = $default_userdata['categories']; } $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; hesk_process_messages($hesk_error_buffer, $redirect_to); } // "can_unban_emails" feature also enables "can_ban_emails" if (in_array('can_unban_emails', $myuser['features']) && !in_array('can_ban_emails', $myuser['features'])) { $myuser['features'][] = 'can_ban_emails'; } return $myuser; }
function forgot_tid() { global $hesk_settings, $hesklang; require HESK_PATH . 'inc/email_functions.inc.php'; /* Get ticket(s) from database */ hesk_dbConnect(); $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1'); if (isset($_POST['open_only'])) { $hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0; } /* Prepare ticket statuses */ $myStatusSQL = hesk_dbQuery("SELECT `ID`, `Key` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses`"); $my_status = array(); while ($myStatusRow = hesk_dbFetchAssoc($myStatusSQL)) { $my_status[$myStatusRow['ID']] = $hesklang[$myStatusRow['Key']]; } // Get tickets from the database $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN (SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsClosed` = 0) AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC '); $num = hesk_dbNumRows($res); if ($num < 1) { if ($hesk_settings['open_only']) { hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email); } else { hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email); } } $tid_list = ''; $html_tid_list = '<ul>'; $name = ''; $email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : ''; while ($my_ticket = hesk_dbFetchAssoc($res)) { $name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0); $tid_list .= "\n {$hesklang['trackID']}: " . $my_ticket['trackid'] . "\n {$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\n {$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\n {$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\n "; $html_tid_list .= "<li>\n {$hesklang['trackID']}: " . $my_ticket['trackid'] . " <br>\n {$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . " <br>\n {$hesklang['status']}: " . $my_status[$my_ticket['status']] . " <br>\n {$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\n </li>"; } $html_tid_list .= '</ul>'; /* Get e-mail message for customer */ $msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1); $msg = processEmail($msg, $name, $num, $tid_list); // Get HTML message for customer $htmlMsg = hesk_getHtmlMessage('forgot_ticket_id', '', 0, 0, 1); $htmlMsg = processEmail($htmlMsg, $name, $num, $html_tid_list); $subject = hesk_getEmailSubject('forgot_ticket_id'); /* Send e-mail */ hesk_mail($email, $subject, $msg, $htmlMsg); /* Show success message */ $tmp = '<b>' . $hesklang['tid_sent'] . '!</b>'; $tmp .= '<br /> <br />' . $hesklang['tid_sent2'] . '.'; $tmp .= '<br /> <br />' . $hesklang['check_spambox']; hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS'); exit; /* Print header */ $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['tid_sent']; require_once HESK_PATH . 'inc/header.inc.php'; ?> <ol class="breadcrumb"> <li><a href="<?php echo $hesk_settings['site_url']; ?> "><?php echo $hesk_settings['site_title']; ?> </a></li> <li><a href="<?php echo $hesk_settings['hesk_url']; ?> "><?php echo $hesk_settings['hesk_title']; ?> </a></li> <li class="active"><?php echo $hesklang['tid_sent']; ?> </li> </ol> <tr> <td> <?php }
function update_profile() { global $hesk_settings, $hesklang, $can_view_unassigned; /* A security check */ hesk_token_check('POST'); $sql_pass = ''; $sql_username = ''; $hesk_error_buffer = ''; $newvar['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>'; $newvar['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>'; $newvar['new']['signature'] = hesk_input(hesk_POST('signature')); $newvar['new']['user'] = hesk_input(hesk_POST('user')); $newvar['new']['address'] = hesk_input(hesk_POST('address')); $newvar['new']['phonenumber'] = hesk_input(hesk_POST('phonenumber')); $newvar['new']['poz_detyres'] = hesk_input(hesk_POST('poz_detyres')); /* Signature */ if (strlen($newvar['new']['signature']) > 1000) { $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>'; } $sql_username = "******" . hesk_dbEscape($newvar['new']['user']) . "'"; /* Change password? */ $newpass_cl = hesk_input(hesk_POST('newpass_cl')); $passlen = strlen($newpass_cl); if ($passlen > 0) { /* At least 5 chars? */ if ($passlen < 5) { $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>'; } else { $newpass2_cl = hesk_input(hesk_POST('newpass2_cl')); if ($newpass_cl != $newpass2_cl) { $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>'; } else { $v = hesk_Pass2Hash($newpass_cl); if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') { define('WARN_PASSWORD', true); } $sql_pass = '******'' . $v . '\''; } } } $id = hesk_input(hesk_POST('userid')); /* Any errors? */ if (strlen($hesk_error_buffer)) { /* Process the session variables */ $newvar['new'] = hesk_stripArray($newvar['new']); $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; //hesk_process_messages($hesk_error_buffer,'NOREDIRECT'); } //else //{ $query = "UPDATE " . hesk_dbEscape($hesk_settings['db_pfix']) . "clients SET \n\t\t\tname='" . hesk_dbEscape($newvar['new']['name']) . "', \n\t\t\temail='" . hesk_dbEscape($newvar['new']['email']) . "', \n\t\t\tuser='******'new']['user']) . "',\n\t\t\taddress='" . hesk_dbEscape($newvar['new']['address']) . "',\n\t\t\tphonenumber='" . hesk_dbEscape($newvar['new']['phonenumber']) . "',\n\t\t\tpoz_detyres='" . hesk_dbEscape($newvar['new']['poz_detyres']) . "',\n\t\t\tsignature='" . hesk_dbEscape($newvar['new']['signature']) . "'\n\t\t\t{$sql_pass}\n\t\t\tWHERE id=" . $id . " LIMIT 1"; /* Update database */ $result = hesk_dbQuery($query); /* Process the session variables */ $newvar['new'] = hesk_stripArray($newvar['new']); $tmp = $_SESSION['id']['id']; $_SESSION['id'] = $newvar['new']; $_SESSION['id']['id'] = $tmp; /* Update session variables */ /*foreach ($newvar['new'] as $k => $v) { $_SESSION[$k] = $v; }*/ unset($newvar['new']); hesk_cleanSessionVars('as_notify'); hesk_process_messages($hesklang['profile_updated_success'], 'client_profile.php', 'SUCCESS'); // } }
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message']; if (count($hesk_error_buffer)) { $myerror = '<ul>'; foreach ($hesk_error_buffer as $error) { $myerror .= "<li>{$error}</li>\n"; } $myerror .= '</ul>'; hesk_error($myerror); } $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1"); } else { $tmpvar['language'] = hesk_POST('customerLanguage'); $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name']; $tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0); $tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['enter_ticket_subject']; $tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message']; // Demo mode if (defined('HESK_DEMO')) { $tmpvar['email'] = '*****@*****.**'; } if (count($hesk_error_buffer)) { $myerror = '<ul>'; foreach ($hesk_error_buffer as $error) { $myerror .= "<li>{$error}</li>\n"; } $myerror .= '</ul>'; hesk_error($myerror); } $tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss']; } else { require HESK_PATH . 'inc/secimg.inc.php'; $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']); if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) { $_SESSION['img_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng']; } } } } $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name']; $tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email']; if ($hesk_settings['confirm_email']) { $tmpvar['email2'] = hesk_validateEmail(hesk_POST('email2'), 'ERR', 0) or $hesk_error_buffer['email2'] = $hesklang['confemail2']; // Anything entered as email confirmation? if (strlen($tmpvar['email2'])) { // Do we have multiple emails? if ($hesk_settings['multi_eml'] && count(array_diff(explode(',', strtolower($tmpvar['email'])), explode(',', strtolower($tmpvar['email2'])))) == 0) { $_SESSION['c_email2'] = $_POST['email2']; } elseif (!$hesk_settings['multi_eml'] && strtolower($tmpvar['email']) == strtolower($tmpvar['email2'])) { $_SESSION['c_email2'] = $_POST['email2']; } else { // Invalid match $tmpvar['email2'] = ''; $_POST['email2'] = ''; $_SESSION['c_email2'] = ''; $_SESSION['isnotice'][] = 'email'; $hesk_error_buffer['email2'] = $hesklang['confemaile']; }