PK~3YϾ|!V!V admin_settings_knowledgebase.phpnu[install folder from your server for security reasons then refresh this page!');} // Get all the required files and functions require(HESK_PATH . 'hesk_settings.inc.php'); // Save the default language for the settings page before choosing user's preferred one $hesk_settings['language_default'] = $hesk_settings['language']; require(HESK_PATH . 'inc/common.inc.php'); $hesk_settings['language'] = $hesk_settings['language_default']; require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/setup_functions.inc.php'); hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); // Check permissions for this feature hesk_checkPermission('can_man_settings'); // Load custom fields require_once(HESK_PATH . 'inc/custom_fields.inc.php'); $help_folder = '../language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/help_files/'; $enable_save_settings = 0; $enable_use_attachments = 0; // Print header require_once(HESK_PATH . 'inc/header.inc.php'); // Print main manage users page require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); // Demo mode? Hide values of sensitive settings if ( defined('HESK_DEMO') ) { require_once(HESK_PATH . 'inc/admin_settings_demo.inc.php'); } /* This will handle error, success and notice messages */ hesk_handle_messages(); ?>

>
>
>

>
>
>

>

id="add-title"> id="edit-title">

'; hesk_handle_messages(); echo '
'; } $errors = hesk_SESSION(array('canned', 'errors')); $errors = is_array($errors) ? $errors : array(); ?>
>
' . $hesklang['sel_ticket_tpl'] . ''; $errors[] = 'id'; } $savename = hesk_input( hesk_POST('name') ); if (!$savename) { $hesk_error_buffer .= '
  • ' . $hesklang['ent_ticket_tpl_title'] . '
    • '; $errors[] = 'name'; } $msg = hesk_input( hesk_POST('msg') ); if (!$msg) { $hesk_error_buffer .= '
  • ' . $hesklang['ent_ticket_tpl_msg'] . '
    • '; $errors[] = 'msg'; } // Avoid problems with utf-8 newline chars in Javascript code, detect and remove them $msg = preg_replace('/\R/u', "\r\n", $msg); $_SESSION['canned']['what'] = 'EDIT'; $_SESSION['canned']['id'] = $id; $_SESSION['canned']['name'] = $savename; $_SESSION['canned']['msg'] = $msg; $_SESSION['canned']['errors'] = $errors; /* Any errors? */ if (strlen($hesk_error_buffer)) { $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'manage_ticket_templates.php?saved_replies='.$id); } if ($hesk_settings['staff_ticket_formatting'] == 2) { // Decode the message we encoded earlier $msg_html = hesk_html_entity_decode($msg); // Clean the HTML code and set the plaintext version require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); require(HESK_PATH . 'inc/html2text/html2text.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $msg_html = $purifier->heskPurify($msg_html); $msg = convert_html_to_text($msg_html); $msg = fix_newlines($msg); // Replace regular newlines with \r\n to match regular plaintext storage... but then get rid of any accidental \r\r\n outputs $msg = str_replace("\n", "\r\n", $msg); $msg = str_replace("\r\r\n", "\r\n", $msg); // Re-encode the message $msg = hesk_htmlspecialchars($msg); } else { $msg_html = hesk_makeURL($msg); $msg_html = nl2br($msg_html); } $result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `title`='".hesk_dbEscape($savename)."',`message`='".hesk_dbEscape($msg)."', `message_html`='".hesk_dbEscape($msg_html)."' WHERE `id`='".intval($id)."'"); $_SESSION['canned']['selcat2'] = $id; unset($_SESSION['canned']['what']); unset($_SESSION['canned']['id']); unset($_SESSION['canned']['name']); unset($_SESSION['canned']['msg']); unset($_SESSION['canned']['errors']); hesk_process_messages($hesklang['ticket_tpl_saved'],'manage_ticket_templates.php?saved_replies='.$id,'SUCCESS'); } // End edit_saved() function new_saved() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $hesk_error_buffer = ''; $errors = array(); $savename = hesk_input( hesk_POST('name') ); if (!$savename) { $hesk_error_buffer .= '
  • ' . $hesklang['ent_ticket_tpl_title'] . '
    • '; $errors[] = 'name'; } $msg = hesk_input( hesk_POST('msg') ); if (!$msg) { $hesk_error_buffer .= '
  • ' . $hesklang['ent_ticket_tpl_msg'] . '
    • '; $errors[] = 'msg'; } // Avoid problems with utf-8 newline chars in Javascript code, detect and remove them $msg = preg_replace('/\R/u', "\r\n", $msg); $_SESSION['canned']['what'] = 'NEW'; $_SESSION['canned']['name'] = $savename; $_SESSION['canned']['msg'] = $msg; $_SESSION['canned']['errors'] = $errors; /* Any errors? */ if (strlen($hesk_error_buffer)) { $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'manage_ticket_templates.php'); } if ($hesk_settings['staff_ticket_formatting'] == 2) { // Decode the message we encoded earlier $msg_html = hesk_html_entity_decode($msg); // Clean the HTML code and set the plaintext version require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); require(HESK_PATH . 'inc/html2text/html2text.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $msg_html = $purifier->heskPurify($msg_html); $msg = convert_html_to_text($msg_html); $msg = fix_newlines($msg); // Replace regular newlines with \r\n to match regular plaintext storage... but then get rid of any accidental \r\r\n outputs $msg = str_replace("\n", "\r\n", $msg); $msg = str_replace("\r\r\n", "\r\n", $msg); // Re-encode the message $msg = hesk_htmlspecialchars($msg); } else { $msg_html = hesk_makeURL($msg); $msg_html = nl2br($msg_html); } /* Get the latest tpl_order */ $result = hesk_dbQuery('SELECT `tpl_order` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` DESC LIMIT 1'); $row = hesk_dbFetchRow($result); $my_order = isset($row[0]) ? intval($row[0]) + 10 : 10; hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` (`title`,`message`,`message_html`,`tpl_order`) VALUES ('".hesk_dbEscape($savename)."','".hesk_dbEscape($msg)."','".hesk_dbEscape($msg_html)."','".intval($my_order)."')"); $_SESSION['canned']['selcat2'] = hesk_dbInsertID(); unset($_SESSION['canned']['what']); unset($_SESSION['canned']['name']); unset($_SESSION['canned']['msg']); unset($_SESSION['canned']['errors']); hesk_process_messages($hesklang['ticket_tpl_saved'],'manage_ticket_templates.php','SUCCESS'); } // End new_saved() function remove() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $mysaved = intval( hesk_GET('id') ) or hesk_error($hesklang['id_not_valid']); hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` WHERE `id`='".intval($mysaved)."'"); if (hesk_dbAffectedRows() != 1) { hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found]."); } hesk_process_messages($hesklang['ticket_tpl_removed'],'manage_ticket_templates.php','SUCCESS'); } // End remove() function order_saved() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $tplid = intval( hesk_GET('replyid') ) or hesk_error($hesklang['ticket_tpl_id']); $_SESSION['canned']['selcat2'] = $tplid; $tpl_move = intval( hesk_GET('move') ); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `tpl_order`=`tpl_order`+".intval($tpl_move)." WHERE `id`='".intval($tplid)."'"); if (hesk_dbAffectedRows() != 1) {hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");} /* Update all category fields with new order */ $result = hesk_dbQuery('SELECT `id` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` ASC'); $i = 10; while ($mytpl=hesk_dbFetchAssoc($result)) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `tpl_order`=".intval($i)." WHERE `id`='".intval($mytpl['id'])."'"); $i += 10; } header('Location: manage_ticket_templates.php'); exit(); } // End order_saved() ?> PK~3Yx x lock.phpnu[ PK~3Y/Uassign_owner.phpnu['.$hesklang['unas'].'',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); $res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0, `assignedby`=NULL, `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."'"); hesk_process_messages($hesklang['tunasi2'],$_SERVER['PHP_SELF'],'SUCCESS'); } elseif ($owner < 1) { hesk_process_messages($hesklang['nose'],$_SERVER['PHP_SELF'],'NOTICE'); } /* Verify the new owner and permissions */ $res = hesk_dbQuery("SELECT `id`,`user`,`name`,`email`,`isadmin`,`categories`,`notify_assigned` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$owner}' LIMIT 1"); $row = hesk_dbFetchAssoc($res); /* Has new owner access to the category? */ if ( ! $row['isadmin']) { $row['categories']=explode(',',$row['categories']); if (!in_array($ticket['category'],$row['categories'])) { hesk_error($hesklang['unoa']); } } // Make sure two people don't assign a ticket to a different user at the same time if ($ticket['owner'] && $ticket['owner'] != $owner && hesk_REQUEST('unassigned') && hesk_GET('confirm') != 'Y') { $new_owner = ($owner == $_SESSION['id']) ? $hesklang['scoy'] : sprintf($hesklang['scot'], $row['name']); $res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$ticket['owner']}' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $row = hesk_dbFetchAssoc($res); hesk_process_messages( sprintf($hesklang['taat'], $row['name']) . '

    ' . $new_owner . '

    ' . ''.$hesklang['ycto'].' | ' . ''.$hesklang['ncto'].'', $_SERVER['PHP_SELF'], 'NOTICE' ); } } /* Assigning to self? */ if ($can_assign_others || ($owner == $_SESSION['id'] && $can_assign_self)) { $assignedby = intval(hesk_SESSION('id')); if ($assignedby > 0) { $assignedby = ',`assignedby`=' . $assignedby; } else { $assignedby = ''; } $revision = sprintf($hesklang['thist2'],hesk_date(),addslashes($row['name']).' ('.$row['user'].')',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); $res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`={$owner} {$assignedby}, `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."'"); if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others',0)) { $_SERVER['PHP_SELF']='admin_main.php'; } } else { hesk_error($hesklang['no_permission']); } $ticket['owner'] = $owner; /* --> Prepare message */ // 1. Generate the array with ticket info that can be used in emails $info = array( 'email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'message_html' => $ticket['message_html'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'due_date' => hesk_format_due_date($ticket['due_date']), 'id' => $ticket['id'], 'time_worked' => $ticket['time_worked'], 'last_reply_by' => hesk_getReplierName($ticket), ); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); /* Notify the new owner? */ if ($ticket['owner'] != intval($_SESSION['id'])) { hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you'); } $tmp = ($owner == $_SESSION['id']) ? $hesklang['tasy'] : $hesklang['taso']; hesk_process_messages($tmp,$_SERVER['PHP_SELF'],'SUCCESS'); ?> PK~3Y%%generate_spam_question.phpnu[
    PK~3YkSSshow_tickets.phpnu[
     

     

    PK~3Y%change_status.phpnu[ array('value' => 0, 'text' => $hesklang['critical'], 'formatted' => $hesklang['critical']), 'high' => array('value' => 1, 'text' => $hesklang['high'], 'formatted' => $hesklang['high']), 'medium' => array('value' => 2, 'text' => $hesklang['medium'], 'formatted' => $hesklang['medium']), 'low' => array('value' => 3, 'text' => $hesklang['low'], 'formatted' => $hesklang['low']), ); // Assign tickets to if ( isset($_POST['action-type']) && $_POST['action-type'] == 'assi') { if ( ! isset($_POST['owner']) || $_POST['owner'] == '') { hesk_process_messages($hesklang['assign_no'], $referer, 'NOTICE'); } $end_message = array(); $num_assigned = 0; // Permissions $can_assign_others = hesk_checkPermission('can_assign_others',0); if ($can_assign_others) { $can_assign_self = TRUE; } else { $can_assign_self = hesk_checkPermission('can_assign_self',0); } $owner = intval( hesk_POST('owner') ); if ($owner == -1) { foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); $revision = sprintf($hesklang['thist2'],hesk_date(),''.$hesklang['unas'].'',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); $res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0 , `assignedby`=NULL , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`={$this_id} LIMIT 1"); $end_message[] = sprintf($hesklang['assign_2'], $this_id); $i++; } hesk_process_messages($hesklang['assign_1'],$referer,'SUCCESS'); } $res = hesk_dbQuery("SELECT `id`,`user`,`name`,`email`,`isadmin`,`categories`,`notify_assigned` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$owner}' LIMIT 1"); $owner_data = hesk_dbFetchAssoc($res); if ( ! $owner_data['isadmin']) { $owner_data['categories']=explode(',',$owner_data['categories']); } require(HESK_PATH . 'inc/email_functions.inc.php'); foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`={$this_id} LIMIT 1"); if (hesk_dbNumRows($result) != 1) { continue; } $ticket = hesk_dbFetchAssoc($result); if ( $ticket['owner'] == $owner ) { $end_message[] = sprintf($hesklang['assign_3'], $ticket['trackid'], $owner_data['name']); $i++; continue; } if ( $owner_data['isadmin'] || in_array($ticket['category'],$owner_data['categories'])) { $revision = sprintf($hesklang['thist2'],hesk_date(),addslashes($owner_data['name']).' ('.$owner_data['user'].')',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`={$owner} , `assignedby`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`={$this_id} LIMIT 1"); $end_message[] = sprintf($hesklang['assign_4'], $ticket['trackid'], $owner_data['name']); $num_assigned++; $ticket['owner'] = $owner; /* --> Prepare message */ // 1. Generate the array with ticket info that can be used in emails $info = array( 'email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'message_html' => $ticket['message_html'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'due_date' => hesk_format_due_date($ticket['due_date']), 'id' => $ticket['id'], 'time_worked' => $ticket['time_worked'], 'last_reply_by' => hesk_getReplierName($ticket), ); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); /* Notify the new owner? */ if ($ticket['owner'] != intval($_SESSION['id'])) { hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you'); } } else { $end_message[] = sprintf($hesklang['assign_5'], $ticket['trackid'], $owner_data['name']); } $i++; } hesk_process_messages(sprintf($hesklang['assign_log'], $num_assigned, ($i - $num_assigned), implode("\n", $end_message)),$referer,($num_assigned == 0) ? 'ERROR' : ($num_assigned < $i ? 'NOTICE' : 'SUCCESS')); } // Change priority if ( array_key_exists($_POST['a'], $priorities) ) { // A security check hesk_token_check('POST'); // Priority info $priority = $priorities[$_POST['a']]; foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); $result = hesk_dbQuery("SELECT `priority`, `category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`={$this_id} LIMIT 1"); if (hesk_dbNumRows($result) != 1) { continue; } $ticket = hesk_dbFetchAssoc($result); if ($ticket['priority'] == $priority['value']) { continue; } hesk_okCategory($ticket['category']); $revision = sprintf($hesklang['thist8'],hesk_date(),$priority['formatted'],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`={$this_id}"); $i++; } hesk_process_messages($hesklang['pri_set_to'].' '.$priority['formatted'],$referer,'SUCCESS'); } /* DELETE */ elseif ($_POST['a']=='delete') { /* Check permissions for this feature */ hesk_checkPermission('can_del_tickets'); /* A security check */ hesk_token_check('POST'); foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { continue; } $ticket = hesk_dbFetchAssoc($result); hesk_okCategory($ticket['category']); hesk_fullyDeleteTicket(); $i++; } hesk_process_messages(sprintf($hesklang['num_tickets_deleted'],$i),$referer,'SUCCESS'); } /* MERGE TICKETS */ elseif ($_POST['a']=='merge') { /* Check permissions for this feature */ hesk_checkPermission('can_merge_tickets'); /* A security check */ hesk_token_check('POST'); /* Sort IDs, tickets will be merged to the lowest ID */ sort($_POST['id'], SORT_NUMERIC); /* Select lowest ID as the target ticket */ $merge_into = array_shift($_POST['id']); /* Merge tickets or throw an error */ if ( hesk_mergeTickets( $_POST['id'] , $merge_into ) ) { hesk_process_messages($hesklang['merged'],$referer,'SUCCESS'); } else { $hesklang['merge_err'] .= ' ' . $_SESSION['error']; hesk_cleanSessionVars($_SESSION['error']); hesk_process_messages($hesklang['merge_err'],$referer); } } /* TAG/UNTAG TICKETS */ elseif ($_POST['a']=='tag' || $_POST['a']=='untag') { /* Check permissions for this feature */ hesk_checkPermission('can_add_archive'); /* A security check */ hesk_token_check('POST'); if ($_POST['a']=='tag') { $archived = 1; $action = $hesklang['num_tickets_tag']; } else { $archived = 0; $action = $hesklang['num_tickets_untag']; } foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { continue; } $ticket = hesk_dbFetchAssoc($result); hesk_okCategory($ticket['category']); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `archive`='$archived' WHERE `id`='".intval($this_id)."'"); $i++; } hesk_process_messages(sprintf($action,$i),$referer,'SUCCESS'); } /* EXPORT */ elseif ($_POST['a']=='export') { /* Check permissions for this feature */ hesk_checkPermission('can_export'); /* A security check */ hesk_token_check('POST'); $ids_to_export = array(); foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $ids_to_export[] = intval($this_id) or hesk_error($hesklang['id_not_valid']); $i++; } if ($i < 1) { hesk_process_messages($hesklang['no_selected'], $referer, 'NOTICE'); } // Start SQL statement for selecting tickets $sql = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id` IN (".implode(',', $ids_to_export).") "; $sql .= " AND " . hesk_myCategories(); $sql .= " AND " . hesk_myOwnership(); require_once(HESK_PATH . 'inc/custom_fields.inc.php'); require_once(HESK_PATH . 'inc/statuses.inc.php'); require(HESK_PATH . 'inc/export_functions.inc.php'); list($success_msg, $tickets_exported) = hesk_export_to_XML($sql, true); if ($tickets_exported > 0) { hesk_process_messages($success_msg,$referer,'SUCCESS'); } else { hesk_process_messages($hesklang['n2ex'],$referer,'NOTICE'); } } /* ANONYMIZE */ elseif ($_POST['a']=='anonymize') { /* Check permissions for this feature */ hesk_checkPermission('can_privacy'); /* A security check */ hesk_token_check('POST'); require(HESK_PATH . 'inc/privacy_functions.inc.php'); foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); $result = hesk_dbQuery("SELECT `id`,`trackid`,`name`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' AND ".hesk_myOwnership()." LIMIT 1"); if (hesk_dbNumRows($result) != 1) { continue; } $ticket = hesk_dbFetchAssoc($result); hesk_okCategory($ticket['category']); hesk_anonymizeTicket(null, null, true); $i++; } hesk_process_messages(sprintf($hesklang['num_tickets_anon'],$i),$referer,'SUCCESS'); } /* PRINT */ elseif ($_POST['a']=='print') { /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); /* A security check */ hesk_token_check('POST'); // Load custom fields require_once(HESK_PATH . 'inc/custom_fields.inc.php'); // Load statuses require_once(HESK_PATH . 'inc/statuses.inc.php'); // List of staff if (!isset($admins)) { $admins = array(); $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `id` ASC"); while ($row=hesk_dbFetchAssoc($res2)) { $admins[$row['id']]=$row['name']; } } // List of categories $hesk_settings['categories'] = array(); $res2 = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` WHERE ' . hesk_myCategories('id') . ' ORDER BY `cat_order` ASC'); while ($row=hesk_dbFetchAssoc($res2)) { $hesk_settings['categories'][$row['id']] = $row['name']; } // Print page head header('Content-Type: text/html; charset=utf-8'); $tickets = array(); // Loop through ticket IDs and print them foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { continue; } $ticket = hesk_dbFetchAssoc($result); // Check that we have proper permissions to view this ticket hesk_okCategory($ticket['category']); $can_view_ass_by = hesk_checkPermission('can_view_ass_by', 0); $can_view_unassigned = hesk_checkPermission('can_view_unassigned',0); if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && ! hesk_checkPermission('can_view_ass_others',0)) { // Maybe this user is allowed to view tickets he/she assigned? if ( ! $can_view_ass_by || $ticket['assignedby'] != $_SESSION['id']) { hesk_error($hesklang['ycvtao']); } } if (!$ticket['owner'] && ! $can_view_unassigned) { hesk_error($hesklang['ycovtay']); } // All good, continue... $category['name'] = isset($hesk_settings['categories'][$ticket['category']]) ? $hesk_settings['categories'][$ticket['category']] : $hesklang['catd']; // Get replies $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='{$ticket['id']}' ORDER BY `id` ASC"); // Get notes $notes = array(); $res2 = hesk_dbQuery("SELECT t1.*, t2.`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` AS t1 LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."users` AS t2 ON t1.`who` = t2.`id` WHERE `ticket`='{$ticket['id']}' ORDER BY t1.`id`"); while ($note = hesk_dbFetchAssoc($res2)) { $notes[] = $note; } $ticket['notes'] = $notes; $ticket['replies'] = $res; $ticket['categoryName'] = $category['name']; $tickets[] = $ticket; } // Print tickets require(HESK_PATH . 'inc/print_template.inc.php'); flush(); exit(); } /* JUST CLOSE */ else { /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_resolve'); /* A security check */ hesk_token_check('POST'); // Will we need ticket notifications? if ($hesk_settings['notify_closed']) { require(HESK_PATH . 'inc/email_functions.inc.php'); } $revision = sprintf($hesklang['thist3'],hesk_date(),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); $result = hesk_dbQuery("SELECT " . ($hesk_settings['notify_closed'] ? '*' : '`category`') . " FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1"); $ticket = hesk_dbFetchAssoc($result); hesk_okCategory($ticket['category']); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='3', `closedat`=NOW(), `closedby`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($this_id)."'"); $i++; // Notify customer of closed ticket? if ($hesk_settings['notify_closed']) { $ticket['dt'] = hesk_date($ticket['dt'], true); $ticket['lastchange'] = hesk_date($ticket['lastchange'], true); $ticket = hesk_ticketToPlain($ticket, 1, 0); hesk_notifyCustomer('ticket_closed'); } } hesk_process_messages(sprintf($hesklang['num_tickets_closed'],$i),$referer,'SUCCESS'); } /*** START FUNCTIONS ***/ function hesk_fullyDeleteTicket() { global $hesk_settings, $hesklang, $ticket; /* Delete attachment files */ $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `ticket_id`='".hesk_dbEscape($ticket['trackid'])."'"); if (hesk_dbNumRows($res)) { $hesk_settings['server_path'] = dirname(dirname(__FILE__)); while ($file = hesk_dbFetchAssoc($res)) { hesk_unlink($hesk_settings['server_path'].'/'.$hesk_settings['attach_dir'].'/'.$file['saved_name']); } } /* Delete attachments info from the database */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `ticket_id`='".hesk_dbEscape($ticket['trackid'])."'"); /* Delete the ticket */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($ticket['id'])."'"); /* Delete replies to the ticket */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."'"); /* Delete ticket notes */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($ticket['id'])."'"); /* Delete ticket reply drafts */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `ticket`=".intval($ticket['id'])); return true; } ?> PK~3YJr((admin_settings_general.phpnu[install folder from your server for security reasons then refresh this page!');} // Get all the required files and functions require(HESK_PATH . 'hesk_settings.inc.php'); // Save the default language for the settings page before choosing user's preferred one $hesk_settings['language_default'] = $hesk_settings['language']; require(HESK_PATH . 'inc/common.inc.php'); $hesk_settings['language'] = $hesk_settings['language_default']; require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/setup_functions.inc.php'); hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); // Check permissions for this feature hesk_checkPermission('can_man_settings'); // Load custom fields require_once(HESK_PATH . 'inc/custom_fields.inc.php'); // Test languages function if (isset($_GET['test_languages'])) { hesk_testLanguage(0); } elseif (isset($_GET['test_themes'])) { hesk_testTheme(0); } $help_folder = '../language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/help_files/'; $enable_save_settings = 0; $enable_use_attachments = 0; // Print header require_once(HESK_PATH . 'inc/header.inc.php'); // Print main manage users page require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); // Demo mode? Hide values of sensitive settings if ( defined('HESK_DEMO') ) { require_once(HESK_PATH . 'inc/admin_settings_demo.inc.php'); } /* This will handle error, success and notice messages */ hesk_handle_messages(); ?>

    >

    /$subdir\n"; $themes .= " |-> /customer\n"; $err = ''; //region Create Ticket $files_to_test = array('category-select.php', 'create-ticket.php', 'create-ticket-confirmation.php'); $themes .= " |-> /create-ticket: "; foreach ($files_to_test as $test_file) { if (!file_exists($dir . $subdir . '/customer/create-ticket/' . $test_file)) { $err .= " |----> MISSING: $test_file\n"; } } if ($err) { $add = 0; $themes .= "ERROR\n$err"; } else { $themes .= "OK\n"; } //endregion $err = ''; //region Knowledgebase $files_to_test = array('search-results.php', 'view-article.php', 'view-category.php'); $themes .= " |-> /knowledgebase: "; foreach ($files_to_test as $test_file) { if (!file_exists($dir . $subdir . '/customer/knowledgebase/' . $test_file)) { $err .= " |----> MISSING: $test_file\n"; } } if ($err) { $add = 0; $themes .= "ERROR\n$err"; } else { $themes .= "OK\n"; } //endregion $err = ''; //region View Ticket $files_to_test = array('form.php', 'view-ticket.php'); $themes .= " |-> /view-ticket"; foreach ($files_to_test as $test_file) { if (!file_exists($dir . $subdir . '/customer/view-ticket/' . $test_file)) { $err .= " |----> MISSING: $test_file\n"; } } if ($err) { $add = 0; $themes .= "ERROR\n$err"; } else { $themes .= ": OK\n"; } //endregion //region Solo files $files_to_test = array('error.php', 'index.php', 'maintenance.php'); foreach ($files_to_test as $test_file) { if (!file_exists($dir . $subdir . '/customer/' . $test_file)) { $add = 0; $themes .= " |----> MISSING: $test_file\n"; } else { $themes .= " |-> $test_file: OK\n"; } } //endregion if (!file_exists($dir . $subdir . '/print-ticket.php')) { $add = 0; $themes .= " |----> MISSING: print-ticket.php\n"; } else { $themes .= " |-> print-ticket.php: OK\n"; } if (!file_exists($dir . $subdir . '/config.json')) { $add = 0; $themes .= " |----> MISSING: config.json\n"; } else { $themes .= " |-> config.json: OK\n"; } } // Build markup if ($add) { // Pull the name from config.json $config = file_get_contents($dir . $subdir . '/config.json'); $config_json = json_decode($config, true); $html .= ''; } } if ($return_options) { return $html; } else { ?> <?php echo $hesklang['test_theme_folder']; ?>

    |

    /$subdir\n"; $text .= " |-> text.php: "; if (file_exists($langu)) { $tmp = file_get_contents($langu); // Some servers add slashes to file_get_contents output if ( strpos ($tmp, '[\\\'LANGUAGE\\\']') !== false ) { $tmp = stripslashes($tmp); } $err = ''; if (!preg_match('/\$hesklang\[\'LANGUAGE\'\]\=\'(.*)\'\;/',$tmp,$l)) { $err .= " |----> MISSING: \$hesklang['LANGUAGE']\n"; } if (strpos($tmp,'$hesklang[\'ENCODING\']') === false) { $err .= " |----> MISSING: \$hesklang['ENCODING']\n"; } if (strpos($tmp,'$hesklang[\'_COLLATE\']') === false) { $err .= " |----> MISSING: \$hesklang['_COLLATE']\n"; } if (strpos($tmp,'$hesklang[\'EMAIL_HR\']') === false) { $err .= " |----> MISSING: \$hesklang['EMAIL_HR']\n"; } /* Check if language file is for current version */ if (strpos($tmp,'$hesklang[\'email_authentication_method\']') === false) { $err .= " |----> WRONG VERSION (not ".$hesk_settings['hesk_version'].")\n"; } if ($err) { $text .= "ERROR\n" . $err; $add = 0; } else { $l[1] = hesk_input($l[1]); $l[1] = str_replace('|',' ',$l[1]); $text .= "OK ($l[1])\n"; } } else { $text .= "ERROR\n"; $text .= " |----> MISSING: text.php\n"; $add = 0; } /* Check emails folder */ $text .= " |-> /emails: "; if (file_exists($email) && filetype($email) == 'dir') { $err = ''; foreach ($valid_emails as $eml) { if (!file_exists($email.'/'.$eml.'.txt')) { $err .= " |----> MISSING: $eml.txt\n"; } } if ($err) { $text .= "ERROR\n" . $err; $add = 0; } else { $text .= "OK\n"; } } else { $text .= "ERROR\n"; $text .= " |----> MISSING: /emails folder\n"; $add = 0; } $text .= " |-> /html_emails: "; if (file_exists($html_email) && filetype($html_email) == 'dir') { $err = ''; foreach ($valid_emails as $eml) { if (!file_exists($html_email.'/'.$eml.'.txt')) { $err .= " |----> MISSING: $eml.txt\n"; } } if ($err) { $text .= "ERROR\n" . $err; $add = 0; } else { $text .= "OK\n"; } } else { $text .= "ERROR\n"; $text .= " |----> MISSING: /html_emails folder\n"; $add = 0; } $text .= "\n"; /* Add an option for the
    '; } elseif ($can_manage_this_user) { $autoassign_code = ' '; } else { $autoassign_code = ''; } } else { $autoassign_code = ''; } echo << $myuser[name] $myuser[email] $myuser[user] $myuser[isadmin] EOC; if ($hesk_settings['rating']) { $alt = $myuser['rating'] ? sprintf($hesklang['rated'], sprintf("%01.1f", $myuser['rating']), ($myuser['ratingneg']+$myuser['ratingpos'])) : $hesklang['not_rated']; echo ' '.hesk3_get_rating($myuser['rating']).' '; } if ($hesk_settings['autoassign']) { echo '' . $autoassign_code . ''; } $mfa_enrollment = intval($myuser['mfa_enrollment']); $mfa_status = $hesklang['mfa_method_none']; $mfa_reset = ''; $modal_id = hesk_generate_delete_modal($hesklang['mfa_reset_to_default'], $hesklang['mfa_reset_confirm'], 'manage_users.php?a=resetmfa&id='.$myuser['id'].'&token='.hesk_token_echo(0), $hesklang['mfa_reset_yes']); if ($mfa_enrollment === 1) { $mfa_status = $hesklang['mfa_method_email']; if (!$hesk_settings['require_mfa'] && $can_manage_this_user) { $mfa_reset = '
    '; } } elseif ($mfa_enrollment === 2) { $mfa_status = $hesklang['mfa_method_auth_app_short']; if ($can_manage_this_user) { $mfa_reset = '
    '; } } echo <<$mfa_status $mfa_reset

    $edit_code $remove_code

    EOC; } // End while ?>
    >

    '; hesk_handle_messages(); echo '
    '; } ?>
    ' . $hesklang['enter_real_name'] . ''; $errors[] = 'name'; } if (hesk_validateEmail( hesk_POST('email'), 'ERR', 0)) { $myuser['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0); } else { $hesk_error_buffer .= '
  • ' . $hesklang['enter_valid_email'] . '
    • '; $errors[] = 'email'; } if (hesk_input( hesk_POST('user') )) { $myuser['user'] = hesk_input(hesk_POST('user')); } else { $hesk_error_buffer .= '
  • ' . $hesklang['enter_username'] . '
    • '; $errors[] = 'user'; } $myuser['isadmin'] = empty($_POST['isadmin']) ? 0 : 1; $myuser['signature'] = hesk_input( hesk_POST('signature') ); $myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0; /* If it's not admin at least one category and fature is required */ $myuser['categories'] = array(); $myuser['features'] = array(); if ($myuser['isadmin']==0) { if (empty($_POST['categories']) || ! is_array($_POST['categories']) ) { $hesk_error_buffer .= '
  • ' . $hesklang['asign_one_cat'] . '
    • '; $errors[] = 'categories'; } else { foreach ($_POST['categories'] as $tmp) { if (is_array($tmp)) { continue; } if ($tmp = intval($tmp)) { $myuser['categories'][] = $tmp; } } } if (empty($_POST['features']) || ! is_array($_POST['features']) ) { $hesk_error_buffer .= '
  • ' . $hesklang['asign_one_feat'] . '
    • '; $errors[] = 'features'; } else { foreach ($_POST['features'] as $tmp) { if (in_array($tmp,$hesk_settings['features'])) { $myuser['features'][] = $tmp; } } } // One needs view tickets permissions in one has reply to permission if (in_array('can_reply_tickets', $myuser['features'])) { $myuser['features'][] = 'can_view_tickets'; } } if (hesk_mb_strlen($myuser['signature'])>1000) { $hesk_error_buffer .= '
  • ' . $hesklang['signature_long'] . '
    • '; $errors[] = 'signature'; } /* Password */ $myuser['cleanpass'] = ''; $newpass = hesk_input( hesk_POST('newpass') ); $passlen = strlen($newpass); if ($pass_required || $passlen > 0) { /* At least 5 chars? */ if ($passlen < 5) { $hesk_error_buffer .= '
  • ' . $hesklang['password_not_valid'] . '
    • '; $errors[] = 'passwords'; } // Too long? elseif ($passlen > 64) { $hesk_error_buffer .= '
  • ' . $hesklang['pass_len'] . '
    • '; $errors[] = 'passwords'; } /* Check password confirmation */ else { $newpass2 = hesk_input( hesk_POST('newpass2') ); if ($newpass != $newpass2) { $hesk_error_buffer .= '
  • ' . $hesklang['passwords_not_same'] . '
    • '; $errors[] = 'passwords'; } else { $myuser['pass'] = hesk_password_hash($newpass); $myuser['cleanpass'] = $newpass; define('PASSWORD_CHANGED', true); } } } /* After reply */ $myuser['afterreply'] = intval( hesk_POST('afterreply') ); if ($myuser['afterreply'] != 1 && $myuser['afterreply'] != 2) { $myuser['afterreply'] = 0; } // Defaults $myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0; $myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0; $myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0; $myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0; $myuser['autoreload'] = isset($_POST['autoreload']) ? 1 : 0; if ($myuser['autoreload']) { $myuser['autoreload'] = intval(hesk_POST('reload_time')); if (hesk_POST('secmin') == 'min') { $myuser['autoreload'] *= 60; } if ($myuser['autoreload'] < 0 || $myuser['autoreload'] > 65535) { $myuser['autoreload'] = 30; } } /* Notifications */ $myuser['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) ? 0 : 1; $myuser['notify_overdue_unassigned'] = empty($_POST['notify_overdue_unassigned']) ? 0 : 1; $myuser['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1; $myuser['notify_overdue_my'] = empty($_POST['notify_overdue_my']) ? 0 : 1; $myuser['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) ? 0 : 1; $myuser['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1; $myuser['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1; $myuser['notify_note'] = empty($_POST['notify_note']) ? 0 : 1; $myuser['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1; /* Save entered info in session so we don't lose it in case of errors */ $_SESSION['userdata'] = $myuser; /* Any errors */ if (strlen($hesk_error_buffer)) { if ($myuser['isadmin']) { // Preserve default staff data for the form global $default_userdata; $_SESSION['userdata']['features'] = $default_userdata['features']; $_SESSION['userdata']['categories'] = $default_userdata['categories']; } $_SESSION['userdata']['errors'] = $errors; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,$redirect_to); } // "can_unban_emails" feature also enables "can_ban_emails" if ( in_array('can_unban_emails', $myuser['features']) && ! in_array('can_ban_emails', $myuser['features']) ) { $myuser['features'][] = 'can_ban_emails'; } // "can_unban_ips" feature also enables "can_ban_ips" if ( in_array('can_unban_ips', $myuser['features']) && ! in_array('can_ban_ips', $myuser['features']) ) { $myuser['features'][] = 'can_ban_ips'; } return $myuser; } // End hesk_validateUserInfo() function remove() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $myuser = intval( hesk_GET('id' ) ) or hesk_error($hesklang['no_valid_id']); /* You can't delete the default user */ if ($myuser == 1) { hesk_process_messages($hesklang['cant_del_admin'],'./manage_users.php'); } /* You can't delete your own account (the one you are logged in) */ if ($myuser == $_SESSION['id']) { hesk_process_messages($hesklang['cant_del_own'],'./manage_users.php'); } // Make sure we have permission to edit this user if ( ! compare_user_permissions($myuser)) { hesk_process_messages($hesklang['npea'],'manage_users.php'); } /* Un-assign all tickets for this user */ // Don't update resolved tickets "Last modified" // $res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0, `lastchange`=`lastchange` WHERE `owner`='".intval($myuser)."' AND `status` = '3'"); // For unresolved tickets, update the "Last modified" $res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0 WHERE `owner`='".intval($myuser)."' AND `status` <> '3'"); /* Delete user info */ $res = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($myuser)."'"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['int_error'].': '.$hesklang['user_not_found'],'./manage_users.php'); } /* Delete any user reply drafts */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`={$myuser}"); // Clear users' authentication and MFA tokens hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."auth_tokens` WHERE `user_id` = {$myuser}"); hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mfa_verification_tokens` WHERE `user_id` = {$myuser}"); // Refresh autoassign configs to ensure their ID is gone hesk_updateAutoassignConfigs(); hesk_process_messages($hesklang['sel_user_removed'],'./manage_users.php','SUCCESS'); } // End remove() function toggle_autoassign() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $myuser = intval( hesk_GET('id' ) ) or hesk_error($hesklang['no_valid_id']); $_SESSION['seluser'] = $myuser; if ( intval( hesk_GET('s') ) ) { $autoassign = 1; $tmp = $hesklang['uaaon']; } else { $autoassign = 0; $tmp = $hesklang['uaaoff']; } /* Update auto-assign settings */ $res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `autoassign`='{$autoassign}' WHERE `id`='".intval($myuser)."'"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['int_error'].': '.$hesklang['user_not_found'],'./manage_users.php'); } hesk_process_messages($tmp,'./manage_users.php','SUCCESS'); } // End toggle_autoassign() function reset_mfa() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); require(HESK_PATH . 'inc/mfa_functions.inc.php'); $myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']); // Make sure we have permission to edit this user if ( ! compare_user_permissions($myuser)) { hesk_process_messages($hesklang['npea'],'manage_users.php'); } $_SESSION['seluser'] = $myuser; $target_enrollment = 0; if ($hesk_settings['require_mfa']) { $target_enrollment = 1; } hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `mfa_enrollment` = {$target_enrollment}, `mfa_secret` = NULL WHERE `id` = {$myuser}"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['int_error'].': '.$hesklang['user_not_found'],'./manage_users.php'); } delete_mfa_backup_codes($myuser); delete_mfa_codes($myuser); hesk_process_messages($hesklang['mfa_reset'], './manage_users.php', 'SUCCESS'); } ?> PK~3YЧ/7/7admin_settings_help_desk.phpnu[install folder from your server for security reasons then refresh this page!');} // Get all the required files and functions require(HESK_PATH . 'hesk_settings.inc.php'); // Save the default language for the settings page before choosing user's preferred one $hesk_settings['language_default'] = $hesk_settings['language']; require(HESK_PATH . 'inc/common.inc.php'); $hesk_settings['language'] = $hesk_settings['language_default']; require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/setup_functions.inc.php'); hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); // Check permissions for this feature hesk_checkPermission('can_man_settings'); // Load custom fields require_once(HESK_PATH . 'inc/custom_fields.inc.php'); $help_folder = '../language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/help_files/'; $enable_save_settings = 0; $enable_use_attachments = 0; // Print header require_once(HESK_PATH . 'inc/header.inc.php'); // Print main manage users page require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); // Demo mode? Hide values of sensitive settings if ( defined('HESK_DEMO') ) { require_once(HESK_PATH . 'inc/admin_settings_demo.inc.php'); } /* This will handle error, success and notice messages */ hesk_handle_messages(); if ($hesk_settings['attachments']['use'] && ! defined('HESK_DEMO') ) { // Check number of attachments per post if (version_compare(phpversion(), '5.2.12', '>=') && @ini_get('max_file_uploads') && @ini_get('max_file_uploads') < $hesk_settings['attachments']['max_number']) { hesk_show_notice($hesklang['fatte1']); } // Check max attachment size $tmp = @ini_get('upload_max_filesize'); if ($tmp) { $last = strtoupper(substr($tmp, -1)); $number = substr($tmp, 0, -1); switch ($last) { case 'K': $tmp = $number * 1024; break; case 'M': $tmp = $number * 1048576; break; case 'G': $tmp = $number * 1073741824; break; default: $tmp = $number; } if ($tmp < $hesk_settings['attachments']['max_size']) { hesk_show_notice($hesklang['fatte2']); } } // Check max post size $tmp = @ini_get('post_max_size'); if ($tmp) { $last = strtoupper(substr($tmp, -1)); $number = substr($tmp, 0, -1); switch ($last) { case 'K': $tmp = $number * 1024; break; case 'M': $tmp = $number * 1048576; break; case 'G': $tmp = $number * 1073741824; break; default: $tmp = $number; } if ($tmp < ($hesk_settings['attachments']['max_size'] * $hesk_settings['attachments']['max_number'] + 524288)) { hesk_show_notice($hesklang['fatte3']); } } } ?>

    >
    >
    >
    >
    0 ? 'checked' : ''; $def = $hesk_settings['hide_replies']==-1 ? 'checked' : ''; ?>
    >
    >
    >
    0 ? 'checked' : ''; ?>
    >
    >

    >
    >
    >
    >
    >
    >
     
    >
    >

    onclick="hesk_toggleLayer('captcha','none')">
    onclick="hesk_toggleLayer('captcha','block')">
    onclick="hesk_toggleLayer('captcha','block')">
    >
    >
    >

    >
    >
    >
    >

    '.$hesklang['e_attach'].''; } ?>
    >
    $hesklang['B'] . ' (' . $hesklang['bytes'] . ')', 'kB' => $hesklang['kB'] . ' (' . $hesklang['kilobytes'] . ')', 'MB' => $hesklang['MB'] . ' (' . $hesklang['megabytes'] . ')', 'GB' => $hesklang['GB'] . ' (' . $hesklang['gigabytes'] . ')', ); $tmp = hesk_formatBytes($hesk_settings['attachments']['max_size'], 0); list($size, $unit) = explode(' ', $tmp); ?>
    >
    >

    ()

