function update_profile()
{
global $hesk_settings, $hesklang, $can_view_unassigned;
/* A security check */
hesk_token_check('POST');
$sql_pass = '';
$sql_username = '';
$hesk_error_buffer = '';
$_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
$_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
$_SESSION['new']['signature'] = hesk_input(hesk_POST('signature'));
/* Signature */
if (strlen($_SESSION['new']['signature']) > 255) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
/* Admins can change username */
if ($_SESSION['isadmin']) {
$_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
/* Check for duplicate usernames */
$result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 0) {
$hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
} else {
$sql_username = "******" . hesk_dbEscape($_SESSION['new']['user']) . "'";
}
}
/* Change password? */
$newpass = hesk_input(hesk_POST('newpass'));
$passlen = strlen($newpass);
if ($passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2 = hesk_input(hesk_POST('newpass2'));
if ($newpass != $newpass2) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$v = hesk_Pass2Hash($newpass);
if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
define('WARN_PASSWORD', true);
}
$sql_pass = '******'' . $v . '\'';
}
}
}
/* After reply */
$_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply'));
if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) {
$_SESSION['new']['afterreply'] = 0;
}
/* Auto-start ticket timer */
$_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
/* Notifications */
$_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
/* Any errors? */
if (strlen($hesk_error_buffer)) {
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
} else {
/* Update database */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n\t `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',\r\n\t `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',\r\n\t\t`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'\r\n {$sql_username}\r\n\t\t{$sql_pass} ,\r\n\t `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,\r\n `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,\r\n\t `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,\r\n `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,\r\n `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,\r\n `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,\r\n `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,\r\n `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',\r\n `notify_note`='" . intval($_SESSION['new']['notify_note']) . "'\r\n\t WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
/* Update session variables */
foreach ($_SESSION['new'] as $k => $v) {
$_SESSION[$k] = $v;
}
unset($_SESSION['new']);
hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS');
}
}
if ($is_reply) {
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
if (count($hesk_error_buffer)) {
$myerror = '<ul>';
foreach ($hesk_error_buffer as $error) {
$myerror .= "<li>{$error}</li>\n";
}
$myerror .= '</ul>';
hesk_error($myerror);
}
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
} else {
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name'];
$tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer[] = $hesklang['enter_valid_email'];
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['enter_ticket_subject'];
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
// Demo mode
if (defined('HESK_DEMO')) {
$tmpvar['email'] = '*****@*****.**';
}
if (count($hesk_error_buffer)) {
$myerror = '<ul>';
foreach ($hesk_error_buffer as $error) {
$myerror .= "<li>{$error}</li>\n";
}
$myerror .= '</ul>';
hesk_error($myerror);
}
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
function forgot_tid()
{
global $hesk_settings, $hesklang;
require HESK_PATH . 'inc/email_functions.inc.php';
$email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
if (isset($_POST['open_only'])) {
$hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0;
}
/* Prepare ticket statuses */
$my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']);
/* Get ticket(s) from database */
hesk_load_database_functions();
hesk_dbConnect();
// Get tickets from the database
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC ');
$num = hesk_dbNumRows($res);
if ($num < 1) {
if ($hesk_settings['open_only']) {
hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email);
} else {
hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email);
}
}
$tid_list = '';
$name = '';
$email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : '';
while ($my_ticket = hesk_dbFetchAssoc($res)) {
$name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0);
$tid_list .= "\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\n";
