';
$errors[] = 'msg';
}
// Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
$msg = preg_replace('/\R/u', "\r\n", $msg);
$_SESSION['canned']['what'] = 'NEW';
$_SESSION['canned']['name'] = $savename;
$_SESSION['canned']['msg'] = $msg;
$_SESSION['canned']['errors'] = $errors;
/* Any errors? */
if (strlen($hesk_error_buffer))
{
$hesk_error_buffer = $hesklang['rfm'].'
'.$hesk_error_buffer.'
';
hesk_process_messages($hesk_error_buffer,'manage_ticket_templates.php');
}
if ($hesk_settings['staff_ticket_formatting'] == 2) {
// Decode the message we encoded earlier
$msg_html = hesk_html_entity_decode($msg);
// Clean the HTML code and set the plaintext version
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
require(HESK_PATH . 'inc/html2text/html2text.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$msg_html = $purifier->heskPurify($msg_html);
$msg = convert_html_to_text($msg_html);
$msg = fix_newlines($msg);
// Replace regular newlines with \r\n to match regular plaintext storage... but then get rid of any accidental \r\r\n outputs
$msg = str_replace("\n", "\r\n", $msg);
$msg = str_replace("\r\r\n", "\r\n", $msg);
// Re-encode the message
$msg = hesk_htmlspecialchars($msg);
} else {
$msg_html = hesk_makeURL($msg);
$msg_html = nl2br($msg_html);
}
/* Get the latest tpl_order */
$result = hesk_dbQuery('SELECT `tpl_order` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` DESC LIMIT 1');
$row = hesk_dbFetchRow($result);
$my_order = isset($row[0]) ? intval($row[0]) + 10 : 10;
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` (`title`,`message`,`message_html`,`tpl_order`) VALUES ('".hesk_dbEscape($savename)."','".hesk_dbEscape($msg)."','".hesk_dbEscape($msg_html)."','".intval($my_order)."')");
$_SESSION['canned']['selcat2'] = hesk_dbInsertID();
unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['name']);
unset($_SESSION['canned']['msg']);
unset($_SESSION['canned']['errors']);
hesk_process_messages($hesklang['ticket_tpl_saved'],'manage_ticket_templates.php','SUCCESS');
} // End new_saved()
function remove()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check();
$mysaved = intval( hesk_GET('id') ) or hesk_error($hesklang['id_not_valid']);
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` WHERE `id`='".intval($mysaved)."'");
if (hesk_dbAffectedRows() != 1)
{
hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
}
hesk_process_messages($hesklang['ticket_tpl_removed'],'manage_ticket_templates.php','SUCCESS');
} // End remove()
function order_saved()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check();
$tplid = intval( hesk_GET('replyid') ) or hesk_error($hesklang['ticket_tpl_id']);
$_SESSION['canned']['selcat2'] = $tplid;
$tpl_move = intval( hesk_GET('move') );
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `tpl_order`=`tpl_order`+".intval($tpl_move)." WHERE `id`='".intval($tplid)."'");
if (hesk_dbAffectedRows() != 1) {hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");}
/* Update all category fields with new order */
$result = hesk_dbQuery('SELECT `id` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` ASC');
$i = 10;
while ($mytpl=hesk_dbFetchAssoc($result))
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `tpl_order`=".intval($i)." WHERE `id`='".intval($mytpl['id'])."'");
$i += 10;
}
header('Location: manage_ticket_templates.php');
exit();
} // End order_saved()
?>
PK ~3Yx
x
lock.phpnu [
PK ~3Y/U assign_owner.phpnu [ '.$hesklang['unas'].'',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0, `assignedby`=NULL, `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."'");
hesk_process_messages($hesklang['tunasi2'],$_SERVER['PHP_SELF'],'SUCCESS');
}
elseif ($owner < 1)
{
hesk_process_messages($hesklang['nose'],$_SERVER['PHP_SELF'],'NOTICE');
}
/* Verify the new owner and permissions */
$res = hesk_dbQuery("SELECT `id`,`user`,`name`,`email`,`isadmin`,`categories`,`notify_assigned` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$owner}' LIMIT 1");
$row = hesk_dbFetchAssoc($res);
/* Has new owner access to the category? */
if ( ! $row['isadmin'])
{
$row['categories']=explode(',',$row['categories']);
if (!in_array($ticket['category'],$row['categories']))
{
hesk_error($hesklang['unoa']);
}
}
// Make sure two people don't assign a ticket to a different user at the same time
if ($ticket['owner'] && $ticket['owner'] != $owner && hesk_REQUEST('unassigned') && hesk_GET('confirm') != 'Y')
{
$new_owner = ($owner == $_SESSION['id']) ? $hesklang['scoy'] : sprintf($hesklang['scot'], $row['name']);
$res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$ticket['owner']}' LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
$row = hesk_dbFetchAssoc($res);
hesk_process_messages(
sprintf($hesklang['taat'], $row['name']) .
'
' .
$new_owner .
'
' .
''.$hesklang['ycto'].' | ' .
''.$hesklang['ncto'].'',
$_SERVER['PHP_SELF'], 'NOTICE'
);
}
}
/* Assigning to self? */
if ($can_assign_others || ($owner == $_SESSION['id'] && $can_assign_self))
{
$assignedby = intval(hesk_SESSION('id'));
if ($assignedby > 0)
{
$assignedby = ',`assignedby`=' . $assignedby;
}
else
{
$assignedby = '';
}
$revision = sprintf($hesklang['thist2'],hesk_date(),addslashes($row['name']).' ('.$row['user'].')',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`={$owner} {$assignedby}, `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."'");
if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others',0))
{
$_SERVER['PHP_SELF']='admin_main.php';
}
}
else
{
hesk_error($hesklang['no_permission']);
}
$ticket['owner'] = $owner;
/* --> Prepare message */
// 1. Generate the array with ticket info that can be used in emails
$info = array(
'email' => $ticket['email'],
'category' => $ticket['category'],
'priority' => $ticket['priority'],
'owner' => $ticket['owner'],
'trackid' => $ticket['trackid'],
'status' => $ticket['status'],
'name' => $ticket['name'],
'subject' => $ticket['subject'],
'message' => $ticket['message'],
'message_html' => $ticket['message_html'],
'attachments' => $ticket['attachments'],
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'due_date' => hesk_format_due_date($ticket['due_date']),
'id' => $ticket['id'],
'time_worked' => $ticket['time_worked'],
'last_reply_by' => hesk_getReplierName($ticket),
);
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v)
{
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
/* Notify the new owner? */
if ($ticket['owner'] != intval($_SESSION['id']))
{
hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you');
}
$tmp = ($owner == $_SESSION['id']) ? $hesklang['tasy'] : $hesklang['taso'];
hesk_process_messages($tmp,$_SERVER['PHP_SELF'],'SUCCESS');
?>
PK ~3Y% % generate_spam_question.phpnu [
PK ~3YkS S show_tickets.phpnu [
PK ~3Y% change_status.phpnu [ array('value' => 0, 'text' => $hesklang['critical'], 'formatted' => $hesklang['critical']),
'high' => array('value' => 1, 'text' => $hesklang['high'], 'formatted' => $hesklang['high']),
'medium' => array('value' => 2, 'text' => $hesklang['medium'], 'formatted' => $hesklang['medium']),
'low' => array('value' => 3, 'text' => $hesklang['low'], 'formatted' => $hesklang['low']),
);
// Assign tickets to
if ( isset($_POST['action-type']) && $_POST['action-type'] == 'assi')
{
if ( ! isset($_POST['owner']) || $_POST['owner'] == '')
{
hesk_process_messages($hesklang['assign_no'], $referer, 'NOTICE');
}
$end_message = array();
$num_assigned = 0;
// Permissions
$can_assign_others = hesk_checkPermission('can_assign_others',0);
if ($can_assign_others)
{
$can_assign_self = TRUE;
}
else
{
$can_assign_self = hesk_checkPermission('can_assign_self',0);
}
$owner = intval( hesk_POST('owner') );
if ($owner == -1)
{
foreach ($_POST['id'] as $this_id)
{
if ( is_array($this_id) )
{
continue;
}
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
$revision = sprintf($hesklang['thist2'],hesk_date(),''.$hesklang['unas'].'',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0 , `assignedby`=NULL , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`={$this_id} LIMIT 1");
$end_message[] = sprintf($hesklang['assign_2'], $this_id);
$i++;
}
hesk_process_messages($hesklang['assign_1'],$referer,'SUCCESS');
}
$res = hesk_dbQuery("SELECT `id`,`user`,`name`,`email`,`isadmin`,`categories`,`notify_assigned` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$owner}' LIMIT 1");
$owner_data = hesk_dbFetchAssoc($res);
if ( ! $owner_data['isadmin'])
{
$owner_data['categories']=explode(',',$owner_data['categories']);
}
require(HESK_PATH . 'inc/email_functions.inc.php');
foreach ($_POST['id'] as $this_id)
{
if ( is_array($this_id) )
{
continue;
}