    >

    '; hesk_handle_messages(); echo '
    '; } $provider_name = hesk_SESSION(array('new_provider','name')); $authorization_url = hesk_SESSION(array('new_provider','authorization_url')); $token_url = hesk_SESSION(array('new_provider','token_url')); $client_id = hesk_SESSION(array('new_provider','client_id')); $client_secret = hesk_SESSION(array('new_provider','client_secret')); $scope = hesk_SESSION(array('new_provider','scope')); $no_val_ssl = hesk_SESSION(array('new_provider','no_val_ssl')); $errors = hesk_SESSION(array('new_provider','errors')); $errors = is_array($errors) ? $errors : array(); if ( ! hesk_SESSION('edit_provider') && isset($_SERVER['HTTP_HOST']) && isset($_SERVER['REQUEST_URI'])) { $oauth_link = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; $oauth_link = hesk_clean_utf8($oauth_link); ?>

    ' . hesk_htmlspecialchars($oauth_link) . ''); ?>

     

    >
    $error\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'oauth_providers.php'); } // Save the provider hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_providers` SET `name` = '".hesk_dbEscape($provider['name'])."', `authorization_url` = '".hesk_dbEscape($provider['authorization_url'])."', `token_url` = '".hesk_dbEscape($provider['token_url'])."', `client_id` = '".hesk_dbEscape($provider['client_id'])."', `client_secret` = '".hesk_dbEscape($provider['client_secret'])."', `scope` = '".hesk_dbEscape($provider['scope'])."', `no_val_ssl` = ".intval($provider['no_val_ssl']).", `verified` = 0 WHERE `id`={$id}"); // Redirect to OAuth provider for verification redirect_to_provider($provider, $id); /* TODO: only verify if needed? // If something changed in the DB, redirect to OAuth provider for verification if (hesk_dbAffectedRows() > 0) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_providers` SET `verified` = 0 WHERE `id`={$id}"); redirect_to_provider($provider, $id); } // No changes to the DB hesk_process_messages($hesklang['oauth_provider_saved'], 'NOREDIRECT', 'SUCCESS'); */ } // End save_provider() function edit_provider() { global $hesk_settings, $hesklang; // Get custom status ID $id = intval( hesk_GET('id') ) or hesk_error($hesklang['status_e_id']); // Get details from the database $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_providers` WHERE `id`={$id} LIMIT 1"); if ( hesk_dbNumRows($res) != 1 ) { hesk_error($hesklang['status_not_found']); } $provider = hesk_dbFetchAssoc($res); if (defined('HESK_DEMO')) { $provider['authorization_url'] = 'https://api.example.com/oauth2/authorization'; $provider['token_url'] = 'https://api.example.com/oauth2/token'; $provider['client_id'] = $hesklang['hdemo']; $provider['client_secret'] = $hesklang['hdemo']; } $_SESSION['new_provider'] = $provider; $_SESSION['edit_provider'] = true; } // End edit_provider() function remove_provider() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get ID $id = intval( hesk_GET('id') ) or hesk_error($hesklang['status_e_id']); // Provider being used? if (count(getProviderInUseArray($id))) { hesk_process_messages($hesklang['email_oauth_provider_cannot_be_deleted'], './oauth_providers.php'); return; } // Delete the provider hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_tokens` WHERE `provider_id`={$id}"); hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_providers` WHERE `id`={$id}"); // Were we successful? if ( hesk_dbAffectedRows() == 1 ) { // Show success message hesk_process_messages($hesklang['oauth_provider_deleted'],'./oauth_providers.php','SUCCESS'); } else { hesk_process_messages($hesklang['status_not_found'],'./oauth_providers.php'); } } // End remove_provider() function provider_validate() { global $hesk_settings, $hesklang; global $hesk_error_buffer; $hesk_error_buffer = array(); $provider = array(); $errors = array(); // Get name $provider['name'] = hesk_input(hesk_POST('name')); if (strlen($provider['name']) < 1) { $errors[] = 'name'; $hesk_error_buffer[] = $hesklang['oauth_provider_err_name']; } // Auth URL $provider['authorization_url'] = hesk_validateURL(hesk_POST('authorization_url')); if (strlen($provider['authorization_url']) < 1) { $errors[] = 'authorization_url'; $hesk_error_buffer[] = $hesklang['oauth_provider_err_auth_url']; } // Token URL $provider['token_url'] = hesk_validateURL(hesk_POST('token_url')); if (strlen($provider['token_url']) < 1) { $errors[] = 'token_url'; $hesk_error_buffer[] = $hesklang['oauth_provider_err_token_url']; } // Client ID $provider['client_id'] = hesk_input(hesk_POST('client_id'), 0, 0, HESK_SLASH); if (strlen($provider['client_id']) < 1) { $errors[] = 'client_id'; $hesk_error_buffer[] = $hesklang['oauth_provider_err_client_id']; } // Client Secret $provider['client_secret'] = hesk_input(hesk_POST('client_secret'), 0, 0, HESK_SLASH); if (strlen($provider['client_secret']) < 1) { $errors[] = 'client_secret'; $hesk_error_buffer[] = $hesklang['oauth_provider_err_client_secret']; } // Scope $provider['scope'] = hesk_input(hesk_POST('scope'), 0, 0, HESK_SLASH); if (strlen($provider['scope']) < 1) { $errors[] = 'scope'; $hesk_error_buffer[] = $hesklang['oauth_provider_err_scope']; } // Skip SSL certificate verification? $provider['no_val_ssl'] = (hesk_POST('no_val_ssl', 0) == 1) ? 1 : 0; // Any errors? if (count($hesk_error_buffer)) { foreach ($provider as $k => $v) { $provider[$k] = stripslashes($v); } $_SESSION['new_provider'] = $provider; $_SESSION['new_provider']['errors'] = $errors; return false; } return $provider; } // END provider_validate() function new_provider() { global $hesk_settings, $hesklang; global $hesk_error_buffer; // A security check # hesk_token_check('POST'); // Validate inputs if (($provider = provider_validate()) == false) { $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'oauth_providers.php'); } // Insert provider into database hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_providers` (`name`, `authorization_url`, `token_url`, `client_id`, `client_secret`, `scope`, `no_val_ssl`, `verified`) VALUES ('".hesk_dbEscape($provider['name'])."', '".hesk_dbEscape($provider['authorization_url'])."', '".hesk_dbEscape($provider['token_url'])."', '".hesk_dbEscape($provider['client_id'])."', '".hesk_dbEscape($provider['client_secret'])."', '".hesk_dbEscape($provider['scope'])."', ".intval($provider['no_val_ssl']).", 0)"); $inserted_id = hesk_dbInsertID(); $_SESSION['providerord'] = $inserted_id; //-- Send user to OAuth provider redirect_to_provider($provider, $inserted_id); } // End new_provider() function redirect_to_provider($provider, $id) { $redirect_url = hesk_get_oauth_redirect_url(); $return_location = $provider['authorization_url'] . "?client_id={$provider['client_id']}" . "&response_type=code" . "&redirect_uri={$redirect_url}" . "&response_mode=query" . "&access_type=offline" . "&scope={$provider['scope']}" . "&state=provider{$id}"; header('Location: '.$return_location); exit(); } function verify_provider() { global $hesk_settings, $hesklang; // Get ID $id = intval( hesk_GET('id') ) or hesk_error($hesklang['status_e_id']); $rs = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."oauth_providers` WHERE `id`=".$id); if (hesk_dbNumRows($rs) === 0) { hesk_process_messages($hesklang['oauth_provider_not_found'], './oauth_providers.php'); } $row = hesk_dbFetchAssoc($rs); redirect_to_provider($row, $row['id']); } function getProviderInUseArray($id) { global $hesk_settings, $hesklang; $in_use = array(); if ($hesk_settings['smtp'] && $hesk_settings['smtp_conn_type'] == 'oauth' && $hesk_settings['smtp_oauth_provider'] == $id) { $in_use[] = $hesklang['email_sending']; } if ($hesk_settings['imap'] && $hesk_settings['imap_conn_type'] == 'oauth' && $hesk_settings['imap_oauth_provider'] == $id) { $in_use[] = $hesklang['imap']; } if ($hesk_settings['pop3'] && $hesk_settings['pop3_conn_type'] == 'oauth' && $hesk_settings['pop3_oauth_provider'] == $id) { $in_use[] = $hesklang['pop3']; } return $in_use; } PK~3Yq3lMlMmanage_categories.phpnu[ array('id' => 3, 'value' => 'low', 'text' => $hesklang['low'], 'formatted' => $hesklang['low']), 2 => array('id' => 2, 'value' => 'medium', 'text' => $hesklang['medium'], 'formatted' => $hesklang['medium']), 1 => array('id' => 1, 'value' => 'high', 'text' => $hesklang['high'], 'formatted' => $hesklang['high']), 0 => array('id' => 0, 'value' => 'critical', 'text' => $hesklang['critical'], 'formatted' => $hesklang['critical']), ); /* What should we do? */ if ( $action = hesk_REQUEST('a') ) { if ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'manage_categories.php', 'NOTICE');} elseif ($action == 'remove') {remove();} elseif ($action == 'order') {order_cat();} elseif ($action == 'type') {toggle_type();} elseif ($action == 'priority') {change_priority();} elseif ($action == 'due-date') {change_default_due_date();} } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print main manage users page */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* This will handle error, success and notice messages */ if (!hesk_SESSION('error')) { hesk_handle_messages(); } ?>

    $mycat) { $j++; $table_row = ''; if (isset($_SESSION['selcat2']) && $mycat['id'] == $_SESSION['selcat2']) { $table_row = 'class="ticket-new"'; unset($_SESSION['selcat2']); } else { $color = $i ? 'admin_white' : 'admin_gray'; } $tmp = $i ? 'White' : 'Blue'; $style = 'class="option'.$tmp.'OFF" onmouseover="this.className=\'option'.$tmp.'ON\'" onmouseout="this.className=\'option'.$tmp.'OFF\'"'; $i = $i ? 0 : 1; /* Number of tickets and graph width */ $all = isset($tickets_all[$mycat['id']]) ? $tickets_all[$mycat['id']] : 0; $width_all = 0; if ($tickets_total && $all) { $width_all = round(($all / $tickets_total) * 100); } $options .= ' data-category-id="" data-autoassign-enabled="" data-autoassign-config="">
    ' . $hesklang['cpri'] . ''; ?>
    (%)
    ()
    		data-action="generate-link" data-link=""> 1) { if ($j == 1) { ?> 0) { //-- $j - 2 because $j is 1-indexed and the first category can't be deleted $modal_body .= '

    '. '
    '.sprintf($hesklang['select_new_category'], $all).'
    '. ''; } $modal_id = hesk_generate_delete_modal($hesklang['confirm_deletion'], $modal_body, 'manage_categories.php?a=remove&catid='. $mycat['id'] .'&token='. hesk_token_echo(0).'&targetCategory=1'); ?>
    PK~3Yg edit_post.phpnu[heskPurify($tmpvar['message_html']); $tmpvar['message'] = convert_html_to_text($tmpvar['message_html']); $tmpvar['message'] = fix_newlines($tmpvar['message']); // Prepare plain message for storage as HTML $tmpvar['message'] = hesk_htmlspecialchars($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); } else { // `message` already contains a HTML friendly version. May as well just re-use it $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); $tmpvar['message_html'] = $tmpvar['message']; } if (count($hesk_error_buffer)) { // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use'] && isset($attachments)) { if ($use_legacy_attachments) { hesk_removeAttachments($attachments); } else { $_SESSION['edit_attachments'] = $attachments; } } $myerror = ''; hesk_error($myerror); } if ($hesk_settings['attachments']['use'] && !empty($attachments)) { if (!$use_legacy_attachments) { $attachments = hesk_migrateTempAttachments($attachments, $trackingID); } foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .','; } } hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `message`='".hesk_dbEscape($tmpvar['message'])."', `message_html`='".hesk_dbEscape($tmpvar['message_html'])."', `attachments`=CONCAT(`attachments`, '".hesk_dbEscape($myattachments)."') WHERE `id`='".intval($tmpvar['id'])."' AND `replyto`='".intval($ticket['id'])."'"); } else { $tmpvar['name'] = hesk_input( hesk_POST('name') ) or $hesk_error_buffer[]=$hesklang['enter_your_name']; if ($hesk_settings['require_email']) { $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email']; } else { $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0); // Not required, but must be valid if it is entered if ($tmpvar['email'] == '') { if (strlen(hesk_POST('email'))) { $hesk_error_buffer['email'] = $hesklang['not_valid_email']; } } } // Set Ticket Language if (($tmpvar['set_language'] = hesk_input( hesk_POST('set_language') ))) { $language_SQL = "`language`='".hesk_dbEscape($tmpvar['set_language'])."',"; } else { $language_SQL = ''; } $tmpvar['subject'] = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer[]=$hesklang['enter_ticket_subject']; $tmpvar['message'] = hesk_input( hesk_POST('message') ); $tmpvar['message_html'] = $tmpvar['message']; if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') { $hesk_error_buffer[] = $hesklang['enter_message']; } if ($hesk_settings['staff_ticket_formatting'] == 2) { // Decode the message we encoded earlier $tmpvar['message_html'] = hesk_html_entity_decode($tmpvar['message_html']); // Clean the HTML code and set the plaintext version require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); require(HESK_PATH . 'inc/html2text/html2text.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $tmpvar['message_html'] = $purifier->heskPurify($tmpvar['message_html']); $tmpvar['message'] = convert_html_to_text($tmpvar['message_html']); $tmpvar['message'] = fix_newlines($tmpvar['message']); // Prepare plain message for storage as HTML $tmpvar['message'] = hesk_htmlspecialchars($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); } else { // `message` already contains a HTML friendly version. May as well just re-use it $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); $tmpvar['message_html'] = $tmpvar['message']; } // Demo mode if ( defined('HESK_DEMO') ) { $tmpvar['email'] = 'hidden@demo.com'; } // Custom fields foreach ($hesk_settings['custom_fields'] as $k=>$v) { if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category'])) { if ($v['type'] == 'checkbox') { $tmpvar[$k]=''; if (isset($_POST[$k]) && is_array($_POST[$k])) { foreach ($_POST[$k] as $myCB) { $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '
    ';; } $tmpvar[$k]=substr($tmpvar[$k],0,-6); } else { if ($v['req'] == 2) { $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name']; } $_POST[$k] = ''; } } elseif ($v['type'] == 'date') { $tmpvar[$k] = hesk_POST($k); $_SESSION["as_$k"] = ''; if ($date = hesk_datepicker_get_date($tmpvar[$k], false, 'UTC')) { $_SESSION["as_$k"] = $tmpvar[$k]; $date->setTime(0, 0); $dmin = strlen($v['value']['dmin']) ? new DateTime($v['value']['dmin'] . ' t00:00:00 UTC') : false; $dmax = strlen($v['value']['dmax']) ? new DateTime($v['value']['dmax'] . ' t00:00:00 UTC') : false; if ($dmin && $dmin->format('Y-m-d') > $date->format('Y-m-d')) { $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_translate_date_string($dmin->format($hesk_settings['format_datepicker_php']))); } elseif ($dmax && $dmax->format('Y-m-d') < $date->format('Y-m-d')) { $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_translate_date_string($dmax->format($hesk_settings['format_datepicker_php']))); } else { $tmpvar[$k] = $date->getTimestamp(); } } else { $tmpvar[$k] = ''; if ($v['req'] == 2) { $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name']; } } } elseif ($v['type'] == 'email') { $tmp = $hesk_settings['multi_eml']; $hesk_settings['multi_eml'] = $v['value']['multiple']; $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0); $hesk_settings['multi_eml'] = $tmp; if ($tmpvar[$k] != '') { $_SESSION["as_$k"] = hesk_input($tmpvar[$k]); } else { $_SESSION["as_$k"] = ''; if ($v['req'] == 2) { $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']); } } } elseif ($v['req'] == 2) { $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) ))); if ($tmpvar[$k] == '') { $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name']; } } else { $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k)))); } } else { $tmpvar[$k] = ''; } } if (count($hesk_error_buffer)) { // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use'] && isset($attachments)) { if ($use_legacy_attachments) { hesk_removeAttachments($attachments); } else { $_SESSION['edit_attachments'] = $attachments; } } $myerror = ''; hesk_error($myerror); } if ($hesk_settings['attachments']['use'] && !empty($attachments)) { if (!$use_legacy_attachments) { $attachments = hesk_migrateTempAttachments($attachments, $trackingID); } foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .','; } } $custom_SQL = ''; for ($i=1; $i<=50; $i++) { $custom_SQL .= '`custom'.$i.'`=' . (isset($tmpvar['custom'.$i]) ? "'".hesk_dbEscape($tmpvar['custom'.$i])."'" : "''") . ','; } $custom_SQL = rtrim($custom_SQL, ','); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `name`='".hesk_dbEscape( hesk_mb_substr($tmpvar['name'], 0, 255) )."', `email`='".hesk_dbEscape( hesk_mb_substr($tmpvar['email'], 0, 1000) )."', `subject`='".hesk_dbEscape( hesk_mb_substr($tmpvar['subject'], 0, 255) )."', `message`='".hesk_dbEscape($tmpvar['message'])."', `message_html`='".hesk_dbEscape($tmpvar['message_html'])."', `attachments`=CONCAT(`attachments`, '".hesk_dbEscape($myattachments)."'), $language_SQL $custom_SQL WHERE `id`='".intval($ticket['id'])."'"); } unset($tmpvar); hesk_cleanSessionVars('tmpvar'); hesk_process_messages($hesklang['edt2'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } $ticket['message'] = hesk_msgToPlain($ticket['message'],0,0); /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); ?>

    $v) { if ($v['use'] && $v['place']==0 && hesk_is_custom_field_in_category($k, $ticket['category']) ) { $k_value = $ticket[$k]; if ($v['type'] == 'checkbox') { $k_value = explode('
    ',$k_value); } $v['req'] = $v['req']==2 ? '*' : ''; switch ($v['type']) { /* Radio box */ case 'radio': echo '
    '; $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; $index = 0; foreach ($v['value']['radio_options'] as $option) { if (strlen($k_value) == 0) { $k_value = $option; $checked = empty($v['value']['no_default']) ? 'checked' : ''; } elseif ($k_value == $option) { $k_value = $option; $checked = 'checked'; } else { $checked = ''; } echo '
    '; $index++; } echo '
    '; break; /* Select drop-down box */ case 'select': $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; echo '
    '; break; /* Checkbox */ case 'checkbox': echo '
    '; $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; $index = 0; foreach ($v['value']['checkbox_options'] as $option) { if (in_array($option,$k_value)) { $checked = 'checked'; } else { $checked = ''; } echo '
    '; $index++; } echo '
    '; break; /* Large text box */ case 'textarea': $cls = in_array($k,$_SESSION['iserror']) ? ' isError" ' : ''; $k_value = hesk_msgToPlain($k_value,0,0); echo '
    '; break; // Date case 'date': $cls = in_array($k,$_SESSION['iserror']) ? 'isErrorStr' : ''; $datepicker_date = ''; if ($k_value != '') { $date = new DateTime('@' . $k_value); $datepicker_date = hesk_datepicker_format_date($date->getTimestamp(), 'UTC'); $hesk_settings['datepicker']['#'.$k]['timestamp'] = $date->getTimestamp(); $hesk_settings['datepicker']['#'.$k]['fromDB'] = true; } echo '
    '. $datepicker_date .'
    '; break; // Email case 'email': $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 1'.($v['value']['multiple'] ? ',1' : '').')"' : ''; echo '
    '; break; // Hidden // Handle as text fields for staff /* Default text input */ default: $k_value = hesk_msgToPlain($k_value,0,0); $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; echo '
    '; } } } ?>
    $v) { if ($v['use'] && $v['place'] && hesk_is_custom_field_in_category($k, $ticket['category']) ) { $k_value = $ticket[$k]; if ($v['type'] == 'checkbox') { $k_value = explode('
    ',$k_value); } $v['req'] = $v['req']==2 ? '*' : ''; switch ($v['type']) { /* Radio box */ case 'radio': echo '
    '; $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; $index = 0; foreach ($v['value']['radio_options'] as $option) { if (strlen($k_value) == 0) { $k_value = $option; $checked = empty($v['value']['no_default']) ? 'checked' : ''; } elseif ($k_value == $option) { $k_value = $option; $checked = 'checked'; } else { $checked = ''; } echo '
    '; $index++; } echo '
    '; break; /* Select drop-down box */ case 'select': $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; echo '
    '; break; /* Checkbox */ case 'checkbox': echo '
    '; $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; $index = 0; foreach ($v['value']['checkbox_options'] as $option) { if (in_array($option,$k_value)) { $checked = 'checked'; } else { $checked = ''; } echo '
    '; $index++; } echo '
    '; break; /* Large text box */ case 'textarea': $cls = in_array($k,$_SESSION['iserror']) ? ' isError" ' : ''; $k_value = hesk_msgToPlain($k_value,0,0); echo '
    '; break; // Date case 'date': $cls = in_array($k,$_SESSION['iserror']) ? 'isErrorStr' : ''; $datepicker_date = ''; if ($k_value != '') { $date = new DateTime('@' . $k_value); $datepicker_date = hesk_datepicker_format_date($date->getTimestamp(), 'UTC'); $hesk_settings['datepicker']['#'.$k]['timestamp'] = $date->getTimestamp(); $hesk_settings['datepicker']['#'.$k]['fromDB'] = true; } echo '
    '. $datepicker_date .'
    '; break; // Email case 'email': $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 1'.($v['value']['multiple'] ? ',1' : '').')"' : ''; echo '
    '; break; // Hidden // Handle as text fields for staff /* Default text input */ default: $k_value = hesk_msgToPlain($k_value,0,0); $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; echo '
    '; } } } } // End if not a reply // attachments if ($hesk_settings['attachments']['use'] && $number_of_attachments < $hesk_settings['attachments']['max_number']) { require_once(HESK_PATH . 'inc/attachments.inc.php'); echo '
    '; echo ''; build_dropzone_markup(true, 'filedrop', $number_of_attachments + 1); display_dropzone_field(HESK_PATH . 'upload_attachment.php', true, 'filedrop', $hesk_settings['attachments']['max_number'] - $number_of_attachments); dropzone_display_existing_files(hesk_SESSION_array('edit_attachments')); echo '
    '; } ?>

     

    heskPurify($message_html); $message = convert_html_to_text($message_html); $message = fix_newlines($message); // Prepare plain message for storage as HTML $message = hesk_htmlspecialchars($message); // nl2br done after adding signature } elseif ($hesk_settings['staff_ticket_formatting'] == 0) { $message_html = hesk_makeURL($message_html); $message_html = nl2br($message_html); } // Save message for later and ignore the rest? if ( isset($_POST['save_reply']) ) { // Delete any existing drafts from this owner for this ticket hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])); // Save the message draft hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` (`owner`, `ticket`, `message`, `message_html`) VALUES (".intval($_SESSION['id']).", ".intval($ticket['id']).", '".hesk_dbEscape($message)."', '".hesk_dbEscape($message_html)."')"); /* Set reply submitted message */ $_SESSION['HESK_SUCCESS'] = TRUE; $_SESSION['HESK_MESSAGE'] = $hesklang['reply_saved']; /* What to do after reply? */ if ($_SESSION['afterreply'] == 1) { header('Location: admin_main.php'); } elseif ($_SESSION['afterreply'] == 2) { /* Get the next open ticket that needs a reply */ $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('0','".intval($_SESSION['id'])."') AND " . hesk_myCategories() . " AND `status` IN ('0','1') AND `id` != ".intval($ticket['id']). " ORDER BY `owner` DESC, `priority` ASC LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $row = hesk_dbFetchAssoc($res); $_SESSION['HESK_MESSAGE'] .= '

    '.$hesklang['rssn']; header('Location: admin_ticket.php?track='.$row['trackid'].'&Refresh='.rand(10000,99999)); } else { header('Location: admin_main.php'); } } else { header('Location: admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999)); } exit(); } // Attach signature to the message? if ( ! $submit_as_customer && ! empty($_POST['signature']) && strlen($_SESSION['signature'])) { $message .= "\n\n" . addslashes($_SESSION['signature']) . "\n"; // Make signature links clickable $signature = hesk_makeURL($_SESSION['signature']); // Turn newlines into
    tags $signature = nl2br($signature); $message_html .= "

    " . addslashes($signature) . "
    "; } // Make links clickable $message = hesk_makeURL($message); // Turn newlines into
    tags $message = nl2br($message); } else { $hesk_error_buffer[] = $hesklang['enter_message']; } /* Attachments */ $use_legacy_attachments = hesk_POST('use-legacy-attachments', 0); if ($hesk_settings['attachments']['use']) { require(HESK_PATH . 'inc/attachments.inc.php'); $attachments = array(); if ($use_legacy_attachments) { for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) { $att = hesk_uploadFile($i); if ($att !== false && !empty($att)) { $attachments[$i] = $att; } } } else { // The user used the new drag-and-drop system. $temp_attachment_names = hesk_POST_array('attachments'); foreach ($temp_attachment_names as $temp_attachment_name) { $temp_attachment = hesk_getTemporaryAttachment($temp_attachment_name); if ($temp_attachment !== null) { $attachments[] = $temp_attachment; } } } } $myattachments=''; /* Time spent working on ticket */ $time_worked = hesk_getTime(hesk_POST('time_worked')); /* Any errors? */ if (count($hesk_error_buffer)!=0) { $_SESSION['ticket_message'] = hesk_POST('message'); $_SESSION['time_worked'] = $time_worked; // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use']) { if ($use_legacy_attachments) { hesk_removeAttachments($attachments); } else { $_SESSION['ar_attachments'] = $attachments; } } $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'].'

    '; hesk_process_messages($hesk_error_buffer,'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999)); } if ($hesk_settings['attachments']['use'] && !empty($attachments)) { // Delete temp attachment records and set the new filename if (!$use_legacy_attachments) { $attachments = hesk_migrateTempAttachments($attachments, $trackingID); } foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .','; } } // Add reply if ($submit_as_customer) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`message_html`,`dt`,`attachments`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($ticket['name']))."','".hesk_dbEscape($message."

    {$hesklang['creb']} ".addslashes($_SESSION['name'])."")."','".hesk_dbEscape($message_html."

    {$hesklang['creb']} ".addslashes($_SESSION['name'])."")."',NOW(),'".hesk_dbEscape($myattachments)."')"); } else { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`message_html`,`dt`,`attachments`,`staffid`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($_SESSION['name']))."','".hesk_dbEscape($message)."','".hesk_dbEscape($message_html)."',NOW(),'".hesk_dbEscape($myattachments)."','".intval($_SESSION['id'])."')"); } /* Track ticket status changes for history */ $revision = ''; /* Change the status of priority? */ if ( ! empty($_POST['set_priority']) ) { $priority = intval( hesk_POST('priority') ); if ($priority < 0 || $priority > 3) { hesk_error($hesklang['select_priority']); } $options = array( 0 => $hesklang['critical'], 1 => $hesklang['high'], 2 => $hesklang['medium'], 3 => $hesklang['low'] ); $revision = sprintf($hesklang['thist8'],hesk_date(),$options[$priority],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); $priority_sql = ",`priority`='$priority', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') "; } else { $priority_sql = ""; } // Get new ticket status $sql_status = ''; // -> If locked, keep it resolved if ($ticket['locked']) { $new_status = 3; } // -> Submit as Customer reply elseif ($submit_as_customer) { $new_status = 1; if ($ticket['status'] != $new_status) { $revision = sprintf($hesklang['thist9'],hesk_date(),$hesklang['wait_reply'],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); $sql_status = " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') "; } } // -> Submitted with a status change? else { $submit_as_status = false; foreach ($hesk_settings['statuses'] as $id => $data) { if ( ! isset($_POST['submit_as-' . $id])) { continue; } // "Resolved" status needs special care if ($id == 3) { // Permission to resolve? if ( ! hesk_checkPermission('can_resolve', 0)) { break; } // Update "Closed at" $sql_status .= " , `closedat`=NOW(), `closedby`=".intval($_SESSION['id'])." "; // Lock the ticket if customers are not allowed to reopen tickets if ($hesk_settings['custopen'] != 1) { $sql_status .= " , `locked`='1' "; } } // Set the new status and log revision if modified $new_status = $id; if ($ticket['status'] != $new_status && $new_status != 2) { $revision = sprintf($hesklang['thist9'],hesk_date(),addslashes($data['name']),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); $sql_status .= " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') "; } $submit_as_status = true; break; } // Default: submit as "Replied by staff" if ( ! $submit_as_status) { $new_status = 2; } } $sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$new_status}',"; $sql.= $submit_as_customer ? "`lastreplier`='0', `replierid`='0' " : "`lastreplier`='1', `replierid`='".intval($_SESSION['id'])."' "; /* Update time_worked or force update lastchange */ if ($time_worked == '00:00:00') { $sql .= ", `lastchange` = NOW() "; } else { $parts = explode(':', $ticket['time_worked']); $seconds = ($parts[0] * 3600) + ($parts[1] * 60) + $parts[2]; $parts = explode(':', $time_worked); $seconds += ($parts[0] * 3600) + ($parts[1] * 60) + $parts[2]; require(HESK_PATH . 'inc/reporting_functions.inc.php'); $ticket['time_worked'] = hesk_SecondsToHHMMSS($seconds); $sql .= ",`time_worked` = ADDTIME(`time_worked`,'" . hesk_dbEscape($time_worked) . "') "; } if ( ! empty($_POST['assign_self']) && hesk_checkPermission('can_assign_self',0)) { $revision = sprintf($hesklang['thist2'],hesk_date(),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); $sql .= " , `owner`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') "; } // If ticket is re-opened, clear "closed at" and "closed by" if ($ticket['status'] == 3 && $new_status != 3) { $sql .= ' , `closedat`=NULL, `closedby`=NULL '; } $sql .= " $priority_sql "; $sql .= " $sql_status "; // Is this the first staff reply? Log it for reporting if ( ! $ticket['firstreplyby'] ) { $sql .= " , `firstreply`=NOW(), `firstreplyby`=".intval($_SESSION['id'])." "; } // Keep track of replies to this ticket for easier reporting $sql .= " , `replies`=`replies`+1 "; $sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 "; // End and execute the query $sql .= " WHERE `id`='{$replyto}'"; hesk_dbQuery($sql); unset($sql); /* Update number of replies in the users table */ hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `replies`=`replies`+1 WHERE `id`='".intval($_SESSION['id'])."'"); // --> Prepare reply message // 1. Generate the array with ticket info that can be used in emails $info = array( 'email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $new_status, 'name' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => stripslashes($message), 'attachments' => $myattachments, 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'due_date' => hesk_format_due_date($ticket['due_date']), 'id' => $ticket['id'], 'language' => $ticket['language'], 'time_worked' => $ticket['time_worked'], 'last_reply_by' => ($submit_as_customer ? $ticket['name'] : $_SESSION['name']), ); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Add HTML message to the array if (isset($message_html)) { $info['message_html'] = stripslashes($message_html); } else { $info['message_html'] = $info['message']; } // 4. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); // Notify the assigned staff? if ($submit_as_customer) { if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id']) { hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my'); } } // Notify customer? elseif ( ! isset($_POST['no_notify']) || intval( hesk_POST('no_notify') ) != 1) { hesk_notifyCustomer('new_reply_by_staff'); } // Delete any existing drafts from this owner for this ticket hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])); /* Set reply submitted message */ $_SESSION['HESK_SUCCESS'] = TRUE; $_SESSION['HESK_MESSAGE'] = $hesklang['reply_submitted']; /* What to do after reply? */ if ($_SESSION['afterreply'] == 1) { header('Location: admin_main.php'); } elseif ($_SESSION['afterreply'] == 2) { /* Get the next open ticket that needs a reply */ $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('0','".intval($_SESSION['id'])."') AND " . hesk_myCategories() . " AND `status` IN ('0','1') ORDER BY `owner` DESC, `priority` ASC LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $row = hesk_dbFetchAssoc($res); $_SESSION['HESK_MESSAGE'] .= '

    '.$hesklang['rssn']; header('Location: admin_ticket.php?track='.$row['trackid'].'&Refresh='.rand(10000,99999)); } else { header('Location: admin_main.php'); } } else { header('Location: admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999)); } exit(); ?> PK~3Y/:_yresend_notification.phpnu[ 0) { $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `id`={$reply_id} AND `replyto`=".intval($ticket['id'])." LIMIT 1"); if (hesk_dbNumRows($res) != 1) { hesk_error($hesklang['ernf']); } $reply = hesk_dbFetchAssoc($result); $ticket['message'] = $reply['message']; $ticket['message_html'] = $reply['message_html']; $ticket['attachments'] = $reply['attachments']; } /* --> Prepare message */ // 1. Generate the array with ticket info that can be used in emails $info = array( 'email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'message_html' => $ticket['message_html'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'due_date' => hesk_format_due_date($ticket['due_date']), 'id' => $ticket['id'], 'time_worked' => $ticket['time_worked'], 'last_reply_by' => hesk_getReplierName($ticket), ); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); // Notification of a reply if ($reply_id > 0) { // Reply by staff, send notification to customer if ($reply['staffid']) { hesk_notifyCustomer('new_reply_by_staff'); } // Reply by customer, notify assigned staff? elseif ($ticket['owner']) { hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my'); } // Reply by customer, notify staff else { hesk_notifyStaff('new_reply_by_customer',"`notify_reply_unassigned`='1'"); } hesk_process_messages($hesklang['rns'],'admin_ticket.php?track='.$trackingID.'&Refresh='.rand(10000,99999),'SUCCESS'); } // Notification of the original ticket if ($opened_by) { hesk_notifyCustomer('new_ticket_by_staff'); } else { hesk_notifyCustomer(); } // Notify staff? if ($ticket['owner']) { hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you'); } else { hesk_notifyStaff('new_ticket_staff', "`notify_new_unassigned`='1'"); } hesk_process_messages($hesklang['tns'],'admin_ticket.php?track='.$trackingID.'&Refresh='.rand(10000,99999),'SUCCESS'); PK~3Y8''admin_settings_ticket_list.phpnu[install folder from your server for security reasons then refresh this page!');} // Get all the required files and functions require(HESK_PATH . 'hesk_settings.inc.php'); // Save the default language for the settings page before choosing user's preferred one $hesk_settings['language_default'] = $hesk_settings['language']; require(HESK_PATH . 'inc/common.inc.php'); $hesk_settings['language'] = $hesk_settings['language_default']; require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/setup_functions.inc.php'); hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); // Check permissions for this feature hesk_checkPermission('can_man_settings'); // Load custom fields require_once(HESK_PATH . 'inc/custom_fields.inc.php'); $help_folder = '../language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/help_files/'; $enable_save_settings = 0; $enable_use_attachments = 0; // Print header require_once(HESK_PATH . 'inc/header.inc.php'); // Print main manage users page require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); // Demo mode? Hide values of sensitive settings if ( defined('HESK_DEMO') ) { require_once(HESK_PATH . 'inc/admin_settings_demo.inc.php'); } /* This will handle error, success and notice messages */ hesk_handle_messages(); ?>

    $title): ?>
    >

    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
  • ' . $hesklang['inbox'] . '
    • '; $hesk_settings['mailtmp']['outbox'] = '
  • ' . $hesklang['outbox'] . '
    • '; $hesk_settings['mailtmp']['new'] = ' '.$hesklang['m_new'].' '; /* Get action */ if ( $action = hesk_REQUEST('a') ) { if ( defined('HESK_DEMO') && $action != 'new' && $action != 'read' ) { hesk_process_messages($hesklang['ddemo'], 'mail.php', 'NOTICE'); } } /* Sub-page specific settings */ if (isset($_GET['folder']) && hesk_GET('folder') == 'outbox') { $hesk_settings['mailtmp']['this'] = 'from'; $hesk_settings['mailtmp']['other'] = 'to'; $hesk_settings['mailtmp']['m_from'] = $hesklang['m_to']; $hesk_settings['mailtmp']['outbox'] = '
  • ' . $hesklang['outbox'] . '
    • '; $hesk_settings['mailtmp']['folder'] = 'outbox'; } elseif ($action == 'new') { $hesk_settings['mailtmp']['new'] = ' '.$hesklang['m_new'].' '; $_SESSION['hide']['list'] = 1; /* Do we have a recipient selected? */ if (!isset($_SESSION['mail']['to']) && isset($_GET['id'])) { $_SESSION['mail']['to'] = intval( hesk_GET('id') ); } } else { $hesk_settings['mailtmp']['this'] = 'to'; $hesk_settings['mailtmp']['other'] = 'from'; $hesk_settings['mailtmp']['m_from'] = $hesklang['m_from']; if ($action != 'read') { $hesk_settings['mailtmp']['inbox'] = '
  • ' . $hesklang['inbox'] . '
    • '; $hesk_settings['mailtmp']['folder'] = ''; } } /* What should we do? */ switch ($action) { case 'send': mail_send(); break; case 'mark_read': mail_mark_read(); break; case 'mark_unread': mail_mark_unread(); break; case 'delete': mail_delete(); break; } if ($action == 'read') { show_message(false); } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print main manage users page */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* This will handle error, success and notice messages */ hesk_handle_messages(); ?>

    ' . $hesklang['m_rec'] . ''; } elseif ($_SESSION['mail']['to'] == $_SESSION['id']) { $hesk_error_buffer .= '
  • ' . $hesklang['m_inr'] . '
    • '; } else { $res = hesk_dbQuery("SELECT `name`,`email`,`notify_pm` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($_SESSION['mail']['to'])."' LIMIT 1"); $num = hesk_dbNumRows($res); if (!$num) { $hesk_error_buffer .= '
  • ' . $hesklang['m_inr'] . '
    • '; } else { $pm_recipient = hesk_dbFetchAssoc($res); } } /* Subject */ $_SESSION['mail']['subject'] = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer .= '
  • ' . $hesklang['m_esu'] . '
    • '; /* Message */ $_SESSION['mail']['message'] = hesk_input( hesk_POST('message') ) or $hesk_error_buffer .= '
  • ' . $hesklang['enter_message'] . '
    • '; // Attach signature to the message? if ( ! empty($_POST['signature'])) { $_SESSION['mail']['message'] .= "\n\n" . addslashes($_SESSION['signature']) . "\n"; } /* Any errors? */ if (strlen($hesk_error_buffer)) { $_SESSION['hide']['list'] = 1; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'NOREDIRECT'); } else { $_SESSION['mail']['message'] = hesk_makeURL($_SESSION['mail']['message']); $_SESSION['mail']['message'] = nl2br($_SESSION['mail']['message']); hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` (`from`,`to`,`subject`,`message`,`dt`,`read`) VALUES ('".intval($_SESSION['id'])."','".intval($_SESSION['mail']['to'])."','".hesk_dbEscape($_SESSION['mail']['subject'])."','".hesk_dbEscape($_SESSION['mail']['message'])."',NOW(),'0')"); /* Notify receiver via e-mail? */ if (isset($pm_recipient) && $pm_recipient['notify_pm']) { $pm_id = hesk_dbInsertID(); $pm = array( 'name' => hesk_msgToPlain( addslashes($_SESSION['name']) ,1,1), 'subject' => hesk_msgToPlain($_SESSION['mail']['subject'],1,1), 'message' => hesk_msgToPlain($_SESSION['mail']['message'],1,1), 'message_html' => $_SESSION['mail']['message'], 'id' => $pm_id, ); /* Format email subject and message for recipient */ $subject = hesk_getEmailSubject('new_pm',$pm,0); list($message, $html_message) = hesk_getEmailMessage('new_pm',$pm,1,0); /* Send e-mail */ hesk_mail($pm_recipient['email'], $subject, $message, $html_message); } unset($_SESSION['mail']); hesk_process_messages($hesklang['m_pms'],'./mail.php','SUCCESS'); } } // END mail_send() function show_message($actually_show = true) { global $hesk_settings, $hesklang, $admins; $id = intval( hesk_GET('id') ); /* Get the message details */ $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `id`='".intval($id)."' AND `deletedby`!='".intval($_SESSION['id'])."' LIMIT 1"); $num = hesk_dbNumRows($res); if ($num) { $pm = hesk_dbFetchAssoc($res); /* Allowed to read the message? */ if ($pm['to'] == $_SESSION['id']) { if (!isset($_SESSION['mail']['subject'])) { $_SESSION['mail']['subject'] = $hesklang['m_re'] . ' ' . $pm['subject']; } if (!isset($_SESSION['mail']['to'])) { $_SESSION['mail']['to'] = $pm['from']; } } elseif ($pm['from'] == $_SESSION['id']) { if (!isset($_SESSION['mail']['subject'])) { $_SESSION['mail']['subject'] = $hesklang['m_fwd'] . ' ' . $pm['subject']; } if (!isset($_SESSION['mail']['to'])) { $_SESSION['mail']['to'] = $pm['to']; } $hesk_settings['mailtmp']['this'] = 'from'; $hesk_settings['mailtmp']['other'] = 'to'; $hesk_settings['mailtmp']['m_from'] = $hesklang['m_to']; $hesk_settings['mailtmp']['outbox'] = ''.$hesklang['outbox'].''; $hesk_settings['mailtmp']['inbox'] = '
  • '.$hesklang['inbox'].'
    • '; $hesk_settings['mailtmp']['outbox'] = '
  • '.$hesklang['outbox'].'
    • '; } else { hesk_process_message($hesklang['m_ena'],'mail.php'); } /* Mark as read */ if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read']) { $res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` SET `read`='1' WHERE `id`='".intval($id)."'"); } $pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? ''.$admins[$pm[$hesk_settings['mailtmp']['other']]].'' : (($pm['from'] == 9999) ? 'HESK.com' : $hesklang['e_udel']); $pm['dt'] = hesk_date($pm['dt'], true, true, true, $hesk_settings['format_timestamp']); if ($actually_show) { ?>