}
/* Get e-mail message for customer */
$msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1);
$msg = str_replace('%%NAME%%', $name, $msg);
$msg = str_replace('%%NUM%%', $num, $msg);
$msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg);
$msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg);
$msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
$subject = hesk_getEmailSubject('forgot_ticket_id');
/* Send e-mail */
hesk_mail($email, $subject, $msg);
/* Show success message */
$tmp = '<b>' . $hesklang['tid_sent'] . '!</b>';
$tmp .= '<br /> <br />' . $hesklang['tid_sent2'] . '.';
$tmp .= '<br /> <br />' . $hesklang['check_spambox'];
hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS');
exit;
}
function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php')
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = '';
$myuser['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_real_name'] . '</li>';
$myuser['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '<li>' . $hesklang['enter_valid_email'] . '</li>';
$myuser['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
$myuser['isadmin'] = empty($_POST['isadmin']) ? 0 : 1;
$myuser['signature'] = hesk_input(hesk_POST('signature'));
$myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
/* If it's not admin at least one category and fature is required */
$myuser['categories'] = array();
$myuser['features'] = array();
if ($myuser['isadmin'] == 0) {
if (empty($_POST['categories']) || !is_array($_POST['categories'])) {
$hesk_error_buffer .= '<li>' . $hesklang['asign_one_cat'] . '</li>';
} else {
foreach ($_POST['categories'] as $tmp) {
if (is_array($tmp)) {
continue;
}
if ($tmp = intval($tmp)) {
$myuser['categories'][] = $tmp;
}
}
}
if (empty($_POST['features']) || !is_array($_POST['features'])) {
$hesk_error_buffer .= '<li>' . $hesklang['asign_one_feat'] . '</li>';
} else {
foreach ($_POST['features'] as $tmp) {
if (in_array($tmp, $hesk_settings['features'])) {
$myuser['features'][] = $tmp;
}
}
}
}
if (strlen($myuser['signature']) > 255) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
/* Password */
$myuser['cleanpass'] = '';
$newpass = hesk_input(hesk_POST('newpass'));
$passlen = strlen($newpass);
if ($pass_required || $passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2 = hesk_input(hesk_POST('newpass2'));
if ($newpass != $newpass2) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$myuser['pass'] = hesk_Pass2Hash($newpass);
$myuser['cleanpass'] = $newpass;
}
}
}
/* Save entered info in session so we don't loose it in case of errors */
$_SESSION['userdata'] = $myuser;
/* Any errors */
if (strlen($hesk_error_buffer)) {
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, $redirect_to);
}
return $myuser;
}
function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority = -1)
{
global $hesk_settings, $hesklang, $hesk_db_link, $ticket;
// Process "Reply-To:" or "From:" email
$tmpvar['email'] = isset($results['reply-to'][0]['address']) ? hesk_validateEmail($results['reply-to'][0]['address'], 'ERR', 0) : hesk_validateEmail($results['from'][0]['address'], 'ERR', 0);
// Email missing, invalid or banned?
if (!$tmpvar['email'] || hesk_isBannedEmail($tmpvar['email'])) {
return hesk_cleanExit();
}
// Process "Reply-To:" or "From:" name, convert to UTF-8, set to "[Customer]" if not set
if (isset($results['reply-to'][0]['name']) && strlen($results['reply-to'][0]['name'])) {
$tmpvar['name'] = $results['reply-to'][0]['name'];
if (!empty($results['reply-to'][0]['encoding'])) {
$tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['reply-to'][0]['encoding']);
}
} else {
$tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde'];
if (!empty($results['from'][0]['encoding'])) {
$tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']);
}
}
$tmpvar['name'] = hesk_input($tmpvar['name'], '', '', 1, 50) or $tmpvar['name'] = $hesklang['pde'];
// Process "To:" email (not yet implemented, for future use)
// $tmpvar['to_email'] = hesk_validateEmail($results['to'][0]['address'],'ERR',0);
// Process email subject, convert to UTF-8, set to "[Piped email]" if none set
$tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem'];
if (!empty($results['subject_encoding'])) {
$tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']);
}
$tmpvar['subject'] = hesk_input($tmpvar['subject'], '', '', 1, 70) or $tmpvar['subject'] = $hesklang['pem'];
// Process email message, convert to UTF-8
$tmpvar['message'] = isset($results['message']) ? $results['message'] : '';
if (!empty($results['encoding'])) {
$tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']);
}
$tmpvar['message'] = hesk_input($tmpvar['message'], '', '', 1);
// Message missing?
if (strlen($tmpvar['message']) == 0) {
// Message required? Ignore this email.
