Netsyms
/
Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

#88 Remove IP / email bans function

Browse Source
merge-requests/2/head
Mike Koch 9 years ago
parent b886eeedde
commit 333789961e
7 changed files with 6 additions and 633 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape Escape View File

@ -180,6 +180,7 @@ inc/mail/sasl/ntlm_sasl_client.php
inc/mail/sasl/plain_sasl_client.php inc/mail/sasl/plain_sasl_client.php
inc/mail/sasl/sasl.php inc/mail/sasl/sasl.php
inc/mail/smtp.php inc/mail/smtp.php
inc/pipe_functions.inc.php
inc/posting_functions.inc.php inc/posting_functions.inc.php
inc/prepare_ticket_export.inc.php inc/prepare_ticket_export.inc.php
inc/prepare_ticket_search.inc.php inc/prepare_ticket_search.inc.php

74
admin/admin_settings.php
Unescape Escape View File

@ -484,7 +484,6 @@ if ( defined('HESK_DEMO') )
<li><a href="#mods-for-hesk-general" data-toggle="tab"><?php echo $hesklang['tab_1']; ?></a></li> <li><a href="#mods-for-hesk-general" data-toggle="tab"><?php echo $hesklang['tab_1']; ?></a></li>
<li><a href="#statuses" data-toggle="tab"><?php echo $hesklang['statuses']; ?></a></li> <li><a href="#statuses" data-toggle="tab"><?php echo $hesklang['statuses']; ?></a></li>
<li><a href="#colors" data-toggle="tab"><?php echo $hesklang['uiColors']; ?></a></li> <li><a href="#colors" data-toggle="tab"><?php echo $hesklang['uiColors']; ?></a></li>
<li><a href="#ipEmailBans" data-toggle="tab"><?php echo $hesklang['ip_email_bans']; ?></a></li>
</ul> </ul>
</li> </li>
</ul> </ul>
@ -2199,77 +2198,6 @@ if ( defined('HESK_DEMO') )
</div> </div>
</div> </div>
</div> </div>
</div>
<!-- Mods For Hesk: IP/Email Bans -->
<div class="tab-pane fade in" id="ipEmailBans">
<h6 style="font-weight: bold"><?php echo $hesklang['ip_bans']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<div class="table-responsive">
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['delete']; ?></th>
<th><?php echo $hesklang['from']; ?></th>
<th><?php echo $hesklang['ip_to']; ?></th>
</tr>
</thead>
<tbody>
<?php
$ipRs= hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_ips`');
while ($row = $ipRs->fetch_assoc()) {
echo '<tr id="trIp'.$row['ID'].'">';
echo '<td><input type="checkbox" name="ipDelete['.$row['ID'].']" onclick="toggleRow(\'trIp'.$row['ID'].'\')"></td>';
echo '<td><input type="text" name="ipFrom['.$row['ID'].']" placeholder="'.$hesklang['from'].'" class="form-control" value="'.long2ip($row['RangeStart']).'"></td>';
echo '<td><input type="text" name="ipTo['.$row['ID'].']" placeholder="'.$hesklang['ip_to'].'" class="form-control" value="'.long2ip($row['RangeEnd']).'"></td>';
echo '</tr>';
}
?>
<tr class="info">
<!-- Add new IP range -->
<td><b><?php echo $hesklang['addNew']; ?></b></td>
<td>
<input type="text" name="addIpFrom" placeholder="<?php echo $hesklang['from']; ?>" class="form-control">
</td>
<td>
<input type="text" name="addIpTo" placeholder="<?php echo $hesklang['ip_to']; ?>" class="form-control">
</td>
</tr>
</tbody>
</table>
</div>
<div class="blankSpace"></div>
<h6 style="font-weight: bold"><?php echo $hesklang['email_bans']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<div class="table-responsive">
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['delete']; ?></th>
<th><?php echo $hesklang['email']; ?></th>
</tr>
</thead>
<tbody>
<?php
$emailRs = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_emails`');
while ($row = $emailRs->fetch_assoc()) {
echo '<tr id="trEmail'.$row['ID'].'">';
echo '<td><input type="checkbox" name="emailDelete['.$row['ID'].']" onclick="toggleRow(\'trEmail'.$row['ID'].'\')"></td>';
echo '<td><input type="text" name="email['.$row['ID'].']" class="form-control" placeholder="'.$hesklang['email'].'" value="'.$row['Email'].'"></td>';
echo '</tr>';
}
?>
<!-- Add new email -->
<tr class="info">
<td><b><?php echo $hesklang['addNew']; ?></b></td>
<td>
<input type="text" name="addEmail" class="form-control" placeholder="<?php echo $hesklang['email']; ?>">
</td>
</tr>
</tbody>
</table>
</div>
</div> </div>
<div class="form-group"> <div class="form-group">
<div class="col-sm-9 col-sm-offset-3"> <div class="col-sm-9 col-sm-offset-3">
@ -2284,7 +2212,7 @@ if ( defined('HESK_DEMO') )
{ {
echo '<input type="button" value="'.$hesklang['save_changes'].' ('.$hesklang['disabled'].')" class="btn btn-default" disabled="disabled" /><br /><font class="error">'.$hesklang['e_save_settings'].'</font>'; echo '<input type="button" value="'.$hesklang['save_changes'].' ('.$hesklang['disabled'].')" class="btn btn-default" disabled="disabled" /><br /><font class="error">'.$hesklang['e_save_settings'].'</font>';
} }
?> ?>
</div> </div>
</div> </div>
</div> </div>