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`={$this_id} LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
continue;
}
$ticket = hesk_dbFetchAssoc($result);
if ( $ticket['owner'] == $owner )
{
$end_message[] = sprintf($hesklang['assign_3'], $ticket['trackid'], $owner_data['name']);
$i++;
continue;
}
if ( $owner_data['isadmin'] || in_array($ticket['category'],$owner_data['categories']))
{
$revision = sprintf($hesklang['thist2'],hesk_date(),addslashes($owner_data['name']).' ('.$owner_data['user'].')',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`={$owner} , `assignedby`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`={$this_id} LIMIT 1");
$end_message[] = sprintf($hesklang['assign_4'], $ticket['trackid'], $owner_data['name']);
$num_assigned++;
$ticket['owner'] = $owner;
/* --> Prepare message */
// 1. Generate the array with ticket info that can be used in emails
$info = array(
'email' => $ticket['email'],
'category' => $ticket['category'],
'priority' => $ticket['priority'],
'owner' => $ticket['owner'],
'trackid' => $ticket['trackid'],
'status' => $ticket['status'],
'name' => $ticket['name'],
'subject' => $ticket['subject'],
'message' => $ticket['message'],
'message_html' => $ticket['message_html'],
'attachments' => $ticket['attachments'],
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'due_date' => hesk_format_due_date($ticket['due_date']),
'id' => $ticket['id'],
'time_worked' => $ticket['time_worked'],
'last_reply_by' => hesk_getReplierName($ticket),
);
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v)
{
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
/* Notify the new owner? */
if ($ticket['owner'] != intval($_SESSION['id']))
{
hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you');
}
}
else
{
$end_message[] = sprintf($hesklang['assign_5'], $ticket['trackid'], $owner_data['name']);
}
$i++;
}
hesk_process_messages(sprintf($hesklang['assign_log'], $num_assigned, ($i - $num_assigned), implode("\n", $end_message)),$referer,($num_assigned == 0) ? 'ERROR' : ($num_assigned < $i ? 'NOTICE' : 'SUCCESS'));
}
// Change priority
if ( array_key_exists($_POST['a'], $priorities) )
{
// A security check
hesk_token_check('POST');
// Priority info
$priority = $priorities[$_POST['a']];
foreach ($_POST['id'] as $this_id)
{
if ( is_array($this_id) )
{
continue;
}
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
$result = hesk_dbQuery("SELECT `priority`, `category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`={$this_id} LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
continue;
}
$ticket = hesk_dbFetchAssoc($result);
if ($ticket['priority'] == $priority['value'])
{
continue;
}
hesk_okCategory($ticket['category']);
$revision = sprintf($hesklang['thist8'],hesk_date(),$priority['formatted'],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`={$this_id}");
$i++;
}
hesk_process_messages($hesklang['pri_set_to'].' '.$priority['formatted'],$referer,'SUCCESS');
}
/* DELETE */
elseif ($_POST['a']=='delete')
{
/* Check permissions for this feature */
hesk_checkPermission('can_del_tickets');
/* A security check */
hesk_token_check('POST');
foreach ($_POST['id'] as $this_id)
{
if ( is_array($this_id) )
{
continue;
}
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
$result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
continue;
}
$ticket = hesk_dbFetchAssoc($result);
hesk_okCategory($ticket['category']);
hesk_fullyDeleteTicket();
$i++;
}
hesk_process_messages(sprintf($hesklang['num_tickets_deleted'],$i),$referer,'SUCCESS');
}
/* MERGE TICKETS */
elseif ($_POST['a']=='merge')
{
/* Check permissions for this feature */
hesk_checkPermission('can_merge_tickets');
/* A security check */
hesk_token_check('POST');
/* Sort IDs, tickets will be merged to the lowest ID */
sort($_POST['id'], SORT_NUMERIC);
/* Select lowest ID as the target ticket */
$merge_into = array_shift($_POST['id']);
/* Merge tickets or throw an error */
if ( hesk_mergeTickets( $_POST['id'] , $merge_into ) )
{
hesk_process_messages($hesklang['merged'],$referer,'SUCCESS');
}
else
{
$hesklang['merge_err'] .= ' ' . $_SESSION['error'];
hesk_cleanSessionVars($_SESSION['error']);
hesk_process_messages($hesklang['merge_err'],$referer);
}
}
/* TAG/UNTAG TICKETS */
elseif ($_POST['a']=='tag' || $_POST['a']=='untag')
{
/* Check permissions for this feature */
hesk_checkPermission('can_add_archive');
/* A security check */
hesk_token_check('POST');
if ($_POST['a']=='tag')
{
$archived = 1;
$action = $hesklang['num_tickets_tag'];
}
else
{
$archived = 0;
$action = $hesklang['num_tickets_untag'];
}
foreach ($_POST['id'] as $this_id)
{
if ( is_array($this_id) )
{
continue;
}
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
$result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
continue;
}
$ticket = hesk_dbFetchAssoc($result);
hesk_okCategory($ticket['category']);
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `archive`='$archived' WHERE `id`='".intval($this_id)."'");
$i++;
}
hesk_process_messages(sprintf($action,$i),$referer,'SUCCESS');
}
/* EXPORT */
elseif ($_POST['a']=='export')
{
/* Check permissions for this feature */
hesk_checkPermission('can_export');
/* A security check */
hesk_token_check('POST');
$ids_to_export = array();
foreach ($_POST['id'] as $this_id)
{
if ( is_array($this_id) )
{
continue;
}
$ids_to_export[] = intval($this_id) or hesk_error($hesklang['id_not_valid']);
$i++;
}
if ($i < 1)
{
hesk_process_messages($hesklang['no_selected'], $referer, 'NOTICE');
}
// Start SQL statement for selecting tickets
$sql = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id` IN (".implode(',', $ids_to_export).") ";
$sql .= " AND " . hesk_myCategories();
$sql .= " AND " . hesk_myOwnership();
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
require_once(HESK_PATH . 'inc/statuses.inc.php');
require(HESK_PATH . 'inc/export_functions.inc.php');
list($success_msg, $tickets_exported) = hesk_export_to_XML($sql, true);
if ($tickets_exported > 0)
{
hesk_process_messages($success_msg,$referer,'SUCCESS');
}
else
{
hesk_process_messages($hesklang['n2ex'],$referer,'NOTICE');
}
}
/* ANONYMIZE */
elseif ($_POST['a']=='anonymize')
{
/* Check permissions for this feature */
hesk_checkPermission('can_privacy');
/* A security check */
hesk_token_check('POST');
require(HESK_PATH . 'inc/privacy_functions.inc.php');
foreach ($_POST['id'] as $this_id)
{
if ( is_array($this_id) )
{
continue;
}
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
$result = hesk_dbQuery("SELECT `id`,`trackid`,`name`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' AND ".hesk_myOwnership()." LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
continue;
}
$ticket = hesk_dbFetchAssoc($result);
hesk_okCategory($ticket['category']);
hesk_anonymizeTicket(null, null, true);
$i++;
}
hesk_process_messages(sprintf($hesklang['num_tickets_anon'],$i),$referer,'SUCCESS');
}
/* PRINT */
elseif ($_POST['a']=='print')
{
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
/* A security check */
hesk_token_check('POST');
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
// Load statuses
require_once(HESK_PATH . 'inc/statuses.inc.php');
// List of staff
if (!isset($admins))
{
$admins = array();
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `id` ASC");
while ($row=hesk_dbFetchAssoc($res2))
{
$admins[$row['id']]=$row['name'];
}
}
// List of categories
$hesk_settings['categories'] = array();
$res2 = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` WHERE ' . hesk_myCategories('id') . ' ORDER BY `cat_order` ASC');
while ($row=hesk_dbFetchAssoc($res2))
{
$hesk_settings['categories'][$row['id']] = $row['name'];
}
// Print page head
header('Content-Type: text/html; charset=utf-8');
$tickets = array();
// Loop through ticket IDs and print them
foreach ($_POST['id'] as $this_id)
{
if ( is_array($this_id) ) {
continue;
}
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
continue;
}
$ticket = hesk_dbFetchAssoc($result);
// Check that we have proper permissions to view this ticket
hesk_okCategory($ticket['category']);
$can_view_ass_by = hesk_checkPermission('can_view_ass_by', 0);
$can_view_unassigned = hesk_checkPermission('can_view_unassigned',0);
if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && ! hesk_checkPermission('can_view_ass_others',0))
{
// Maybe this user is allowed to view tickets he/she assigned?
if ( ! $can_view_ass_by || $ticket['assignedby'] != $_SESSION['id'])
{
hesk_error($hesklang['ycvtao']);
}
}
if (!$ticket['owner'] && ! $can_view_unassigned)
{
hesk_error($hesklang['ycovtay']);
}
// All good, continue...
