Netsyms
/
Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch '3-0-0' into 'master'

Browse Source 
3.0.0 Update

See merge request !29
merge-requests/30/head 3.0.0-beta-1
Mike Koch 8 years ago
parent df46cc7579 c5aff8b9db
commit 38d56f195f
88 changed files with 14319 additions and 11628 deletions
Show Stats Download Patch File Download Diff File

15
.gitignore vendored
Unescape Escape View File

@ -1,14 +1,13 @@
admin/admin_suggest_articles.php admin/admin_suggest_articles.php
admin/archive.php admin/archive.php
admin/custom_statuses.php
admin/email_templates.php
admin/generate_spam_question.php admin/generate_spam_question.php
admin/priority.php admin/priority.php
admin/test_connection.php admin/test_connection.php
attachments/index.htm attachments/index.htm
docs/changelog.html cache/
docs/docs_style.css docs/
docs/index.html
docs/quick-guide.html
docs/step-by-step-guide.html
file_limits.php file_limits.php
footer.txt footer.txt
header.txt header.txt
@ -27,6 +26,7 @@ img/clip.png
img/code.png img/code.png
img/code_off.png img/code_off.png
img/delete.png img/delete.png
img/delete_off.png
img/delete_ticket.png img/delete_ticket.png
img/edit.png img/edit.png
img/error.png img/error.png
@ -114,6 +114,7 @@ img/print.png
img/private.png img/private.png
img/public.png img/public.png
img/reload.png img/reload.png
img/refresh.png
img/roundcornersb.jpg img/roundcornersb.jpg
img/roundcornerslb.jpg img/roundcornerslb.jpg
img/roundcornerslm.jpg img/roundcornerslm.jpg
@ -156,10 +157,11 @@ inc/calendar/tcal.js
inc/calendar/tcal.php inc/calendar/tcal.php
inc/database.inc.php inc/database.inc.php
inc/database_mysqli.inc.php inc/database_mysqli.inc.php
inc/footer.inc.php
inc/htmlpurifier inc/htmlpurifier
inc/index.htm inc/index.htm
inc/jscolor/
inc/mail/email_parser.php inc/mail/email_parser.php
inc/mail/hesk_imap.php
inc/mail/hesk_pipe.php inc/mail/hesk_pipe.php
inc/mail/hesk_pop3.php inc/mail/hesk_pop3.php
inc/mail/index.htm inc/mail/index.htm
@ -184,6 +186,7 @@ inc/recaptcha/recaptchalib.php
inc/reporting_functions.inc.php inc/reporting_functions.inc.php
inc/secimg.inc.php inc/secimg.inc.php
inc/setup_functions.inc.php inc/setup_functions.inc.php
inc/statuses.inc.php
inc/tabs/index.htm inc/tabs/index.htm
inc/tabs/tabber-minimized.js inc/tabs/tabber-minimized.js
inc/tabs/tabber.css inc/tabs/tabber.css

139
admin/admin_main.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -41,6 +24,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/status_functions.inc.php'); require(HESK_PATH . 'inc/status_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -50,53 +34,61 @@ hesk_isLoggedIn();
define('CALENDAR', 1); define('CALENDAR', 1);
define('MAIN_PAGE', 1); define('MAIN_PAGE', 1);
define('PAGE_TITLE', 'ADMIN_HOME'); define('PAGE_TITLE', 'ADMIN_HOME');
define('AUTO_RELOAD', 1);
/* Print header */ /* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php'); require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row"> /* Reset default settings? */
<div class="col-md-12 pad-down-20"> if (isset($_GET['reset']) && hesk_token_check()) {
<?php $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "'");
/* This will handle error, success and notice messages */ $_SESSION['default_list'] = '';
hesk_handle_messages(); } /* Get default settings */
else {
/* Print tickets? */ parse_str($_SESSION['default_list'], $defaults);
if (hesk_checkPermission('can_view_tickets', 0)) { $_GET = isset($_GET) && is_array($_GET) ? array_merge($_GET, $defaults) : $defaults;
if (!isset($_SESSION['hide']['ticket_list'])) //Number of tickets (table header. NOT ACTUAL TABLE) }
{
echo '
<div class="panel panel-default">
<div class="panel-heading">
<h4>' . $hesklang['open_tickets'] . ' <span class="nu-floatRight panel-button"><a href="new_ticket.php" class="btn btn-success"><span class="glyphicon glyphicon-plus-sign"></span> ' . $hesklang['nti'] . '</a></span></h4>
</div>'; // The rest of the panel will be printed by print_tickets.inc.php
}
/* Reset default settings? */ ?>
if (isset($_GET['reset']) && hesk_token_check()) { <section class="content">
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1"); <?php hesk_handle_messages(); ?>
$_SESSION['default_list'] = ''; <div class="box">
} /* Get default settings */ <div class="box-header with-border">
else { <h1 class="box-title">
parse_str($_SESSION['default_list'], $defaults); <?php echo $hesklang['tickets']; ?>
$_GET = isset($_GET) && is_array($_GET) ? array_merge($_GET, $defaults) : $defaults; </h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<div class="checkbox">
<label>
<input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
<?php echo $hesklang['arp']; ?>
<span id="timer"></span>
</label>
</div>
<script type="text/javascript">heskCheckReloading();</script><br>
<?php
/* Print tickets? */
if (hesk_checkPermission('can_view_tickets', 0)) {
/* Print the list of tickets */
require(HESK_PATH . 'inc/print_tickets.inc.php');
echo '<br>';
/* Print forms for listing and searching tickets */
require(HESK_PATH . 'inc/show_search_form.inc.php');
} else {
echo '<p><i>' . $hesklang['na_view_tickets'] . '</i></p>';
} }
?>
/* Print the list of tickets */ </div>
require(HESK_PATH . 'inc/print_tickets.inc.php'); </div>
<?php
echo "&nbsp;<br />"; $hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
/* Print forms for listing and searching tickets */
require(HESK_PATH . 'inc/show_search_form.inc.php');
} else {
echo '<p><i>' . $hesklang['na_view_tickets'] . '</i></p>';
}
$hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
@ -114,13 +106,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P 29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
C9wPic7DQp9DQo=', "\112"); C9wPic7DQp9DQo=', "\112");
echo '<hr />&nbsp;<br />'; /* Clean unneeded session variables */
hesk_cleanSessionVars('hide');
/* Clean unneeded session variables */ ?>
hesk_cleanSessionVars('hide'); </section>
?>
</div>
</div>
<?php <?php

57
admin/admin_reply_ticket.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -74,6 +57,11 @@ if (hesk_dbNumRows($result) != 1) {
$ticket = hesk_dbFetchAssoc($result); $ticket = hesk_dbFetchAssoc($result);
$trackingID = $ticket['trackid']; $trackingID = $ticket['trackid'];
// Do we require owner before allowing to reply?
if ($hesk_settings['require_owner'] && ! $ticket['owner']) {
hesk_process_messages($hesklang['atbr'],'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
}
$hesk_error_buffer = array(); $hesk_error_buffer = array();
// Get the message // Get the message
@ -87,7 +75,7 @@ if (strlen($message)) {
// Save message for later and ignore the rest? // Save message for later and ignore the rest?
if (isset($_POST['save_reply'])) { if (isset($_POST['save_reply'])) {
// Delete any existing drafts from this owner for this ticket // Delete any existing drafts from this owner for this ticket
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1"); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
// Save the message draft // Save the message draft
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` (`owner`, `ticket`, `message`) VALUES (" . intval($_SESSION['id']) . ", " . intval($ticket['id']) . ", '" . hesk_dbEscape($message) . "')"); hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` (`owner`, `ticket`, `message`) VALUES (" . intval($_SESSION['id']) . ", " . intval($ticket['id']) . ", '" . hesk_dbEscape($message) . "')");
@ -237,6 +225,7 @@ $lockedTicketStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID` FROM `" . hesk
// Get new ticket status // Get new ticket status
$sql_status = ''; $sql_status = '';
$change_status = true;
// -> If locked, keep it resolved // -> If locked, keep it resolved
if ($ticket['locked']) { if ($ticket['locked']) {
$new_status = $lockedTicketStatus['ID']; $new_status = $lockedTicketStatus['ID'];
@ -248,7 +237,7 @@ if ($ticket['locked']) {
$newStatusRs = hesk_dbQuery('SELECT `IsClosed`, `Key` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `ID` = ' . hesk_dbEscape($new_status)); $newStatusRs = hesk_dbQuery('SELECT `IsClosed`, `Key` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `ID` = ' . hesk_dbEscape($new_status));
$newStatus = hesk_dbFetchAssoc($newStatusRs); $newStatus = hesk_dbFetchAssoc($newStatusRs);
if ($newStatus['IsClosed']) { if ($newStatus['IsClosed'] && hesk_checkPermission('can_resolve', 0)) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql_status = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') "; $sql_status = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
@ -257,7 +246,7 @@ if ($ticket['locked']) {
$sql_status .= " , `locked`='1' "; $sql_status .= " , `locked`='1' ";
} }
} else { } else {
// Ticket isn't being closed, just add the history to the sql query // Ticket isn't being closed, just add the history to the sql query (or tried to close but doesn't have permission)
$revision = sprintf($hesklang['thist9'], hesk_date(), $hesklang[$newStatus['Key']], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $revision = sprintf($hesklang['thist9'], hesk_date(), $hesklang[$newStatus['Key']], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql_status = " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') "; $sql_status = " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
} }
@ -310,12 +299,12 @@ $sql .= " , `replies`=`replies`+1 ";
$sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 "; $sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 ";
// End and execute the query // End and execute the query
$sql .= " WHERE `id`='{$replyto}' LIMIT 1"; $sql .= " WHERE `id`='{$replyto}'";
hesk_dbQuery($sql); hesk_dbQuery($sql);
unset($sql); unset($sql);
/* Update number of replies in the users table */ /* Update number of replies in the users table */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "'");
// --> Prepare reply message // --> Prepare reply message
@ -357,7 +346,7 @@ elseif (!isset($_POST['no_notify']) || intval(hesk_POST('no_notify')) != 1) {
} }
// Delete any existing drafts from this owner for this ticket // Delete any existing drafts from this owner for this ticket
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1"); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
/* Set reply submitted message */ /* Set reply submitted message */
$_SESSION['HESK_SUCCESS'] = TRUE; $_SESSION['HESK_SUCCESS'] = TRUE;

