Browse Source

Merge branch '3-0-0' into 'master'

3.0.0 Update

See merge request !29
merge-requests/30/head 3.0.0-beta-1
Mike Koch 5 years ago
parent
commit
38d56f195f
  1. 15
      .gitignore
  2. 139
      admin/admin_main.php
  3. 57
      admin/admin_reply_ticket.php
  4. 5634
      admin/admin_settings.php
  5. 179
      admin/admin_settings_save.php
  6. 157
      admin/admin_submit_ticket.php
  7. 2250
      admin/admin_ticket.php
  8. 173
      admin/api_settings.php
  9. 25
      admin/assign_owner.php
  10. 314
      admin/banned_emails.php
  11. 390
      admin/banned_ips.php
  12. 105
      admin/calendar.php
  13. 48
      admin/change_status.php
  14. 1317
      admin/custom_fields.php
  15. 46
      admin/delete_tickets.php
  16. 94
      admin/edit_note.php
  17. 679
      admin/edit_post.php
  18. 542
      admin/export.php
  19. 124
      admin/find_tickets.php
  20. 224
      admin/index.php
  21. 648
      admin/knowledgebase_private.php
  22. 42
      admin/lock.php
  23. 386
      admin/mail.php
  24. 443
      admin/manage_canned.php
  25. 462
      admin/manage_categories.php
  26. 328
      admin/manage_email_templates.php
  27. 1248
      admin/manage_knowledgebase.php
  28. 116
      admin/manage_permission_templates.php
  29. 571
      admin/manage_statuses.php
  30. 317
      admin/manage_ticket_templates.php
  31. 210
      admin/manage_users.php
  32. 11
      admin/move_category.php
  33. 1989
      admin/new_ticket.php
  34. 393
      admin/options.php
  35. 96
      admin/password.php
  36. 179
      admin/profile.php
  37. 299
      admin/reports.php
  38. 746
      admin/service_messages.php
  39. 109
      admin/show_tickets.php
  40. 131
      admin/view_message_log.php
  41. 2
      build.php
  42. 59
      change_status.php
  43. 7
      css/AdminLTE.min.css
  44. 51
      css/colors.css
  45. 13
      css/displays.css
  46. 179
      css/mods-for-hesk-new.css
  47. 7
      css/positions.css
  48. 1
      css/skins/_all-skins.min.css
  49. 39
      download_attachment.php
  50. 15
      hesk_javascript.js
  51. 56
      hesk_style.css
  52. 113
      inc/admin_functions.inc.php
  53. 39
      inc/attachments.inc.php
  54. 236
      inc/common.inc.php
  55. 249
      inc/custom_fields.inc.php
  56. 75
      inc/email_functions.inc.php
  57. 90
      inc/footer.inc.php
  58. 111
      inc/header.inc.php
  59. 137
      inc/headerAdmin.inc.php
  60. 39
      inc/knowledgebase_functions.inc.php
  61. 30
      inc/mail_functions.inc.php
  62. 43
      inc/pipe_functions.inc.php
  63. 105
      inc/posting_functions.inc.php
  64. 42
      inc/print_tickets.inc.php
  65. 78
      inc/profile_functions.inc.php
  66. 575
      inc/show_admin_nav.inc.php
  67. 46
      inc/show_search_form.inc.php
  68. 39
      inc/status_functions.inc.php
  69. 168
      inc/ticket/get_tickets.inc.php
  70. 99
      inc/ticket_list.inc.php
  71. 1
      inc/view_attachment_functions.inc.php
  72. 1041
      index.php
  73. 4
      install/install_functions.inc.php
  74. 2
      install/mods-for-hesk/ajax/install-database-ajax.php
  75. 1
      install/mods-for-hesk/installModsForHesk.php
  76. 3
      install/mods-for-hesk/js/version-scripts.js
  77. 1
      install/mods-for-hesk/modsForHesk.php
  78. 87
      install/mods-for-hesk/sql/installSql.php
  79. 8
      internal-api/js/admin-ticket.js
  80. 13
      js/adminlte.min.js
  81. 43
      knowledgebase.php
  82. 229
      language/en/text.php
  83. 65
      print.php
  84. 59
      reply_ticket.php
  85. 192
      submit_ticket.php
  86. 39
      suggest_articles.php
  87. 54
      suggest_email.php
  88. 126
      ticket.php

15
.gitignore

@ -1,14 +1,13 @@
admin/admin_suggest_articles.php
admin/archive.php
admin/custom_statuses.php
admin/email_templates.php
admin/generate_spam_question.php
admin/priority.php
admin/test_connection.php
attachments/index.htm
docs/changelog.html
docs/docs_style.css
docs/index.html
docs/quick-guide.html
docs/step-by-step-guide.html
cache/
docs/
file_limits.php
footer.txt
header.txt
@ -27,6 +26,7 @@ img/clip.png
img/code.png
img/code_off.png
img/delete.png
img/delete_off.png
img/delete_ticket.png
img/edit.png
img/error.png
@ -114,6 +114,7 @@ img/print.png
img/private.png
img/public.png
img/reload.png
img/refresh.png
img/roundcornersb.jpg
img/roundcornerslb.jpg
img/roundcornerslm.jpg
@ -156,10 +157,11 @@ inc/calendar/tcal.js
inc/calendar/tcal.php
inc/database.inc.php
inc/database_mysqli.inc.php
inc/footer.inc.php
inc/htmlpurifier
inc/index.htm
inc/jscolor/
inc/mail/email_parser.php
inc/mail/hesk_imap.php
inc/mail/hesk_pipe.php
inc/mail/hesk_pop3.php
inc/mail/index.htm
@ -184,6 +186,7 @@ inc/recaptcha/recaptchalib.php
inc/reporting_functions.inc.php
inc/secimg.inc.php
inc/setup_functions.inc.php
inc/statuses.inc.php
inc/tabs/index.htm
inc/tabs/tabber-minimized.js
inc/tabs/tabber.css