    ' . $hesklang['mau'] . ' '; $folder = ''; } echo ''; ?>
    1) ? $tmp : 1; /* List of private messages */ $res = hesk_dbQuery("SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `".hesk_dbEscape($hesk_settings['mailtmp']['this'])."`='".intval($_SESSION['id'])."' AND `deletedby`!='".intval($_SESSION['id'])."'"); $total = hesk_dbResult($res,0,0); if ($total > 0) { $pages = ceil($total/$maxresults) or $pages = 1; if ($page > $pages) { $page = $pages; } $limit_down = ($page * $maxresults) - $maxresults; // Get messages from the database $res = hesk_dbQuery("SELECT `id`, `from`, `to`, `subject`, `dt`, `read` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `".hesk_dbEscape($hesk_settings['mailtmp']['this'])."`='".intval($_SESSION['id'])."' AND `deletedby`!='".intval($_SESSION['id'])."' ORDER BY `id` DESC LIMIT ".intval($limit_down)." , ".intval($maxresults)." "); ?>
    '.$pm['subject'].''; if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read']) { $pm['subject'] = ''.$pm['subject'].''; } $pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? ''.$admins[$pm[$hesk_settings['mailtmp']['other']]].'' : (($pm['from'] == 9999) ? 'HESK.com' : $hesklang['e_udel']); $pm['dt'] = hesk_date($pm['dt'], true, true, true, $hesk_settings['format_date']); $css_class = !$pm['read'] && $pm['to'] == $_SESSION['id'] ? 'class="new"' : ''; echo << EOC; } // End while ?>
    		$pm[subject] $pm[name] $pm[dt]
    $pages) ? 0 : $page + 1; if ($pages > 1): ?>
    '; endif; // end PAGES > 1 ?>
    0 else { hesk_show_info($hesklang['npm']); } } // END mail_list_messages() function show_new_form() { global $hesk_settings, $hesklang, $admins; ?>

    >
     ()
    PK~3YA edit_note.phpnu[

     

    PK~3Y:)=rremail_templates.phpnu[
    ' . $hesklang['email_formatting_note0'], ' ', false); } elseif ($hesk_settings['email_formatting'] == 1) { hesk_show_info(sprintf($hesklang['email_formatting_note'], $hesklang['settings'], $hesklang['tab_6'], $hesklang['email_formatting'], $hesklang['email_formatting_html']) . '

    ' . $hesklang['email_formatting_note1'], ' ', false); } elseif ($hesk_settings['email_formatting'] == 2) { hesk_show_info(sprintf($hesklang['email_formatting_note'], $hesklang['settings'], $hesklang['tab_6'], $hesklang['email_formatting'], $hesklang['email_formatting_html_and_plaintext_auto']) . '

    ' . $hesklang['email_formatting_note2'], ' ', false); } ?>

    1): ?>
    >
    .txt '.$hesklang['no_exists'].''; } elseif (!is_writable($plaintext_eml_file)) { $all_writable = false; echo ''.$hesklang['not_writable'].''; } else { ?> '.$hesklang['no_exists'].''; } elseif (!is_writable($html_eml_file)) { $all_writable = false; echo ''.$hesklang['not_writable'].''; } else { ?>

    '; if ( ($type === 'html' && $hesk_settings['email_formatting'] === 0) || ($type === 'plaintext' && $hesk_settings['email_formatting'] === 1) || ($type === 'plaintext' && $hesk_settings['email_formatting'] === 2) ) { hesk_show_notice(sprintf($hesklang['etnu'], $hesklang['settings'], $hesklang['tab_6'], $hesklang['email_formatting']), ' ', false); } hesk_handle_messages(); echo '
    '; ?>
    1): ?>
    $v) { if ($v['use']) { echo ''.$v['name'].''; } } // Add survey tag? if ($email == 'survey') { ?>
    heskPurify($message); // Restore a href="tel:" type links $message = preg_replace('/"X\-HESK\-TEL\-(\d{1,2})"/', '"tel:%%CUSTOM$1%%"', $message); // Make sure any Hesk emails tags are not URL-encoded $email_tags = array( 'NAME', 'FIRST_NAME', 'SUBJECT', 'TRACK_ID', 'TRACK_URL', 'SITE_TITLE', 'SITE_URL', 'CATEGORY', 'PRIORITY', 'OWNER', 'STATUS', 'EMAIL', 'CREATED', 'UPDATED', 'DUE_DATE', 'ID', 'TIME_WORKED', 'LAST_REPLY_BY', 'FIRST_NAME', 'ESCALATED_BY_RULE', 'MESSAGE', 'SURVEY_URL', 'PASSWORD_RESET', 'VERIFICATION_CODE', ); for ($i = 1; $i <= 50; $i++) { $email_tags[] = 'CUSTOM' . $i; } $message = str_replace( array_map(function ($a) {return '%25%25' . $a . '%25%25';}, $email_tags), array_map(function ($a) {return '%%' . $a . '%%';}, $email_tags), $message ); } // Do we need to remove backslashes from the message? if ( ! HESK_SLASH) { $message = stripslashes($message); } // We won't accept an empty message if ( ! strlen($message)) { hesk_process_messages($hesklang['et_empty'],'email_templates.php?a=edit&id=' . $email . '&t=' . $type . '&edit_language='.$hesk_settings['edit_language']); } // Save to the file file_put_contents($eml_file, $message); // Show success $_SESSION['et_id'] = $email; hesk_process_messages($hesklang['et_saved'],'email_templates.php?edit_language='.$hesk_settings['edit_language'],'SUCCESS'); } // End save_et() function et_file_path($id, $type) { global $hesk_settings, $hesklang, $emails; if ( ! in_array($id, $emails)) { hesk_error($hesklang['inve']); } $folder = $type === 'plaintext' ? 'emails' : 'html_emails'; return HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['edit_language']]['folder'] . '/' . $folder . '/' . $id . '.txt'; } // END et_file_path() PK~3Y&d! index.phpnu[ 64) { $hesk_error_buffer['pass'] = $hesklang['pass_len']; } if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) { // Using reCAPTCHA? if ($hesk_settings['recaptcha_use']) { require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php'); $resp = null; $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']); // Was there a reCAPTCHA response? if ( isset($_POST["g-recaptcha-response"]) ) { $resp = $reCaptcha->verifyResponse(hesk_getClientIP(), hesk_POST("g-recaptcha-response") ); } if ($resp != null && $resp->success) { $_SESSION['img_a_verified']=true; } else { $hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error']; } } // Using PHP generated image else { $mysecnum = intval( hesk_POST('mysecnum', 0) ); if ( empty($mysecnum) ) { $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss']; } else { require(HESK_PATH . 'inc/secimg.inc.php'); $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']); if ( isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum']) ) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng']; } } } } /* Any missing fields? */ if (count($hesk_error_buffer)!=0) { $_SESSION['a_iserror'] = array_keys($hesk_error_buffer); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'].'

    '; hesk_process_messages($hesk_error_buffer,'NOREDIRECT'); print_login(); exit(); } elseif (isset($_SESSION['img_a_verified'])) { unset($_SESSION['img_a_verified']); } /* User entered all required info, now lets limit brute force attempts */ hesk_limitBfAttempts(); $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `user` = '".hesk_dbEscape($user)."' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_session_stop(); $_SESSION['a_iserror'] = array('user','pass'); hesk_process_messages($hesklang['wrong_user'],'NOREDIRECT'); print_login(); exit(); } $user_row = hesk_dbFetchAssoc($result); // Verify password if (hesk_password_verify($pass, $user_row['pass'])) { if (hesk_password_needs_rehash($user_row['pass'])) { $user_row['pass'] = hesk_password_hash($pass); hesk_dbQuery("UPDATE `".$hesk_settings['db_pfix']."users` SET `pass`='".hesk_dbEscape($user_row['pass'])."' WHERE `id`=".intval($user_row['id'])); } } elseif (hesk_Pass2Hash($pass) == $user_row['pass']) { // Legacy password, update it $user_row['pass'] = hesk_password_hash($pass); hesk_dbQuery("UPDATE `".$hesk_settings['db_pfix']."users` SET `pass`='".hesk_dbEscape($user_row['pass'])."' WHERE `id`=".intval($user_row['id'])); } else { hesk_session_stop(); $_SESSION['a_iserror'] = array('pass'); hesk_process_messages($hesklang['wrong_pass'],'NOREDIRECT'); print_login(); exit(); } // User authenticated; if MFA is disabled, complete the login $mfa_enrollment = intval($user_row['mfa_enrollment']); if (empty($mfa_enrollment)) { process_successful_login($user_row); } // Handle MFA require(HESK_PATH . 'inc/mfa_functions.inc.php'); $message = $hesklang['mfa_verification_needed'] . '

    '; $mfa_verify_option = 1; if ($mfa_enrollment === 1) { // Email $verification_code = generate_mfa_code(); hash_and_store_mfa_verification_code($user_row['id'], $verification_code); send_mfa_email($user_row['name'], $user_row['email'], $verification_code); $message .= $hesklang['mfa_verification_needed_email']; } elseif ($mfa_enrollment === 2) { // Authenticator App $message .= $hesklang['mfa_verification_needed_auth_app']; $mfa_verify_option = 2; } $user_id = $user_row['id']; $email = $user_row['email']; $name = $user_row['name']; hesk_session_stop(); hesk_session_start(); $_SESSION['HESK_USER'] = $user; $_SESSION['id'] = $user_id; $_SESSION['mfa_enrollment'] = $mfa_enrollment; $_SESSION['email'] = $email; $_SESSION['remember_user_form_val'] = hesk_POST('remember_user'); $_SESSION['mfa_verify_option'] = $mfa_verify_option; $_SESSION['name'] = $name; hesk_process_messages($message, 'NOREDIRECT', 'INFO'); print_mfa_verification(); exit(); } // End do_login() function do_mfa_verification() { global $hesk_settings, $hesklang; require(HESK_PATH . 'inc/mfa_functions.inc.php'); if (($_SESSION['mfa_verify_option'] === 1 && !is_mfa_email_code_valid($_SESSION['id'], hesk_POST('verification-code'))) || ($_SESSION['mfa_verify_option'] === 2 && !is_mfa_app_code_valid($_SESSION['id'], hesk_POST('verification-code')))) { hesk_process_messages($hesklang['mfa_invalid_verification_code'], 'NOREDIRECT'); // Invalid attempts increase the lockout limit hesk_limitBfAttempts(); $_SESSION['remember_user_form_val'] = hesk_POST('remember_user'); print_mfa_verification(); exit(); } set_session_and_process_login(); } function set_session_and_process_login() { global $hesk_settings; $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `user` = '".hesk_dbEscape($_SESSION['HESK_USER'])."' LIMIT 1"); $res = hesk_dbFetchAssoc($result); process_successful_login($res); } function do_backup_code_verification() { global $hesklang; require(HESK_PATH . 'inc/mfa_functions.inc.php'); if (!verify_mfa_backup_code($_SESSION['id'], hesk_POST('backup-code'))) { hesk_process_messages($hesklang['mfa_invalid_backup_code'], 'NOREDIRECT'); // Invalid attempts increase the lockout limit hesk_limitBfAttempts(); $_SESSION['remember_user_form_val'] = hesk_POST('remember_user'); print_mfa_verification(); exit(); } set_session_and_process_login(); } function process_successful_login($user_row) { global $hesk_settings, $hesklang; // User authenticated, let's regenerate the session ID hesk_session_regenerate_id(); // Set a tag that will be used to expire sessions after username or password change $_SESSION['session_verify'] = hesk_activeSessionCreateTag($user_row['user'], $user_row['pass']); // Set data we need for the session unset($user_row['pass']); unset($user_row['mfa_secret']); foreach ($user_row as $k => $v) { $_SESSION[$k] = $v; } // Reset repeated emails session data hesk_cleanSessionVars('mfa_emails_sent'); /* Login successful, clean brute force attempts */ hesk_cleanBfAttempts(); // Give the user some time before requiring re-authentication for sensitive pages $current_time = new DateTime(); $interval_amount = $hesk_settings['elevator_duration']; if (in_array(substr($interval_amount, -1), array('M', 'H'))) { $interval_amount = 'T'.$interval_amount; } $elevation_expiration = $current_time->add(new DateInterval("P{$interval_amount}")); $_SESSION['elevated'] = $elevation_expiration; /* Remember username? */ if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') { $selector = base64_encode(random_bytes(9)); $authenticator = random_bytes(33); hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."auth_tokens` (`selector`,`token`,`user_id`,`expires`) VALUES ('".hesk_dbEscape($selector)."','".hesk_dbEscape(hash('sha256', $authenticator))."','".intval($_SESSION['id'])."', NOW() + INTERVAL 1 YEAR)"); hesk_setcookie('hesk_username', ''); hesk_setcookie('hesk_remember', $selector.':'.base64_encode($authenticator), strtotime('+1 year')); } elseif ( hesk_POST('remember_user') == 'JUSTUSER') { hesk_setcookie('hesk_username', $user_row['user'], strtotime('+1 year')); hesk_setcookie('hesk_remember', ''); } else { // Expire cookie if set otherwise hesk_setcookie('hesk_username', ''); hesk_setcookie('hesk_remember', ''); } /* Close any old tickets here so Cron jobs aren't necessary */ if ($hesk_settings['autoclose']) { $revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']); $dt = date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400); // Notify customer of closed ticket? if ($hesk_settings['notify_closed']) { // Get list of tickets $result = hesk_dbQuery("SELECT * FROM `".$hesk_settings['db_pfix']."tickets` WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' "); if (hesk_dbNumRows($result) > 0) { global $ticket; // Load required functions? if ( ! function_exists('hesk_notifyCustomer') ) { require(HESK_PATH . 'inc/email_functions.inc.php'); } while ($ticket = hesk_dbFetchAssoc($result)) { $ticket['dt'] = hesk_date($ticket['dt'], true); $ticket['lastchange'] = hesk_date($ticket['lastchange'], true); $ticket = hesk_ticketToPlain($ticket, 1, 0); hesk_notifyCustomer('ticket_closed'); } } } // Update ticket statuses and history in database hesk_dbQuery("UPDATE `".$hesk_settings['db_pfix']."tickets` SET `status`='3', `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' "); } /* Redirect to the destination page */ header('Location: ' . hesk_verifyGoto() ); exit(); } function do_backup_email_verification() { global $hesklang; // Let's limit the "Send another email" to max 3 if (isset($_SESSION['mfa_emails_sent'])) { if ($_SESSION['mfa_emails_sent'] >= 3) { hesk_forceLogout($hesklang['bf_int']); } $_SESSION['mfa_emails_sent']++; } else { $_SESSION['mfa_emails_sent'] = 1; } require_once(HESK_PATH . 'inc/mfa_functions.inc.php'); $verification_code = generate_mfa_code(); hash_and_store_mfa_verification_code($_SESSION['id'], $verification_code); send_mfa_email($_SESSION['name'], $_SESSION['email'], $verification_code); $_SESSION['mfa_verify_option'] = 1; $_SESSION['remember_user_form_val'] = hesk_GET('remember_user'); hesk_process_messages($hesklang['mfa_verification_needed_email'], 'NOREDIRECT', 'INFO'); print_mfa_verification(); exit(); } function print_login() { global $hesk_settings, $hesklang; // Tell header to load reCaptcha API if needed if ($hesk_settings['recaptcha_use']) { define('RECAPTCHA',1); } $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['admin_login']; require_once(HESK_PATH . 'inc/header.inc.php'); if ( hesk_isREQUEST('notice') ) { hesk_process_messages($hesklang['session_expired'],'NOREDIRECT'); } if (!isset($_SESSION['a_iserror'])) { $_SESSION['a_iserror'] = array(); } $login_wrapper = true; ?>
    Hesk

    '; $res = hesk_dbQuery('SELECT `user` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `user` ASC'); while ($row=hesk_dbFetchAssoc($res)) { $sel = (hesk_mb_strtolower($savedUser) == hesk_mb_strtolower($row['user'])) ? 'selected="selected"' : ''; echo ''; } echo ''; } else { echo ''; } ?>
    >
    '.$hesklang['sec_img'].' '. ' '. '

    '; } ?>
    >
    >
    >
    />
    '; } ?>
    Hesk

    '; } ?>
     
     
    PK~3YdR module_escalate.phpnu[HESK Cloud'), ' ', false); ?>

    • ,
    • ,
    • ,
    • ,

    HESK Demo'); ?>

    <?php echo $hesklang['escalate']['tab']; ?>

    ' . $hesklang['mysql_said'] . ': ' . $mysql_log); } else { hesk_show_error($mysql_error); } } // Test POP3 connection elseif ($test_type == 'pop3') { if ( hesk_testPOP3() ) { hesk_show_success($hesklang['conok'] . '

    ' . sprintf($hesklang['tst_cnt'], $emails_found) ); if ($emails_found > 10) { hesk_show_notice( sprintf($hesklang['wrn_pop3'], $emails_found, $hesklang['pop3']), ' ', false); } } else { hesk_show_error( $pop3_error . '

    ' ); } } // Test SMTP connection elseif ($test_type == 'smtp') { if ( hesk_testSMTP() ) { // If no username/password add a notice if ($set['smtp_user'] == '' && $set['smtp_user'] == '' && $set['smtp_conn_type'] != 'oauth') { $hesklang['conok'] .= '

    ' . $hesklang['conokn']; } hesk_show_success($hesklang['conok']); } else { hesk_show_error( $smtp_error . '

    ' ); } } // Test IMAP connection elseif ($test_type == 'imap') { if ( hesk_testIMAP() ) { hesk_show_success($hesklang['conok'] . '

    ' . sprintf($hesklang['tst_cnt'], $emails_found) ); if ($emails_found > 10) { hesk_show_notice( sprintf($hesklang['wrn_imap'], $emails_found, $hesklang['imap']), ' ', false); } } else { hesk_show_error( $imap_error . '

    ' ); } } // Not a valid test... else { die($hesklang['attempt']); } exit(); ?> PK~3YGvnnnew_ticket.phpnu[$v) { if ($v['use'] && isset($_REQUEST[$k])) { hesk_new_ticket_reset_data(); } } // Customer name if (isset($_REQUEST['name'])) { $_SESSION['as_name'] = $_REQUEST['name']; } // Customer email address if (isset($_REQUEST['email'])) { $_SESSION['as_email'] = $_REQUEST['email']; $_SESSION['as_email2'] = $_REQUEST['email']; } // Category ID if (isset($_REQUEST['catid'])) { $_SESSION['as_category'] = intval($_REQUEST['catid']); } if (isset($_REQUEST['category'])) { $_SESSION['as_category'] = intval($_REQUEST['category']); } // Priority if (isset($_REQUEST['priority'])) { $_SESSION['as_priority'] = intval($_REQUEST['priority']); } // Status if (isset($_REQUEST['status'])) { $_SESSION['as_status'] = intval($_REQUEST['status']); } // Subject if (isset($_REQUEST['subject'])) { $_SESSION['as_subject'] = $_REQUEST['subject']; } // Message if (isset($_REQUEST['message'])) { $_SESSION['as_message'] = $_REQUEST['message']; } // Custom fields foreach ($hesk_settings['custom_fields'] as $k=>$v) { if ($v['use'] && isset($_REQUEST[$k]) ) { $_SESSION['as_'.$k] = $_REQUEST[$k]; } } // Due date $can_due_date = hesk_checkPermission('can_due_date',0); if ($can_due_date && isset($_REQUEST['due_date'])) { // Should be in one of valid formats // - in the datepicker format if (($dd = hesk_datepicker_get_date($_REQUEST['due_date']))) { $_SESSION['as_due_date'] = $_REQUEST['due_date']; $hesk_settings['datepicker']['#due_date']['timestamp'] = $dd->getTimestamp(); } // - in a valid datetime format: https://www.php.net/manual/en/datetime.formats.date.php else { try { $current_date = new DateTime($_REQUEST['due_date']); $hesk_settings['datepicker']['#due_date']['timestamp'] = $current_date->getTimestamp(); $_REQUEST['due_date'] = hesk_datepicker_format_date($current_date->getTimestamp()); $_SESSION['as_due_date'] = $_REQUEST['due_date']; } catch(Exception $e) { $_SESSION['HESK_2ND_NOTICE'] = true; $_SESSION['HESK_2ND_MESSAGE'] = $hesklang['epdd'] . ' ' . $e->getMessage(); } } } // Ticket language if (isset($_REQUEST['ticket_language'])) { $_SESSION['as_language'] = $_REQUEST['ticket_language']; } /* Varibles for coloring the fields in case of errors */ if (!isset($_SESSION['iserror'])) { $_SESSION['iserror'] = array(); } if (!isset($_SESSION['isnotice'])) { $_SESSION['isnotice'] = array(); } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); // Get categories $hesk_settings['categories'] = array(); if (hesk_checkPermission('can_submit_any_cat', 0)) { $res = hesk_dbQuery("SELECT `id`, `name`, `priority` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` ASC"); } else { $res = hesk_dbQuery("SELECT `id`, `name`, `priority` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE ".hesk_myCategories('id')." ORDER BY `cat_order` ASC"); } while ($row=hesk_dbFetchAssoc($res)) { $hesk_settings['categories'][$row['id']] = array('name' => $row['name'], 'priority' => $row['priority']); } $number_of_categories = count($hesk_settings['categories']); if ($number_of_categories == 0) { $category = 1; } elseif ($number_of_categories == 1) { $category = current(array_keys($hesk_settings['categories'])); } else { $category = isset($_GET['catid']) ? hesk_REQUEST('catid'): hesk_REQUEST('category'); // Force the customer to select a category? if (! isset($hesk_settings['categories'][$category]) ) { return print_select_category($number_of_categories); } } // List of users whom this ticket can be assigned to $admins = array(); $res = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC"); while ($row = hesk_dbFetchAssoc($res)) { // Is this an administrator? if ($row['isadmin']) { $admins[$row['id']]=$row['name']; continue; } // Not admin, is user allowed to view tickets? if (strpos($row['heskprivileges'], 'can_view_tickets') !== false) { // Is user allowed to access this category? $cat = substr($row['categories'], 0); $row['categories'] = explode(',', $cat); if (in_array($category, $row['categories'])) { $admins[$row['id']] = $row['name']; continue; } } } // Set the default category priority if ( ! isset($_SESSION['as_priority'])) { $_SESSION['as_priority'] = intval($hesk_settings['categories'][$category]['priority']); } // Set the default ticket status if ( ! isset($_SESSION['as_status'])) { $_SESSION['as_status'] = 0; } ?>

    *

    1): ?>
     
    >
    $v) { if ($v['use'] && $v['place']==0 && hesk_is_custom_field_in_category($k, $category) ) { $v['req'] = $v['req']==2 ? '*' : ''; if ($v['type'] == 'checkbox') { $k_value = array(); if (isset($_SESSION["as_$k"]) && is_array($_SESSION["as_$k"])) { foreach ($_SESSION["as_$k"] as $myCB) { $k_value[] = stripslashes(hesk_input($myCB)); } } } elseif (isset($_SESSION["as_$k"])) { $k_value = stripslashes(hesk_input($_SESSION["as_$k"])); } else { $k_value = ''; } switch ($v['type']) { /* Radio box */ case 'radio': $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; echo '
    '; $index = 0; foreach ($v['value']['radio_options'] as $option) { if (strlen($k_value) == 0) { $k_value = $option; $checked = empty($v['value']['no_default']) ? 'checked' : ''; } elseif ($k_value == $option) { $k_value = $option; $checked = 'checked'; } else { $checked = ''; } echo '
    '; $index++; } echo '
    '; break; /* Select drop-down box */ case 'select': $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; echo '
    '; break; /* Checkbox */ case 'checkbox': $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; echo '
    '; $index = 0; foreach ($v['value']['checkbox_options'] as $option) { if (in_array($option,$k_value)) { $checked = 'checked'; } else { $checked = ''; } echo '
    '; $index++; } echo '
    '; break; /* Large text box */ case 'textarea': $cls = in_array($k,$_SESSION['iserror']) ? ' isError" ' : ''; $k_value = hesk_msgToPlain($k_value,0,0); echo '
    '; break; // Date case 'date': $cls = in_array($k,$_SESSION['iserror']) ? 'isErrorStr' : ''; if (is_string($k_value) && ($dd = hesk_datepicker_get_date($k_value))) { $hesk_settings['datepicker']['#'.$k]['timestamp'] = $dd->getTimestamp(); } echo '
    '. $k_value .'
    '; break; // Email case 'email': $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 1'.($v['value']['multiple'] ? ',1' : '').')"' : ''; echo '
    '; break; // Hidden // Handle as text fields for staff /* Default text input */ default: if (strlen($k_value) != 0 || isset($_SESSION["as_$k"])) { $v['value']['default_value'] = $k_value; } $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; echo '
    '; } } } ?>
    $v) { if ($v['use'] && $v['place']==1 && hesk_is_custom_field_in_category($k, $category) ) { $v['req'] = $v['req']==2 ? '*' : ''; if ($v['type'] == 'checkbox') { $k_value = array(); if (isset($_SESSION["as_$k"]) && is_array($_SESSION["as_$k"])) { foreach ($_SESSION["as_$k"] as $myCB) { $k_value[] = stripslashes(hesk_input($myCB)); } } } elseif (isset($_SESSION["as_$k"])) { $k_value = stripslashes(hesk_input($_SESSION["as_$k"])); } else { $k_value = ''; } switch ($v['type']) { /* Radio box */ case 'radio': echo '
    '; $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; $index = 0; foreach ($v['value']['radio_options'] as $option) { if (strlen($k_value) == 0) { $k_value = $option; $checked = empty($v['value']['no_default']) ? 'checked' : ''; } elseif ($k_value == $option) { $k_value = $option; $checked = 'checked'; } else { $checked = ''; } echo '
    '; $index++; } echo '
    '; break; /* Select drop-down box */ case 'select': $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; echo '
    '; break; /* Checkbox */ case 'checkbox': echo '
    '; $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : ''; $index = 0; foreach ($v['value']['checkbox_options'] as $option) { if (in_array($option,$k_value)) { $checked = 'checked'; } else { $checked = ''; } echo '
    '; $index++; } echo '
    '; break; /* Large text box */ case 'textarea': $cls = in_array($k,$_SESSION['iserror']) ? ' isError" ' : ''; $k_value = hesk_msgToPlain($k_value,0,0); echo '
    '; break; // Date case 'date': $cls = in_array($k,$_SESSION['iserror']) ? 'isErrorStr' : ''; if (is_string($k_value) && ($dd = hesk_datepicker_get_date($k_value))) { $hesk_settings['datepicker']['#'.$k]['timestamp'] = $dd->getTimestamp(); } echo '
    '. $k_value .'
    '; break; // Email case 'email': $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 1'.($v['value']['multiple'] ? ',1' : '').')"' : ''; echo '
    '; break; // Hidden // Handle as text fields for staff /* Default text input */ default: if (strlen($k_value) != 0 || isset($_SESSION["as_$k"])) { $v['value']['default_value'] = $k_value; } $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : ''; echo '
    '; } } } ?>
    :
    >
    >
    getTimestamp(); } elseif ($default_due_date_info !== null && $due_date === null) { $current_date = new DateTime('today midnight'); $current_date->add(DateInterval::createFromDateString("+{$default_due_date_info['amount']} {$default_due_date_info['unit']}s")); $hesk_settings['datepicker']['#due_date']['timestamp'] = $current_date->getTimestamp(); $due_date = hesk_datepicker_format_date($current_date->getTimestamp()); } ?>

    >

     

     

     

     

     

    $hesk_settings['cat_show_select']) { ?>

    $v): ?> ">
    $v) { hesk_cleanSessionVars("as_$k"); } $hesk_settings['POPULATE_DATA_RESET'] = true; return true; } // END hesk_new_ticket_reset_data() PK~3YNNsave_ticket_draft_async.phpnu[heskPurify($message_html); $message = convert_html_to_text($message_html); $message = fix_newlines($message); // Prepare plain message for storage as HTML $message = hesk_htmlspecialchars($message); // nl2br done after adding signature } elseif ($hesk_settings['staff_ticket_formatting'] == 0) { $message_html = hesk_makeURL($message_html); $message_html = nl2br($message_html); } if ($draft_id) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` SET `message`='".hesk_dbEscape($message)."', `message_html`='".hesk_dbEscape($message_html)."' WHERE `id`=".intval($draft_id)); echo "Draft updated"; } else { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` (`owner`, `ticket`, `message`, `message_html`) VALUES (".intval($_SESSION['id']).", ".intval($ticket['id']).", '".hesk_dbEscape($message)."', '".hesk_dbEscape($message_html)."')"); echo "Draft saved"; } } elseif ($draft_id > 0) { // Delete any existing drafts from this owner for this ticket hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])); echo "Draft deleted"; } else { echo "No message"; } exit(); PK~3YEYYexport_ticket.phpnu[

    john@example.com, @example.com
    254) { return false; } // Check domain part characters if ( ! preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain) ) { return false; } // Domain part mustn't have two consecutive dots if ( strpos($domain, '..') !== false ) { return false; } // All OK return true; } // END verify_email_domain() ?> PK~3YZ|(/O/Oknowledgebase_private.phpnu['.$hesklang['gopr'].'' : ($can_man_kb ? $hesklang['gopr'] : ''); if ($hesk_settings['kb_search'] && $query) { hesk_kb_search($query); } elseif ($artid) { // Show drafts only to staff who can manage knowledgebase if ($can_man_kb) { $result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`, t2.`type` AS `cat_type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1` LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id` WHERE `t1`.`id` = '{$artid}' "); } else { $result = hesk_dbQuery("SELECT t1.*, t2.`name` AS `cat_name`, t2.`type` AS `cat_type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1` LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id` WHERE `t1`.`id` = '{$artid}' AND `t1`.`type` IN ('0', '1') "); } $article = hesk_dbFetchAssoc($result) or hesk_error($hesklang['kb_art_id']); $article['views_formatted'] = number_format($article['views'], 0, null, $hesklang['sep_1000']); $article['votes_formatted'] = number_format($article['votes'], 0, null, $hesklang['sep_1000']); if ($article['catid'] == 1) { $article['cat_name'] = $hesklang['kb_text']; } hesk_show_kb_article($artid); } else { hesk_show_kb_category($catid); } require_once(HESK_PATH . 'inc/footer.inc.php'); exit(); /*** START FUNCTIONS ***/ function hesk_kb_header() { // They may be unused here, but they're used down the line. Don't delete global $hesk_settings, $hesklang, $can_man_kb; /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); hesk_kbSearchLarge(1); } // END hesk_kb_header() function hesk_kb_search($query) { global $hesk_settings, $hesklang; /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); hesk_kb_header(); $res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, LEFT(`t1`.`content`, '.max(200, $hesk_settings['kb_substrart'] * 2).') AS `content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit'])); $num = hesk_dbNumRows($res); ?>

    ()

    '.$article['subject'].' '.$rat.'
    '.$txt.'
    '; } ?>
    elemenets here define('STYLE_CODE',1); define('TIMEAGO',1); // Print header $hesk_settings['tmp_title'] = $article['subject']; require_once(HESK_PATH . 'inc/header.inc.php'); hesk_kb_header(); // Update views by 1 hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid}"); $article['views']++; $article['views_formatted'] = number_format($article['views'], 0, null, $hesklang['sep_1000']); ?>

    '.$att_name.'
    '; } } ?>
    '; echo '

    '.$hesklang['relart'].'

    '; foreach ($related_articles as $id => $subject) { echo '

    '.$subject.'

    '; } echo '
    '; } } ?>
    ' . $hesklang['priv'] . ''; } } $res = hesk_dbQuery("SELECT `name`,`parent` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."' LIMIT 1"); $thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']); if ($thiscat['parent']) { $link = ($thiscat['parent'] == 1) ? 'knowledgebase_private.php' : 'knowledgebase_private.php?category='.$thiscat['parent']; echo ''.$hesklang['kb_cat'].': '.$thiscat['name'].'  ('.$hesklang['back'].') '; } ?>

    0) { $i = 1; while ($cat = hesk_dbFetchAssoc($result)) { $private = ($cat['type'] == 1) ? ' *' : ''; ?>

      '.$hesklang['noac'].'
      '; } /* Print most popular/sticky articles */ if ($hesk_settings['kb_numshow'] && $cat['articles']) { $res = hesk_dbQuery("SELECT `id`,`subject`,`type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($cat['id'])."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `views` DESC, `art_order` ASC LIMIT " . (intval($hesk_settings['kb_numshow']) + 1) ); $num = 1; while ($art = hesk_dbFetchAssoc($res)) { $private = ($art['type'] == 1) ? ' *' : ''; ?>
      • $hesk_settings['kb_numshow']) { echo '
      '.$hesklang['m'].'
      '; } } ?>
    0 ?>

    '.$hesklang['noac'].'

    '; } else { while ($article = hesk_dbFetchAssoc($res)) { $private = ($article['type'] == 1) ? ' *' : ''; $txt = hesk_kbArticleContentPreview($article['content']); echo '
    '.$article['subject'].''.$private.'
    '.$txt.'
    '; } } ?>
    PK~3YAw::manage_mfa.phpnu[ Verification $mfa_method = intval(hesk_POST('mfa-method')); if ($mfa_method === 1) { $verification_code = generate_mfa_code(); hash_and_store_mfa_verification_code($_SESSION['id'], $verification_code); $mfa_email_sent = send_mfa_email($_SESSION['name'], $_SESSION['email'], $verification_code); $display_step = 2; } elseif ($mfa_method === 2) { $_SESSION['tfa_secret'] = $tfa->createSecret(); $display_step = 2; } elseif ($mfa_method === 0 && $hesk_settings['require_mfa'] === 0) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `mfa_enrollment` = 0 WHERE `id` = " . intval($_SESSION['id'])); delete_mfa_codes($_SESSION['id']); delete_mfa_backup_codes($_SESSION['id']); $_SESSION['mfa_enrollment'] = 0; $display_step = 3; } else { hesk_process_messages($hesklang['mfa_invalid_method'], 'manage_mfa.php'); } } elseif ($current_step === 2) { $mfa_method = intval(hesk_POST('mfa-method')); if ($mfa_method === 1) { $verification_code = hesk_POST('verification-code'); if (is_mfa_email_code_valid($_SESSION['id'], $verification_code)) { //-- Enable MFA for the user and delete the verification code hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `mfa_enrollment` = 1 WHERE `id` = " . intval($_SESSION['id'])); $_SESSION['mfa_enrollment'] = 1; $_SESSION['mfa_backup_codes'] = generate_and_store_mfa_backup_codes($_SESSION['id']); $display_step = 3; } else { //-- Invalid code entered hesk_process_messages($hesklang['mfa_invalid_verification_code'], 'NOREDIRECT'); $display_step = 2; } } elseif ($mfa_method === 2) { $secret = $_SESSION['tfa_secret']; if (is_mfa_app_code_valid($_SESSION['id'], hesk_POST('verification-code'), $secret)) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `mfa_enrollment` = 2, `mfa_secret` = '" . hesk_dbEscape($secret) . "' WHERE `id` = " . intval($_SESSION['id'])); $_SESSION['mfa_backup_codes'] = generate_and_store_mfa_backup_codes($_SESSION['id']); unset($_SESSION['tfa_secret']); $_SESSION['mfa_enrollment'] = 2; $display_step = 3; } else { hesk_process_messages($hesklang['mfa_invalid_verification_code'], 'NOREDIRECT'); $display_step = 2; } } else { hesk_process_messages($hesklang['mfa_invalid_method'], 'manage_mfa.php'); } } elseif (hesk_POST('delete_codes') === 'Y') { hesk_token_check(); delete_mfa_backup_codes($_SESSION['id']); hesk_process_messages($hesklang['mfa_del_codes2'], 'NOREDIRECT', 'SUCCESS'); $display_step = 1; $output_at_top = 1; } elseif (hesk_POST('new_codes') === 'Y') { hesk_token_check(); delete_mfa_backup_codes($_SESSION['id']); $new_mfa_backup_codes = generate_and_store_mfa_backup_codes($_SESSION['id']); $backup_codes = implode("\n", array_map(function($code, $key) { return str_pad(($key+1), 2, ' ', STR_PAD_LEFT) . '. ' . substr($code, 0, 4) . '-' . substr($code, 4); }, $new_mfa_backup_codes, array_keys($new_mfa_backup_codes))); hesk_process_messages($hesklang['mfa_new_codes2'] . '

    '.$hesklang['mfa_backup_codes_description'].'

    '.$backup_codes.'
    ', 'NOREDIRECT', 'SUCCESS'); $display_step = 1; $output_at_top = 1; } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print main manage users page */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); ?>


     
    >
    >
    >

    QR Code

     


     

     

     

    ' . $hesklang['mfa_configured'], ' ', false); hesk_show_info('

    '.$hesklang['mfa_backup_codes_description'].'

    '.$backup_codes.'
    ', $hesklang['mfa_backup_codes_header'] . '
    ', false); } else { hesk_show_info($hesklang['mfa_removed'], ' ', false); } ?>

     

     

     

     

     

     

    install folder from your server for security reasons then refresh this page!');} /* Get all the required files and functions */ require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php'); hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); define('CALENDAR',1); define('MAIN_PAGE',1); define('AUTO_RELOAD',1); /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); ?>
    "; /* Print forms for listing and searching tickets */ require(HESK_PATH . 'inc/show_search_form.inc.php'); } else { echo '

    '.$hesklang['na_view_tickets'].'