5634
admin/admin_settings.php
View File

File diff suppressed because it is too large Load Diff

179
admin/admin_settings_save.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -85,9 +68,6 @@ if (isset($lang[1]) && in_array($lang[1], hesk_getLanguagesArray(1))) {
hesk_error($hesklang['err_lang']); hesk_error($hesklang['err_lang']);
} }
/* --> Database settings */
hesk_dbClose();
if (hesk_testMySQL()) { if (hesk_testMySQL()) {
// Database connection OK // Database connection OK
} elseif ($mysql_log) { } elseif ($mysql_log) {
@ -125,6 +105,7 @@ if ( ! is_writable(HESK_PATH . $set['attach_dir']) )
} }
*/ */
$set['cache_dir'] = isset($_POST['s_cache_dir']) && ! is_array($_POST['s_cache_dir']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_POST['s_cache_dir']) : 'cache';
$set['max_listings'] = hesk_checkMinMax(intval(hesk_POST('s_max_listings')), 1, 999, 10); $set['max_listings'] = hesk_checkMinMax(intval(hesk_POST('s_max_listings')), 1, 999, 10);
$set['print_font_size'] = hesk_checkMinMax(intval(hesk_POST('s_print_font_size')), 1, 99, 12); $set['print_font_size'] = hesk_checkMinMax(intval(hesk_POST('s_print_font_size')), 1, 99, 12);
$set['autoclose'] = hesk_checkMinMax(intval(hesk_POST('s_autoclose')), 0, 999, 7); $set['autoclose'] = hesk_checkMinMax(intval(hesk_POST('s_autoclose')), 0, 999, 7);
@ -135,6 +116,10 @@ $set['reply_top'] = empty($_POST['s_reply_top']) ? 0 : 1;
/* --> Features */ /* --> Features */
$set['autologin'] = empty($_POST['s_autologin']) ? 0 : 1; $set['autologin'] = empty($_POST['s_autologin']) ? 0 : 1;
$set['autoassign'] = empty($_POST['s_autoassign']) ? 0 : 1; $set['autoassign'] = empty($_POST['s_autoassign']) ? 0 : 1;
$set['require_email'] = empty($_POST['s_require_email']) ? 0 : 1;
$set['require_owner'] = empty($_POST['s_require_owner']) ? 0 : 1;
$set['require_subject'] = hesk_checkMinMax( intval( hesk_POST('s_require_subject') ) , -1, 1, 1);
$set['require_message'] = hesk_checkMinMax( intval( hesk_POST('s_require_message') ) , -1, 1, 1);
$set['custclose'] = empty($_POST['s_custclose']) ? 0 : 1; $set['custclose'] = empty($_POST['s_custclose']) ? 0 : 1;
$set['custopen'] = empty($_POST['s_custopen']) ? 0 : 1; $set['custopen'] = empty($_POST['s_custopen']) ? 0 : 1;
$set['rating'] = empty($_POST['s_rating']) ? 0 : 1; $set['rating'] = empty($_POST['s_rating']) ? 0 : 1;
@ -147,6 +132,7 @@ $set['debug_mode'] = empty($_POST['s_debug_mode']) ? 0 : 1;
$set['short_link'] = empty($_POST['s_short_link']) ? 0 : 1; $set['short_link'] = empty($_POST['s_short_link']) ? 0 : 1;
$set['select_cat'] = empty($_POST['s_select_cat']) ? 0 : 1; $set['select_cat'] = empty($_POST['s_select_cat']) ? 0 : 1;
$set['select_pri'] = empty($_POST['s_select_pri']) ? 0 : 1; $set['select_pri'] = empty($_POST['s_select_pri']) ? 0 : 1;
$set['cat_show_select'] = hesk_checkMinMax( intval( hesk_POST('s_cat_show_select') ) , 0, 999, 10);
/* --> SPAM prevention */ /* --> SPAM prevention */
$set['secimg_use'] = empty($_POST['s_secimg_use']) ? 0 : (hesk_POST('s_secimg_use') == 2 ? 2 : 1); $set['secimg_use'] = empty($_POST['s_secimg_use']) ? 0 : (hesk_POST('s_secimg_use') == 2 ? 2 : 1);
@ -168,7 +154,14 @@ if ($set['attempt_limit'] > 0) {
} }
$set['attempt_banmin'] = hesk_checkMinMax(intval(hesk_POST('s_attempt_banmin')), 5, 99999, 60); $set['attempt_banmin'] = hesk_checkMinMax(intval(hesk_POST('s_attempt_banmin')), 5, 99999, 60);
$set['reset_pass'] = empty($_POST['s_reset_pass']) ? 0 : 1; $set['reset_pass'] = empty($_POST['s_reset_pass']) ? 0 : 1;
$set['email_view_ticket'] = empty($_POST['s_email_view_ticket']) ? 0 : 1; $set['email_view_ticket'] = ($set['require_email'] == 0) ? 0 : (empty($_POST['s_email_view_ticket']) ? 0 : 1);
$set['x_frame_opt'] = empty($_POST['s_x_frame_opt']) ? 0 : 1;
$set['force_ssl'] = HESK_SSL && isset($_POST['s_force_ssl']) && $_POST['s_force_ssl'] == 1 ? 1 : 0;
// Make sure help desk URL starts with https if forcing SSL
if ($set['force_ssl']) {
$set['hesk_url'] = preg_replace('/^http:/i', 'https:', $set['hesk_url']);
}
/* --> Attachments */ /* --> Attachments */
$set['attachments']['use'] = empty($_POST['s_attach_use']) ? 0 : 1; $set['attachments']['use'] = empty($_POST['s_attach_use']) ? 0 : 1;
@ -246,7 +239,7 @@ if ($set['smtp']) {
$set['smtp'] = 0; $set['smtp'] = 0;
} }
} else { } else {
$set['smtp_host_name'] = hesk_input(hesk_POST('tmp_smtp_host_name', 'mail.domain.com')); $set['smtp_host_name'] = hesk_input(hesk_POST('tmp_smtp_host_name', 'mail.example.com'));
$set['smtp_host_port'] = intval(hesk_POST('tmp_smtp_host_port', 25)); $set['smtp_host_port'] = intval(hesk_POST('tmp_smtp_host_port', 25));
$set['smtp_timeout'] = intval(hesk_POST('tmp_smtp_timeout', 10)); $set['smtp_timeout'] = intval(hesk_POST('tmp_smtp_timeout', 10));
$set['smtp_ssl'] = empty($_POST['tmp_smtp_ssl']) ? 0 : 1; $set['smtp_ssl'] = empty($_POST['tmp_smtp_ssl']) ? 0 : 1;
@ -279,7 +272,7 @@ if ($set['pop3']) {
} }
} else { } else {
$set['pop3_job_wait'] = intval(hesk_POST('s_pop3_job_wait', 15)); $set['pop3_job_wait'] = intval(hesk_POST('s_pop3_job_wait', 15));
$set['pop3_host_name'] = hesk_input(hesk_POST('tmp_pop3_host_name', 'mail.domain.com')); $set['pop3_host_name'] = hesk_input(hesk_POST('tmp_pop3_host_name', 'mail.example.com'));
$set['pop3_host_port'] = intval(hesk_POST('tmp_pop3_host_port', 110)); $set['pop3_host_port'] = intval(hesk_POST('tmp_pop3_host_port', 110));
$set['pop3_tls'] = empty($_POST['tmp_pop3_tls']) ? 0 : 1; $set['pop3_tls'] = empty($_POST['tmp_pop3_tls']) ? 0 : 1;
$set['pop3_keep'] = empty($_POST['tmp_pop3_keep']) ? 0 : 1; $set['pop3_keep'] = empty($_POST['tmp_pop3_keep']) ? 0 : 1;
@ -287,6 +280,32 @@ if ($set['pop3']) {
$set['pop3_password'] = hesk_input(hesk_POST('tmp_pop3_password')); $set['pop3_password'] = hesk_input(hesk_POST('tmp_pop3_password'));
} }
/* --> IMAP fetching */
$imap_OK = true;
$set['imap'] = empty($_POST['s_imap']) ? 0 : 1;
if ($set['imap']) {
// Get IMAP fetching timeout
$set['imap_job_wait'] = hesk_checkMinMax( intval( hesk_POST('s_imap_job_wait') ) , 0, 1440, 15);
// Test IMAP connection
$imap_OK = hesk_testIMAP(true);
// If IMAP not working, disable it
if ( ! $imap_OK) {
$set['imap'] = 0;
}
} else {
$set['imap_job_wait'] = intval( hesk_POST('s_imap_job_wait', 15) );
$set['imap_host_name'] = hesk_input( hesk_POST('tmp_imap_host_name', 'mail.example.com') );
$set['imap_host_port'] = intval( hesk_POST('tmp_imap_host_port', 110) );
$set['imap_enc'] = hesk_POST('tmp_imap_enc');
$set['imap_enc'] = ($set['imap_enc'] == 'ssl' || $set['imap_enc'] == 'tls') ? $set['imap_enc'] : '';
$set['imap_keep'] = empty($_POST['tmp_imap_keep']) ? 0 : 1;
$set['imap_user'] = hesk_input( hesk_POST('tmp_imap_user') );
$set['imap_password'] = hesk_input( hesk_POST('tmp_imap_password') );
}
/* --> Email loops */ /* --> Email loops */
$set['loop_hits'] = hesk_checkMinMax(intval(hesk_POST('s_loop_hits')), 0, 999, 5); $set['loop_hits'] = hesk_checkMinMax(intval(hesk_POST('s_loop_hits')), 0, 999, 5);
$set['loop_time'] = hesk_checkMinMax(intval(hesk_POST('s_loop_time')), 1, 86400, 300); $set['loop_time'] = hesk_checkMinMax(intval(hesk_POST('s_loop_time')), 1, 86400, 300);
@ -323,10 +342,10 @@ if (!empty($_POST['s_email_providers']) && !is_array($_POST['s_email_providers']
if (!$set['detect_typos'] || count($set['email_providers']) < 1) { if (!$set['detect_typos'] || count($set['email_providers']) < 1) {
$set['detect_typos'] = 0; $set['detect_typos'] = 0;
$set['email_providers'] = array('gmail.com', 'hotmail.com', 'hotmail.co.uk', 'yahoo.com', 'yahoo.co.uk', 'aol.com', 'aol.co.uk', 'msn.com', 'live.com', 'live.co.uk', 'mail.com', 'googlemail.com', 'btinternet.com', 'btopenworld.com'); $set['email_providers']=array('aim.com','aol.co.uk','aol.com','att.net','bellsouth.net','blueyonder.co.uk','bt.com','btinternet.com','btopenworld.com','charter.net','comcast.net','cox.net','earthlink.net','email.com','facebook.com','fastmail.fm','free.fr','freeserve.co.uk','gmail.com','gmx.at','gmx.ch','gmx.com','gmx.de','gmx.fr','gmx.net','gmx.us','googlemail.com','hotmail.be','hotmail.co.uk','hotmail.com','hotmail.com.ar','hotmail.com.mx','hotmail.de','hotmail.es','hotmail.fr','hushmail.com','icloud.com','inbox.com','laposte.net','lavabit.com','list.ru','live.be','live.co.uk','live.com','live.com.ar','live.com.mx','live.de','live.fr','love.com','lycos.com','mac.com','mail.com','mail.ru','me.com','msn.com','nate.com','naver.com','neuf.fr','ntlworld.com','o2.co.uk','online.de','orange.fr','orange.net','outlook.com','pobox.com','prodigy.net.mx','qq.com','rambler.ru','rocketmail.com','safe-mail.net','sbcglobal.net','t-online.de','talktalk.co.uk','tiscali.co.uk','verizon.net','virgin.net','virginmedia.com','wanadoo.co.uk','wanadoo.fr','yahoo.co.id','yahoo.co.in','yahoo.co.jp','yahoo.co.kr','yahoo.co.uk','yahoo.com','yahoo.com.ar','yahoo.com.mx','yahoo.com.ph','yahoo.com.sg','yahoo.de','yahoo.fr','yandex.com','yandex.ru','ymail.com');
} }
$set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", $set['email_providers']) . "'" : ''; $set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", array_unique($set['email_providers'])) . "'" : '';
/* --> Notify customer when */ /* --> Notify customer when */
@ -386,7 +405,8 @@ foreach ($hesk_settings['possible_ticket_list'] as $key => $title) {
// We need at least one of these: id, trackid, subject // We need at least one of these: id, trackid, subject
if (!in_array('id', $set['ticket_list']) && !in_array('trackid', $set['ticket_list']) && !in_array('subject', $set['ticket_list'])) { if (!in_array('id', $set['ticket_list']) && !in_array('trackid', $set['ticket_list']) && !in_array('subject', $set['ticket_list'])) {
$set['ticket_list'][] = 'trackid'; // None of the required fields are there, add "trackid" as the first one
array_unshift($set['ticket_list'], 'trackid');
} }
$set['ticket_list'] = count($set['ticket_list']) ? "'" . implode("','", $set['ticket_list']) . "'" : 'trackid'; $set['ticket_list'] = count($set['ticket_list']) ? "'" . implode("','", $set['ticket_list']) . "'" : 'trackid';
@ -419,49 +439,9 @@ $set['submit_notice'] = empty($_POST['s_submit_notice']) ? 0 : 1;
$set['online'] = empty($_POST['s_online']) ? 0 : 1; $set['online'] = empty($_POST['s_online']) ? 0 : 1;
$set['online_min'] = hesk_checkMinMax(intval(hesk_POST('s_online_min')), 1, 999, 10); $set['online_min'] = hesk_checkMinMax(intval(hesk_POST('s_online_min')), 1, 999, 10);
$set['check_updates'] = empty($_POST['s_check_updates']) ? 0 : 1; $set['check_updates'] = empty($_POST['s_check_updates']) ? 0 : 1;
/*** CUSTOM FIELDS ***/
for ($i = 1; $i <= 20; $i++) {
$this_field = 'custom' . $i;
$set['custom_fields'][$this_field]['use'] = !empty($_POST['s_custom' . $i . '_use']) ? 1 : 0;
if ($set['custom_fields'][$this_field]['use']) {
$set['custom_fields'][$this_field]['place'] = empty($_POST['s_custom' . $i . '_place']) ? 0 : 1;
$set['custom_fields'][$this_field]['type'] = hesk_htmlspecialchars(hesk_POST('s_custom' . $i . '_type', 'text'));
$set['custom_fields'][$this_field]['req'] = !empty($_POST['s_custom' . $i . '_req']) ? 1 : 0;
$set['custom_fields'][$this_field]['name'] = hesk_input(hesk_POST('s_custom' . $i . '_name'), $hesklang['err_custname']);
$set['custom_fields'][$this_field]['maxlen'] = intval(hesk_POST('s_custom' . $i . '_maxlen', 255));
$set['custom_fields'][$this_field]['value'] = hesk_input(hesk_POST('s_custom' . $i . '_val'));
if ($set['custom_fields'][$this_field]['type'] == 'email' && $set['custom_fields'][$this_field]['value'] == '') {
// New custom field without any options set. Default to Cc
$set['custom_fields'][$this_field]['value'] = 'cc';
}
if (!in_array($set['custom_fields'][$this_field]['type'], array('text', 'textarea', 'select', 'radio', 'checkbox', 'date', 'multiselect', 'email', 'hidden', 'readonly'))) {
$set['custom_fields'][$this_field]['type'] = 'text';
}
// Try to detect if field type changed to anything except "select"
if ($set['custom_fields'][$this_field]['type'] != 'select') {
// If type is "radio" or "checkbox" remove "please select", keep other options
$set['custom_fields'][$this_field]['value'] = str_replace('{HESK_SELECT}', '', $set['custom_fields'][$this_field]['value']);
// Field type changed to "text" or "textarea", clear default value if it contains "#HESK#" separator
if (in_array($set['custom_fields'][$this_field]['type'], array('text', 'textarea')) && !in_array($hesk_settings['custom_fields'][$this_field]['type'], array('text', 'textarea')) && strpos($set['custom_fields'][$this_field]['value'], '#HESK#') !== false) {
$set['custom_fields'][$this_field]['value'] = '';
}
}
} else {
$set['custom_fields'][$this_field] = array('use' => 0, 'place' => 0, 'type' => 'text', 'req' => 0, 'name' => 'Custom field ' . $i, 'maxlen' => 255, 'value' => '');
}
}
$set['hesk_version'] = $hesk_settings['hesk_version']; $set['hesk_version'] = $hesk_settings['hesk_version'];
// Process quick help sections // Process quick help sections
hesk_dbConnect();
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "quick_help_sections` SET `show` = '0'"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "quick_help_sections` SET `show` = '0'");
$postArray = hesk_POST_array('quick_help_sections'); $postArray = hesk_POST_array('quick_help_sections');
foreach ($postArray as $value) { foreach ($postArray as $value) {
@ -516,6 +496,7 @@ $set['dropdownItemTextColor'] = hesk_input(hesk_POST('dropdownItemTextColor'));
$set['dropdownItemTextHoverColor'] = hesk_input(hesk_POST('dropdownItemTextHoverColor')); $set['dropdownItemTextHoverColor'] = hesk_input(hesk_POST('dropdownItemTextHoverColor'));
$set['questionMarkColor'] = hesk_input(hesk_POST('questionMarkColor')); $set['questionMarkColor'] = hesk_input(hesk_POST('questionMarkColor'));
$set['dropdownItemTextHoverBackgroundColor'] = hesk_input(hesk_POST('dropdownItemTextHoverBackgroundColor')); $set['dropdownItemTextHoverBackgroundColor'] = hesk_input(hesk_POST('dropdownItemTextHoverBackgroundColor'));
$set['admin_color_scheme'] = hesk_input(hesk_POST('admin-color-scheme'));
mfh_updateSetting('rtl', $set['rtl']); mfh_updateSetting('rtl', $set['rtl']);
mfh_updateSetting('show_icons', $set['show-icons']); mfh_updateSetting('show_icons', $set['show-icons']);
mfh_updateSetting('custom_field_setting', $set['custom-field-setting']); mfh_updateSetting('custom_field_setting', $set['custom-field-setting']);
@ -552,6 +533,7 @@ mfh_updateSetting('use_mailgun', $set['use_mailgun'], false);
mfh_updateSetting('enable_calendar', $set['enable_calendar'], false); mfh_updateSetting('enable_calendar', $set['enable_calendar'], false);
mfh_updateSetting('first_day_of_week', $set['first_day_of_week'], false); mfh_updateSetting('first_day_of_week', $set['first_day_of_week'], false);
mfh_updateSetting('default_calendar_view', $set['default_view'], true); mfh_updateSetting('default_calendar_view', $set['default_view'], true);
mfh_updateSetting('admin_color_scheme', $set['admin_color_scheme'], true);
// Prepare settings file and save it // Prepare settings file and save it
$settings_file_content = '<?php $settings_file_content = '<?php
@ -588,6 +570,7 @@ $hesk_settings[\'hesk_title\']=\'' . $set['hesk_title'] . '\';
$hesk_settings[\'hesk_url\']=\'' . $set['hesk_url'] . '\'; $hesk_settings[\'hesk_url\']=\'' . $set['hesk_url'] . '\';
$hesk_settings[\'admin_dir\']=\'' . $set['admin_dir'] . '\'; $hesk_settings[\'admin_dir\']=\'' . $set['admin_dir'] . '\';
$hesk_settings[\'attach_dir\']=\'' . $set['attach_dir'] . '\'; $hesk_settings[\'attach_dir\']=\'' . $set['attach_dir'] . '\';
$hesk_settings[\'cache_dir\']=\'' . $set['cache_dir'] . '\';
$hesk_settings[\'max_listings\']=' . $set['max_listings'] . '; $hesk_settings[\'max_listings\']=' . $set['max_listings'] . ';
$hesk_settings[\'print_font_size\']=' . $set['print_font_size'] . '; $hesk_settings[\'print_font_size\']=' . $set['print_font_size'] . ';
$hesk_settings[\'autoclose\']=' . $set['autoclose'] . '; $hesk_settings[\'autoclose\']=' . $set['autoclose'] . ';
@ -598,6 +581,10 @@ $hesk_settings[\'reply_top\']=' . $set['reply_top'] . ';
// --> Features // --> Features
$hesk_settings[\'autologin\']=' . $set['autologin'] . '; $hesk_settings[\'autologin\']=' . $set['autologin'] . ';
$hesk_settings[\'autoassign\']=' . $set['autoassign'] . '; $hesk_settings[\'autoassign\']=' . $set['autoassign'] . ';
$hesk_settings[\'require_email\']=' . $set['require_email'] . ';
$hesk_settings[\'require_owner\']=' . $set['require_owner'] . ';
$hesk_settings[\'require_subject\']=' . $set['require_subject'] . ';
$hesk_settings[\'require_message\']=' . $set['require_message'] . ';
$hesk_settings[\'custclose\']=' . $set['custclose'] . '; $hesk_settings[\'custclose\']=' . $set['custclose'] . ';
$hesk_settings[\'custopen\']=' . $set['custopen'] . '; $hesk_settings[\'custopen\']=' . $set['custopen'] . ';
$hesk_settings[\'rating\']=' . $set['rating'] . '; $hesk_settings[\'rating\']=' . $set['rating'] . ';
@ -610,6 +597,7 @@ $hesk_settings[\'debug_mode\']=' . $set['debug_mode'] . ';
$hesk_settings[\'short_link\']=' . $set['short_link'] . '; $hesk_settings[\'short_link\']=' . $set['short_link'] . ';
$hesk_settings[\'select_cat\']=' . $set['select_cat'] . '; $hesk_settings[\'select_cat\']=' . $set['select_cat'] . ';
$hesk_settings[\'select_pri\']=' . $set['select_pri'] . '; $hesk_settings[\'select_pri\']=' . $set['select_pri'] . ';
$hesk_settings[\'cat_show_select\']=' . $set['cat_show_select'] . ';
// --> SPAM Prevention // --> SPAM Prevention
$hesk_settings[\'secimg_use\']=' . $set['secimg_use'] . '; $hesk_settings[\'secimg_use\']=' . $set['secimg_use'] . ';
@ -626,6 +614,8 @@ $hesk_settings[\'attempt_limit\']=' . $set['attempt_limit'] . ';
$hesk_settings[\'attempt_banmin\']=' . $set['attempt_banmin'] . '; $hesk_settings[\'attempt_banmin\']=' . $set['attempt_banmin'] . ';
$hesk_settings[\'reset_pass\']=' . $set['reset_pass'] . '; $hesk_settings[\'reset_pass\']=' . $set['reset_pass'] . ';
$hesk_settings[\'email_view_ticket\']=' . $set['email_view_ticket'] . '; $hesk_settings[\'email_view_ticket\']=' . $set['email_view_ticket'] . ';
$hesk_settings[\'x_frame_opt\']=' . $set['x_frame_opt'] . ';
$hesk_settings[\'force_ssl\']=' . $set['force_ssl'] . ';
// --> Attachments // --> Attachments
$hesk_settings[\'attachments\']=array ( $hesk_settings[\'attachments\']=array (
@ -635,6 +625,15 @@ $hesk_settings[\'attachments\']=array (
\'allowed_types\' => array(\'' . implode('\',\'', $set['attachments']['allowed_types']) . '\') \'allowed_types\' => array(\'' . implode('\',\'', $set['attachments']['allowed_types']) . '\')
); );
// --> IMAP Fetching
$hesk_settings[\'imap\']=' . $set['imap'] . ';
$hesk_settings[\'imap_job_wait\']=' . $set['imap_job_wait'] . ';
$hesk_settings[\'imap_host_name\']=\'' . $set['imap_host_name'] . '\';
$hesk_settings[\'imap_host_port\']=' . $set['imap_host_port'] . ';
$hesk_settings[\'imap_enc\']=\'' . $set['imap_enc'] . '\';
$hesk_settings[\'imap_keep\']=' . $set['imap_keep'] . ';
$hesk_settings[\'imap_user\']=\'' . $set['imap_user'] . '\';
$hesk_settings[\'imap_password\']=\'' . $set['imap_password'] . '\';
// ==> KNOWLEDGEBASE // ==> KNOWLEDGEBASE
@ -731,22 +730,6 @@ $hesk_settings[\'online_min\']=' . $set['online_min'] . ';
$hesk_settings[\'check_updates\']=' . $set['check_updates'] . '; $hesk_settings[\'check_updates\']=' . $set['check_updates'] . ';
// ==> CUSTOM FIELDS
$hesk_settings[\'custom_fields\']=array (
';
for ($i = 1; $i <= 20; $i++) {
$settings_file_content .= '\'custom' . $i . '\'=>array(\'use\'=>' . $set['custom_fields']['custom' . $i]['use'] . ',\'place\'=>' . $set['custom_fields']['custom' . $i]['place'] . ',\'type\'=>\'' . $set['custom_fields']['custom' . $i]['type'] . '\',\'req\'=>' . $set['custom_fields']['custom' . $i]['req'] . ',\'name\'=>\'' . $set['custom_fields']['custom' . $i]['name'] . '\',\'maxlen\'=>' . $set['custom_fields']['custom' . $i]['maxlen'] . ',\'value\'=>\'' . $set['custom_fields']['custom' . $i]['value'] . '\')';
if ($i != 20) {
$settings_file_content .= ',
';
}
}
$settings_file_content .= '
);
############################# #############################
# DO NOT EDIT BELOW # # DO NOT EDIT BELOW #
############################# #############################
@ -796,14 +779,6 @@ function mfh_updateSetting($key, $value, $isString = false)
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET `Value` = " . $formattedValue . " WHERE `Key` = '" . $key . "'"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET `Value` = " . $formattedValue . " WHERE `Key` = '" . $key . "'");
} }
function hesk_checkMinMax($myint, $min, $max, $defval)
{
if ($myint > $max || $myint < $min) {
return $defval;
}
return $myint;
} // END hesk_checkMinMax()
function hesk_getLanguagesArray($returnArray = 0) function hesk_getLanguagesArray($returnArray = 0)
{ {
@ -847,7 +822,7 @@ function hesk_getLanguagesArray($returnArray = 0)
$add = 0; $add = 0;
} elseif (!preg_match('/\$hesklang\[\'EMAIL_HR\'\]\=\'(.*)\'\;/', $tmp, $hr)) { } elseif (!preg_match('/\$hesklang\[\'EMAIL_HR\'\]\=\'(.*)\'\;/', $tmp, $hr)) {
$add = 0; $add = 0;
} elseif (!preg_match('/\$hesklang\[\'ms01\'\]/', $tmp)) { } elseif (!preg_match('/\$hesklang\[\'refresh_page\'\]/', $tmp)) {
$add = 0; $add = 0;
} }
} else { } else {

157
admin/admin_submit_ticket.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -62,7 +45,22 @@ if ($hesk_settings['can_sel_lang']) {
$tmpvar['language'] = hesk_POST('customerLanguage'); $tmpvar['language'] = hesk_POST('customerLanguage');
} }
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name']; $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
$tmpvar['email'] = hesk_POST('email'); $email_available = true;
if ($hesk_settings['require_email']) {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
} else {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
// Not required, but must be valid if it is entered
if ($tmpvar['email'] == '') {
$email_available = false;
if (strlen(hesk_POST('email'))) {
$hesk_error_buffer['email'] = $hesklang['not_valid_email'];
}
}
}
if ($hesk_settings['multi_eml']) { if ($hesk_settings['multi_eml']) {
$tmpvar['email'] = str_replace(';',',', $tmpvar['email']); $tmpvar['email'] = str_replace(';',',', $tmpvar['email']);
} }
@ -80,11 +78,22 @@ if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3) {
} }
} }
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject']; $tmpvar['subject'] = hesk_input( hesk_POST('subject') );
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer['message'] = $hesklang['enter_message']; if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
$hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
}
$tmpvar['message'] = hesk_input( hesk_POST('message') );
if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
$hesk_error_buffer['message'] = $hesklang['enter_message'];
}
// Is category a valid choice? // Is category a valid choice?
if ($tmpvar['category']) { if ($tmpvar['category']) {
if ( ! hesk_checkPermission('can_submit_any_cat', 0) && ! hesk_okCategory($tmpvar['category'], 0) ) {
hesk_process_messages($hesklang['noauth_submit'],'new_ticket.php');
}
hesk_verifyCategory(1); hesk_verifyCategory(1);
// Is auto-assign of tickets disabled in this category? // Is auto-assign of tickets disabled in this category?
@ -94,19 +103,69 @@ if ($tmpvar['category']) {
} }
// Custom fields // Custom fields
foreach ($hesk_settings['custom_fields'] as $k => $v) { foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use'] && isset($_POST[$k])) { if ($v['use'] && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
// Date will be handled by the jQuery datepicker if ($v['type'] == 'checkbox') {
if ($v['type'] == 'date' && $_POST[$k] != '') { $tmpvar[$k]='';
$tmpvar[$k] = strtotime($_POST[$k]);
} else if (is_array($_POST[$k])) { if (isset($_POST[$k]) && is_array($_POST[$k])) {
$tmpvar[$k] = ''; foreach ($_POST[$k] as $myCB) {
foreach ($_POST[$k] as $myCB) { $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';;
$tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />'; }
$tmpvar[$k]=substr($tmpvar[$k],0,-6);
} else {
if ($v['req'] == 2) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
$_POST[$k] = '';
}
} elseif ($v['type'] == 'date') {
$tmpvar[$k] = hesk_POST($k);
$_SESSION["as_$k"] = '';
if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
$date = strtotime($tmpvar[$k] . ' t00:00:00');
$dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
$dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
$_SESSION["as_$k"] = $tmpvar[$k];
if ($dmin && $dmin > $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
} elseif ($dmax && $dmax < $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
} else {
$tmpvar[$k] = $date;
}
} else {
$tmpvar[$k] = '';
if ($v['req'] == 2) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
}
} elseif ($v['type'] == 'email')
{
$tmp = $hesk_settings['multi_eml'];
$hesk_settings['multi_eml'] = $v['value']['multiple'];
$tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
$hesk_settings['multi_eml'] = $tmp;
if ($tmpvar[$k] != '') {
$_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
} else {
$_SESSION["as_$k"] = '';
if ($v['req'] == 2) {
$hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
}
}
} elseif ($v['req'] == 2) {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
if ($tmpvar[$k] == '') {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
} }
$tmpvar[$k] = substr($tmpvar[$k], 0, -6);
} else { } else {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k]))); $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
} }
} else { } else {
$tmpvar[$k] = ''; $tmpvar[$k] = '';
@ -202,7 +261,6 @@ if (count($hesk_error_buffer) != 0) {
$_SESSION['as_name'] = hesk_POST('name'); $_SESSION['as_name'] = hesk_POST('name');
$_SESSION['as_email'] = hesk_POST('email'); $_SESSION['as_email'] = hesk_POST('email');
$_SESSION['as_category'] = hesk_POST('category');
$_SESSION['as_priority'] = $tmpvar['priority']; $_SESSION['as_priority'] = $tmpvar['priority'];
$_SESSION['as_subject'] = hesk_POST('subject'); $_SESSION['as_subject'] = hesk_POST('subject');
$_SESSION['as_message'] = hesk_POST('message'); $_SESSION['as_message'] = hesk_POST('message');
@ -211,7 +269,7 @@ if (count($hesk_error_buffer) != 0) {
$_SESSION['as_show'] = $show; $_SESSION['as_show'] = $show;
foreach ($hesk_settings['custom_fields'] as $k => $v) { foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) { if ($v['use'] && ! in_array($v['type'], array('date', 'email'))) {
$_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k); $_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
} }
} }
@ -228,7 +286,7 @@ if (count($hesk_error_buffer) != 0) {
} }
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>'; $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'new_ticket.php'); hesk_process_messages($hesk_error_buffer,'new_ticket.php?category='.$tmpvar['category']);
} }
if ($hesk_settings['attachments']['use'] && !empty($attachments)) { if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
@ -258,7 +316,7 @@ $tmpvar['screen_resolution_width'] = "NULL";
$ticket = hesk_newTicket($tmpvar); $ticket = hesk_newTicket($tmpvar);
// Notify the customer about the ticket? // Notify the customer about the ticket?
if ($notify) { if ($notify && $email_available) {
hesk_notifyCustomer($modsForHesk_settings); hesk_notifyCustomer($modsForHesk_settings);
} }
@ -288,9 +346,7 @@ hesk_cleanSessionVars('as_owner');
hesk_cleanSessionVars('as_notify'); hesk_cleanSessionVars('as_notify');
hesk_cleanSessionVars('as_show'); hesk_cleanSessionVars('as_show');
foreach ($hesk_settings['custom_fields'] as $k => $v) { foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) { hesk_cleanSessionVars("as_$k");
hesk_cleanSessionVars("as_$k");
}
} }
// If ticket has been assigned to the person submitting it lets show a message saying so // If ticket has been assigned to the person submitting it lets show a message saying so
@ -304,5 +360,4 @@ if ($show) {
hesk_process_messages($hesklang['new_ticket_submitted'], 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); hesk_process_messages($hesklang['new_ticket_submitted'], 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
} else { } else {
hesk_process_messages($hesklang['new_ticket_submitted'] . '. <a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999) . '">' . $hesklang['view_ticket'] . '</a>', 'new_ticket.php', 'SUCCESS'); hesk_process_messages($hesklang['new_ticket_submitted'] . '. <a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999) . '">' . $hesklang['view_ticket'] . '</a>', 'new_ticket.php', 'SUCCESS');
} }
?>