139
admin/admin_main.php

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -41,6 +24,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/status_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -50,53 +34,61 @@ hesk_isLoggedIn();
define('CALENDAR', 1);
define('MAIN_PAGE', 1);
define('PAGE_TITLE', 'ADMIN_HOME');
define('AUTO_RELOAD', 1);
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row">
<div class="col-md-12 pad-down-20">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
/* Print tickets? */
if (hesk_checkPermission('can_view_tickets', 0)) {
if (!isset($_SESSION['hide']['ticket_list'])) //Number of tickets (table header. NOT ACTUAL TABLE)
{
echo '
<div class="panel panel-default">
<div class="panel-heading">
<h4>' . $hesklang['open_tickets'] . ' <span class="nu-floatRight panel-button"><a href="new_ticket.php" class="btn btn-success"><span class="glyphicon glyphicon-plus-sign"></span> ' . $hesklang['nti'] . '</a></span></h4>
</div>'; // The rest of the panel will be printed by print_tickets.inc.php
}
/* Reset default settings? */
if (isset($_GET['reset']) && hesk_token_check()) {
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "'");
$_SESSION['default_list'] = '';
} /* Get default settings */
else {
parse_str($_SESSION['default_list'], $defaults);
$_GET = isset($_GET) && is_array($_GET) ? array_merge($_GET, $defaults) : $defaults;
}
/* Reset default settings? */
if (isset($_GET['reset']) && hesk_token_check()) {
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
$_SESSION['default_list'] = '';
} /* Get default settings */
else {
parse_str($_SESSION['default_list'], $defaults);
$_GET = isset($_GET) && is_array($_GET) ? array_merge($_GET, $defaults) : $defaults;
?>
<section class="content">
<?php hesk_handle_messages(); ?>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['tickets']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<div class="checkbox">
<label>
<input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
<?php echo $hesklang['arp']; ?>
<span id="timer"></span>
</label>
</div>
<script type="text/javascript">heskCheckReloading();</script><br>
<?php
/* Print tickets? */
if (hesk_checkPermission('can_view_tickets', 0)) {
/* Print the list of tickets */
require(HESK_PATH . 'inc/print_tickets.inc.php');
echo '<br>';
/* Print forms for listing and searching tickets */
require(HESK_PATH . 'inc/show_search_form.inc.php');
} else {
echo '<p><i>' . $hesklang['na_view_tickets'] . '</i></p>';
}
/* Print the list of tickets */
require(HESK_PATH . 'inc/print_tickets.inc.php');
echo "&nbsp;<br />";
/* Print forms for listing and searching tickets */
require(HESK_PATH . 'inc/show_search_form.inc.php');
} else {
echo '<p><i>' . $hesklang['na_view_tickets'] . '</i></p>';
}
$hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
?>
</div>
</div>
<?php
$hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
@ -114,13 +106,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
C9wPic7DQp9DQo=', "\112");
echo '<hr />&nbsp;<br />';
/* Clean unneeded session variables */
hesk_cleanSessionVars('hide');
?>
</div>
</div>
/* Clean unneeded session variables */
hesk_cleanSessionVars('hide');
?>
</section>
<?php

57
admin/admin_reply_ticket.php

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -74,6 +57,11 @@ if (hesk_dbNumRows($result) != 1) {
$ticket = hesk_dbFetchAssoc($result);
$trackingID = $ticket['trackid'];
// Do we require owner before allowing to reply?
if ($hesk_settings['require_owner'] && ! $ticket['owner']) {
hesk_process_messages($hesklang['atbr'],'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
}
$hesk_error_buffer = array();
// Get the message
@ -87,7 +75,7 @@ if (strlen($message)) {
// Save message for later and ignore the rest?
if (isset($_POST['save_reply'])) {
// Delete any existing drafts from this owner for this ticket
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
// Save the message draft
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` (`owner`, `ticket`, `message`) VALUES (" . intval($_SESSION['id']) . ", " . intval($ticket['id']) . ", '" . hesk_dbEscape($message) . "')");
@ -237,6 +225,7 @@ $lockedTicketStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID` FROM `" . hesk
// Get new ticket status
$sql_status = '';
$change_status = true;
// -> If locked, keep it resolved
if ($ticket['locked']) {
$new_status = $lockedTicketStatus['ID'];
@ -248,7 +237,7 @@ if ($ticket['locked']) {
$newStatusRs = hesk_dbQuery('SELECT `IsClosed`, `Key` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `ID` = ' . hesk_dbEscape($new_status));
$newStatus = hesk_dbFetchAssoc($newStatusRs);
if ($newStatus['IsClosed']) {
if ($newStatus['IsClosed'] && hesk_checkPermission('can_resolve', 0)) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql_status = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
@ -257,7 +246,7 @@ if ($ticket['locked']) {
$sql_status .= " , `locked`='1' ";
}
} else {
// Ticket isn't being closed, just add the history to the sql query
// Ticket isn't being closed, just add the history to the sql query (or tried to close but doesn't have permission)
$revision = sprintf($hesklang['thist9'], hesk_date(), $hesklang[$newStatus['Key']], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql_status = " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
}
@ -310,12 +299,12 @@ $sql .= " , `replies`=`replies`+1 ";
$sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 ";
// End and execute the query
$sql .= " WHERE `id`='{$replyto}' LIMIT 1";
$sql .= " WHERE `id`='{$replyto}'";
hesk_dbQuery($sql);
unset($sql);
/* Update number of replies in the users table */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "'");
// --> Prepare reply message
@ -357,7 +346,7 @@ elseif (!isset($_POST['no_notify']) || intval(hesk_POST('no_notify')) != 1) {
}
// Delete any existing drafts from this owner for this ticket
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
/* Set reply submitted message */
$_SESSION['HESK_SUCCESS'] = TRUE;

5634
admin/admin_settings.php
File diff suppressed because it is too large
View File

