|
|
|
<?php
|
|
|
|
/**
|
|
|
|
*
|
|
|
|
* This file is part of HESK - PHP Help Desk Software.
|
|
|
|
*
|
|
|
|
* (c) Copyright Klemen Stirn. All rights reserved.
|
|
|
|
* https://www.hesk.com
|
|
|
|
*
|
|
|
|
* For the full copyright and license agreement information visit
|
|
|
|
* https://www.hesk.com/eula.php
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
define('IN_SCRIPT', 1);
|
|
|
|
define('HESK_PATH', '../');
|
|
|
|
define('PAGE_TITLE', 'ADMIN_BANNED_EMAILS');
|
|
|
|
define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
|
|
|
|
|
|
|
|
/* Get all the required files and functions */
|
|
|
|
require(HESK_PATH . 'hesk_settings.inc.php');
|
|
|
|
require(HESK_PATH . 'inc/common.inc.php');
|
|
|
|
require(HESK_PATH . 'inc/admin_functions.inc.php');
|
|
|
|
require(HESK_PATH . 'inc/mail_functions.inc.php');
|
|
|
|
hesk_load_database_functions();
|
|
|
|
|
|
|
|
hesk_session_start();
|
|
|
|
hesk_dbConnect();
|
|
|
|
hesk_isLoggedIn();
|
|
|
|
|
|
|
|
/* Check permissions for this feature */
|
|
|
|
hesk_checkPermission('can_ban_emails');
|
|
|
|
$can_unban = hesk_checkPermission('can_unban_emails', 0);
|
|
|
|
|
|
|
|
// Define required constants
|
|
|
|
define('LOAD_TABS', 1);
|
|
|
|
|
|
|
|
// What should we do?
|
|
|
|
if ($action = hesk_REQUEST('a')) {
|
|
|
|
if (defined('HESK_DEMO')) {
|
|
|
|
hesk_process_messages($hesklang['ddemo'], 'banned_emails.php', 'NOTICE');
|
|
|
|
} elseif ($action == 'ban') {
|
|
|
|
ban_email();
|
|
|
|
} elseif ($action == 'unban' && $can_unban) {
|
|
|
|
unban_email();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Print header */
|
|
|
|
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
|
|
|
|
|
|
|
|
/* Print main manage users page */
|
|
|
|
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
|
|
|
?>
|
|
|
|
<div class="content-wrapper">
|
|
|
|
<section class="content">
|
|
|
|
<div class="box">
|
|
|
|
<div class="box-body">
|
|
|
|
<div class="nav-tabs-custom">
|
|
|
|
<ul class="nav nav-tabs" role="tablist">
|
|
|
|
<li role="presentation" class="active">
|
|
|
|
<a href="#"><?php echo $hesklang['banemail']; ?> <i class="fa fa-question-circle settingsquestionmark"
|
|
|
|
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banemail_intro']); ?>')"></i></a>
|
|
|
|
</li>
|
|
|
|
<?php
|
|
|
|
// Show a link to banned_ips.php if user has permission to do so
|
|
|
|
if (hesk_checkPermission('can_ban_ips', 0)) {
|
|
|
|
echo '
|
|
|
|
<li role="presentation">
|
|
|
|
<a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>
|
|
|
|
</li>';
|
|
|
|
}
|
|
|
|
// Show a link to status_message.php if user has permission to do so
|
|
|
|
if (hesk_checkPermission('can_service_msg', 0)) {
|
|
|
|
echo '
|
|
|
|
<li role="presentation">
|
|
|
|
<a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
|
|
|
|
</li>';
|
|
|
|
}
|
|
|
|
|
|
|
|
// Show a link to email tpl management if user has permission to do so
|
|
|
|
if (hesk_checkPermission('can_man_email_tpl', 0)) {
|
|
|
|
echo '
|
|
|
|
<li role="presentation">
|
|
|
|
<a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>
|
|
|
|
</li>
|
|
|
|
';
|
|
|
|
}
|
|
|
|
if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
|
|
|
|
echo '
|
|
|
|
<li role="presentation">
|
|
|
|
<a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
|
|
|
|
</li>
|
|
|
|
';
|
|
|
|
}
|
|
|
|
if (hesk_checkPermission('can_man_settings', 0)) {
|
|
|
|
echo '<li role="presentation"><a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a></li> ';
|
|
|
|
}
|
|
|
|
?>
|
|
|
|
</ul>
|
|
|
|
<div class="tab-content summaryList tabPadding">
|
|
|
|
<script language="javascript" type="text/javascript"><!--
|
|
|
|
function confirm_delete() {
|
|
|
|
if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
//-->
|
|
|
|
</script>
|
|
|
|
<div class="row">
|
|
|
|
<div class="col-md-8">
|
|
|
|
<br><br>
|
|
|
|
<?php
|
|
|
|
/* This will handle error, success and notice messages */