2250
admin/admin_ticket.php
View File

File diff suppressed because it is too large Load Diff

173
admin/api_settings.php
Unescape Escape View File

@ -41,6 +41,7 @@ if (is_dir(HESK_PATH . 'install')) {
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -60,86 +61,103 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
// Print main manage users page // Print main manage users page
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<section class="content">
<div class="row move-down-20"> <div class="box">
<div class="col-sm-4"> <div class="box-header with-border">
<div class="panel panel-default"> <h1 class="box-title">
<div class="panel-heading"> <?php echo $hesklang['api_information']; ?>
API Information </h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div> </div>
</div>
<div class="box-body">
<table class="table table-striped table-fixed"> <table class="table table-striped table-fixed">
<tr> <tr>
<td class="text-right"> <td class="text-right">
API Version <?php echo $hesklang['api_version']; ?>
</td> </td>
<td class="pad-right-10 warning"> <td class="warning">
<?php echo $hesklang['beta_text']; ?> <?php echo $hesklang['beta_text']; ?>
</td> </td>
</tr> </tr>
<tr> <tr>
<td class="text-right"> <td class="text-right">
External API <?php echo $hesklang['external_api']; ?>
</td> </td>
<td class="pad-right-10 success" id="public-api-sidebar"> <td class="success" id="public-api-sidebar">
<?php <?php
$enabled = $modsForHesk_settings['public_api'] == '1' ? '' : 'hide'; $enabled = $modsForHesk_settings['public_api'] == '1' ? '' : 'hide';
$disabled = $modsForHesk_settings['public_api'] == '1' ? 'hide' : ''; $disabled = $modsForHesk_settings['public_api'] == '1' ? 'hide' : '';
?> ?>
<span id="public-api-sidebar-disabled" class="<?php echo $disabled; ?>">Disabled</span> <span id="public-api-sidebar-disabled" class="<?php echo $disabled; ?>">
<span id="public-api-sidebar-enabled" class="<?php echo $enabled; ?>">Enabled</span> <?php echo $hesklang['disabled_title_case']; ?>
</span>
<span id="public-api-sidebar-enabled" class="<?php echo $enabled; ?>">
<?php echo $hesklang['enabled_title_case']; ?>
</span>
</td> </td>
</tr> </tr>
</table> </table>
</div> </div>
</div> </div>
<div class="col-sm-8"> <div class="box">
<h3>API Settings</h3> <div class="box-header with-border">
<div class="footerWithBorder blankSpace"></div> <h1 class="box-title">
<ul class="nav nav-tabs"> <?php echo $hesklang['api_settings']; ?>
<li class="active"><a href="#general" data-toggle="tab"><?php echo $hesklang['tab_1']; ?></a></li> </h1>
<li><a href="#user-security" data-toggle="tab">User Security</a></li> <div class="box-tools pull-right">
<li><a href="#" target="_blank">API Documentation <i class="fa fa-external-link"></i></a></li> <button type="button" class="btn btn-box-tool" data-widget="collapse">
</ul> <i class="fa fa-minus"></i>
<div class="tab-content summaryList tabPadding"> </button>
<div class="tab-pane fade in active" id="general"> </div>
<form class="form-horizontal"> </div>
<div class="form-group"> <div class="box-body nav-tabs-custom">
<label for="public-api" class="col-sm-3 control-label"> <ul class="nav nav-tabs">
Public API <li class="active"><a href="#general" data-toggle="tab"><?php echo $hesklang['tab_1']; ?></a></li>
<i class="fa fa-question-circle settingsquestionmark" data-toggle="popover" <li><a href="#user-security" data-toggle="tab"><?php echo $hesklang['user_security']; ?></a></li>
title="Public API" <li><a href="#" target="_blank"><?php echo $hesklang['api_documentation']; ?> <i class="fa fa-external-link"></i></a></li>
data-content="Enable or Disable the Public REST API."></i> </ul>
</label> <div class="tab-content summaryList tabPadding">
<div class="col-sm-9"> <div class="tab-pane fade in active" id="general">
<form class="form-horizontal">
<div class="form-group">
<label for="public-api" class="col-sm-3 control-label">
<?php echo $hesklang['external_api']; ?>
<i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
title="<?php echo $hesklang['external_api']; ?>"
data-content="<?php echo $hesklang['external_api_help']; ?>"></i>
</label>
<div class="col-sm-9">
<span class="btn-group" data-toggle="buttons"> <span class="btn-group" data-toggle="buttons">
<?php <?php
$on = $modsForHesk_settings['public_api'] == '1' ? 'active' : ''; $on = $modsForHesk_settings['public_api'] == '1' ? 'active' : '';
$off = $modsForHesk_settings['public_api'] == '1' ? '' : 'active'; $off = $modsForHesk_settings['public_api'] == '1' ? '' : 'active';
?> ?>
<label id="enable-api-button" class="btn btn-success <?php echo $on; ?>"> <label id="enable-api-button" class="btn btn-success <?php echo $on; ?>">
<input type="radio" name="public-api" value="1" checked> <i class="fa fa-check-circle"></i> Enable <input type="radio" name="public-api" value="1"> <i class="fa fa-check-circle"></i>
<?php echo $hesklang['enable']; ?>
</label> </label>
<label id="disable-api-button" class="btn btn-danger <?php echo $off; ?>"> <label id="disable-api-button" class="btn btn-danger <?php echo $off; ?>">
<input type="radio" name="public-api" value="0"> <i class="fa fa-times-circle"></i> Disable <input type="radio" name="public-api" value="0"> <i class="fa fa-times-circle"></i>
<?php echo $hesklang['disable']; ?>
</label> </label>
</span> </span>
<span> <span>
<i id="public-api-success" class="fa fa-check-circle fa-2x green hide media-middle" <i id="public-api-success" class="fa fa-check-circle fa-2x green hide media-middle"
data-toggle="tooltip" title="Changes saved!"></i> data-toggle="tooltip" title="<?php echo $hesklang['changes_saved']; ?>"></i>
<i id="public-api-failure" class="fa fa-times-circle fa-2x red hide media-middle" <i id="public-api-failure" class="fa fa-times-circle fa-2x red hide media-middle"
data-toggle="tooltip" title="Saving changes failed. Check the logs for more information."></i> data-toggle="tooltip" title="<?php echo $hesklang['save_failed_check_logs']; ?>"></i>
<i id="public-api-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle" <i id="public-api-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
data-toggle="tooltip" title="Saving..."></i> data-toggle="tooltip" title="<?php echo $hesklang['saving']; ?>"></i>
</span> </span>
</div>
</div> </div>
</div> </form>
</form> </div>
</div> <div class="tab-pane fade in" id="user-security">
<div class="tab-pane fade in" id="user-security">
<div class="panel panel-default">
<div class="panel-heading">
User Security
</div>
<?php <?php
$users = array(); $users = array();
$userRs = hesk_dbQuery("SELECT `id`, `user`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1'"); $userRs = hesk_dbQuery("SELECT `id`, `user`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1'");
@ -155,51 +173,53 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<table class="table table-striped"> <table class="table table-striped">
<thead> <thead>
<tr> <tr>
<th>Username</th> <th><?php echo $hesklang['username']; ?></th>
<th>Name</th> <th><?php echo $hesklang['name']; ?></th>
<th>Number of Tokens</th> <th><?php echo $hesklang['number_of_tokens']; ?></th>
<th>Actions</th> <th><?php echo $hesklang['actions']; ?></th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<?php <?php
foreach ($users as $row): foreach ($users as $row):
?> ?>
<tr> <tr>
<td><?php echo $row['user']; ?></td> <td><?php echo $row['user']; ?></td>
<td><?php echo $row['name']; ?></td> <td><?php echo $row['name']; ?></td>
<td id="token-<?php echo $row['id']; ?>-count"><?php echo $row['number_of_tokens']; ?></td> <td id="token-<?php echo $row['id']; ?>-count"><?php echo $row['number_of_tokens']; ?></td>
<td> <td>
<span class="btn-group"> <span class="btn-group">
<button class="btn btn-default btn-xs" onclick="generateToken(<?php echo $row['id']; ?>)"> <button class="btn btn-default btn-xs" onclick="generateToken(<?php echo $row['id']; ?>)">
<i class="fa fa-plus-circle"></i> Generate New Token <i class="fa fa-plus-circle"></i>
<?php echo $hesklang['generate_new_token']; ?>
</button> </button>
<button class="btn btn-danger btn-xs" onclick="clearTokens(<?php echo $row['id']; ?>)"> <button class="btn btn-danger btn-xs" onclick="clearTokens(<?php echo $row['id']; ?>)">
<i class="fa fa-undo"></i> Reset Tokens <i class="fa fa-times"></i>
<?php echo $hesklang['revoke_all_tokens']; ?>
</button> </button>
</span> </span>
<span> <span>
<i id="token-<?php echo $row['id']; ?>-success" class="fa fa-check-circle fa-2x green hide media-middle" <i id="token-<?php echo $row['id']; ?>-success" class="fa fa-check-circle fa-2x green hide media-middle"
data-toggle="tooltip" title="Changes saved!"></i> data-toggle="tooltip" title="<?php echo $hesklang['changes_saved']; ?>"></i>
<i id="token-<?php echo $row['id']; ?>-failure" class="fa fa-times-circle fa-2x red hide media-middle" <i id="token-<?php echo $row['id']; ?>-failure" class="fa fa-times-circle fa-2x red hide media-middle"
data-toggle="tooltip" title="Saving changes failed. Check the logs for more information."></i> data-toggle="tooltip" title="<?php echo $hesklang['save_failed_check_logs']; ?>"></i>
<i id="token-<?php echo $row['id']; ?>-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle" <i id="token-<?php echo $row['id']; ?>-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
data-toggle="tooltip" title="Saving..."></i> data-toggle="tooltip" title="<?php echo $hesklang['saving']; ?>"></i>
</span> </span>
</td> </td>
</tr> </tr>
<tr id="token-<?php echo $row['id']; ?>-created" class="success hide"> <tr id="token-<?php echo $row['id']; ?>-created" class="success hide">
<td colspan="4"> <td colspan="4">
Generated Token: <code class="token"></code> <?php echo $hesklang['generated_token_colon']; ?> <code class="token"></code>
<p><b>NOTE:</b> Please record this token, as this is the only time you will be able to view it!</p> <p><b><?php echo $hesklang['record_this_token_warning']; ?></b></p>
</td> </td>
</tr> </tr>
<tr id="token-<?php echo $row['id']; ?>-reset" class="success hide"> <tr id="token-<?php echo $row['id']; ?>-reset" class="success hide">
<td colspan="4"> <td colspan="4">
<p>All tokens for this user have been removed!</p> <p><?php echo $hesklang['all_tokens_revoked']; ?></p>
</td> </td>
</tr> </tr>
<?php <?php
endforeach; endforeach;
?> ?>
</tbody> </tbody>
@ -208,7 +228,8 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div> </div>
</div> </div>
</div> </div>
</section>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
exit(); exit();

25
admin/assign_owner.php
Unescape Escape View File

@ -70,7 +70,7 @@ $owner = intval(hesk_REQUEST('owner'));
/* If ID is -1 the ticket will be unassigned */ /* If ID is -1 the ticket will be unassigned */
if ($owner == -1) { if ($owner == -1) {
$revision = sprintf($hesklang['thist2'], hesk_date(), '<i>' . $hesklang['unas'] . '</i>', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $revision = sprintf($hesklang['thist2'], hesk_date(), '<i>' . $hesklang['unas'] . '</i>', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
hesk_process_messages($hesklang['tunasi2'], $_SERVER['PHP_SELF'], 'SUCCESS'); hesk_process_messages($hesklang['tunasi2'], $_SERVER['PHP_SELF'], 'SUCCESS');
} elseif ($owner < 1) { } elseif ($owner < 1) {
@ -89,10 +89,31 @@ if (!$row['isadmin']) {
} }
} }
// Make sure two people don't assign a ticket to a different user at the same time
if ($ticket['owner'] && $ticket['owner'] != $owner && hesk_REQUEST('unassigned') && hesk_GET('confirm') != 'Y') {
$new_owner = ($owner == $_SESSION['id']) ? $hesklang['scoy'] : sprintf($hesklang['scot'], $row['name']);
$res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$ticket['owner']}' LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
$row = hesk_dbFetchAssoc($res);
hesk_process_messages(
sprintf($hesklang['taat'], $row['name']) .
'<br /><br />' .
$new_owner .
'<br /><br />' .
'<a href="assign_owner.php?track='.$ticket['trackid'].'&amp;owner='.$owner.'&amp;token='.hesk_token_echo(0).'&amp;unassigned=1&amp;confirm=Y">'.$hesklang['ycto'].'</a> | ' .
'<a href="admin_ticket.php?track='.$ticket['trackid'].'">'.$hesklang['ncto'].'</a>',
$_SERVER['PHP_SELF'], 'NOTICE'
);
}
}
/* Assigning to self? */ /* Assigning to self? */
if ($can_assign_others || ($owner == $_SESSION['id'] && $can_assign_self)) { if ($can_assign_others || ($owner == $_SESSION['id'] && $can_assign_self)) {
$revision = sprintf($hesklang['thist2'], hesk_date(), $row['name'] . ' (' . $row['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $revision = sprintf($hesklang['thist2'], hesk_date(), $row['name'] . ' (' . $row['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) { if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) {
$_SERVER['PHP_SELF'] = 'admin_main.php'; $_SERVER['PHP_SELF'] = 'admin_main.php';

314
admin/banned_emails.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -36,6 +19,7 @@ define('PAGE_TITLE', 'ADMIN_TOOLS');
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -66,175 +50,187 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */ /* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<section class="content">
<div class="row pad-down-20"> <div class="box">
<ul class="nav nav-tabs" role="tablist"> <div class="box-body">
<li role="presentation" class="active"> <div class="nav-tabs-custom">
<a href="#"><?php echo $hesklang['banemail']; ?> <i class="fa fa-question-circle settingsquestionmark" <ul class="nav nav-tabs" role="tablist">
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banemail_intro']); ?>')"></i></a> <li role="presentation" class="active">
</li> <a href="#"><?php echo $hesklang['banemail']; ?> <i class="fa fa-question-circle settingsquestionmark"
<?php onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banemail_intro']); ?>')"></i></a>
// Show a link to banned_ips.php if user has permission to do so </li>
if (hesk_checkPermission('can_ban_ips', 0)) { <?php
echo ' // Show a link to banned_ips.php if user has permission to do so
if (hesk_checkPermission('can_ban_ips', 0)) {
echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a> <a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>
</li>'; </li>';
} }
// Show a link to status_message.php if user has permission to do so // Show a link to status_message.php if user has permission to do so
if (hesk_checkPermission('can_service_msg', 0)) { if (hesk_checkPermission('can_service_msg', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a> <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
</li>'; </li>';
} }
// Show a link to email tpl management if user has permission to do so // Show a link to email tpl management if user has permission to do so
if (hesk_checkPermission('can_man_email_tpl', 0)) { if (hesk_checkPermission('can_man_email_tpl', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a> <a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>
</li> </li>
'; ';
} }
if (hesk_checkPermission('can_man_ticket_statuses', 0)) { if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a> <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
</li> </li>
'; ';
} }
?> if (hesk_checkPermission('can_man_settings', 0)) {
</ul> echo '<li role="presentation"><a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a></li> ';
<div class="tab-content summaryList tabPadding"> }
<script language="javascript" type="text/javascript"><!-- ?>
function confirm_delete() { </ul>
if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) { <div class="tab-content summaryList tabPadding">
return true; <script language="javascript" type="text/javascript"><!--
} function confirm_delete() {
else { if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {
return false; return true;
} }
} else {
//--> return false;
</script> }
<div class="row"> }
<div class="col-md-8"> //-->
<br><br> </script>
<?php <div class="row">
/* This will handle error, success and notice messages */ <div class="col-md-8">
hesk_handle_messages(); <br><br>
?> <?php
<form action="banned_emails.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator"> /* This will handle error, success and notice messages */
<div class="form-group"> hesk_handle_messages();
<label for="text" class="col-sm-3 control-label"><?php echo $hesklang['bananemail']; ?></label> ?>
<form action="banned_emails.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">
<div class="col-sm-9"> <div class="form-group">
<input type="text" class="form-control" name="email" size="30" maxlength="255" data-error="<?php echo htmlspecialchars($hesklang['enterbanemail']); ?>" <label for="text" class="col-sm-3 control-label"><?php echo $hesklang['bananemail']; ?></label>
placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>" required>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/> <div class="col-sm-9">
<input type="hidden" name="a" value="ban"/> <input type="text" class="form-control" name="email" size="30" maxlength="255" data-error="<?php echo htmlspecialchars($hesklang['enterbanemail']); ?>"
<div class="help-block with-errors"></div> placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>" required>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
<input type="hidden" name="a" value="ban"/>
<div class="help-block with-errors"></div>
</div>
</div>
<div class="form-group">
<div class="col-sm-9 col-sm-offset-3">
<input type="submit" value="<?php echo $hesklang['savebanemail']; ?>"
class="btn btn-default">
</div>
</div>
</form>
</div> </div>
</div> <div class="col-md-4">
<div class="form-group"> <h6 class="bold"><?php echo $hesklang['banex']; ?></h6>
<div class="col-sm-9 col-sm-offset-3">
<input type="submit" value="<?php echo $hesklang['savebanemail']; ?>" <div class="footerWithBorder blankSpace"></div>
class="btn btn-default"> <b>john@example.com</b><br/>
<b>@example.com</b>
</div> </div>
</div> </div>
</form> <div class="row">
</div> <div class="col-sm-12">
<div class="col-md-4">
<h6 class="bold"><?php echo $hesklang['banex']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<b>john@email.com</b><br/>
<b>@domain.com</b>
</div>
</div>
<div class="row">
<?php
// Get banned emails from database
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'banned_emails` ORDER BY `email` ASC');
$num = hesk_dbNumRows($res);
echo '<h4>' . $hesklang['eperm'] . '</h4>';
if ($num < 1) {
echo '<p>' . $hesklang['no_banemails'] . '</p>';
} else {
// List of staff
if (!isset($admins)) {
$admins = array();
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");
while ($row = hesk_dbFetchAssoc($res2)) {
$admins[$row['id']] = $row['name'];
}
}
?>
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['email']; ?></th>
<th><?php echo $hesklang['banby']; ?></th>
<th><?php echo $hesklang['date']; ?></th>
<?php <?php
if ($can_unban) {
?>
<th><?php echo $hesklang['opt']; ?></th>
<?php
}
?>
</tr>
</thead>
<tbody>
<?php
while ($ban = hesk_dbFetchAssoc($res)) {
$color = '';
if (isset($_SESSION['ban_email']['id']) && $ban['id'] == $_SESSION['ban_email']['id']) {
$color = 'success';
unset($_SESSION['ban_email']['id']);
}
echo ' // Get banned emails from database
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'banned_emails` ORDER BY `email` ASC');
$num = hesk_dbNumRows($res);
echo '<h4>' . $hesklang['eperm'] . '</h4>';
if ($num < 1) {
echo '<p>' . $hesklang['no_banemails'] . '</p>';
} else {
// List of staff
if (!isset($admins)) {
$admins = array();
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");
while ($row = hesk_dbFetchAssoc($res2)) {
$admins[$row['id']] = $row['name'];
}
}
?>
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['email']; ?></th>
<th><?php echo $hesklang['banby']; ?></th>
<th><?php echo $hesklang['date']; ?></th>
<?php
if ($can_unban) {
?>
<th><?php echo $hesklang['opt']; ?></th>
<?php
}
?>
</tr>
</thead>
<tbody>
<?php
while ($ban = hesk_dbFetchAssoc($res)) {
$color = '';
if (isset($_SESSION['ban_email']['id']) && $ban['id'] == $_SESSION['ban_email']['id']) {
$color = 'success';
unset($_SESSION['ban_email']['id']);
}
echo '
<tr> <tr>
<td class="' . $color . ' text-left">' . $ban['email'] . '</td> <td class="' . $color . ' text-left">' . $ban['email'] . '</td>
<td class="' . $color . ' text-left">' . (isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']) . '</td> <td class="' . $color . ' text-left">' . (isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']) . '</td>
<td class="' . $color . ' text-left">' . $ban['dt'] . '</td> <td class="' . $color . ' text-left">' . $ban['dt'] . '</td>
'; ';
if ($can_unban) { if ($can_unban) {
echo ' echo '
<td class="' . $color . ' text-left"> <td class="' . $color . ' text-left">
<a href="banned_emails.php?a=unban&amp;id=' . $ban['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();"> <a href="banned_emails.php?a=unban&amp;id=' . $ban['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();">
<i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i> <i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i>
</a> </a>
</td> </td>
'; ';
} }
echo '</tr>'; echo '</tr>';
} // End while } // End while
?> ?>
</tbody> </tbody>
</table> </table>
<div align="center"> <div align="center">
<table border="0" cellspacing="1" cellpadding="3" class="white" width="100%"> <table border="0" cellspacing="1" cellpadding="3" class="white" width="100%">
<?php <?php
?>
</table>
</div>
<?php
}
?> ?>
</table> </div>
</div>
</div> </div>
<?php </div>
}
?>
</div> </div>
</div> </div>
</div> </section>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
@ -297,7 +293,7 @@ function unban_email()
hesk_token_check(); hesk_token_check();
// Delete from bans // Delete from bans
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1"); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')));
// Redirect either to banned emails or ticket page from now on // Redirect either to banned emails or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php'; $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';