179
admin/admin_settings_save.php

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -85,9 +68,6 @@ if (isset($lang[1]) && in_array($lang[1], hesk_getLanguagesArray(1))) {
hesk_error($hesklang['err_lang']);
}
/* --> Database settings */
hesk_dbClose();
if (hesk_testMySQL()) {
// Database connection OK
} elseif ($mysql_log) {
@ -125,6 +105,7 @@ if ( ! is_writable(HESK_PATH . $set['attach_dir']) )
}
*/
$set['cache_dir'] = isset($_POST['s_cache_dir']) && ! is_array($_POST['s_cache_dir']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_POST['s_cache_dir']) : 'cache';
$set['max_listings'] = hesk_checkMinMax(intval(hesk_POST('s_max_listings')), 1, 999, 10);
$set['print_font_size'] = hesk_checkMinMax(intval(hesk_POST('s_print_font_size')), 1, 99, 12);
$set['autoclose'] = hesk_checkMinMax(intval(hesk_POST('s_autoclose')), 0, 999, 7);
@ -135,6 +116,10 @@ $set['reply_top'] = empty($_POST['s_reply_top']) ? 0 : 1;
/* --> Features */
$set['autologin'] = empty($_POST['s_autologin']) ? 0 : 1;
$set['autoassign'] = empty($_POST['s_autoassign']) ? 0 : 1;
$set['require_email'] = empty($_POST['s_require_email']) ? 0 : 1;
$set['require_owner'] = empty($_POST['s_require_owner']) ? 0 : 1;
$set['require_subject'] = hesk_checkMinMax( intval( hesk_POST('s_require_subject') ) , -1, 1, 1);
$set['require_message'] = hesk_checkMinMax( intval( hesk_POST('s_require_message') ) , -1, 1, 1);
$set['custclose'] = empty($_POST['s_custclose']) ? 0 : 1;
$set['custopen'] = empty($_POST['s_custopen']) ? 0 : 1;
$set['rating'] = empty($_POST['s_rating']) ? 0 : 1;
@ -147,6 +132,7 @@ $set['debug_mode'] = empty($_POST['s_debug_mode']) ? 0 : 1;
$set['short_link'] = empty($_POST['s_short_link']) ? 0 : 1;
$set['select_cat'] = empty($_POST['s_select_cat']) ? 0 : 1;
$set['select_pri'] = empty($_POST['s_select_pri']) ? 0 : 1;
$set['cat_show_select'] = hesk_checkMinMax( intval( hesk_POST('s_cat_show_select') ) , 0, 999, 10);
/* --> SPAM prevention */
$set['secimg_use'] = empty($_POST['s_secimg_use']) ? 0 : (hesk_POST('s_secimg_use') == 2 ? 2 : 1);
@ -168,7 +154,14 @@ if ($set['attempt_limit'] > 0) {
}
$set['attempt_banmin'] = hesk_checkMinMax(intval(hesk_POST('s_attempt_banmin')), 5, 99999, 60);
$set['reset_pass'] = empty($_POST['s_reset_pass']) ? 0 : 1;
$set['email_view_ticket'] = empty($_POST['s_email_view_ticket']) ? 0 : 1;
$set['email_view_ticket'] = ($set['require_email'] == 0) ? 0 : (empty($_POST['s_email_view_ticket']) ? 0 : 1);
$set['x_frame_opt'] = empty($_POST['s_x_frame_opt']) ? 0 : 1;
$set['force_ssl'] = HESK_SSL && isset($_POST['s_force_ssl']) && $_POST['s_force_ssl'] == 1 ? 1 : 0;
// Make sure help desk URL starts with https if forcing SSL
if ($set['force_ssl']) {
$set['hesk_url'] = preg_replace('/^http:/i', 'https:', $set['hesk_url']);
}
/* --> Attachments */
$set['attachments']['use'] = empty($_POST['s_attach_use']) ? 0 : 1;
@ -246,7 +239,7 @@ if ($set['smtp']) {
$set['smtp'] = 0;
}
} else {
$set['smtp_host_name'] = hesk_input(hesk_POST('tmp_smtp_host_name', 'mail.domain.com'));
$set['smtp_host_name'] = hesk_input(hesk_POST('tmp_smtp_host_name', 'mail.example.com'));
$set['smtp_host_port'] = intval(hesk_POST('tmp_smtp_host_port', 25));
$set['smtp_timeout'] = intval(hesk_POST('tmp_smtp_timeout', 10));
$set['smtp_ssl'] = empty($_POST['tmp_smtp_ssl']) ? 0 : 1;
@ -279,7 +272,7 @@ if ($set['pop3']) {
}
} else {
$set['pop3_job_wait'] = intval(hesk_POST('s_pop3_job_wait', 15));
$set['pop3_host_name'] = hesk_input(hesk_POST('tmp_pop3_host_name', 'mail.domain.com'));
$set['pop3_host_name'] = hesk_input(hesk_POST('tmp_pop3_host_name', 'mail.example.com'));
$set['pop3_host_port'] = intval(hesk_POST('tmp_pop3_host_port', 110));
$set['pop3_tls'] = empty($_POST['tmp_pop3_tls']) ? 0 : 1;
$set['pop3_keep'] = empty($_POST['tmp_pop3_keep']) ? 0 : 1;
@ -287,6 +280,32 @@ if ($set['pop3']) {
$set['pop3_password'] = hesk_input(hesk_POST('tmp_pop3_password'));
}
/* --> IMAP fetching */
$imap_OK = true;
$set['imap'] = empty($_POST['s_imap']) ? 0 : 1;
if ($set['imap']) {
// Get IMAP fetching timeout
$set['imap_job_wait'] = hesk_checkMinMax( intval( hesk_POST('s_imap_job_wait') ) , 0, 1440, 15);
// Test IMAP connection
$imap_OK = hesk_testIMAP(true);
// If IMAP not working, disable it
if ( ! $imap_OK) {
$set['imap'] = 0;
}
} else {
$set['imap_job_wait'] = intval( hesk_POST('s_imap_job_wait', 15) );
$set['imap_host_name'] = hesk_input( hesk_POST('tmp_imap_host_name', 'mail.example.com') );
$set['imap_host_port'] = intval( hesk_POST('tmp_imap_host_port', 110) );
$set['imap_enc'] = hesk_POST('tmp_imap_enc');
$set['imap_enc'] = ($set['imap_enc'] == 'ssl' || $set['imap_enc'] == 'tls') ? $set['imap_enc'] : '';
$set['imap_keep'] = empty($_POST['tmp_imap_keep']) ? 0 : 1;
$set['imap_user'] = hesk_input( hesk_POST('tmp_imap_user') );
$set['imap_password'] = hesk_input( hesk_POST('tmp_imap_password') );
}
/* --> Email loops */
$set['loop_hits'] = hesk_checkMinMax(intval(hesk_POST('s_loop_hits')), 0, 999, 5);
$set['loop_time'] = hesk_checkMinMax(intval(hesk_POST('s_loop_time')), 1, 86400, 300);
@ -323,10 +342,10 @@ if (!empty($_POST['s_email_providers']) && !is_array($_POST['s_email_providers']
if (!$set['detect_typos'] || count($set['email_providers']) < 1) {
$set['detect_typos'] = 0;