if ($hesk_settings['eml_req_msg']) {
return hesk_cleanExit();
}
// Message not required? Assign a default message
$tmpvar['message'] = $hesklang['def_msg'];
// Track duplicate emails based on subject
$message_hash = md5($tmpvar['subject']);
} else {
$message_hash = md5($tmpvar['message']);
}
// Strip quoted reply from email
$tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']);
// Convert URLs to links, change newlines to <br />
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
# For debugging purposes
# die( bin2hex($tmpvar['message']) );
# die($tmpvar['message']);
// Try to detect "delivery failed" and "noreply" emails - ignore if detected
if (hesk_isReturnedEmail($tmpvar)) {
return hesk_cleanExit();
}
// Check for email loops
if (hesk_isEmailLoop($tmpvar['email'], $message_hash)) {
return hesk_cleanExit();
}
// OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket
if (preg_match('/\\[#([A-Z0-9]{3}\\-[A-Z0-9]{3}\\-[A-Z0-9]{4})\\]/', str_replace(' ', '', $tmpvar['subject']), $matches)) {
// We found a possible tracking ID
$tmpvar['trackid'] = $matches[1];
// Does it match one in the database?
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($tmpvar['trackid']) . "' LIMIT 1");
if (hesk_dbNumRows($res)) {
$ticket = hesk_dbFetchAssoc($res);
// Do email addresses match?
if (strpos(strtolower($ticket['email']), strtolower($tmpvar['email'])) === false) {
$tmpvar['trackid'] = '';
}
// Is this ticket locked? Force create a new one if it is
if ($ticket['locked']) {
$tmpvar['trackid'] = '';
}
} else {
$tmpvar['trackid'] = '';
}
}
// If tracking ID is empty, generate a new one
if (empty($tmpvar['trackid'])) {
$tmpvar['trackid'] = hesk_createID();
$is_reply = 0;
} else {
$is_reply = 1;
}
// Process attachments
$tmpvar['attachmment_notices'] = '';
$tmpvar['attachments'] = '';
$num = 0;
if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) {
foreach ($results['attachments'] as $k => $v) {
// Clean attachment names
$myatt['real_name'] = hesk_cleanFileName($v['orig_name']);
// Check number of attachments, delete any over max number
if ($num >= $hesk_settings['attachments']['max_number']) {
$tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n";
continue;
}
// Check file extension
$ext = strtolower(strrchr($myatt['real_name'], "."));
if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) {
$tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n";
continue;
}
// Check file size
$myatt['size'] = $v['size'];
if ($myatt['size'] > $hesk_settings['attachments']['max_size']) {
$tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n";
continue;
}
// Generate a random file name
$useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789';
$tmp = $useChars[mt_rand(0, 29)];
for ($j = 1; $j < 10; $j++) {
$tmp .= $useChars[mt_rand(0, 29)];
}
$myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext;
// Rename the temporary file
rename($v['stored_name'], HESK_PATH . $hesk_settings['attach_dir'] . '/' . $myatt['saved_name']);
// Insert into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
$tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . ',';
$num++;
}
if (strlen($tmpvar['attachmment_notices'])) {
$tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'], '', '', 1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'], '', '', 1));
}
}
// Delete the temporary files
deleteAll($results['tempdir']);
// If this is a reply add a new reply
if ($is_reply) {
// Set last replier name to customer name
$ticket['lastreplier'] = $tmpvar['name'] == $hesklang['pde'] ? $tmpvar['email'] : $tmpvar['name'];
// If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff"
$ticket['status'] = $ticket['status'] ? 1 : 0;
// Update ticket as necessary
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
// If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened)
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' ");
// Insert reply into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($ticket['lastreplier']) . "','" . hesk_dbEscape($tmpvar['message']) . "',NOW(),'" . hesk_dbEscape($tmpvar['attachments']) . "')");
// --> Prepare reply message
// 1. Generate the array with ticket info that can be used in emails
$info = array('email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($tmpvar['message']), 'attachments' => $tmpvar['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'id' => $ticket['id']);
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
// --> Process custom fields before sending
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : '';
}
// --> If ticket is assigned just notify the owner
if ($ticket['owner']) {
hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
} else {
hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'");
}
return $ticket['trackid'];
}
// END REPLY
// Not a reply, but a new ticket. Add it to the database
$tmpvar['category'] = $set_category;
$tmpvar['priority'] = $set_priority < 0 ? hesk_getCategoryPriority($tmpvar['category']) : $set_priority;
$_SERVER['REMOTE_ADDR'] = $hesklang['unknown'];
// Auto assign tickets if aplicable
$tmpvar['owner'] = 0;
$tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date());
$tmpvar['openedby'] = $pop3 ? -2 : -1;
$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
#print_r($autoassign_owner);
if ($autoassign_owner) {
$tmpvar['owner'] = $autoassign_owner['id'];
$tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
}
// Custom fields will be empty as there is no reliable way of detecting them
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$tmpvar[$k] = '';
}
// Insert ticket to database
$ticket = hesk_newTicket($tmpvar);
// Notify the customer
if ($hesk_settings['notify_new']) {
$possible_SPAM = false;
// Do we need to check subject for SPAM tags?