36
admin/admin_settings_save.php
Unescape Escape View File

@ -496,42 +496,6 @@ $stmt = hesk_dbConnect()->prepare($updateQuery);
$stmt->bind_param('i', $_POST['lockedTicketStatus']); $stmt->bind_param('i', $_POST['lockedTicketStatus']);
$stmt->execute(); $stmt->execute();
//-- IP Bans
$ipBanSql = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_ips`');
while ($row = $ipBanSql->fetch_assoc()) {
if (isset($_POST['ipDelete'][$row['ID']])) {
hesk_dbQuery('DELETE FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` WHERE ID = '.hesk_dbEscape($row['ID']));
} else {
$ipAddressFrom = ip2long($_POST['ipFrom'][$row['ID']]);
$ipAddressTo = ip2long($_POST['ipTo'][$row['ID']]);
hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips`
SET `RangeStart` = \''.hesk_dbEscape($ipAddressFrom).'\',
`RangeEnd` = \''.hesk_dbEscape($ipAddressTo).'\'
WHERE ID = '.hesk_dbEscape($row['ID']));
}
}
if (!empty($_POST['addIpFrom']) && !empty($_POST['addIpTo'])) {
$ipAddressFrom = ip2long($_POST['addIpFrom']);
$ipAddressTo = ip2long($_POST['addIpTo']);
hesk_dbQuery('INSERT INTO `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` (`RangeStart`, `RangeEnd`)
VALUES (\''.hesk_dbEscape($ipAddressFrom).'\', \''.hesk_dbEscape($ipAddressTo).'\')');
}
//-- Email Bans
$emailBanSql = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails`');
while ($row = $emailBanSql->fetch_assoc()) {
if (isset($_POST['emailDelete'][$row['ID']])) {
hesk_dbQuery('DELETE FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` WHERE ID = '.hesk_dbEscape($row['ID']));
} else {
hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails`
SET Email = \''.hesk_dbEscape($_POST['email'][$row['ID']]).'\'
WHERE ID = '.hesk_dbEscape($row['ID']));
}
}
if (!empty($_POST['addEmail'])) {
hesk_dbQuery('INSERT INTO `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` (Email) VALUES (\''.hesk_dbEscape($_POST['addEmail']).'\')');
}
$set['hesk_version'] = $hesk_settings['hesk_version']; $set['hesk_version'] = $hesk_settings['hesk_version'];
// Save the modsForHesk_settings.inc.php file // Save the modsForHesk_settings.inc.php file