|
|
|
|
hesk_handle_messages();
|
|
|
|
?>
|
|
|
|
<form action="banned_emails.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">
|
|
|
|
<div class="form-group">
|
|
|
|
<label for="text" class="col-sm-3 control-label"><?php echo $hesklang['bananemail']; ?></label>
|
|
|
|
|
|
|
|
<div class="col-sm-9">
|
|
|
|
<input type="text" class="form-control" name="email" size="30" maxlength="255" data-error="<?php echo htmlspecialchars($hesklang['enterbanemail']); ?>"
|
|
|
|
placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>" required>
|
|
|
|
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
|
|
|
|
<input type="hidden" name="a" value="ban"/>
|
|
|
|
<div class="help-block with-errors"></div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
|
|
<div class="col-sm-9 col-sm-offset-3">
|
|
|
|
<input type="submit" value="<?php echo $hesklang['savebanemail']; ?>"
|
|
|
|
class="btn btn-default">
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</form>
|
|
|
|
</div>
|
|
|
|
<div class="col-md-4">
|
|
|
|
<h6 class="bold"><?php echo $hesklang['banex']; ?></h6>
|
|
|
|
|
|
|
|
<div class="footerWithBorder blankSpace"></div>
|
|
|
|
<b>john@example.com</b><br/>
|
|
|
|
<b>@example.com</b>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="row">
|
|
|
|
<div class="col-sm-12">
|
|
|
|
<?php
|
|
|
|
|
|
|
|
// Get banned emails from database
|
|
|
|
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'banned_emails` ORDER BY `email` ASC');
|
|
|
|
$num = hesk_dbNumRows($res);
|
|
|
|
|
|
|
|
echo '<h4>' . $hesklang['eperm'] . '</h4>';
|
|
|
|
if ($num < 1) {
|
|
|
|
echo '<p>' . $hesklang['no_banemails'] . '</p>';
|
|
|
|
} else {
|
|
|
|
// List of staff
|
|
|
|
if (!isset($admins)) {
|
|
|
|
$admins = array();
|
|
|
|
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");
|
|
|
|
while ($row = hesk_dbFetchAssoc($res2)) {
|
|
|
|
$admins[$row['id']] = $row['name'];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
?>
|
|
|
|
<table class="table table-hover">
|
|
|
|
<thead>
|
|
|
|
<tr>
|
|
|
|
<th><?php echo $hesklang['email']; ?></th>
|
|
|
|
<th><?php echo $hesklang['banby']; ?></th>
|
|
|
|
<th><?php echo $hesklang['date']; ?></th>
|
|
|
|
<?php
|
|
|
|
if ($can_unban) {
|
|
|
|
?>
|
|
|
|
<th><?php echo $hesklang['opt']; ?></th>
|
|
|
|
<?php
|
|
|
|
}
|
|
|
|
?>
|
|
|
|
</tr>
|
|
|
|
</thead>
|
|
|
|
<tbody>
|
|
|
|
<?php
|
|
|
|
while ($ban = hesk_dbFetchAssoc($res)) {
|
|
|
|
$color = '';
|
|
|
|
if (isset($_SESSION['ban_email']['id']) && $ban['id'] == $_SESSION['ban_email']['id']) {
|
|
|
|
$color = 'success';
|
|
|
|
unset($_SESSION['ban_email']['id']);
|
|
|
|
}
|
|
|
|
|
|
|
|
echo '
|
|
|
|
<tr>
|
|
|
|
<td class="' . $color . ' text-left">' . $ban['email'] . '</td>
|
|
|
|
<td class="' . $color . ' text-left">' . (isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']) . '</td>
|
|
|
|
<td class="' . $color . ' text-left">' . $ban['dt'] . '</td>
|
|
|
|
';
|
|
|
|
|
|
|
|
if ($can_unban) {
|
|
|
|
echo '
|
|
|
|
<td class="' . $color . ' text-left">
|
|
|
|
<a href="banned_emails.php?a=unban&id=' . $ban['id'] . '&token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();">
|
|
|
|
<i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i>
|
|
|
|
</a>
|
|
|
|
</td>
|
|
|
|
';
|
|
|
|
}
|
|
|
|
|
|
|
|
echo '</tr>';
|
|
|
|
} // End while
|
|
|
|
?>
|
|
|
|
</tbody>
|
|
|
|
</table>
|
|
|
|
<?php
|
|
|
|
}
|
|
|
|
|
|
|
|
?>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</section>
|
|
|
|
</div>
|
|
|
|
<?php
|
|
|
|
require_once(HESK_PATH . 'inc/footer.inc.php');
|
|
|
|
exit();
|
|
|
|
|
|
|
|
|
|
|
|
/*** START FUNCTIONS ***/
|
|
|
|
|
|
|
|
function ban_email()
|
|
|
|
{
|
|
|
|
global $hesk_settings, $hesklang;
|
|
|
|
|
|
|
|
// A security check
|
|
|
|
hesk_token_check();
|
|
|
|
|
|
|
|
// Get the email
|
|
|
|
$email = hesk_emailCleanup(strtolower(hesk_input(hesk_REQUEST('email'))));
|
|
|
|
|
|
|
|
// Nothing entered?