if ($hesk_settings['notify_skip_spam']) {
foreach ($hesk_settings['notify_spam_tags'] as $tag) {
if (strpos($tmpvar['subject'], $tag) !== false) {
$possible_SPAM = true;
break;
}
}
}
// SPAM tags not found or not checked, send email
if ($possible_SPAM === false) {
hesk_notifyCustomer();
}
}
// Need to notify staff?
// --> From autoassign?
if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) {
hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
} elseif (!$tmpvar['owner']) {
hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' ");
}
return $ticket['trackid'];
}
function hesk_getCustomerEmail($can_remember = 0)
{
global $hesk_settings, $hesklang;
/* Email required to view ticket? */
if (!$hesk_settings['email_view_ticket']) {
$hesk_settings['e_param'] = '';
$hesk_settings['e_query'] = '';
return '';
}
/* Is this a form that enables remembering email? */
if ($can_remember) {
global $do_remember;
}
$my_email = '';
/* Is email in query string? */
if (isset($_GET['e']) || isset($_POST['e'])) {
$my_email = hesk_validateEmail(hesk_REQUEST('e'), 'ERR', 0);
} elseif (isset($_COOKIE['hesk_myemail'])) {
$my_email = hesk_validateEmail(hesk_COOKIE('hesk_myemail'), 'ERR', 0);
if ($can_remember && $my_email) {
$do_remember = ' checked="checked" ';
}
}
$hesk_settings['e_param'] = '&e=' . rawurlencode($my_email);
$hesk_settings['e_query'] = '&e=' . rawurlencode($my_email);
return $my_email;
}
function forgot_tid()
{
global $hesk_settings, $hesklang;
require HESK_PATH . 'inc/email_functions.inc.php';
$email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
/* Prepare ticket statuses */
$my_status = array(0 => $hesklang['open'], 1 => $hesklang['wait_staff_reply'], 2 => $hesklang['wait_cust_reply'], 3 => $hesklang['closed'], 4 => $hesklang['in_progress'], 5 => $hesklang['on_hold']);
/* Get ticket(s) from database */
hesk_load_database_functions();
hesk_dbConnect();
// Get tickets from the database
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN ('0','1','2','4','5') AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC ');
$num = hesk_dbNumRows($res);
if ($num < 1) {
if ($hesk_settings['open_only']) {
hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email);
} else {
hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email);
}
}
$tid_list = '';
$name = '';
$email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : '';
while ($my_ticket = hesk_dbFetchAssoc($res)) {
$name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0);
$tid_list .= "\r\n{$hesklang['trackID']}: " . $my_ticket['trackid'] . "\r\n{$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\r\n{$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\r\n{$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\r\n";
}
/* Get e-mail message for customer */
$msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1);
$msg = str_replace('%%NAME%%', $name, $msg);
$msg = str_replace('%%NUM%%', $num, $msg);
$msg = str_replace('%%LIST_TICKETS%%', $tid_list, $msg);
$msg = str_replace('%%SITE_TITLE%%', hesk_msgToPlain($hesk_settings['site_title'], 1), $msg);
$msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
$subject = hesk_getEmailSubject('forgot_ticket_id');
/* Send e-mail */
hesk_mail($email, $subject, $msg);
/* Show success message */
$tmp = '<b>' . $hesklang['tid_sent'] . '!</b>';
$tmp .= '<br /> <br />' . $hesklang['tid_sent2'] . '.';
$tmp .= '<br /> <br />' . $hesklang['check_spambox'];
hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS');
exit;
/* Print header */
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['tid_sent'];
require_once HESK_PATH . 'inc/header.inc.php';
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="3"><img src="img/headerleftsm.jpg" width="3" height="25" alt="" /></td>
<td class="headersm"><?php
hesk_showTopBar($hesklang['tid_sent']);
