Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

339 lines
14 KiB

  1. <?php
  2. /**
  3. *
  4. * This file is part of HESK - PHP Help Desk Software.
  5. *
  6. * (c) Copyright Klemen Stirn. All rights reserved.
  7. * http://www.hesk.com
  8. *
  9. * For the full copyright and license agreement information visit
  10. * http://www.hesk.com/eula.php
  11. *
  12. */
  13. define('IN_SCRIPT', 1);
  14. define('HESK_PATH', '../');
  15. define('PAGE_TITLE', 'ADMIN_TOOLS');
  16. /* Get all the required files and functions */
  17. require(HESK_PATH . 'hesk_settings.inc.php');
  18. require(HESK_PATH . 'inc/common.inc.php');
  19. require(HESK_PATH . 'inc/admin_functions.inc.php');
  20. require(HESK_PATH . 'inc/mail_functions.inc.php');
  21. hesk_load_database_functions();
  22. hesk_session_start();
  23. hesk_dbConnect();
  24. hesk_isLoggedIn();
  25. /* Check permissions for this feature */
  26. hesk_checkPermission('can_ban_emails');
  27. $can_unban = hesk_checkPermission('can_unban_emails', 0);
  28. // Define required constants
  29. define('LOAD_TABS', 1);
  30. // What should we do?
  31. if ($action = hesk_REQUEST('a')) {
  32. if (defined('HESK_DEMO')) {
  33. hesk_process_messages($hesklang['ddemo'], 'banned_emails.php', 'NOTICE');
  34. } elseif ($action == 'ban') {
  35. ban_email();
  36. } elseif ($action == 'unban' && $can_unban) {
  37. unban_email();
  38. }
  39. }
  40. /* Print header */
  41. require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
  42. /* Print main manage users page */
  43. require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
  44. ?>
  45. <section class="content">
  46. <div class="box">
  47. <div class="box-body">
  48. <div class="nav-tabs-custom">
  49. <ul class="nav nav-tabs" role="tablist">
  50. <li role="presentation" class="active">
  51. <a href="#"><?php echo $hesklang['banemail']; ?> <i class="fa fa-question-circle settingsquestionmark"
  52. onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banemail_intro']); ?>')"></i></a>
  53. </li>
  54. <?php
  55. // Show a link to banned_ips.php if user has permission to do so
  56. if (hesk_checkPermission('can_ban_ips', 0)) {
  57. echo '
  58. <li role="presentation">
  59. <a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>
  60. </li>';
  61. }
  62. // Show a link to status_message.php if user has permission to do so
  63. if (hesk_checkPermission('can_service_msg', 0)) {
  64. echo '
  65. <li role="presentation">
  66. <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
  67. </li>';
  68. }
  69. // Show a link to email tpl management if user has permission to do so
  70. if (hesk_checkPermission('can_man_email_tpl', 0)) {
  71. echo '
  72. <li role="presentation">
  73. <a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>
  74. </li>
  75. ';
  76. }
  77. if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
  78. echo '
  79. <li role="presentation">
  80. <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
  81. </li>
  82. ';
  83. }
  84. if (hesk_checkPermission('can_man_settings', 0)) {
  85. echo '<li role="presentation"><a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a></li> ';
  86. }
  87. ?>
  88. </ul>
  89. <div class="tab-content summaryList tabPadding">
  90. <script language="javascript" type="text/javascript"><!--
  91. function confirm_delete() {
  92. if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {
  93. return true;
  94. }
  95. else {
  96. return false;
  97. }
  98. }
  99. //-->
  100. </script>
  101. <div class="row">
  102. <div class="col-md-8">
  103. <br><br>
  104. <?php
  105. /* This will handle error, success and notice messages */
  106. hesk_handle_messages();
  107. ?>
  108. <form action="banned_emails.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">
  109. <div class="form-group">
  110. <label for="text" class="col-sm-3 control-label"><?php echo $hesklang['bananemail']; ?></label>
  111. <div class="col-sm-9">
  112. <input type="text" class="form-control" name="email" size="30" maxlength="255" data-error="<?php echo htmlspecialchars($hesklang['enterbanemail']); ?>"
  113. placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>" required>
  114. <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
  115. <input type="hidden" name="a" value="ban"/>
  116. <div class="help-block with-errors"></div>
  117. </div>
  118. </div>
  119. <div class="form-group">
  120. <div class="col-sm-9 col-sm-offset-3">
  121. <input type="submit" value="<?php echo $hesklang['savebanemail']; ?>"
  122. class="btn btn-default">
  123. </div>
  124. </div>
  125. </form>
  126. </div>
  127. <div class="col-md-4">
  128. <h6 class="bold"><?php echo $hesklang['banex']; ?></h6>
  129. <div class="footerWithBorder blankSpace"></div>
  130. <b>john@example.com</b><br/>
  131. <b>@example.com</b>
  132. </div>
  133. </div>
  134. <div class="row">
  135. <div class="col-sm-12">
  136. <?php
  137. // Get banned emails from database
  138. $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'banned_emails` ORDER BY `email` ASC');