$category['name'] = isset($hesk_settings['categories'][$ticket['category']]) ? $hesk_settings['categories'][$ticket['category']] : $hesklang['catd'];
// Get replies
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='{$ticket['id']}' ORDER BY `id` ASC");
// Get notes
$notes = array();
$res2 = hesk_dbQuery("SELECT t1.*, t2.`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` AS t1 LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."users` AS t2 ON t1.`who` = t2.`id` WHERE `ticket`='{$ticket['id']}' ORDER BY t1.`id`");
while ($note = hesk_dbFetchAssoc($res2))
{
$notes[] = $note;
}
$ticket['notes'] = $notes;
$ticket['replies'] = $res;
$ticket['categoryName'] = $category['name'];
$tickets[] = $ticket;
}
// Print tickets
require(HESK_PATH . 'inc/print_template.inc.php');
flush();
exit();
}
/* JUST CLOSE */
else
{
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_resolve');
/* A security check */
hesk_token_check('POST');
// Will we need ticket notifications?
if ($hesk_settings['notify_closed'])
{
require(HESK_PATH . 'inc/email_functions.inc.php');
}
$revision = sprintf($hesklang['thist3'],hesk_date(),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
foreach ($_POST['id'] as $this_id)
{
if ( is_array($this_id) )
{
continue;
}
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
$result = hesk_dbQuery("SELECT " . ($hesk_settings['notify_closed'] ? '*' : '`category`') . " FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1");
$ticket = hesk_dbFetchAssoc($result);
hesk_okCategory($ticket['category']);
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='3', `closedat`=NOW(), `closedby`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($this_id)."'");
$i++;
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed'])
{
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
$ticket = hesk_ticketToPlain($ticket, 1, 0);
hesk_notifyCustomer('ticket_closed');
}
}
hesk_process_messages(sprintf($hesklang['num_tickets_closed'],$i),$referer,'SUCCESS');
}
/*** START FUNCTIONS ***/
function hesk_fullyDeleteTicket()
{
global $hesk_settings, $hesklang, $ticket;
/* Delete attachment files */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `ticket_id`='".hesk_dbEscape($ticket['trackid'])."'");
if (hesk_dbNumRows($res))
{
$hesk_settings['server_path'] = dirname(dirname(__FILE__));
while ($file = hesk_dbFetchAssoc($res))
{
hesk_unlink($hesk_settings['server_path'].'/'.$hesk_settings['attach_dir'].'/'.$file['saved_name']);
}
}
/* Delete attachments info from the database */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `ticket_id`='".hesk_dbEscape($ticket['trackid'])."'");
/* Delete the ticket */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($ticket['id'])."'");
/* Delete replies to the ticket */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."'");
/* Delete ticket notes */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($ticket['id'])."'");
/* Delete ticket reply drafts */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `ticket`=".intval($ticket['id']));
return true;
}
?>
PK ~3YJr( ( admin_settings_general.phpnu [ install folder from your server for security reasons then refresh this page!');}
// Get all the required files and functions
require(HESK_PATH . 'hesk_settings.inc.php');
// Save the default language for the settings page before choosing user's preferred one
$hesk_settings['language_default'] = $hesk_settings['language'];
require(HESK_PATH . 'inc/common.inc.php');
$hesk_settings['language'] = $hesk_settings['language_default'];
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/setup_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
// Check permissions for this feature
hesk_checkPermission('can_man_settings');
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
// Test languages function
if (isset($_GET['test_languages']))
{
hesk_testLanguage(0);
} elseif (isset($_GET['test_themes'])) {
hesk_testTheme(0);
}
$help_folder = '../language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/help_files/';
$enable_save_settings = 0;
$enable_use_attachments = 0;
// Print header
require_once(HESK_PATH . 'inc/header.inc.php');
// Print main manage users page
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
// Demo mode? Hide values of sensitive settings
if ( defined('HESK_DEMO') )
{
require_once(HESK_PATH . 'inc/admin_settings_demo.inc.php');
}
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
heskPurify($message_html);
$message = convert_html_to_text($message_html);
$message = fix_newlines($message);
// Prepare plain message for storage as HTML
$message = hesk_htmlspecialchars($message);
// nl2br done after adding signature
} elseif ($hesk_settings['staff_ticket_formatting'] == 0) {
$message_html = hesk_makeURL($message_html);
$message_html = nl2br($message_html);
}
// Save message for later and ignore the rest?
if ( isset($_POST['save_reply']) )
{
// Delete any existing drafts from this owner for this ticket
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id']));
// Save the message draft
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` (`owner`, `ticket`, `message`, `message_html`) VALUES (".intval($_SESSION['id']).", ".intval($ticket['id']).", '".hesk_dbEscape($message)."', '".hesk_dbEscape($message_html)."')");
/* Set reply submitted message */
$_SESSION['HESK_SUCCESS'] = TRUE;
$_SESSION['HESK_MESSAGE'] = $hesklang['reply_saved'];
/* What to do after reply? */
if ($_SESSION['afterreply'] == 1)
{
header('Location: admin_main.php');
}
elseif ($_SESSION['afterreply'] == 2)
{
/* Get the next open ticket that needs a reply */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('0','".intval($_SESSION['id'])."') AND " . hesk_myCategories() . " AND `status` IN ('0','1') AND `id` != ".intval($ticket['id']). " ORDER BY `owner` DESC, `priority` ASC LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
$row = hesk_dbFetchAssoc($res);
$_SESSION['HESK_MESSAGE'] .= '
$v) {
hesk_cleanSessionVars("as_$k");
}
$hesk_settings['POPULATE_DATA_RESET'] = true;
return true;
} // END hesk_new_ticket_reset_data()
PK ~3YN N save_ticket_draft_async.phpnu [ heskPurify($message_html);
$message = convert_html_to_text($message_html);
$message = fix_newlines($message);
// Prepare plain message for storage as HTML
$message = hesk_htmlspecialchars($message);
// nl2br done after adding signature
} elseif ($hesk_settings['staff_ticket_formatting'] == 0) {
$message_html = hesk_makeURL($message_html);
$message_html = nl2br($message_html);
}
if ($draft_id) {
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` SET `message`='".hesk_dbEscape($message)."', `message_html`='".hesk_dbEscape($message_html)."' WHERE `id`=".intval($draft_id));
echo "Draft updated";
} else {
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` (`owner`, `ticket`, `message`, `message_html`) VALUES (".intval($_SESSION['id']).", ".intval($ticket['id']).", '".hesk_dbEscape($message)."', '".hesk_dbEscape($message_html)."')");
echo "Draft saved";
}
} elseif ($draft_id > 0) {
// Delete any existing drafts from this owner for this ticket
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id']));
echo "Draft deleted";
} else {
echo "No message";
}
exit();
PK ~3YEY Y export_ticket.phpnu [
>
254)
{
return false;
}
// Check domain part characters
if ( ! preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain) )
{
return false;
}
// Domain part mustn't have two consecutive dots
if ( strpos($domain, '..') !== false )
{
return false;
}
// All OK
return true;
} // END verify_email_domain()
?>
PK ~3YZ|(/O /O knowledgebase_private.phpnu [ '.$hesklang['gopr'].'' : ($can_man_kb ? $hesklang['gopr'] : '');
if ($hesk_settings['kb_search'] && $query)
{
hesk_kb_search($query);
}
elseif ($artid)
{
// Show drafts only to staff who can manage knowledgebase
if ($can_man_kb)
{
$result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`, t2.`type` AS `cat_type`
FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`