?>
</td>
<td width="3"><img src="img/headerrightsm.jpg" width="3" height="25" alt="" /></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><span class="smaller"><a href="<?php
echo $hesk_settings['site_url'];
?>
" class="smaller"><?php
echo $hesk_settings['site_title'];
?>
</a> >
<a href="<?php
echo $hesk_settings['hesk_url'];
?>
" class="smaller"><?php
echo $hesk_settings['hesk_title'];
?>
</a>
> <?php
echo $hesklang['tid_sent'];
?>
</span></td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornerstop"></td>
<td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
</tr>
<tr>
<td class="roundcornersleft"> </td>
<td>
<p> </p>
<p align="center"><?php
echo $hesklang['tid_sent2'];
?>
</p>
<p align="center"><b><?php
echo $hesklang['check_spambox'];
?>
</b></p>
<p> </p>
<p align="center"><a href="<?php
echo $hesk_settings['hesk_url'];
?>
"><?php
echo $hesk_settings['hesk_title'];
?>
</a></p>
<p> </p>
</td>
<td class="roundcornersright"> </td>
</tr>
<tr>
<td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
<td class="roundcornersbottom"></td>
<td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
</tr>
</table>
<?php
}
function ban_email()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Get the email
$email = strtolower(hesk_input(hesk_REQUEST('email')));
// Nothing entered?
if (!strlen($email)) {
hesk_process_messages($hesklang['enterbanemail'], 'banned_emails.php');
}
// Only allow one email to be entered
$email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email;
$email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email;
// Validate email address
$hesk_settings['multi_eml'] = 0;
if (!hesk_validateEmail($email, '', 0) && !verify_email_domain($email)) {
hesk_process_messages($hesklang['validbanemail'], 'banned_emails.php');
}
// Redirect either to banned emails or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
// Prevent duplicate rows
if ($_SESSION['ban_email']['id'] = hesk_isBannedEmail($email)) {
hesk_process_messages(sprintf($hesklang['emailbanexists'], $email), $redirect_to, 'NOTICE');
}
// Insert the email address into database
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` (`email`,`banned_by`) VALUES ('" . hesk_dbEscape($email) . "','" . intval($_SESSION['id']) . "')");
// Remember email that got banned
$_SESSION['ban_email']['id'] = hesk_dbInsertID();
// Show success
hesk_process_messages(sprintf($hesklang['email_banned'], $email), $redirect_to, 'SUCCESS');
}
// Check permissions for this feature
hesk_checkPermission('can_manage_settings');
// A security check
hesk_token_check('POST');
// Demo mode
if (defined('HESK_DEMO')) {
hesk_process_messages($hesklang['sdemo'], 'admin_settings.php');
}
$set = array();
/*** GENERAL ***/
/* --> General settings */
$set['site_title'] = hesk_input(hesk_POST('s_site_title'), $hesklang['err_sname']);
$set['site_title'] = str_replace('\\"', '"', $set['site_title']);
$set['site_url'] = hesk_input(hesk_POST('s_site_url'), $hesklang['err_surl']);
$set['webmaster_mail'] = hesk_validateEmail(hesk_POST('s_webmaster_mail'), $hesklang['err_wmmail']);
$set['noreply_mail'] = hesk_validateEmail(hesk_POST('s_noreply_mail'), $hesklang['err_nomail']);
$set['noreply_name'] = hesk_input(hesk_POST('s_noreply_name'));
$set['noreply_name'] = str_replace(array('\\"', '<', '>'), '', $set['noreply_name']);
$set['noreply_name'] = trim(preg_replace('/\\s{2,}/', ' ', $set['noreply_name']));
/* --> Language settings */
$set['can_sel_lang'] = empty($_POST['s_can_sel_lang']) ? 0 : 1;
$set['languages'] = hesk_getLanguagesArray();
$lang = explode('|', hesk_input(hesk_POST('s_language')));
if (isset($lang[1]) && in_array($lang[1], hesk_getLanguagesArray(1))) {
$set['language'] = $lang[1];
} else {
hesk_error($hesklang['err_lang']);
}
/* --> Database settings */
hesk_dbClose();