390
admin/banned_ips.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -36,6 +19,7 @@ define('PAGE_TITLE', 'ADMIN_TOOLS');
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -68,131 +52,140 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */ /* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<section class="content">
<div class="row pad-20"> <div class="box">
<ul class="nav nav-tabs" role="tablist"> <div class="box-body">
<?php <div class="nav-tabs-custom">
// Show a link to banned_emails.php if user has permission to do so <ul class="nav nav-tabs" role="tablist">
if (hesk_checkPermission('can_ban_emails', 0)) { <?php
echo ' // Show a link to banned_emails.php if user has permission to do so
if (hesk_checkPermission('can_ban_emails', 0)) {
echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a> <a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a>
</li>'; </li>';
} }
?> ?>
<li role="presentation" class="active"> <li role="presentation" class="active">
<a href="#"><?php echo $hesklang['banip']; ?> <i class="fa fa-question-circle settingsquestionmark" <a href="#"><?php echo $hesklang['banip']; ?> <i class="fa fa-question-circle settingsquestionmark"
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banip_intro']); ?>')"></i></a> onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banip_intro']); ?>')"></i></a>
</li> </li>
<?php <?php
// Show a link to status_message.php if user has permission to do so // Show a link to status_message.php if user has permission to do so
if (hesk_checkPermission('can_service_msg', 0)) { if (hesk_checkPermission('can_service_msg', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a> <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
</li>'; </li>';
} }
// Show a link to email tpl management if user has permission to do so // Show a link to email tpl management if user has permission to do so
if (hesk_checkPermission('can_man_email_tpl', 0)) { if (hesk_checkPermission('can_man_email_tpl', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a> <a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>
</li> </li>
'; ';
} }
if (hesk_checkPermission('can_man_ticket_statuses', 0)) { if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a> <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
</li> </li>
'; ';
} }
?> if (hesk_checkPermission('can_man_settings', 0)) {
</ul> echo '
<div class="tab-content summaryList tabPadding"> <li role="presentation">
<script language="javascript" type="text/javascript"><!-- <a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a>
function confirm_delete() { </li>';
if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) { }
return true; ?>
} </ul>
else { <div class="tab-content summaryList tabPadding">
return false; <script language="javascript" type="text/javascript"><!--
} function confirm_delete() {
} if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {
//--> return true;
</script> }
<div class="row"> else {
<div class="col-md-8"> return false;
<?php }
/* This will handle error, success and notice messages */ }
hesk_handle_messages(); //-->
?> </script>
<form action="banned_ips.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator"> <div class="row">
<div class="form-group"> <div class="col-md-8">
<label for="ip" class="col-sm-3 control-label"><?php echo $hesklang['bananip']; ?></label> <?php
/* This will handle error, success and notice messages */
<div class="col-sm-9"> hesk_handle_messages();
<input type="text" name="ip" size="30" maxlength="255" class="form-control" data-error="<?php echo htmlspecialchars($hesklang['enterbanip']); ?>" ?>
placeholder="<?php echo htmlspecialchars($hesklang['iprange']); ?>" required> <form action="banned_ips.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/> <div class="form-group">
<input type="hidden" name="a" value="ban"/> <label for="ip" class="col-sm-3 control-label"><?php echo $hesklang['bananip']; ?></label>
<div class="help-block with-errors"></div>
<div class="col-sm-9">
<input type="text" name="ip" size="30" maxlength="255" class="form-control" data-error="<?php echo htmlspecialchars($hesklang['enterbanip']); ?>"
placeholder="<?php echo htmlspecialchars($hesklang['iprange']); ?>" required>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
<input type="hidden" name="a" value="ban"/>
<div class="help-block with-errors"></div>
</div>
</div>
<div class="form-group">
<div class="col-sm-9 col-sm-offset-3">
<input type="submit" value="<?php echo $hesklang['savebanip']; ?>" class="btn btn-default">
</div>
</div>
</form>
</div> </div>
</div> <div class="col-md-4">
<div class="form-group"> <h6 class="bold"><?php echo $hesklang['banex']; ?></h6>
<div class="col-sm-9 col-sm-offset-3">
<input type="submit" value="<?php echo $hesklang['savebanip']; ?>" class="btn btn-default"> <div class="footerWithBorder blankSpace"></div>
<b>123.0.0.0</b><br/>
<b>123.0.0.1 - 123.0.0.53</b><br/>
<b>123.0.0.0/24</b><br/>
<b>123.0.*.*</b>
</div> </div>
</div> </div>
</form> <div class="row">
</div> <div class="col-sm-12">
<div class="col-md-4">
<h6 class="bold"><?php echo $hesklang['banex']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<b>123.0.0.0</b><br/>
<b>123.0.0.1 - 123.0.0.53</b><br/>
<b>123.0.0.0/24</b><br/>
<b>123.0.*.*</b>
</div>
</div>
<div class="row">
<?php
// Get login failures
$res = hesk_dbQuery("SELECT `ip`, TIMESTAMPDIFF(MINUTE, NOW(), DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE) ) AS `minutes` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `number` >= " . intval($hesk_settings['attempt_limit']) . " AND `last_attempt` > (NOW() - INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE)");
$num = hesk_dbNumRows($res);
echo '<h4>' . $hesklang['iptemp'] . '</h4>';
if ($num > 0) {
?>
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['ip']; ?></th>
<th><?php echo $hesklang['m2e']; ?></th>
<?php <?php
if ($can_unban) {
// Get login failures
$res = hesk_dbQuery("SELECT `ip`, TIMESTAMPDIFF(MINUTE, NOW(), DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE) ) AS `minutes` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `number` >= " . intval($hesk_settings['attempt_limit']) . " AND `last_attempt` > (NOW() - INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE)");
$num = hesk_dbNumRows($res);
echo '<h4>' . $hesklang['iptemp'] . '</h4>';
if ($num > 0) {
?> ?>
<th><?php echo $hesklang['opt']; ?></th> <table class="table table-hover">
<?php <thead>
} <tr>
?> <th><?php echo $hesklang['ip']; ?></th>
</tr> <th><?php echo $hesklang['m2e']; ?></th>
</thead> <?php
<tbody> if ($can_unban) {
<?php ?>
while ($ban = hesk_dbFetchAssoc($res)) { <th><?php echo $hesklang['opt']; ?></th>
echo ' <?php
}
?>
</tr>
</thead>
<tbody>
<?php
while ($ban = hesk_dbFetchAssoc($res)) {
echo '
<tr> <tr>
<td>' . $ban['ip'] . '</td> <td>' . $ban['ip'] . '</td>
<td>' . $ban['minutes'] . '</td> <td>' . $ban['minutes'] . '</td>
'; ';
if ($can_unban) { if ($can_unban) {
echo ' echo '
<td> <td>
<a href="banned_ips.php?a=ban&amp;ip=' . urlencode($ban['ip']) . '&amp;token=' . hesk_token_echo(0) . '"> <a href="banned_ips.php?a=ban&amp;ip=' . urlencode($ban['ip']) . '&amp;token=' . hesk_token_echo(0) . '">
<i class="fa fa-ban red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['ippermban'] . '"></i></a> <i class="fa fa-ban red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['ippermban'] . '"></i></a>
@ -200,64 +193,64 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i></a> <i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i></a>
</td> </td>
'; ';
} }
echo '</tr>'; echo '</tr>';
} // End while } // End while
?> ?>
</tbody> </tbody>
</table> </table>
<?php
} else {
echo '<p>' . $hesklang['no_banips'] . '</p>';
}
// Get banned ips from database
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'banned_ips` ORDER BY `ip_from` ASC');
$num = hesk_dbNumRows($res);
echo '<br><h4>' . $hesklang['ipperm'] . '</h4>';
if ($num < 1) {
echo '<p>' . $hesklang['no_banips'] . '</p>';
} else {
// List of staff
if (!isset($admins)) {
$admins = array();
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");
while ($row = hesk_dbFetchAssoc($res2)) {
$admins[$row['id']] = $row['name'];
}
}
?>
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['ip']; ?></th>
<th><?php echo $hesklang['iprange']; ?></th>
<th><?php echo $hesklang['banby']; ?></th>
<th><?php echo $hesklang['date']; ?></th>
<?php
if ($can_unban) {
?>
<th><?php echo $hesklang['opt']; ?></th>
<?php <?php
} } else {
?> echo '<p>' . $hesklang['no_banips'] . '</p>';
</tr>
</thead>
<tbody>
<?php
while ($ban = hesk_dbFetchAssoc($res)) {
$color = '';
if (isset($_SESSION['ban_ip']['id']) && $ban['id'] == $_SESSION['ban_ip']['id']) {
$color = 'success';
unset($_SESSION['ban_ip']['id']);
} }
echo ' // Get banned ips from database
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'banned_ips` ORDER BY `ip_from` ASC');
$num = hesk_dbNumRows($res);
echo '<br><h4>' . $hesklang['ipperm'] . '</h4>';
if ($num < 1) {
echo '<p>' . $hesklang['no_banips'] . '</p>';
} else {
// List of staff
if (!isset($admins)) {
$admins = array();
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");
while ($row = hesk_dbFetchAssoc($res2)) {
$admins[$row['id']] = $row['name'];
}
}
?>
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['ip']; ?></th>
<th><?php echo $hesklang['iprange']; ?></th>
<th><?php echo $hesklang['banby']; ?></th>
<th><?php echo $hesklang['date']; ?></th>
<?php
if ($can_unban) {
?>
<th><?php echo $hesklang['opt']; ?></th>
<?php
}
?>
</tr>
</thead>
<tbody>
<?php
while ($ban = hesk_dbFetchAssoc($res)) {
$color = '';
if (isset($_SESSION['ban_ip']['id']) && $ban['id'] == $_SESSION['ban_ip']['id']) {
$color = 'success';
unset($_SESSION['ban_ip']['id']);
}
echo '
<tr> <tr>
<td class="' . $color . '">' . $ban['ip_display'] . '</td> <td class="' . $color . '">' . $ban['ip_display'] . '</td>
<td class="' . $color . '">' . (($ban['ip_to'] == $ban['ip_from']) ? long2ip($ban['ip_to']) : long2ip($ban['ip_from']) . ' - ' . long2ip($ban['ip_to'])) . '</td> <td class="' . $color . '">' . (($ban['ip_to'] == $ban['ip_from']) ? long2ip($ban['ip_to']) : long2ip($ban['ip_from']) . ' - ' . long2ip($ban['ip_to'])) . '</td>
@ -265,27 +258,32 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td class="' . $color . '">' . $ban['dt'] . '</td> <td class="' . $color . '">' . $ban['dt'] . '</td>
'; ';
if ($can_unban) { if ($can_unban) {
echo ' echo '
<td class="' . $color . ' text-left"> <td class="' . $color . ' text-left">
<a href="banned_ips.php?a=unban&amp;id=' . $ban['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();"> <a href="banned_ips.php?a=unban&amp;id=' . $ban['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();">
<i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i></a> <i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i></a>
</td> </td>
'; ';
} }
echo '</tr>'; echo '</tr>';
} // End while } // End while
?> ?>
</tbody> </tbody>
</table> </table>
<?php <?php
} }
?> ?>
</div>
</div>
</div>
</div>
</div> </div>
</div> </div>
</div> </section>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
@ -366,7 +364,7 @@ function ban_ip()
// Delete temporary bans from logins table // Delete temporary bans from logins table
if ($ip_to == $ip_from) { if ($ip_to == $ip_from) {
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "' LIMIT 1"); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "'");
} }
// Redirect either to banned ips or ticket page from now on // Redirect either to banned ips or ticket page from now on
@ -398,7 +396,7 @@ function unban_temp_ip()
$ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip')); $ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip'));
// Delete from bans // Delete from bans
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1"); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "'");
// Show success // Show success
hesk_process_messages($hesklang['ip_tempun'], 'banned_ips.php', 'SUCCESS'); hesk_process_messages($hesklang['ip_tempun'], 'banned_ips.php', 'SUCCESS');
@ -414,7 +412,7 @@ function unban_ip()
hesk_token_check(); hesk_token_check();
// Delete from bans // Delete from bans
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1"); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `id`=" . intval(hesk_GET('id')));
// Redirect either to banned ips or ticket page from now on // Redirect either to banned ips or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_ips.php'; $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_ips.php';

105
admin/calendar.php
Unescape Escape View File

@ -37,6 +37,7 @@ define('PAGE_TITLE', 'ADMIN_CALENDAR');
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -75,51 +76,85 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */ /* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<section class="content">
<div class="row pad-20"> <div class="row">
<div class="col-lg-3"> <div class="col-md-4">
<div class="panel panel-default"> <div class="box">
<div class="panel-heading"> <div class="box-header">
<h4><?php echo $hesklang['calendar_categories']; ?></h4> <h1 class="box-title">
<?php echo $hesklang['calendar_categories']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<div class="btn-group btn-group-sm">
<button id="select-all" class="btn btn-default" data-select-all="category-toggle"><?php echo $hesklang['select_all_title_case']; ?></button>
<button id="deselect-all" class="btn btn-default" data-deselect-all="category-toggle"><?php echo $hesklang['deselect_all_title_case']; ?></button>
</div>
<ul class="list-unstyled">
<?php foreach ($categories as $category): ?>
<li class="move-down-20 move-right-20">
<div class="checkbox">
<input type="checkbox" data-select-target="category-toggle" name="category-toggle" value="<?php echo $category['id']; ?>" checked>
</div>
<div class="hide-on-overflow no-wrap event-category background-volatile" style="<?php echo $category['css_style']; ?>">
<?php echo $category['name']; ?>
</div>
</li>
<?php endforeach; ?>
</ul>
</div>
</div> </div>
<div class="panel-body"> <div class="box">
<div class="btn-group btn-group-sm"> <div class="box-header">
<button id="select-all" class="btn btn-default" data-select-all="category-toggle"><?php echo $hesklang['select_all_title_case']; ?></button> <h1 class="box-title">
<button id="deselect-all" class="btn btn-default" data-deselect-all="category-toggle"><?php echo $hesklang['deselect_all_title_case']; ?></button> <?php echo $hesklang['legend']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div> </div>
<ul class="list-unstyled"> <div class="box-body">
<?php foreach ($categories as $category): ?> <div class="row">
<li class="move-down-20 move-right-20"> <div class="col-sm-6">
<div class="checkbox"> <i class="fa fa-calendar"></i> <?php echo $hesklang['event']; ?>
<input type="checkbox" data-select-target="category-toggle" name="category-toggle" value="<?php echo $category['id']; ?>" checked> </div>
<div class="col-sm-6">
<i class="fa fa-ticket"></i> <?php echo $hesklang['ticket']; ?>
</div> </div>
<div class="hide-on-overflow no-wrap event-category background-volatile" style="<?php echo $category['css_style']; ?>"> <div class="col-sm-6">
<?php echo $category['name']; ?> <i class="fa fa-exclamation-triangle"></i> <?php echo $hesklang['overdue_ticket_legend']; ?>
</div> </div>
</li> </div>
<?php endforeach; ?> </div>
</ul>
</div> </div>
</div> </div>
<div class="panel panel-default"> <div class="col-md-8">
<div class="panel-heading"> <div class="box">
<h4><?php echo $hesklang['legend']; ?></h4> <div class="box-header">
</div> <h1 class="box-title">
<div class="panel-body"> <?php echo $hesklang['calendar_title_case']; ?>
<div class="row"> </h1>
<div class="col-sm-6"> <div class="box-tools pull-right">
<i class="fa fa-calendar"></i> <?php echo $hesklang['event']; ?> <button type="button" class="btn btn-box-tool" data-widget="collapse">
</div> <i class="fa fa-minus"></i>
<div class="col-sm-6"> </button>
<i class="fa fa-ticket"></i> <?php echo $hesklang['ticket']; ?>
</div>
<div class="col-sm-6">
<i class="fa fa-exclamation-triangle"></i> <?php echo $hesklang['overdue_ticket_legend']; ?>
</div> </div>
</div> </div>
<div class="box-body no-padding">
<div id="calendar"></div>
</div>
</div> </div>
</div> </div>
</div> </div>
</section>
<div class="row pad-20">
<div class="col-lg-9"> <div class="col-lg-9">
<div class="panel panel-default"> <div class="panel panel-default">
<div class="panel-heading"> <div class="panel-heading">
@ -138,7 +173,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</h4> </h4>
</div> </div>
<div class="panel-body"> <div class="panel-body">
<div id="calendar"></div>
</div> </div>
</div> </div>
</div> </div>

48
admin/change_status.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -74,6 +57,10 @@ $locked = 0;
$statusRow = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE ID = " . $status)); $statusRow = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE ID = " . $status));
if ($statusRow['IsClosed']) // Closed if ($statusRow['IsClosed']) // Closed
{ {
if ( ! hesk_checkPermission('can_resolve', 0)) {
hesk_process_messages($hesklang['noauth_resolve'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'NOTICE');
}
$action = $hesklang['ticket_been'] . ' ' . $hesklang['close']; $action = $hesklang['ticket_been'] . ' ' . $hesklang['close'];
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
@ -101,7 +88,7 @@ if ($statusRow['IsClosed']) // Closed
// Log who marked the ticket resolved // Log who marked the ticket resolved
$closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' '; $closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' ';
} elseif ($statusRow['ID'] != 0) //Ticket is still open, but not new } elseif ($statusRow['IsNewTicketStatus'] == '0') //Ticket is still open, but not new
{ {
$action = sprintf($hesklang['tsst'], $status_options[$status]); $action = sprintf($hesklang['tsst'], $status_options[$status]);
$revision = sprintf($hesklang['thist9'], hesk_date(), $status_options[$status], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $revision = sprintf($hesklang['thist9'], hesk_date(), $status_options[$status], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
@ -118,11 +105,10 @@ if ($statusRow['IsClosed']) // Closed
} }
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
if (hesk_dbAffectedRows() != 1) { if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[trackID_not_found]."); hesk_error("$hesklang[int_error]: $hesklang[trackID_not_found].");
} }
hesk_process_messages($action, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS'); hesk_process_messages($action, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
?>

1317
admin/custom_fields.php
View File

File diff suppressed because it is too large Load Diff

46
admin/delete_tickets.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -131,7 +114,7 @@ if (array_key_exists($_POST['a'], $priorities)) {
hesk_okCategory($ticket['category']); hesk_okCategory($ticket['category']);
$revision = sprintf($hesklang['thist8'], hesk_date(), $priority['formatted'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); $revision = sprintf($hesklang['thist8'], hesk_date(), $priority['formatted'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`={$this_id} LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`={$this_id}");
$i++; $i++;
} }
@ -223,7 +206,7 @@ elseif ($_POST['a'] == 'tag' || $_POST['a'] == 'untag') {
hesk_okCategory($ticket['category']); hesk_okCategory($ticket['category']);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `archive`='$archived' WHERE `id`='" . intval($this_id) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `archive`='$archived' WHERE `id`='" . intval($this_id) . "'");
$i++; $i++;
} }
@ -233,6 +216,7 @@ else {
/* Check permissions for this feature */ /* Check permissions for this feature */
hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets'); hesk_checkPermission('can_reply_tickets');
hesk_checkPermission('can_resolve');
/* A security check */ /* A security check */
hesk_token_check('POST'); hesk_token_check('POST');
@ -255,7 +239,7 @@ else {
$closedStatusRS = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsStaffClosedOption` = 1"); $closedStatusRS = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsStaffClosedOption` = 1");
$closedStatus = hesk_dbFetchAssoc($closedStatusRS); $closedStatus = hesk_dbFetchAssoc($closedStatusRS);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($this_id) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($this_id) . "'");
$i++; $i++;
// Notify customer of closed ticket? // Notify customer of closed ticket?

94
admin/edit_note.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -35,6 +18,7 @@ define('HESK_PATH', '../');
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -104,34 +88,44 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<li class="active"><?php echo $hesklang['ednote']; ?></li> <li class="active"><?php echo $hesklang['ednote']; ?></li>
</ol> </ol>
<div class="row"> <section class="content">
<div class="col-md-8 col-md-offset-2"> <div class="box">
<h3><?php echo $hesklang['ednote']; ?></h3> <div class="box-header with-border">
<h1 class="box-title">
<div class="footerWithBorder blankSpace"></div> <?php echo $hesklang['ednote']; ?>
</h1>
<form method="post" action="edit_note.php" name="form1" class="form-horizontal" role="form"> <div class="box-tools pull-right">
<div class="form-group"> <button type="button" class="btn btn-box-tool" data-widget="collapse">
<label for="message" class="col-md-2 control-label"><?php echo $hesklang['message']; ?></label> <i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<form method="post" action="edit_note.php" name="form1" class="form-horizontal" role="form">
<div class="form-group">
<label for="message" class="col-md-2 control-label"><?php echo $hesklang['message']; ?></label>
<div class="col-md-10"> <div class="col-md-10">
<textarea name="message" class="form-control" rows="12" <textarea name="message" class="form-control" rows="12"
cols="60"><?php echo $note['message']; ?></textarea> cols="60"><?php echo $note['message']; ?></textarea>
</div>
</div> </div>
</div> <div class="form-group">
<div class="form-group"> <div class="col-md-10 col-md-offset-2">
<div class="col-md-10 col-md-offset-2"> <input type="hidden" name="save" value="1">
<input type="hidden" name="save" value="1"/><input type="hidden" name="track" <input type="hidden" name="track" value="<?php echo $trackingID; ?>">
value="<?php echo $trackingID; ?>"/> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/> <input type="hidden" name="note" value="<?php echo $noteID; ?>">
<input type="hidden" name="note" value="<?php echo $noteID; ?>"/> <div class="btn-group">
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-primary"> <input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-primary">
<a href="javascript:history.go(-1)" class="btn btn-default"><?php echo $hesklang['back']; ?></a> <a href="javascript:history.go(-1)" class="btn btn-default"><?php echo $hesklang['back']; ?></a>
</div>
</div>
</div> </div>
</div> </form>
</form> </div>
</div> </div>
</div> </section>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');