|
|
|
|
if (!strlen($email)) {
|
|
|
|
hesk_process_messages($hesklang['enterbanemail'], 'banned_emails.php');
|
|
|
|
}
|
|
|
|
|
|
|
|
// Only allow one email to be entered
|
|
|
|
$email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email;
|
|
|
|
$email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email;
|
|
|
|
|
|
|
|
// Validate email address
|
|
|
|
$hesk_settings['multi_eml'] = 0;
|
|
|
|
|
|
|
|
if (!hesk_validateEmail($email, '', 0) && !verify_email_domain($email)) {
|
|
|
|
hesk_process_messages($hesklang['validbanemail'], 'banned_emails.php');
|
|
|
|
}
|
|
|
|
|
|
|
|
// Redirect either to banned emails or ticket page from now on
|
|
|
|
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
|
|
|
|
|
|
|
|
// Prevent duplicate rows
|
|
|
|
if ($_SESSION['ban_email']['id'] = hesk_isBannedEmail($email)) {
|
|
|
|
hesk_process_messages(sprintf($hesklang['emailbanexists'], $email), $redirect_to, 'NOTICE');
|
|
|
|
}
|
|
|
|
|
|
|
|
// Insert the email address into database
|
|
|
|
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` (`email`,`banned_by`) VALUES ('" . hesk_dbEscape($email) . "','" . intval($_SESSION['id']) . "')");
|
|
|
|
|
|
|
|
// Remember email that got banned
|
|
|
|
$_SESSION['ban_email']['id'] = hesk_dbInsertID();
|
|
|
|
|
|
|
|
// Show success
|
|
|
|
hesk_process_messages(sprintf($hesklang['email_banned'], $email), $redirect_to, 'SUCCESS');
|
|
|
|
|
|
|
|
} // End ban_email()
|
|
|
|
|
|
|
|
|
|
|
|
function unban_email()
|
|
|
|
{
|
|
|
|
global $hesk_settings, $hesklang;
|
|
|
|
|
|
|
|
// A security check
|
|
|
|
hesk_token_check();
|
|
|
|
|
|
|
|
// Delete from bans
|
|
|
|
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')));
|
|
|
|
|
|
|
|
// Redirect either to banned emails or ticket page from now on
|
|
|
|
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
|
|
|
|
|
|
|
|
// Show success
|
|
|
|
hesk_process_messages($hesklang['email_unbanned'], $redirect_to, 'SUCCESS');
|
|
|
|
|
|
|
|
} // End unban_email()
|
|
|
|
|
|
|
|
|
|
|
|
function verify_email_domain($domain)
|
|
|
|
{
|
|
|
|
// Does it start with an @?
|
|
|
|
$atIndex = strrpos($domain, "@");
|
|
|
|
if ($atIndex !== 0) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the domain and domain length
|
|
|
|
$domain = substr($domain, 1);
|
|
|
|
$domainLen = strlen($domain);
|
|
|
|
|
|
|
|
// Check domain part length
|
|
|
|
if ($domainLen < 1 || $domainLen > 254) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check domain part characters
|
|
|
|
if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Domain part mustn't have two consecutive dots
|
|
|
|
if (strpos($domain, '..') !== false) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// All OK
|
|
|
|
return true;
|
|
|
|
|
|
|
|
} // END verify_email_domain()
|
|
|
|
|
|
|
|
?>
|