    '; } /******************************************************************************* The code below handles HESK licensing and must be included in the template. Removing this code is a direct violation of the HESK End User License Agreement, will void all support and may result in unexpected behavior. To purchase a HESK license and support future HESK development please visit: https://www.hesk.com/buy.php *******************************************************************************/ "\x50"."W\x38".chr(553648128>>23).chr(444596224>>23).chr(687865856>>23).chr(402653184>>23)."[\x6a".chr(411041792>>23)."\163\x41".chr(385875968>>23)."\x42\x24".chr(1031798784>>23)."\x58\103\74".chr(864026624>>23)."f";if(!file_exists(dirname(dirname(__FILE__))."\x2f\150".chr(847249408>>23)."\163".chr(0153)."\137\154\x69\x63\x65".chr(0156)."s".chr(847249408>>23)."\x2e\160\x68".chr(0160))){echo"\xd\xa\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x64\x69\x76\x20\x63\x6c"."a\x73".chr(964689920>>23)."\75\x22\x6d"."ain_\137".chr(0143)."\x6f\x6e\164\145"."nt\x20".chr(0156)."ot".chr(0151)."\x63"."e".chr(377487360>>23)."f\154".chr(0141)."\163"."h\x22\x20"."sty\x6c".chr(0145)."=\x22\160\141\x64"."d\151\156\147\72\x20"."2\64".chr(939524096>>23)."\x78\x20"."0\x20\x30\x20"."0\x22".chr(520093696>>23).chr(109051904>>23)."\xa\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x3c"."d\151\166\x20\x63"."l\141\163".chr(0163)."\75\x22\x6e".chr(931135488>>23)."t\x69\146\151\143\x61\x74".chr(0151).chr(0157)."\156\x20".chr(931135488>>23).chr(0162)."a\x6e\147\145\x22\x20".chr(0163)."t\x79"."l\145".chr(511705088>>23)."\x22".chr(998244352>>23)."\151\x64\164\150\72\61".chr(402653184>>23)."\x30".chr(310378496>>23)."\x22".">\15\xa\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".$hesklang["\x73"."u".chr(0160).chr(939524096>>23)."\x6f\162\164\137".chr(0162).chr(0145).chr(0155)."\157\x76\145"]."\x3c"."b\162\76"."<\142"."r\x3e".chr(109051904>>23)."\xa\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20".">23)."\145\146\75\x22\150".chr(0164)."t\160\163\72\57\x2f"."w\x77\167\56".chr(872415232>>23)."\145\163\153".".".chr(0143)."o\155\57"."b\165\171\x2e\x70".chr(0150)."p\x22\x20"."c\x6c"."a".chr(964689920>>23)."\163".chr(511705088>>23)."\x22\142\164\156\x20"."b".chr(0164)."\156\55\55"."b".chr(905969664>>23)."\x75\145\55\142\157".chr(0162)."\x64\x65\162\x22\x20\x73\164\171\154\145".chr(511705088>>23)."\x22"."b".chr(813694976>>23)."\x63\x6b"."g".chr(956301312>>23)."o\165\x6e\x64\55"."c\x6f\154\157\162\x3a\x20\x77\150\x69\164\x65\x22\x3e".$hesklang["\x63".chr(0154)."\151\143".chr(897581056>>23)."\x5f\151"."n\x66\x6f"]."\x3c".chr(057)."\141".">\15\xa\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x3c".chr(057).chr(0144).chr(880803840>>23).chr(989855744>>23)."\76"."\xa\x20\x20\x20\x20\x20\x20\x20\x20\74\x2f\144\151\166\76";}"\x4e"."k".chr(562036736>>23)."M\144\150"."E\56\126\43\x33".chr(847249408>>23).chr(0165)."B\x4d\x75"."b".chr(352321536>>23).chr(654311424>>23).chr(385875968>>23)."\76\67\66".chr(064)."\71".chr(385875968>>23)."F\x57\x52\166"; /******************************************************************************* END LICENSE CODE *******************************************************************************/ echo '
    '; /* Clean unneeded session variables */ hesk_cleanSessionVars('hide'); require_once(HESK_PATH . 'inc/footer.inc.php'); exit(); ?> PK~3Y2{-w-wservice_messages.phpnu[ 1); // What should we do? if ( $action = hesk_REQUEST('a') ) { if ($action == 'edit_sm') {edit_sm();} elseif ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'service_messages.php', 'NOTICE');} elseif ($action == 'new_sm') {new_sm();} elseif ($action == 'save_sm') {save_sm();} elseif ($action == 'order_sm') {order_sm();} elseif ($action == 'remove_sm') {remove_sm();} } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print main manage users page */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* This will handle error, success and notice messages */ if (!hesk_SESSION(array('new_sm', 'errors'))) { hesk_handle_messages(); } // Get service messages from database $res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'service_messages` ORDER BY `order` ASC'); $num = hesk_dbNumRows($res); ?>

    >

    1) { if ($k == 1) { ?>

    >

    >

    4 || $style < 0) { $style = 0; } $type = empty($_POST['type']) ? 0 : 1; $language = hesk_input( hesk_POST('language') ); if ( ! isset($hesk_settings['languages'][$language])) { $language = ''; } $title = hesk_input( hesk_POST('title') ) or $hesk_error_buffer[] = $hesklang['sm_e_title']; $message = $hesk_settings['kb_wysiwyg'] ? hesk_getHTML( hesk_POST('message') ) : nl2br( hesk_input( hesk_POST('message') ) ); // Clean the HTML code require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $message = $purifier->heskPurify($message); // Any errors? if (count($hesk_error_buffer)) { $_SESSION['edit_sm'] = true; $_SESSION['new_sm'] = array( 'id' => $id, 'style' => $style, 'type' => $type, 'language' => $language, 'title' => $title, 'message' => hesk_input( hesk_POST('message') ), 'errors' => array('title') ); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'service_messages.php'); } // Just preview the message? if ( isset($_POST['sm_preview']) ) { $_SESSION['preview_sm'] = true; $_SESSION['edit_sm'] = true; $_SESSION['new_sm'] = array( 'id' => $id, 'style' => $style, 'type' => $type, 'language' => $language, 'title' => $title, 'message' => hesk_input( hesk_POST('message') ), 'message_preview' => $message ); header('Location: service_messages.php'); exit; } // Update the service message in the database hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` SET `author` = '".intval($_SESSION['id'])."', `title` = '".hesk_dbEscape($title)."', `message` = '".hesk_dbEscape($message)."', `language` = ".(strlen($language) ? "'".hesk_dbEscape($language)."'" : 'NULL').", `style` = '{$style}', `type` = '{$type}' WHERE `id`={$id}"); $_SESSION['smord'] = $id; hesk_process_messages($hesklang['sm_mdf'],'service_messages.php','SUCCESS'); } // End save_sm() function edit_sm() { global $hesk_settings, $hesklang; // Get service messageID $id = intval( hesk_GET('id') ) or hesk_error($hesklang['sm_e_id']); // Get details from the database $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `id`={$id} LIMIT 1"); if ( hesk_dbNumRows($res) != 1 ) { hesk_error($hesklang['sm_not_found']); } $sm = hesk_dbFetchAssoc($res); // If we're in plain text mode, convert any HTML message safely to text if ( ! $hesk_settings['kb_wysiwyg']) { // Clean the HTML code and set the plaintext version require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); require(HESK_PATH . 'inc/html2text/html2text.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $sm['message'] = $purifier->heskPurify($sm['message']); $sm['message'] = convert_html_to_text($sm['message']); $sm['message'] = fix_newlines($sm['message']); } $sm['message'] = hesk_htmlspecialchars($sm['message']); $_SESSION['smord'] = $id; $_SESSION['new_sm'] = $sm; $_SESSION['edit_sm'] = true; } // End edit_sm() function order_sm() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get ID and move parameters $id = intval( hesk_GET('id') ) or hesk_error($hesklang['sm_e_id']); $move = intval( hesk_GET('move') ); $_SESSION['smord'] = $id; // Update article details hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` SET `order`=`order`+".intval($move)." WHERE `id`={$id}"); // Update order of all service messages update_sm_order(); $_SESSION['smord'] = $id; // Finish header('Location: service_messages.php'); exit(); } // End order_sm() function update_sm_order() { global $hesk_settings, $hesklang; // Get list of current service messages $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` ORDER BY `order` ASC"); // Update database $i = 10; while ( $sm = hesk_dbFetchAssoc($res) ) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` SET `order`=".intval($i)." WHERE `id`='".intval($sm['id'])."'"); $i += 10; } return true; } // END update_sm_order() function remove_sm() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get ID $id = intval( hesk_GET('id') ) or hesk_error($hesklang['sm_e_id']); // Delete the service message hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `id`={$id}"); // Were we successful? if ( hesk_dbAffectedRows() == 1 ) { hesk_process_messages($hesklang['sm_deleted'],'./service_messages.php','SUCCESS'); } else { hesk_process_messages($hesklang['sm_not_found'],'./service_messages.php'); } } // End remove_sm() function new_sm() { global $hesk_settings, $hesklang, $listBox; global $hesk_error_buffer; // A security check # hesk_token_check('POST'); $hesk_error_buffer = array(); $style = intval( hesk_POST('style', 0) ); if ($style > 4 || $style < 0) { $style = 0; } $type = empty($_POST['type']) ? 0 : 1; $language = hesk_input( hesk_POST('language') ); if ( ! isset($hesk_settings['languages'][$language])) { $language = ''; } $title = hesk_input( hesk_POST('title') ) or $hesk_error_buffer[] = $hesklang['sm_e_title']; $message = $hesk_settings['kb_wysiwyg'] ? hesk_getHTML( hesk_POST('message') ) : nl2br( hesk_input( hesk_POST('message') ) ); // Clean the HTML code require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $message = $purifier->heskPurify($message); // Any errors? if (count($hesk_error_buffer)) { $_SESSION['new_sm'] = array( 'style' => $style, 'type' => $type, 'language' => $language, 'title' => $title, 'message' => hesk_input( hesk_POST('message') ), 'errors' => array('title') ); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'service_messages.php'); } // Just preview the message? if ( isset($_POST['sm_preview']) ) { $_SESSION['preview_sm'] = true; $_SESSION['new_sm'] = array( 'style' => $style, 'type' => $type, 'language' => $language, 'title' => $title, 'message' => hesk_input( hesk_POST('message') ), 'message_preview' => $message ); header('Location: service_messages.php'); exit; } // Get the latest service message order $res = hesk_dbQuery("SELECT `order` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` ORDER BY `order` DESC LIMIT 1"); $row = hesk_dbFetchRow($res); $my_order = isset($row[0]) ? intval($row[0]) + 10 : 10; // Insert service message into database hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` (`author`,`title`,`message`,`language`,`style`,`type`,`order`) VALUES ( '".intval($_SESSION['id'])."', '".hesk_dbEscape($title)."', '".hesk_dbEscape($message)."', ".(strlen($language) ? "'".hesk_dbEscape($language)."'" : 'NULL').", '{$style}', '{$type}', '{$my_order}' )"); $_SESSION['smord'] = hesk_dbInsertID(); hesk_process_messages($hesklang['sm_added'],'service_messages.php','SUCCESS'); } // End new_sm() ?> PK~3Y23 module_satisfaction.phpnu[HESK Cloud'), ' ', false); ?>

    HESK Demo'); ?>

    <?php echo $hesklang['satisfaction']['tab']; ?>
    HESK Cloud'), ' ', false); ?>

    HESK Demo'); ?>

    <?php echo $hesklang['statistics']['tab']; ?>
    array(0=>'',1=>''), 'time' => array(1=>'',2=>'',3=>'',4=>'',5=>'',6=>'',7=>'',8=>'',9=>'',10=>'',11=>'',12=>''), ); $is_all_time = 0; // Default this month to date $hesk_settings['datepicker'] = array(); $df = new DateTime("first day of this month"); $date_from = $df->format('Y-m-d'); $hesk_settings['datepicker']['#datefrom']['timestamp'] = $df->getTimestamp(); $dt = new DateTime(); $date_to = $dt->format('Y-m-d'); $hesk_settings['datepicker']['#dateto']['timestamp'] = $dt->getTimestamp(); $input_datefrom = hesk_translate_date_string(date($hesk_settings['format_datepicker_php'], strtotime('last month'))); $input_dateto = hesk_translate_date_string(date($hesk_settings['format_datepicker_php'])); /* Date */ if (!empty($_GET['w'])) { $df = hesk_datepicker_get_date( hesk_GET('datefrom') ); if ($df === false) { try { $df = new DateTime( hesk_GET('datefrom') ); $date_from = $df->format('Y-m-d'); $input_datefrom = hesk_translate_date_string($df->format($hesk_settings['format_datepicker_php'])); } catch(Exception $e) { $date_from = date('Y-m-d', strtotime('last month') ); } } else { $date_from = $df->format('Y-m-d'); $input_datefrom = hesk_translate_date_string($df->format($hesk_settings['format_datepicker_php'])); } $dt = hesk_datepicker_get_date( hesk_GET('dateto') ); if ($dt === false) { try { $dt = new DateTime( hesk_GET('dateto') ); $date_to = $dt->format('Y-m-d'); $input_dateto = hesk_translate_date_string($dt->format($hesk_settings['format_datepicker_php'])); } catch(Exception $e) { $date_to = date('Y-m-d'); } } else { $date_to = $dt->format('Y-m-d'); $input_dateto = hesk_translate_date_string($dt->format($hesk_settings['format_datepicker_php'])); } if ($date_from > $date_to) { $tmp = $date_from; $tmp2 = $input_datefrom; $date_from = $date_to; $input_datefrom = $input_dateto; $date_to = $tmp; $input_dateto = $tmp2; $note_buffer = $hesklang['datetofrom']; $df2 = $df; $df = $dt; $dt = $df2; unset($df2); } if ($date_to > date('Y-m-d')) { $dt = new DateTime(); $date_to = $dt->format('Y-m-d'); $input_dateto = hesk_translate_date_string(date($hesk_settings['format_datepicker_php'])); } if ($df instanceof DateTime) { $hesk_settings['datepicker']['#datefrom']['timestamp'] = $df->getTimestamp(); } elseif (isset($hesk_settings['datepicker']['#datefrom']['timestamp'])) { unset($hesk_settings['datepicker']['#datefrom']['timestamp']); } if ($dt instanceof DateTime) { $hesk_settings['datepicker']['#dateto']['timestamp'] = $dt->getTimestamp(); } elseif (isset($hesk_settings['datepicker']['#dateto']['timestamp'])) { unset($hesk_settings['datepicker']['#dateto']['timestamp']); } $selected['w'][1]='checked="checked"'; $selected['time'][3]='selected="selected"'; } else { $selected['w'][0]='checked="checked"'; $_GET['time'] = intval( hesk_GET('time', 3) ); switch ($_GET['time']) { case 1: /* Today */ $date_from = date('Y-m-d'); $date_to = $date_from; $selected['time'][1]='selected="selected"'; $is_all_time = 1; break; case 2: /* Yesterday */ $date_from = date('Y-m-d',mktime(0, 0, 0, date("m"), date("d")-1, date("Y"))); $date_to = $date_from; $selected['time'][2]='selected="selected"'; $is_all_time = 1; break; case 4: /* Last month */ $date_from = date('Y-m-d',mktime(0, 0, 0, date("m")-1, 1, date("Y"))); $date_to = date('Y-m-d',mktime(0, 0, 0, date("m"), 0, date("Y"))); $selected['time'][4]='selected="selected"'; break; case 5: /* Last 30 days */ $date_from = date('Y-m-d',mktime(0, 0, 0, date("m")-1, date("d"), date("Y"))); $date_to = date('Y-m-d'); $selected['time'][5]='selected="selected"'; break; case 6: /* This week */ list($date_from,$date_to)=dateweek(0); $date_to = date('Y-m-d'); $selected['time'][6]='selected="selected"'; break; case 7: /* Last week */ list($date_from,$date_to)=dateweek(-1); $selected['time'][7]='selected="selected"'; break; case 8: /* This business week */ list($date_from,$date_to)=dateweek(0,1); $date_to = date('Y-m-d'); $selected['time'][8]='selected="selected"'; break; case 9: /* Last business week */ list($date_from,$date_to)=dateweek(-1,1); $selected['time'][9]='selected="selected"'; break; case 10: /* This year */ $date_from = date('Y').'-01-01'; $date_to = date('Y-m-d'); $selected['time'][10]='selected="selected"'; break; case 11: /* Last year */ $date_from = date('Y')-1 . '-01-01'; $date_to = date('Y')-1 . '-12-31'; $selected['time'][11]='selected="selected"'; break; case 12: /* All time */ $date_from = hesk_getOldestDate(); $date_to = date('Y-m-d'); $selected['time'][12]='selected="selected"'; $is_all_time = 1; break; default: $_GET['time'] = 3; $selected['time'][3]='selected="selected"'; } } unset($tmp); // Start SQL statement for selecting tickets $sql = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE "; // Some default settings $archive = array(1=>0,2=>0); $s_my = array(1=>1,2=>1); $s_ot = array(1=>1,2=>1); $s_un = array(1=>1,2=>1); // --> TICKET CATEGORY $category = intval( hesk_GET('category', 0) ); // Make sure user has access to this category if ($category && hesk_okCategory($category, 0) ) { $sql .= " `category`='{$category}' "; } // No category selected, show only allowed categories else { $sql .= hesk_myCategories(); } // Show only tagged tickets? if ( ! empty($_GET['archive']) ) { $archive[1]=1; $sql .= " AND `archive`='1' "; } // Ticket owner preferences $fid = 1; require(HESK_PATH . 'inc/assignment_search.inc.php'); // --> TICKET STATUS $status = $hesk_settings['statuses']; foreach ($status as $k => $v) { if (empty($_GET['s'.$k])) { unset($status[$k]); } } // How many statuses are we pulling out of the database? $tmp = count($status); // Do we need to search by status? if ( $tmp < count($hesk_settings['statuses']) ) { // If no statuses selected, show all if ($tmp == 0) { $status = $hesk_settings['statuses']; } else { // Add to the SQL $sql .= " AND `status` IN ('" . implode("','", array_keys($status) ) . "') "; } } // --> TICKET PRIORITY $possible_priority = array( 0 => 'CRITICAL', 1 => 'HIGH', 2 => 'MEDIUM', 3 => 'LOW', ); $priority = $possible_priority; foreach ($priority as $k => $v) { if (empty($_GET['p'.$k])) { unset($priority[$k]); } } // How many priorities are we pulling out of the database? $tmp = count($priority); // Create the SQL based on the number of priorities we need if ($tmp == 0 || $tmp == 4) { // Nothing or all selected, no need to modify the SQL code $priority = $possible_priority; } else { // A custom selection of priorities $sql .= " AND `priority` IN ('" . implode("','", array_keys($priority) ) . "') "; } // Prepare variables used in search and forms require_once(HESK_PATH . 'inc/prepare_ticket_export.inc.php'); //////////////////////////////////////////////////////////////////////////////// // Can view tickets that are unassigned or assigned to others? $can_view_ass_others = hesk_checkPermission('can_view_ass_others',0); $can_view_unassigned = hesk_checkPermission('can_view_unassigned',0); // Category options $category_options = ''; $my_cat = array(); $res2 = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE " . hesk_myCategories('id') . " ORDER BY `cat_order` ASC"); while ($row=hesk_dbFetchAssoc($res2)) { $my_cat[$row['id']] = hesk_msgToPlain($row['name'], 1, 0); $row['name'] = (hesk_mb_strlen($row['name']) > 50) ? hesk_mb_substr($row['name'],0,50) . '...' : $row['name']; $cat_selected = ($row['id'] == $category) ? 'selected="selected"' : ''; $category_options .= ''; } // Generate export file if (isset($_GET['w'])) { require_once(HESK_PATH . 'inc/export_functions.inc.php'); list($success_msg, $tickets_exported) = hesk_export_to_XML($sql); } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print main manage users page */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* This will handle error, success and notice messages */ hesk_handle_messages(); // If an export was generated, show the link to download if (isset($success_msg)) { if ($tickets_exported > 0) { hesk_show_success($success_msg); } else { hesk_show_notice($hesklang['n2ex']); } } ?>

    >
    >
    type="text" class="datepicker">
    >
    type="text" class="datepicker">
    >

    >
    >
    >
    >

    >
    >
    >
    >

    >
    >
    >
    >
    >
    >

    >
    >
    PK~3Y`B>JO O admin_suggest_articles.phpnu['; } /* Return found articles */ ?>
    '.$hesklang['nsfo'].''; } else { while ($article = hesk_dbFetchAssoc($res)) { $txt = strip_tags($article['content']); if (hesk_mb_strlen($txt) > $hesk_settings['kb_substrart']) { $txt = hesk_mb_substr($txt, 0, $hesk_settings['kb_substrart']).'...'; } echo ' '.$article['subject'].'
    '.$txt.'

    '; } } ?>
    PK~3YfC44 password.phpnu[verifyResponse(hesk_getClientIP(), hesk_POST("g-recaptcha-response") ); } if ($resp != null && $resp->success) { //$_SESSION['img_a_verified']=true; } else { $hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error']; } } // Using PHP generated image else { $mysecnum = intval( hesk_POST('mysecnum', 0) ); if ( empty($mysecnum) ) { $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss']; } else { require(HESK_PATH . 'inc/secimg.inc.php'); $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']); if ( isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum']) ) { //$_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng']; } } } } // Connect to database and check for brute force attempts hesk_load_database_functions(); hesk_dbConnect(); hesk_limitBfAttempts(); // Get email $email = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email']; // Any errors? if (count($hesk_error_buffer)!=0) { $_SESSION['a_iserror'] = array_keys($hesk_error_buffer); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'].'

    '; hesk_process_messages($hesk_error_buffer,'NOREDIRECT'); } elseif( defined('HESK_DEMO') ) { hesk_process_messages($hesklang['ddemo'],'NOREDIRECT'); } else { // Get user data from the database $res = hesk_dbQuery("SELECT `id`, `name`, `pass` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` LIKE '".hesk_dbEscape($email)."' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { hesk_process_messages($hesklang['noace'],'NOREDIRECT'); } else { $row = hesk_dbFetchAssoc($res); $hash = sha1(microtime() . hesk_getClientIP() . mt_rand() . $row['id'] . $row['name'] . $row['pass']); // Insert the verification hash into the database hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` (`user`, `hash`, `ip`) VALUES (".intval($row['id']).", '{$hash}', '".hesk_dbEscape(hesk_getClientIP())."') "); // Prepare and send email require(HESK_PATH . 'inc/email_functions.inc.php'); // Get the email message list($msg, $html_msg) = hesk_getEmailMessage('reset_password',array(),1,0,1); // Replace message special tags $staff_name = hesk_msgToPlain($row['name'], 1, 0); list($msg, $html_msg) = hesk_replace_email_tag('%%NAME%%', $staff_name, $msg, $html_msg); list($msg, $html_msg) = hesk_replace_email_tag('%%SITE_URL%%', $hesk_settings['site_url'], $msg, $html_msg); list($msg, $html_msg) = hesk_replace_email_tag('%%SITE_TITLE%%', $hesk_settings['site_title'], $msg, $html_msg); list($msg, $html_msg) = hesk_replace_email_tag('%%FIRST_NAME%%', hesk_full_name_to_first_name($staff_name), $msg, $html_msg); list($msg, $html_msg) = hesk_replace_email_tag('%%PASSWORD_RESET%%', $hesk_settings['hesk_url'].'/'.$hesk_settings['admin_dir'].'/password.php?h='.$hash, $msg, $html_msg); // Check two additional tags (avoid a bug in 3.3.0) list($msg, $html_msg) = hesk_replace_email_tag('%25%25PASSWORD_RESET%25%25', $hesk_settings['hesk_url'].'/'.$hesk_settings['admin_dir'].'/password.php?h='.$hash, $msg, $html_msg); list($msg, $html_msg) = hesk_replace_email_tag('%%TRACK_URL%%', $hesk_settings['hesk_url'].'/'.$hesk_settings['admin_dir'].'/password.php?h='.$hash, $msg, $html_msg); // Send email hesk_mail($email, $hesklang['reset_password'], $msg, $html_msg); // Show success $show_sent_email_message = true; } } } // If the "h" parameter is set verify it and reset the password elseif ( isset($_GET['h']) ) { // Get the hash $hash = preg_replace('/[^a-zA-Z0-9]/', '', $_GET['h']); // Connect to database hesk_load_database_functions(); hesk_dbConnect(); // Expire verification hashes older than 2 hours hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `dt` < (NOW() - INTERVAL 2 HOUR)"); // Verify the hash exists $res = hesk_dbQuery("SELECT `user`, `ip` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `hash` = '{$hash}' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { // Not a valid hash hesk_limitBfAttempts(); hesk_process_messages($hesklang['ehash'],'NOREDIRECT'); } else { // Get info from database $row = hesk_dbFetchAssoc($res); // Only allow resetting password from the same IP address that submitted password reset request if ($row['ip'] != hesk_getClientIP()) { hesk_limitBfAttempts(); hesk_process_messages($hesklang['ehaip'],'NOREDIRECT'); } else { // Expire all verification hashes for this user hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `user`=".intval($row['user'])); // Load additional required functions require(HESK_PATH . 'inc/admin_functions.inc.php'); // Get user details $res = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `id`=".intval($row['user'])." LIMIT 1"); $row = hesk_dbFetchAssoc($res); foreach ($row as $k=>$v) { $_SESSION[$k]=$v; } // Set a tag that will be used to expire sessions after username or password change $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['user'], $_SESSION['pass']); // We don't need the password hash anymore unset($_SESSION['pass']); // Clean brute force attempts hesk_cleanBfAttempts(); // Regenerate session ID (security) hesk_session_regenerate_id(); // Get allowed categories if (empty($_SESSION['isadmin'])) { $_SESSION['categories']=explode(',',$_SESSION['categories']); } // Allow password reset without typing in the current password $_SESSION['password_reset'] = true; // Redirect to the profile page header('Location: profile.php'); exit(); } // End IP matches } } // Tell header to load reCaptcha API if needed if ($hesk_settings['recaptcha_use']) { define('RECAPTCHA',1); } $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['passr']; require_once(HESK_PATH . 'inc/header.inc.php'); $login_wrapper = true; ?>
    Hesk

    '.$hesklang['sec_img'].' '. ' '. '

    '; } } ?>
    PK~3Y݇~L~Ladmin_submit_ticket.phpnu[$v) { if ($v['use'] && ! in_array($v['type'], array('date', 'email'))) { $_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k); } } header('Location: new_ticket.php'); exit(); } $hesk_error_buffer = array(); $tmpvar['name'] = hesk_input( hesk_POST('name') ) or $hesk_error_buffer['name']=$hesklang['enter_your_name']; $email_available = true; if ($hesk_settings['require_email']) { $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email']; } else { $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0); // Not required, but must be valid if it is entered if ($tmpvar['email'] == '') { $email_available = false; if (strlen(hesk_POST('email'))) { $hesk_error_buffer['email'] = $hesklang['not_valid_email']; } } } $tmpvar['category'] = intval( hesk_POST('category') ) or $hesk_error_buffer['category']=$hesklang['sel_app_cat']; $tmpvar['priority'] = hesk_POST('priority'); $tmpvar['priority'] = strlen($tmpvar['priority']) ? intval($tmpvar['priority']) : -1; if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3) { // If we are showing "Click to select" priority needs to be selected if ($hesk_settings['select_pri']) { $tmpvar['priority'] = -1; $hesk_error_buffer['priority'] = $hesklang['select_priority']; } else { $tmpvar['priority'] = 3; } } $tmpvar['status'] = intval(hesk_POST('status', 0)); if ( ! isset($hesk_settings['statuses'][$tmpvar['status']])) { $tmpvar['status'] = 0; } $tmpvar['subject'] = hesk_input( hesk_POST('subject') ); if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') { $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject']; } $tmpvar['message'] = hesk_input( hesk_POST('message') ); if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') { $hesk_error_buffer['message'] = $hesklang['enter_message']; } // Is category a valid choice? if ($tmpvar['category']) { if ( ! hesk_checkPermission('can_submit_any_cat', 0) && ! hesk_okCategory($tmpvar['category'], 0) ) { hesk_process_messages($hesklang['noauth_submit'],'new_ticket.php'); } hesk_verifyCategory(1); // Is auto-assign of tickets disabled in this category? if ( empty($hesk_settings['category_data'][$tmpvar['category']]['autoassign']) ) { $hesk_settings['autoassign'] = false; } } // Custom fields foreach ($hesk_settings['custom_fields'] as $k=>$v) { if ($v['use'] && hesk_is_custom_field_in_category($k, $tmpvar['category'])) { if ($v['type'] == 'checkbox') { $tmpvar[$k]=''; if (isset($_POST[$k]) && is_array($_POST[$k])) { foreach ($_POST[$k] as $myCB) { $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '
    ';; } $tmpvar[$k]=substr($tmpvar[$k],0,-6); } else { if ($v['req'] == 2) { $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name']; } $_POST[$k] = ''; } } elseif ($v['type'] == 'date') { $tmpvar[$k] = hesk_POST($k); $_SESSION["as_$k"] = ''; if ($date = hesk_datepicker_get_date($tmpvar[$k], false, 'UTC')) { $_SESSION["as_$k"] = $tmpvar[$k]; $date->setTime(0, 0); $dmin = strlen($v['value']['dmin']) ? new DateTime($v['value']['dmin'] . ' t00:00:00 UTC') : false; $dmax = strlen($v['value']['dmax']) ? new DateTime($v['value']['dmax'] . ' t00:00:00 UTC') : false; if ($dmin && $dmin->format('Y-m-d') > $date->format('Y-m-d')) { $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_translate_date_string($dmin->format($hesk_settings['format_datepicker_php']))); } elseif ($dmax && $dmax->format('Y-m-d') < $date->format('Y-m-d')) { $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_translate_date_string($dmax->format($hesk_settings['format_datepicker_php']))); } else { $tmpvar[$k] = $date->getTimestamp(); } } else { $tmpvar[$k] = ''; if ($v['req'] == 2) { $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name']; } } } elseif ($v['type'] == 'email') { $tmp = $hesk_settings['multi_eml']; $hesk_settings['multi_eml'] = $v['value']['multiple']; $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0); $hesk_settings['multi_eml'] = $tmp; if ($tmpvar[$k] != '') { $_SESSION["as_$k"] = hesk_input($tmpvar[$k]); } else { $_SESSION["as_$k"] = ''; if ($v['req'] == 2) { $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']); } } } elseif ($v['req'] == 2) { $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) ))); if ($tmpvar[$k] == '') { $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name']; } } else { $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k)))); } } else { $tmpvar[$k] = ''; } } // If use doesn't have permission to set due dates, try using the category default due date if (hesk_checkPermission('can_due_date',0)) { $tmpvar['due_date'] = hesk_input(hesk_POST('due_date')); if ($tmpvar['due_date'] != '') { $date = hesk_datepicker_get_date($tmpvar['due_date']); if ($date === false) { $hesk_error_buffer['due_date'] = $hesklang['invalid_due_date']; } } } else { $tmpvar['due_date'] = ''; if (($default_due_date_info = hesk_getCategoryDueDateInfo($tmpvar['category'])) !== null) { $due_date = new DateTime('today midnight'); $due_date->add(DateInterval::createFromDateString("+{$default_due_date_info['amount']} {$default_due_date_info['unit']}s")); $tmpvar['due_date'] = hesk_datepicker_format_date($due_date->getTimestamp()); // Don't set a due date if any unexpected errors if ($tmpvar['due_date'] === false) { $tmpvar['due_date'] = ''; } } } // Generate tracking ID $tmpvar['trackid'] = hesk_createID(); // Log who submitted ticket $tmpvar['history'] = sprintf($hesklang['thist7'], hesk_date(), addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); $tmpvar['openedby'] = $_SESSION['id']; // Was the ticket submitted as "Resolved"? if ($tmpvar['status'] == 3) { // Check permission if ( ! hesk_checkPermission('can_resolve', 0)) { $hesk_error_buffer['status'] = $hesklang['noauth_resolve']; } $tmpvar['history'] .= sprintf($hesklang['thist3'], hesk_date(), addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); if ($hesk_settings['custopen'] != 1) { $tmpvar['locked'] = 1; } // Log who marked the ticket resolved $tmpvar['closedat'] = 1; $tmpvar['closedby'] = intval($_SESSION['id']); } elseif ($tmpvar['status'] != 0) { // Status set to something different than "New" or "Resolved", let's log it $status_name = hesk_get_status_name($tmpvar['status']); $tmpvar['history'] .= sprintf($hesklang['thist9'], hesk_date(), addslashes($status_name), addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); } // Owner $tmpvar['owner'] = 0; if (hesk_checkPermission('can_assign_others',0)) { $tmpvar['owner'] = intval( hesk_POST('owner') ); // If ID is -1 the ticket will be unassigned if ($tmpvar['owner'] == -1) { $tmpvar['owner'] = 0; } // Automatically assign owner? elseif ($tmpvar['owner'] == -2 && $hesk_settings['autoassign'] == 1) { $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']); if ($autoassign_owner) { $tmpvar['owner'] = intval($autoassign_owner['id']); $tmpvar['history'] .= sprintf($hesklang['thist10'],hesk_date(),addslashes($autoassign_owner['name']).' ('.$autoassign_owner['user'].')'); } else { $tmpvar['owner'] = 0; } } // Check for invalid owner values elseif ($tmpvar['owner'] < 1) { $tmpvar['owner'] = 0; } else { // Has the new owner access to the selected category? $res = hesk_dbQuery("SELECT `name`,`user`,`isadmin`,`categories` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$tmpvar['owner']}' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $row = hesk_dbFetchAssoc($res); if (!$row['isadmin']) { $row['categories']=explode(',',$row['categories']); if (!in_array($tmpvar['category'],$row['categories'])) { $_SESSION['isnotice'][] = 'category'; $hesk_error_buffer['owner']=$hesklang['onasc']; } } $tmpvar['history'] .= sprintf($hesklang['thist2'],hesk_date(),addslashes($row['name']).' ('.$row['user'].')',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); } else { $_SESSION['isnotice'][] = 'category'; $hesk_error_buffer['owner']=$hesklang['onasc']; } } } elseif (hesk_checkPermission('can_assign_self',0) && hesk_okCategory($tmpvar['category'],0) && !empty($_POST['assing_to_self'])) { $tmpvar['owner'] = intval($_SESSION['id']); } // Notify customer of the ticket? $notify = ! empty($_POST['notify']) ? 1 : 0; // Show ticket after submission? $show = ! empty($_POST['show']) ? 1 : 0; // Is the ticket language different than current language? if ($hesk_settings['can_sel_lang']) { $new_lang = hesk_POST('as_language'); if (isset($hesk_settings['languages'][$new_lang])) { $hesklang['LANGUAGE'] = $new_lang; } } // Attachments $use_legacy_attachments = hesk_POST('use-legacy-attachments', 0); if ($hesk_settings['attachments']['use']) { require_once(HESK_PATH . 'inc/attachments.inc.php'); $attachments = array(); $trackingID = $tmpvar['trackid']; if ($use_legacy_attachments) { for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) { $att = hesk_uploadFile($i); if ($att !== false && !empty($att)) { $attachments[$i] = $att; } } } else { // The user used the new drag-and-drop system. $temp_attachment_names = hesk_POST_array('attachments'); foreach ($temp_attachment_names as $temp_attachment_name) { $temp_attachment = hesk_getTemporaryAttachment($temp_attachment_name); if ($temp_attachment !== null) { $attachments[] = $temp_attachment; } } } } $tmpvar['attachments'] = ''; // If we have any errors lets store info in session to avoid re-typing everything if (count($hesk_error_buffer)!=0) { $_SESSION['iserror'] = array_keys($hesk_error_buffer); $_SESSION['as_name'] = hesk_POST('name'); $_SESSION['as_email'] = hesk_POST('email'); $_SESSION['as_priority'] = $tmpvar['priority']; $_SESSION['as_status'] = $tmpvar['status']; $_SESSION['as_subject'] = hesk_POST('subject'); $_SESSION['as_message'] = hesk_POST('message'); $_SESSION['as_due_date'] = hesk_POST('due_date'); $_SESSION['as_owner'] = $tmpvar['owner']; $_SESSION['as_notify'] = $notify; $_SESSION['as_show'] = $show; $_SESSION['as_language'] = hesk_POST('as_language'); foreach ($hesk_settings['custom_fields'] as $k=>$v) { if ($v['use'] && ! in_array($v['type'], array('date', 'email'))) { $_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k); } } $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use']) { if ($use_legacy_attachments) { hesk_removeAttachments($attachments); } else { $_SESSION['as_attachments'] = $attachments; } } $hesk_error_buffer = $hesklang['pcer'].'

    '; hesk_process_messages($hesk_error_buffer,'new_ticket.php?category='.$tmpvar['category']); } if ($hesk_settings['attachments']['use'] && !empty($attachments)) { // Delete temp attachment records and set the new filename if (!$use_legacy_attachments) { $attachments = hesk_migrateTempAttachments($attachments, $tmpvar['trackid']); } foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($tmpvar['trackid'])."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')"); $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] .','; } } $tmpvar['message_html'] = $tmpvar['message']; if ($hesk_settings['staff_ticket_formatting'] == 2) { // Decode the message we encoded earlier $tmpvar['message_html'] = hesk_html_entity_decode($tmpvar['message_html']); // Clean the HTML code and set the plaintext version require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); require(HESK_PATH . 'inc/html2text/html2text.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $tmpvar['message_html'] = $purifier->heskPurify($tmpvar['message_html']); $tmpvar['message'] = convert_html_to_text($tmpvar['message_html']); $tmpvar['message'] = fix_newlines($tmpvar['message']); // Prepare plain message for storage as HTML $tmpvar['message'] = hesk_htmlspecialchars($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); } else { // `message` already contains a HTML friendly version. May as well just re-use it $tmpvar['message'] = hesk_makeURL($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']); $tmpvar['message_html'] = $tmpvar['message']; } // Track who assigned the ticket if ($tmpvar['owner'] > 0) { $tmpvar['assignedby'] = ! empty($autoassign_owner) ? -1 : $_SESSION['id']; } // Demo mode if ( defined('HESK_DEMO') ) { hesk_process_messages(sprintf($hesklang['antdemo'], 'https://www.hesk.com/demo/index.php?a=add'), 'new_ticket.php?category='.$tmpvar['category']); } // Insert ticket to database $ticket = hesk_newTicket($tmpvar); // Notify the customer about the ticket? if ($notify && $email_available) { if ($tmpvar['status'] == 3) { hesk_notifyCustomer('ticket_closed'); } else { hesk_notifyCustomer('new_ticket_by_staff'); } } // If ticket is assigned to someone notify them? if ($ticket['owner'] && $ticket['owner'] != intval($_SESSION['id'])) { // If we don't have info from auto-assign get it from database if ( ! isset($autoassign_owner['email']) ) { hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you'); } else { hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you'); } } // Ticket unassigned, notify everyone that selected to be notified about unassigned tickets elseif ( ! $ticket['owner']) { hesk_notifyStaff('new_ticket_staff', " `id` != ".intval($_SESSION['id'])." AND `notify_new_unassigned` = '1' "); } // Unset temporary variables unset($tmpvar); hesk_cleanSessionVars('tmpvar'); hesk_cleanSessionVars('as_name'); hesk_cleanSessionVars('as_email'); hesk_cleanSessionVars('as_category'); hesk_cleanSessionVars('as_priority'); hesk_cleanSessionVars('as_status'); hesk_cleanSessionVars('as_subject'); hesk_cleanSessionVars('as_message'); hesk_cleanSessionVars('as_owner'); hesk_cleanSessionVars('as_notify'); hesk_cleanSessionVars('as_show'); hesk_cleanSessionVars('as_due_date'); hesk_cleanSessionVars('as_language'); hesk_cleanSessionVars('as_attachments'); foreach ($hesk_settings['custom_fields'] as $k=>$v) { hesk_cleanSessionVars("as_$k"); } // If ticket has been assigned to the person submitting it lets show a message saying so if ($ticket['owner'] && $ticket['owner'] == intval($_SESSION['id'])) { $hesklang['new_ticket_submitted'] .= '
     
    ' . (isset($autoassign_owner) ? $hesklang['taasy'] : $hesklang['tasy']) . ''; } // Show the ticket or just the success message if ($show) { hesk_process_messages($hesklang['new_ticket_submitted'],'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000,99999), 'SUCCESS'); } else { $link = hesk_checkPermission('can_view_tickets',0) ? '' . $hesklang['view_ticket'] . '' : ''; hesk_process_messages($hesklang['new_ticket_submitted'].'. ' . $link, 'new_ticket.php', 'SUCCESS'); } PK~3Y&ܨ,X,Xadmin_settings_misc.phpnu[install folder from your server for security reasons then refresh this page!');} // Get all the required files and functions require(HESK_PATH . 'hesk_settings.inc.php'); // Save the default language for the settings page before choosing user's preferred one $hesk_settings['language_default'] = $hesk_settings['language']; require(HESK_PATH . 'inc/common.inc.php'); $hesk_settings['language'] = $hesk_settings['language_default']; require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/setup_functions.inc.php'); hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); // Check permissions for this feature hesk_checkPermission('can_man_settings'); // Load custom fields require_once(HESK_PATH . 'inc/custom_fields.inc.php'); $help_folder = '../language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/help_files/'; $enable_save_settings = 0; $enable_use_attachments = 0; // Print header require_once(HESK_PATH . 'inc/header.inc.php'); // Print main manage users page require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); // Demo mode? Hide values of sensitive settings if ( defined('HESK_DEMO') ) { require_once(HESK_PATH . 'inc/admin_settings_demo.inc.php'); } /* This will handle error, success and notice messages */ hesk_handle_messages(); ?>

    >
    >

     

    ') ); ?>

    >
    />
    />
    >
    >
    PK~3Yun^n^manage_category.phpnu[ array('id' => 3, 'value' => 'low', 'text' => $hesklang['low'], 'formatted' => $hesklang['low']), 'medium' => array('id' => 2, 'value' => 'medium', 'text' => $hesklang['medium'], 'formatted' => $hesklang['medium']), 'high' => array('id' => 1, 'value' => 'high', 'text' => $hesklang['high'], 'formatted' => $hesklang['high']), 'critical' => array('id' => 0, 'value' => 'critical', 'text' => $hesklang['critical'], 'formatted' => $hesklang['critical']), ); // Populate default values for creation $category = array( 'id' => 0, 'name' => '', 'priority' => $priorities['low']['id'], 'autoassign' => $hesk_settings['autoassign'], 'autoassign_config' => null, 'type' => 0, 'default_due_date_unit' => 'day', 'default_due_date_amount' => '' ); if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (defined('HESK_DEMO')) { hesk_process_messages($hesklang['ddemo'], 'manage_categories.php', 'NOTICE'); } // Attempt to save. If problematic, we'll get back the form data entered. $category = try_save_category(); } elseif (hesk_REQUEST('id')) { // Fetch category information $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id` = ".intval(hesk_REQUEST('id'))); if ($row = hesk_dbFetchAssoc($res)) { $category['id'] = $row['id']; $category['name'] = $row['name']; $category['priority'] = intval($row['priority']); $category['autoassign'] = intval($row['autoassign']); $category['autoassign_config'] = $row['autoassign_config']; $category['type'] = intval($row['type']); $category['default_due_date_amount'] = $row['default_due_date_amount'] ? intval($row['default_due_date_amount']) : ''; $category['default_due_date_unit'] = $row['default_due_date_unit']; } // If we're still on ID 0, then the category ID passed in doesn't exist if ($category['id'] === 0) { hesk_process_messages($hesklang['cat_not_found'], 'manage_categories.php'); } } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print main manage users page */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* This will handle error, success and notice messages */ if (hesk_SESSION('iserror')) { hesk_handle_messages(); } ?>

    checked>
    checked>
    checked>
    0"); $users_num = hesk_dbResult($users_all); $users_res = hesk_dbQuery("SELECT `id`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE (`isadmin` = '1' OR (FIND_IN_SET(".intval($category['id']).", `categories`) > 0) AND FIND_IN_SET('can_view_tickets', `heskprivileges`) > 0)"); $users_found = hesk_dbNumRows($users_res); if ($users_num > $users_found): ?>
    '.$hesklang['autoassign_users'].':'; if ($users_found > 19) { // Only show search box if we have 20+ users ?>
    checked>
     
    checked>
    :
    '.stripslashes($category['name']).''),'manage_categories.php','SUCCESS'); exit(); } // End new_cat() function get_autoassign_state($id, $autoassign_setting, $autoassign_user_operator, $autoassign_users) { /* * 1 -> On, All * 2 -> On, Some * 3 -> Off */ // "On - All Users" or "On - Some Users" with 0 users being excluded if ($autoassign_setting === 1 || ($autoassign_setting === 2 && $autoassign_user_operator === '!' && count($autoassign_users) === 0)) { $autoassign = 1; $autoassign_config = null; } elseif ($autoassign_setting === 2 && count($autoassign_users) !== 0) { // "On - Some Users" with at least one user selected. Otherwise it'll be treated as "On - All Users" above if 0 exclusions, or "Off" if 0 inclusions $autoassign = 1; $autoassign_config = build_autoassign_config($id, $autoassign_users, $autoassign_user_operator); // All excluded == off // All included == on - all users if ($autoassign_config === 'ALL_EXCLUDED') { $autoassign = 0; $autoassign_config = null; } elseif ($autoassign_config === 'ALL_INCLUDED') { $autoassign_config = null; } } else { $autoassign = 0; $autoassign_config = null; } return array( 'autoassign' => $autoassign, 'autoassign_config' => $autoassign_config ); } // End update_autoassign() function build_autoassign_config($catid, $selected_users, $operator) { global $hesk_settings; // Make sure the entered operator is valid $operator = $operator === '=' ? '=' : '!'; $formatted_users = array(); $user_verification_clause = array_map(function($x) { return intval($x); }, $selected_users); $user_verification_rs = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE (`isadmin` = '1' OR FIND_IN_SET(".intval($catid).", `categories`) > 0) AND `id` IN (".implode(',', $user_verification_clause).")"); while ($user = hesk_dbFetchAssoc($user_verification_rs)) { $formatted_users[] = $user['id']; } // Make sure we're not including/excluding the entire list of possible users, as we can simplify $users_with_category_access = hesk_dbQuery("SELECT 1 AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE (`isadmin` = '1' OR FIND_IN_SET(".intval($catid).", `categories`) > 0)"); if (hesk_dbNumRows($users_with_category_access) === count($formatted_users)) { return $operator === '=' ? 'ALL_INCLUDED' : 'ALL_EXCLUDED'; } $formatted_users = implode(',', $formatted_users); return "{$operator}({$formatted_users})"; } // End build_autoassign_config() function get_valid_date_unit($unit) { switch ($unit) { case 'week': return 'week'; break; case 'month': return 'month'; break; case 'year': return 'year'; break; default: return 'day'; } } // END get_valid_date_unit() ?> PK~3YBVadmin_ticket.phpnu[$error\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'].'