679
admin/edit_post.php
Unescape Escape View File

@ -1,41 +1,27 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
define('WYSIWYG', 1); define('WYSIWYG', 1);
define('VALIDATOR', 1);
/* Get all the required files and functions */ /* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
require(HESK_PATH . 'inc/custom_fields.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -55,6 +41,10 @@ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['n
$is_reply = 0; $is_reply = 0;
$tmpvar = array(); $tmpvar = array();
if (!isset($_SESSION['iserror'])) {
$_SESSION['iserror'] = array();
}
/* Get ticket info */ /* Get ticket info */
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) { if (hesk_dbNumRows($result) != 1) {
@ -81,6 +71,7 @@ if (hesk_isREQUEST('reply')) {
} }
$reply = hesk_dbFetchAssoc($result); $reply = hesk_dbFetchAssoc($result);
$ticket['message'] = $reply['message']; $ticket['message'] = $reply['message'];
$ticket['html'] = $reply['html'];
$is_reply = 1; $is_reply = 1;
} }
@ -109,13 +100,29 @@ if (isset($_POST['save'])) {
$tmpvar['html'] = hesk_POST('html'); $tmpvar['html'] = hesk_POST('html');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "'");
} else { } else {
$tmpvar['language'] = hesk_POST('customerLanguage'); $tmpvar['language'] = hesk_POST('customerLanguage');
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name']; $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name'];
$tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0);
if ($hesk_settings['require_email']) {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
} else {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
// Not required, but must be valid if it is entered
if ($tmpvar['email'] == '') {
if (strlen(hesk_POST('email'))) {
$hesk_error_buffer['email'] = $hesklang['not_valid_email'];
}
}
}
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['enter_ticket_subject']; $tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['enter_ticket_subject'];
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message']; $tmpvar['message'] = hesk_input( hesk_POST('message') );
if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
$hesk_error_buffer[] = $hesklang['enter_message'];
}
$tmpvar['html'] = hesk_POST('html'); $tmpvar['html'] = hesk_POST('html');
// Demo mode // Demo mode
@ -123,6 +130,82 @@ if (isset($_POST['save'])) {
$tmpvar['email'] = 'hidden@demo.com'; $tmpvar['email'] = 'hidden@demo.com';
} }
// Custom fields
foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
if ($v['req'] == 2) {
$v['req'] = '<span class="important">*</span>';
$required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
} else {
$v['req'] = '';
$required_attribute = '';
}
if ($v['type'] == 'checkbox') {
$tmpvar[$k]='';
if (isset($_POST[$k]) && is_array($_POST[$k])) {
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br>';
}
$tmpvar[$k]=substr($tmpvar[$k],0,-6);
} else {
if ($v['req'] == 2) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
$_POST[$k] = '';
}
} elseif ($v['type'] == 'date') {
$tmpvar[$k] = hesk_POST($k);
$_SESSION["as_$k"] = '';
if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
$date = strtotime($tmpvar[$k] . ' t00:00:00');
$dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
$dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
$_SESSION["as_$k"] = $tmpvar[$k];
if ($dmin && $dmin > $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
} elseif ($dmax && $dmax < $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
} else {
$tmpvar[$k] = $date;
}
} else {
if ($v['req'] == 2) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
}
} elseif ($v['type'] == 'email') {
$tmp = $hesk_settings['multi_eml'];
$hesk_settings['multi_eml'] = $v['value']['multiple'];
$tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
$hesk_settings['multi_eml'] = $tmp;
if ($tmpvar[$k] != '') {
$_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
} else {
$_SESSION["as_$k"] = '';
if ($v['req'] == 2) {
$hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
}
}
} elseif ($v['req'] == 2) {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
if ($tmpvar[$k] == '') {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
} else {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
}
} else {
$tmpvar[$k] = '';
}
}
if (count($hesk_error_buffer)) { if (count($hesk_error_buffer)) {
$myerror = '<ul>'; $myerror = '<ul>';
foreach ($hesk_error_buffer as $error) { foreach ($hesk_error_buffer as $error) {
@ -137,51 +220,20 @@ if (isset($_POST['save'])) {
$tmpvar['message'] = nl2br($tmpvar['message']); $tmpvar['message'] = nl2br($tmpvar['message']);
} }
foreach ($hesk_settings['custom_fields'] as $k => $v) { $custom_SQL = '';
if ($v['use'] && isset($_POST[$k])) { for ($i = 1; $i <= 50; $i++) {
if ($v['type'] == 'date' && $_POST[$k] != '') { $custom_SQL .= '`custom'.$i.'`=' . (isset($tmpvar['custom'.$i]) ? "'".hesk_dbEscape($tmpvar['custom'.$i])."'" : "''") . ',';
$tmpvar[$k] = strtotime($_POST[$k]);
} elseif (is_array($_POST[$k])) {
$tmpvar[$k] = '';
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';
}
$tmpvar[$k] = substr($tmpvar[$k], 0, -6);
} else {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k])));
}
} else {
$tmpvar[$k] = '';
}
} }
$custom_SQL = rtrim($custom_SQL, ',');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET
`name`='" . hesk_dbEscape($tmpvar['name']) . "', `name`='" . hesk_dbEscape($tmpvar['name']) . "',
`email`='" . hesk_dbEscape($tmpvar['email']) . "', `email`='" . hesk_dbEscape($tmpvar['email']) . "',
`subject`='" . hesk_dbEscape($tmpvar['subject']) . "', `subject`='" . hesk_dbEscape($tmpvar['subject']) . "',
`message`='" . hesk_dbEscape($tmpvar['message']) . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "',
`custom1`='" . hesk_dbEscape($tmpvar['custom1']) . "',
`custom2`='" . hesk_dbEscape($tmpvar['custom2']) . "',
`custom3`='" . hesk_dbEscape($tmpvar['custom3']) . "',
`custom4`='" . hesk_dbEscape($tmpvar['custom4']) . "',
`custom5`='" . hesk_dbEscape($tmpvar['custom5']) . "',
`custom6`='" . hesk_dbEscape($tmpvar['custom6']) . "',
`custom7`='" . hesk_dbEscape($tmpvar['custom7']) . "',
`custom8`='" . hesk_dbEscape($tmpvar['custom8']) . "',
`custom9`='" . hesk_dbEscape($tmpvar['custom9']) . "',
`custom10`='" . hesk_dbEscape($tmpvar['custom10']) . "',
`custom11`='" . hesk_dbEscape($tmpvar['custom11']) . "',
`custom12`='" . hesk_dbEscape($tmpvar['custom12']) . "',
`custom13`='" . hesk_dbEscape($tmpvar['custom13']) . "',
`custom14`='" . hesk_dbEscape($tmpvar['custom14']) . "',
`custom15`='" . hesk_dbEscape($tmpvar['custom15']) . "',
`custom16`='" . hesk_dbEscape($tmpvar['custom16']) . "',
`custom17`='" . hesk_dbEscape($tmpvar['custom17']) . "',
`custom18`='" . hesk_dbEscape($tmpvar['custom18']) . "',
`custom19`='" . hesk_dbEscape($tmpvar['custom19']) . "',
`custom20`='" . hesk_dbEscape($tmpvar['custom20']) . "',
`language`='" . hesk_dbEscape($tmpvar['language']) . "', `language`='" . hesk_dbEscape($tmpvar['language']) . "',
`html`='" . hesk_dbEscape($tmpvar['html']) . "' `html`='" . hesk_dbEscape($tmpvar['html']) . "',
$custom_SQL
WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
} }
@ -207,283 +259,307 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<li class="active"><?php echo $hesklang['edtt']; ?></li> <li class="active"><?php echo $hesklang['edtt']; ?></li>
</ol> </ol>
<div class="row"> <section class="content">
<div class="col-md-8 col-md-offset-2"> <div class="box">
<h3><?php echo $hesklang['edtt']; ?></h3> <div class="box-header with-border">
<h1 class="box-title">
<div class="footerWithBorder blankSpace"></div> <?php echo $hesklang['edtt']; ?>
</h1>
<form role="form" class="form-horizontal" method="post" action="edit_post.php" name="form1"> <div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php <?php
/* If it's not a reply edit all the fields */ $onsubmit = '';
if (!$is_reply) { if ($modsForHesk_settings['rich_text_for_tickets']) {
if ($hesk_settings['can_sel_lang']) { $onsubmit = 'onsubmit="return validateRichText(\'message-help-block\', \'message-group\', \'message\', \''.htmlspecialchars($hesklang['this_field_is_required']).'\')"';
?> }
?>
<form role="form" class="form-horizontal" method="post" action="edit_post.php" name="form1" <?php echo $onsubmit; ?>>
<?php
/* If it's not a reply edit all the fields */
if (!$is_reply) {
if ($hesk_settings['can_sel_lang']) {
?>
<div class="form-group">
<label for="customerLanguage"
class="col-sm-3 control-label"><?php echo $hesklang['chol']; ?></label>
<div class="col-sm-9">
<select name="customerLanguage" id="customerLanguage" class="form-control">
<?php hesk_listLanguages(); ?>
</select>
</div>
</div>
<?php } else {
echo '<input type="hidden" name="customerLanguage" value="' . $ticket['language'] . '">';
} ?>
<div class="form-group"> <div class="form-group">
<label for="customerLanguage" class="col-sm-3 control-label"><?php echo $hesklang['chol']; ?> <?php
:</label> $required = '';
$required_attribute = '';
if ($hesk_settings['require_subject'] == 1) {
$required = ' <span class="important">*</span>';
$required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
}
?>
<label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject'] . $required; ?></label>
<div class="col-sm-9"> <div class="col-sm-9">
<select name="customerLanguage" id="customerLanguage" class="form-control"> <input class="form-control" type="text" name="subject" size="40" maxlength="40"
<?php hesk_listLanguages(); ?> value="<?php echo $ticket['subject']; ?>"
</select> placeholder="<?php echo htmlspecialchars($hesklang['subject']); ?>"/>
</div> </div>
</div> </div>
<?php } else { <div class="form-group">
echo '<input type="hidden" name="customerLanguage" value="' . $ticket['language'] . '">'; <label for="name" class="col-sm-3 control-label">
} ?> <?php echo $hesklang['name']; ?>
<div class="form-group"> <span class="important">*</span>
<label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject']; ?>:</label> </label>
<div class="col-sm-9"> <div class="col-sm-9">
<input class="form-control" type="text" name="subject" size="40" maxlength="40" <input class="form-control" type="text" name="name" size="40" maxlength="30"
value="<?php echo $ticket['subject']; ?>" value="<?php echo $ticket['name']; ?>"
placeholder="<?php echo htmlspecialchars($hesklang['subject']); ?>"/> placeholder="<?php echo htmlspecialchars($hesklang['name']); ?>"
</div> data-error="<?php echo $hesklang['this_field_is_required']; ?>"
</div> required>
<div class="form-group"> </div>
<label for="name" class="col-sm-3 control-label"><?php echo $hesklang['name']; ?>:</label>
<div class="col-sm-9">
<input class="form-control" type="text" name="name" size="40" maxlength="30"
value="<?php echo $ticket['name']; ?>"
placeholder="<?php echo htmlspecialchars($hesklang['name']); ?>"/>
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>:</label>
<div class="col-sm-9">
<input class="form-control" type="text" name="email" size="40" maxlength="1000"
value="<?php echo $ticket['email']; ?>"
placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>"/>
</div> </div>
</div> <div class="form-group">
<?php <?php
foreach ($hesk_settings['custom_fields'] as $k => $v) { $required = '';
if ($v['use']) { $required_attribute = '';
if ($modsForHesk_settings['custom_field_setting']) { if ($hesk_settings['require_email']) {
$v['name'] = $hesklang[$v['name']]; $required = ' <span class="important">*</span>';
$required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
} }
?>
<label for="email"
class="col-sm-3 control-label"><?php echo $hesklang['email'] . $required; ?></label>
$k_value = $ticket[$k]; <div class="col-sm-9">
<input class="form-control" type="text" name="email" size="40" maxlength="1000"
if ($v['type'] == 'checkbox') { value="<?php echo $ticket['email']; ?>"
$k_value = explode('<br />', $k_value); placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>"
} <?php echo $required_attribute ?>>
<div class="help-block with-errors"></div>
</div>
</div>
<?php
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
$k_value = $ticket[$k];
if ($v['type'] == 'checkbox') {
$k_value = explode('<br>', $k_value);
}
if ($v['req'] == 2) {
$v['req'] = '<span class="important">*</span>';
$required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
} else {
$v['req'] = '';
$required_attribute = '';
}
switch ($v['type']) {
/* Radio box */
case 'radio':
$cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
echo '
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">';
foreach ($v['value']['radio_options'] as $option) {
if (strlen($k_value) == 0) {
$k_value = $option;
$checked = empty($v['value']['no_default']) ? 'checked="checked"' : '';
} elseif ($k_value == $option) {
$k_value = $option;
$checked = 'checked="checked"';
} else {
$checked = '';
}
echo '<div class="radio"><label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
}
echo '<div class="help-block with-errors"></div></div>
</div>';
switch ($v['type']) { break;
/* Radio box */
case 'radio':
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9">';
$options = explode('#HESK#', $v['value']); /* Select drop-down box */
case 'select':
foreach ($options as $option) { $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
if (strlen($k_value) == 0 || $k_value == $option) { echo '
$k_value = $option; <div class="form-group">
$checked = 'checked="checked"'; <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
} else { <div class="col-sm-9">
$checked = ''; <select name="' . $k . '" class="form-control" ' . $required_attribute . '>';
// Show "Click to select"?
if (!empty($v['value']['show_select'])) {
echo '<option value="">' . $hesklang['select'] . '</option>';
} }
echo '<div class="radio"><label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' /> ' . $option . '</label></div>'; foreach ($v['value']['select_options'] as $option) {
} if ($k_value == $option) {
$k_value = $option;
$selected = 'selected';
} else {
$selected = '';
}
echo '</div> echo '<option ' . $selected . '>' . $option . '</option>';
</div> }
';
break;
/* Select drop-down box */
case 'select':
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9"><select class="form-control" name="' . $k . '">';
// Show "Click to select"? echo '</select>
$v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num); <div class="help-block with-errors"></div>
if ($num) { </div>
echo '<option value="">' . $hesklang['select'] . '</option>'; </div>';
} break;
/* Checkbox */
case 'checkbox':
$cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
echo '
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">';
foreach ($v['value']['checkbox_options'] as $option) {
if (in_array($option, $k_value)) {
$checked = 'checked';
} else {
$checked = '';
}
echo '<div class="checkbox"><label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
}
echo '<div class="help-block with-errors"></div>
</div>
</div>';
break;
$options = explode('#HESK#', $v['value']); /* Large text box */
case 'textarea':
$cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
$k_value = hesk_msgToPlain($k_value, 0, 0);
foreach ($options as $option) { echo '
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">
<textarea name="' . $k . '" class="form-control" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>
<div class="help-block with-errors"></div>
</div>
</div>';
break;
if (strlen($k_value) == 0 || $k_value == $option) { // Date
$k_value = $option; case 'date':
$selected = 'selected="selected"'; if ($required_attribute !== '') {
} else { $required_attribute .= ' pattern="[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])"';
$selected = '';
} }
echo '<option ' . $selected . '>' . $option . '</option>'; $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
}
echo '</select></div> $k_value = hesk_custom_date_display_format($k_value, 'Y-m-d');
</div>
';
break;
/* Checkbox */ echo '
case 'checkbox': <div class="form-group' . $cls . '">
echo ' <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="form-group"> <div class="col-sm-9">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label> <input type="text" name="' . $k . '" value="' . $k_value . '" class="datepicker form-control" size="10" ' . $required_attribute . '>
<div class="col-sm-9">'; <div class="help-block with-errors"></div>
</div>
</div>';
break;
$options = explode('#HESK#', $v['value']); // Email
case 'email':
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
foreach ($options as $option) { $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\'' . $k . '\', \'' . $k . '_suggestions\', 0, 1' . ($v['value']['multiple'] ? ',1' : '') . ')"' : '';
if (in_array($option, $k_value)) { echo '
$checked = 'checked="checked"'; <div class="form-group' . $cls . '">
} else { <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
$checked = ''; <div class="col-sm-9">
<input class="form-control" type="text" name="' . $k . '" id="' . $k . '" value="' . $k_value . '" size="40" ' . $suggest . ' ' . $required_attribute . '>
<div class="help-block with-errors"></div>
</div>
<div id="' . $k . '_suggestions"></div>
</div>
';
break;
// Hidden (same as text for staff)
case 'hidden':
case 'readonly':
default:
if (strlen($k_value) != 0) {
$v['value']['default_value'] = $k_value;
} }
echo '<div class="checkbox"><label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' /> ' . $option . '</label></div>'; $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
}
echo '
echo '</div> <div class="form-group' . $cls . '">
</div> <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
'; <div class="col-sm-9">
break; <input type="text" class="form-control" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $required_attribute . '>
<div class="help-block with-errors"></div>
/* Large text box */ </div>
case 'textarea': </div>
$size = explode('#', $v['value']); ';
$size[0] = empty($size[0]) ? 5 : intval($size[0]); }
$size[1] = empty($size[1]) ? 30 : intval($size[1]);
$k_value = hesk_msgToPlain($k_value, 0, 0);
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9">
<textarea class="form-control" name="' . $k . '" rows="' . $size[0] . '" placeholder="' . htmlspecialchars($v['name']) . '" cols="' . $size[1] . '">' . $k_value . '</textarea>
</div>
</div>';
break;
case 'date':
if (strlen($k_value) != 0) {
$v['value'] = $k_value;
}
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9">
<input type="text" class="datepicker form-control white-readonly" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $v['name'] . '" name="' . $k . '" size="40"
maxlength="' . $v['maxlen'] . '" value="' . date('Y-m-d', $v['value']) . '" readonly/>
</div>
</div>';
break;
case 'multiselect':
echo '<div class="form-group"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9"><select class="form-control" id="' . $v['name'] . '" name="' . $k . '" multiple>';
$options = explode('#HESK#', $v['value']);
foreach ($options as $option) {
if (strlen($k_value) == 0 || $k_value == $option) {
$k_value = $option;
$selected = 'selected="selected"';
} else {
$selected = '';
}
echo '<option ' . $selected . '>' . $option . '</option>';
}
echo '</select>
<div class="btn-group" role="group">
<button type="button" class="btn btn-default" onclick="selectAll(\'' . $v['name'] . '\')">'.$hesklang['select_all_title_case'].'</button>
<button type="button" class="btn btn-default" onclick="deselectAll(\'' . $v['name'] . '\')">'.$hesklang['deselect_all_title_case'].'</button>
</div></div></div>';
break;
case 'hidden':
//Clean up multiple dashes or whitespaces
$formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
$formattedId = preg_replace("/[\s_]/", "-", $formattedId);
if (strlen($k_value) != 0) {
$v['value'] = $k_value;
}
echo '<input type="hidden" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '"/>';
break;
case 'readonly':
//Clean up multiple dashes or whitespaces
$formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
$formattedId = preg_replace("/[\s_]/", "-", $formattedId);
if (strlen($k_value) != 0) {
$v['value'] = $k_value;
}
echo '<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" readonly></div>
</div>';
break;
/* Default text input */
default:
if (strlen($k_value) != 0) {
$k_value = hesk_msgToPlain($k_value, 0, 0);
$v['value'] = $k_value;
}
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9">
<input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" />
</div>
</div>
';
} }
} }
} } ?>
?> <div class="form-group" id="message-group">
<?php
$required = '';
$required_attribute = '';
if ($hesk_settings['require_message'] == 1) {
$required = ' <span class="important">*</span>';
$required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
}
<?php } ?> ?>
<div class="form-group"> <label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message'] . $required; ?></label>
<label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message']; ?>:</label>
<div class="col-sm-9"> <div class="col-sm-9">
<?php <?php
$message = $modsForHesk_settings['rich_text_for_tickets'] ? hesk_html_entity_decode($ticket['message']) : $ticket['message']; $message = $ticket['html'] ? hesk_html_entity_decode($ticket['message']) : $ticket['message'];
?> ?>
<textarea class="form-control htmlEditor" name="message" rows="12" <textarea class="form-control htmlEditor" name="message" rows="12"
placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>" placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>"
cols="60"><?php echo $message; ?></textarea> cols="60" <?php echo $required_attribute; ?>><?php echo $message; ?></textarea>
</div> <div class="help-block with-errors" id="message-help-block"></div>
</div> </div>
</div>
<div class="form-group"> <div class="form-group">
<input type="hidden" name="save" value="1"/><input type="hidden" name="track" <input type="hidden" name="save" value="1">
value="<?php echo $trackingID; ?>"/> <input type="hidden" name="track" value="<?php echo $trackingID; ?>">
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
<?php <?php
if ($is_reply) { if ($is_reply) {
?> ?>
<input type="hidden" name="reply" value="<?php echo $tmpvar['id']; ?>"/> <input type="hidden" name="reply" value="<?php echo $tmpvar['id']; ?>">
<?php <?php
} }
?> ?>
</div> </div>
<div class="form-group" style="text-align: center"> <div class="form-group" style="text-align: center">
<?php <?php
$html = $modsForHesk_settings['rich_text_for_tickets'] ? 1 : 0; $html = $ticket['html'] ? 1 : 0;
?> ?>
<input type="hidden" name="html" value="<?php echo $html; ?>"> <input type="hidden" name="html" value="<?php echo $html; ?>">
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default"/> <input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default">
<?php if (isset($_REQUEST['isManager']) && $_REQUEST['isManager']): ?> <?php if (isset($_REQUEST['isManager']) && $_REQUEST['isManager']): ?>
<input type="hidden" name="isManager" value="1"> <input type="hidden" name="isManager" value="1">
<?php endif; ?> <?php endif; ?>
@ -492,7 +568,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</form> </form>
</div> </div>
</div> </div>
<?php if ($modsForHesk_settings['rich_text_for_tickets']): ?> <script>
buildValidatorForTicketSubmission('form1', "<?php echo addslashes($hesklang['select_at_least_one_value']); ?>");
</script>
<?php if ($ticket['html']): ?>
<script type="text/javascript"> <script type="text/javascript">
/* <![CDATA[ */ /* <![CDATA[ */
tinyMCE.init({ tinyMCE.init({