$set['email_providers'] = array('gmail.com', 'hotmail.com', 'hotmail.co.uk', 'yahoo.com', 'yahoo.co.uk', 'aol.com', 'aol.co.uk', 'msn.com', 'live.com', 'live.co.uk', 'mail.com', 'googlemail.com', 'btinternet.com', 'btopenworld.com');
$set['email_providers']=array('aim.com','aol.co.uk','aol.com','att.net','bellsouth.net','blueyonder.co.uk','bt.com','btinternet.com','btopenworld.com','charter.net','comcast.net','cox.net','earthlink.net','email.com','facebook.com','fastmail.fm','free.fr','freeserve.co.uk','gmail.com','gmx.at','gmx.ch','gmx.com','gmx.de','gmx.fr','gmx.net','gmx.us','googlemail.com','hotmail.be','hotmail.co.uk','hotmail.com','hotmail.com.ar','hotmail.com.mx','hotmail.de','hotmail.es','hotmail.fr','hushmail.com','icloud.com','inbox.com','laposte.net','lavabit.com','list.ru','live.be','live.co.uk','live.com','live.com.ar','live.com.mx','live.de','live.fr','love.com','lycos.com','mac.com','mail.com','mail.ru','me.com','msn.com','nate.com','naver.com','neuf.fr','ntlworld.com','o2.co.uk','online.de','orange.fr','orange.net','outlook.com','pobox.com','prodigy.net.mx','qq.com','rambler.ru','rocketmail.com','safe-mail.net','sbcglobal.net','t-online.de','talktalk.co.uk','tiscali.co.uk','verizon.net','virgin.net','virginmedia.com','wanadoo.co.uk','wanadoo.fr','yahoo.co.id','yahoo.co.in','yahoo.co.jp','yahoo.co.kr','yahoo.co.uk','yahoo.com','yahoo.com.ar','yahoo.com.mx','yahoo.com.ph','yahoo.com.sg','yahoo.de','yahoo.fr','yandex.com','yandex.ru','ymail.com');
}
$set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", $set['email_providers']) . "'" : '';
$set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", array_unique($set['email_providers'])) . "'" : '';
/* --> Notify customer when */
@ -386,7 +405,8 @@ foreach ($hesk_settings['possible_ticket_list'] as $key => $title) {
// We need at least one of these: id, trackid, subject
if (!in_array('id', $set['ticket_list']) && !in_array('trackid', $set['ticket_list']) && !in_array('subject', $set['ticket_list'])) {
$set['ticket_list'][] = 'trackid';
// None of the required fields are there, add "trackid" as the first one
array_unshift($set['ticket_list'], 'trackid');
}
$set['ticket_list'] = count($set['ticket_list']) ? "'" . implode("','", $set['ticket_list']) . "'" : 'trackid';
@ -419,49 +439,9 @@ $set['submit_notice'] = empty($_POST['s_submit_notice']) ? 0 : 1;
$set['online'] = empty($_POST['s_online']) ? 0 : 1;
$set['online_min'] = hesk_checkMinMax(intval(hesk_POST('s_online_min')), 1, 999, 10);
$set['check_updates'] = empty($_POST['s_check_updates']) ? 0 : 1;
/*** CUSTOM FIELDS ***/
for ($i = 1; $i <= 20; $i++) {
$this_field = 'custom' . $i;
$set['custom_fields'][$this_field]['use'] = !empty($_POST['s_custom' . $i . '_use']) ? 1 : 0;
if ($set['custom_fields'][$this_field]['use']) {
$set['custom_fields'][$this_field]['place'] = empty($_POST['s_custom' . $i . '_place']) ? 0 : 1;
$set['custom_fields'][$this_field]['type'] = hesk_htmlspecialchars(hesk_POST('s_custom' . $i . '_type', 'text'));
$set['custom_fields'][$this_field]['req'] = !empty($_POST['s_custom' . $i . '_req']) ? 1 : 0;
$set['custom_fields'][$this_field]['name'] = hesk_input(hesk_POST('s_custom' . $i . '_name'), $hesklang['err_custname']);
$set['custom_fields'][$this_field]['maxlen'] = intval(hesk_POST('s_custom' . $i . '_maxlen', 255));
$set['custom_fields'][$this_field]['value'] = hesk_input(hesk_POST('s_custom' . $i . '_val'));
if ($set['custom_fields'][$this_field]['type'] == 'email' && $set['custom_fields'][$this_field]['value'] == '') {
// New custom field without any options set. Default to Cc
$set['custom_fields'][$this_field]['value'] = 'cc';
}
if (!in_array($set['custom_fields'][$this_field]['type'], array('text', 'textarea', 'select', 'radio', 'checkbox', 'date', 'multiselect', 'email', 'hidden', 'readonly'))) {
$set['custom_fields'][$this_field]['type'] = 'text';
}
// Try to detect if field type changed to anything except "select"
if ($set['custom_fields'][$this_field]['type'] != 'select') {
// If type is "radio" or "checkbox" remove "please select", keep other options
$set['custom_fields'][$this_field]['value'] = str_replace('{HESK_SELECT}', '', $set['custom_fields'][$this_field]['value']);
// Field type changed to "text" or "textarea", clear default value if it contains "#HESK#" separator
if (in_array($set['custom_fields'][$this_field]['type'], array('text', 'textarea')) && !in_array($hesk_settings['custom_fields'][$this_field]['type'], array('text', 'textarea')) && strpos($set['custom_fields'][$this_field]['value'], '#HESK#') !== false) {
$set['custom_fields'][$this_field]['value'] = '';
}
}
} else {
$set['custom_fields'][$this_field] = array('use' => 0, 'place' => 0, 'type' => 'text', 'req' => 0, 'name' => 'Custom field ' . $i, 'maxlen' => 255, 'value' => '');
}
}
$set['hesk_version'] = $hesk_settings['hesk_version'];
// Process quick help sections
hesk_dbConnect();
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "quick_help_sections` SET `show` = '0'");
$postArray = hesk_POST_array('quick_help_sections');
foreach ($postArray as $value) {
@ -516,6 +496,7 @@ $set['dropdownItemTextColor'] = hesk_input(hesk_POST('dropdownItemTextColor'));
$set['dropdownItemTextHoverColor'] = hesk_input(hesk_POST('dropdownItemTextHoverColor'));