    '; hesk_process_messages($hesk_error_buffer,'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999)); } // Process attachments if ($hesk_settings['attachments']['use'] && ! empty($attachments) ) { if (!$use_legacy_attachments) { $attachments = hesk_migrateTempAttachments($attachments, $trackingID); } foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`,`type`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."', '1')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .','; } } // Add note to database $msg = nl2br(hesk_makeURL($msg)); hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`,`attachments`) VALUES ('".intval($ticket['id'])."','".intval($_SESSION['id'])."',NOW(),'".hesk_dbEscape($msg)."','".hesk_dbEscape($myattachments)."')"); // Update time worked if ($hesk_settings['time_worked'] && ($time_worked = hesk_getTime(hesk_POST('time_worked_notes'))) && $time_worked != '00:00:00') { $parts = explode(':', $ticket['time_worked']); $seconds = ($parts[0] * 3600) + ($parts[1] * 60) + $parts[2]; $parts = explode(':', $time_worked); $seconds += ($parts[0] * 3600) + ($parts[1] * 60) + $parts[2]; require(HESK_PATH . 'inc/reporting_functions.inc.php'); $ticket['time_worked'] = hesk_SecondsToHHMMSS($seconds); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `time_worked` = ADDTIME(`time_worked`,'" . hesk_dbEscape($time_worked) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'"); } /* Notify assigned staff that a note has been added if needed */ if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id']) { $res = hesk_dbQuery("SELECT `email` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($ticket['owner'])."' AND `notify_note`='1' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $owner = hesk_dbFetchAssoc($res); // 1. Generate the array with ticket info that can be used in emails $info = array( 'email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $_SESSION['name'], 'subject' => $ticket['subject'], 'message' => stripslashes($msg), 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'attachments' => $myattachments, 'due_date' => hesk_format_due_date($ticket['due_date']), 'id' => $ticket['id'], 'time_worked' => $ticket['time_worked'], 'last_reply_by' => $ticket['repliername'], ); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Add HTML message to the array $info['message_html'] = $info['message']; // 4. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); /* Get email functions */ require(HESK_PATH . 'inc/email_functions.inc.php'); /* Format email subject and message for staff */ $subject = hesk_getEmailSubject('new_note',$ticket); list($message, $html_message) = hesk_getEmailMessage('new_note',$ticket,1); /* Send email to staff */ hesk_mail($owner['email'], $subject, $message, $html_message); } } } header('Location: admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); exit(); } /* Update time worked */ if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST')) { $h = intval( hesk_POST('h') ); $m = intval( hesk_POST('m') ); $s = intval( hesk_POST('s') ); /* Get time worked in proper format */ $time_worked = hesk_getTime($h . ':' . $m . ':' . $s); /* Update database */ $revision = sprintf($hesklang['thist14'],hesk_date(),$time_worked,addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'"); /* Show ticket */ hesk_process_messages($hesklang['twu'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } /* Update due date */ if (isset($_POST['action']) && $_POST['action'] == 'due_date' && hesk_token_check('POST')) { // Check permission if ( ! $can_due_date) { hesk_process_messages($hesklang['can_due_date_e'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'ERROR'); } $new_due_date = hesk_POST('new-due-date'); $sql_overdue_email = ''; if ($new_due_date == '') { $formatted_date = false; $revision = sprintf($hesklang['thist20'], hesk_date(), addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); } else { $date = hesk_datepicker_get_date($new_due_date); if ($date === false) { hesk_process_messages($hesklang['invalid_due_date'], 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } $formatted_date = $date->format('Y-m-d'); $revision = sprintf($hesklang['thist19'], hesk_date(), $formatted_date, addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); // If this is a future date, we'll reset the $current_date = new DateTime(); if ($date > $current_date) { $sql_overdue_email = '`overdue_email_sent`=0,'; } } hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `due_date` = " . ($formatted_date === false ? 'NULL' : "'".hesk_dbEscape($formatted_date)."'") . ", {$sql_overdue_email} `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND (`due_date` IS " . ($formatted_date === false ? 'NOT NULL' : "NULL OR `due_date` != '".hesk_dbEscape($formatted_date)."'") . ")"); /* Show ticket */ hesk_process_messages($hesklang['due_date_updated'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } /* Delete attachment action */ if (isset($_GET['delatt']) && hesk_token_check()) { if ( ! $can_delete || ! $can_edit) { hesk_process_messages($hesklang['no_permission'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } $att_id = intval( hesk_GET('delatt') ) or hesk_error($hesklang['inv_att_id']); $reply = intval( hesk_GET('reply', 0) ); if ($reply < 1) { $reply = 0; } $note = intval( hesk_GET('note', 0) ); if ($note < 1) { $note = 0; } /* Get attachment info */ $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { hesk_process_messages($hesklang['id_not_valid'].' (att_id)','admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } $att = hesk_dbFetchAssoc($res); /* Is ticket ID valid for this attachment? */ if ($att['ticket_id'] != $trackingID) { hesk_process_messages($hesklang['trackID_not_found'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } /* Delete file from server */ hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$att['saved_name']); /* Delete attachment from database */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."'"); /* Update ticket or reply in the database */ $revision = sprintf($hesklang['thist12'],hesk_date(),$att['real_name'],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); if ($reply) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",','') WHERE `id`='".intval($reply)."'"); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($ticket['id'])."'"); } elseif ($note) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",','') WHERE `id`={$note}"); } else { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",',''), `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($ticket['id'])."'"); } hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* List of categories */ if ($can_change_cat) { $result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` ASC"); } else { $result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE ".hesk_myCategories('id')." ORDER BY `cat_order` ASC"); } $categories_options=''; while ($row=hesk_dbFetchAssoc($result)) { $categories_options.=''; } /* List of users */ $admins = array(); $result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC"); while ($row=hesk_dbFetchAssoc($result)) { /* Is this an administrator? */ if ($row['isadmin']) { $admins[$row['id']]=$row['name']; continue; } /* Not admin, is user allowed to view tickets? */ if (strpos($row['heskprivileges'], 'can_view_tickets') !== false) { /* Is user allowed to access this category? */ $cat=substr($row['categories'], 0); $row['categories']=explode(',',$cat); if (in_array($ticket['category'],$row['categories'])) { $admins[$row['id']]=$row['name']; continue; } } } /* Get replies */ if ($ticket['replies']) { $reply = ''; $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` " . ($hesk_settings['new_top'] ? 'DESC' : 'ASC') ); } else { $reply = false; } // Demo mode if ( defined('HESK_DEMO') ) { $ticket['email'] = 'hidden@demo.com'; $ticket['ip'] = '127.0.0.1'; } /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* This will handle error, success and notice messages */ hesk_handle_messages(); // Prepare special custom fields foreach ($hesk_settings['custom_fields'] as $k=>$v) { if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category']) ) { switch ($v['type']) { case 'date': $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']); break; } } } /* Do we need or have any canned responses? */ $can_options = hesk_printCanned(); $options = array( 0 => '', 1 => '', 2 => '', 3 => '' ); ?>
    >

      
    >
    »

    ' : ''; $att = explode(',', substr($note['attachments'], 0, -1) ); $num = count($att); foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); // Can edit and delete note (attachments)? if ($can_del_notes || $note['who'] == $_SESSION['id']) { // If this is the last attachment and no message, show "delete ticket" link if ($num == 1 && strlen($note['message']) == 0) { echo ' »'; } // Show "delete attachment" link else { echo ' »'; } } echo ' '.$att_name.'
    '; } } ?>

    '; ?>

    :
    • :
    • :
    • '; if ( $email_id = hesk_isBannedEmail($ticket['email']) ) { if ($can_unban_emails) { echo ' '.$hesklang['unban_email'].' '; } else { echo $hesklang['eisban']; } } else { echo ' '.$hesklang['savebanemail'].' '; } echo ''; } // Format IP for lookup if ($ticket['ip'] != '' && $ticket['ip'] != 'Unknown' && $ticket['ip'] != $hesklang['unknown']) { echo '
    • '; if ($can_ban_ips) { if ( $ip_id = hesk_isBannedIP($ticket['ip']) ) { if ($can_unban_ips) { echo ' '.$hesklang['unban_ip'].' '; } else { echo $hesklang['ipisban']; } } else { echo ' '.$hesklang['savebanip'].' '; } } echo '
      • '; } ?>
    $v) { if ($v['use'] && $v['place']==0 && hesk_is_custom_field_in_category($k, $ticket['category']) ) { switch ($v['type']) { case 'email': $ticket[$k] = ''.$ticket[$k].''; break; } echo '
    '.$v['name:'].' '.$ticket[$k].'
    '; } } if ($ticket['message_html'] != '') { ?>

    $v) { if ($v['use'] && $v['place'] && hesk_is_custom_field_in_category($k, $ticket['category']) ) { switch ($v['type']) { case 'email': $ticket[$k] = ''.$ticket[$k].''; break; } echo '
    '.$v['name:'].' '.$ticket[$k].'
    '; } } /* Print attachments */ hesk_listAttachments($ticket['attachments'], 0 , $i); // Show suggested KB articles if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && ! empty($ticket['articles']) ) { $suggested = array(); $suggested_list = ''; // Get article info from the database $articles = hesk_dbQuery("SELECT `id`,`subject` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id` IN (".preg_replace('/[^0-9\,]/', '', $ticket['articles']).")"); while ($article=hesk_dbFetchAssoc($articles)) { $suggested[$article['id']] = ''.$article['subject'].''; } // Loop through the IDs to preserve the order they were suggested in $articles = explode(',', $ticket['articles']); foreach ($articles as $article) { if ( isset($suggested[$article]) ) { $suggested_list .= $suggested[$article]; } } // Finally print suggested articles if ( strlen($suggested_list) ) { ?>
    '.$hesklang['sska'].' '; } ?>
    »

    ' : ''; $att = explode(',', substr($note['attachments'], 0, -1) ); $num = count($att); foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); // Can edit and delete note (attachments)? if ($can_del_notes || $note['who'] == $_SESSION['id']) { // If this is the last attachment and no message, show "delete ticket" link if ($num == 1 && strlen($note['message']) == 0) { echo ' »'; } // Show "delete attachment" link else { echo ' »'; } } echo ' '.$att_name.'
    '; } } ?>

    '; ?>
     
    '.$hesklang['open_action'].']'; } } elseif ($can_resolve) { $status_action = '['.$hesklang['close_action'].']'; } ?>
    >
     
    '; } ?>
    '.$admins[$ticket['owner']].'' : ''.$hesklang['unas'].''; ?>
     
    '.$hesklang['asss'].']'; ?>

    :
    :
    :
    :
    :
    :
    :
    ' . $ticket['time_worked'] . '
    '; } ?>
    ".$ticket['id']." AND `email` <> '' AND ".hesk_dbFormatEmail($first_email)." ORDER BY `lastchange` DESC LIMIT " . ($show_previous_tickets+1)); $past_num = hesk_dbNumRows($res); ?>

    0) echo 'style="display:block"'; ?>> $show_previous_tickets) { hesk_dbFreeResult($res); break; } ?>
    0 && $i > $show_previous_tickets) { echo '
    '.$hesklang['all_previous'].''; } elseif ($past_num == 0) { echo sprintf($hesklang['no_previous'], hesk_htmlspecialchars($first_email)); } ?>
    ', $ticket['history'], -1); ?>

    ', '', $history_piece); $date_and_contents = explode(' | ', $history_piece); if ( ! isset($date_and_contents[1])) { $date_and_contents[1] = $date_and_contents[0]; $date_and_contents[0] = ''; } ?>
    '; foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); /* Can edit and delete tickets? */ if ($can_edit && $can_delete) { echo ' »'; } echo ' '.$att_name.'
    '; } echo ''; return true; } // End hesk_listAttachments() function hesk_getAdminButtons($isReply=0,$white=1) { global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $can_resolve, $can_privacy, $can_export; $buttons = array(); // Edit if ($can_edit) { $tmp = $isReply ? '&reply='.$reply['id'] : ''; if ($isReply) { $buttons['more']['edit'] = ' '.$hesklang['btn_edit'].' '; } else { $buttons[] = ' '.$hesklang['btn_edit'].' '; } } if (!$isReply) { // Print ticket button $buttons[] = ' '.$hesklang['btn_print'].' '; } // Lock ticket button if (!$isReply && $can_resolve) { if ($ticket['locked']) { $des = $hesklang['tul'] . ' - ' . $hesklang['isloc']; $buttons['more'][] = ' '.$hesklang['btn_unlock'].' '; } else { $des = $hesklang['tlo'] . ' - ' . $hesklang['isloc']; $buttons['more'][] = ' '.$hesklang['btn_lock'].' '; } } // Tag ticket button if (!$isReply && $can_archive) { if ($ticket['archive']) { $buttons['more'][] = ' '.$hesklang['btn_untag'].' '; } else { $buttons['more'][] = ' '.$hesklang['btn_tag'].' '; } } // Resend email notification button if (!$ticket['anonymized']) { $buttons['more'][] = ' '.$hesklang['btn_resend'].' '; } // Import to knowledgebase button if (!$isReply && $hesk_settings['kb_enable'] && hesk_checkPermission('can_man_kb',0) && !$ticket['anonymized']) { $buttons['more'][] = ' '.$hesklang['btn_import_kb'].' '; } // Export ticket if (!$isReply && $can_export && !$ticket['anonymized']) { $buttons['more'][] = ' '.$hesklang['btn_export'].' '; } // Anonymize ticket if (!$isReply && $can_privacy) { $modal_id = hesk_generate_delete_modal($hesklang['confirm_anony'], $hesklang['privacy_anon_info'], 'anonymize_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999).'&token='.hesk_token_echo(0), $hesklang['confirm']); $buttons['more'][] = ' '.$hesklang['btn_anony'].' '; } // Delete ticket or reply if ($can_delete) { if ($isReply) { $url = 'admin_ticket.php'; $tmp = 'delete_post='.$reply['id']; $txt = $hesklang['btn_delr']; $modal_text = $hesklang['confirm_delete_reply']; } else { $url = 'delete_tickets.php'; $tmp = 'delete_ticket=1'; $txt = $hesklang['btn_delt']; $modal_text = $hesklang['confirm_delete_ticket']; } $modal_id = hesk_generate_delete_modal($hesklang['confirm_deletion'], $modal_text, $url.'?track='.$trackingID.'&'.$tmp.'&Refresh='.mt_rand(10000,99999).'&token='.hesk_token_echo(0)); $buttons['more'][] = ' '.$txt.' '; } // Format and return the HTML for buttons $button_code = ''; foreach ($buttons as $button) { if (is_array($button)) { $more_class = $isReply ? 'more ' : ''; $label = ' '; if ($isReply) { $label = ' '; } $button_code .= '
    '; if (isset($button['edit'])) { $button_code .= $button['edit']; unset($button['edit']); } $button_code .= $label.'
    '; } else { $button_code .= $button; } } $button_code .= ''; return $button_code; } // END hesk_getAdminButtons() function print_form() { global $hesk_settings, $hesklang; global $trackingID; /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); ?>

    0) { if ($hesk_settings['new_top']) { if ($i >= $hesk_settings['hide_replies']) { $collapsed_replies[] = $reply; } else { $displayed_replies[] = $reply; } } else { if ($i < ($ticket['replies'] - $hesk_settings['hide_replies'])) { $collapsed_replies[] = $reply; } else { $displayed_replies[] = $reply; } } // Never, always show all replies } else { $displayed_replies[] = $reply; } $i++; } $start_previous_replies = true; for ($j = 0; $j < count($collapsed_replies) && $hesk_settings['new_top'] == 0; $j++) { $reply = $collapsed_replies[$j]; if ($start_previous_replies): $start_previous_replies = false; ?>
    »

    ' . $hesklang['rnh'] . '

    '; } elseif ($reply['rating'] == 5) { echo '

    ' . $hesklang['rh'] . '

    '; } } /* Show "unread reply" message? */ if ($reply['staffid'] && !$reply['read']) { echo '

    ' . $hesklang['unread'] . '

    '; } ?>
    '; } } for ($j = 0; $j < count($displayed_replies); $j++) { $reply = $displayed_replies[$j]; ?>
    »

    '.$hesklang['rnh'].'

    '; } elseif ($reply['rating']==5) { echo '

    '.$hesklang['rh'].'

    '; } } /* Show "unread reply" message? */ if ($reply['staffid'] && ! $reply['read']) { echo '

    '.$hesklang['unread'].'

    '; } ?>
    »

    ' . $hesklang['rnh'] . '

    '; } elseif ($reply['rating'] == 5) { echo '

    ' . $hesklang['rh'] . '

    '; } } /* Show "unread reply" message? */ if ($reply['staffid'] && !$reply['read']) { echo '

    ' . $hesklang['unread'] . '

    '; } ?>
    '; } } return $i; } // End hesk_printTicketReplies() function hesk_printReplyForm() { global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self, $can_resolve; // Force assigning a ticket before allowing to reply? if ($hesk_settings['require_owner'] && ! $ticket['owner']) { hesk_show_notice($hesklang['atbr'].($can_assign_self ? '

    '.$hesklang['attm'].'' : ''), $hesklang['owneed']); return ''; } ?>
    '; ?>
    '; if (empty($ticket['owner'])) { echo ''; } else { echo ''; } echo ''; echo ''; } ?>
    >
     
    PK~3Ywώ priority.phpnu[ 3) { hesk_process_messages($hesklang['inpr'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'NOTICE'); } $options = array( 0 => $hesklang['critical'], 1 => $hesklang['high'], 2 => $hesklang['medium'], 3 => $hesklang['low'] ); $revision = sprintf($hesklang['thist8'],hesk_date(),$options[$priority],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `priority`='{$priority}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."'"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['inpr'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'NOTICE'); } hesk_process_messages(sprintf($hesklang['chpri2'],$options[$priority]),'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); ?> PK~3YN,move_category.phpnu[ Prepare message */ // 1. Generate the array with ticket info that can be used in emails $info = array( 'email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => $ticket['message'], 'message_html' => $ticket['message_html'], 'attachments' => $ticket['attachments'], 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'due_date' => hesk_format_due_date($ticket['due_date']), 'id' => $ticket['id'], 'time_worked' => $ticket['time_worked'], 'last_reply_by' => hesk_getReplierName($ticket), ); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); /* Need to notify any staff? */ /* --> From autoassign? */ if ($need_to_reassign && ! empty($autoassign_owner['email']) ) { hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you'); } /* --> No autoassign, find and notify appropriate staff */ elseif ( ! $ticket['owner'] ) { hesk_notifyStaff('category_moved', "`notify_new_unassigned`='1' AND `id`!=".intval($_SESSION['id']) ); } /* Is the user allowed to view tickets in the new category? */ if ($category_ok) { /* Ticket has an owner */ if ($ticket['owner']) { /* Staff is owner or can view tickets assigned to others */ if ($ticket['owner'] == $_SESSION['id'] || hesk_checkPermission('can_view_ass_others',0) ) { hesk_process_messages($hesklang['moved_to'],'admin_ticket.php?track='.$trackingID.'&Refresh='.rand(10000,99999),'SUCCESS'); } else { hesk_process_messages($hesklang['moved_to'],'admin_main.php','SUCCESS'); } } /* Ticket is unassigned, staff can view unassigned tickets */ elseif (hesk_checkPermission('can_view_unassigned',0)) { hesk_process_messages($hesklang['moved_to'],'admin_ticket.php?track='.$trackingID.'&Refresh='.rand(10000,99999),'SUCCESS'); } /* Ticket is unassigned, staff cannot view unassigned tickets */ else { hesk_process_messages($hesklang['moved_to'],'admin_main.php','SUCCESS'); } } else { hesk_process_messages($hesklang['moved_to'],'admin_main.php','SUCCESS'); } ?> PK~3Y_custom_fields.phpnu[= 50 && $action !== 'edit_cf') { hesk_show_info($hesklang['cf_limit']); } $hesk_settings['datepicker']['#dmin']['position'] = 'left top'; $hesk_settings['datepicker']['#dmax']['position'] = 'left bottom'; ?>

    $cf) { if ($cf['place']) { $num_after++; } else { $num_before++; } } $k = 1; $first_before_custom_field = true; $first_after_custom_field = true; $hide_up = false; foreach ($hesk_settings['custom_fields'] as $tmp_id => $cf) { $tmp_id = intval(str_replace('custom', '', $tmp_id)); if ($hide_up) { $hide_up = false; } if ($first_before_custom_field && $cf['place'] == 0) { ?> >

    1) { if (($num_before == 1 && $cf['place'] == 0) || ($num_after == 1 && $cf['place'] == 1)) { // Only 1 custom fields in this place, don't print anything ?>

    style="display: block">

    1) { foreach ($hesk_settings['languages'] as $lang => $info): ?>

    getTimestamp()); $hesk_settings['datepicker']['#dmin']['timestamp'] = $date->getTimestamp(); $dmin_rf = 1; } catch(Exception $e) { $dmin = ''; $dmin_rf = 0; } } else { $dmin = ''; $dmin_rf = 0; } ?>
    >
    >
    type="text" class="datepicker ">
    >
    >
    getTimestamp()); $hesk_settings['datepicker']['#dmax']['timestamp'] = $date->getTimestamp(); $dmax_rf = 1; } catch(Exception $e) { $dmax = ''; $dmax_rf = 0; } } else { $dmax = ''; $dmax_rf = 0; } ?>
    >
    >
    type="text" class="datepicker ">
    >
    >
    >
    >

    >
    >

    >
    >

    >
    >
    >

    >
    >

    >
    >
    $error\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'custom_fields.php'); } // Add custom field data into database hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET `use` = '{$cf['use']}', `place` = '{$cf['place']}', `type` = '{$cf['type']}', `req` = '{$cf['req']}', `category` = ".(count($cf['categories']) ? "'".json_encode($cf['categories'])."'" : 'NULL').", `name` = '".hesk_dbEscape($cf['names'])."', `value` = ".(strlen($cf['value']) ? "'".hesk_dbEscape($cf['value'])."'" : 'NULL')." WHERE `id`={$id}"); // Clear cache hesk_purge_cache('cf'); // Show success $_SESSION['cford'] = $id; hesk_process_messages($hesklang['cf_mdf'],'custom_fields.php','SUCCESS'); } // End save_cf() function edit_cf() { global $hesk_settings, $hesklang; // Get custom field ID $id = intval( hesk_GET('id') ) or hesk_error($hesklang['cf_e_id']); // Get details from the database $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` WHERE `id`={$id} LIMIT 1"); if ( hesk_dbNumRows($res) != 1 ) { hesk_error($hesklang['cf_not_found']); } $cf = hesk_dbFetchAssoc($res); $cf['names'] = json_decode($cf['name'], true); unset($cf['name']); if (isset($cf['category']) && strlen($cf['category'])) { $cf['categories'] = json_decode($cf['category'], true); $cf['category'] = 1; } else { $cf['categories'] = array(); $cf['category'] = 0; } $_SESSION['new_cf'] = $cf; $_SESSION['edit_cf'] = true; } // End edit_cf() function order_cf() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get ID and move parameters $id = intval( hesk_GET('id') ) or hesk_error($hesklang['cf_e_id']); $move = intval( hesk_GET('move') ); $_SESSION['cford'] = $id; // Update article details hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET `order`=`order`+".intval($move)." WHERE `id`={$id}"); // Update order of all custom fields update_cf_order(); // Clear cache hesk_purge_cache('cf'); // Finish header('Location: custom_fields.php'); exit(); } // End order_cf() function update_cf_order() { global $hesk_settings, $hesklang; // Get list of current custom fields $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` WHERE `use` IN ('1','2') ORDER BY `place` ASC, `order` ASC"); // Update database $i = 10; while ( $cf = hesk_dbFetchAssoc($res) ) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET `order`=".intval($i)." WHERE `id`='".intval($cf['id'])."'"); $i += 10; } hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET `order`=1000 WHERE `use`='0'"); return true; } // END update_cf_order() function remove_cf() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get ID $id = intval( hesk_GET('id') ) or hesk_error($hesklang['cf_e_id']); // Reset the custom field hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET `use`='0', `place`='0', `type`='text', `req`='0', `category`=NULL, `name`='', `value`=NULL, `order`=1000 WHERE `id`={$id}"); // Were we successful? if ( hesk_dbAffectedRows() == 1 ) { // Update order update_cf_order(); // Clear cache hesk_purge_cache('cf'); // Delete custom field data from tickets hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `custom{$id}`='', `lastchange`=`lastchange` WHERE `custom{$id}`!=''"); // Show success message hesk_process_messages($hesklang['cf_deleted'],'./custom_fields.php','SUCCESS'); } else { hesk_process_messages($hesklang['cf_not_found'],'./custom_fields.php'); } } // End remove_cf() function cf_validate() { global $hesk_settings, $hesklang; global $hesk_error_buffer; $hesk_error_buffer = array(); $errors = array(); // Get names $cf['names'] = hesk_POST_array('name'); // Make sure only valid names pass foreach ($cf['names'] as $key => $name) { if ( ! isset($hesk_settings['languages'][$key])) { unset($cf['names'][$key]); } else { $name = is_array($name) ? '' : hesk_input($name, 0, 0, HESK_SLASH); if (strlen($name) < 1) { unset($cf['names'][$key]); } else { $cf['names'][$key] = stripslashes($name); } } } // No name entered? if ( ! count($cf['names'])) { $hesk_error_buffer[] = $hesklang['err_custname']; $errors[] = 'name'; } // Get type and values $cf['type'] = hesk_POST('type'); switch ($cf['type']) { case 'textarea': $cf['rows'] = hesk_checkMinMax(intval(hesk_POST('rows')), 1, 100, 12); $cf['cols'] = hesk_checkMinMax(intval(hesk_POST('cols')), 1, 500, 60); $cf['value'] = array('rows' => $cf['rows'], 'cols' => $cf['cols']); break; case 'radio': $cf['radio_options'] = stripslashes(hesk_input(hesk_POST('radio_options'), 0, 0, HESK_SLASH)); $options = preg_split("/\\r\\n|\\r|\\n/", $cf['radio_options']); $no_default = hesk_POST('no_default') ? 1 : 0; $cf['value'] = array('radio_options' => $options, 'no_default' => $no_default); if (count($options) < 2) { $hesk_error_buffer[] = $hesklang['atl2']; $errors[] = 'radio_options'; } break; case 'select': $cf['select_options'] = stripslashes(hesk_input(hesk_POST('select_options'), 0, 0, HESK_SLASH)); $options = preg_split("/\\r\\n|\\r|\\n/", $cf['select_options']); $show_select = hesk_POST('show_select') ? 1 : 0; $cf['value'] = array('show_select' => $show_select, 'select_options' => $options); if (count($options) < 2) { $hesk_error_buffer[] = $hesklang['atl2']; $errors[] = 'select_options'; } break; case 'checkbox': $cf['checkbox_options'] = stripslashes(hesk_input(hesk_POST('checkbox_options'), 0, 0, HESK_SLASH)); $options = preg_split("/\\r\\n|\\r|\\n/", $cf['checkbox_options']); $cf['value'] = array('checkbox_options' => $options); if ( ! isset($options[0]) || strlen($options[0]) < 1) { $hesk_error_buffer[] = $hesklang['atl1']; $errors[] = 'checkbox_options'; } break; case 'date': $cf['dmin'] = ''; $cf['dmax'] = ''; // Minimum date $dmin_rf = hesk_POST('dmin_rf'); if ($dmin_rf == 1) { $dmin = hesk_POST('dmin'); if ($date = hesk_datepicker_get_date($dmin)) { $dmin = $date->format('m/d/Y'); $cf['dmin'] = $dmin; } } elseif ($dmin_rf == 2) { $dmin_pm = hesk_POST('dmin_pm') == '+' ? '+' : '-'; $dmin_num = intval(hesk_POST('dmin_num', 0)); $dmin_type = hesk_POST('dmin_type'); if ( ! in_array($dmin_type, array('day', 'week', 'month', 'year'))) { $dmin_type = 'day'; } $cf['dmin'] = $dmin_pm . $dmin_num . ' ' . $dmin_type; } // Maximum date $dmax_rf = hesk_POST('dmax_rf'); if ($dmax_rf == 1) { $dmax = hesk_POST('dmax'); if ($date = hesk_datepicker_get_date($dmax)) { $dmax = $date->format('m/d/Y'); $cf['dmax'] = $dmax; } } elseif ($dmax_rf == 2) { $dmax_pm = hesk_POST('dmax_pm') == '+' ? '+' : '-'; $dmax_num = intval(hesk_POST('dmax_num', 0)); $dmax_type = hesk_POST('dmax_type'); if ( ! in_array($dmax_type, array('day', 'week', 'month', 'year'))) { $dmax_type = 'day'; } $cf['dmax'] = $dmax_pm . $dmax_num . ' ' . $dmax_type; } // Minimum date should not be higher than maximum date if (strlen($cf['dmin']) && strlen($cf['dmax'])) { if (strtotime($cf['dmin']) > strtotime($cf['dmax'])) { $hesk_error_buffer[] = $hesklang['d_mm']; $errors[] = 'date_range'; } } // Date format $date_format = hesk_POST('date_format'); if ($date_format == 'custom') { $date_format = hesk_POST('date_format_custom'); } $cf['date_format'] = preg_replace('/[^a-zA-Z0-9 \/\.\_+\-,;:#(){}\[\]\'@*]/', '', $date_format); $cf['value'] = array('dmin' => $cf['dmin'], 'dmax' => $cf['dmax'], 'date_format' => $cf['date_format']); break; case 'email': $cf['email_multi'] = hesk_POST('email_multi') ? 1 : 0; $cf['value'] = array('multiple' => $cf['email_multi']); break; case 'hidden': $cf['hidden_max_length'] = hesk_checkMinMax(intval(hesk_POST('hidden_max_length')), 1, 10000, 255); $cf['hidden_default_value'] = stripslashes(hesk_input(hesk_POST('hidden_default_value'), 0, 0, HESK_SLASH)); $cf['value'] = array('max_length' => $cf['hidden_max_length'], 'default_value' => $cf['hidden_default_value']); break; default: $cf['type'] = 'text'; $cf['max_length'] = hesk_checkMinMax(intval(hesk_POST('max_length')), 1, 10000, 255); $cf['default_value'] = stripslashes(hesk_input(hesk_POST('default_value'), 0, 0, HESK_SLASH)); $cf['value'] = array('max_length' => $cf['max_length'], 'default_value' => $cf['default_value']); } // Enable $cf['use'] = hesk_POST('use') == 2 ? 2 : 1; // req $cf['req'] = hesk_POST('req'); $cf['req'] = $cf['req'] == 2 ? 2 : ($cf['req'] == 1 ? 1 : 0); // Private fields cannot be req for customers if ($cf['use'] == 2 && $cf['req'] == 1) { $cf['req'] = 0; } // Located above or below "Message"? $cf['place'] = hesk_POST('place') ? 1 : 0; // Get allowed categories if (hesk_POST('category')) { $cf['category'] = 1; $cf['categories'] = hesk_POST_array('categories'); foreach ($cf['categories'] as $key => $cat_id) { if ( ! isset($hesk_settings['categories'][$cat_id]) ) { unset($cf['categories'][$key]); } } if ( ! count($cf['categories'])) { $hesk_error_buffer[] = $hesklang['cf_nocat']; $errors[] = 'categories'; } } else { $cf['category'] = 0; $cf['categories'] = array(); } // Any errors? if (count($hesk_error_buffer)) { $_SESSION['new_cf'] = $cf; $_SESSION['new_cf']['errors'] = $errors; return false; } $cf['names'] = addslashes(json_encode($cf['names'])); $cf['value'] = $cf['type'] == 'date' ? json_encode($cf['value']) : addslashes(json_encode($cf['value'])); return $cf; } // END cf_validate() function new_cf() { global $hesk_settings, $hesklang; global $hesk_error_buffer; // A security check # hesk_token_check('POST'); // Validate inputs if (($cf = cf_validate()) == false) { $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'custom_fields.php'); } // Get the lowest available custom field ID $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` WHERE `use`='0' ORDER BY `id` ASC LIMIT 1"); $row = hesk_dbFetchRow($res); $_SESSION['cford'] = intval($row[0]); // Insert custom field into database hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET `use` = '{$cf['use']}', `place` = '{$cf['place']}', `type` = '{$cf['type']}', `req` = '{$cf['req']}', `category` = ".(count($cf['categories']) ? "'".json_encode($cf['categories'])."'" : 'NULL').", `name` = '".hesk_dbEscape($cf['names'])."', `value` = ".(strlen($cf['value']) ? "'".hesk_dbEscape($cf['value'])."'" : 'NULL').", `order` = 990 WHERE `id`={$_SESSION['cford']}"); // Update order update_cf_order(); // Clear cache hesk_purge_cache('cf'); // Show success hesk_process_messages($hesklang['cf_added'],'custom_fields.php','SUCCESS'); } // End new_cf() PK~3Y_a[V[V profile.phpnu[$v) { if ($k == 'pass') { if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') { define('WARN_PASSWORD',true); } continue; } elseif ($k == 'categories') { continue; } $_SESSION['new'][$k]=$v; } } if ( ! isset($_SESSION['new']['username'])) { $_SESSION['new']['username'] = ''; } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* This will handle error, success and notice messages */ if (!hesk_SESSION(array('new', 'errors')) && !hesk_SESSION(array('newpass', 'errors'))) { hesk_handle_messages(); } if (defined('WARN_PASSWORD')) { hesk_show_notice($hesklang['chdp2'],''.$hesklang['security'].''); } ?>

    >

    '.$_SESSION['new']['user']; ?>

    '; $str .= ''; $str .= '
    '; if ( ! isset($_GET) ) { $_GET = array(); } foreach ($_GET as $k => $v) { if ($k == 'language' || $k == 'save_language') { continue; } $str .= ''; } $str .= '
    '; ?>
    >


    ' . $hesklang['cur_pass3'], ' ', false); } $session_array='newpass'; $errors = hesk_SESSION(array($session_array, 'errors')); $errors = is_array($errors) ? $errors : array(); ?>

     

    ' . $hesklang['enter_pass'] . ''; $errors[] = 'current'; } elseif (strlen($_SESSION['newpass']['pass_cur']) > 64) { $hesk_error_buffer .= '
  • ' . $hesklang['pass_len'] . '
    • '; $errors[] = 'current'; } else { hesk_limitInternalBfAttempts(); // Get current password hash from DB $result = hesk_dbQuery("SELECT `pass` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id` = ".intval($_SESSION['id'])." LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_forceLogout($hesklang['wrong_user']); } $user_row = hesk_dbFetchAssoc($result); // Validate current password if (hesk_password_verify($_SESSION['newpass']['pass_cur'], $user_row['pass'])) { hesk_cleanBfAttempts(); } else { $hesk_error_buffer .= '
  • ' . $hesklang['wrong_pass'] . '
    • '; $errors[] = 'current'; } } // New password $_SESSION['newpass']['pass_new'] = hesk_input( hesk_POST('pass_new') ); if (!$_SESSION['newpass']['pass_new']) { $hesk_error_buffer .= '
  • ' . $hesklang['e_new_pass'] . '
    • '; $errors[] = 'new'; } elseif (strlen($_SESSION['newpass']['pass_new']) < 5) { $hesk_error_buffer .= '
  • ' . $hesklang['password_not_valid'] . '
    • '; $errors[] = 'new'; } elseif (strlen($_SESSION['newpass']['pass_new']) > 64) { $hesk_error_buffer .= '
  • ' . $hesklang['pass_len'] . '
    • '; $errors[] = 'new'; } // Confirm password $_SESSION['newpass']['pass_new2'] = hesk_input( hesk_POST('pass_new2') ); if ($_SESSION['newpass']['pass_new2'] != $_SESSION['newpass']['pass_new']) { $hesk_error_buffer .= '
  • ' . $hesklang['passwords_not_same'] . '
    • '; $errors[] = 'new2'; } if (strlen($hesk_error_buffer)) { $hesk_error_buffer = '
    '; $_SESSION['newpass']['errors'] = $errors; hesk_process_messages($hesk_error_buffer,'NOREDIRECT'); } else { $newpass_hash = hesk_password_hash($_SESSION['newpass']['pass_new']); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `pass` = '".hesk_dbEscape($newpass_hash)."' WHERE `id` = ".intval($_SESSION['id'])); // Force login after password change hesk_forceLogout($hesklang['pass_login'], null, null, 'NOTICE'); } } // End update_password() function update_profile() { global $hesk_settings, $hesklang, $can_view_unassigned; /* A security check */ hesk_token_check('POST'); $sql_username = ''; $hesk_error_buffer = ''; $errors = array(); $_SESSION['new']['name'] = hesk_input( hesk_POST('name') ); if (!$_SESSION['new']['name']) { $hesk_error_buffer .= '
  • ' . $hesklang['enter_your_name'] . '
    • '; $errors[] = 'name'; } $_SESSION['new']['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0); if (!$_SESSION['new']['email']) { $hesk_error_buffer .= '
  • ' . $hesklang['enter_valid_email'] . '
    • '; $errors[] = 'email'; } $_SESSION['new']['signature'] = hesk_input( hesk_POST('signature') ); /* Signature */ if (hesk_mb_strlen($_SESSION['new']['signature'])>1000) { $hesk_error_buffer .= '
  • ' . $hesklang['signature_long'] . '
    • '; $errors[] = 'signature'; } /* Admins can change username */ if ($_SESSION['isadmin']) { $_SESSION['new']['user'] = hesk_input( hesk_POST('user') ) or $hesk_error_buffer .= '
  • ' . $hesklang['enter_username'] . '
    • '; /* Check for duplicate usernames */ $result = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `user`='".hesk_dbEscape($_SESSION['new']['user'])."' AND `id`!='".intval($_SESSION['id'])."' LIMIT 1"); if (hesk_dbNumRows($result) != 0) { $hesk_error_buffer .= '
  • ' . $hesklang['duplicate_user'] . '
    • '; $errors[] = 'user'; } else { $sql_username = "`user`='" . hesk_dbEscape($_SESSION['new']['user']) . "', "; } } /* After reply */ $_SESSION['new']['afterreply'] = intval( hesk_POST('afterreply') ); if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) { $_SESSION['new']['afterreply'] = 0; } // Defaults $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0; $_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0; $_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0; $_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0; $_SESSION['new']['autoreload'] = isset($_POST['autoreload']) ? 1 : 0; if ($_SESSION['new']['autoreload']) { $_SESSION['new']['autoreload'] = intval(hesk_POST('reload_time')); if (hesk_POST('secmin') == 'min') { $_SESSION['new']['autoreload'] *= 60; } if ($_SESSION['new']['autoreload'] < 0 || $_SESSION['new']['autoreload'] > 65535) { $_SESSION['new']['autoreload'] = 30; } } else { hesk_setcookie('autorefresh', ''); } /* Notifications */ $_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || ! $can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_overdue_unassigned'] = empty($_POST['notify_overdue_unassigned']) || !$can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1; $_SESSION['new']['notify_overdue_my'] = empty($_POST['notify_overdue_my']) ? 0 : 1; $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || ! $can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1; $_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1; $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1; $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1; /* Any errors? */ if (strlen($hesk_error_buffer)) { /* Process the session variables */ $_SESSION['new'] = hesk_stripArray($_SESSION['new']); $hesk_error_buffer = $hesklang['rfm'].'