WHERE `t1`.`id` = '{$artid}'
");
}
else
{
$result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`, t2.`type` AS `cat_type`
FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`
WHERE `t1`.`id` = '{$artid}' AND `t1`.`type` IN ('0', '1')
");
}
$article = hesk_dbFetchAssoc($result) or hesk_error($hesklang['kb_art_id']);
$article['views_formatted'] = number_format($article['views'], 0, null, $hesklang['sep_1000']);
$article['votes_formatted'] = number_format($article['votes'], 0, null, $hesklang['sep_1000']);
if ($article['catid'] == 1)
{
$article['cat_name'] = $hesklang['kb_text'];
}
hesk_show_kb_article($artid);
}
else
{
hesk_show_kb_category($catid);
}
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
/*** START FUNCTIONS ***/
function hesk_kb_header()
{
// They may be unused here, but they're used down the line. Don't delete
global $hesk_settings, $hesklang, $can_man_kb;
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
hesk_kbSearchLarge(1);
} // END hesk_kb_header()
function hesk_kb_search($query)
{
global $hesk_settings, $hesklang;
/* Print header */
require_once(HESK_PATH . 'inc/header.inc.php');
hesk_kb_header();
$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, LEFT(`t1`.`content`, '.max(200, $hesk_settings['kb_substrart'] * 2).') AS `content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit']));
$num = hesk_dbNumRows($res);
?>
';
hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
}
elseif( defined('HESK_DEMO') )
{
hesk_process_messages($hesklang['ddemo'],'NOREDIRECT');
}
else
{
// Get user data from the database
$res = hesk_dbQuery("SELECT `id`, `name`, `pass` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` LIKE '".hesk_dbEscape($email)."' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
hesk_process_messages($hesklang['noace'],'NOREDIRECT');
}
else
{
$row = hesk_dbFetchAssoc($res);
$hash = sha1(microtime() . hesk_getClientIP() . mt_rand() . $row['id'] . $row['name'] . $row['pass']);
// Insert the verification hash into the database
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` (`user`, `hash`, `ip`) VALUES (".intval($row['id']).", '{$hash}', '".hesk_dbEscape(hesk_getClientIP())."') ");
// Prepare and send email
require(HESK_PATH . 'inc/email_functions.inc.php');
// Get the email message
list($msg, $html_msg) = hesk_getEmailMessage('reset_password',array(),1,0,1);
// Replace message special tags
$staff_name = hesk_msgToPlain($row['name'], 1, 0);
list($msg, $html_msg) = hesk_replace_email_tag('%%NAME%%', $staff_name, $msg, $html_msg);
list($msg, $html_msg) = hesk_replace_email_tag('%%SITE_URL%%', $hesk_settings['site_url'], $msg, $html_msg);
list($msg, $html_msg) = hesk_replace_email_tag('%%SITE_TITLE%%', $hesk_settings['site_title'], $msg, $html_msg);
list($msg, $html_msg) = hesk_replace_email_tag('%%FIRST_NAME%%', hesk_full_name_to_first_name($staff_name), $msg, $html_msg);
list($msg, $html_msg) = hesk_replace_email_tag('%%PASSWORD_RESET%%',
$hesk_settings['hesk_url'].'/'.$hesk_settings['admin_dir'].'/password.php?h='.$hash,
$msg,
$html_msg);
// Check two additional tags (avoid a bug in 3.3.0)
list($msg, $html_msg) = hesk_replace_email_tag('%25%25PASSWORD_RESET%25%25',
$hesk_settings['hesk_url'].'/'.$hesk_settings['admin_dir'].'/password.php?h='.$hash,
$msg,
$html_msg);
list($msg, $html_msg) = hesk_replace_email_tag('%%TRACK_URL%%',
$hesk_settings['hesk_url'].'/'.$hesk_settings['admin_dir'].'/password.php?h='.$hash,
$msg,
$html_msg);
// Send email
hesk_mail($email, $hesklang['reset_password'], $msg, $html_msg);
// Show success
$show_sent_email_message = true;
}
}
}
// If the "h" parameter is set verify it and reset the password
elseif ( isset($_GET['h']) )
{
// Get the hash
$hash = preg_replace('/[^a-zA-Z0-9]/', '', $_GET['h']);
// Connect to database
hesk_load_database_functions();
hesk_dbConnect();
// Expire verification hashes older than 2 hours
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `dt` < (NOW() - INTERVAL 2 HOUR)");
// Verify the hash exists
$res = hesk_dbQuery("SELECT `user`, `ip` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `hash` = '{$hash}' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
// Not a valid hash
hesk_limitBfAttempts();
hesk_process_messages($hesklang['ehash'],'NOREDIRECT');
}
else
{
// Get info from database
$row = hesk_dbFetchAssoc($res);
// Only allow resetting password from the same IP address that submitted password reset request
if ($row['ip'] != hesk_getClientIP())
{
hesk_limitBfAttempts();
hesk_process_messages($hesklang['ehaip'],'NOREDIRECT');
}
else
{
// Expire all verification hashes for this user
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `user`=".intval($row['user']));
// Load additional required functions
require(HESK_PATH . 'inc/admin_functions.inc.php');
// Get user details
$res = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `id`=".intval($row['user'])." LIMIT 1");
$row = hesk_dbFetchAssoc($res);
foreach ($row as $k=>$v)
{
$_SESSION[$k]=$v;
}
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['user'], $_SESSION['pass']);
// We don't need the password hash anymore
unset($_SESSION['pass']);
// Clean brute force attempts
hesk_cleanBfAttempts();
// Regenerate session ID (security)
hesk_session_regenerate_id();
// Get allowed categories
if (empty($_SESSION['isadmin']))
{
$_SESSION['categories']=explode(',',$_SESSION['categories']);
}
// Allow password reset without typing in the current password
$_SESSION['password_reset'] = true;
// Redirect to the profile page
header('Location: profile.php');
exit();
} // End IP matches
}
}
// Tell header to load reCaptcha API if needed
if ($hesk_settings['recaptcha_use'])
{
define('RECAPTCHA',1);
}
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['passr'];
require_once(HESK_PATH . 'inc/header.inc.php');
$login_wrapper = true;
?>
';
}
} ?>
PK ~3Y ݇~L ~L admin_submit_ticket.phpnu [ $v)
{
if ($v['use'] && ! in_array($v['type'], array('date', 'email')))
{
$_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
}
}
header('Location: new_ticket.php');
exit();
}
$hesk_error_buffer = array();
$tmpvar['name'] = hesk_input( hesk_POST('name') ) or $hesk_error_buffer['name']=$hesklang['enter_your_name'];
$email_available = true;
if ($hesk_settings['require_email'])
{
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
}
else
{
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
// Not required, but must be valid if it is entered
if ($tmpvar['email'] == '')
{
$email_available = false;
if (strlen(hesk_POST('email')))
{
$hesk_error_buffer['email'] = $hesklang['not_valid_email'];
}
}
}
$tmpvar['category'] = intval( hesk_POST('category') ) or $hesk_error_buffer['category']=$hesklang['sel_app_cat'];
$tmpvar['priority'] = hesk_POST('priority');
$tmpvar['priority'] = strlen($tmpvar['priority']) ? intval($tmpvar['priority']) : -1;
if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3)
{
// If we are showing "Click to select" priority needs to be selected
if ($hesk_settings['select_pri'])
{
$tmpvar['priority'] = -1;
$hesk_error_buffer['priority'] = $hesklang['select_priority'];
}
else
{
$tmpvar['priority'] = 3;
}
}
$tmpvar['status'] = intval(hesk_POST('status', 0));
if ( ! isset($hesk_settings['statuses'][$tmpvar['status']])) {
$tmpvar['status'] = 0;
}
$tmpvar['subject'] = hesk_input( hesk_POST('subject') );
if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '')
{
$hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
}
$tmpvar['message'] = hesk_input( hesk_POST('message') );
if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '')
{
$hesk_error_buffer['message'] = $hesklang['enter_message'];
}
// Is category a valid choice?
if ($tmpvar['category'])
{
if ( ! hesk_checkPermission('can_submit_any_cat', 0) && ! hesk_okCategory($tmpvar['category'], 0) )
{
hesk_process_messages($hesklang['noauth_submit'],'new_ticket.php');
}
hesk_verifyCategory(1);
// Is auto-assign of tickets disabled in this category?