505
inc/pipe_functions.inc.php
Unescape Escape View File

@ -1,505 +0,0 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
// Include all functions needed for email piping
hesk_load_database_functions();
require(HESK_PATH . 'inc/email_functions.inc.php');
require(HESK_PATH . 'inc/posting_functions.inc.php');
require(HESK_PATH . 'inc/mail/rfc822_addresses.php');
require(HESK_PATH . 'inc/mail/mime_parser.php');
require(HESK_PATH . 'inc/mail/email_parser.php');
/*** FUNCTIONS ***/
function hesk_email2ticket($results, $pop3 = 0)
{
global $hesk_settings, $hesklang, $hesk_db_link, $ticket;
// Process "From:" email
$tmpvar['email'] = hesk_validateEmail($results['from'][0]['address'],'ERR',0);
// "From:" email missing or invalid?
if ( ! $tmpvar['email'] )
{
return hesk_cleanExit();
}
// Make sure the email isn't banned. If it is, just exit.
$emailSql = 'SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` WHERE Email = \''.hesk_dbEscape($tmpvar['email']).'\'';
if ($emailSql->num_rows > 0) {
return hesk_cleanExit();
}
// Process "From:" name, convert to UTF-8, set to "[Customer]" if not set
$tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde'];
if ( ! empty($results['from'][0]['encoding']) )
{
$tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']);
}
$tmpvar['name'] = hesk_input($tmpvar['name'],'','',1,50) or $tmpvar['name'] = $hesklang['pde'];
// Process "To:" email (not yet implemented, for future use)
// $tmpvar['to_email'] = hesk_validateEmail($results['to'][0]['address'],'ERR',0);
// Process email subject, convert to UTF-8, set to "[Piped email]" if none set
$tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem'];
if ( ! empty($results['subject_encoding']) )
{
$tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']);
}
$tmpvar['subject'] = hesk_input($tmpvar['subject'],'','',1,70) or $tmpvar['subject'] = $hesklang['pem'];
// Process email message, convert to UTF-8
$tmpvar['message'] = isset($results['message']) ? $results['message'] : '';
if ( ! empty($results['encoding']) )
{
$tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']);
}
$tmpvar['message'] = hesk_input($tmpvar['message'],'','',1);
// Message missing? We require it!
if ( ! $tmpvar['message'])
{
return hesk_cleanExit();
}
// Strip quoted reply from email
$tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']);
// Convert URLs to links, change newlines to <br />
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
# For debugging purposes
# die( bin2hex($tmpvar['message']) );
# die($tmpvar['message']);
// Try to detect "delivery failed" and "noreply" emails - ignore if detected
if ( hesk_isReturnedEmail($tmpvar) )
{
return hesk_cleanExit();
}
// Check for email loops
if ( hesk_isEmailLoop($tmpvar['email'], md5($tmpvar['message']) ) )
{
return hesk_cleanExit();
}
// OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket
if ( preg_match('/\[#([A-Z0-9]{3}\-[A-Z0-9]{3}\-[A-Z0-9]{4})\]/', str_replace(' ', '', $tmpvar['subject']), $matches) )
{
// We found a possible tracking ID
$tmpvar['trackid'] = $matches[1];
// Does it match one in the database?
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($tmpvar['trackid'])."' LIMIT 1");
if (hesk_dbNumRows($res))
{
$ticket = hesk_dbFetchAssoc($res);
// Do email addresses match?
if ( strpos( strtolower($ticket['email']), strtolower($tmpvar['email']) ) === false )
{
$tmpvar['trackid'] = '';
}
// Is this ticket locked? Force create a new one if it is
if ($ticket['locked'])
{
$tmpvar['trackid'] = '';
}
}
else
{
$tmpvar['trackid'] = '';
}
}
// If tracking ID is empty, generate a new one
if ( empty($tmpvar['trackid']) )
{
$tmpvar['trackid'] = hesk_createID();
$is_reply = 0;
}
else
{
$is_reply = 1;
}
// Process attachments
$tmpvar['attachmment_notices'] = '';
$tmpvar['attachments'] = '';
$num = 0;
if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0]))
{
#print_r($results['attachments']);
foreach ($results['attachments'] as $k => $v)
{
// Clean attachment names
$myatt['real_name'] = hesk_cleanFileName($v['orig_name']);