$set['questionMarkColor'] = hesk_input(hesk_POST('questionMarkColor'));
$set['dropdownItemTextHoverBackgroundColor'] = hesk_input(hesk_POST('dropdownItemTextHoverBackgroundColor'));
$set['admin_color_scheme'] = hesk_input(hesk_POST('admin-color-scheme'));
mfh_updateSetting('rtl', $set['rtl']);
mfh_updateSetting('show_icons', $set['show-icons']);
mfh_updateSetting('custom_field_setting', $set['custom-field-setting']);
@ -552,6 +533,7 @@ mfh_updateSetting('use_mailgun', $set['use_mailgun'], false);
mfh_updateSetting('enable_calendar', $set['enable_calendar'], false);
mfh_updateSetting('first_day_of_week', $set['first_day_of_week'], false);
mfh_updateSetting('default_calendar_view', $set['default_view'], true);
mfh_updateSetting('admin_color_scheme', $set['admin_color_scheme'], true);
// Prepare settings file and save it
$settings_file_content = '<?php
@ -588,6 +570,7 @@ $hesk_settings[\'hesk_title\']=\'' . $set['hesk_title'] . '\';
$hesk_settings[\'hesk_url\']=\'' . $set['hesk_url'] . '\';
$hesk_settings[\'admin_dir\']=\'' . $set['admin_dir'] . '\';
$hesk_settings[\'attach_dir\']=\'' . $set['attach_dir'] . '\';
$hesk_settings[\'cache_dir\']=\'' . $set['cache_dir'] . '\';
$hesk_settings[\'max_listings\']=' . $set['max_listings'] . ';
$hesk_settings[\'print_font_size\']=' . $set['print_font_size'] . ';
$hesk_settings[\'autoclose\']=' . $set['autoclose'] . ';
@ -598,6 +581,10 @@ $hesk_settings[\'reply_top\']=' . $set['reply_top'] . ';
// --> Features
$hesk_settings[\'autologin\']=' . $set['autologin'] . ';
$hesk_settings[\'autoassign\']=' . $set['autoassign'] . ';
$hesk_settings[\'require_email\']=' . $set['require_email'] . ';
$hesk_settings[\'require_owner\']=' . $set['require_owner'] . ';
$hesk_settings[\'require_subject\']=' . $set['require_subject'] . ';
$hesk_settings[\'require_message\']=' . $set['require_message'] . ';
$hesk_settings[\'custclose\']=' . $set['custclose'] . ';
$hesk_settings[\'custopen\']=' . $set['custopen'] . ';
$hesk_settings[\'rating\']=' . $set['rating'] . ';
@ -610,6 +597,7 @@ $hesk_settings[\'debug_mode\']=' . $set['debug_mode'] . ';
$hesk_settings[\'short_link\']=' . $set['short_link'] . ';
$hesk_settings[\'select_cat\']=' . $set['select_cat'] . ';
$hesk_settings[\'select_pri\']=' . $set['select_pri'] . ';
$hesk_settings[\'cat_show_select\']=' . $set['cat_show_select'] . ';
// --> SPAM Prevention
$hesk_settings[\'secimg_use\']=' . $set['secimg_use'] . ';
@ -626,6 +614,8 @@ $hesk_settings[\'attempt_limit\']=' . $set['attempt_limit'] . ';
$hesk_settings[\'attempt_banmin\']=' . $set['attempt_banmin'] . ';
$hesk_settings[\'reset_pass\']=' . $set['reset_pass'] . ';
$hesk_settings[\'email_view_ticket\']=' . $set['email_view_ticket'] . ';
$hesk_settings[\'x_frame_opt\']=' . $set['x_frame_opt'] . ';
$hesk_settings[\'force_ssl\']=' . $set['force_ssl'] . ';
// --> Attachments
$hesk_settings[\'attachments\']=array (
@ -635,6 +625,15 @@ $hesk_settings[\'attachments\']=array (
\'allowed_types\' => array(\'' . implode('\',\'', $set['attachments']['allowed_types']) . '\')
);
// --> IMAP Fetching
$hesk_settings[\'imap\']=' . $set['imap'] . ';
$hesk_settings[\'imap_job_wait\']=' . $set['imap_job_wait'] . ';
$hesk_settings[\'imap_host_name\']=\'' . $set['imap_host_name'] . '\';
$hesk_settings[\'imap_host_port\']=' . $set['imap_host_port'] . ';
$hesk_settings[\'imap_enc\']=\'' . $set['imap_enc'] . '\';
$hesk_settings[\'imap_keep\']=' . $set['imap_keep'] . ';
$hesk_settings[\'imap_user\']=\'' . $set['imap_user'] . '\';
$hesk_settings[\'imap_password\']=\'' . $set['imap_password'] . '\';
// ==> KNOWLEDGEBASE
@ -731,22 +730,6 @@ $hesk_settings[\'online_min\']=' . $set['online_min'] . ';
$hesk_settings[\'check_updates\']=' . $set['check_updates'] . ';
// ==> CUSTOM FIELDS
$hesk_settings[\'custom_fields\']=array (
';
for ($i = 1; $i <= 20; $i++) {
$settings_file_content .= '\'custom' . $i . '\'=>array(\'use\'=>' . $set['custom_fields']['custom' . $i]['use'] . ',\'place\'=>' . $set['custom_fields']['custom' . $i]['place'] . ',\'type\'=>\'' . $set['custom_fields']['custom' . $i]['type'] . '\',\'req\'=>' . $set['custom_fields']['custom' . $i]['req'] . ',\'name\'=>\'' . $set['custom_fields']['custom' . $i]['name'] . '\',\'maxlen\'=>' . $set['custom_fields']['custom' . $i]['maxlen'] . ',\'value\'=>\'' . $set['custom_fields']['custom' . $i]['value'] . '\')';
if ($i != 20) {
$settings_file_content .= ',
';
}
}
$settings_file_content .= '
);
#############################
# DO NOT EDIT BELOW #
#############################
@ -796,14 +779,6 @@ function mfh_updateSetting($key, $value, $isString = false)
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET `Value` = " . $formattedValue . " WHERE `Key` = '" . $key . "'");
}
function hesk_checkMinMax($myint, $min, $max, $defval)
{
if ($myint > $max || $myint < $min) {
return $defval;
}
return $myint;
} // END hesk_checkMinMax()
function hesk_getLanguagesArray($returnArray = 0)
{
@ -847,7 +822,7 @@ function hesk_getLanguagesArray($returnArray = 0)
$add = 0;
} elseif (!preg_match('/\$hesklang\[\'EMAIL_HR\'\]\=\'(.*)\'\;/', $tmp, $hr)) {
$add = 0;
} elseif (!preg_match('/\$hesklang\[\'ms01\'\]/', $tmp)) {
} elseif (!preg_match('/\$hesklang\[\'refresh_page\'\]/', $tmp)) {
$add = 0;
}
} else {