542
admin/export.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
define('PAGE_TITLE', 'ADMIN_REPORTS'); define('PAGE_TITLE', 'ADMIN_REPORTS');
@ -37,6 +20,8 @@ require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/reporting_functions.inc.php'); require(HESK_PATH . 'inc/reporting_functions.inc.php');
require(HESK_PATH . 'inc/status_functions.inc.php'); require(HESK_PATH . 'inc/status_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
require(HESK_PATH . 'inc/custom_fields.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -47,6 +32,13 @@ hesk_isLoggedIn();
hesk_checkPermission('can_export'); hesk_checkPermission('can_export');
$modsForHesk_settings = mfh_getSettings(); $modsForHesk_settings = mfh_getSettings();
// Just a delete file action?
$delete = hesk_GET('delete');
if (strlen($delete) && preg_match('/^hesk_export_[0-9_\-]+$/', $delete)) {
hesk_unlink(HESK_PATH.$hesk_settings['cache_dir'].'/'.$delete.'.zip');
hesk_process_messages($hesklang['fd'], 'export.php','SUCCESS');
}
// Set default values // Set default values
define('CALENDAR', 1); define('CALENDAR', 1);
define('MAIN_PAGE', 1); define('MAIN_PAGE', 1);
@ -61,23 +53,23 @@ $is_all_time = 0;
// Default this month to date // Default this month to date
$date_from = date('Y-m-d', mktime(0, 0, 0, date("m"), 1, date("Y"))); $date_from = date('Y-m-d', mktime(0, 0, 0, date("m"), 1, date("Y")));
$date_to = date('Y-m-d'); $date_to = date('Y-m-d');
$input_datefrom = date('m/d/Y', strtotime('last month')); $input_datefrom = date('Y-m-d', strtotime('last month'));
$input_dateto = date('m/d/Y'); $input_dateto = date('Y-m-d');
/* Date */ /* Date */
if (!empty($_GET['w'])) { if (!empty($_GET['w'])) {
$df = preg_replace('/[^0-9]/', '', hesk_GET('datefrom')); $df = preg_replace('/[^0-9]/', '', hesk_GET('datefrom'));
if (strlen($df) == 8) { if (strlen($df) == 8) {
$date_from = substr($df, 4, 4) . '-' . substr($df, 0, 2) . '-' . substr($df, 2, 2); $date_from = substr($df, 0, 4) . '-' . substr($df, 4, 2) . '-' . substr($df, 6, 2);
$input_datefrom = substr($df, 0, 2) . '/' . substr($df, 2, 2) . '/' . substr($df, 4, 4); $input_datefrom = $date_from;
} else { } else {
$date_from = date('Y-m-d', strtotime('last month')); $date_from = date('Y-m-d', strtotime('last month'));
} }
$dt = preg_replace('/[^0-9]/', '', hesk_GET('dateto')); $dt = preg_replace('/[^0-9]/', '', hesk_GET('dateto'));
if (strlen($dt) == 8) { if (strlen($dt) == 8) {
$date_to = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2); $date_to = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
$input_dateto = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4); $input_dateto = $date_to;
} else { } else {
$date_to = date('Y-m-d'); $date_to = date('Y-m-d');
} }
@ -316,7 +308,7 @@ if (isset($_GET['w'])) {
} }
// This will be the export directory // This will be the export directory
$export_dir = HESK_PATH . $hesk_settings['attach_dir'] . '/export/'; $export_dir = HESK_PATH.$hesk_settings['cache_dir'].'/';
// This will be the name of the export and the XML file // This will be the name of the export and the XML file
$export_name = 'hesk_export_' . date('Y-m-d_H-i-s') . '_' . mt_rand(10000, 99999); $export_name = 'hesk_export_' . date('Y-m-d_H-i-s') . '_' . mt_rand(10000, 99999);
@ -330,12 +322,7 @@ if (isset($_GET['w'])) {
} }
// Cleanup old files // Cleanup old files
$files = preg_grep('/index\.htm$/', glob($export_dir.'*', GLOB_NOSORT), PREG_GREP_INVERT); hesk_purge_cache('export', 86400);
if (is_array($files) && count($files)) {
foreach ($files as $file) {
hesk_unlink($file, 86400);
}
}
} else { } else {
hesk_error($hesklang['ede']); hesk_error($hesklang['ede']);
} }
@ -347,6 +334,7 @@ if (isset($_GET['w'])) {
} }
// Start generating the report message and generating the export // Start generating the report message and generating the export
$success_msg = '';
$flush_me = '<br /><br />'; $flush_me = '<br /><br />';
$flush_me .= hesk_date() . " | {$hesklang['inite']} "; $flush_me .= hesk_date() . " | {$hesklang['inite']} ";
@ -388,6 +376,9 @@ if (isset($_GET['w'])) {
<Style ss:ID="s62"> <Style ss:ID="s62">
<NumberFormat ss:Format="General Date"/> <NumberFormat ss:Format="General Date"/>
</Style> </Style>
<Style ss:ID="s63">
<NumberFormat ss:Format="Short Date"/>
</Style>
<Style ss:ID="s65"> <Style ss:ID="s65">
<NumberFormat ss:Format="[h]:mm:ss"/> <NumberFormat ss:Format="[h]:mm:ss"/>
</Style> </Style>
@ -439,10 +430,6 @@ if (isset($_GET['w'])) {
foreach ($hesk_settings['custom_fields'] as $k => $v) { foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) { if ($v['use']) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
$tmp .= '<Cell><Data ss:Type="String">' . $v['name'] . '</Data></Cell>' . "\n"; $tmp .= '<Cell><Data ss:Type="String">' . $v['name'] . '</Data></Cell>' . "\n";
} }
} }
@ -505,14 +492,17 @@ if (isset($_GET['w'])) {
'; ';
// Add custom fields // Add custom fields
foreach ($hesk_settings['custom_fields'] as $k => $v) { foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use']) { if ($v['use']) {
$output = $ticket[$k]; switch ($v['type']) {
if ($v['type'] == 'date' && !empty($ticket[$k])) { case 'date':
$dt = date('Y-m-d', $ticket[$k]); $tmp_dt = hesk_custom_date_display_format($ticket[$k], 'Y-m-d\T00:00:00.000');
$output = hesk_dateToString($dt, 0); $tmp .= strlen($tmp_dt) ? '<Cell ss:StyleID="s63"><Data ss:Type="DateTime">'.$tmp_dt : '<Cell><Data ss:Type="String">';
$tmp .= "</Data></Cell> \n";
break;
default:
$tmp .= '<Cell><Data ss:Type="String"><![CDATA['.hesk_msgToPlain($ticket[$k], 1, 0).']]></Data></Cell> ' . "\n";
} }
$tmp .= '<Cell><Data ss:Type="String"><![CDATA[' . hesk_msgToPlain($output, 1, 0) . ']]></Data></Cell> ' . "\n";
} }
} }
@ -636,7 +626,10 @@ if (isset($_GET['w'])) {
// We're done! // We're done!
$flush_me .= hesk_date() . " | {$hesklang['fZIP']}<br /><br />"; $flush_me .= hesk_date() . " | {$hesklang['fZIP']}<br /><br />";
$flush_me .= '<a href="' . $save_to_zip . '">' . $hesklang['ch2d'] . "</a>\n";
// Success message
$success_msg .= $hesk_settings['debug_mode'] ? $flush_me : '<br /><br />';
$success_msg .= $hesklang['step1'] . ': <a href="' . $save_to_zip . '">' . $hesklang['ch2d'] . '</a><br /><br />' . $hesklang['step2'] . ': <a href="export.php?delete='.urlencode($export_name).'">' . $hesklang['dffs'] . '</a>';
} // No tickets exported, cleanup } // No tickets exported, cleanup
else { else {
hesk_unlink($save_to); hesk_unlink($save_to);
@ -649,272 +642,263 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */ /* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<section class="content">
<div class="row move-down-20"> <div class="box">
<div class="col-md-4"> <div class="box-header">
<div class="panel panel-default"> <h1 class="box-title">
<div class="panel-heading"><?php echo $hesklang['export']; ?></div> <?php echo $hesklang['export']; ?>
</h1>
<?php <?php
if (hesk_checkPermission('can_run_reports', 0)) { if (hesk_checkPermission('can_run_reports', 0)) {
$canRunReports = true; echo '<br><small><a href="reports.php">' . $hesklang['reports_tab'] . '</a></small>';
} else {
$canRunReports = false;
} }
?> ?>
<div class="panel-body" <?php if ($canRunReports) { <div class="box-tools pull-right">
echo 'style="margin-top: -15px;"'; <button type="button" class="btn btn-box-tool" data-widget="collapse">
} ?>> <i class="fa fa-minus"></i>
<?php if ($canRunReports) { </button>
echo '<small><a href="reports.php">' . $hesklang['reports_tab'] . '</a></small><div class="blankSpace"></div>';
} ?>
<p><?php echo $hesklang['export_intro']; ?></p>
</div> </div>
</div> </div>
</div> <div class="box-body">
<div class="col-md-8"> <?php
<?php /* This will handle error, success and notice messages */
/* This will handle error, success and notice messages */ hesk_handle_messages();
hesk_handle_messages();
// If an export was generated, show the link to download
// If an export was generated, show the link to download if (isset($success_msg)) {
if (isset($flush_me)) { if ($tickets_exported > 0) {
if ($tickets_exported > 0) { hesk_show_success($success_msg);
hesk_show_success($flush_me); } else {
} else { hesk_show_notice($hesklang['n2ex']);
hesk_show_notice($hesklang['n2ex']); }
} }
} ?>
?> <form name="showt" action="export.php" method="get" role="form">
<div class="form-group">
<h3><?php echo $hesklang['export']; ?></h3> <label for="time" class="control-label col-sm-2"><?php echo $hesklang['dtrg']; ?>:</label>
<div class="footerWithBorder blankSpace"></div> <div class="col-sm-10 form-inline">
<!-- START DATE -->
<form name="showt" action="export.php" method="get" class="form-horizontal" role="form"> <input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> />
<div class="form-group"> <select name="time" onclick="document.getElementById('w0').checked = true"
<label for="time" class="control-label col-sm-2"><?php echo $hesklang['dtrg']; ?>:</label> class="form-control"
onfocus="document.getElementById('w0').checked = true"
<div class="col-sm-10"> style="margin-top:5px;margin-bottom:5px;">
<!-- START DATE --> <option value="1" <?php echo $selected['time'][1]; ?>><?php echo $hesklang['r1']; ?>
<input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> /> (<?php echo $hesklang['d' . date('w')]; ?>)
<select name="time" onclick="document.getElementById('w0').checked = true" </option>
onfocus="document.getElementById('w0').checked = true" <option value="2" <?php echo $selected['time'][2]; ?>><?php echo $hesklang['r2']; ?>
style="margin-top:5px;margin-bottom:5px;"> (<?php echo $hesklang['d' . date('w', mktime(0, 0, 0, date('m'), date('d') - 1, date('Y')))]; ?>
<option value="1" <?php echo $selected['time'][1]; ?>><?php echo $hesklang['r1']; ?> )
(<?php echo $hesklang['d' . date('w')]; ?>) </option>
</option> <option value="3" <?php echo $selected['time'][3]; ?>><?php echo $hesklang['r3']; ?>
<option value="2" <?php echo $selected['time'][2]; ?>><?php echo $hesklang['r2']; ?> (<?php echo $hesklang['m' . date('n')]; ?>)
(<?php echo $hesklang['d' . date('w', mktime(0, 0, 0, date('m'), date('d') - 1, date('Y')))]; ?> </option>
) <option value="4" <?php echo $selected['time'][4]; ?>><?php echo $hesklang['r4']; ?>
</option> (<?php echo $hesklang['m' . date('n', mktime(0, 0, 0, date('m') - 1, date('d'), date('Y')))]; ?>
<option value="3" <?php echo $selected['time'][3]; ?>><?php echo $hesklang['r3']; ?> )
(<?php echo $hesklang['m' . date('n')]; ?>) </option>
</option> <option value="5" <?php echo $selected['time'][5]; ?>><?php echo $hesklang['r5']; ?></option>
<option value="4" <?php echo $selected['time'][4]; ?>><?php echo $hesklang['r4']; ?> <option value="6" <?php echo $selected['time'][6]; ?>><?php echo $hesklang['r6']; ?></option>
(<?php echo $hesklang['m' . date('n', mktime(0, 0, 0, date('m') - 1, date('d'), date('Y')))]; ?> <option value="7" <?php echo $selected['time'][7]; ?>><?php echo $hesklang['r7']; ?></option>
) <option value="8" <?php echo $selected['time'][8]; ?>><?php echo $hesklang['r8']; ?></option>
</option> <option value="9" <?php echo $selected['time'][9]; ?>><?php echo $hesklang['r9']; ?></option>
<option value="5" <?php echo $selected['time'][5]; ?>><?php echo $hesklang['r5']; ?></option> <option value="10" <?php echo $selected['time'][10]; ?>><?php echo $hesklang['r10']; ?>
<option value="6" <?php echo $selected['time'][6]; ?>><?php echo $hesklang['r6']; ?></option> (<?php echo date('Y'); ?>)
<option value="7" <?php echo $selected['time'][7]; ?>><?php echo $hesklang['r7']; ?></option> </option>
<option value="8" <?php echo $selected['time'][8]; ?>><?php echo $hesklang['r8']; ?></option> <option value="11" <?php echo $selected['time'][11]; ?>><?php echo $hesklang['r11']; ?>
<option value="9" <?php echo $selected['time'][9]; ?>><?php echo $hesklang['r9']; ?></option> (<?php echo date('Y', mktime(0, 0, 0, date('m'), date('d'), date('Y') - 1)); ?>)
<option value="10" <?php echo $selected['time'][10]; ?>><?php echo $hesklang['r10']; ?> </option>
(<?php echo date('Y'); ?>) <option value="12" <?php echo $selected['time'][12]; ?>><?php echo $hesklang['r12']; ?></option>
</option> </select>
<option value="11" <?php echo $selected['time'][11]; ?>><?php echo $hesklang['r11']; ?>
(<?php echo date('Y', mktime(0, 0, 0, date('m'), date('d'), date('Y') - 1)); ?>) <br>
</option>
<option value="12" <?php echo $selected['time'][12]; ?>><?php echo $hesklang['r12']; ?></option> <input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> />
</select> <?php echo $hesklang['from']; ?> <input type="text" name="datefrom"
value="<?php echo $input_datefrom; ?>" id="datefrom"
<br/> class="datepicker form-control" size="10"
onclick="document.getElementById('w1').checked = true"
<input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> /> onfocus="document.getElementById('w1').checked = true;this.focus;"/>
<?php echo $hesklang['from']; ?> <input type="text" name="datefrom" <?php echo $hesklang['to']; ?> <input type="text" name="dateto" value="<?php echo $input_dateto; ?>"
value="<?php echo $input_datefrom; ?>" id="datefrom" id="dateto" class="datepicker form-control" size="10"
class="tcal" size="10" onclick="document.getElementById('w1').checked = true"
onclick="document.getElementById('w1').checked = true" onfocus="document.getElementById('w1').checked = true; this.focus;"/>
onfocus="document.getElementById('w1').checked = true;this.focus;"/> <!-- END DATE -->
<?php echo $hesklang['to']; ?> <input type="text" name="dateto" value="<?php echo $input_dateto; ?>" </div>
id="dateto" class="tcal" size="10"
onclick="document.getElementById('w1').checked = true"
onfocus="document.getElementById('w1').checked = true; this.focus;"/>
<!-- END DATE -->
</div> </div>
</div> <div class="form-group">
<div class="form-group"> <label for="status" class="control-label col-sm-2"><?php echo $hesklang['status']; ?>:</label>
<label for="status" class="control-label col-sm-2"><?php echo $hesklang['status']; ?>:</label>
<div class="col-sm-10"> <div class="col-sm-10">
<?php <?php
$statuses = mfh_getAllStatuses(); $statuses = mfh_getAllStatuses();
foreach ($statuses as $row) { foreach ($statuses as $row) {
?>
<div class="col-xs-4">
<div class="checkbox">
<label><input type="checkbox" name="s<?php echo $row['ID']; ?>"
value="1" <?php if (isset($status[$row['ID']])) {
echo 'checked="checked"';
} ?> /> <span
style="color: <?php echo $row['TextColor']; ?>"><?php echo $row['text']; ?></span></label>
</div>
</div>
<?php
}
?> ?>
</div>
</div>
<div class="form-group">
<label for="priority" class="col-sm-2 control-label"><?php echo $hesklang['priority']; ?>:</label>
<div class="col-sm-10">
<div class="col-xs-4"> <div class="col-xs-4">
<div class="checkbox"> <div class="checkbox">
<label><input type="checkbox" name="s<?php echo $row['ID']; ?>" <label><input type="checkbox" name="p0" value="1" <?php if (isset($priority[0])) {
value="1" <?php if (isset($status[$row['ID']])) {
echo 'checked="checked"'; echo 'checked="checked"';
} ?> /> <span } ?> /> <span class="critical"><?php echo $hesklang['critical']; ?></span></label>
style="color: <?php echo $row['TextColor']; ?>"><?php echo $row['text']; ?></span></label> </div>
<div class="checkbox">
<label><input type="checkbox" name="p1" value="1" <?php if (isset($priority[1])) {
echo 'checked="checked"';
} ?> /> <span class="important"><?php echo $hesklang['high']; ?></span></label>
</div> </div>
</div> </div>
<?php <div class="col-xs-4">
} <div class="checkbox">
?> <label><input type="checkbox" name="p2" value="1" <?php if (isset($priority[2])) {
</div> echo 'checked="checked"';
</div> } ?> /> <span class="medium"><?php echo $hesklang['medium']; ?></span></label>
<div class="form-group"> </div>
<label for="priority" class="col-sm-2 control-label"><?php echo $hesklang['priority']; ?>:</label> <div class="checkbox">
<label><input type="checkbox" name="p3" value="1" <?php if (isset($priority[3])) {
<div class="col-sm-10"> echo 'checked="checked"';
<div class="col-xs-4"> } ?> /> <span class="normal"><?php echo $hesklang['low']; ?></span></label>
<div class="checkbox"> </div>
<label><input type="checkbox" name="p0" value="1" <?php if (isset($priority[0])) {
echo 'checked="checked"';
} ?> /> <span class="critical"><?php echo $hesklang['critical']; ?></span></label>
</div>
<div class="checkbox">
<label><input type="checkbox" name="p1" value="1" <?php if (isset($priority[1])) {
echo 'checked="checked"';
} ?> /> <span class="important"><?php echo $hesklang['high']; ?></span></label>
</div>
</div>
<div class="col-xs-4">
<div class="checkbox">
<label><input type="checkbox" name="p2" value="1" <?php if (isset($priority[2])) {
echo 'checked="checked"';
} ?> /> <span class="medium"><?php echo $hesklang['medium']; ?></span></label>
</div>
<div class="checkbox">
<label><input type="checkbox" name="p3" value="1" <?php if (isset($priority[3])) {
echo 'checked="checked"';
} ?> /> <span class="normal"><?php echo $hesklang['low']; ?></span></label>
</div> </div>
</div> </div>
</div> </div>
</div> <div class="form-group">
<div class="form-group"> <label for="assign" class="col-sm-2 control-label"><?php echo $hesklang['show']; ?>:</label>
<label for="assign" class="col-sm-2 control-label"><?php echo $hesklang['show']; ?>:</label>
<div class="col-sm-10">
<div class="col-sm-10"> <div class="col-xs-4">
<div class="col-xs-4">
<div class="checkbox">
<label><input type="checkbox" name="s_my"
value="1" <?php if ($s_my[1]) echo 'checked="checked"'; ?> /> <?php echo $hesklang['s_my']; ?>
</label>
</div>
<?php
if ($can_view_unassigned) {
?>
<div class="checkbox"> <div class="checkbox">
<label><input type="checkbox" name="s_un" <label><input type="checkbox" name="s_my"
value="1" <?php if ($s_un[1]) echo 'checked="checked"'; ?> /> <?php echo $hesklang['s_un']; ?> value="1" <?php if ($s_my[1]) echo 'checked="checked"'; ?> /> <?php echo $hesklang['s_my']; ?>
</label> </label>
</div> </div>
<?php <?php
} if ($can_view_unassigned) {
?> ?>
</div> <div class="checkbox">
<div class="col-xs-4"> <label><input type="checkbox" name="s_un"
<?php value="1" <?php if ($s_un[1]) echo 'checked="checked"'; ?> /> <?php echo $hesklang['s_un']; ?>
if ($can_view_ass_others) { </label>
</div>
<?php
}
?>
</div>
<div class="col-xs-4">
<?php
if ($can_view_ass_others) {
?>
<div class="checkbox">
<label><input type="checkbox" name="s_ot"
value="1" <?php if ($s_ot[1]) echo 'checked="checked"'; ?> /> <?php echo $hesklang['s_ot']; ?>
</label>
</div>
<?php
}
?> ?>
<div class="checkbox"> <div class="checkbox">
<label><input type="checkbox" name="s_ot" <label><input type="checkbox" name="archive"
value="1" <?php if ($s_ot[1]) echo 'checked="checked"'; ?> /> <?php echo $hesklang['s_ot']; ?> value="1" <?php if ($archive[1]) echo 'checked="checked"'; ?> /> <?php echo $hesklang['disp_only_archived']; ?>
</label> </label>
</div> </div>
<?php
}
?>
<div class="checkbox">
<label><input type="checkbox" name="archive"
value="1" <?php if ($archive[1]) echo 'checked="checked"'; ?> /> <?php echo $hesklang['disp_only_archived']; ?>
</label>
</div> </div>
</div> </div>
</div> </div>
</div> <div class="form-group">
<div class="form-group"> <label for="sort" class="col-sm-2 control-label"><?php echo $hesklang['sort_by']; ?>:</label>
<label for="sort" class="col-sm-2 control-label"><?php echo $hesklang['sort_by']; ?>:</label>
<div class="col-sm-10">
<div class="col-sm-10"> <div class="col-xs-4">
<div class="col-xs-4"> <div class="radio">
<div class="radio"> <label><input type="radio" name="sort" value="priority" <?php if ($sort == 'priority') {
<label><input type="radio" name="sort" value="priority" <?php if ($sort == 'priority') { echo 'checked="checked"';
echo 'checked="checked"'; } ?> /> <?php echo $hesklang['priority']; ?></label>
} ?> /> <?php echo $hesklang['priority']; ?></label> </div>
</div> <div class="radio">
<div class="radio"> <label><input type="radio" name="sort" value="lastchange" <?php if ($sort == 'lastchange') {
<label><input type="radio" name="sort" value="lastchange" <?php if ($sort == 'lastchange') { echo 'checked="checked"';
echo 'checked="checked"'; } ?> /> <?php echo $hesklang['last_update']; ?></label>
} ?> /> <?php echo $hesklang['last_update']; ?></label> </div>
</div>
</div>
<div class="col-xs-4">
<div class="radio">
<label><input type="radio" name="sort" value="name" <?php if ($sort == 'name') {
echo 'checked="checked"';
} ?> /> <?php echo $hesklang['name']; ?></label>
</div>
<div class="radio">
<label><input type="radio" name="sort" value="subject" <?php if ($sort == 'subject') {
echo 'checked="checked"';
} ?> /> <?php echo $hesklang['subject']; ?></label>
</div> </div>
</div> <div class="col-xs-4">
<div class="col-xs-4"> <div class="radio">
<div class="radio"> <label><input type="radio" name="sort" value="name" <?php if ($sort == 'name') {
<label><input type="radio" name="sort" value="status" <?php if ($sort == 'status') { echo 'checked="checked"';
echo 'checked="checked"'; } ?> /> <?php echo $hesklang['name']; ?></label>
} ?> /> <?php echo $hesklang['status']; ?></label> </div>
<div class="radio">
<label><input type="radio" name="sort" value="subject" <?php if ($sort == 'subject') {
echo 'checked="checked"';
} ?> /> <?php echo $hesklang['subject']; ?></label>
</div>
</div> </div>
<div class="radio"> <div class="col-xs-4">
<label><input type="radio" name="sort" value="id" <?php if ($sort == 'id') { <div class="radio">
echo 'checked="checked"'; <label><input type="radio" name="sort" value="status" <?php if ($sort == 'status') {
} ?> /> <?php echo $hesklang['sequentially']; ?></label> echo 'checked="checked"';
} ?> /> <?php echo $hesklang['status']; ?></label>
</div>
<div class="radio">
<label><input type="radio" name="sort" value="id" <?php if ($sort == 'id') {
echo 'checked="checked"';
} ?> /> <?php echo $hesklang['sequentially']; ?></label>
</div>
</div> </div>
</div> </div>
</div> </div>
</div> <div class="form-group">
<div class="form-group"> <label for="asc" class="col-sm-2 control-label"><?php echo $hesklang['category']; ?>:</label>
<label for="asc" class="col-sm-2 control-label"><?php echo $hesklang['category']; ?>:</label>
<div class="col-sm-10">
<div class="col-sm-10"> <select name="category" class="form-control">
<select name="category" class="form-control"> <option value="0"><?php echo $hesklang['any_cat']; ?></option>
<option value="0"><?php echo $hesklang['any_cat']; ?></option> <?php echo $category_options; ?>
<?php echo $category_options; ?> </select>
</select> </div>
</div> </div>
</div> <div class="form-group">
<div class="form-group"> <label for="asc" class="col-sm-2 control-label"><?php echo $hesklang['order']; ?>:</label>
<label for="asc" class="col-sm-2 control-label"><?php echo $hesklang['order']; ?>:</label>
<div class="col-sm-10">
<div class="col-sm-10"> <div class="col-xs-4">
<div class="col-xs-4"> <div class="radio">
<div class="radio"> <label><input type="radio" name="asc" value="1" <?php if ($asc) {
<label><input type="radio" name="asc" value="1" <?php if ($asc) { echo 'checked="checked"';
echo 'checked="checked"'; } ?> /> <?php echo $hesklang['ascending']; ?></label>
} ?> /> <?php echo $hesklang['ascending']; ?></label> </div>
</div> <div class="radio">
<div class="radio"> <label><input type="radio" name="asc" value="0" <?php if (!$asc) {
<label><input type="radio" name="asc" value="0" <?php if (!$asc) { echo 'checked="checked"';
echo 'checked="checked"'; } ?> /> <?php echo $hesklang['descending']; ?></label>
} ?> /> <?php echo $hesklang['descending']; ?></label> </div>
</div> </div>
</div> </div>
</div> </div>
</div> <div class="form-group">
<div class="form-group text-center"> <input type="submit" value="<?php echo $hesklang['export_btn']; ?>" class="btn btn-default"/>
<input type="submit" value="<?php echo $hesklang['export_btn']; ?>" class="btn btn-default"/> <input type="hidden" name="cot" value="1"/>
<input type="hidden" name="cot" value="1"/> </div>
</div> </form>
</form> </div>
</div> </div>
</div> </section>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
exit(); exit();