if ( empty($hesk_settings['category_data'][$tmpvar['category']]['autoassign']) )
{
$hesk_settings['autoassign'] = false;
}
}
// Custom fields
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
if ($v['use'] && hesk_is_custom_field_in_category($k, $tmpvar['category']))
{
if ($v['type'] == 'checkbox')
{
$tmpvar[$k]='';
if (isset($_POST[$k]) && is_array($_POST[$k]))
{
foreach ($_POST[$k] as $myCB)
{
$tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . ' ';;
}
$tmpvar[$k]=substr($tmpvar[$k],0,-6);
}
else
{
if ($v['req'] == 2)
{
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
$_POST[$k] = '';
}
}
elseif ($v['type'] == 'date')
{
$tmpvar[$k] = hesk_POST($k);
$_SESSION["as_$k"] = '';
if ($date = hesk_datepicker_get_date($tmpvar[$k], false, 'UTC'))
{
$_SESSION["as_$k"] = $tmpvar[$k];
$date->setTime(0, 0);
$dmin = strlen($v['value']['dmin']) ? new DateTime($v['value']['dmin'] . ' t00:00:00 UTC') : false;
$dmax = strlen($v['value']['dmax']) ? new DateTime($v['value']['dmax'] . ' t00:00:00 UTC') : false;
if ($dmin && $dmin->format('Y-m-d') > $date->format('Y-m-d'))
{
$hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_translate_date_string($dmin->format($hesk_settings['format_datepicker_php'])));
}
elseif ($dmax && $dmax->format('Y-m-d') < $date->format('Y-m-d'))
{
$hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_translate_date_string($dmax->format($hesk_settings['format_datepicker_php'])));
}
else
{
$tmpvar[$k] = $date->getTimestamp();
}
}
else
{
$tmpvar[$k] = '';
if ($v['req'] == 2)
{
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
}
}
elseif ($v['type'] == 'email')
{
$tmp = $hesk_settings['multi_eml'];
$hesk_settings['multi_eml'] = $v['value']['multiple'];
$tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
$hesk_settings['multi_eml'] = $tmp;
if ($tmpvar[$k] != '')
{
$_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
}
else
{
$_SESSION["as_$k"] = '';
if ($v['req'] == 2)
{
$hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
}
}
}
elseif ($v['req'] == 2)
{
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
if ($tmpvar[$k] == '')
{
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
}
else
{
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
}
}
else
{
$tmpvar[$k] = '';
}
}
// If use doesn't have permission to set due dates, try using the category default due date
if (hesk_checkPermission('can_due_date',0)) {
$tmpvar['due_date'] = hesk_input(hesk_POST('due_date'));
if ($tmpvar['due_date'] != '') {
$date = hesk_datepicker_get_date($tmpvar['due_date']);
if ($date === false) {
$hesk_error_buffer['due_date'] = $hesklang['invalid_due_date'];
}
}
} else {
$tmpvar['due_date'] = '';
if (($default_due_date_info = hesk_getCategoryDueDateInfo($tmpvar['category'])) !== null) {
$due_date = new DateTime('today midnight');
$due_date->add(DateInterval::createFromDateString("+{$default_due_date_info['amount']} {$default_due_date_info['unit']}s"));
$tmpvar['due_date'] = hesk_datepicker_format_date($due_date->getTimestamp());
// Don't set a due date if any unexpected errors
if ($tmpvar['due_date'] === false) {
$tmpvar['due_date'] = '';
}
}
}
// Generate tracking ID
$tmpvar['trackid'] = hesk_createID();
// Log who submitted ticket
$tmpvar['history'] = sprintf($hesklang['thist7'], hesk_date(), addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
$tmpvar['openedby'] = $_SESSION['id'];
// Was the ticket submitted as "Resolved"?
if ($tmpvar['status'] == 3) {
// Check permission
if ( ! hesk_checkPermission('can_resolve', 0)) {
$hesk_error_buffer['status'] = $hesklang['noauth_resolve'];
}
$tmpvar['history'] .= sprintf($hesklang['thist3'], hesk_date(), addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
if ($hesk_settings['custopen'] != 1) {
$tmpvar['locked'] = 1;
}
// Log who marked the ticket resolved
$tmpvar['closedat'] = 1;
$tmpvar['closedby'] = intval($_SESSION['id']);
} elseif ($tmpvar['status'] != 0) {
// Status set to something different than "New" or "Resolved", let's log it
$status_name = hesk_get_status_name($tmpvar['status']);
$tmpvar['history'] .= sprintf($hesklang['thist9'], hesk_date(), addslashes($status_name), addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
}
// Owner
$tmpvar['owner'] = 0;
if (hesk_checkPermission('can_assign_others',0))
{
$tmpvar['owner'] = intval( hesk_POST('owner') );
// If ID is -1 the ticket will be unassigned
if ($tmpvar['owner'] == -1)
{
$tmpvar['owner'] = 0;
}
// Automatically assign owner?
elseif ($tmpvar['owner'] == -2 && $hesk_settings['autoassign'] == 1)
{
$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
if ($autoassign_owner)
{
$tmpvar['owner'] = intval($autoassign_owner['id']);
$tmpvar['history'] .= sprintf($hesklang['thist10'],hesk_date(),addslashes($autoassign_owner['name']).' ('.$autoassign_owner['user'].')');
}
else
{
$tmpvar['owner'] = 0;
}
}
// Check for invalid owner values
elseif ($tmpvar['owner'] < 1)
{
$tmpvar['owner'] = 0;
}
else
{
// Has the new owner access to the selected category?
$res = hesk_dbQuery("SELECT `name`,`user`,`isadmin`,`categories` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$tmpvar['owner']}' LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
$row = hesk_dbFetchAssoc($res);
if (!$row['isadmin'])
{
$row['categories']=explode(',',$row['categories']);
if (!in_array($tmpvar['category'],$row['categories']))
{
$_SESSION['isnotice'][] = 'category';
$hesk_error_buffer['owner']=$hesklang['onasc'];
}
}
$tmpvar['history'] .= sprintf($hesklang['thist2'],hesk_date(),addslashes($row['name']).' ('.$row['user'].')',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
}
else
{
$_SESSION['isnotice'][] = 'category';
$hesk_error_buffer['owner']=$hesklang['onasc'];
}
}
}
elseif (hesk_checkPermission('can_assign_self',0) && hesk_okCategory($tmpvar['category'],0) && !empty($_POST['assing_to_self']))
{
$tmpvar['owner'] = intval($_SESSION['id']);
}
// Notify customer of the ticket?
$notify = ! empty($_POST['notify']) ? 1 : 0;
// Show ticket after submission?
$show = ! empty($_POST['show']) ? 1 : 0;
// Is the ticket language different than current language?
if ($hesk_settings['can_sel_lang'])
{
$new_lang = hesk_POST('as_language');
if (isset($hesk_settings['languages'][$new_lang]))
{
$hesklang['LANGUAGE'] = $new_lang;
}
}
// Attachments
$use_legacy_attachments = hesk_POST('use-legacy-attachments', 0);
if ($hesk_settings['attachments']['use'])
{
require_once(HESK_PATH . 'inc/attachments.inc.php');
$attachments = array();
$trackingID = $tmpvar['trackid'];
if ($use_legacy_attachments) {
for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
$att = hesk_uploadFile($i);
if ($att !== false && !empty($att)) {
$attachments[$i] = $att;
}
}
} else {
// The user used the new drag-and-drop system.
$temp_attachment_names = hesk_POST_array('attachments');
foreach ($temp_attachment_names as $temp_attachment_name) {
$temp_attachment = hesk_getTemporaryAttachment($temp_attachment_name);
if ($temp_attachment !== null) {
$attachments[] = $temp_attachment;
}
}
}
}
$tmpvar['attachments'] = '';
// If we have any errors lets store info in session to avoid re-typing everything
if (count($hesk_error_buffer)!=0)
{
$_SESSION['iserror'] = array_keys($hesk_error_buffer);
$_SESSION['as_name'] = hesk_POST('name');
$_SESSION['as_email'] = hesk_POST('email');
$_SESSION['as_priority'] = $tmpvar['priority'];
$_SESSION['as_status'] = $tmpvar['status'];
$_SESSION['as_subject'] = hesk_POST('subject');
$_SESSION['as_message'] = hesk_POST('message');
$_SESSION['as_due_date'] = hesk_POST('due_date');
$_SESSION['as_owner'] = $tmpvar['owner'];
$_SESSION['as_notify'] = $notify;
$_SESSION['as_show'] = $show;
$_SESSION['as_language'] = hesk_POST('as_language');
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
if ($v['use'] && ! in_array($v['type'], array('date', 'email')))
{
$_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
}
}
$tmp = '';
foreach ($hesk_error_buffer as $error)
{
$tmp .= "
$error
\n";
}
$hesk_error_buffer = $tmp;
// Remove any successfully uploaded attachments
if ($hesk_settings['attachments']['use'])
{
if ($use_legacy_attachments) {
hesk_removeAttachments($attachments);
} else {
$_SESSION['as_attachments'] = $attachments;
}
}
$hesk_error_buffer = $hesklang['pcer'].'
'.$hesk_error_buffer.'