    '; $_SESSION['new']['errors'] = $errors; hesk_process_messages($hesk_error_buffer,'NOREDIRECT'); } else { /* Update database */ hesk_dbQuery( "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `name`='".hesk_dbEscape($_SESSION['new']['name'])."', `email`='".hesk_dbEscape($_SESSION['new']['email'])."', `signature`='".hesk_dbEscape($_SESSION['new']['signature'])."', $sql_username `afterreply`='".($_SESSION['new']['afterreply'])."' , ".($hesk_settings['time_worked'] ? "`autostart`='".($_SESSION['new']['autostart'])."'," : '')." `autoreload`='".($_SESSION['new']['autoreload'])."' , `notify_customer_new`='".($_SESSION['new']['notify_customer_new'])."' , `notify_customer_reply`='".($_SESSION['new']['notify_customer_reply'])."' , `show_suggested`='".($_SESSION['new']['show_suggested'])."' , `notify_new_unassigned`='".($_SESSION['new']['notify_new_unassigned'])."' , `notify_overdue_unassigned`='".($_SESSION['new']['notify_overdue_unassigned'])."' , `notify_new_my`='".($_SESSION['new']['notify_new_my'])."' , `notify_overdue_my`='".($_SESSION['new']['notify_overdue_my'])."' , `notify_reply_unassigned`='".($_SESSION['new']['notify_reply_unassigned'])."' , `notify_reply_my`='".($_SESSION['new']['notify_reply_my'])."' , `notify_assigned`='".($_SESSION['new']['notify_assigned'])."' , `notify_pm`='".($_SESSION['new']['notify_pm'])."', `notify_note`='".($_SESSION['new']['notify_note'])."' WHERE `id`='".intval($_SESSION['id'])."'" ); /* Process the session variables */ $_SESSION['new'] = hesk_stripArray($_SESSION['new']); // Do we need a new session_veify tag? if ( strlen($sql_username) ) { $res = hesk_dbQuery('SELECT `pass` FROM `'.hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1"); $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], hesk_dbResult($res) ); } /* Update session variables */ foreach ($_SESSION['new'] as $k => $v) { $_SESSION[$k] = $v; } unset($_SESSION['new']); hesk_cleanSessionVars('as_notify'); hesk_process_messages($hesklang['profile_updated_success'],'profile.php','SUCCESS'); } } // End update_profile() ?> PK~3Yq]1 \ \admin_settings_email.phpnu[install folder from your server for security reasons then refresh this page!');} // Get all the required files and functions require(HESK_PATH . 'hesk_settings.inc.php'); // Save the default language for the settings page before choosing user's preferred one $hesk_settings['language_default'] = $hesk_settings['language']; require(HESK_PATH . 'inc/common.inc.php'); $hesk_settings['language'] = $hesk_settings['language_default']; require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/setup_functions.inc.php'); hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); // Check permissions for this feature hesk_checkPermission('can_man_settings'); // Load custom fields require_once(HESK_PATH . 'inc/custom_fields.inc.php'); $help_folder = '../language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/help_files/'; $enable_save_settings = 0; $enable_use_attachments = 0; // Print header require_once(HESK_PATH . 'inc/header.inc.php'); // Print main manage users page require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); // Demo mode? Hide values of sensitive settings $hesk_settings['db_pfix_real'] = $hesk_settings['db_pfix']; if ( defined('HESK_DEMO') ) { require_once(HESK_PATH . 'inc/admin_settings_demo.inc.php'); } /* This will handle error, success and notice messages */ hesk_handle_messages(); // Check file attachment limits if ($hesk_settings['attachments']['use'] && ! defined('HESK_DEMO') ) { // If SMTP server is used, "From email" should match SMTP username if ($hesk_settings['smtp'] && strtolower($hesk_settings['smtp_user']) != strtolower($hesk_settings['noreply_mail']) && hesk_validateEmail($hesk_settings['smtp_user'], 'ERR', 0)) { hesk_show_notice(sprintf($hesklang['from_warning2'], $hesklang['email_noreply'], $hesk_settings['smtp_user'])); } // If POP3 fetching is active, no user should have the same email address if ($hesk_settings['pop3'] && hesk_validateEmail($hesk_settings['pop3_user'], 'ERR', 0)) { $res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` LIKE '".hesk_dbEscape($hesk_settings['pop3_user'])."'"); if (hesk_dbNumRows($res) > 0) { hesk_show_notice(sprintf($hesklang['pop3_warning'], hesk_dbResult($res,0,0), $hesk_settings['pop3_user']) . "

    " . $hesklang['fetch_warning'], $hesklang['warn']); } } // If IMAP fetching is active, no user should have the same email address if ($hesk_settings['imap'] && hesk_validateEmail($hesk_settings['imap_user'], 'ERR', 0)) { $res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` LIKE '".hesk_dbEscape($hesk_settings['imap_user'])."'"); if (hesk_dbNumRows($res) > 0) { hesk_show_notice(sprintf($hesklang['imap_warning'], hesk_dbResult($res,0,0), $hesk_settings['imap_user']) . "

    " . $hesklang['fetch_warning'], $hesklang['warn']); } } } $oauth_providers_rs = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix_real'])."oauth_providers` WHERE `verified` = 1"); $has_oauth_providers = hesk_dbNumRows($oauth_providers_rs) > 0; $oauth_providers = array(); while ($row = hesk_dbFetchAssoc($oauth_providers_rs)) { $oauth_providers[$row['id']] = $row; } ?>

    >
    >
    >
    >
    ' . $hesklang['et_title'] . ''); ?>
    ))" onchange="hesk_toggleLayer('smtp_settings', 'none');" >
    ))" onchange="hesk_toggleLayer('smtp_settings', 'block');" >
    >
    >
    >
    >
    >
    >
    >
    >
    >
    autocomplete="off">
    autocomplete="off">

    -
    >
    >
    >
    >
    >
    >
    >
    >
    >
    autocomplete="off">
    autocomplete="off">
    >
    >
    >
    >
    >
    autocomplete="off">
    autocomplete="off">
     
    >
    >
    >

    >
    >
    >

    >
    />
    >

    >
    >
    />
    General settings */ $set['site_title'] = hesk_input( hesk_POST('s_site_title'), $hesklang['err_sname']); $set['site_title'] = str_replace('\\"','"',$set['site_title']); $set['site_url'] = hesk_validateURL( hesk_POST('s_site_url'), $hesklang['err_surl']); $set['hesk_title'] = hesk_input( hesk_POST('s_hesk_title'), $hesklang['err_htitle']); $set['hesk_title'] = str_replace('\\"','"',$set['hesk_title']); $set['hesk_url'] = rtrim( hesk_validateURL( hesk_POST('s_hesk_url'), $hesklang['err_hurl']), '/'); $set['webmaster_mail'] = hesk_validateEmail( hesk_POST('s_webmaster_mail'), $hesklang['err_wmmail']); $valid_themes = hesk_getValidThemes(); $theme = hesk_input(hesk_POST('s_site_theme')); if (isset($theme) && in_array($theme, $valid_themes)) { $set['site_theme'] = $theme; } else { hesk_error($hesklang['err_site_theme']); } $set['admin_css'] = empty($_POST['s_admin_css']) ? 0 : 1; $set['admin_css_url'] = hesk_validateURL( hesk_POST('s_admin_css_url', 'https://www.example.com/hesk-style.css')); if ($set['admin_css_url'] == '' || $set['admin_css_url'] == 'https://www.example.com/hesk-style.css') { $set['admin_css'] = 0; $set['admin_css_url'] = 'https://www.example.com/hesk-style.css'; } /* --> Language settings */ $set['can_sel_lang'] = empty($_POST['s_can_sel_lang']) ? 0 : 1; $set['languages'] = hesk_getLanguagesArray(); $lang = explode('|', hesk_input( hesk_POST('s_language') ) ); if (isset($lang[1]) && in_array($lang[1],hesk_getLanguagesArray(1) )) { $set['language'] = $lang[1]; } else { hesk_error($hesklang['err_lang']); } /* --> Database settings */ hesk_dbClose(); if ( hesk_testMySQL() ) { // Database connection OK } elseif ($mysql_log) { hesk_error($mysql_error . '

    ' . $hesklang['mysql_said'] . ': ' . $mysql_log); } else { hesk_error($mysql_error); } } elseif ($section === 'HELP_DESK') { // ---> check admin folder $set['admin_dir'] = isset($_POST['s_admin_dir']) && ! is_array($_POST['s_admin_dir']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_POST['s_admin_dir']) : 'admin'; /* if ( ! is_dir(HESK_PATH . $set['admin_dir']) ) { hesk_error( sprintf($hesklang['err_adf'], $set['admin_dir']) ); } */ // ---> check attachments folder $set['attach_dir'] = isset($_POST['s_attach_dir']) && ! is_array($_POST['s_attach_dir']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_POST['s_attach_dir']) : 'attachments'; /* if ( ! is_dir(HESK_PATH . $set['attach_dir']) ) { hesk_error( sprintf($hesklang['err_atf'], $set['attach_dir']) ); } if ( ! is_writable(HESK_PATH . $set['attach_dir']) ) { hesk_error( sprintf($hesklang['err_atr'], $set['attach_dir']) ); } */ // ---> check cache folder $set['cache_dir'] = isset($_POST['s_cache_dir']) && ! is_array($_POST['s_cache_dir']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_POST['s_cache_dir']) : 'cache'; $set['max_listings'] = hesk_checkMinMax( intval( hesk_POST('s_max_listings') ) , 1, 999, 10); $set['print_font_size'] = hesk_checkMinMax( intval( hesk_POST('s_print_font_size') ) , 1, 99, 12); $set['autoclose'] = hesk_checkMinMax( intval( hesk_POST('s_autoclose') ) , 0, 999, 7); $set['max_open'] = hesk_checkMinMax( intval( hesk_POST('s_max_open') ) , 0, 999, 0); $set['due_soon'] = hesk_checkMinMax( intval( hesk_POST('s_due_soon') ) , 1, 999, 7); $set['new_top'] = empty($_POST['s_new_top']) ? 0 : 1; $set['reply_top'] = empty($_POST['s_reply_top']) ? 0 : 1; $set['hide_replies'] = hesk_checkMinMax( intval( hesk_POST('s_hide_replies') ) , -1, 1, -1); if ($set['hide_replies'] == 1) { $set['hide_replies'] = hesk_checkMinMax( intval( hesk_POST('s_hide_replies_num') ) , 1, 99, 10); } $set['limit_width'] = empty($_POST['s_limit_width']) ? 0 : 1; if ($set['limit_width']) { $set['limit_width'] = hesk_checkMinMax( intval( hesk_POST('s_limit_width_num') ) , 50, 9999, 800); } /* --> Features */ $set['autologin'] = empty($_POST['s_autologin']) ? 0 : 1; $set['autoassign'] = empty($_POST['s_autoassign']) ? 0 : 1; $set['require_email'] = empty($_POST['s_require_email']) ? 0 : 1; $set['require_owner'] = empty($_POST['s_require_owner']) ? 0 : 1; $set['require_subject'] = hesk_checkMinMax( intval( hesk_POST('s_require_subject') ) , -1, 1, 1); $set['require_message'] = hesk_checkMinMax( intval( hesk_POST('s_require_message') ) , -1, 1, 1); $set['custclose'] = empty($_POST['s_custclose']) ? 0 : 1; $set['custopen'] = empty($_POST['s_custopen']) ? 0 : 1; $set['rating'] = empty($_POST['s_rating']) ? 0 : 1; $set['cust_urgency'] = empty($_POST['s_cust_urgency']) ? 0 : 1; $set['sequential'] = empty($_POST['s_sequential']) ? 0 : 1; $set['time_worked'] = empty($_POST['s_time_worked']) ? 0 : 1; $set['spam_notice'] = empty($_POST['s_spam_notice']) ? 0 : 1; $set['list_users'] = empty($_POST['s_list_users']) ? 0 : 1; $set['debug_mode'] = empty($_POST['s_debug_mode']) ? 0 : 1; $set['short_link'] = empty($_POST['s_short_link']) ? 0 : 1; $set['select_cat'] = empty($_POST['s_select_cat']) ? 0 : 1; $set['select_pri'] = empty($_POST['s_select_pri']) ? 0 : 1; $set['cat_show_select'] = hesk_checkMinMax( intval( hesk_POST('s_cat_show_select') ) , 0, 999, 10); $set['staff_ticket_formatting'] = hesk_checkMinMax( intval( hesk_POST('s_ticket_formatting_staff') ) , 0, 2, 0); // Temporary until Markdown support if ($set['staff_ticket_formatting'] == 1) { $set['staff_ticket_formatting'] = 0; } /* --> SPAM prevention */ $set['secimg_use'] = empty($_POST['s_secimg_use']) ? 0 : ( hesk_POST('s_secimg_use') == 2 ? 2 : 1); $set['secimg_sum'] = ''; for ($i=1;$i<=10;$i++) { $set['secimg_sum'] .= substr('AEUYBDGHJLMNPQRSTVWXZ123456789', rand(0,29), 1); } $set['recaptcha_use'] = hesk_checkMinMax( intval( hesk_POST('s_recaptcha_use') ) , 0, 2, 0); $set['recaptcha_public_key'] = hesk_input( hesk_POST('s_recaptcha_public_key') ); $set['recaptcha_private_key'] = hesk_input( hesk_POST('s_recaptcha_private_key') ); $set['question_use'] = empty($_POST['s_question_use']) ? 0 : 1; $set['question_ask'] = hesk_getHTML( hesk_POST('s_question_ask') ) or hesk_error($hesklang['err_qask']); $set['question_ans'] = hesk_input( hesk_POST('s_question_ans'), $hesklang['err_qans']); /* --> Security */ $set['attempt_limit'] = hesk_checkMinMax( intval( hesk_POST('s_attempt_limit') ) , 0, 999, 5); if ($set['attempt_limit'] > 0) { $set['attempt_limit']++; } $set['attempt_banmin'] = hesk_checkMinMax( intval( hesk_POST('s_attempt_banmin') ) , 5, 99999, 60); $set['flood'] = hesk_checkMinMax( intval( hesk_POST('s_flood') ) , 0, 999, 3); $set['reset_pass'] = empty($_POST['s_reset_pass']) ? 0 : 1; $set['email_view_ticket'] = ($set['require_email'] == 0) ? 0 : (empty($_POST['s_email_view_ticket']) ? 0 : 1); $set['x_frame_opt'] = empty($_POST['s_x_frame_opt']) ? 0 : 1; $set['require_mfa'] = empty($_POST['s_require_mfa']) ? 0 : 1; $set['samesite'] = hesk_POST('s_samesite', 'Lax'); if ( ! in_array($set['samesite'], array('Strict', 'Lax', 'None'))) { $set['samesite'] = 'Lax'; } $set['force_ssl'] = HESK_SSL && isset($_POST['s_force_ssl']) && $_POST['s_force_ssl'] == 1 ? 1 : 0; // Make sure help desk URL starts with https if forcing SSL if ($set['force_ssl']) { $set['hesk_url'] = preg_replace('/^http:/i', 'https:', hesk_getProperty($set, 'hesk_url') ); } $set['url_key'] = hesk_input( hesk_POST('s_url_key') ); $set['url_key'] = preg_replace('/[^a-zA-Z0-9_.-]/', '', $set['url_key']); $elevator_duration = hesk_checkMinMax( intval(hesk_input(hesk_POST('s_elevator_amount'))), 1, 999999, 60); $elevator_amount = hesk_input(hesk_POST('s_elevator_unit')); if ( ! in_array($elevator_amount, array('M', 'H', 'D'))) { $elevator_duration = 60; $elevator_amount = 'M'; } $set['elevator_duration'] = $elevator_duration.$elevator_amount; /* --> Attachments */ $set['attachments']['use'] = empty($_POST['s_attach_use']) ? 0 : 1; if ($set['attachments']['use']) { $set['attachments']['max_number'] = intval( hesk_POST('s_max_number', 2) ); $size = floatval( hesk_POST('s_max_size', '1.0') ); $unit = hesk_htmlspecialchars( hesk_POST('s_max_unit', 'MB') ); $set['attachments']['max_size'] = hesk_formatUnits($size . ' ' . $unit); $set['attachments']['allowed_types'] = isset($_POST['s_allowed_types']) && ! is_array($_POST['s_allowed_types']) && strlen($_POST['s_allowed_types']) ? explode(',', strtolower( preg_replace('/[^a-zA-Z0-9,]/', '', $_POST['s_allowed_types']) ) ) : array(); $set['attachments']['allowed_types'] = array_diff($set['attachments']['allowed_types'], array('php', 'php4', 'php3', 'php5', 'php7', 'php8', 'phps', 'phar', 'phtml', 'shtml', 'shtm', 'cgi', 'pl') ); if (count($set['attachments']['allowed_types'])) { $keep_these = array(); foreach ($set['attachments']['allowed_types'] as $ext) { if (strlen($ext) > 0) { $keep_these[] = '.' . $ext; } } $set['attachments']['allowed_types'] = $keep_these; } else { $set['attachments']['allowed_types'] = array('.gif','.jpg','.png','.zip','.rar','.csv','.doc','.docx','.xls','.xlsx','.txt','.pdf'); } } else { $set['attachments']['max_number']=2; $set['attachments']['max_size']=1048576; $set['attachments']['allowed_types']=array('.gif','.jpg','.png','.zip','.rar','.csv','.doc','.docx','.xls','.xlsx','.txt','.pdf'); } } elseif ($section === 'KNOWLEDGEBASE') { /* --> Knowledgebase settings */ $set['kb_enable'] = hesk_checkMinMax( intval( hesk_POST('s_kb_enable') ) , 0, 2, 1); $set['kb_wysiwyg'] = empty($_POST['s_kb_wysiwyg']) ? 0 : 1; $set['kb_search'] = empty($_POST['s_kb_search']) ? 0 : ( hesk_POST('s_kb_search') == 2 ? 2 : 1); $set['kb_recommendanswers'] = empty($_POST['s_kb_recommendanswers']) ? 0 : 1; $set['kb_views'] = empty($_POST['s_kb_views']) ? 0 : 1; $set['kb_date'] = empty($_POST['s_kb_date']) ? 0 : 1; $set['kb_rating'] = empty($_POST['s_kb_rating']) ? 0 : 1; $set['kb_search_limit'] = hesk_checkMinMax( intval( hesk_POST('s_kb_search_limit') ) , 1, 99, 10); $set['kb_substrart'] = hesk_checkMinMax( intval( hesk_POST('s_kb_substrart') ) , 20, 9999, 200); $set['kb_cols'] = hesk_checkMinMax( intval( hesk_POST('s_kb_cols') ) , 1, 5, 2); $set['kb_numshow'] = intval( hesk_POST('s_kb_numshow') ); // Popular articles on subcat listing $set['kb_popart'] = intval( hesk_POST('s_kb_popart') ); // Popular articles on main category page $set['kb_latest'] = intval( hesk_POST('s_kb_latest') ); // Popular articles on main category page $set['kb_index_popart'] = intval( hesk_POST('s_kb_index_popart') ); $set['kb_index_latest'] = intval( hesk_POST('s_kb_index_latest') ); $set['kb_related'] = intval( hesk_POST('s_kb_related') ); } elseif ($section === 'EMAIL') { /* --> Email sending */ $set['noreply_mail'] = hesk_validateEmail( hesk_POST('s_noreply_mail'), $hesklang['err_nomail']); $set['noreply_name'] = hesk_input( hesk_POST('s_noreply_name') ); $set['noreply_name'] = str_replace(array('\\"','<','>'),'',$set['noreply_name']); $set['noreply_name'] = trim( preg_replace('/\s{2,}/', ' ', $set['noreply_name']) ); $set['noreply_name'] = preg_replace("/\n|\r|\t|%0A|%0D|%08|%09/", '', $set['noreply_name']); $set['email_formatting'] = hesk_checkMinMax( intval( hesk_POST('s_email_formatting') ) , 0, 3, 3); $set['smtp'] = empty($_POST['s_smtp']) ? 0 : 1; if ($set['smtp']) { // Test SMTP connection $smtp_OK = hesk_testSMTP(true); // If SMTP not working, disable it if ( ! $smtp_OK) { $set['smtp'] = 0; } } else { $set['smtp_host_name'] = hesk_input( hesk_POST('tmp_smtp_host_name', 'mail.example.com') ); if (stripos($set['smtp_host_name'], 'ssl://') === 0) { $set['smtp_host_name'] = substr($set['smtp_host_name'], 6); } $set['smtp_host_port'] = intval( hesk_POST('tmp_smtp_host_port', 25) ); $set['smtp_timeout'] = intval( hesk_POST('tmp_smtp_timeout', 10) ); $set['tmp_smtp_enc'] = hesk_POST('tmp_smtp_enc'); $set['tmp_smtp_enc'] = ($set['tmp_smtp_enc'] == 'ssl' || $set['tmp_smtp_enc'] == 'tls') ? $set['tmp_smtp_enc'] : ''; $set['tmp_smtp_noval_cert'] = empty($_POST['tmp_smtp_noval_cert']) ? 0 : 1; $set['smtp_user'] = hesk_input( hesk_POST('tmp_smtp_user') ); $set['smtp_password'] = hesk_input( hesk_POST('tmp_smtp_password') ); $set['smtp_conn_type'] = (hesk_POST('tmp_smtp_conn_type') == 'oauth') ? 'oauth' : 'basic'; $set['smtp_oauth_provider'] = intval(hesk_POST('tmp_smtp_oauth_provider')); } /* --> Email piping */ $set['email_piping'] = empty($_POST['s_email_piping']) ? 0 : 1; /* --> IMAP fetching */ $imap_OK = true; $set['imap'] = function_exists('imap_open') ? (empty($_POST['s_imap']) ? 0 : 1) : 0; if ($set['imap']) { // Get IMAP fetching timeout $set['imap_job_wait'] = hesk_checkMinMax( intval( hesk_POST('s_imap_job_wait') ) , 0, 1440, 15); // Test IMAP connection $imap_OK = hesk_testIMAP(true); // If IMAP not working, disable it if ($imap_OK === false) { $set['imap'] = 0; } } else { $set['imap_job_wait'] = intval( hesk_POST('s_imap_job_wait', 15) ); $set['imap_host_name'] = hesk_input( hesk_POST('tmp_imap_host_name', 'mail.example.com') ); $set['imap_host_port'] = intval( hesk_POST('tmp_imap_host_port', 110) ); $set['imap_enc'] = hesk_POST('tmp_imap_enc'); $set['imap_enc'] = ($set['imap_enc'] == 'ssl' || $set['imap_enc'] == 'tls') ? $set['imap_enc'] : ''; $set['imap_noval_cert'] = empty($_POST['tmp_imap_noval_cert']) ? 0 : 1; $set['imap_keep'] = empty($_POST['tmp_imap_keep']) ? 0 : 1; $set['imap_user'] = hesk_input( hesk_POST('tmp_imap_user') ); $set['imap_password'] = hesk_input( hesk_POST('tmp_imap_password') ); $set['imap_conn_type'] = hesk_input(hesk_POST('tmp_imap_conn_type')); $set['imap_oauth_provider'] = hesk_input(hesk_POST('tmp_imap_oauth_provider')); } /* --> POP3 fetching */ $set['pop3'] = empty($_POST['s_pop3']) ? 0 : 1; if ($set['pop3']) { // Get POP3 fetching timeout $set['pop3_job_wait'] = hesk_checkMinMax( intval( hesk_POST('s_pop3_job_wait') ) , 0, 1440, 15); // Test POP3 connection $pop3_OK = hesk_testPOP3(true); // If POP3 not working, disable it if ( ! $pop3_OK) { $set['pop3'] = 0; } } else { $set['pop3_job_wait'] = intval( hesk_POST('s_pop3_job_wait', 15) ); $set['pop3_host_name'] = hesk_input( hesk_POST('tmp_pop3_host_name', 'mail.example.com') ); $set['pop3_host_port'] = intval( hesk_POST('tmp_pop3_host_port', 110) ); $set['pop3_tls'] = empty($_POST['tmp_pop3_tls']) ? 0 : 1; $set['pop3_keep'] = empty($_POST['tmp_pop3_keep']) ? 0 : 1; $set['pop3_user'] = hesk_input( hesk_POST('tmp_pop3_user') ); $set['pop3_password'] = hesk_input( hesk_POST('tmp_pop3_password') ); $set['pop3_conn_type'] = hesk_input(hesk_POST('tmp_pop3_conn_type')); $set['pop3_oauth_provider'] = hesk_input(hesk_POST('tmp_pop3_oauth_provider')); } $set['strip_quoted'] = empty($_POST['s_strip_quoted']) ? 0 : 1; $set['eml_req_msg'] = empty($_POST['s_eml_req_msg']) ? 0 : 1; $set['save_embedded'] = empty($_POST['s_save_embedded']) ? 0 : 1; /* --> Ignore emails */ $set['pipe_block_noreply'] = empty($_POST['s_pipe_block_noreply']) ? 0 : 1; $set['pipe_block_returned'] = empty($_POST['s_pipe_block_returned']) ? 0 : 1; $set['pipe_block_duplicate'] = empty($_POST['s_pipe_block_duplicate']) ? 0 : 1; $set['loop_hits'] = hesk_checkMinMax( intval( hesk_POST('s_loop_hits') ) , 0, 999, 5); $set['loop_time'] = hesk_checkMinMax( intval( hesk_POST('s_loop_time') ) , 1, 86400, 300); /* --> Detect email typos */ $set['detect_typos'] = empty($_POST['s_detect_typos']) ? 0 : 1; $set['email_providers'] = array(); if ( ! empty($_POST['s_email_providers']) && ! is_array($_POST['s_email_providers']) ) { $lines = preg_split('/$\R?^/m', hesk_input($_POST['s_email_providers']) ); foreach ($lines as $domain) { $domain = trim($domain); $domain = str_replace('@', '', $domain); $domainLen = strlen($domain); /* Check domain part length */ if ($domainLen < 1 || $domainLen > 254) { continue; } /* Check domain part characters */ if ( ! preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain) ) { continue; } /* Domain part mustn't have two consecutive dots */ if ( strpos($domain, '..') !== false ) { continue; } $set['email_providers'][] = $domain; } } if ( ! $set['detect_typos'] || count($set['email_providers']) < 1 ) { $set['detect_typos'] = 0; $set['email_providers']=array('aim.com','aol.co.uk','aol.com','att.net','bellsouth.net','blueyonder.co.uk','bt.com','btinternet.com','btopenworld.com','charter.net','comcast.net','cox.net','earthlink.net','email.com','facebook.com','fastmail.fm','free.fr','freeserve.co.uk','gmail.com','gmx.at','gmx.ch','gmx.com','gmx.de','gmx.fr','gmx.net','gmx.us','googlemail.com','hotmail.be','hotmail.co.uk','hotmail.com','hotmail.com.ar','hotmail.com.mx','hotmail.de','hotmail.es','hotmail.fr','hushmail.com','icloud.com','inbox.com','laposte.net','lavabit.com','list.ru','live.be','live.co.uk','live.com','live.com.ar','live.com.mx','live.de','live.fr','love.com','lycos.com','mac.com','mail.com','mail.ru','me.com','msn.com','nate.com','naver.com','neuf.fr','ntlworld.com','o2.co.uk','online.de','orange.fr','orange.net','outlook.com','pobox.com','prodigy.net.mx','qq.com','rambler.ru','rocketmail.com','safe-mail.net','sbcglobal.net','t-online.de','talktalk.co.uk','tiscali.co.uk','verizon.net','virgin.net','virginmedia.com','wanadoo.co.uk','wanadoo.fr','yahoo.co.id','yahoo.co.in','yahoo.co.jp','yahoo.co.kr','yahoo.co.uk','yahoo.com','yahoo.com.ar','yahoo.com.mx','yahoo.com.ph','yahoo.com.sg','yahoo.de','yahoo.fr','yandex.com','yandex.ru','ymail.com'); } $set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", array_unique($set['email_providers'])) . "'" : ''; /* --> Notify customer when */ $set['notify_new'] = empty($_POST['s_notify_new']) ? 0 : 1; $set['notify_closed'] = empty($_POST['s_notify_closed']) ? 0 : 1; // SPAM tags $set['notify_skip_spam'] = empty($_POST['s_notify_skip_spam']) ? 0 : 1; $set['notify_spam_tags'] = array(); if ( ! empty($_POST['s_notify_spam_tags']) && ! is_array($_POST['s_notify_spam_tags']) ) { $lines = preg_split('/$\R?^/m', $_POST['s_notify_spam_tags']); foreach ($lines as $tag) { // Remove dangerous tags just as an extra precaution $tag = str_replace( array(' 50) { continue; } // Escape single quotes and backslashes $set['notify_spam_tags'][] = str_replace( array("\\", "'"), array("\\\\", "\\'"), $tag); // ' } } if ( count($set['notify_spam_tags']) < 1 ) { $set['notify_skip_spam'] = 0; $set['notify_spam_tags'] = array('Spam?}','***SPAM***','[SPAM]','SPAM-LOW:','SPAM-MED:'); } $set['notify_spam_tags'] = count($set['notify_spam_tags']) ? "'" . implode("','", $set['notify_spam_tags']) . "'" : ''; /* --> Other */ $set['multi_eml'] = empty($_POST['s_multi_eml']) ? 0 : 1; $set['confirm_email'] = empty($_POST['s_confirm_email']) ? 0 : 1; $set['open_only'] = empty($_POST['s_open_only']) ? 0 : 1; } elseif ($section === 'TICKET_LIST') { $set['ticket_list'] = array(); foreach ($hesk_settings['possible_ticket_list'] as $key => $title) { if ( hesk_POST('s_tl_'.$key, 0) == 1) { $set['ticket_list'][] = $key; } } // We need at least one of these: id, trackid, subject if ( ! in_array('id', $set['ticket_list']) && ! in_array('trackid', $set['ticket_list']) && ! in_array('subject', $set['ticket_list']) ) { // Non of the required fields are there, add "trackid" as the first one array_unshift($set['ticket_list'], 'trackid'); } $set['ticket_list'] = count($set['ticket_list']) ? "'" . implode("','", $set['ticket_list']) . "'" : 'trackid'; /* --> Other */ $set['submittedformat'] = hesk_checkMinMax( intval( hesk_POST('s_submittedformat') ) , 0, 4, 2); $set['updatedformat'] = hesk_checkMinMax( intval( hesk_POST('s_updatedformat') ) , 0, 4, 2); $set['format_submitted'] = hesk_input( hesk_POST('s_format_submitted') ) or $set['format_submitted'] = 'Y-m-d H:i:s'; $set['format_updated'] = hesk_input( hesk_POST('s_format_updated') ) or $set['format_updated'] = 'Y-m-d H:i:s'; } elseif ($section === 'MISC') { /* --> Date & Time */ $set['timezone'] = hesk_input( hesk_POST('s_timezone') ); if ( ! in_array($set['timezone'], timezone_identifiers_list()) ) { $set['timezone'] = 'UTC'; } $set['format_time'] = hesk_input( hesk_POST('s_format_time') ) or $set['format_time'] = 'H:i:s'; $set['format_date'] = hesk_input( hesk_POST('s_format_date') ) or $set['format_date'] = 'Y-m-d'; $set['format_timestamp'] = hesk_input( hesk_POST('s_format_timestamp') ) or $set['format_timestamp'] = 'Y-m-d H:i:s'; $set['time_display'] = empty($_POST['s_time_display']) ? 0 : 1; $set['format_datepicker_js'] = hesk_input( hesk_POST('s_format_datepicker_js') ); $set['format_datepicker_php'] = hesk_map_datepicker_date_format_to_php($set['format_datepicker_js']); if (empty($set['format_datepicker_php'])) { $set['format_datepicker_js'] = 'mm/dd/yyyy'; $set['format_datepicker_php'] = 'm/d/Y'; } /* --> Other */ $set['ip_whois'] = hesk_validateURL( hesk_POST('s_ip_whois_url', 'https://whois.domaintools.com/{IP}') ); // If no {IP} tag append it to the end if ( strlen($set['ip_whois']) == 0 ) { $set['ip_whois'] = 'https://whois.domaintools.com/{IP}'; } elseif ( strpos($set['ip_whois'], '{IP}') === false ) { $set['ip_whois'] .= '{IP}'; } $set['maintenance_mode']= empty($_POST['s_maintenance_mode']) ? 0 : 1; $set['alink'] = empty($_POST['s_alink']) ? 0 : 1; $set['submit_notice'] = empty($_POST['s_submit_notice']) ? 0 : 1; $set['online'] = empty($_POST['s_online']) ? 0 : 1; $set['online_min'] = hesk_checkMinMax( intval( hesk_POST('s_online_min') ) , 1, 999, 10); $set['check_updates'] = empty($_POST['s_check_updates']) ? 0 : 1; } $set['hesk_version'] = $hesk_settings['hesk_version']; // Prepare settings file and save it $settings_file_content=' GENERAL // --> General settings $hesk_settings[\'site_title\']=\'' . hesk_getProperty($set, 'site_title') . '\'; $hesk_settings[\'site_url\']=\'' . hesk_getProperty($set, 'site_url') . '\'; $hesk_settings[\'hesk_title\']=\'' . hesk_getProperty($set, 'hesk_title') . '\'; $hesk_settings[\'hesk_url\']=\'' . hesk_getProperty($set, 'hesk_url') . '\'; $hesk_settings[\'webmaster_mail\']=\'' . hesk_getProperty($set, 'webmaster_mail') . '\'; $hesk_settings[\'site_theme\']=\'' . hesk_getProperty($set, 'site_theme') . '\'; $hesk_settings[\'admin_css\']=' . hesk_getProperty($set, 'admin_css') . '; $hesk_settings[\'admin_css_url\']=\'' . hesk_getProperty($set, 'admin_css_url') . '\'; // --> Language settings $hesk_settings[\'can_sel_lang\']=' . hesk_getProperty($set, 'can_sel_lang') . '; $hesk_settings[\'language\']=\'' . hesk_getProperty($set, 'language') . '\'; $hesk_settings[\'languages\']=array( '.hesk_getLanguageForFile($set, 'languages').'); // --> Database settings $hesk_settings[\'db_host\']=\'' . hesk_getProperty($set, 'db_host') . '\'; $hesk_settings[\'db_name\']=\'' . hesk_getProperty($set, 'db_name') . '\'; $hesk_settings[\'db_user\']=\'' . hesk_getProperty($set, 'db_user') . '\'; $hesk_settings[\'db_pass\']=\'' . hesk_getProperty($set, 'db_pass') . '\'; $hesk_settings[\'db_pfix\']=\'' . hesk_getProperty($set, 'db_pfix') . '\'; // ==> HELP DESK // --> Help desk settings $hesk_settings[\'admin_dir\']=\'' . hesk_getProperty($set, 'admin_dir') . '\'; $hesk_settings[\'attach_dir\']=\'' . hesk_getProperty($set, 'attach_dir') . '\'; $hesk_settings[\'cache_dir\']=\'' . hesk_getProperty($set, 'cache_dir') . '\'; $hesk_settings[\'max_listings\']=' . hesk_getProperty($set, 'max_listings') . '; $hesk_settings[\'print_font_size\']=' . hesk_getProperty($set, 'print_font_size') . '; $hesk_settings[\'autoclose\']=' . hesk_getProperty($set, 'autoclose') . '; $hesk_settings[\'max_open\']=' . hesk_getProperty($set, 'max_open') . '; $hesk_settings[\'due_soon\']=' . hesk_getProperty($set, 'due_soon') . '; $hesk_settings[\'new_top\']=' . hesk_getProperty($set, 'new_top') . '; $hesk_settings[\'reply_top\']=' . hesk_getProperty($set, 'reply_top') . '; $hesk_settings[\'hide_replies\']=' . hesk_getProperty($set, 'hide_replies') . '; $hesk_settings[\'limit_width\']=' . hesk_getProperty($set, 'limit_width') . '; // --> Features $hesk_settings[\'autologin\']=' . hesk_getProperty($set, 'autologin') . '; $hesk_settings[\'autoassign\']=' . hesk_getProperty($set, 'autoassign') . '; $hesk_settings[\'require_email\']=' . hesk_getProperty($set, 'require_email') . '; $hesk_settings[\'require_owner\']=' . hesk_getProperty($set, 'require_owner') . '; $hesk_settings[\'require_subject\']=' . hesk_getProperty($set, 'require_subject') . '; $hesk_settings[\'require_message\']=' . hesk_getProperty($set, 'require_message') . '; $hesk_settings[\'custclose\']=' . hesk_getProperty($set, 'custclose') . '; $hesk_settings[\'custopen\']=' . hesk_getProperty($set, 'custopen') . '; $hesk_settings[\'rating\']=' . hesk_getProperty($set, 'rating') . '; $hesk_settings[\'cust_urgency\']=' . hesk_getProperty($set, 'cust_urgency') . '; $hesk_settings[\'sequential\']=' . hesk_getProperty($set, 'sequential') . '; $hesk_settings[\'time_worked\']=' . hesk_getProperty($set, 'time_worked') . '; $hesk_settings[\'spam_notice\']=' . hesk_getProperty($set, 'spam_notice') . '; $hesk_settings[\'list_users\']=' . hesk_getProperty($set, 'list_users') . '; $hesk_settings[\'debug_mode\']=' . hesk_getProperty($set, 'debug_mode') . '; $hesk_settings[\'short_link\']=' . hesk_getProperty($set, 'short_link') . '; $hesk_settings[\'select_cat\']=' . hesk_getProperty($set, 'select_cat') . '; $hesk_settings[\'select_pri\']=' . hesk_getProperty($set, 'select_pri') . '; $hesk_settings[\'cat_show_select\']=' . hesk_getProperty($set, 'cat_show_select') . '; $hesk_settings[\'staff_ticket_formatting\']=' . hesk_getProperty($set, 'staff_ticket_formatting') . '; // --> SPAM Prevention $hesk_settings[\'secimg_use\']=' . hesk_getProperty($set, 'secimg_use') . '; $hesk_settings[\'secimg_sum\']=\'' . hesk_getProperty($set, 'secimg_sum') . '\'; $hesk_settings[\'recaptcha_use\']=' . hesk_getProperty($set, 'recaptcha_use') . '; $hesk_settings[\'recaptcha_public_key\']=\'' . hesk_getProperty($set, 'recaptcha_public_key') . '\'; $hesk_settings[\'recaptcha_private_key\']=\'' . hesk_getProperty($set, 'recaptcha_private_key') . '\'; $hesk_settings[\'question_use\']=' . hesk_getProperty($set, 'question_use') . '; $hesk_settings[\'question_ask\']=\'' . hesk_getProperty($set, 'question_ask') . '\'; $hesk_settings[\'question_ans\']=\'' . hesk_getProperty($set, 'question_ans') . '\'; // --> Security $hesk_settings[\'attempt_limit\']=' . hesk_getProperty($set, 'attempt_limit') . '; $hesk_settings[\'attempt_banmin\']=' . hesk_getProperty($set, 'attempt_banmin') . '; $hesk_settings[\'flood\']=' . hesk_getProperty($set, 'flood') . '; $hesk_settings[\'reset_pass\']=' . hesk_getProperty($set, 'reset_pass') . '; $hesk_settings[\'email_view_ticket\']=' . hesk_getProperty($set, 'email_view_ticket') . '; $hesk_settings[\'x_frame_opt\']=' . hesk_getProperty($set, 'x_frame_opt') . '; $hesk_settings[\'samesite\']=\'' . hesk_getProperty($set, 'samesite') . '\'; $hesk_settings[\'force_ssl\']=' . hesk_getProperty($set, 'force_ssl') . '; $hesk_settings[\'url_key\']=\'' . hesk_getProperty($set, 'url_key') . '\'; $hesk_settings[\'require_mfa\']='. hesk_getProperty($set, 'require_mfa') . '; $hesk_settings[\'elevator_duration\']=\''. hesk_getProperty($set, 'elevator_duration') .'\'; // --> Attachments $hesk_settings[\'attachments\']=array ( \'use\' => ' . (isset($set['attachments']) ? $set['attachments']['use'] : $hesk_settings['attachments']['use']) . ', \'max_number\' => ' . (isset($set['attachments']) ? $set['attachments']['max_number'] : $hesk_settings['attachments']['max_number']) . ', \'max_size\' => ' . (isset($set['attachments']) ? $set['attachments']['max_size'] : $hesk_settings['attachments']['max_size']) . ', \'allowed_types\' => array(\'' . implode('\',\'',hesk_getAllowedAttachmentTypes($set)) . '\') ); // ==> KNOWLEDGEBASE // --> Knowledgebase settings $hesk_settings[\'kb_enable\']=' . hesk_getProperty($set, 'kb_enable') . '; $hesk_settings[\'kb_wysiwyg\']=' . hesk_getProperty($set, 'kb_wysiwyg') . '; $hesk_settings[\'kb_search\']=' . hesk_getProperty($set, 'kb_search') . '; $hesk_settings[\'kb_search_limit\']=' . hesk_getProperty($set, 'kb_search_limit') . '; $hesk_settings[\'kb_views\']=' . hesk_getProperty($set, 'kb_views') . '; $hesk_settings[\'kb_date\']=' . hesk_getProperty($set, 'kb_date') . '; $hesk_settings[\'kb_recommendanswers\']=' . hesk_getProperty($set, 'kb_recommendanswers') . '; $hesk_settings[\'kb_rating\']=' . hesk_getProperty($set, 'kb_rating') . '; $hesk_settings[\'kb_substrart\']=' . hesk_getProperty($set, 'kb_substrart') . '; $hesk_settings[\'kb_cols\']=' . hesk_getProperty($set, 'kb_cols') . '; $hesk_settings[\'kb_numshow\']=' . hesk_getProperty($set, 'kb_numshow') . '; $hesk_settings[\'kb_popart\']=' . hesk_getProperty($set, 'kb_popart') . '; $hesk_settings[\'kb_latest\']=' . hesk_getProperty($set, 'kb_latest') . '; $hesk_settings[\'kb_index_popart\']=' . hesk_getProperty($set, 'kb_index_popart') . '; $hesk_settings[\'kb_index_latest\']=' . hesk_getProperty($set, 'kb_index_latest') . '; $hesk_settings[\'kb_related\']=' . hesk_getProperty($set, 'kb_related') . '; // ==> EMAIL // --> Email sending $hesk_settings[\'noreply_mail\']=\'' . hesk_getProperty($set, 'noreply_mail') . '\'; $hesk_settings[\'noreply_name\']=\'' . hesk_getProperty($set, 'noreply_name') . '\'; $hesk_settings[\'email_formatting\']=' . hesk_getProperty($set, 'email_formatting') . '; $hesk_settings[\'smtp\']=' . hesk_getProperty($set, 'smtp') . '; $hesk_settings[\'smtp_host_name\']=\'' . hesk_getProperty($set, 'smtp_host_name') . '\'; $hesk_settings[\'smtp_host_port\']=' . hesk_getProperty($set, 'smtp_host_port') . '; $hesk_settings[\'smtp_timeout\']=' . hesk_getProperty($set, 'smtp_timeout') . '; $hesk_settings[\'smtp_enc\']=\'' . hesk_getProperty($set, 'smtp_enc') . '\'; $hesk_settings[\'smtp_noval_cert\']=' . hesk_getProperty($set, 'smtp_noval_cert') . '; $hesk_settings[\'smtp_user\']=\'' . hesk_getProperty($set, 'smtp_user') . '\'; $hesk_settings[\'smtp_password\']=\'' . hesk_getProperty($set, 'smtp_password') . '\'; $hesk_settings[\'smtp_conn_type\']=\'' . hesk_getProperty($set, 'smtp_conn_type') . '\'; $hesk_settings[\'smtp_oauth_provider\']=' . hesk_getProperty($set, 'smtp_oauth_provider') . '; // --> Email piping $hesk_settings[\'email_piping\']=' . hesk_getProperty($set, 'email_piping') . '; // --> IMAP Fetching $hesk_settings[\'imap\']=' . hesk_getProperty($set, 'imap') . '; $hesk_settings[\'imap_job_wait\']=' . hesk_getProperty($set, 'imap_job_wait') . '; $hesk_settings[\'imap_host_name\']=\'' . hesk_getProperty($set, 'imap_host_name') . '\'; $hesk_settings[\'imap_host_port\']=' . hesk_getProperty($set, 'imap_host_port') . '; $hesk_settings[\'imap_enc\']=\'' . hesk_getProperty($set, 'imap_enc') . '\'; $hesk_settings[\'imap_noval_cert\']=' . hesk_getProperty($set, 'imap_noval_cert') . '; $hesk_settings[\'imap_keep\']=' . hesk_getProperty($set, 'imap_keep') . '; $hesk_settings[\'imap_user\']=\'' . hesk_getProperty($set, 'imap_user') . '\'; $hesk_settings[\'imap_password\']=\'' . hesk_getProperty($set, 'imap_password') . '\'; $hesk_settings[\'imap_conn_type\']=\'' . hesk_getProperty($set, 'imap_conn_type') . '\'; $hesk_settings[\'imap_oauth_provider\']=' . hesk_getProperty($set, 'imap_oauth_provider') . '; // --> POP3 Fetching $hesk_settings[\'pop3\']=' . hesk_getProperty($set, 'pop3') . '; $hesk_settings[\'pop3_job_wait\']=' . hesk_getProperty($set, 'pop3_job_wait') . '; $hesk_settings[\'pop3_host_name\']=\'' . hesk_getProperty($set, 'pop3_host_name') . '\'; $hesk_settings[\'pop3_host_port\']=' . hesk_getProperty($set, 'pop3_host_port') . '; $hesk_settings[\'pop3_tls\']=' . hesk_getProperty($set, 'pop3_tls') . '; $hesk_settings[\'pop3_keep\']=' . hesk_getProperty($set, 'pop3_keep') . '; $hesk_settings[\'pop3_user\']=\'' . hesk_getProperty($set, 'pop3_user') . '\'; $hesk_settings[\'pop3_password\']=\'' . hesk_getProperty($set, 'pop3_password') . '\'; $hesk_settings[\'pop3_conn_type\']=\'' . hesk_getProperty($set, 'pop3_conn_type') . '\'; $hesk_settings[\'pop3_oauth_provider\']=' . hesk_getProperty($set, 'pop3_oauth_provider') . '; $hesk_settings[\'strip_quoted\']=' . hesk_getProperty($set, 'strip_quoted') . '; $hesk_settings[\'eml_req_msg\']=' . hesk_getProperty($set, 'eml_req_msg') . '; $hesk_settings[\'save_embedded\']=' . hesk_getProperty($set, 'save_embedded') . '; // --> Ignore emails $hesk_settings[\'pipe_block_noreply\']=' . hesk_getProperty($set, 'pipe_block_noreply') . '; $hesk_settings[\'pipe_block_returned\']=' . hesk_getProperty($set, 'pipe_block_returned') . '; $hesk_settings[\'pipe_block_duplicate\']=' . hesk_getProperty($set, 'pipe_block_duplicate') . '; $hesk_settings[\'loop_hits\']=' . hesk_getProperty($set, 'loop_hits') . '; $hesk_settings[\'loop_time\']=' . hesk_getProperty($set, 'loop_time') . '; // --> Detect email typos $hesk_settings[\'detect_typos\']=' . hesk_getProperty($set, 'detect_typos') . '; $hesk_settings[\'email_providers\']=array(' . hesk_getProperty($set, 'email_providers') . '); // --> Notify customer when $hesk_settings[\'notify_new\']=' . hesk_getProperty($set, 'notify_new') . '; $hesk_settings[\'notify_skip_spam\']=' . hesk_getProperty($set, 'notify_skip_spam') . '; $hesk_settings[\'notify_spam_tags\']=array(' . hesk_getProperty($set, 'notify_spam_tags') . '); $hesk_settings[\'notify_closed\']=' . hesk_getProperty($set, 'notify_closed') . '; // --> Other $hesk_settings[\'multi_eml\']=' . hesk_getProperty($set, 'multi_eml') . '; $hesk_settings[\'confirm_email\']=' . hesk_getProperty($set, 'confirm_email') . '; $hesk_settings[\'open_only\']=' . hesk_getProperty($set, 'open_only') . '; // ==> TICKET LIST $hesk_settings[\'ticket_list\']=array(' . hesk_getProperty($set, 'ticket_list') . '); // --> Other $hesk_settings[\'submittedformat\']=' . hesk_getProperty($set, 'submittedformat') . '; $hesk_settings[\'updatedformat\']=' . hesk_getProperty($set, 'updatedformat') . '; $hesk_settings[\'format_submitted\']=\'' . hesk_getProperty($set, 'format_submitted') . '\'; $hesk_settings[\'format_updated\']=\'' . hesk_getProperty($set, 'format_updated') . '\'; // ==> MISC // --> Date & Time $hesk_settings[\'timezone\']=\'' . hesk_getProperty($set, 'timezone') . '\'; $hesk_settings[\'format_time\']=\'' . hesk_getProperty($set, 'format_time') . '\'; $hesk_settings[\'format_date\']=\'' . hesk_getProperty($set, 'format_date') . '\'; $hesk_settings[\'format_timestamp\']=\'' . hesk_getProperty($set, 'format_timestamp') . '\'; $hesk_settings[\'time_display\']=\'' . hesk_getProperty($set, 'time_display') . '\'; $hesk_settings[\'format_datepicker_js\']=\'' . hesk_getProperty($set, 'format_datepicker_js') . '\'; $hesk_settings[\'format_datepicker_php\']=\'' . hesk_getProperty($set, 'format_datepicker_php') . '\'; // --> Other $hesk_settings[\'ip_whois\']=\'' . hesk_getProperty($set, 'ip_whois') . '\'; $hesk_settings[\'maintenance_mode\']=' . hesk_getProperty($set, 'maintenance_mode') . '; $hesk_settings[\'alink\']=' . hesk_getProperty($set, 'alink') . '; $hesk_settings[\'submit_notice\']=' . hesk_getProperty($set, 'submit_notice') . '; $hesk_settings[\'online\']=' . hesk_getProperty($set, 'online') . '; $hesk_settings[\'online_min\']=' . hesk_getProperty($set, 'online_min') . '; $hesk_settings[\'check_updates\']=' . hesk_getProperty($set, 'check_updates') . '; ############################# # DO NOT EDIT BELOW # ############################# $hesk_settings[\'hesk_version\']=\'' . $set['hesk_version'] . '\'; if ($hesk_settings[\'debug_mode\']) { error_reporting(E_ALL); } else { error_reporting(0); } if (!defined(\'IN_SCRIPT\')) {die(\'Invalid attempt!\');}'; // Write to the settings file if ( ! file_put_contents(HESK_PATH . 'hesk_settings.inc.php', $settings_file_content) ) { hesk_error($hesklang['err_openset']); } // Any settings problems? $tmp = array(); if ( ! $smtp_OK) { $tmp[] = ''.$hesklang['sme'].': '.$smtp_error.'