// Check number of attachments, delete any over max number
if ($num >= $hesk_settings['attachments']['max_number'])
{
$tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n";
continue;
}
// Check file extension
$ext = strtolower(strrchr($myatt['real_name'], "."));
if (!in_array($ext,$hesk_settings['attachments']['allowed_types']))
{
$tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n";
continue;
}
// Check file size
$myatt['size'] = $v['size'];
if ($myatt['size'] > ($hesk_settings['attachments']['max_size']))
{
$tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n";
continue;
}
// Generate a random file name
$useChars='AEUYBDGHJLMNPQRSTVWXZ123456789';
$tmp = $useChars{mt_rand(0,29)};
for($j=1;$j<10;$j++)
{
$tmp .= $useChars{mt_rand(0,29)};
}
$myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext;
// Rename the temporary file
rename($v['stored_name'],HESK_PATH.$hesk_settings['attach_dir'].'/'.$myatt['saved_name']);
// Insert into database
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($tmpvar['trackid'])."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')");
$tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] .',';
$num++;
}
if (strlen($tmpvar['attachmment_notices']))
{
$tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'],'','',1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'],'','',1));
}
}
// Delete the temporary files
deleteAll($results['tempdir']);
// If this is a reply add a new reply
if ($is_reply)
{
// Set last replier name to customer name
$ticket['lastreplier'] = ($tmpvar['name'] == $hesklang['pde']) ? $tmpvar['email'] : $tmpvar['name'];;
// If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff"
$ticket['status'] = $ticket['status'] ? 1 : 0;
// Update ticket as necessary
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`lastreplier`='0' WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
// Insert reply into database
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($ticket['lastreplier'])."','".hesk_dbEscape($tmpvar['message'])."',NOW(),'".hesk_dbEscape($tmpvar['attachments'])."')");
// --> Prepare reply message
// 1. Generate the array with ticket info that can be used in emails
$info = array(
'email' => $ticket['email'],
'category' => $ticket['category'],
'priority' => $ticket['priority'],
'owner' => $ticket['owner'],
'trackid' => $ticket['trackid'],
'status' => $ticket['status'],
'name' => $ticket['name'],
'lastreplier' => $ticket['lastreplier'],
'subject' => $ticket['subject'],
'message' => stripslashes($tmpvar['message']),
'attachments' => $tmpvar['attachments'],
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
);
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v)
{
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
// --> Process custom fields before sending
foreach ($hesk_settings['custom_fields'] as $k => $v)
{
$ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : '';
}
// --> If ticket is assigned just notify the owner
if ($ticket['owner'])
{
hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
}
// --> No owner assigned, find and notify appropriate staff
else
{
hesk_notifyStaff('new_reply_by_customer',"`notify_reply_unassigned`='1'");
}
return $ticket['trackid'];
} // END REPLY
// Not a reply, but a new ticket. Add it to the database
$tmpvar['category'] = 1;
$tmpvar['priority'] = 3;
$_SERVER['REMOTE_ADDR'] = $hesklang['unknown'];
// Auto assign tickets if aplicable
$tmpvar['owner'] = 0;
$tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date());
$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
#print_r($autoassign_owner);
if ($autoassign_owner)
{
$tmpvar['owner'] = $autoassign_owner['id'];
$tmpvar['history'] .= sprintf($hesklang['thist10'],hesk_date(),$autoassign_owner['name'].' ('.$autoassign_owner['user'].')');
}
// Custom fields will be empty as there is no reliable way of detecting them
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
$tmpvar[$k] = '';
}
// Insert ticket to database
$ticket = hesk_newTicket($tmpvar);
// Notify the customer
hesk_notifyCustomer();
// Need to notify staff?