157
admin/admin_submit_ticket.php

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -62,7 +45,22 @@ if ($hesk_settings['can_sel_lang']) {
$tmpvar['language'] = hesk_POST('customerLanguage');
}
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
$tmpvar['email'] = hesk_POST('email');
$email_available = true;
if ($hesk_settings['require_email']) {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
} else {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
// Not required, but must be valid if it is entered
if ($tmpvar['email'] == '') {
$email_available = false;
if (strlen(hesk_POST('email'))) {
$hesk_error_buffer['email'] = $hesklang['not_valid_email'];
}
}
}
if ($hesk_settings['multi_eml']) {
$tmpvar['email'] = str_replace(';',',', $tmpvar['email']);
}
@ -80,11 +78,22 @@ if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3) {
}
}
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer['message'] = $hesklang['enter_message'];
$tmpvar['subject'] = hesk_input( hesk_POST('subject') );
if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
$hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
}
$tmpvar['message'] = hesk_input( hesk_POST('message') );
if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
$hesk_error_buffer['message'] = $hesklang['enter_message'];
}
// Is category a valid choice?
if ($tmpvar['category']) {
if ( ! hesk_checkPermission('can_submit_any_cat', 0) && ! hesk_okCategory($tmpvar['category'], 0) ) {
hesk_process_messages($hesklang['noauth_submit'],'new_ticket.php');
}
hesk_verifyCategory(1);
// Is auto-assign of tickets disabled in this category?
@ -94,19 +103,69 @@ if ($tmpvar['category']) {
}
// Custom fields
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && isset($_POST[$k])) {
// Date will be handled by the jQuery datepicker
if ($v['type'] == 'date' && $_POST[$k] != '') {
$tmpvar[$k] = strtotime($_POST[$k]);
} else if (is_array($_POST[$k])) {
$tmpvar[$k] = '';
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';
foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use'] && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
if ($v['type'] == 'checkbox') {
$tmpvar[$k]='';
if (isset($_POST[$k]) && is_array($_POST[$k])) {
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';;
}
$tmpvar[$k]=substr($tmpvar[$k],0,-6);
} else {
if ($v['req'] == 2) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
$_POST[$k] = '';
}
} elseif ($v['type'] == 'date') {
$tmpvar[$k] = hesk_POST($k);
$_SESSION["as_$k"] = '';
if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
$date = strtotime($tmpvar[$k] . ' t00:00:00');
$dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
$dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
$_SESSION["as_$k"] = $tmpvar[$k];
if ($dmin && $dmin > $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
} elseif ($dmax && $dmax < $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
} else {
$tmpvar[$k] = $date;
}
} else {
$tmpvar[$k] = '';
if ($v['req'] == 2) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
}
} elseif ($v['type'] == 'email')
{
$tmp = $hesk_settings['multi_eml'];
$hesk_settings['multi_eml'] = $v['value']['multiple'];
$tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
$hesk_settings['multi_eml'] = $tmp;
if ($tmpvar[$k] != '') {
$_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
} else {
$_SESSION["as_$k"] = '';
if ($v['req'] == 2) {
$hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
}
}
} elseif ($v['req'] == 2) {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
if ($tmpvar[$k] == '') {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
$tmpvar[$k] = substr($tmpvar[$k], 0, -6);
} else {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k])));
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
}
} else {
$tmpvar[$k] = '';
@ -202,7 +261,6 @@ if (count($hesk_error_buffer) != 0) {
$_SESSION['as_name'] = hesk_POST('name');
$_SESSION['as_email'] = hesk_POST('email');
$_SESSION['as_category'] = hesk_POST('category');
$_SESSION['as_priority'] = $tmpvar['priority'];
$_SESSION['as_subject'] = hesk_POST('subject');
$_SESSION['as_message'] = hesk_POST('message');
@ -211,7 +269,7 @@ if (count($hesk_error_buffer) != 0) {
$_SESSION['as_show'] = $show;
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
if ($v['use'] && ! in_array($v['type'], array('date', 'email'))) {
$_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
}
}
@ -228,7 +286,7 @@ if (count($hesk_error_buffer) != 0) {
}
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'new_ticket.php');
hesk_process_messages($hesk_error_buffer,'new_ticket.php?category='.$tmpvar['category']);
}
if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
@ -258,7 +316,7 @@ $tmpvar['screen_resolution_width'] = "NULL";
$ticket = hesk_newTicket($tmpvar);
// Notify the customer about the ticket?
if ($notify) {
if ($notify && $email_available) {
hesk_notifyCustomer($modsForHesk_settings);
}
@ -288,9 +346,7 @@ hesk_cleanSessionVars('as_owner');
hesk_cleanSessionVars('as_notify');
hesk_cleanSessionVars('as_show');
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
hesk_cleanSessionVars("as_$k");
}
hesk_cleanSessionVars("as_$k");
}
// If ticket has been assigned to the person submitting it lets show a message saying so
@ -304,5 +360,4 @@ if ($show) {
hesk_process_messages($hesklang['new_ticket_submitted'], 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
} else {
hesk_process_messages($hesklang['new_ticket_submitted'] . '. <a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999) . '">' . $hesklang['view_ticket'] . '</a>', 'new_ticket.php', 'SUCCESS');
}
?>
}