if (hesk_testMySQL()) {
function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php')
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = '';
$myuser['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_real_name'] . '</li>';
$myuser['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '<li>' . $hesklang['enter_valid_email'] . '</li>';
$myuser['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
$myuser['isadmin'] = empty($_POST['isadmin']) ? 0 : 1;
$myuser['signature'] = hesk_input(hesk_POST('signature'));
$myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
/* If it's not admin at least one category and fature is required */
$myuser['categories'] = array();
$myuser['features'] = array();
if ($myuser['isadmin'] == 0) {
if (empty($_POST['categories']) || !is_array($_POST['categories'])) {
$hesk_error_buffer .= '<li>' . $hesklang['asign_one_cat'] . '</li>';
} else {
foreach ($_POST['categories'] as $tmp) {
if (is_array($tmp)) {
continue;
}
if ($tmp = intval($tmp)) {
$myuser['categories'][] = $tmp;
}
}
}
if (empty($_POST['features']) || !is_array($_POST['features'])) {
$hesk_error_buffer .= '<li>' . $hesklang['asign_one_feat'] . '</li>';
} else {
foreach ($_POST['features'] as $tmp) {
if (in_array($tmp, $hesk_settings['features'])) {
$myuser['features'][] = $tmp;
}
}
}
}
if (strlen($myuser['signature']) > 1000) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
/* Password */
$myuser['cleanpass'] = '';
$newpass = hesk_input(hesk_POST('newpass'));
$passlen = strlen($newpass);
if ($pass_required || $passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2 = hesk_input(hesk_POST('newpass2'));
if ($newpass != $newpass2) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$myuser['pass'] = hesk_Pass2Hash($newpass);
$myuser['cleanpass'] = $newpass;
}
}
}
/* After reply */
$myuser['afterreply'] = intval(hesk_POST('afterreply'));
if ($myuser['afterreply'] != 1 && $myuser['afterreply'] != 2) {
$myuser['afterreply'] = 0;
}
// Defaults
$myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0;
$myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
$myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
$myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
/* Notifications */
$myuser['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) ? 0 : 1;
$myuser['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$myuser['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) ? 0 : 1;
$myuser['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$myuser['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$myuser['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$myuser['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
/* Save entered info in session so we don't loose it in case of errors */
$_SESSION['userdata'] = $myuser;
/* Any errors */
if (strlen($hesk_error_buffer)) {
if ($myuser['isadmin']) {
// Preserve default staff data for the form
global $default_userdata;
$_SESSION['userdata']['features'] = $default_userdata['features'];
$_SESSION['userdata']['categories'] = $default_userdata['categories'];
}
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, $redirect_to);
}
// "can_unban_emails" feature also enables "can_ban_emails"
if (in_array('can_unban_emails', $myuser['features']) && !in_array('can_ban_emails', $myuser['features'])) {
$myuser['features'][] = 'can_ban_emails';
}
return $myuser;
}
function forgot_tid()
{
global $hesk_settings, $hesklang;
require HESK_PATH . 'inc/email_functions.inc.php';
/* Get ticket(s) from database */
hesk_dbConnect();
$email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or hesk_process_messages($hesklang['enter_valid_email'], 'ticket.php?remind=1');
if (isset($_POST['open_only'])) {
$hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0;
}
/* Prepare ticket statuses */