    '.$hesklang['scl'].''; } if ( ! $pop3_OK) { $tmp[] = ''.$hesklang['pop3e'].': '.$pop3_error.'

    '.$hesklang['pop3log'].''; } // Clear the cache folder hesk_purge_cache('kb'); hesk_purge_cache('cf'); hesk_purge_cache('export', 14400); hesk_purge_cache('status'); // Is MFA enabled? If so, forcibly enroll users who aren't using MFA if ($section === 'HELP_DESK' && hesk_getProperty($set, 'require_mfa')) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `mfa_enrollment` = 1 WHERE `mfa_enrollment` = 0"); } // Show the settings page and display any notices or success $return_location = 'admin_settings_' . strtolower($section) . '.php'; if ( count($tmp) ) { $errors = implode('

    ', $tmp); hesk_process_messages( $hesklang['sns'] . '

    ' . $errors,$return_location,'NOTICE'); } else { hesk_process_messages($hesklang['set_were_saved'],$return_location,'SUCCESS'); } exit(); /** FUNCTIONS **/ function hesk_getLanguagesArray($returnArray=0) { global $hesk_settings, $hesklang; /* Get a list of valid emails */ $valid_emails = array_keys( hesk_validEmails() ); $dir = HESK_PATH . 'language/'; $path = opendir($dir); $code = ''; $langArray = array(); /* Test all folders inside the language folder */ while (false !== ($subdir = readdir($path))) { if ($subdir == "." || $subdir == "..") { continue; } if (filetype($dir . $subdir) == 'dir') { $add = 1; $langu = $dir . $subdir . '/text.php'; $langc = $dir . $subdir . '/custom-text.php'; $email = $dir . $subdir . '/emails'; $html_email = $dir . $subdir . '/html_emails'; /* Check the text.php */ if (file_exists($langu)) { $tmp = file_get_contents($langu); // Some servers add slashes to file_get_contents output if ( strpos ($tmp, '[\\\'LANGUAGE\\\']') !== false ) { $tmp = stripslashes($tmp); } $err = ''; if ( ! preg_match('/\$hesklang\[\'LANGUAGE\'\]\=\'(.*)\'\;/', $tmp, $l) ) { $add = 0; } elseif ( ! preg_match('/\$hesklang\[\'ENCODING\'\]\=\'(.*)\'\;/', $tmp) ) { $add = 0; } elseif ( ! preg_match('/\$hesklang\[\'_COLLATE\'\]\=\'(.*)\'\;/', $tmp) ) { $add = 0; } elseif ( ! preg_match('/\$hesklang\[\'EMAIL_HR\'\]\=\'(.*)\'\;/', $tmp, $hr) ) { $add = 0; } // Is it latest version? elseif ( ! preg_match('/\$hesklang\[\'email_authentication_method\'\]/', $tmp) ) { $add = 0; } } else { $add = 0; } /* Check emails folder */ if (file_exists($email) && filetype($email) == 'dir') { foreach ($valid_emails as $eml) { if (!file_exists($email.'/'.$eml.'.txt')) { $add = 0; } } } else { $add = 0; } if (file_exists($html_email) && filetype($html_email) == 'dir') { foreach ($valid_emails as $eml) { if (!file_exists($html_email.'/'.$eml.'.txt')) { $add = 0; } } } else { $add = 0; } /* Add an option for the >
    >
    type="text" class="datepicker">
    >
    type="text" class="datepicker">
    >

    -

    {$hesklang['roo']}

    "; } /* Report type */ switch ($type) { case 2: hesk_ticketsByMonth(); break; case 3: hesk_ticketsByUser(); break; case 4: hesk_ticketsByCategory(); break; default: hesk_ticketsByDay(); } require_once(HESK_PATH . 'inc/footer.inc.php'); exit(); /*** START FUNCTIONS ***/ function hesk_ticketsByCategory() { global $hesk_settings, $hesklang, $date_from, $date_to, $can_run_reports_full; /* List of categories */ $cat = array(); $res = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE " . ( $can_run_reports_full ? '1' : hesk_myCategories('id') ) . " ORDER BY `id` ASC"); while ($row=hesk_dbFetchAssoc($res)) { $cat[$row['id']]=$row['name']; } $tickets = array(); $totals = array('num_tickets' => 0, 'resolved' => 0, 'all_replies' => 0, 'staff_replies' => 0, 'worked' => 0); /* Populate category counts */ foreach ($cat as $id => $name) { $tickets[$id] = array( 'num_tickets' => 0, 'resolved' => 0, 'all_replies' => 0, 'staff_replies' => 0, 'worked' => '', ); } /* SQL query for category stats */ $res = hesk_dbQuery("SELECT `category`, COUNT(*) AS `num_tickets`, ".($hesk_settings['time_worked'] ? "SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`," : '')." SUM(`replies`) AS `all_replies`, SUM(staffreplies) AS `staff_replies` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE {$hesk_settings['dt_sql']} " . ( $can_run_reports_full ? "" : " AND `t1`.`owner` = '" . intval($_SESSION['id']) . "'" ) . " GROUP BY `category`"); /* Update ticket values */ while ($row = hesk_dbFetchAssoc($res)) { if ( ! $hesk_settings['time_worked']) { $row['seconds_worked'] = 0; } if (isset($cat[$row['category']])) { $tickets[$row['category']]['num_tickets'] += $row['num_tickets']; $tickets[$row['category']]['all_replies'] += $row['all_replies']; $tickets[$row['category']]['staff_replies'] += $row['staff_replies']; $tickets[$row['category']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0; } else { /* Category deleted */ if ( ! isset($tickets[9999]) ) { $cat[9999] = $hesklang['catd']; $tickets[9999] = array('num_tickets' => $row['num_tickets'], 'resolved' => 0, 'all_replies' => $row['all_replies'], 'staff_replies' => $row['staff_replies'], 'worked' => $row['seconds_worked']); } else { $tickets[9999]['num_tickets'] += $row['num_tickets']; $tickets[9999]['all_replies'] += $row['all_replies']; $tickets[9999]['staff_replies'] += $row['staff_replies']; $tickets[9999]['worked'] += $row['seconds_worked']; } } $totals['num_tickets'] += $row['num_tickets']; $totals['all_replies'] += $row['all_replies']; $totals['staff_replies'] += $row['staff_replies']; $totals['worked'] += $row['seconds_worked']; } // Get number of resolved tickets $res = hesk_dbQuery("SELECT COUNT(*) AS `num_tickets` , `category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `status` = '3' " . ( $can_run_reports_full ? "" : " AND `owner` = '" . intval($_SESSION['id']) . "'" ) . " AND {$hesk_settings['dt_sql']} GROUP BY `category`"); // Update number of open and resolved tickets while ($row = hesk_dbFetchAssoc($res)) { if (isset($cat[$row['category']])) { $tickets[$row['category']]['resolved'] += $row['num_tickets']; } else { // Category deleted $tickets[9999]['resolved'] += $row['num_tickets']; } $totals['resolved'] += $row['num_tickets']; } // Convert total seconds worked to HH:MM:SS $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0; if ( isset($tickets[9999]) ) { $tickets[9999]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($tickets[9999]['worked']) : 0; } ?>
    '.$hesklang['ts'].''; } ?> 10) { ?> '.$totals['worked'].''; } ?> $d) { ?> '.$d['worked'].''; } ?> '.$totals['worked'].''; } ?>
    0, 'resolved' => 0, 'tickets' => 0, 'replies' => 0, 'worked' => 0, 'openedby' => 0); // Get list of users $admins = array(); // I. ADMINISTRATORS can view all users if ($_SESSION['isadmin'] || hesk_checkPermission('can_run_reports_full', 0) ) { // -> get list of users $res = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC"); // -> populate $admins and $tickets arrays while ($row=hesk_dbFetchAssoc($res)) { $admins[$row['id']] = $row['name']; $tickets[$row['id']] = array( 'asstickets' => 0, 'resolved' => 0, 'tickets' => 0, 'replies' => 0, 'worked' => '', 'openedby' => 0, ); } // -> get list of tickets $res = hesk_dbQuery("SELECT `owner`, COUNT(*) AS `cnt`".($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '')." FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('" . implode("','", array_keys($admins) ) . "') AND {$hesk_settings['dt_sql']} GROUP BY `owner`"); // -> update ticket list values while ($row = hesk_dbFetchAssoc($res)) { if ( ! $hesk_settings['time_worked']) { $row['seconds_worked'] = 0; } $tickets[$row['owner']]['asstickets'] += $row['cnt']; $totals['asstickets'] += $row['cnt']; $tickets[$row['owner']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0; $totals['worked'] += $row['seconds_worked']; } // -> get list of resolved tickets $res = hesk_dbQuery("SELECT `owner`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('" . implode("','", array_keys($admins) ) . "') AND `status`='3' AND {$hesk_settings['dt_sql']} GROUP BY `owner`"); // -> update resolved ticket list values while ($row = hesk_dbFetchAssoc($res)) { $tickets[$row['owner']]['resolved'] += $row['cnt']; $totals['resolved'] += $row['cnt']; } // -> get number of replies $res = hesk_dbQuery("SELECT `staffid`, COUNT(*) AS `cnt`, COUNT(DISTINCT `replyto`) AS `tcnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `staffid` IN ('" . implode("','", array_keys($admins) ) . "') AND {$hesk_settings['dt_sql']} GROUP BY `staffid`"); // -> update number of replies values while ($row = hesk_dbFetchAssoc($res)) { $tickets[$row['staffid']]['tickets'] += $row['tcnt']; $tickets[$row['staffid']]['replies'] += $row['cnt']; $totals['tickets'] += $row['tcnt']; $totals['replies'] += $row['cnt']; } } // II. OTHER STAFF may only see their own stats else { $admins[$_SESSION['id']] = $_SESSION['name']; // -> get list of tickets $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`".($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '')." FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` = '" . intval($_SESSION['id']) . "' AND {$hesk_settings['dt_sql']}"); $row = hesk_dbFetchAssoc($res); // -> update ticket values $tickets[$_SESSION['id']]['asstickets'] = $row['cnt']; $totals['asstickets'] = $row['cnt']; $tickets[$_SESSION['id']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0; $totals['worked'] += $row['seconds_worked']; // -> get list of resolved tickets $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` = '" . intval($_SESSION['id']) . "' AND `status`='3' AND {$hesk_settings['dt_sql']}"); $row = hesk_dbFetchAssoc($res); // -> update resolved ticket values $tickets[$_SESSION['id']]['resolved'] = $row['cnt']; $totals['resolved'] = $row['cnt']; // -> get number of replies $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`, COUNT(DISTINCT `replyto`) AS `tcnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `staffid` = '" . intval($_SESSION['id']) . "' AND {$hesk_settings['dt_sql']}"); $row = hesk_dbFetchAssoc($res); $tickets[$_SESSION['id']]['tickets'] = $row['tcnt']; $tickets[$_SESSION['id']]['replies'] = $row['cnt']; $totals['tickets'] = $row['tcnt']; $totals['replies'] = $row['cnt']; } // Convert total seconds worked to HH:MM:SS $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0; // Get total opened by tickets $res = hesk_dbQuery("SELECT `openedby`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `openedby` IN ('" . implode("','", array_keys($admins) ) . "') AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `openedby`"); // -> update ticket list values while ($row = hesk_dbFetchAssoc($res)) { $tickets[$row['openedby']]['openedby'] += $row['cnt']; $totals['openedby'] += $row['cnt']; } ?>
    '.$hesklang['ts'].''; } ?> 10) { ?> '.$totals['worked'].''; } ?> $d) { ?> '.$d['worked'].''; } ?> '.$totals['worked'].''; } ?>
    0, 'resolved' => 0, 'worked' => 0); $dt = MonthsArray($date_from,$date_to); // Pre-populate date values foreach ($dt as $month) { $tickets[$month] = array( 'all' => 0, 'resolved' => 0, 'worked' => '', ); } // SQL query for all $res = hesk_dbQuery("SELECT YEAR(`dt`) AS `myyear`, MONTH(`dt`) AS `mymonth`, COUNT(*) AS `cnt`".($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '')." FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND {$hesk_settings['dt_sql']} GROUP BY `myyear`,`mymonth`"); // Update ticket values while ($row = hesk_dbFetchAssoc($res)) { if ( ! $hesk_settings['time_worked']) { $row['seconds_worked'] = 0; } $row['mymonth'] = sprintf('%02d',$row['mymonth']); $tickets[$row['myyear'].'-'.$row['mymonth'].'-01']['all'] += $row['cnt']; $tickets[$row['myyear'].'-'.$row['mymonth'].'-01']['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0; $totals['all'] += $row['cnt']; $totals['worked'] += $row['seconds_worked']; } // SQL query for resolved $res = hesk_dbQuery("SELECT YEAR(`dt`) AS `myyear`, MONTH(`dt`) AS `mymonth`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND `status` = '3' AND {$hesk_settings['dt_sql']} GROUP BY `myyear`,`mymonth`"); // Update ticket values while ($row = hesk_dbFetchAssoc($res)) { $row['mymonth'] = sprintf('%02d',$row['mymonth']); $tickets[$row['myyear'].'-'.$row['mymonth'].'-01']['resolved'] += $row['cnt']; $totals['resolved'] += $row['cnt']; } // Convert total seconds worked to HH:MM:SS $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0; ?>
    '.$hesklang['ts'].''; } ?> 10) { ?> '.$totals['worked'].''; } ?> $d) { ?> '.$d['worked'].''; } ?> '.$totals['worked'].''; } ?>
    0, 'resolved' => 0, 'worked' => 0); $dt = DateArray($date_from,$date_to); // Pre-populate date values foreach ($dt as $day) { $tickets[$day] = array( 'all' => 0, 'resolved' => 0, 'worked' => '', ); } // SQL query for all $res = hesk_dbQuery("SELECT DATE(`dt`) AS `mydt`, COUNT(*) AS `cnt`".($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '')." FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND {$hesk_settings['dt_sql']} GROUP BY `mydt`"); // Update ticket values while ($row = hesk_dbFetchAssoc($res)) { if ( ! $hesk_settings['time_worked']) { $row['seconds_worked'] = 0; } $tickets[$row['mydt']]['all'] += $row['cnt']; $tickets[$row['mydt']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0; $totals['all'] += $row['cnt']; $totals['worked'] += $row['seconds_worked']; } // SQL query for resolved $res = hesk_dbQuery("SELECT DATE(`dt`) AS `mydt`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND `status`='3' AND {$hesk_settings['dt_sql']} GROUP BY `mydt`"); // Update ticket values while ($row = hesk_dbFetchAssoc($res)) { $tickets[$row['mydt']]['resolved'] += $row['cnt']; $totals['resolved'] += $row['cnt']; } // Convert total seconds worked to HH:MM:SS $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0; ?>
    '.$hesklang['ts'].''; } ?> 10) { ?> '.$totals['worked'].''; } ?> $d) { ?> '.$d['worked'].''; } ?> '.$totals['worked'].''; } ?>
    PK~3Y[[manage_canned.phpnu[

    >

    id="add-title"> id="edit-title">

    '; hesk_handle_messages(); echo '
    '; } $errors = hesk_SESSION(array('canned', 'errors')); $errors = is_array($errors) ? $errors : array(); ?>
    >
    $v) { if ($v['use']) { echo ''.$v['name'].''; } } ?>
    ' . $hesklang['selcan'] . ''; $errors[] = 'saved_replies'; } $savename = hesk_input( hesk_POST('name') ); if (!$savename) { $hesk_error_buffer .= '
  • ' . $hesklang['ent_saved_title'] . '
    • '; $errors[] = 'name'; } $msg = hesk_input( hesk_POST('msg') ); if (!$msg) { $hesk_error_buffer .= '
  • ' . $hesklang['ent_saved_msg'] . '
    • '; $errors[] = 'msg'; } // Avoid problems with utf-8 newline chars in Javascript code, detect and remove them $msg = preg_replace('/\R/u', "\r\n", $msg); $_SESSION['canned']['what'] = 'EDIT'; $_SESSION['canned']['id'] = $id; $_SESSION['canned']['name'] = $savename; $_SESSION['canned']['msg'] = $msg; $_SESSION['canned']['errors'] = $errors; /* Any errors? */ if (strlen($hesk_error_buffer)) { $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'manage_canned.php?saved_replies='.$id); } if ($hesk_settings['staff_ticket_formatting'] == 2) { // Decode the message we encoded earlier $msg_html = hesk_html_entity_decode($msg); // Clean the HTML code and set the plaintext version require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); require(HESK_PATH . 'inc/html2text/html2text.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $msg_html = $purifier->heskPurify($msg_html); $msg = convert_html_to_text($msg_html); $msg = fix_newlines($msg); // Replace regular newlines with \r\n to match regular plaintext storage... but then get rid of any accidental \r\r\n outputs $msg = str_replace("\n", "\r\n", $msg); $msg = str_replace("\r\r\n", "\r\n", $msg); // Re-encode the message $msg = hesk_htmlspecialchars($msg); } else { $msg_html = hesk_makeURL($msg); $msg_html = nl2br($msg_html); } $result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` SET `title`='".hesk_dbEscape($savename)."',`message`='".hesk_dbEscape($msg)."', `message_html`='".hesk_dbEscape($msg_html)."' WHERE `id`='".intval($id)."'"); $_SESSION['canned']['selcat2'] = $id; unset($_SESSION['canned']['what']); unset($_SESSION['canned']['id']); unset($_SESSION['canned']['name']); unset($_SESSION['canned']['msg']); unset($_SESSION['canned']['errors']); hesk_process_messages($hesklang['your_saved'],'manage_canned.php?saved_replies='.$id,'SUCCESS'); } // End edit_saved() function new_saved() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $hesk_error_buffer = ''; $errors = array(); $savename = hesk_input( hesk_POST('name') ); if (!$savename) { $hesk_error_buffer .= '
  • ' . $hesklang['ent_saved_title'] . '
    • '; $errors[] = 'name'; } $msg = hesk_input( hesk_POST('msg') ); if (!$msg) { $hesk_error_buffer .= '
  • ' . $hesklang['ent_saved_msg'] . '
    • '; $errors[] = 'msg'; } // Avoid problems with utf-8 newline chars in Javascript code, detect and remove them $msg = preg_replace('/\R/u', "\r\n", $msg); $_SESSION['canned']['what'] = 'NEW'; $_SESSION['canned']['name'] = $savename; $_SESSION['canned']['msg'] = $msg; $_SESSION['canned']['errors'] = $errors; /* Any errors? */ if (strlen($hesk_error_buffer)) { $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'manage_canned.php'); } if ($hesk_settings['staff_ticket_formatting'] == 2) { // Decode the message we encoded earlier $msg_html = hesk_html_entity_decode($msg); // Clean the HTML code and set the plaintext version require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); require(HESK_PATH . 'inc/html2text/html2text.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $msg_html = $purifier->heskPurify($msg_html); $msg = convert_html_to_text($msg_html); $msg = fix_newlines($msg); // Replace regular newlines with \r\n to match regular plaintext storage... but then get rid of any accidental \r\r\n outputs $msg = str_replace("\n", "\r\n", $msg); $msg = str_replace("\r\r\n", "\r\n", $msg); // Re-encode the message $msg = hesk_htmlspecialchars($msg); } else { $msg_html = hesk_makeURL($msg); $msg_html = nl2br($msg_html); } /* Get the latest reply_order */ $result = hesk_dbQuery('SELECT `reply_order` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'std_replies` ORDER BY `reply_order` DESC LIMIT 1'); $row = hesk_dbFetchRow($result); $my_order = isset($row[0]) ? intval($row[0]) + 10 : 10; hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` (`title`,`message`,`message_html`,`reply_order`) VALUES ('".hesk_dbEscape($savename)."','".hesk_dbEscape($msg)."','".hesk_dbEscape($msg_html)."','".intval($my_order)."')"); $_SESSION['canned']['selcat2'] = hesk_dbInsertID(); unset($_SESSION['canned']['what']); unset($_SESSION['canned']['name']); unset($_SESSION['canned']['msg']); unset($_SESSION['canned']['errors']); hesk_process_messages($hesklang['your_saved'],'manage_canned.php','SUCCESS'); } // End new_saved() function remove() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $mysaved = intval( hesk_GET('id') ) or hesk_error($hesklang['id_not_valid']); hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` WHERE `id`='".intval($mysaved)."'"); if (hesk_dbAffectedRows() != 1) { hesk_error("$hesklang[int_error]: $hesklang[reply_not_found]."); } hesk_process_messages($hesklang['saved_rem_full'],'manage_canned.php','SUCCESS'); } // End remove() function order_saved() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $replyid = intval( hesk_GET('replyid') ) or hesk_error($hesklang['reply_move_id']); $_SESSION['canned']['selcat2'] = $replyid; $reply_move = intval( hesk_GET('move') ); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` SET `reply_order`=`reply_order`+".intval($reply_move)." WHERE `id`='".intval($replyid)."'"); if (hesk_dbAffectedRows() != 1) {hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");} /* Update all category fields with new order */ $result = hesk_dbQuery('SELECT `id` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'std_replies` ORDER BY `reply_order` ASC'); $i = 10; while ($myreply=hesk_dbFetchAssoc($result)) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` SET `reply_order`=".intval($i)." WHERE `id`='".intval($myreply['id'])."'"); $i += 10; } header('Location: manage_canned.php'); exit(); } // End order_saved() ?> PK~3YNTTcustom_statuses.phpnu[= 100; // Did we reach the custom statuses limit? if ($reached_status_limit && $action !== 'edit_status') { hesk_show_info($hesklang['status_limit']); } ?>

    $status) { $status['span'] = isset($status['class']) ? '' : ''; $status['color'] = isset($status['class']) ? $status['span'] . '.' . $status['class'] . '' : $status['span'] . $status['color'] . ''; $status['tickets'] = isset($tickets_all[$tmp_id]) ? $tickets_all[$tmp_id] : 0; $status['can_customers_change'] = ! isset($status['can_customers_change']) ? '' : ($status['can_customers_change'] == 1 ? $hesklang['yes'] : $hesklang['no']); if (!$is_custom && $tmp_id > 5) { $is_custom = true; echo ' '; } $table_row = ''; if (isset($_SESSION['statusord']) && $_SESSION['statusord'] == $tmp_id) { $table_row = 'class="ticket-new"'; unset($_SESSION['statusord']); } ?> >
    ' . $hesklang['status_custom'] . '

    0): ?>

    >

    '; hesk_handle_messages(); echo '
    '; } $names = hesk_SESSION(array('new_status','names')); $errors = hesk_SESSION(array('new_status','errors')); $errors = is_array($errors) ? $errors : array(); if ($hesk_settings['can_sel_lang'] && count($hesk_settings['languages']) > 1) { echo '

    ' . $hesklang['status'] . '

    '; foreach ($hesk_settings['languages'] as $lang => $info) { ?>
    $error\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'custom_statuses.php'); } // Remove # from color $color = str_replace('#', '', $status['color']); // Add custom status data into database hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_statuses` SET `name` = '".hesk_dbEscape($status['names'])."', `color` = '{$color}', `can_customers_change` = '{$status['can_customers_change']}' WHERE `id`={$id}"); // Clear cache hesk_purge_cache('status'); // Show success $_SESSION['statusord'] = $id; hesk_process_messages($hesklang['status_mdf'],'custom_statuses.php','SUCCESS'); } // End save_status() function edit_status() { global $hesk_settings, $hesklang; // Get custom status ID $id = intval( hesk_GET('id') ) or hesk_error($hesklang['status_e_id']); // Get details from the database $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_statuses` WHERE `id`={$id} LIMIT 1"); if ( hesk_dbNumRows($res) != 1 ) { hesk_error($hesklang['status_not_found']); } $status = hesk_dbFetchAssoc($res); $status['names'] = json_decode($status['name'], true); unset($status['name']); $status['color'] = '#'.$status['color']; $_SESSION['new_status'] = $status; $_SESSION['edit_status'] = true; } // End edit_status() function update_status_order() { global $hesk_settings, $hesklang; // Get list of current custom statuses $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_statuses` ORDER BY `order` ASC"); // Update database $i = 10; while ( $status = hesk_dbFetchAssoc($res) ) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_statuses` SET `order`=".intval($i)." WHERE `id`='".intval($status['id'])."'"); $i += 10; } return true; } // END update_status_order() function remove_status() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get ID $id = intval( hesk_GET('id') ) or hesk_error($hesklang['status_e_id']); // Any tickets with this status? $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`, `status` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `status` = {$id}"); if (hesk_dbResult($res) > 0) { hesk_process_messages($hesklang['status_not_empty'],'./custom_statuses.php'); } // Reset the custom status hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_statuses` WHERE `id`={$id}"); // Were we successful? if ( hesk_dbAffectedRows() == 1 ) { // Update order update_status_order(); // Clear cache hesk_purge_cache('status'); // Delete custom status data from tickets hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `custom{$id}`=''"); // Show success message hesk_process_messages($hesklang['status_deleted'],'./custom_statuses.php','SUCCESS'); } else { hesk_process_messages($hesklang['status_not_found'],'./custom_statuses.php'); } } // End remove_status() function status_validate() { global $hesk_settings, $hesklang; global $hesk_error_buffer; $hesk_error_buffer = array(); // Get names $status['names'] = hesk_POST_array('name'); // Make sure only valid names pass foreach ($status['names'] as $key => $name) { if ( ! isset($hesk_settings['languages'][$key])) { unset($status['names'][$key]); } else { $name = is_array($name) ? '' : hesk_input($name, 0, 0, HESK_SLASH); if (strlen($name) < 1) { unset($status['names'][$key]); } else { $status['names'][$key] = stripslashes($name); } } } // No name entered? $errors = array(); if ( ! count($status['names'])) { $hesk_error_buffer[] = $hesklang['err_status']; $errors[] = 'names'; } // Color $status['color'] = hesk_validate_color_hex(hesk_POST('color')); // Can customers change it? $status['can_customers_change'] = hesk_POST('can_customers_change') ? 1 : 0; // Any errors? if (count($hesk_error_buffer)) { $_SESSION['new_status'] = $status; $_SESSION['new_status']['errors'] = $errors; return false; } $status['names'] = addslashes(json_encode($status['names'])); return $status; } // END status_validate() function new_status() { global $hesk_settings, $hesklang; global $hesk_error_buffer; // A security check # hesk_token_check('POST'); // Validate inputs if (($status = status_validate()) == false) { $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'custom_statuses.php'); } // Did we reach status limit? if (count($hesk_settings['statuses']) >= 100) { hesk_process_messages($hesklang['status_limit'],'custom_statuses.php'); } // Lowest available ID for custom statuses is 6 $next_id = 6; // Any existing statuses? if (count($hesk_settings['statuses']) > 6) { // The lowest currently used ID $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_statuses` ORDER BY `id` ASC LIMIT 1"); $lowest_id = hesk_dbResult($res); if ($lowest_id > 6) { $next_id = 6; } else { // Minimum next ID $res = hesk_dbQuery(" SELECT MIN(`t1`.`id` + 1) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_statuses` AS `t1` LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_statuses` AS `t2` ON `t1`.`id` + 1 = `t2`.`id` WHERE `t2`.`id` IS NULL" ); $next_id = hesk_dbResult($res); } } // Remove # from color $color = str_replace('#', '', $status['color']); // Insert custom status into database hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_statuses` (`id`, `name`, `color`, `can_customers_change`, `order`) VALUES (".intval($next_id).", '".hesk_dbEscape($status['names'])."', '{$color}', '{$status['can_customers_change']}', 990)"); // Update order update_status_order(); // Clear cache hesk_purge_cache('status'); $_SESSION['statusord'] = $next_id; // Show success hesk_process_messages($hesklang['status_added'],'custom_statuses.php','SUCCESS'); } // End new_status() function hesk_validate_color_hex($hex, $def = '#000000') { $hex = strtolower($hex); return preg_match('/^\#[a-f0-9]{6}$/', $hex) ? $hex : $def; } // END hesk_validate_color_hex() function hesk_get_text_color($bg_color) { // Get RGB values list($r, $g, $b) = sscanf($bg_color, "#%02x%02x%02x"); // Is Black a good text color? if (hesk_color_diff($r, $g, $b, 0, 0, 0) >= 500) { return '#000000'; } // Use white instead return '#ffffff'; } // END hesk_get_text_color() function hesk_color_diff($R1,$G1,$B1,$R2,$G2,$B2) { return max($R1,$R2) - min($R1,$R2) + max($G1,$G2) - min($G1,$G2) + max($B1,$B2) - min($B1,$B2); } // END hesk_color_diff() PK~3Y.22 elevator.phpnu[= 3) { hesk_forceLogout($hesklang['bf_int']); } $_SESSION['mfa_emails_sent']++; } else { $_SESSION['mfa_emails_sent'] = 1; } } elseif (hesk_POST('a') === 'verify') { $skip_email = true; $mfa_method = intval(hesk_POST('mfa-method')); if ($mfa_method === 0) { $pass = hesk_input( hesk_POST('verification-code') ); if ( ! $pass) { $error = $hesklang['enter_pass']; } elseif (strlen($pass) > 64) { $error = $hesklang['pass_len']; } else { hesk_limitInternalBfAttempts(); if (hesk_password_verify($pass, fetch_current_user_password())) { handle_successful_elevation(); } else { $error = $hesklang['wrong_pass']; } } hesk_process_messages($error, 'NOREDIRECT'); } else { hesk_limitInternalBfAttempts(); if (($mfa_method === 1 && is_mfa_email_code_valid($_SESSION['id'], hesk_POST('verification-code'))) || ($mfa_method === 2 && is_mfa_app_code_valid($_SESSION['id'], hesk_POST('verification-code')))) { handle_successful_elevation(); } else { // Verification failed hesk_process_messages($hesklang['mfa_invalid_verification_code'], 'NOREDIRECT'); } } } elseif (hesk_POST('a') === 'do_backup_code_verification') { $skip_email = true; hesk_limitInternalBfAttempts(); if (verify_mfa_backup_code($_SESSION['id'], hesk_POST('backup-code'))) { handle_successful_elevation(); } else { // Verification failed hesk_process_messages($hesklang['mfa_invalid_verification_code'], 'NOREDIRECT'); } } else { // Invalid action, something strange is going on... Let's force logout hesk_forceLogout($hesklang['invalid_action']); } } $message = ''; //$hesklang['elevator_intro'] . '

    '; if ($mfa_enrollment === 0) { $mfa_verify_option = 0; $message .= $hesklang['elevator_enter_password']; } elseif ($mfa_enrollment === 1) { // Email $mfa_verify_option = 1; // Unless the "Send another email" link was clicked, don't send a new email until the old one is valid if (! $skip_email && empty($force_send_email) && isset($_SESSION['skip_mfa_emails_until']) && $_SESSION['skip_mfa_emails_until'] > date('Y-m-d H:i:s')) { $skip_email = true; } // Don't send a new email each time a verification fails if (! $skip_email) { $verification_code = generate_mfa_code(); hash_and_store_mfa_verification_code($_SESSION['id'], $verification_code); send_mfa_email($_SESSION['name'], $_SESSION['email'], $verification_code); hesk_process_messages($hesklang['mfa_sent'], 'NOREDIRECT', 'INFO'); // Don't send a new email until the old one is valid (with 15 min buffer) unless explicitly asked to $skip_mfa_emails_until = new DateTime(); $skip_mfa_emails_until->add(new DateInterval('PT15M')); $_SESSION['skip_mfa_emails_until'] = $skip_mfa_emails_until->format('Y-m-d H:i:s'); } $message .= $hesklang['mfa_verification_needed_email']; } elseif ($mfa_enrollment === 2) { // Authenticator App $message .= $hesklang['mfa_verification_needed_auth_app']; $mfa_verify_option = 2; } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print main manage users page */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); ?>

     
     
    add(new DateInterval("P{$interval_amount}")); $_SESSION['elevated'] = $elevation_expiration; $elevator_target = hesk_SESSION('elevator_target', 'admin_main.php'); unset($_SESSION['elevator_target']); header('Location: ' . $elevator_target); exit(); } exit(); PK~3Y]manage_knowledgebase.phpnu[ 1); $result = hesk_dbQuery('SELECT `parent`, COUNT(*) AS `num` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` GROUP BY `parent`'); while ($row = hesk_dbFetchAssoc($result)) { $parent[$row['parent']] = $row['num']; } $parent_copy = $parent; //print_r($parent); // Get Knowledgebase structure $kb_cat = array(); $result = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` ORDER BY `parent` ASC, `cat_order` ASC'); while ($cat = hesk_dbFetchAssoc($result)) { // Can this category be moved at all? if ( $cat['id'] == 1 || // Main category cannot be moved ! isset($parent[$cat['parent']]) || // if the parent category isn't set $parent[$cat['parent']] < 2 // Less than 2 articles in category ) { $cat['move_up'] = false; $cat['move_down'] = false; } else { $cat['move_up'] = true; $cat['move_down'] = true; } $kb_cat[] = $cat; } //print_r($kb_cat); /* Translate main category "Knowledgebase" if needed */ $kb_cat[0]['name'] = $hesklang['kb_text']; require(HESK_PATH . 'inc/treemenu/TreeMenu.php'); $icon = 'icon-chevron-right'; $expandedIcon = 'icon-knowledge'; $menu = new HTML_TreeMenu(); $thislevel = array('0'); $nextlevel = array(); $i = 1; $j = 1; if (isset($_SESSION['KB_CATEGORY'])) { $selected_catid = intval($_SESSION['KB_CATEGORY']); } else { $selected_catid = 0; } while (count($kb_cat) > 0) { foreach ($kb_cat as $k=>$cat) { if (in_array($cat['parent'],$thislevel)) { $arrow = ($i - 2) % 10; $arrow_colors = array( 0 => '#5ac05a', 1 => '#a3a0ff', 2 => '#ff8184', 3 => '#e686ff', 4 => '#e19900', 5 => '#a9a9a9', 6 => '#db9696', 7 => '#b7ab00', 8 => '#a2602d', 9 => '#aff600' ); $up = $cat['parent']; $my = $cat['id']; $type = $cat['type'] ? '*' : ''; $selected = ($selected_catid == $my) ? 1 : 0; $cls = (isset($_SESSION['newcat']) && $_SESSION['newcat'] == $my) ? ' class="kbCatListON"' : ''; $text = str_replace('\\','\\\\',''.$cat['name'].'').$type.' ('.$cat['articles'].', '.$cat['articles_private'].', '.$cat['articles_draft'].') '; /* ' */ $text_short = $cat['name'].$type.' ('.$cat['articles'].', '.$cat['articles_private'].', '.$cat['articles_draft'].')'; $total_articles += $cat['articles']; // Generate KB menu icons $menu_icons = ''. ''. ''. ''. '   ' .''. ''. ''. ''. '   ' .''. ''. ''. ''. ' ' ; // Can this category be moved up? if ($cat['move_up'] == false || ($cat['move_up'] && $parent_copy[$cat['parent']] == $parent[$cat['parent']]) ) { $menu_icons .= ''. ''. ''. ''. ' '; } else { $menu_icons .= ''. ''. ''. ''. ' '; } // Can this category be moved down? if ($cat['move_down'] == false || ($cat['move_down'] && $parent_copy[$cat['parent']] == 1) ) { $menu_icons .= ''. ''. ''. ''. ' '; } else { $menu_icons .= ''. ''. ''. ''. ' '; } if (isset($node[$up])) { $HTML_TreeNode[$my] = new HTML_TreeNode(array('hesk_selected' => $selected, 'text' => $text, 'text_short' => $text_short, 'menu_icons' => $menu_icons, 'hesk_catid' => $cat['id'], 'hesk_select' => 'option'.$j, 'icon' => $icon, 'expandedIcon' => $expandedIcon, 'expanded' => true)); $node[$my] = &$node[$up]->addItem($HTML_TreeNode[$my]); } else { $node[$my] = new HTML_TreeNode(array('hesk_selected' => $selected, 'text' => $text, 'text_short' => $text_short, 'menu_icons' => $menu_icons, 'hesk_catid' => $cat['id'], 'hesk_select' => 'option'.$j, 'icon' => $icon, 'expandedIcon' => $expandedIcon, 'expanded' => true)); } $nextlevel[] = $cat['id']; $parent_copy[$cat['parent']]--; $j++; unset($kb_cat[$k]); } } $thislevel = $nextlevel; $nextlevel = array(); /* Break after 20 recursions to avoid hang-ups in case of any problems */ if ($i > 20) { break; } $i++; } $menu->addItem($node[1]); // Create the presentation class $HTML_TreeMenu_DHTML = new HTML_TreeMenu_DHTML($menu, array('images' => '../img', 'defaultClass' => 'treeMenuDefault', 'isDynamic' => true)); $treeMenu = & ref_new($HTML_TreeMenu_DHTML); $HTML_TreeMenu_Listbox = new HTML_TreeMenu_Listbox($menu); $listBox = & ref_new($HTML_TreeMenu_Listbox); /* Hide new article and new category forms by default */ if (!isset($_SESSION['hide'])) { $_SESSION['hide'] = array( //'treemenu' => 1, 'new_article' => 1, 'new_category' => 1, ); } /* Hide tree menu? */ if (!isset($_SESSION['hide']['treemenu'])) { ?>

    '; hesk_show_notice($hesklang['nkba']); echo '
    '; } ?>

    • >
    • >
      >
      >
    >


    >
    >
    '; show_treeMenu(); echo '
    '; } ?>

     

    '; } else { while ($article=hesk_dbFetchAssoc($result)) { // Check for articles with no existing parent category if ( ! isset($kb_cat[$article['catid']]) ) { $article['catid'] = hesk_stray_article($article['id']); } $table_row = 'class="'; if (isset($_SESSION['artord']) && $article['id'] == $_SESSION['artord']) { $table_row .= 'ticket-new '; unset($_SESSION['artord']); } if ($article['sticky']) { $table_row .= 'sticky'; } $table_row .= '"'; ?> >
    '.$hesklang['kb_no_dart'].'