2250
admin/admin_ticket.php
File diff suppressed because it is too large
View File

173
admin/api_settings.php

@ -41,6 +41,7 @@ if (is_dir(HESK_PATH . 'install')) {
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -60,86 +61,103 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
// Print main manage users page
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row move-down-20">
<div class="col-sm-4">
<div class="panel panel-default">
<div class="panel-heading">
API Information
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['api_information']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<table class="table table-striped table-fixed">
<tr>
<td class="text-right">
API Version
<?php echo $hesklang['api_version']; ?>
</td>
<td class="pad-right-10 warning">
<td class="warning">
<?php echo $hesklang['beta_text']; ?>
</td>
</tr>
<tr>
<td class="text-right">
External API
<?php echo $hesklang['external_api']; ?>
</td>
<td class="pad-right-10 success" id="public-api-sidebar">
<td class="success" id="public-api-sidebar">
<?php
$enabled = $modsForHesk_settings['public_api'] == '1' ? '' : 'hide';
$disabled = $modsForHesk_settings['public_api'] == '1' ? 'hide' : '';
?>
<span id="public-api-sidebar-disabled" class="<?php echo $disabled; ?>">Disabled</span>
<span id="public-api-sidebar-enabled" class="<?php echo $enabled; ?>">Enabled</span>
<span id="public-api-sidebar-disabled" class="<?php echo $disabled; ?>">
<?php echo $hesklang['disabled_title_case']; ?>
</span>
<span id="public-api-sidebar-enabled" class="<?php echo $enabled; ?>">
<?php echo $hesklang['enabled_title_case']; ?>
</span>
</td>
</tr>
</table>
</div>
</div>
<div class="col-sm-8">
<h3>API Settings</h3>
<div class="footerWithBorder blankSpace"></div>
<ul class="nav nav-tabs">
<li class="active"><a href="#general" data-toggle="tab"><?php echo $hesklang['tab_1']; ?></a></li>
<li><a href="#user-security" data-toggle="tab">User Security</a></li>
<li><a href="#" target="_blank">API Documentation <i class="fa fa-external-link"></i></a></li>
</ul>
<div class="tab-content summaryList tabPadding">
<div class="tab-pane fade in active" id="general">
<form class="form-horizontal">
<div class="form-group">
<label for="public-api" class="col-sm-3 control-label">
Public API
<i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
title="Public API"
data-content="Enable or Disable the Public REST API."></i>
</label>
<div class="col-sm-9">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['api_settings']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body nav-tabs-custom">
<ul class="nav nav-tabs">
<li class="active"><a href="#general" data-toggle="tab"><?php echo $hesklang['tab_1']; ?></a></li>
<li><a href="#user-security" data-toggle="tab"><?php echo $hesklang['user_security']; ?></a></li>
<li><a href="#" target="_blank"><?php echo $hesklang['api_documentation']; ?> <i class="fa fa-external-link"></i></a></li>
</ul>
<div class="tab-content summaryList tabPadding">
<div class="tab-pane fade in active" id="general">
<form class="form-horizontal">
<div class="form-group">
<label for="public-api" class="col-sm-3 control-label">
<?php echo $hesklang['external_api']; ?>
<i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
title="<?php echo $hesklang['external_api']; ?>"
data-content="<?php echo $hesklang['external_api_help']; ?>"></i>
</label>
<div class="col-sm-9">
<span class="btn-group" data-toggle="buttons">
<?php
$on = $modsForHesk_settings['public_api'] == '1' ? 'active' : '';
$off = $modsForHesk_settings['public_api'] == '1' ? '' : 'active';
?>
<label id="enable-api-button" class="btn btn-success <?php echo $on; ?>">
<input type="radio" name="public-api" value="1" checked> <i class="fa fa-check-circle"></i> Enable
<input type="radio" name="public-api" value="1"> <i class="fa fa-check-circle"></i>
<?php echo $hesklang['enable']; ?>
</label>
<label id="disable-api-button" class="btn btn-danger <?php echo $off; ?>">
<input type="radio" name="public-api" value="0"> <i class="fa fa-times-circle"></i> Disable
<input type="radio" name="public-api" value="0"> <i class="fa fa-times-circle"></i>
<?php echo $hesklang['disable']; ?>
</label>
</span>
<span>
<i id="public-api-success" class="fa fa-check-circle fa-2x green hide media-middle"
data-toggle="tooltip" title="Changes saved!"></i>
data-toggle="tooltip" title="<?php echo $hesklang['changes_saved']; ?>"></i>
<i id="public-api-failure" class="fa fa-times-circle fa-2x red hide media-middle"
data-toggle="tooltip" title="Saving changes failed. Check the logs for more information."></i>
data-toggle="tooltip" title="<?php echo $hesklang['save_failed_check_logs']; ?>"></i>
<i id="public-api-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
data-toggle="tooltip" title="Saving..."></i>
data-toggle="tooltip" title="<?php echo $hesklang['saving']; ?>"></i>
</span>
</div>
</div>
</div>
</form>
</div>
<div class="tab-pane fade in" id="user-security">
<div class="panel panel-default">
<div class="panel-heading">
User Security
</div>
</form>
</div>
<div class="tab-pane fade in" id="user-security">
<?php
$users = array();
$userRs = hesk_dbQuery("SELECT `id`, `user`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1'");
@ -155,51 +173,53 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<table class="table table-striped">
<thead>
<tr>
<th>Username</th>
<th>Name</th>
<th>Number of Tokens</th>
<th>Actions</th>
<th><?php echo $hesklang['username']; ?></th>
<th><?php echo $hesklang['name']; ?></th>
<th><?php echo $hesklang['number_of_tokens']; ?></th>
<th><?php echo $hesklang['actions']; ?></th>
</tr>
</thead>
<tbody>
<?php
foreach ($users as $row):
?>
<tr>
<td><?php echo $row['user']; ?></td>
<td><?php echo $row['name']; ?></td>
<td id="token-<?php echo $row['id']; ?>-count"><?php echo $row['number_of_tokens']; ?></td>
<td>
?>
<tr>
<td><?php echo $row['user']; ?></td>
<td><?php echo $row['name']; ?></td>
<td id="token-<?php echo $row['id']; ?>-count"><?php echo $row['number_of_tokens']; ?></td>
<td>
<span class="btn-group">
<button class="btn btn-default btn-xs" onclick="generateToken(<?php echo $row['id']; ?>)">
<i class="fa fa-plus-circle"></i> Generate New Token
<i class="fa fa-plus-circle"></i>
<?php echo $hesklang['generate_new_token']; ?>
</button>
<button class="btn btn-danger btn-xs" onclick="clearTokens(<?php echo $row['id']; ?>)">
<i class="fa fa-undo"></i> Reset Tokens
<i class="fa fa-times"></i>
<?php echo $hesklang['revoke_all_tokens']; ?>
</button>
</span>
<span>
<i id="token-<?php echo $row['id']; ?>-success" class="fa fa-check-circle fa-2x green hide media-middle"
data-toggle="tooltip" title="Changes saved!"></i>
data-toggle="tooltip" title="<?php echo $hesklang['changes_saved']; ?>"></i>
<i id="token-<?php echo $row['id']; ?>-failure" class="fa fa-times-circle fa-2x red hide media-middle"
data-toggle="tooltip" title="Saving changes failed. Check the logs for more information."></i>
data-toggle="tooltip" title="<?php echo $hesklang['save_failed_check_logs']; ?>"></i>
<i id="token-<?php echo $row['id']; ?>-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
data-toggle="tooltip" title="Saving..."></i>
data-toggle="tooltip" title="<?php echo $hesklang['saving']; ?>"></i>
</span>
</td>
</tr>
<tr id="token-<?php echo $row['id']; ?>-created" class="success hide">
<td colspan="4">
Generated Token: <code class="token"></code>
<p><b>NOTE:</b> Please record this token, as this is the only time you will be able to view it!</p>
</td>
</tr>
<tr id="token-<?php echo $row['id']; ?>-reset" class="success hide">
<td colspan="4">
<p>All tokens for this user have been removed!</p>
</td>
</tr>
<?php
</td>
</tr>
<tr id="token-<?php echo $row['id']; ?>-created" class="success hide">
<td colspan="4">
<?php echo $hesklang['generated_token_colon']; ?> <code class="token"></code>
<p><b><?php echo $hesklang['record_this_token_warning']; ?></b></p>
</td>
</tr>
<tr id="token-<?php echo $row['id']; ?>-reset" class="success hide">
<td colspan="4">
<p><?php echo $hesklang['all_tokens_revoked']; ?></p>
</td>
</tr>
<?php
endforeach;
?>
</tbody>
@ -208,7 +228,8 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();