// --> From autoassign?
if ($tmpvar['owner'] && $autoassign_owner['notify_assigned'])
{
hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
}
// --> No autoassign, find and notify appropriate staff
elseif ( ! $tmpvar['owner'] )
{
hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' ");
}
return $ticket['trackid'];
} // END hesk_email2ticket()
function hesk_encodeUTF8($in, $encoding)
{
$encoding = strtoupper($encoding);
switch($encoding)
{
case 'UTF-8':
return $in;
break;
case 'ISO-8859-1':
return utf8_encode($in);
break;
default:
return iconv($encoding, 'UTF-8', $in);
break;
}
} // END hesk_encodeUTF8()
function hesk_stripQuotedText($message)
{
global $hesk_settings, $hesklang;
// Stripping quoted text disabled?
if ( ! $hesk_settings['strip_quoted'])
{
return $message;
}
// Loop through available languages and ty to find the tag
foreach ($hesk_settings['languages'] as $language => $settings)
{
if ( ($found = strpos($message, $settings['hr']) ) !== false )
{
// "Reply above this line" tag found, strip quoted reply
$message = substr($message, 0, $found);
$message .= "\n" . $hesklang['qrr'];
// Set language to the detected language
hesk_setLanguage($language);
break;
}
}
return $message;
} // END hesk_stripQuotedText()
function hesk_isReturnedEmail($tmpvar)
{
// Check noreply email addresses
if ( preg_match('/not?[\-_]reply@/i', $tmpvar['email']) )
{
return true;
}
// Check mailer daemon email addresses
if ( preg_match('/mail(er)?[\-_]daemon@/i', $tmpvar['email']) )
{
return true;
}
// Check autoreply subjects
if ( preg_match('/^[\[\(]?Auto(mat(ic|ed))?[ \-]?reply/i', $tmpvar['subject']) )
{
return true;
}
// Check out of office subjects
if ( preg_match('/^Out of Office/i', $tmpvar['subject']) )
{
return true;
}
// Check delivery failed email subjects
if (
preg_match('/DELIVERY FAILURE/i', $tmpvar['subject']) ||
preg_match('/Undelivered Mail Returned to Sender/i', $tmpvar['subject']) ||
preg_match('/Delivery Status Notification \(Failure\)/i', $tmpvar['subject']) ||
preg_match('/Returned mail\: see transcript for details/i', $tmpvar['subject'])
)
{
return true;
}
// Check Mail Delivery sender name
if ( preg_match('/Mail[ \-_]?Delivery/i', $tmpvar['name']) )
{
return true;
}
// Check Delivery failed message
if ( preg_match('/postmaster@/i', $tmpvar['email']) && preg_match('/Delivery has failed to these recipients/i', $tmpvar['message']) )
{
return true;
}
// No pattern detected, seems like this is not a returned email
return false;
} // END hesk_isReturnedEmail()
function hesk_isEmailLoop($email, $message_hash)
{
global $hesk_settings, $hesklang, $hesk_db_link;
// If $hesk_settings['loop_hits'] is set to 0 this function is disabled
if ( ! $hesk_settings['loop_hits'])
{
return false;
}
// Escape wildcards in email
$email_like = hesk_dbEscape(hesk_dbLike($email));
// Delete expired DB entries
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` WHERE `dt` < (NOW() - INTERVAL ".intval($hesk_settings['loop_time'])." SECOND) ");
// Check current entry
$res = hesk_dbQuery("SELECT `hits`, `message_hash` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` WHERE `email` LIKE '{$email_like}' LIMIT 1");
// Any active entry*
if (hesk_dbNumRows($res))
{
list($num, $md5) = hesk_dbFetchRow($res);
$num++;
// Number of emails in a time period reached?
if ($num >= $hesk_settings['loop_hits'])
{
return true;
}
// Message exactly the same as in previous email?
if ($message_hash == $md5)
{
return true;
}
// Update DB entry
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '".hesk_dbEscape($message_hash)."' WHERE `email` LIKE '{$email_like}' LIMIT 1");
}
else
{
// First instance, insert a new database row
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` (`email`, `message_hash`) VALUES ('".hesk_dbEscape($email)."', '".hesk_dbEscape($message_hash)."')");
}
// No loop rule trigered
return false;
} // END hesk_isEmailLoop()
function hesk_cleanExit()
{
global $results;
// Delete the temporary files
deleteAll($results['tempdir']);
// Return NULL
return NULL;
} // END hesk_cleanExit()