$myStatusSQL = hesk_dbQuery("SELECT `ID`, `Key` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses`");
$my_status = array();
while ($myStatusRow = hesk_dbFetchAssoc($myStatusSQL)) {
$my_status[$myStatusRow['ID']] = $hesklang[$myStatusRow['Key']];
}
// Get tickets from the database
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` FORCE KEY (`statuses`) WHERE ' . ($hesk_settings['open_only'] ? "`status` IN (SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsClosed` = 0) AND " : '') . ' ' . hesk_dbFormatEmail($email) . ' ORDER BY `status` ASC, `lastchange` DESC ');
$num = hesk_dbNumRows($res);
if ($num < 1) {
if ($hesk_settings['open_only']) {
hesk_process_messages($hesklang['noopen'], 'ticket.php?remind=1&e=' . $email);
} else {
hesk_process_messages($hesklang['tid_not_found'], 'ticket.php?remind=1&e=' . $email);
}
}
$tid_list = '';
$html_tid_list = '<ul>';
$name = '';
$email_param = $hesk_settings['email_view_ticket'] ? '&e=' . rawurlencode($email) : '';
while ($my_ticket = hesk_dbFetchAssoc($res)) {
$name = $name ? $name : hesk_msgToPlain($my_ticket['name'], 1, 0);
$tid_list .= "\n {$hesklang['trackID']}: " . $my_ticket['trackid'] . "\n {$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . "\n {$hesklang['status']}: " . $my_status[$my_ticket['status']] . "\n {$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\n ";
$html_tid_list .= "<li>\n {$hesklang['trackID']}: " . $my_ticket['trackid'] . " <br>\n {$hesklang['subject']}: " . hesk_msgToPlain($my_ticket['subject'], 1, 0) . " <br>\n {$hesklang['status']}: " . $my_status[$my_ticket['status']] . " <br>\n {$hesk_settings['hesk_url']}/ticket.php?track={$my_ticket['trackid']}{$email_param}\n </li>";
}
$html_tid_list .= '</ul>';
/* Get e-mail message for customer */
$msg = hesk_getEmailMessage('forgot_ticket_id', '', 0, 0, 1);
$msg = processEmail($msg, $name, $num, $tid_list);
// Get HTML message for customer
$htmlMsg = hesk_getHtmlMessage('forgot_ticket_id', '', 0, 0, 1);
$htmlMsg = processEmail($htmlMsg, $name, $num, $html_tid_list);
$subject = hesk_getEmailSubject('forgot_ticket_id');
/* Send e-mail */
hesk_mail($email, $subject, $msg, $htmlMsg);
/* Show success message */
$tmp = '<b>' . $hesklang['tid_sent'] . '!</b>';
$tmp .= '<br /> <br />' . $hesklang['tid_sent2'] . '.';
$tmp .= '<br /> <br />' . $hesklang['check_spambox'];
hesk_process_messages($tmp, 'ticket.php?e=' . $email, 'SUCCESS');
exit;
/* Print header */
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['tid_sent'];
require_once HESK_PATH . 'inc/header.inc.php';
?>
<ol class="breadcrumb">
<li><a href="<?php
echo $hesk_settings['site_url'];
?>
"><?php
echo $hesk_settings['site_title'];
?>
</a></li>
<li><a href="<?php
echo $hesk_settings['hesk_url'];
?>
"><?php
echo $hesk_settings['hesk_title'];
?>
</a></li>
<li class="active"><?php
echo $hesklang['tid_sent'];
?>
</li>
</ol>
<tr>
<td>
<?php
}
function update_profile()
{
global $hesk_settings, $hesklang, $can_view_unassigned;
/* A security check */
hesk_token_check('POST');
$sql_pass = '';
$sql_username = '';
$hesk_error_buffer = '';
$newvar['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
$newvar['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
$newvar['new']['signature'] = hesk_input(hesk_POST('signature'));
$newvar['new']['user'] = hesk_input(hesk_POST('user'));
$newvar['new']['address'] = hesk_input(hesk_POST('address'));
$newvar['new']['phonenumber'] = hesk_input(hesk_POST('phonenumber'));
$newvar['new']['poz_detyres'] = hesk_input(hesk_POST('poz_detyres'));
/* Signature */
if (strlen($newvar['new']['signature']) > 1000) {
$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
}
$sql_username = "******" . hesk_dbEscape($newvar['new']['user']) . "'";
/* Change password? */
$newpass_cl = hesk_input(hesk_POST('newpass_cl'));