';
hesk_process_messages($hesk_error_buffer,'new_ticket.php?category='.$tmpvar['category']);
}
if ($hesk_settings['attachments']['use'] && !empty($attachments))
{
// Delete temp attachment records and set the new filename
if (!$use_legacy_attachments) {
$attachments = hesk_migrateTempAttachments($attachments, $tmpvar['trackid']);
}
foreach ($attachments as $myatt)
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($tmpvar['trackid'])."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')");
$tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] .',';
}
}
$tmpvar['message_html'] = $tmpvar['message'];
if ($hesk_settings['staff_ticket_formatting'] == 2) {
// Decode the message we encoded earlier
$tmpvar['message_html'] = hesk_html_entity_decode($tmpvar['message_html']);
// Clean the HTML code and set the plaintext version
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
require(HESK_PATH . 'inc/html2text/html2text.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$tmpvar['message_html'] = $purifier->heskPurify($tmpvar['message_html']);
$tmpvar['message'] = convert_html_to_text($tmpvar['message_html']);
$tmpvar['message'] = fix_newlines($tmpvar['message']);
// Prepare plain message for storage as HTML
$tmpvar['message'] = hesk_htmlspecialchars($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
} else {
// `message` already contains a HTML friendly version. May as well just re-use it
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
$tmpvar['message_html'] = $tmpvar['message'];
}
// Track who assigned the ticket
if ($tmpvar['owner'] > 0)
{
$tmpvar['assignedby'] = ! empty($autoassign_owner) ? -1 : $_SESSION['id'];
}
// Demo mode
if ( defined('HESK_DEMO') ) {
hesk_process_messages(sprintf($hesklang['antdemo'], 'https://www.hesk.com/demo/index.php?a=add'), 'new_ticket.php?category='.$tmpvar['category']);
}
// Insert ticket to database
$ticket = hesk_newTicket($tmpvar);
// Notify the customer about the ticket?
if ($notify && $email_available)
{
if ($tmpvar['status'] == 3) {
hesk_notifyCustomer('ticket_closed');
} else {
hesk_notifyCustomer('new_ticket_by_staff');
}
}
// If ticket is assigned to someone notify them?
if ($ticket['owner'] && $ticket['owner'] != intval($_SESSION['id']))
{
// If we don't have info from auto-assign get it from database
if ( ! isset($autoassign_owner['email']) )
{
hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you');
}
else
{
hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
}
}
// Ticket unassigned, notify everyone that selected to be notified about unassigned tickets
elseif ( ! $ticket['owner'])
{
hesk_notifyStaff('new_ticket_staff', " `id` != ".intval($_SESSION['id'])." AND `notify_new_unassigned` = '1' ");
}
// Unset temporary variables
unset($tmpvar);
hesk_cleanSessionVars('tmpvar');
hesk_cleanSessionVars('as_name');
hesk_cleanSessionVars('as_email');
hesk_cleanSessionVars('as_category');
hesk_cleanSessionVars('as_priority');
hesk_cleanSessionVars('as_status');
hesk_cleanSessionVars('as_subject');
hesk_cleanSessionVars('as_message');
hesk_cleanSessionVars('as_owner');
hesk_cleanSessionVars('as_notify');
hesk_cleanSessionVars('as_show');
hesk_cleanSessionVars('as_due_date');
hesk_cleanSessionVars('as_language');
hesk_cleanSessionVars('as_attachments');
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
hesk_cleanSessionVars("as_$k");
}
// If ticket has been assigned to the person submitting it lets show a message saying so
if ($ticket['owner'] && $ticket['owner'] == intval($_SESSION['id']))
{
$hesklang['new_ticket_submitted'] .= '
' . (isset($autoassign_owner) ? $hesklang['taasy'] : $hesklang['tasy']) . '';
}
// Show the ticket or just the success message
if ($show)
{
hesk_process_messages($hesklang['new_ticket_submitted'],'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000,99999), 'SUCCESS');
}
else
{
$link = hesk_checkPermission('can_view_tickets',0) ? '' . $hesklang['view_ticket'] . '' : '';
hesk_process_messages($hesklang['new_ticket_submitted'].'. ' . $link, 'new_ticket.php', 'SUCCESS');
}
PK ~3Y&ܨ,X ,X admin_settings_misc.phpnu [ install folder from your server for security reasons then refresh this page!');}
// Get all the required files and functions
require(HESK_PATH . 'hesk_settings.inc.php');
// Save the default language for the settings page before choosing user's preferred one
$hesk_settings['language_default'] = $hesk_settings['language'];
require(HESK_PATH . 'inc/common.inc.php');
$hesk_settings['language'] = $hesk_settings['language_default'];
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/setup_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
// Check permissions for this feature
hesk_checkPermission('can_man_settings');
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
$help_folder = '../language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/help_files/';
$enable_save_settings = 0;
$enable_use_attachments = 0;
// Print header
require_once(HESK_PATH . 'inc/header.inc.php');
// Print main manage users page
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
// Demo mode? Hide values of sensitive settings
if ( defined('HESK_DEMO') )
{
require_once(HESK_PATH . 'inc/admin_settings_demo.inc.php');
}
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
PK ~3Yun^ n^ manage_category.phpnu [ array('id' => 3, 'value' => 'low', 'text' => $hesklang['low'], 'formatted' => $hesklang['low']),
'medium' => array('id' => 2, 'value' => 'medium', 'text' => $hesklang['medium'], 'formatted' => $hesklang['medium']),
'high' => array('id' => 1, 'value' => 'high', 'text' => $hesklang['high'], 'formatted' => $hesklang['high']),
'critical' => array('id' => 0, 'value' => 'critical', 'text' => $hesklang['critical'], 'formatted' => $hesklang['critical']),
);
// Populate default values for creation
$category = array(
'id' => 0,
'name' => '',
'priority' => $priorities['low']['id'],
'autoassign' => $hesk_settings['autoassign'],
'autoassign_config' => null,
'type' => 0,
'default_due_date_unit' => 'day',
'default_due_date_amount' => ''
);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (defined('HESK_DEMO')) {
hesk_process_messages($hesklang['ddemo'], 'manage_categories.php', 'NOTICE');
}
// Attempt to save. If problematic, we'll get back the form data entered.
$category = try_save_category();
} elseif (hesk_REQUEST('id')) {
// Fetch category information
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id` = ".intval(hesk_REQUEST('id')));
if ($row = hesk_dbFetchAssoc($res)) {
$category['id'] = $row['id'];
$category['name'] = $row['name'];
$category['priority'] = intval($row['priority']);
$category['autoassign'] = intval($row['autoassign']);
$category['autoassign_config'] = $row['autoassign_config'];
$category['type'] = intval($row['type']);
$category['default_due_date_amount'] = $row['default_due_date_amount'] ? intval($row['default_due_date_amount']) : '';
$category['default_due_date_unit'] = $row['default_due_date_unit'];
}
// If we're still on ID 0, then the category ID passed in doesn't exist
if ($category['id'] === 0) {
hesk_process_messages($hesklang['cat_not_found'], 'manage_categories.php');
}
}
/* Print header */
require_once(HESK_PATH . 'inc/header.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
/* This will handle error, success and notice messages */
if (hesk_SESSION('iserror')) {
hesk_handle_messages();
}
?>
'.stripslashes($category['name']).''),'manage_categories.php','SUCCESS');
exit();
} // End new_cat()
function get_autoassign_state($id, $autoassign_setting, $autoassign_user_operator, $autoassign_users) {
/*
* 1 -> On, All
* 2 -> On, Some
* 3 -> Off
*/
// "On - All Users" or "On - Some Users" with 0 users being excluded
if ($autoassign_setting === 1 ||
($autoassign_setting === 2 &&
$autoassign_user_operator === '!' &&
count($autoassign_users) === 0)) {
$autoassign = 1;
$autoassign_config = null;
} elseif ($autoassign_setting === 2 && count($autoassign_users) !== 0) {
// "On - Some Users" with at least one user selected. Otherwise it'll be treated as "On - All Users" above if 0 exclusions, or "Off" if 0 inclusions
$autoassign = 1;
$autoassign_config = build_autoassign_config($id, $autoassign_users, $autoassign_user_operator);
// All excluded == off
// All included == on - all users
if ($autoassign_config === 'ALL_EXCLUDED') {
$autoassign = 0;
$autoassign_config = null;
} elseif ($autoassign_config === 'ALL_INCLUDED') {
$autoassign_config = null;
}
} else {
$autoassign = 0;
$autoassign_config = null;
}
return array(
'autoassign' => $autoassign,
'autoassign_config' => $autoassign_config
);
} // End update_autoassign()
function build_autoassign_config($catid, $selected_users, $operator) {
global $hesk_settings;
// Make sure the entered operator is valid
$operator = $operator === '=' ? '=' : '!';
$formatted_users = array();
$user_verification_clause = array_map(function($x) {
return intval($x);
}, $selected_users);
$user_verification_rs = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users`
WHERE (`isadmin` = '1' OR FIND_IN_SET(".intval($catid).", `categories`) > 0) AND `id` IN (".implode(',', $user_verification_clause).")");
while ($user = hesk_dbFetchAssoc($user_verification_rs)) {
$formatted_users[] = $user['id'];
}
// Make sure we're not including/excluding the entire list of possible users, as we can simplify
$users_with_category_access = hesk_dbQuery("SELECT 1 AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users`
WHERE (`isadmin` = '1' OR FIND_IN_SET(".intval($catid).", `categories`) > 0)");
if (hesk_dbNumRows($users_with_category_access) === count($formatted_users)) {
return $operator === '=' ? 'ALL_INCLUDED' : 'ALL_EXCLUDED';
}
$formatted_users = implode(',', $formatted_users);
return "{$operator}({$formatted_users})";
} // End build_autoassign_config()
function get_valid_date_unit($unit) {
switch ($unit) {
case 'week':
return 'week';
break;
case 'month':
return 'month';
break;
case 'year':
return 'year';
break;
default:
return 'day';
}
} // END get_valid_date_unit()
?>
PK ~3YBV admin_ticket.phpnu [ $error\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'].'