    '; } else { while ($article=hesk_dbFetchAssoc($result)) { // Check for articles with no existing parent category if ( ! isset($kb_cat[$article['catid']]) ) { $article['catid'] = hesk_stray_article($article['id']); } $table_row = 'class="'; if (isset($_SESSION['artord']) && $article['id'] == $_SESSION['artord']) { $table_row = 'ticket-new '; unset($_SESSION['artord']); } if ($article['sticky']) { $table_row .= 'sticky'; } $table_row .= '"'; if ($hesk_settings['kb_rating']) { $alt = $article['rating'] ? sprintf($hesklang['kb_rated'], sprintf("%01.1f", $article['rating'])) : $hesklang['kb_not_rated']; $type = hesk3_get_rating($article['rating'], $article['votes']); } ?> >
    '.$hesklang['kb_no_part'].'
    1, //'new_article' => 1, 'new_category' => 1, ); $_SESSION['KB_CATEGORY'] = 1; // Get ticket ID $trackingID = hesk_cleanID(); if (empty($trackingID)) { return false; } // Get ticket info $res = hesk_dbQuery("SELECT `id`,`category`,`subject`,`message`,`owner` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { return false; } $ticket = hesk_dbFetchAssoc($res); // Permission to view this ticket? if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && ! hesk_checkPermission('can_view_ass_others',0)) { return false; } if ( ! $ticket['owner'] && ! hesk_checkPermission('can_view_unassigned',0)) { return false; } // Is this user allowed to view tickets inside this category? if ( ! hesk_okCategory($ticket['category'],0)) { return false; } // Set article contents if ($hesk_settings['kb_wysiwyg']) { // With WYSIWYG editor $_SESSION['new_article'] = array( 'html' => 1, 'subject' => $ticket['subject'], 'content' => hesk_htmlspecialchars($ticket['message']), ); } else { // Without WYSIWYG editor * $_SESSION['new_article'] = array( 'html' => 0, 'subject' => $ticket['subject'], 'content' => hesk_msgToPlain($ticket['message'], 0, 0), ); } // Get messages from replies to the ticket $res = hesk_dbQuery("SELECT `message` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` ASC"); while ($reply=hesk_dbFetchAssoc($res)) { if ($hesk_settings['kb_wysiwyg']) { $_SESSION['new_article']['content'] .= "

    " . hesk_htmlspecialchars($reply['message']); } else { $_SESSION['new_article']['content'] .= "\n\n" . hesk_msgToPlain($reply['message'], 0, 0); } } // Make sure everything is extra slashed as stripslashes will be called later $_SESSION['new_article']['subject'] = addslashes($_SESSION['new_article']['subject']); $_SESSION['new_article']['content'] = addslashes($_SESSION['new_article']['content']); hesk_process_messages($hesklang['import'],'NOREDIRECT','NOTICE'); } // END add_article() function add_article() { global $hesk_settings, $hesklang; $_SESSION['hide'] = array( 'treemenu' => 1, //'new_article' => 1, 'new_category' => 1, ); $_SESSION['KB_CATEGORY'] = intval( hesk_GET('catid', 1) ); } // END add_article() function add_category() { global $hesk_settings, $hesklang; $_SESSION['hide'] = array( 'treemenu' => 1, 'new_article' => 1, //'new_category' => 1, 'cat_treemenu' => 1, ); $_SESSION['KB_CATEGORY'] = intval( hesk_GET('parent', 1) ); } // END add_category() function remove_kb_att() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); $att_id = intval( hesk_GET('kb_att') ) or hesk_error($hesklang['inv_att_id']); $id = intval( hesk_GET('id', 1) ); // Get attachment details $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='".intval($att_id)."'"); // Does the attachment exist? if ( hesk_dbNumRows($res) != 1 ) { hesk_process_messages($hesklang['inv_att_id'], 'manage_knowledgebase.php'); } $att = hesk_dbFetchAssoc($res); // Delete the file if it exists hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$att['saved_name']); hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='".intval($att_id)."'"); $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id`='".intval($id)."'"); $art = hesk_dbFetchAssoc($res); // Make log entry $revision = sprintf($hesklang['thist12'],hesk_date(),$att['real_name'],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); // Remove attachment from article $art['attachments'] = str_replace($att_id.'#'.$att['real_name'].',','',$art['attachments']); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `attachments`='".hesk_dbEscape($art['attachments'])."', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($id)."'"); hesk_process_messages($hesklang['kb_att_rem'],'manage_knowledgebase.php?a=edit_article&id='.$id,'SUCCESS'); } // END remove_kb_att() function edit_category() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $_SESSION['hide'] = array( 'article_list' => 1, ); $hesk_error_buffer = array(); $catid = intval( hesk_POST('catid') ) or hesk_error($hesklang['kb_cat_inv']); $title = hesk_input( hesk_POST('title') ) or $hesk_error_buffer[] = $hesklang['kb_cat_e_title']; $parent = intval( hesk_POST('parent', 1) ); $type = empty($_POST['type']) ? 0 : 1; /* Category can't be it's own parent */ if ($parent == $catid) { $hesk_error_buffer[] = $hesklang['kb_spar']; } /* Any errors? */ if (count($hesk_error_buffer)) { $_SESSION['manage_cat'] = array( 'type' => $type, 'parent' => $parent, 'title' => $title, ); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'./manage_knowledgebase.php?a=manage_cat&catid='.$catid); } /* Delete category or just update it? */ if ( hesk_POST('dodelete')=='Y') { // Delete contents if ( hesk_POST('movearticles') == 'N') { // Delete all articles and all subcategories delete_category_recursive($catid); } // Move contents else { // -> Update category of articles in the category we are deleting hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `catid`=".intval($parent)." WHERE `catid`='".intval($catid)."'"); // -> Update parent category of subcategories hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `parent`=".intval($parent)." WHERE `parent`='".intval($catid)."'"); // -> Update article counts to make sure they are correct update_count(); } // Now delete the category hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."'"); // Clear KB cache hesk_purge_cache('kb'); $_SESSION['hide'] = array( //'treemenu' => 1, 'new_article' => 1, 'new_category' => 1, ); hesk_process_messages($hesklang['kb_cat_dlt'],'./manage_knowledgebase.php','SUCCESS'); } hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `name`='".hesk_dbEscape($title)."',`parent`=".intval($parent).",`type`='".intval($type)."' WHERE `id`='".intval($catid)."'"); unset($_SESSION['hide']); hesk_process_messages($hesklang['your_cat_mod'],'./manage_knowledgebase.php?a=manage_cat&catid='.$catid,'SUCCESS'); } // END edit_category() function save_article() { global $hesk_settings, $hesklang, $hesk_error_buffer; /* A security check */ hesk_token_check('POST'); $hesk_error_buffer = array(); $id = intval( hesk_POST('id') ) or hesk_error($hesklang['kb_art_id']); $catid = intval( hesk_POST('catid', 1) ); $type = intval( hesk_POST('type') ); $type = ($type < 0 || $type > 2) ? 0 : $type; $html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1); $now = hesk_date(); $old_catid = intval( hesk_POST('old_catid') ); $old_type = intval( hesk_POST('old_type') ); $old_type = ($old_type < 0 || $old_type > 2) ? 0 : $old_type; $from = hesk_POST('from'); if ( ! in_array($from, array('draft', 'private'))) { $from = 'manage_cat'; } $subject = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer[] = $hesklang['kb_e_subj']; if ($html) { if (empty($_POST['content'])) { $hesk_error_buffer[] = $hesklang['kb_e_cont']; } $content = hesk_getHTML( hesk_POST('content') ); // Clean the HTML code require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $content = $purifier->heskPurify($content); } else { $content = hesk_input( hesk_POST('content') ) or $hesk_error_buffer[] = $hesklang['kb_e_cont']; $content = nl2br($content); $content = hesk_makeURL($content); } $sticky = isset($_POST['sticky']) ? 1 : 0; $keywords = hesk_input( hesk_POST('keywords') ); $extra_sql = ''; if ( hesk_POST('resetviews')=='Y') { $extra_sql .= ',`views`=0 '; } if (hesk_POST('resetvotes')=='Y') { $extra_sql .= ',`votes`=0, `rating`=0 '; } /* Article attachments */ define('KB',1); require_once(HESK_PATH . 'inc/posting_functions.inc.php'); $attachments = array(); $use_legacy_attachments = hesk_POST('use-legacy-attachments', 0); $myattachments=''; if ($hesk_settings['attachments']['use']) { require_once(HESK_PATH . 'inc/attachments.inc.php'); if ($use_legacy_attachments) { for ($i=1; $i<=$hesk_settings['attachments']['max_number']; $i++) { $att = hesk_uploadFile($i); if ( ! empty($att)) { $attachments[$i] = $att; } } } else { // The user used the new drag-and-drop system. $temp_attachment_names = hesk_POST_array('attachments'); foreach ($temp_attachment_names as $temp_attachment_name) { $temp_attachment = hesk_getTemporaryAttachment($temp_attachment_name); if ($temp_attachment !== null) { $attachments[] = $temp_attachment; } } } } /* Any errors? */ if (count($hesk_error_buffer)) { // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use']) { if ($use_legacy_attachments) { hesk_removeAttachments($attachments); } else { $_SESSION['edit_attachments'] = $attachments; } } $_SESSION['edit_article'] = array( 'type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input( hesk_POST('content') ), 'keywords' => $keywords, 'catid' => $catid, 'sticky' => $sticky, 'resetviews' => (isset($_POST['resetviews']) ? 'Y' : 0), 'resetvotes' => (isset($_POST['resetvotes']) ? 'Y' : 0), ); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'./manage_knowledgebase.php?a=edit_article&id='.$id.'&from='.$from); } /* Add to database */ if (!empty($attachments)) { if (!$use_legacy_attachments) { $attachments = hesk_migrateTempAttachments($attachments); } foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($myatt['saved_name'])."', '".hesk_dbEscape($myatt['real_name'])."', '".intval($myatt['size'])."')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .','; } $extra_sql .= ", `attachments` = CONCAT(`attachments`, '".$myattachments."') "; } /* Update article in the database */ $revision = sprintf($hesklang['revision2'],$now,addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `catid`=".intval($catid).", `subject`='".hesk_dbEscape($subject)."', `content`='".hesk_dbEscape($content)."', `keywords`='".hesk_dbEscape($keywords)."' $extra_sql , `type`='".intval($type)."', `html`='".intval($html)."', `sticky`='".intval($sticky)."', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($id)."'"); $_SESSION['artord'] = $id; // Update proper category article count // (just do them all to be sure, don't compliate...) update_count(); // Update article order update_article_order($catid); // Clear KB cache hesk_purge_cache('kb'); // Redirect to the correct page switch ($from) { case 'draft': $redirect_action = 'a=list_draft'; break; case 'private': $redirect_action = 'a=list_private'; break; default: $redirect_action = 'a=manage_cat&catid='.$catid; break; } hesk_process_messages($hesklang['your_kb_mod'],'./manage_knowledgebase.php?'.$redirect_action,'SUCCESS'); } // END save_article() function edit_article() { global $hesk_settings, $hesklang, $listBox; $hesk_error_buffer = array(); $id = intval( hesk_GET('id') ) or hesk_process_messages($hesklang['kb_art_id'],'./manage_knowledgebase.php'); /* Get article details */ $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id`='".intval($id)."' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_process_messages($hesklang['kb_art_id'],'./manage_knowledgebase.php'); } $article = hesk_dbFetchAssoc($result); // If we're in plain text mode, convert any HTML message safely to text if ( ! $hesk_settings['kb_wysiwyg'] && ! $article['html']) { // Clean the HTML code and set the plaintext version require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); require(HESK_PATH . 'inc/html2text/html2text.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $article['content'] = $purifier->heskPurify($article['content']); $article['content'] = convert_html_to_text($article['content']); $article['content'] = fix_newlines($article['content']); } $article['content'] = hesk_htmlspecialchars($article['content']); $catid = $article['catid']; $from = hesk_GET('from'); if (isset($_SESSION['edit_article'])) { $_SESSION['edit_article'] = hesk_stripArray($_SESSION['edit_article']); $article['type'] = $_SESSION['edit_article']['type']; $article['html'] = $_SESSION['edit_article']['html']; $article['subject'] = $_SESSION['edit_article']['subject']; $article['content'] = $_SESSION['edit_article']['content']; $article['keywords'] = $_SESSION['edit_article']['keywords']; $article['catid'] = $_SESSION['edit_article']['catid']; $article['sticky'] = $_SESSION['edit_article']['sticky']; } /* Get categories */ $result = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` ORDER BY `parent` ASC, `cat_order` ASC'); $kb_cat = array(); while ($cat = hesk_dbFetchAssoc($result)) { $kb_cat[] = $cat; if ($cat['id'] == $article['catid']) { $this_cat = $cat; $this_cat['parent'] = $article['catid']; } } /* Translate main category "Knowledgebase" if needed */ $kb_cat[0]['name'] = $hesklang['kb_text']; require(HESK_PATH . 'inc/treemenu/TreeMenu.php'); $icon = 'icon-chevron-right'; $expandedIcon = 'icon-knowledge'; $menu = new HTML_TreeMenu(); $thislevel = array('0'); $nextlevel = array(); $i = 1; $j = 1; while (count($kb_cat) > 0) { foreach ($kb_cat as $k=>$cat) { if (in_array($cat['parent'],$thislevel)) { $up = $cat['parent']; $my = $cat['id']; $type = $cat['type'] ? '*' : ''; $text_short = $cat['name'].$type.' ('.$cat['articles'].', '.$cat['articles_private'].', '.$cat['articles_draft'].')'; if (isset($node[$up])) { $HTML_TreeNode[$my] = new HTML_TreeNode(array('hesk_parent' => $this_cat['parent'], 'text' => 'Text', 'text_short' => $text_short, 'hesk_catid' => $cat['id'], 'hesk_select' => 'option'.$j, 'icon' => $icon, 'expandedIcon' => $expandedIcon, 'expanded' => true)); $node[$my] = &$node[$up]->addItem($HTML_TreeNode[$my]); } else { $node[$my] = new HTML_TreeNode(array('hesk_parent' => $this_cat['parent'], 'text' => 'Text', 'text_short' => $text_short, 'hesk_catid' => $cat['id'], 'hesk_select' => 'option'.$j, 'icon' => $icon, 'expandedIcon' => $expandedIcon, 'expanded' => true)); } $nextlevel[] = $cat['id']; $j++; unset($kb_cat[$k]); } } $thislevel = $nextlevel; $nextlevel = array(); /* Break after 20 recursions to avoid hang-ups in case of any problems */ if ($i > 20) { break; } $i++; } $menu->addItem($node[1]); // Create the presentation class $HTML_TreeMenu_Listbox = new HTML_TreeMenu_Listbox($menu); $listBox = & ref_new($HTML_TreeMenu_Listbox); /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print main manage users page */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* This will handle error, success and notice messages */ hesk_handle_messages(); if ($hesk_settings['kb_wysiwyg']) { hesk_tinymce_init('#content'); } ?>

    • >
      >
      >
    • >
      >
      >


    » '; echo ''.$att_name.'
    '; } echo '
    '; } // New attachments if ($hesk_settings['attachments']['use']) { require_once(HESK_PATH . 'inc/attachments.inc.php'); build_dropzone_markup(true); display_dropzone_field(HESK_PATH . 'upload_attachment.php', true); dropzone_display_existing_files(hesk_SESSION_array('edit_attachments')); hesk_cleanSessionVars('edit_attachments'); } ?>

    0) { foreach ($kb_cat as $k=>$cat) { if ($cat['id'] == $catid) { continue; } if (in_array($cat['parent'],$thislevel)) { $up = $cat['parent']; $my = $cat['id']; $type = $cat['type'] ? '*' : ''; $text_short = $cat['name'].$type.' ('.$cat['articles'].', '.$cat['articles_private'].', '.$cat['articles_draft'].')'; if (isset($node[$up])) { $HTML_TreeNode[$my] = new HTML_TreeNode(array('hesk_parent' => $this_cat['parent'], 'text' => 'Text', 'text_short' => $text_short, 'hesk_catid' => $cat['id'], 'hesk_select' => 'option'.$j, 'icon' => $icon, 'expandedIcon' => $expandedIcon, 'expanded' => true)); $node[$my] = &$node[$up]->addItem($HTML_TreeNode[$my]); } else { $node[$my] = new HTML_TreeNode(array('hesk_parent' => $this_cat['parent'], 'text' => 'Text', 'text_short' => $text_short, 'hesk_catid' => $cat['id'], 'hesk_select' => 'option'.$j, 'icon' => $icon, 'expandedIcon' => $expandedIcon, 'expanded' => true)); } $nextlevel[] = $cat['id']; $j++; unset($kb_cat[$k]); } } $thislevel = $nextlevel; $nextlevel = array(); /* Break after 20 recursions to avoid hang-ups in case of any problems */ if ($i > 20) { break; } $i++; } $menu->addItem($node[1]); // Create the presentation class $HTML_TreeMenu_Listbox = new HTML_TreeMenu_Listbox($menu); $listBox = & ref_new($HTML_TreeMenu_Listbox); /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print main manage users page */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); hesk_handle_messages(); echo '
    '; if ( ! isset($_SESSION['hide']['article_list'])) { ?>

    '; } else { /* Get number of sticky articles */ $res2 = hesk_dbQuery("SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='{$catid}' AND `sticky` = '1' "); $num_sticky = hesk_dbResult($res2); $num_nosticky = $num - $num_sticky; $i=1; $j=1; $k=1; $previous_sticky=1; $num = $num_sticky; while ($article=hesk_dbFetchAssoc($result)) { if ($previous_sticky != $article['sticky']) { $k = 1; $num = $num_nosticky; $previous_sticky = $article['sticky']; } $table_row = 'class="'; if (isset($_SESSION['artord']) && $article['id'] == $_SESSION['artord']) { $table_row .= 'ticket-new '; unset($_SESSION['artord']); } if ($article['sticky']) { $table_row .= 'sticky'; } $table_row .= '"'; $i = $i ? 0 : 1; // Status switch ($article['type']) { case '1': $type = '
    ' . $hesklang['kb_private'] . '
    '; break; case '2': $type = '
    ' . $hesklang['kb_draft'] . '
    '; break; default: $type = '
    ' . $hesklang['kb_published'] . '
    '; } if ($hesk_settings['kb_rating'] && $article['type'] != '2') { $type .= hesk3_get_rating($article['rating'], $article['votes']); } ?> >
    '.$hesklang['kb_no_art'].'
    1) { if ($k == 1) { ?> 1 || $num_nosticky > 1 ) { echo ' '; } ?> >

    '.$hesklang['kb_i_cat2'].''; ?>
    >
    >
    '; echo ' 
     '; /* Clean unneeded session variables */ hesk_cleanSessionVars(array('hide','manage_cat','edit_article')); require_once(HESK_PATH . 'inc/footer.inc.php'); exit(); } // END manage_category() function new_category() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $_SESSION['hide'] = array( 'treemenu' => 1, 'new_article' => 1, //'new_category' => 1, ); $parent = intval( hesk_POST('parent', 1) ); $type = empty($_POST['type']) ? 0 : 1; $_SESSION['KB_CATEGORY'] = $parent; $_SERVER['PHP_SELF'] = 'manage_knowledgebase.php'; /* Check that title is valid */ $title = hesk_input( hesk_POST('title') ); if (!strlen($title)) { $_SESSION['new_category'] = array( 'type' => $type, ); hesk_process_messages($hesklang['kb_cat_e_title'],$_SERVER['PHP_SELF']); } /* Get the latest reply_order */ $res = hesk_dbQuery('SELECT `cat_order` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` ORDER BY `cat_order` DESC LIMIT 1'); $row = hesk_dbFetchRow($res); $my_order = isset($row[0]) ? intval($row[0]) + 10 : 10; $result = hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` (`name`,`parent`,`cat_order`,`type`) VALUES ('".hesk_dbEscape($title)."','".intval($parent)."','".intval($my_order)."','".intval($type)."')"); $_SESSION['newcat'] = hesk_dbInsertID(); $_SESSION['hide'] = array( 'treemenu' => 1, 'new_article' => 1, //'new_category' => 1, 'cat_treemenu' => 1, ); hesk_process_messages($hesklang['kb_cat_added2'],$_SERVER['PHP_SELF'],'SUCCESS'); } // End new_category() function new_article() { global $hesk_settings, $hesklang, $listBox; global $hesk_error_buffer; /* A security check */ # hesk_token_check('POST'); $_SESSION['hide'] = array( 'treemenu' => 1, //'new_article' => 1, 'new_category' => 1, ); $hesk_error_buffer = array(); $catid = intval( hesk_POST('catid', 1) ); $type = empty($_POST['type']) ? 0 : (hesk_POST('type') == 2 ? 2 : 1); $html = $hesk_settings['kb_wysiwyg'] ? 1 : (empty($_POST['html']) ? 0 : 1); $now = hesk_date(); // Prevent submitting duplicate articles by reloading manage_knowledgebase.php page if (isset($_SESSION['article_submitted'])) { header('Location:manage_knowledgebase.php?a=manage_cat&catid=' . $catid); exit(); } $_SESSION['KB_CATEGORY'] = $catid; $subject = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer[] = $hesklang['kb_e_subj']; if ($html) { if (empty($_POST['content'])) { $hesk_error_buffer[] = $hesklang['kb_e_cont']; } $content = hesk_getHTML( hesk_POST('content') ); // Clean the HTML code require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php'); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']); $content = $purifier->heskPurify($content); } else { $content = hesk_input( hesk_POST('content') ) or $hesk_error_buffer[] = $hesklang['kb_e_cont']; $content = nl2br($content); $content = hesk_makeURL($content); } $sticky = isset($_POST['sticky']) ? 1 : 0; $keywords = hesk_input( hesk_POST('keywords') ); /* Article attachments */ define('KB',1); require_once(HESK_PATH . 'inc/posting_functions.inc.php'); $attachments = array(); $use_legacy_attachments = hesk_POST('use-legacy-attachments', 0); $myattachments=''; if ($hesk_settings['attachments']['use']) { require_once(HESK_PATH . 'inc/attachments.inc.php'); if ($use_legacy_attachments) { for ($i=1; $i<=$hesk_settings['attachments']['max_number']; $i++) { $att = hesk_uploadFile($i); if ( ! empty($att)) { $attachments[$i] = $att; } } } else { // The user used the new drag-and-drop system. $temp_attachment_names = hesk_POST_array('attachments'); foreach ($temp_attachment_names as $temp_attachment_name) { $temp_attachment = hesk_getTemporaryAttachment($temp_attachment_name); if ($temp_attachment !== null) { $attachments[] = $temp_attachment; } } } } /* Any errors? */ if (count($hesk_error_buffer)) { // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use']) { if ($use_legacy_attachments) { hesk_removeAttachments($attachments); } else { $_SESSION['edit_attachments'] = $attachments; } } $_SESSION['new_article'] = array( 'type' => $type, 'html' => $html, 'subject' => $subject, 'content' => hesk_input( hesk_POST('content') ), 'keywords' => $keywords, 'sticky' => $sticky, ); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['rfm'].'

    '; hesk_process_messages($hesk_error_buffer,'manage_knowledgebase.php'); } $revision = sprintf($hesklang['revision1'],$now,addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); /* Add to database */ if ( ! empty($attachments)) { if (!$use_legacy_attachments) { $attachments = hesk_migrateTempAttachments($attachments); } foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` (`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .','; } } /* Get the latest reply_order */ $res = hesk_dbQuery("SELECT `art_order` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($catid)."' AND `sticky` = '" . intval($sticky) . "' ORDER BY `art_order` DESC LIMIT 1"); $row = hesk_dbFetchRow($res); $my_order = isset($row[0]) ? intval($row[0]) + 10 : 10; /* Insert article into database */ hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` (`catid`,`dt`,`author`,`subject`,`content`,`keywords`,`type`,`html`,`sticky`,`art_order`,`history`,`attachments`) VALUES ( '".intval($catid)."', NOW(), '".intval($_SESSION['id'])."', '".hesk_dbEscape($subject)."', '".hesk_dbEscape($content)."', '".hesk_dbEscape($keywords)."', '".intval($type)."', '".intval($html)."', '".intval($sticky)."', '".intval($my_order)."', '".hesk_dbEscape($revision)."', '".hesk_dbEscape($myattachments)."' )"); $_SESSION['artord'] = hesk_dbInsertID(); // Update category article count if ($type == 0) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles`=`articles`+1 WHERE `id`='".intval($catid)."'"); } else if ($type == 1) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles_private`=`articles_private`+1 WHERE `id`='".intval($catid)."'"); } else { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles_draft`=`articles_draft`+1 WHERE `id`='".intval($catid)."'"); } // Clear KB cache hesk_purge_cache('kb'); unset($_SESSION['hide']); $_SESSION['article_submitted']=1; hesk_process_messages($hesklang['your_kb_added'],'NOREDIRECT','SUCCESS'); $_GET['catid'] = $catid; manage_category(); } // End new_article() function remove_article() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $id = intval( hesk_GET('id') ) or hesk_error($hesklang['kb_art_id']); /* Get article details */ $result = hesk_dbQuery("SELECT `catid`, `type`, `attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id`='".intval($id)."' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_error($hesklang['kb_art_id']); } $article = hesk_dbFetchAssoc($result); $catid = intval($article['catid']); $from = hesk_GET('from'); $result = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id`='".intval($id)."'"); // Remove any attachments delete_kb_attachments($article['attachments']); // Update category article count if ($article['type'] == 0) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles`=`articles`-1 WHERE `id`='{$catid}'"); } else if ($article['type'] == 1) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles_private`=`articles_private`-1 WHERE `id`='{$catid}'"); } else { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles_draft`=`articles_draft`-1 WHERE `id`='{$catid}'"); } // Clear KB cache hesk_purge_cache('kb'); // Redirect to the correct page switch ($from) { case 'draft': $redirect_action = 'a=list_draft'; break; case 'private': $redirect_action = 'a=list_private'; break; default: $redirect_action = 'a=manage_cat&catid='.$catid; break; } hesk_process_messages($hesklang['your_kb_deleted'],'./manage_knowledgebase.php?'.$redirect_action,'SUCCESS'); } // End remove_article() function order_category() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $catid = intval( hesk_GET('catid') ) or hesk_error($hesklang['kb_cat_inv']); $move = intval( hesk_GET('move') ); $_SESSION['newcat'] = $catid; $result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `cat_order`=`cat_order`+".intval($move)." WHERE `id`='".intval($catid)."'"); if (hesk_dbAffectedRows() != 1) { hesk_error($hesklang['kb_cat_inv']); } update_category_order(); header('Location: manage_knowledgebase.php'); exit(); } // End order_category() function order_article() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $id = intval( hesk_GET('id') ) or hesk_error($hesklang['kb_art_id']); $catid = intval( hesk_GET('catid') ) or hesk_error($hesklang['kb_cat_inv']); $move = intval( hesk_GET('move') ); $_SESSION['artord'] = $id; $result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `art_order`=`art_order`+".intval($move)." WHERE `id`='".intval($id)."'"); if (hesk_dbAffectedRows() != 1) { hesk_error($hesklang['kb_art_id']); } /* Update article order */ update_article_order($catid); header('Location: manage_knowledgebase.php?a=manage_cat&catid='.$catid); exit(); } // End order_article() function show_treeMenu() { global $hesk_settings, $hesklang, $treeMenu; ?>

    printMenu(); ?>
    (1, 2, 3) =
    '.$hesklang['gopr'].'     '; $link['newa'] = ' '.$hesklang['kb_i_art'].'     '; $link['newc'] = ' '.$hesklang['kb_i_cat'].'     '; $link['fbid'] = '
    '. $hesklang['aid'] .':
    '; if ($hide && isset($link[$hide])) { $link[$hide] = preg_replace('##', '', $link[$hide]); $link[$hide] = str_replace('','',$link[$hide]); } echo $link['view']; echo $link['newa']; echo $link['newc']; echo $link['fbid']; /* This will handle error, success and notice messages */ hesk_handle_messages(); return $catid; } // End show_subnav() function toggle_sticky() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $id = intval( hesk_GET('id') ) or hesk_error($hesklang['kb_art_id']); $catid = intval( hesk_GET('catid') ) or hesk_error($hesklang['kb_cat_inv']); $sticky = empty($_GET['s']) ? 0 : 1; $_SESSION['artord'] = $id; /* Update article "sticky" status */ hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `sticky`='" . intval($sticky) . " ' WHERE `id`='" . intval($id) . "'"); /* Update article order */ update_article_order($catid); $tmp = $sticky ? $hesklang['ason'] : $hesklang['asoff']; hesk_process_messages($tmp, './manage_knowledgebase.php?a=manage_cat&catid='.$catid,'SUCCESS'); } // END toggle_sticky() function update_article_order($catid) { global $hesk_settings, $hesklang; /* Get list of current articles ordered by sticky and article order */ $res = hesk_dbQuery("SELECT `id`, `sticky` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($catid)."' ORDER BY `sticky` DESC, `art_order` ASC"); $i = 10; $previous_sticky = 1; while ( $article = hesk_dbFetchAssoc($res) ) { /* Different count for sticky and non-sticky articles */ if ($previous_sticky != $article['sticky']) { $i = 10; $previous_sticky = $article['sticky']; } hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `art_order`=".intval($i)." WHERE `id`='".intval($article['id'])."'"); $i += 10; } return true; } // END update_article_order() function update_category_order() { global $hesk_settings, $hesklang; /* Get list of current articles ordered by sticky and article order */ $res = hesk_dbQuery('SELECT `id`, `parent` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` ORDER BY `parent` ASC, `cat_order` ASC'); $i = 10; while ( $category = hesk_dbFetchAssoc($res) ) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `cat_order`=".intval($i)." WHERE `id`='".intval($category['id'])."'"); $i += 10; } return true; } // END update_category_order() function update_count($show_success=0) { global $hesk_settings, $hesklang; $update_these = array(); // Get a count of all articles grouped by category and type $res = hesk_dbQuery('SELECT `catid`, `type`, COUNT(*) AS `num` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` GROUP BY `catid`, `type`'); while ( $row = hesk_dbFetchAssoc($res) ) { switch ($row['type']) { case 0: $update_these[$row['catid']]['articles'] = $row['num']; break; case 1: $update_these[$row['catid']]['articles_private'] = $row['num']; break; default: $update_these[$row['catid']]['articles_draft'] = $row['num']; } } // Set all article counts to 0 hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles`=0, `articles_private`=0, `articles_draft`=0"); // Now update categories that have articles with correct values foreach ($update_these as $catid => $value) { $value['articles'] = isset($value['articles']) ? $value['articles'] : 0; $value['articles_private'] = isset($value['articles_private']) ? $value['articles_private'] : 0; $value['articles_draft'] = isset($value['articles_draft']) ? $value['articles_draft'] : 0; hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles`={$value['articles']}, `articles_private`={$value['articles_private']}, `articles_draft`={$value['articles_draft']} WHERE `id`='{$catid}'"); } // Show a success message? if ($show_success) { hesk_process_messages($hesklang['acv'], 'NOREDIRECT','SUCCESS'); } return true; } // END update_count() function delete_category_recursive($catid) { global $hesk_settings, $hesklang; $catid = intval($catid); // Don't allow infinite loops... just in case $hesk_settings['recursive_loop'] = isset($hesk_settings['recursive_loop']) ? $hesk_settings['recursive_loop'] + 1 : 1; if ($hesk_settings['recursive_loop'] > 20) { return false; } // Make sure any attachments are deleted $result = hesk_dbQuery("SELECT `attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='{$catid}'"); while ($article = hesk_dbFetchAssoc($result)) { delete_kb_attachments($article['attachments']); } // Remove articles from database hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='{$catid}'"); // Delete all sub-categories $result = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='{$catid}'"); while ($cat = hesk_dbFetchAssoc($result)) { delete_category_recursive($cat['id']); } return true; } // END delete_category_recursive() function delete_kb_attachments($attachments) { global $hesk_settings, $hesklang; // If nothing to delete just return if (empty($attachments)) { return true; } // Do the delete $att = explode(',',substr($attachments, 0, -1)); foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); // Get attachment saved name $result = hesk_dbQuery("SELECT `saved_name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1"); if (hesk_dbNumRows($result) == 1) { $file = hesk_dbFetchAssoc($result); hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$file['saved_name']); } $result = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='".intval($att_id)."'"); } return true; } // delete_kb_attachments() function hesk_stray_article($id) { global $hesk_settings, $hesklang, $article; // Set article to category ID 1 $article['catid'] = 1; // Update database hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `catid`=1 WHERE `id`='".intval($id)."'"); // Update count of articles in categories update_count(); // Return new category ID return 1; } // END hesk_stray_article() ?> PK~3Yw/Z$3$3banned_ips.phpnu[

    • 123.0.0.0
    • 123.0.0.1 - 123.0.0.53
    • 123.0.0.0/24
    • 123.0.*.*
    = ".intval($hesk_settings['attempt_limit'])." AND `last_attempt` > (NOW() - INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE)"); $num = hesk_dbNumRows($res); if ($num > 0): ?>

    >
    = 0 && $matches[4] <= 32) { list($ip_from, $ip_to) = hesk_cidr_to_range($ip); } // Not a valid input else { hesk_process_messages($hesklang['validbanip'],'banned_ips.php'); } if ($ip_from === false || $ip_to === false) { hesk_process_messages($hesklang['validbanip'],'banned_ips.php'); } // Make sure we have valid ranges if ($ip_from < 0) { $ip_from += 4294967296; } elseif ($ip_from > 4294967296) { $ip_from = 4294967296; } if ($ip_to < 0) { $ip_to += 4294967296; } elseif ($ip_to > 4294967296) { $ip_to = 4294967296; } // Make sure $ip_to is not lower that $ip_from if ($ip_to < $ip_from) { $tmp = $ip_to; $ip_to = $ip_from; $ip_from = $tmp; } // Is this IP address already banned? $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE {$ip_from} BETWEEN `ip_from` AND `ip_to` AND {$ip_to} BETWEEN `ip_from` AND `ip_to` LIMIT 1"); if ( hesk_dbNumRows($res) == 1 ) { $_SESSION['ban_ip']['id'] = hesk_dbResult($res); $hesklang['ipbanexists'] = ($ip_to == $ip_from) ? sprintf($hesklang['ipbanexists'], long2ip($ip_to) ) : sprintf($hesklang['iprbanexists'], long2ip($ip_from).' - '.long2ip($ip_to) ); hesk_process_messages($hesklang['ipbanexists'],'banned_ips.php','NOTICE'); } // Delete any duplicate banned IP or ranges that are within the new banned range hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE `ip_from` >= {$ip_from} AND `ip_to` <= {$ip_to}"); // Delete temporary bans from logins table if ($ip_to == $ip_from) { hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape($ip_display)."'"); } // Redirect either to banned ips or ticket page from now on $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_ips.php'; // Insert the ip address into database hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` (`ip_from`,`ip_to`,`ip_display`,`banned_by`) VALUES ({$ip_from}, {$ip_to},'".hesk_dbEscape($ip_display)."','".intval($_SESSION['id'])."')"); // Remember ip that got banned $_SESSION['ban_ip']['id'] = hesk_dbInsertID(); // Generate success message $hesklang['ip_banned'] = ($ip_to == $ip_from) ? sprintf($hesklang['ip_banned'], long2ip($ip_to) ) : sprintf($hesklang['ip_rbanned'], long2ip($ip_from).' - '.long2ip($ip_to) ); // Show success hesk_process_messages( sprintf($hesklang['ip_banned'], $ip) ,$redirect_to,'SUCCESS'); } // End ban_ip() function unban_temp_ip() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get the ip $ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip') ); // Delete from bans hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='" . hesk_dbEscape($ip) . "'"); // Show success hesk_process_messages($hesklang['ip_tempun'],'banned_ips.php','SUCCESS'); } // End unban_temp_ip() function unban_ip() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Delete from bans hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE `id`=" . intval( hesk_GET('id') ) ); // Redirect either to banned ips or ticket page from now on $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_ips.php'; // Show success hesk_process_messages($hesklang['ip_unbanned'],$redirect_to,'SUCCESS'); } // End unban_ip() function hesk_cidr_to_range($cidr) { $range = array(); $cidr = explode('/', $cidr); $range[0] = (ip2long($cidr[0])) & ((-1 << (32 - (int)$cidr[1]))); $range[1] = (ip2long($cidr[0])) + pow(2, (32 - (int)$cidr[1])) - 1; return $range; } // END hesk_cidr_to_range() ?> PK~3YϾ|!V!V admin_settings_knowledgebase.phpnu[PK~3Y_|OOqVmanage_ticket_templates.phpnu[PK~3Yx x lock.phpnu[PK~3Y/UGassign_owner.phpnu[PK~3Y%%Kgenerate_spam_question.phpnu[PK~3YkSSshow_tickets.phpnu[PK~3Y%Mchange_status.phpnu[PK~3Y11Õanonymize_ticket.phpnu[PK~3YY )lQlQudelete_tickets.phpnu[PK~3YJr((#;admin_settings_general.phpnu[PK~3YY㎿manage_users.phpnu[PK~3YЧ/7/7cadmin_settings_help_desk.phpnu[PK~3YJXX޷oauth_providers.phpnu[PK~3Yq3lMlMmanage_categories.phpnu[PK~3Yg ^edit_post.phpnu[PK~3Y$6!BB? admin_reply_ticket.phpnu[PK~3Y/:_yINresend_notification.phpnu[PK~3Y8''j`admin_settings_ticket_list.phpnu[PK~3YvWmWmJmail.phpnu[PK~3YA edit_note.phpnu[PK~3Y:)=rremail_templates.phpnu[PK~3Y&d! xindex.phpnu[PK~3YdR module_escalate.phpnu[PK~3YSK  #test_connection.phpnu[PK~3YGvnn"/new_ticket.phpnu[PK~3YNNsave_ticket_draft_async.phpnu[PK~3YEYYgexport_ticket.phpnu[PK~3Yeb""banned_emails.phpnu[PK~3YZ|(/O/OU?knowledgebase_private.phpnu[PK~3YAw::͎manage_mfa.phpnu[PK~3YO*ladmin_main.phpnu[PK~3Y2{-w-wservice_messages.phpnu[PK~3Y23 pW module_satisfaction.phpnu[PK~3Y! a module_statistics.phpnu[PK~3YyC\\ m export.phpnu[PK~3Y`B>JO O 6 admin_suggest_articles.phpnu[PK~3YfC44  password.phpnu[PK~3Y݇~L~L admin_submit_ticket.phpnu[PK~3Y&ܨ,X,XV admin_settings_misc.phpnu[PK~3Y|