124
admin/find_tickets.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -37,6 +20,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/status_functions.inc.php'); require(HESK_PATH . 'inc/status_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -51,31 +35,18 @@ hesk_checkPermission('can_view_tickets');
$_SERVER['PHP_SELF'] = './admin_main.php'; $_SERVER['PHP_SELF'] = './admin_main.php';
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
/* Print header */ /* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php'); require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print admin navigation */ /* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
</td>
</tr>
<tr>
<td>
<div class="row pad-down-20">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
<h4><?php echo $hesklang['tickets_found']; ?> <span class="nu-floatRight panel-button"><a
href="new_ticket.php"
class="btn btn-success"><span class="glyphicon glyphicon-plus-sign"></span> <?php echo $hesklang['nti']; ?></a></span></h4>
</div>
<?php
// This SQL code will be used to retrieve results // This SQL code will be used to retrieve results
$sql_final = "SELECT $sql_final = "SELECT
`id`, `id`,
`trackid`, `trackid`,
`name`, `name`,
@ -220,16 +191,11 @@ LEFT(`message`, 400) AS `message`,
} }
/* Date */ /* Date */
/* -> Check for compatibility with old date format */
if (preg_match("/(\d{4})-(\d{2})-(\d{2})/", hesk_GET('dt'), $m)) {
$_GET['dt'] = $m[2] . $m[3] . $m[1];
}
/* -> Now process the date value */ /* -> Now process the date value */
$dt = preg_replace('/[^0-9]/', '', hesk_GET('dt')); $dt = preg_replace('/[^0-9]/', '', hesk_GET('dt'));
if (strlen($dt) == 8) { if (strlen($dt) == 8) {
$date = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2); $date = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
$date_input = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4); $date_input = $date;
/* This search is valid even if no query is entered */ /* This search is valid even if no query is entered */
if ($no_query) { if ($no_query) {
@ -247,9 +213,6 @@ LEFT(`message`, 400) AS `message`,
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
} }
/* This will handle error, success and notice messages */
$handle = hesk_handle_messages();
# echo "$sql<br/>"; # echo "$sql<br/>";
// That's all the SQL we need for count // That's all the SQL we need for count
@ -258,24 +221,49 @@ LEFT(`message`, 400) AS `message`,
/* Prepare variables used in search and forms */ /* Prepare variables used in search and forms */
require_once(HESK_PATH . 'inc/prepare_ticket_search.inc.php'); require_once(HESK_PATH . 'inc/prepare_ticket_search.inc.php');
/* If there has been an error message skip searching for tickets */
if ($handle !== FALSE) {
$href = 'find_tickets.php';
require_once(HESK_PATH . 'inc/ticket_list.inc.php');
}
?> ?>
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['tickets']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php $handle = hesk_handle_messages(); ?>
<div class="checkbox">
<label>
<input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
<?php echo $hesklang['arp']; ?>
<span id="timer"></span>
</label>
</div>
<script type="text/javascript">heskCheckReloading();</script>
<?php
if ($handle !== FALSE) {
$href = 'find_tickets.php';
require_once(HESK_PATH . 'inc/ticket_list.inc.php');
echo '<br>';
}
<?php /* Clean unneeded session variables */
hesk_cleanSessionVars('hide');
/* Clean unneeded session variables */ /* Show the search form */
hesk_cleanSessionVars('hide'); require_once(HESK_PATH . 'inc/show_search_form.inc.php');
?>
</div>
</div>
</section>
<?php
/* Show the search form */
require_once(HESK_PATH . 'inc/show_search_form.inc.php');
/* Print footer */ /* Print footer */
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
exit(); exit();
?> ?>

224
admin/index.php
Unescape Escape View File

@ -1,35 +1,19 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
define('PAGE_TITLE', 'LOGIN');
/* Get all the required files and functions */ /* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
@ -58,9 +42,6 @@ switch ($action) {
hesk_autoLogin(); hesk_autoLogin();
print_login(); print_login();
} }
/* Print footer */
require_once(HESK_PATH . 'inc/footer.inc.php');
exit(); exit();
/*** START FUNCTIONS ***/ /*** START FUNCTIONS ***/
@ -208,15 +189,15 @@ function do_login()
/* Remember username? */ /* Remember username? */
if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') { if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
setcookie('hesk_username', "$user", strtotime('+1 year')); hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
setcookie('hesk_p', "$pass_enc", strtotime('+1 year')); hesk_setcookie('hesk_p', "$pass_enc", strtotime('+1 year'));
} elseif (hesk_POST('remember_user') == 'JUSTUSER') { } elseif (hesk_POST('remember_user') == 'JUSTUSER') {
setcookie('hesk_username', "$user", strtotime('+1 year')); hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
setcookie('hesk_p', ''); hesk_setcookie('hesk_p', '');
} else { } else {
// Expire cookie if set otherwise // Expire cookie if set otherwise
setcookie('hesk_username', ''); hesk_setcookie('hesk_username', '');
setcookie('hesk_p', ''); hesk_setcookie('hesk_p', '');
} }
/* Close any old tickets here so Cron jobs aren't necessary */ /* Close any old tickets here so Cron jobs aren't necessary */
@ -274,7 +255,7 @@ function print_login()
} }
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['admin_login']; $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['admin_login'];
require_once(HESK_PATH . 'inc/header.inc.php'); require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
if ( hesk_isREQUEST('notice') ) if ( hesk_isREQUEST('notice') )
{ {
@ -287,29 +268,37 @@ function print_login()
} }
?> ?>
<div class="loginError"><?php <div class="login-box">
/* This will handle error, success and notice messages */ <div class="login-logo">
hesk_handle_messages(); <?php echo $hesk_settings['hesk_title']; ?>
?></div> </div>
<div> <div class="login-box-body">
<div class="panel panel-default form-signin"> <div class="loginError">
<div class="panel-heading"> <?php
<h4><span <?php echo $iconDisplay; ?>><span class="mega-octicon octicon-sign-in"></span>&nbsp;</span><?php echo $hesklang['admin_login']; ?></h4> /* This will handle error, success and notice messages */
hesk_handle_messages();
?>
</div> </div>
<div class="panel-body"> <h4 class="login-box-msg">
<form class="form-signin form-horizontal" role="form" action="index.php" method="post" name="form1"> <?php echo $hesklang['staff_login_title']; ?>
<?php if (in_array('pass',$_SESSION['a_iserror'])) { echo '<div class="form-group has-error">';} else { echo '<div class="form-group">';}?> </h4>
<label for="user" class="col-sm-4 control-label"><?php echo $hesklang['username']; ?>:</label> <form class="form-horizontal" role="form" action="index.php" method="post" name="form1">
<?php
$has_error = '';
if (in_array('pass',$_SESSION['a_iserror'])) {
$has_error = 'has-error';
}
?>
<div class="form-group <?php echo $has_error; ?>">
<label for="user" class="col-sm-4 control-label">
<?php echo $hesklang['username']; ?>
</label>
<div class="col-sm-8"> <div class="col-sm-8">
<?php <?php
if (defined('HESK_USER')) {
if (defined('HESK_USER'))
{
$savedUser = HESK_USER; $savedUser = HESK_USER;
} } else {
else $savedUser = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
{
$savedUser = hesk_htmlspecialchars( hesk_COOKIE('hesk_username') );
} }
$is_1 = ''; $is_1 = '';
@ -318,44 +307,48 @@ function print_login()
$remember_user = hesk_POST('remember_user'); $remember_user = hesk_POST('remember_user');
if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN') ) if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN')) {
{ $is_1 = 'checked';
$is_1 = 'checked="checked"'; } elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER') {
$is_2 = 'checked';
} else {
$is_3 = 'checked';
} }
elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER' )
{
$is_2 = 'checked="checked"';
}
else
{
$is_3 = 'checked="checked"';
}
if ($hesk_settings['list_users'])
{
echo '<select class="form-control" name="user">';
$res = hesk_dbQuery('SELECT `user` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `user` ASC');
while ($row=hesk_dbFetchAssoc($res))
{
$sel = (strtolower($savedUser) == strtolower($row['user'])) ? 'selected="selected"' : '';
echo '<option value="'.$row['user'].'" '.$sel.'>'.$row['user'].'</option>';
}
echo '</select>';
} if ($hesk_settings['list_users']) :
else $res = hesk_dbQuery("SELECT `user` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1' ORDER BY `user` ASC");
{
echo '<input class="form-control" type="text" name="user" size="35" placeholder="'.htmlspecialchars($hesklang['username']).'" value="'.$savedUser.'" />';
}
?> ?>
<select class="form-control" name="user">
<?php
while ($row = hesk_dbFetchAssoc($res)):
$sel = (strtolower($savedUser) == strtolower($row['user'])) ? 'selected' : '';
?>
<option value="<?php echo $row['user']; ?>" <?php echo $sel; ?>>
<?php echo $row['user']; ?>
</option>
<?php endwhile; ?>
</select>
<?php else: ?>
<input class="form-control" type="text" name="user" size="35"
placeholder="<?php echo htmlspecialchars($hesklang['username']); ?>"
value="<?php echo $savedUser; ?>">
<?php endif; ?>
</div> </div>
</div> </div>
<?php if (in_array('pass',$_SESSION['a_iserror'])) { echo '<div class="form-group has-error">';} else { echo '<div class="form-group">';}?> <?php
<label for="pass" class="col-sm-4 control-label"><?php echo $hesklang['pass']; ?>:</label> $has_error = '';
<div class="col-sm-8"> if (in_array('pass',$_SESSION['a_iserror'])) {
<input type="password" class="form-control" id="pass" name="pass" size="35" placeholder="<?php echo htmlspecialchars($hesklang['pass']); ?>" /> $has_error = 'has-error';
}
?>
<div class="form-group <?php echo $has_error; ?>">
<label for="pass" class="col-sm-4 control-label">
<?php echo $hesklang['pass']; ?>
</label>
<div class="col-sm-8">
<input type="password" class="form-control" id="pass" name="pass" size="35" placeholder="<?php echo htmlspecialchars($hesklang['pass']); ?>">
</div>
</div> </div>
</div>
<?php <?php
if ($hesk_settings['secimg_use'] == 2) if ($hesk_settings['secimg_use'] == 2)
{ {
@ -387,22 +380,22 @@ function print_login()
} }
}; };
</script> </script>
<?php <?php
require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php'); require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">'; echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">';
echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true); echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
echo '</div></div>'; echo '</div></div>';
} }
// Use reCaptcha API v2? // Use reCaptcha API v2?
elseif ($hesk_settings['recaptcha_use'] == 2) elseif ($hesk_settings['recaptcha_use'] == 2)
{ {
?> ?>
<div class="form-group"> <div class="form-group">
<div class="col-md-8 col-md-offset-4"> <div class="col-md-8 col-md-offset-4">
<div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>"></div> <div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>"></div>
</div> </div>
</div> </div>
<?php <?php
} }
// At least use some basic PHP generated image (better than nothing) // At least use some basic PHP generated image (better than nothing)
else else
@ -410,9 +403,9 @@ function print_login()
echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">'; echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">';
$cls = in_array('mysecnum',$_SESSION['a_iserror']) ? ' class="isError" ' : ''; $cls = in_array('mysecnum',$_SESSION['a_iserror']) ? ' class="isError" ' : '';
echo $hesklang['sec_enter'].'<br />&nbsp;<br /><img src="'.HESK_PATH.'print_sec_img.php?'.rand(10000,99999).'" width="150" height="40" alt="'.$hesklang['sec_img'].'" title="'.$hesklang['sec_img'].'" border="1" name="secimg" style="vertical-align:text-bottom" /> '. echo $hesklang['sec_enter'].'<br><br><img src="'.HESK_PATH.'print_sec_img.php?'.rand(10000,99999).'" width="150" height="40" alt="'.$hesklang['sec_img'].'" title="'.$hesklang['sec_img'].'" border="1" name="secimg" style="vertical-align:text-bottom"> '.
'<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\''.HESK_PATH.'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="'.HESK_PATH.'img/reload.png" height="24" width="24" alt="'.$hesklang['reload'].'" title="'.$hesklang['reload'].'" border="0" style="vertical-align:text-bottom" /></a>'. '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\''.HESK_PATH.'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="'.HESK_PATH.'img/reload.png" height="24" width="24" alt="'.$hesklang['reload'].'" title="'.$hesklang['reload'].'" border="0" style="vertical-align:text-bottom"></a>'.
'<br />&nbsp;<br /><input type="text" name="mysecnum" size="20" maxlength="5" '.$cls.' />'; '<br><br><input type="text" name="mysecnum" size="20" maxlength="5" '.$cls.'>';
echo '</div></div>'; echo '</div></div>';
} }
} // End if $hesk_settings['secimg_use'] == 2 } // End if $hesk_settings['secimg_use'] == 2
@ -423,17 +416,17 @@ function print_login()
<div class="form-group"> <div class="form-group">
<div class="col-md-offset-4 col-md-8"> <div class="col-md-offset-4 col-md-8">
<div class="radio"> <div class="radio">
<label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php echo $is_1; ?> /> <?php echo $hesklang['autologin']; ?></label> <label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php echo $is_1; ?>> <?php echo $hesklang['autologin']; ?></label>
</div> </div>
<div class="radio"> <div class="radio">
<label><input type="radio" name="remember_user" value="JUSTUSER" <?php echo $is_2; ?> /> <?php echo $hesklang['just_user']; ?></label> <label><input type="radio" name="remember_user" value="JUSTUSER" <?php echo $is_2; ?>> <?php echo $hesklang['just_user']; ?></label>
</div> </div>
<div class="radio"> <div class="radio">
<label><input type="radio" name="remember_user" value="NOTHANKS" <?php echo $is_3; ?> /> <?php echo $hesklang['nothx']; ?></label> <label><input type="radio" name="remember_user" value="NOTHANKS" <?php echo $is_3; ?>> <?php echo $hesklang['nothx']; ?></label>
</div> </div>
</div> </div>
</div> </div>
<?php <?php
} }
else else
{ {
@ -445,40 +438,33 @@ function print_login()
</div> </div>
</div> </div>
</div> </div>
<?php <?php
} // End if $hesk_settings['autologin'] } // End if $hesk_settings['autologin']
?> ?>
<div class="form-group"> <div class="form-group">
<div class="col-md-offset-4 col-md-8"> <div class="col-md-offset-4 col-md-8">
<input type="submit" value="<?php echo $hesklang['click_login']; ?>" class="btn btn-default" /> <input type="submit" value="<?php echo $hesklang['click_login']; ?>" class="btn btn-default">
<input type="hidden" name="a" value="do_login" /> <input type="hidden" name="a" value="do_login">
<?php <?php
if ( hesk_isREQUEST('goto') && $url=hesk_REQUEST('goto') ) if ( hesk_isREQUEST('goto') && $url=hesk_REQUEST('goto') )
{ {
echo '<input type="hidden" name="goto" value="'.$url.'" />'; echo '<input type="hidden" name="goto" value="'.$url.'">';
} }
// Do we allow staff password reset? // Do we allow staff password reset?
if ($hesk_settings['reset_pass']) if ($hesk_settings['reset_pass'])
{ {
echo '<br />&nbsp;<br /><a href="password.php" class="smaller">'.$hesklang['fpass'].'</a>'; echo '<br><br><a href="password.php" class="smaller">'.$hesklang['fpass'].'</a>';
} }
?> ?>
</div> </div>
</div> </div>
</form>
</form>
</div>
</div> </div>
</div>
</div> <?php
<p>&nbsp;</p>
<?php
hesk_cleanSessionVars('a_iserror'); hesk_cleanSessionVars('a_iserror');
require_once(HESK_PATH . 'inc/footer.inc.php');
exit(); exit();
} // End print_login() } // End print_login()
@ -507,7 +493,7 @@ function logout()
/* Show success message and reset the cookie */ /* Show success message and reset the cookie */
hesk_process_messages($hesklang['logout_success'], 'NOREDIRECT', 'SUCCESS'); hesk_process_messages($hesklang['logout_success'], 'NOREDIRECT', 'SUCCESS');
setcookie('hesk_p', ''); hesk_setcookie('hesk_p', '');
/* Print the login form */ /* Print the login form */
print_login(); print_login();