'.$hesk_error_buffer.'
';
hesk_process_messages($hesk_error_buffer,'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
}
// Process attachments
if ($hesk_settings['attachments']['use'] && ! empty($attachments) )
{
if (!$use_legacy_attachments) {
$attachments = hesk_migrateTempAttachments($attachments, $trackingID);
}
foreach ($attachments as $myatt)
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`,`type`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."', '1')");
$myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .',';
}
}
// Add note to database
$msg = nl2br(hesk_makeURL($msg));
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`,`attachments`) VALUES ('".intval($ticket['id'])."','".intval($_SESSION['id'])."',NOW(),'".hesk_dbEscape($msg)."','".hesk_dbEscape($myattachments)."')");
// Update time worked
if ($hesk_settings['time_worked'] && ($time_worked = hesk_getTime(hesk_POST('time_worked_notes'))) && $time_worked != '00:00:00')
{
$parts = explode(':', $ticket['time_worked']);
$seconds = ($parts[0] * 3600) + ($parts[1] * 60) + $parts[2];
$parts = explode(':', $time_worked);
$seconds += ($parts[0] * 3600) + ($parts[1] * 60) + $parts[2];
require(HESK_PATH . 'inc/reporting_functions.inc.php');
$ticket['time_worked'] = hesk_SecondsToHHMMSS($seconds);
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `time_worked` = ADDTIME(`time_worked`,'" . hesk_dbEscape($time_worked) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
}
/* Notify assigned staff that a note has been added if needed */
if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'])
{
$res = hesk_dbQuery("SELECT `email` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($ticket['owner'])."' AND `notify_note`='1' LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
$owner = hesk_dbFetchAssoc($res);
// 1. Generate the array with ticket info that can be used in emails
$info = array(
'email' => $ticket['email'],
'category' => $ticket['category'],
'priority' => $ticket['priority'],
'owner' => $ticket['owner'],
'trackid' => $ticket['trackid'],
'status' => $ticket['status'],
'name' => $_SESSION['name'],
'subject' => $ticket['subject'],
'message' => stripslashes($msg),
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'attachments' => $myattachments,
'due_date' => hesk_format_due_date($ticket['due_date']),
'id' => $ticket['id'],
'time_worked' => $ticket['time_worked'],
'last_reply_by' => $ticket['repliername'],
);
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v)
{
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Add HTML message to the array
$info['message_html'] = $info['message'];
// 4. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
/* Get email functions */
require(HESK_PATH . 'inc/email_functions.inc.php');
/* Format email subject and message for staff */
$subject = hesk_getEmailSubject('new_note',$ticket);
list($message, $html_message) = hesk_getEmailMessage('new_note',$ticket,1);
/* Send email to staff */
hesk_mail($owner['email'], $subject, $message, $html_message);
}
}
}
header('Location: admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
exit();
}
/* Update time worked */
if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST'))
{
$h = intval( hesk_POST('h') );
$m = intval( hesk_POST('m') );
$s = intval( hesk_POST('s') );
/* Get time worked in proper format */
$time_worked = hesk_getTime($h . ':' . $m . ':' . $s);
/* Update database */
$revision = sprintf($hesklang['thist14'],hesk_date(),$time_worked,addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
/* Show ticket */
hesk_process_messages($hesklang['twu'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
}
/* Update due date */
if (isset($_POST['action']) && $_POST['action'] == 'due_date' && hesk_token_check('POST')) {
// Check permission
if ( ! $can_due_date) {
hesk_process_messages($hesklang['can_due_date_e'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'ERROR');
}
$new_due_date = hesk_POST('new-due-date');
$sql_overdue_email = '';
if ($new_due_date == '') {
$formatted_date = false;
$revision = sprintf($hesklang['thist20'], hesk_date(), addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
} else {
$date = hesk_datepicker_get_date($new_due_date);
if ($date === false) {
hesk_process_messages($hesklang['invalid_due_date'], 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
}
$formatted_date = $date->format('Y-m-d');
$revision = sprintf($hesklang['thist19'], hesk_date(), $formatted_date, addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
// If this is a future date, we'll reset the
$current_date = new DateTime();
if ($date > $current_date)
{
$sql_overdue_email = '`overdue_email_sent`=0,';
}
}
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `due_date` = " . ($formatted_date === false ? 'NULL' : "'".hesk_dbEscape($formatted_date)."'") . ", {$sql_overdue_email} `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND (`due_date` IS " . ($formatted_date === false ? 'NOT NULL' : "NULL OR `due_date` != '".hesk_dbEscape($formatted_date)."'") . ")");
/* Show ticket */
hesk_process_messages($hesklang['due_date_updated'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
}
/* Delete attachment action */
if (isset($_GET['delatt']) && hesk_token_check())
{
if ( ! $can_delete || ! $can_edit)
{
hesk_process_messages($hesklang['no_permission'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
}
$att_id = intval( hesk_GET('delatt') ) or hesk_error($hesklang['inv_att_id']);
$reply = intval( hesk_GET('reply', 0) );
if ($reply < 1)
{
$reply = 0;
}
$note = intval( hesk_GET('note', 0) );
if ($note < 1)
{
$note = 0;
}
/* Get attachment info */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
hesk_process_messages($hesklang['id_not_valid'].' (att_id)','admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
}
$att = hesk_dbFetchAssoc($res);
/* Is ticket ID valid for this attachment? */
if ($att['ticket_id'] != $trackingID)
{
hesk_process_messages($hesklang['trackID_not_found'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
}
/* Delete file from server */
hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$att['saved_name']);
/* Delete attachment from database */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."'");
/* Update ticket or reply in the database */
$revision = sprintf($hesklang['thist12'],hesk_date(),$att['real_name'],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')');
if ($reply)
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",','') WHERE `id`='".intval($reply)."'");
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($ticket['id'])."'");
}
elseif ($note)
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",','') WHERE `id`={$note}");
}
else
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",',''), `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($ticket['id'])."'");
}
hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
}
/* Print header */
require_once(HESK_PATH . 'inc/header.inc.php');
/* List of categories */
if ($can_change_cat)
{
$result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` ASC");
}
else
{
$result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE ".hesk_myCategories('id')." ORDER BY `cat_order` ASC");
}
$categories_options='';
while ($row=hesk_dbFetchAssoc($result))
{
$categories_options.='
'.$row['name'].'
';
}
/* List of users */
$admins = array();
$result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC");
while ($row=hesk_dbFetchAssoc($result))
{
/* Is this an administrator? */
if ($row['isadmin'])
{
$admins[$row['id']]=$row['name'];
continue;
}
/* Not admin, is user allowed to view tickets? */
if (strpos($row['heskprivileges'], 'can_view_tickets') !== false)
{
/* Is user allowed to access this category? */
$cat=substr($row['categories'], 0);
$row['categories']=explode(',',$cat);
if (in_array($ticket['category'],$row['categories']))
{
$admins[$row['id']]=$row['name'];
continue;
}
}
}
/* Get replies */
if ($ticket['replies'])
{
$reply = '';
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` " . ($hesk_settings['new_top'] ? 'DESC' : 'ASC') );
}
else
{
$reply = false;
}
// Demo mode
if ( defined('HESK_DEMO') )
{
$ticket['email'] = 'hidden@demo.com';
$ticket['ip'] = '127.0.0.1';
}
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
/* This will handle error, success and notice messages */
hesk_handle_messages();
// Prepare special custom fields
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category']) )
{
switch ($v['type'])
{
case 'date':
$ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
break;
}
}
}
/* Do we need or have any canned responses? */
$can_options = hesk_printCanned();
$options = array(
0 => '
'.$hesklang['critical'].'