25
admin/assign_owner.php

@ -70,7 +70,7 @@ $owner = intval(hesk_REQUEST('owner'));
/* If ID is -1 the ticket will be unassigned */
if ($owner == -1) {
$revision = sprintf($hesklang['thist2'], hesk_date(), '<i>' . $hesklang['unas'] . '</i>', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
hesk_process_messages($hesklang['tunasi2'], $_SERVER['PHP_SELF'], 'SUCCESS');
} elseif ($owner < 1) {
@ -89,10 +89,31 @@ if (!$row['isadmin']) {
}
}
// Make sure two people don't assign a ticket to a different user at the same time
if ($ticket['owner'] && $ticket['owner'] != $owner && hesk_REQUEST('unassigned') && hesk_GET('confirm') != 'Y') {
$new_owner = ($owner == $_SESSION['id']) ? $hesklang['scoy'] : sprintf($hesklang['scot'], $row['name']);
$res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$ticket['owner']}' LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
$row = hesk_dbFetchAssoc($res);
hesk_process_messages(
sprintf($hesklang['taat'], $row['name']) .
'<br /><br />' .
$new_owner .
'<br /><br />' .
'<a href="assign_owner.php?track='.$ticket['trackid'].'&amp;owner='.$owner.'&amp;token='.hesk_token_echo(0).'&amp;unassigned=1&amp;confirm=Y">'.$hesklang['ycto'].'</a> | ' .
'<a href="admin_ticket.php?track='.$ticket['trackid'].'">'.$hesklang['ncto'].'</a>',
$_SERVER['PHP_SELF'], 'NOTICE'
);
}
}
/* Assigning to self? */
if ($can_assign_others || ($owner == $_SESSION['id'] && $can_assign_self)) {
$revision = sprintf($hesklang['thist2'], hesk_date(), $row['name'] . ' (' . $row['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) {
$_SERVER['PHP_SELF'] = 'admin_main.php';

314
admin/banned_emails.php

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016