4
install/updateTo2-0-0.php
Unescape Escape View File

@ -12,6 +12,10 @@ hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` DR
hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` DROP COLUMN `number_of_edits`"); hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` DROP COLUMN `number_of_edits`");
hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` DROP COLUMN `default_notify_customer_email`"); hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` DROP COLUMN `default_notify_customer_email`");
//TODO Migrate Mods for HESK Banned IPs / Emails to HESK 2.6.0's tables. Luckily the table names are different, so there won't be a problem when HESK tries to install.
hesk_dbQuery("DROP TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."denied_ips`");
hesk_dbQuery("DROP TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."denied_emails`");
if ($updateSuccess) { if ($updateSuccess) {
?> ?>

6
language/en/text.php
Unescape Escape View File

@ -105,12 +105,6 @@ $hesklang['showIcons'] = 'Show Icons';
$hesklang['showIconsHelp'] = 'Check this box to show icons next to navigation bar items'; $hesklang['showIconsHelp'] = 'Check this box to show icons next to navigation bar items';
$hesklang['maintenanceMode'] = 'Maintenance Mode'; $hesklang['maintenanceMode'] = 'Maintenance Mode';
$hesklang['maintenanceModeHelp'] = 'Check this box to put the Help Desk in maintenance mode. Staff can still log into the backend, but the front end will be inaccessible.'; $hesklang['maintenanceModeHelp'] = 'Check this box to put the Help Desk in maintenance mode. Staff can still log into the backend, but the front end will be inaccessible.';
$hesklang['ip_to'] = 'To';
$hesklang['ip_bans'] = 'IP Bans';
$hesklang['email_bans'] = 'Email Bans';
$hesklang['ip_email_bans'] = 'IP / Email Bans';
$hesklang['ip_banned'] = 'Your IP has been banned by the help desk. You will be unable to submit a ticket until your IP ban has been removed.';
$hesklang['email_banned'] = 'The email address you have entered has been banned by the help desk. You will be unable to submit a ticket until your email ban has been removed.';
$hesklang['none'] = 'None'; $hesklang['none'] = 'None';
$hesklang['parent'] = 'Parent'; $hesklang['parent'] = 'Parent';
$hesklang['children'] = 'Children'; $hesklang['children'] = 'Children';

13
submit_ticket.php
Unescape Escape View File

@ -79,19 +79,6 @@ hesk_dbConnect();
$hesk_error_buffer = array(); $hesk_error_buffer = array();
// Check to see if the user's IP address or email they submitted is banned.
$ipAddress = ip2long($_SERVER['REMOTE_ADDR']);
$ipSql = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` WHERE `RangeStart` <= \''.hesk_dbEscape($ipAddress)
.'\' AND `RangeEnd` >= \''.hesk_dbEscape($ipAddress).'\'');
if ($ipSql->num_rows > 0) {
$hesk_error_buffer['ip_ban'] = $hesklang['ip_banned'];
}
$emailSql = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` WHERE Email = \''.hesk_dbEscape(hesk_POST('email')).'\'');
if ($emailSql->num_rows > 0) {
$hesk_error_buffer['email_ban'] = $hesklang['email_banned'];
}
// Check anti-SPAM question // Check anti-SPAM question
if ($hesk_settings['question_use']) if ($hesk_settings['question_use'])
{ {

Write Preview
Loading…
Cancel
Save