',
1 => '
'.$hesklang['high'].'
',
2 => '
'.$hesklang['medium'].'
',
3 => '
'.$hesklang['low'].'
'
);
?>
>
>
»
' : '';
$att = explode(',', substr($note['attachments'], 0, -1) );
$num = count($att);
foreach ($att as $myatt)
{
list($att_id, $att_name) = explode('#', $myatt);
// Can edit and delete note (attachments)?
if ($can_del_notes || $note['who'] == $_SESSION['id'])
{
// If this is the last attachment and no message, show "delete ticket" link
if ($num == 1 && strlen($note['message']) == 0)
{
echo ' »';
}
// Show "delete attachment" link
else
{
echo ' »';
}
}
echo '
'.$att_name.'
';
}
}
?>
:
:
:
';
if ( $email_id = hesk_isBannedEmail($ticket['email']) ) {
if ($can_unban_emails) {
echo '
'.$hesklang['unban_email'].'
';
} else {
echo $hesklang['eisban'];
}
} else {
echo '
'.$hesklang['savebanemail'].'
';
}
echo '';
}
// Format IP for lookup
if ($ticket['ip'] != '' && $ticket['ip'] != 'Unknown' && $ticket['ip'] != $hesklang['unknown']) {
echo '
';
}
}
/* Print attachments */
hesk_listAttachments($ticket['attachments'], 0 , $i);
// Show suggested KB articles
if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && ! empty($ticket['articles']) )
{
$suggested = array();
$suggested_list = '';
// Get article info from the database
$articles = hesk_dbQuery("SELECT `id`,`subject` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id` IN (".preg_replace('/[^0-9\,]/', '', $ticket['articles']).")");
while ($article=hesk_dbFetchAssoc($articles))
{
$suggested[$article['id']] = ''.$article['subject'].'';
}
// Loop through the IDs to preserve the order they were suggested in
$articles = explode(',', $ticket['articles']);
foreach ($articles as $article)
{
if ( isset($suggested[$article]) )
{
$suggested_list .= $suggested[$article];
}
}
// Finally print suggested articles
if ( strlen($suggested_list) )
{
?>
'.$hesklang['sska'].'
'.$suggested_list.'';
}
?>
»
' : '';
$att = explode(',', substr($note['attachments'], 0, -1) );
$num = count($att);
foreach ($att as $myatt)
{
list($att_id, $att_name) = explode('#', $myatt);
// Can edit and delete note (attachments)?
if ($can_del_notes || $note['who'] == $_SESSION['id'])
{
// If this is the last attachment and no message, show "delete ticket" link
if ($num == 1 && strlen($note['message']) == 0)
{
echo ' »';
}
// Show "delete attachment" link
else
{
echo ' »';
}
}
echo '
'.$att_name.'
';
}
}
?>
".$ticket['id']." AND `email` <> '' AND ".hesk_dbFormatEmail($first_email)." ORDER BY `lastchange` DESC LIMIT " . ($show_previous_tickets+1));
$past_num = hesk_dbNumRows($res);
?>
';
$_SESSION['new']['errors'] = $errors;
hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
}
else
{
/* Update database */
hesk_dbQuery(
"UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET
`name`='".hesk_dbEscape($_SESSION['new']['name'])."',
`email`='".hesk_dbEscape($_SESSION['new']['email'])."',
`signature`='".hesk_dbEscape($_SESSION['new']['signature'])."',
$sql_username
`afterreply`='".($_SESSION['new']['afterreply'])."' ,
".($hesk_settings['time_worked'] ? "`autostart`='".($_SESSION['new']['autostart'])."'," : '')."
`autoreload`='".($_SESSION['new']['autoreload'])."' ,
`notify_customer_new`='".($_SESSION['new']['notify_customer_new'])."' ,
`notify_customer_reply`='".($_SESSION['new']['notify_customer_reply'])."' ,
`show_suggested`='".($_SESSION['new']['show_suggested'])."' ,
`notify_new_unassigned`='".($_SESSION['new']['notify_new_unassigned'])."' ,
`notify_overdue_unassigned`='".($_SESSION['new']['notify_overdue_unassigned'])."' ,
`notify_new_my`='".($_SESSION['new']['notify_new_my'])."' ,
`notify_overdue_my`='".($_SESSION['new']['notify_overdue_my'])."' ,
`notify_reply_unassigned`='".($_SESSION['new']['notify_reply_unassigned'])."' ,
`notify_reply_my`='".($_SESSION['new']['notify_reply_my'])."' ,
`notify_assigned`='".($_SESSION['new']['notify_assigned'])."' ,
`notify_pm`='".($_SESSION['new']['notify_pm'])."',
`notify_note`='".($_SESSION['new']['notify_note'])."'
WHERE `id`='".intval($_SESSION['id'])."'"
);
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
// Do we need a new session_veify tag?
if ( strlen($sql_username) )
{
$res = hesk_dbQuery('SELECT `pass` FROM `'.hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1");
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], hesk_dbResult($res) );
}
/* Update session variables */
foreach ($_SESSION['new'] as $k => $v)
{
$_SESSION[$k] = $v;
}
unset($_SESSION['new']);
hesk_cleanSessionVars('as_notify');
hesk_process_messages($hesklang['profile_updated_success'],'profile.php','SUCCESS');
}
} // End update_profile()
?>
PK ~3Yq]1 \ \ admin_settings_email.phpnu [ install folder from your server for security reasons then refresh this page!');}
// Get all the required files and functions
require(HESK_PATH . 'hesk_settings.inc.php');
// Save the default language for the settings page before choosing user's preferred one
$hesk_settings['language_default'] = $hesk_settings['language'];
require(HESK_PATH . 'inc/common.inc.php');
$hesk_settings['language'] = $hesk_settings['language_default'];
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/setup_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
// Check permissions for this feature
hesk_checkPermission('can_man_settings');
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
$help_folder = '../language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/help_files/';
$enable_save_settings = 0;
$enable_use_attachments = 0;
// Print header
require_once(HESK_PATH . 'inc/header.inc.php');
// Print main manage users page
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
// Demo mode? Hide values of sensitive settings
$hesk_settings['db_pfix_real'] = $hesk_settings['db_pfix'];
if ( defined('HESK_DEMO') )
{
require_once(HESK_PATH . 'inc/admin_settings_demo.inc.php');
}
/* This will handle error, success and notice messages */
hesk_handle_messages();
// Check file attachment limits
if ($hesk_settings['attachments']['use'] && ! defined('HESK_DEMO') )
{
// If SMTP server is used, "From email" should match SMTP username
if ($hesk_settings['smtp'] && strtolower($hesk_settings['smtp_user']) != strtolower($hesk_settings['noreply_mail']) && hesk_validateEmail($hesk_settings['smtp_user'], 'ERR', 0))
{
hesk_show_notice(sprintf($hesklang['from_warning2'], $hesklang['email_noreply'], $hesk_settings['smtp_user']));
}
// If POP3 fetching is active, no user should have the same email address
if ($hesk_settings['pop3'] && hesk_validateEmail($hesk_settings['pop3_user'], 'ERR', 0))
{
$res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` LIKE '".hesk_dbEscape($hesk_settings['pop3_user'])."'");
if (hesk_dbNumRows($res) > 0)
{
hesk_show_notice(sprintf($hesklang['pop3_warning'], hesk_dbResult($res,0,0), $hesk_settings['pop3_user']) . "
" . $hesklang['fetch_warning'], $hesklang['warn']);
}
}
// If IMAP fetching is active, no user should have the same email address
if ($hesk_settings['imap'] && hesk_validateEmail($hesk_settings['imap_user'], 'ERR', 0))
{
$res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` LIKE '".hesk_dbEscape($hesk_settings['imap_user'])."'");
if (hesk_dbNumRows($res) > 0)
{
hesk_show_notice(sprintf($hesklang['imap_warning'], hesk_dbResult($res,0,0), $hesk_settings['imap_user']) . "
';
}
// Clear the cache folder
hesk_purge_cache('kb');
hesk_purge_cache('cf');
hesk_purge_cache('export', 14400);
hesk_purge_cache('status');
// Is MFA enabled? If so, forcibly enroll users who aren't using MFA
if ($section === 'HELP_DESK' && hesk_getProperty($set, 'require_mfa')) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `mfa_enrollment` = 1 WHERE `mfa_enrollment` = 0");
}
// Show the settings page and display any notices or success
$return_location = 'admin_settings_' . strtolower($section) . '.php';
if ( count($tmp) )
{
$errors = implode('