  139. $num = hesk_dbNumRows($res);
  140. echo '<h4>' . $hesklang['eperm'] . '</h4>';
  141. if ($num < 1) {
  142. echo '<p>' . $hesklang['no_banemails'] . '</p>';
  143. } else {
  144. // List of staff
  145. if (!isset($admins)) {
  146. $admins = array();
  147. $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");
  148. while ($row = hesk_dbFetchAssoc($res2)) {
  149. $admins[$row['id']] = $row['name'];
  150. }
  151. }
  152. ?>
  153. <table class="table table-hover">
  154. <thead>
  155. <tr>
  156. <th><?php echo $hesklang['email']; ?></th>
  157. <th><?php echo $hesklang['banby']; ?></th>
  158. <th><?php echo $hesklang['date']; ?></th>
  159. <?php
  160. if ($can_unban) {
  161. ?>
  162. <th><?php echo $hesklang['opt']; ?></th>
  163. <?php
  164. }
  165. ?>
  166. </tr>
  167. </thead>
  168. <tbody>
  169. <?php
  170. while ($ban = hesk_dbFetchAssoc($res)) {
  171. $color = '';
  172. if (isset($_SESSION['ban_email']['id']) && $ban['id'] == $_SESSION['ban_email']['id']) {
  173. $color = 'success';
  174. unset($_SESSION['ban_email']['id']);
  175. }
  176. echo '
  177. <tr>
  178. <td class="' . $color . ' text-left">' . $ban['email'] . '</td>
  179. <td class="' . $color . ' text-left">' . (isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']) . '</td>
  180. <td class="' . $color . ' text-left">' . $ban['dt'] . '</td>
  181. ';
  182. if ($can_unban) {
  183. echo '
  184. <td class="' . $color . ' text-left">
  185. <a href="banned_emails.php?a=unban&amp;id=' . $ban['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();">
  186. <i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i>
  187. </a>
  188. </td>
  189. ';
  190. }
  191. echo '</tr>';
  192. } // End while
  193. ?>
  194. </tbody>
  195. </table>
  196. <div align="center">
  197. <table border="0" cellspacing="1" cellpadding="3" class="white" width="100%">
  198. <?php
  199. ?>
  200. </table>
  201. </div>
  202. <?php
  203. }
  204. ?>
  205. </div>
  206. </div>
  207. </div>
  208. </div>
  209. </div>
  210. </div>
  211. </section>
  212. <?php
  213. require_once(HESK_PATH . 'inc/footer.inc.php');
  214. exit();
  215. /*** START FUNCTIONS ***/
  216. function ban_email()
  217. {
  218. global $hesk_settings, $hesklang;
  219. // A security check
  220. hesk_token_check();
  221. // Get the email
  222. $email = strtolower(hesk_input(hesk_REQUEST('email')));
  223. // Nothing entered?
  224. if (!strlen($email)) {
  225. hesk_process_messages($hesklang['enterbanemail'], 'banned_emails.php');
  226. }
  227. // Only allow one email to be entered
  228. $email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email;
  229. $email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email;
  230. // Validate email address
  231. $hesk_settings['multi_eml'] = 0;
  232. if (!hesk_validateEmail($email, '', 0) && !verify_email_domain($email)) {
  233. hesk_process_messages($hesklang['validbanemail'], 'banned_emails.php');
  234. }
  235. // Redirect either to banned emails or ticket page from now on
  236. $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
  237. // Prevent duplicate rows
  238. if ($_SESSION['ban_email']['id'] = hesk_isBannedEmail($email)) {
  239. hesk_process_messages(sprintf($hesklang['emailbanexists'], $email), $redirect_to, 'NOTICE');
  240. }
  241. // Insert the email address into database
  242. hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` (`email`,`banned_by`) VALUES ('" . hesk_dbEscape($email) . "','" . intval($_SESSION['id']) . "')");
  243. // Remember email that got banned
  244. $_SESSION['ban_email']['id'] = hesk_dbInsertID();
  245. // Show success
  246. hesk_process_messages(sprintf($hesklang['email_banned'], $email), $redirect_to, 'SUCCESS');
  247. } // End ban_email()
  248. function unban_email()
  249. {
  250. global $hesk_settings, $hesklang;
  251. // A security check
  252. hesk_token_check();
  253. // Delete from bans
  254. hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')));
  255. // Redirect either to banned emails or ticket page from now on
  256. $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
  257. // Show success
  258. hesk_process_messages($hesklang['email_unbanned'], $redirect_to, 'SUCCESS');
  259. } // End unban_email()
  260. function verify_email_domain($domain)
  261. {
  262. // Does it start with an @?
  263. $atIndex = strrpos($domain, "@");
  264. if ($atIndex !== 0) {
  265. return false;
  266. }
  267. // Get the domain and domain length
  268. $domain = substr($domain, 1);
  269. $domainLen = strlen($domain);
  270. // Check domain part length
  271. if ($domainLen < 1 || $domainLen > 254) {
  272. return false;
  273. }
  274. // Check domain part characters
  275. if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) {
  276. return false;
  277. }
  278. // Domain part mustn't have two consecutive dots
  279. if (strpos($domain, '..') !== false) {
  280. return false;
  281. }
  282. // All OK
  283. return true;
  284. } // END verify_email_domain()
  285. ?>