$passlen = strlen($newpass_cl);
if ($passlen > 0) {
/* At least 5 chars? */
if ($passlen < 5) {
$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
} else {
$newpass2_cl = hesk_input(hesk_POST('newpass2_cl'));
if ($newpass_cl != $newpass2_cl) {
$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
} else {
$v = hesk_Pass2Hash($newpass_cl);
if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
define('WARN_PASSWORD', true);
}
$sql_pass = '******'' . $v . '\'';
}
}
}
$id = hesk_input(hesk_POST('userid'));
/* Any errors? */
if (strlen($hesk_error_buffer)) {
/* Process the session variables */
$newvar['new'] = hesk_stripArray($newvar['new']);
$hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
//hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
}
//else
//{
$query = "UPDATE " . hesk_dbEscape($hesk_settings['db_pfix']) . "clients SET \n\t\t\tname='" . hesk_dbEscape($newvar['new']['name']) . "', \n\t\t\temail='" . hesk_dbEscape($newvar['new']['email']) . "', \n\t\t\tuser='******'new']['user']) . "',\n\t\t\taddress='" . hesk_dbEscape($newvar['new']['address']) . "',\n\t\t\tphonenumber='" . hesk_dbEscape($newvar['new']['phonenumber']) . "',\n\t\t\tpoz_detyres='" . hesk_dbEscape($newvar['new']['poz_detyres']) . "',\n\t\t\tsignature='" . hesk_dbEscape($newvar['new']['signature']) . "'\n\t\t\t{$sql_pass}\n\t\t\tWHERE id=" . $id . " LIMIT 1";
/* Update database */
$result = hesk_dbQuery($query);
/* Process the session variables */
$newvar['new'] = hesk_stripArray($newvar['new']);
$tmp = $_SESSION['id']['id'];
$_SESSION['id'] = $newvar['new'];
$_SESSION['id']['id'] = $tmp;
/* Update session variables */
/*foreach ($newvar['new'] as $k => $v)
{
$_SESSION[$k] = $v;
}*/
unset($newvar['new']);
hesk_cleanSessionVars('as_notify');
hesk_process_messages($hesklang['profile_updated_success'], 'client_profile.php', 'SUCCESS');
// }
}
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
if (count($hesk_error_buffer)) {
$myerror = '<ul>';
foreach ($hesk_error_buffer as $error) {
$myerror .= "<li>{$error}</li>\n";
}
$myerror .= '</ul>';
hesk_error($myerror);
}
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
} else {
$tmpvar['language'] = hesk_POST('customerLanguage');
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name'];
$tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0);
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['enter_ticket_subject'];
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
// Demo mode
if (defined('HESK_DEMO')) {
$tmpvar['email'] = '*****@*****.**';
}
if (count($hesk_error_buffer)) {
$myerror = '<ul>';
foreach ($hesk_error_buffer as $error) {
$myerror .= "<li>{$error}</li>\n";
}
$myerror .= '</ul>';
hesk_error($myerror);
}
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
} else {
require HESK_PATH . 'inc/secimg.inc.php';
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
$_SESSION['img_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
$tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email'];
if ($hesk_settings['confirm_email']) {
$tmpvar['email2'] = hesk_validateEmail(hesk_POST('email2'), 'ERR', 0) or $hesk_error_buffer['email2'] = $hesklang['confemail2'];
// Anything entered as email confirmation?
if (strlen($tmpvar['email2'])) {
// Do we have multiple emails?
if ($hesk_settings['multi_eml'] && count(array_diff(explode(',', strtolower($tmpvar['email'])), explode(',', strtolower($tmpvar['email2'])))) == 0) {
$_SESSION['c_email2'] = $_POST['email2'];
} elseif (!$hesk_settings['multi_eml'] && strtolower($tmpvar['email']) == strtolower($tmpvar['email2'])) {
$_SESSION['c_email2'] = $_POST['email2'];
} else {
// Invalid match
$tmpvar['email2'] = '';
$_POST['email2'] = '';
$_SESSION['c_email2'] = '';
$_SESSION['isnotice'][] = 'email';
$hesk_error_buffer['email2'] = $hesklang['confemaile'];
}