648
admin/knowledgebase_private.php
Unescape Escape View File

@ -37,6 +37,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/knowledgebase_functions.inc.php'); require(HESK_PATH . 'inc/knowledgebase_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -56,6 +57,7 @@ $can_man_kb = hesk_checkPermission('can_man_kb',0);
$catid = intval( hesk_GET('category', 1) ); $catid = intval( hesk_GET('category', 1) );
$artid = intval( hesk_GET('article', 0) ); $artid = intval( hesk_GET('article', 0) );
if (isset($_GET['search'])) if (isset($_GET['search']))
{ {
$query = hesk_input( hesk_GET('search') ); $query = hesk_input( hesk_GET('search') );
@ -69,7 +71,9 @@ $hesk_settings['kb_link'] = ($artid || $catid != 1 || $query) ? '<a href="knowle
if ($hesk_settings['kb_search'] && $query) if ($hesk_settings['kb_search'] && $query)
{ {
hesk_kb_search($query); if (hesk_kb_search($query)) {
hesk_show_kb_category(1,1);
}
} }
elseif ($artid) elseif ($artid)
{ {
@ -98,7 +102,7 @@ else
{ {
hesk_show_kb_category($catid); hesk_show_kb_category($catid);
} }
?> </div> <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
exit(); exit();
@ -114,11 +118,6 @@ function hesk_kb_header($kb_link, $catid=1)
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
</td>
</tr>
<tr>
<td>
<ol class="breadcrumb"> <ol class="breadcrumb">
<?php <?php
if ($can_man_kb) if ($can_man_kb)
@ -130,15 +129,10 @@ function hesk_kb_header($kb_link, $catid=1)
?> ?>
<li class="active"><?php echo $kb_link; ?></li> <li class="active"><?php echo $kb_link; ?></li>
</ol> </ol>
<!-- SUB NAVIGATION -->
<?php show_subnav('view', $catid); ?> <?php show_subnav('view', $catid); ?>
<!-- SUB NAVIGATION --> <section style="padding: 15px;">
<?php hesk_kbSearchLarge(1); ?>
<div style="margin-left:40px;margin-right:40px"> </section>
<?php hesk_kbSearchLarge(1); ?>
<?php <?php
} // END hesk_kb_header() } // END hesk_kb_header()
@ -154,41 +148,43 @@ function hesk_kb_search($query)
$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, LEFT(`t1`.`content`, '.max(200, $hesk_settings['kb_substrart'] * 2).') AS `content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit'])); $res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, LEFT(`t1`.`content`, '.max(200, $hesk_settings['kb_substrart'] * 2).') AS `content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit']));
$num = hesk_dbNumRows($res); $num = hesk_dbNumRows($res);
$show_default_category = false;
?> ?>
<h4><?php echo $hesklang['sr']; ?> (<?php echo $num; ?>)</h4> <section style="padding: 15px">
<div class="footerWithBorder blankSpace"></div> <div class="box">
<div class="box-header with-border">
<?php <h1 class="box-title">
if ($num == 0) <?php echo $hesklang['sr']; ?> (<?php echo $num; ?>)
{ </h1>
echo '<p style="margin-left:20px"><i>'.$hesklang['nosr'].'</i></p>'; <div class="box-tools pull-right">
hesk_show_kb_category(1,1); <button type="button" class="btn btn-box-tool" data-widget="collapse">
} <i class="fa fa-minus"></i>
else </button>
{ </div>
?> </div>
<table width="100%" border="0" cellspacing="0" cellpadding="0"> <div class="box-body">
<tr> <?php
<td> if ($num == 0) {
<div align="center"> echo '<i>'.$hesklang['nosr'].'</i>';
<table border="0" cellspacing="1" cellpadding="3" width="100%"> $show_default_category = true;
<?php } else {
while ($article = hesk_dbFetchAssoc($res)) ?>
{ <table class="table table-striped">
$txt = hesk_kbArticleContentPreview($article['content']); <?php
while ($article = hesk_dbFetchAssoc($res))
if ($hesk_settings['kb_rating']) {
{ $txt = hesk_kbArticleContentPreview($article['content']);
$alt = $article['rating'] ? sprintf($hesklang['kb_rated'], sprintf("%01.1f", $article['rating'])) : $hesklang['kb_not_rated'];
$rat = '<td width="1" valign="top"><img src="../img/star_'.(hesk_round_to_half($article['rating'])*10).'.png" width="85" height="16" alt="'.$alt.'" border="0" style="vertical-align:text-bottom" /></td>'; if ($hesk_settings['kb_rating'])
} {
else $rat = '<td width="1" valign="top">' . mfh_get_stars($article['rating']) . '</td>';
{ }
$rat = ''; else
} {
$rat = '';
echo ' }
echo '
<tr> <tr>
<td> <td>
<table border="0" width="100%" cellspacing="0" cellpadding="1"> <table border="0" width="100%" cellspacing="0" cellpadding="1">
@ -207,18 +203,16 @@ function hesk_kb_search($query)
</td> </td>
</tr>'; </tr>';
} }
?> ?>
</table> </table>
</div> <a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>&nbsp;<?php echo $hesklang['back']; ?></a>
</td> <?php } ?>
</tr> </div>
</table> </div>
</section>
<p><br /><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>&nbsp;<?php echo $hesklang['back']; ?></a></p>
<?php <?php
} // END else return $show_default_category;
} // END hesk_kb_search() } // END hesk_kb_search()
@ -231,134 +225,173 @@ function hesk_show_kb_article($artid)
hesk_kb_header($hesk_settings['kb_link'], $article['catid']); hesk_kb_header($hesk_settings['kb_link'], $article['catid']);
// Update views by 1 // Update views by 1
hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1"); hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid}");
echo '<h3>'.$article['subject'].'</h3> ?>
<div class="footerWithBorder blankSpace"></div> <section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $article['subject']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php echo $article['content']; ?>
</div>
<?php if (!empty($article['attachments'])): ?>
<div class="box-footer">
<p><b><?php echo $hesklang['attachments']; ?></b></p>
<?php
$att=explode(',',substr($article['attachments'], 0, -1));
foreach ($att as $myatt)
{
list($att_id, $att_name) = explode('#', $myatt);
echo '<i class="fa fa-paperclip"></i> <a href="../download_attachment.php?kb_att='.$att_id.'" rel="nofollow">'.$att_name.'</a><br />';
}
?>
</div>
<?php endif; ?>
</div>
<?php
if ($article['catid']==1)
{
$link = 'knowledgebase_private.php';
}
else
{
$link = 'knowledgebase_private.php?category='.$article['catid'];
}
?>
<br><br>
<div class="row">
<?php
$showRelated = false;
$column = 'col-md-12';
require(HESK_PATH . 'inc/mail/email_parser.php');
$query = hesk_dbEscape( $article['subject'] . ' ' . convert_html_to_text($article['content']) );
<h4>'.$hesklang['as'].'</h4> // Get relevant articles from the database
'. $article['content']; $res = hesk_dbQuery("SELECT `id`, `subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT ".intval($hesk_settings['kb_related']+1));
if ( ! empty($article['attachments'])) // Array with related articles
{ $related_articles = array();
echo '<p><b>'.$hesklang['attachments'].':</b><br />';
$att=explode(',',substr($article['attachments'], 0, -1));
foreach ($att as $myatt)
{
list($att_id, $att_name) = explode('#', $myatt);
echo '<i class="fa fa-papercip"></i> <a href="../download_attachment.php?kb_att='.$att_id.'" rel="nofollow">'.$att_name.'</a><br />';
}
echo '</p>';
}
while ($related = hesk_dbFetchAssoc($res))
{
// Get base match score from the first (this) article
if ( ! isset($base_score) )
{
$base_score = $related['score'];
}
// Ignore this article
if ($related['id'] == $artid)
{
continue;
}
if ($article['catid']==1) // Stop when articles reach less than 10% of base score
{ if ($related['score'] / $base_score < 0.10)
$link = 'knowledgebase_private.php'; {
} break;
else }
{
$link = 'knowledgebase_private.php?category='.$article['catid'];
}
?>
<br><br>
<div class="row">
<?php
$showRelated = false;
$column = 'col-md-12';
require(HESK_PATH . 'inc/mail/email_parser.php');
$query = hesk_dbEscape( $article['subject'] . ' ' . convert_html_to_text($article['content']) );
// Get relevant articles from the database
$res = hesk_dbQuery("SELECT `id`, `subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT ".intval($hesk_settings['kb_related']+1));
// Array with related articles
$related_articles = array();
while ($related = hesk_dbFetchAssoc($res))
{
// Get base match score from the first (this) article
if ( ! isset($base_score) )
{
$base_score = $related['score'];
}
// Ignore this article
if ($related['id'] == $artid)
{
continue;
}
// Stop when articles reach less than 10% of base score
if ($related['score'] / $base_score < 0.10)
{
break;
}
// This is a valid related article
$related_articles[$related['id']] = $related['subject'];
}
// Print related articles if we have any valid matches
if ( count($related_articles) ) {
$column = 'col-md-6';
$showRelated = true;
}
?>
<div class="<?php echo $column; ?> col-sm-12">
<h4><?php echo $hesklang['ad']; ?></h4>
<div class="footerWithBorder blankSpace"></div>
<table border="0">
<tr>
<td><?php echo $hesklang['aid']; ?>: </td>
<td><?php echo $article['id']; ?></td>
</tr>
<tr>
<td><?php echo $hesklang['category']; ?>: </td>
<td><a href="<?php echo $link; ?>"><?php echo $article['cat_name']; ?></a></td>
</tr>
<tr>
<td><?php echo $hesklang['dta']; ?>: </td>
<td><?php echo hesk_date($article['dt'], true); ?></td>
</tr>
<tr>
<td><?php echo $hesklang['views']; ?>: </td>
<td><?php echo (isset($_GET['rated']) ? $article['views'] : $article['views']+1); ?></td>
</tr>
</table>
</div>
<?php if ($showRelated) { ?>
<div class="col-md-6 col-sm-12">
<h4><?php echo $hesklang['relart']; ?></h4>
<div class="footerWithBorder blankSpace"></div>
<?php
// Related articles
foreach ($related_articles as $id => $subject)
{
echo '<span class="glyphicon glyphicon-file" style="font-size: 16px;"></span> <a href="knowledgebase_private.php?article='.$id.'">'.$subject.'</a><br />';
}
?>
</div>
<?php } ?>
</div>
<?php // This is a valid related article
if (!isset($_GET['back'])) $related_articles[$related['id']] = $related['subject'];
{ }
?>
<p><br /><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>&nbsp;<?php echo $hesklang['back']; ?></a></p> // Print related articles if we have any valid matches
<?php if ( count($related_articles) ) {
} $column = 'col-md-6';
else $showRelated = true;
{ }
?> ?>
<p>&nbsp;</p> <div class="<?php echo $column; ?> col-sm-12">
<?php <div class="box">
} <div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['ad']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<table border="0">
<tr>
<td><?php echo $hesklang['aid']; ?>: </td>
<td>
<?php
echo $article['id'];
if ($article['type'] == 0)
{
echo ' [<a href="' . $hesk_settings['hesk_url'] . '/knowledgebase.php?article=' . $article['id'] . '">' . $hesklang['public_link'] . '</a>]';
}
?>
</td>
</tr>
<tr>
<td><?php echo $hesklang['category']; ?>: </td>
<td><a href="<?php echo $link; ?>"><?php echo $article['cat_name']; ?></a></td>
</tr>
<tr>
<td><?php echo $hesklang['dta']; ?>: </td>
<td><?php echo hesk_date($article['dt'], true); ?></td>
</tr>
<tr>
<td><?php echo $hesklang['views']; ?>: </td>
<td><?php echo (isset($_GET['rated']) ? $article['views'] : $article['views']+1); ?></td>
</tr>
</table>
</div>
</div>
</div>
<?php if ($showRelated) { ?>
<div class="col-md-6 col-sm-12">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['relart']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php
// Related articles
foreach ($related_articles as $id => $subject)
{
echo '<span class="glyphicon glyphicon-file" style="font-size: 16px;"></span> <a href="knowledgebase_private.php?article='.$id.'">'.$subject.'</a><br />';
}
?>
</div>
</div>
</div>
<?php } ?>
</div>
<?php
if (!isset($_GET['back']))
{
?>
<p><br /><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>&nbsp;<?php echo $hesklang['back']; ?></a></p>
<?php
}
?>
</section>
<?php
} // END hesk_show_kb_article() } // END hesk_show_kb_article()
@ -370,148 +403,151 @@ function hesk_show_kb_category($catid, $is_search = 0) {
{ {
/* Print header */ /* Print header */
hesk_kb_header($hesk_settings['kb_link'], $catid); hesk_kb_header($hesk_settings['kb_link'], $catid);
if ($catid == 1)
{
echo $hesklang['priv'];
}
} }
$res = hesk_dbQuery("SELECT `name`,`parent` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."' LIMIT 1"); $res = hesk_dbQuery("SELECT `name`,`parent` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."' LIMIT 1");
$thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']); $thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']);
if ($thiscat['parent']) ?>
{ <section class="content">
$link = ($thiscat['parent'] == 1) ? 'knowledgebase_private.php' : 'knowledgebase_private.php?category='.$thiscat['parent']; <?php if ($thiscat['parent']): ?>
echo '<h3>'.$hesklang['kb_cat'].': '.$thiscat['name'].'</h3> <h3><?php echo $hesklang['kb_cat'].': '.$thiscat['name']; ?></h3>
<p align="left"><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>'.$hesklang['back'].'</a></p> <p align="left"><a href="javascript:history.go(-1)">
<div class="footerWithBorder blankSpace"></div>'; <span class="glyphicon glyphicon-circle-arrow-left"></span>
} <?php echo $hesklang['back']; ?>
</a></p>
$result = hesk_dbQuery("SELECT `id`,`name`,`articles`,`type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='".intval($catid)."' ORDER BY `parent` ASC, `cat_order` ASC");
if (hesk_dbNumRows($result) > 0)
{
?>
<h4><?php echo $hesklang['kb_cat_sub']; ?></h4>
<div class="footerWithBorder blankSpace"></div>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table border="0" cellspacing="1" cellpadding="3" width="100%">
<?php <?php
$per_col = $hesk_settings['kb_cols']; endif;
$i = 1;
while ($cat = hesk_dbFetchAssoc($result))
{
if ($i == 1)
{
echo '<tr>';
}
$private = ($cat['type'] == 1) ? ' *' : ''; $result = hesk_dbQuery("SELECT `id`,`name`,`articles`,`type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='".intval($catid)."' ORDER BY `parent` ASC, `cat_order` ASC");
echo ' if (hesk_dbNumRows($result) > 0) {
?>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['kb_cat_sub']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<table class="table table-striped">
<?php
$per_col = $hesk_settings['kb_cols'];
$i = 1;
while ($cat = hesk_dbFetchAssoc($result))
{
if ($i == 1)
{
echo '<tr>';
}
$private = ($cat['type'] == 1) ? ' *' : '';
echo '
<td width="50%" valign="top"> <td width="50%" valign="top">
<table border="0"> <table border="0">
<tr><td><span class="glyphicon glyphicon-folder-close"></span>&nbsp;<a href="knowledgebase_private.php?category='.$cat['id'].'">'.$cat['name'].'</a>'.$private.'</td></tr> <tr><td><span class="glyphicon glyphicon-folder-close"></span>&nbsp;<a href="knowledgebase_private.php?category='.$cat['id'].'">'.$cat['name'].'</a>'.$private.'</td></tr>
'; ';
/* Print most popular/sticky articles */ /* Print most popular/sticky articles */
if ($hesk_settings['kb_numshow'] && $cat['articles']) if ($hesk_settings['kb_numshow'] && $cat['articles'])
{ {
$res = hesk_dbQuery("SELECT `id`,`subject`,`type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($cat['id'])."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `views` DESC, `art_order` ASC LIMIT " . (intval($hesk_settings['kb_numshow']) + 1) ); $res = hesk_dbQuery("SELECT `id`,`subject`,`type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($cat['id'])."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `views` DESC, `art_order` ASC LIMIT " . (intval($hesk_settings['kb_numshow']) + 1) );
$num = 1; $num = 1;
while ($art = hesk_dbFetchAssoc($res)) while ($art = hesk_dbFetchAssoc($res))
{ {
$private = ($art['type'] == 1) ? ' *' : ''; $private = ($art['type'] == 1) ? ' *' : '';
echo ' echo '
<tr> <tr>
<td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="glyphicon glyphicon-file"></span> <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="glyphicon glyphicon-file"></span>
<a href="knowledgebase_private.php?article='.$art['id'].'" class="article">'.$art['subject'].'</a>'.$private.'</td> <a href="knowledgebase_private.php?article='.$art['id'].'" class="article">'.$art['subject'].'</a>'.$private.'</td>
</tr>'; </tr>';
if ($num == $hesk_settings['kb_numshow']) if ($num == $hesk_settings['kb_numshow'])
{ {
break; break;
} }
else else
{ {
$num++; $num++;
} }
} }
if (hesk_dbNumRows($res) > $hesk_settings['kb_numshow']) if (hesk_dbNumRows($res) > $hesk_settings['kb_numshow'])
{ {
echo '<tr><td>&raquo; <a href="knowledgebase_private.php?category='.$cat['id'].'"><i>'.$hesklang['m'].'</i></a></td></tr>'; echo '<tr><td>&raquo; <a href="knowledgebase_private.php?category='.$cat['id'].'"><i>'.$hesklang['m'].'</i></a></td></tr>';
} }
} }
echo ' echo '
</table> </table>
</td> </td>
'; ';
if ($i == $per_col) if ($i == $per_col)
{ {
echo '</tr>'; echo '</tr>';
$i = 0; $i = 0;
} }
$i++; $i++;
} }
/* Finish the table if needed */ /* Finish the table if needed */
if ($i != 1) if ($i != 1)
{ {
for ($j=1;$j<=$per_col;$j++) for ($j=1;$j<=$per_col;$j++)
{ {
echo '<td width="50%">&nbsp;</td>'; echo '<td width="50%">&nbsp;</td>';
if ($i == $per_col) if ($i == $per_col)
{ {
echo '</tr>'; echo '</tr>';
break; break;
} }
$i++; $i++;
} }
} }
?> ?>
</table> </table>
</div>
</td> <div class="box-footer">
</tr> <?php echo $hesklang['private_category_star']; ?>
</table> </div>
</div>
<?php <?php } ?>
} // END if NumRows > 0 <div class="box">
?> <div class="box-header with-border">
<br> <h1 class="box-title">
<h4><?php echo $hesklang['ac']; ?></h4> <?php echo $hesklang['ac']; ?>
<div class="footerWithBorder blankSpace"></div> </h1>
<div class="box-tools pull-right">
<table width="100%" border="0" cellspacing="0" cellpadding="0"> <button type="button" class="btn btn-box-tool" data-widget="collapse">
<tr> <i class="fa fa-minus"></i>
<td> </button>
</div>
<?php </div>
$res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, ".max(200, $hesk_settings['kb_substrart'] * 2).") AS `content`, `rating`, `type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($catid)."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `art_order` ASC"); <div class="box-body">
if (hesk_dbNumRows($res) == 0) <?php
{ $res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, ".max(200, $hesk_settings['kb_substrart'] * 2).") AS `content`, `rating`, `type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($catid)."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `art_order` ASC");
echo '<p><i>'.$hesklang['noac'].'</i></p>'; if (hesk_dbNumRows($res) == 0)
} {
else echo '<i>'.$hesklang['noac'].'</i>';
{ }
echo '<div align="center"><table border="0" cellspacing="1" cellpadding="3" width="100%">'; else
while ($article = hesk_dbFetchAssoc($res)) {
{ echo '<table border="0" cellspacing="1" cellpadding="3" width="100%">';
$private = ($article['type'] == 1) ? ' *' : ''; while ($article = hesk_dbFetchAssoc($res))
{
$private = ($article['type'] == 1) ? ' *' : '';
$txt = hesk_kbArticleContentPreview($article['content']); $txt = hesk_kbArticleContentPreview($article['content']);
echo ' echo '
<tr> <tr>
<td> <td>
<table border="0" width="100%" cellspacing="0" cellpadding="1"> <table border="0" width="100%" cellspacing="0" cellpadding="1">
@ -528,14 +564,16 @@ function hesk_show_kb_category($catid, $is_search = 0) {
</table> </table>
</td> </td>
</tr>'; </tr>';
} }
echo '</table></div>'; echo '</table>';
} }
?> ?>
</div>
</td> <div class="box-footer">
</tr> <?php echo $hesklang['private_article_star']; ?>
</table> </div>
</div>
</section>
<?php <?php
} // END hesk_show_kb_category() } // END hesk_show_kb_category()

42
admin/lock.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -46,6 +29,7 @@ $modsForHesk_settings = mfh_getSettings();
hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets'); hesk_checkPermission('can_reply_tickets');
hesk_checkPermission('can_edit_tickets'); hesk_checkPermission('can_edit_tickets');
hesk_checkPermission('can_resolve');
/* A security check */ /* A security check */
hesk_token_check(); hesk_token_check();
@ -98,7 +82,7 @@ $statusRs = hesk_dbQuery($statusSql);
$statusRow = hesk_dbFetchAssoc($statusRs); $statusRow = hesk_dbFetchAssoc($statusRs);
$statusId = $statusRow['ID']; $statusId = $statusRow['ID'];
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
/* Back to ticket page and show a success message */ /* Back to ticket page and show a success message */
hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS'); hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');

386
admin/mail.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -36,6 +19,7 @@ define('PAGE_TITLE', 'ADMIN_MAIL');
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -124,51 +108,72 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
//--> //-->
</script> </script>
<div class="row move-down-20"> <section class="content">
<div class="col-md-3"> <div class="row">
<div class="panel panel-default"> <div class="col-md-3">
<div class="panel-heading"><?php echo $hesklang['navigation']; ?></div> <div class="box">
<ul class="list-group"> <div class="box-header with-border">
<?php <h1 class="box-title">
/* Print sub-navigation */ <?php echo $hesklang['navigation']; ?>
echo </h1>
'<li class="list-group-item">' . $hesk_settings['mailtmp']['inbox'] . '</li> <div class="box-tools pull-right">
<li class="list-group-item">' . $hesk_settings['mailtmp']['outbox'] . '</li> <button type="button" class="btn btn-box-tool" data-widget="collapse">
<li class="list-group-item">' . $hesk_settings['mailtmp']['new'] . '</li>'; <i class="fa fa-minus"></i>
?> </button>
</ul> </div>
</div>
<div class="box-body">
<ul class="products-list product-list-in-box">
<li class="item">
<?php echo $hesk_settings['mailtmp']['inbox']; ?>
</li>
<li class="item">
<?php echo $hesk_settings['mailtmp']['outbox']; ?>
</li>
<li class="item">
<?php echo $hesk_settings['mailtmp']['new']; ?>
</li>
</ul>
</div>
</div>
</div> </div>
</div> <div class="col-md-9">
<div class="col-md-7"> <?php
<h3><?php echo $hesklang['m_h']; ?></h3> hesk_handle_messages();
/* Show a message? */
<div class="footerWithBorder blankSpace"></div> if ($action == 'read') {
show_message();
<?php }
if (!isset($_SESSION['hide']['list'])):
?>
/* This will handle error, success and notice messages */ <div class="box">
hesk_handle_messages(); <div class="box-header with-border">
<h1 class="box-title">
/* Show a message? */ <?php echo $hesklang['m_h']; ?>
if ($action == 'read') { </h1>
show_message(); <div class="box-tools pull-right">
} <button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
/* Hide list of messages? */ </button>
if (!isset($_SESSION['hide']['list'])) { </div>
mail_list_messages(); </div>
} // END hide list of messages <div class="box-body">
<?php mail_list_messages(); ?>
</div>
</div>
<?php endif; ?>
/* Show new message form */ <?php
show_new_form(); /* Show new message form */
show_new_form();
/* Clean unneeded session variables */ /* Clean unneeded session variables */
hesk_cleanSessionVars('hide'); hesk_cleanSessionVars('hide');
hesk_cleanSessionVars('mail'); hesk_cleanSessionVars('mail');
?> ?>
</div>
</div> </div>
</div> </section>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
exit(); exit();
@ -189,10 +194,10 @@ function mail_delete()
if ($ids) { if ($ids) {
foreach ($ids as $id) { foreach ($ids as $id) {
/* If both correspondents deleted the mail remove it from database, otherwise mark as deleted by this user */ /* If both correspondents deleted the mail remove it from database, otherwise mark as deleted by this user */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `deletedby`='" . intval($_SESSION['id']) . "' WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`=0 LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `deletedby`='" . intval($_SESSION['id']) . "' WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`=0");
if (hesk_dbAffectedRows() != 1) { if (hesk_dbAffectedRows() != 1) {
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`!=0 LIMIT 1"); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`!=0");
} }
} }
@ -214,7 +219,7 @@ function mail_mark_unread()
if ($ids) { if ($ids) {
foreach ($ids as $id) { foreach ($ids as $id) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='0' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='0' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "'");
} }
hesk_process_messages($hesklang['smmu'], 'NOREDIRECT', 'SUCCESS'); hesk_process_messages($hesklang['smmu'], 'NOREDIRECT', 'SUCCESS');
@ -235,7 +240,7 @@ function mail_mark_read()
if ($ids) { if ($ids) {
foreach ($ids as $id) { foreach ($ids as $id) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "'");
} }
hesk_process_messages($hesklang['smmr'], 'NOREDIRECT', 'SUCCESS'); hesk_process_messages($hesklang['smmr'], 'NOREDIRECT', 'SUCCESS');
@ -399,62 +404,66 @@ function show_message()
/* Mark as read */ /* Mark as read */
if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read']) if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read'])
{ {
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` SET `read`='1' WHERE `id`='".intval($id)."' LIMIT 1"); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` SET `read`='1' WHERE `id`='".intval($id)."'");
} }
$pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&amp;id='.$pm[$hesk_settings['mailtmp']['other']].'">'.$admins[$pm[$hesk_settings['mailtmp']['other']]].'</a>' : (($pm['from'] == 9999) ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']); $pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&amp;id='.$pm[$hesk_settings['mailtmp']['other']].'">'.$admins[$pm[$hesk_settings['mailtmp']['other']]].'</a>' : (($pm['from'] == 9999) ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']);
echo $pm['dt'];
$pm['dt'] = hesk_dateToString($pm['dt'],0,1,0,true); $pm['dt'] = hesk_dateToString($pm['dt'],0,1,0,true);
?> ?>
<div class="box">
<table width="100%" border="0" cellspacing="0" cellpadding="0"> <div class="box-header with-border">
<tr> <h1 class="box-title">
<td> <?php echo $hesklang['private_message_header']; ?>
</h1>
<table border="0" cellspacing="0" cellpadding="0" width="100%"> <div class="box-tools pull-right">
<tr> <button type="button" class="btn btn-box-tool" data-widget="collapse">
<td valign="top"> <i class="fa fa-minus"></i>
<table border="0"> </button>
<tr> </div>
<td><b><?php echo $hesk_settings['mailtmp']['m_from']; ?></b></td> </div>
<td><?php echo $pm['name']; ?></td> <div class="box-body">
</tr> <div class="callout callout-info">
<tr> <div class="row">
<td><b><?php echo $hesklang['date']; ?></b></td> <div class="col-md-4 col-sm-6">
<td><?php echo $pm['dt']; ?></td> <b><?php echo $hesk_settings['mailtmp']['m_from']; ?></b>
</tr> <?php echo $pm['name']; ?>
<tr> </div>
<td><b><?php echo $hesklang['m_sub']; ?></b></td> <div class="col-md-4 col-sm-6">
<td><?php echo $pm['subject']; ?></td> <b><?php echo $hesklang['date_colon']; ?></b>
</tr> <?php echo $pm['dt']; ?>
</div>
<div class="col-md-4 col-sm-6">
<b><?php echo $hesklang['m_sub']; ?></b>
<?php echo $pm['subject']; ?>
</div>
</div>
</div>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td class="text-right" style="vertical-align:top;">
</td>
</tr>
</table> </table>
</td> <p><?php echo $pm['message']; ?></p>
<td class="text-right" style="vertical-align:top;"> </div>
<div class="box-footer">
<?php <div class="pull-right">
$folder = '&amp;folder=outbox'; <?php
if ($pm['to'] == $_SESSION['id']) $folder = '&amp;folder=outbox';
{ if ($pm['to'] == $_SESSION['id'])
echo '<a href="mail.php?a=mark_unread&amp;id='.$id.'&amp;token='.hesk_token_echo(0).'"><i class="fa fa-envelope-o font-size-14p"></i></a> '; {
$folder = ''; echo '<a class="btn btn-default" href="mail.php?a=mark_unread&amp;id='.$id.'&amp;token='.hesk_token_echo(0).'"><i class="fa fa-envelope-o icon-link"></i> '.$hesklang['mau'].'</a> ';
} $folder = '';
echo '<a href="mail.php?a=delete&amp;id='.$id.'&amp;token='.hesk_token_echo(0).$folder.'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['delm']).'?\');"><i class="fa fa-times font-size-14p red"></i></a>'; }
?> echo '<a class="btn btn-danger" href="mail.php?a=delete&amp;id='.$id.'&amp;token='.hesk_token_echo(0).$folder.'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['delm']).'?\');"><i class="fa fa-times icon-link"></i> '.$hesklang['delm'].'</a>';
?>
</td> </div>
</tr> </div>
</table> </div>
<p><?php echo $pm['message']; ?></p>
</td>
</tr>
</table>
</div><hr />
<?php <?php
} // END if $num } // END if $num
@ -547,7 +556,7 @@ function mail_list_messages()
<th><input type="checkbox" name="checkall" value="2" onclick="hesk_changeAll(this)"/></th> <th><input type="checkbox" name="checkall" value="2" onclick="hesk_changeAll(this)"/></th>
<th><?php echo $hesklang['m_sub']; ?></th> <th><?php echo $hesklang['m_sub']; ?></th>
<th><?php echo $hesk_settings['mailtmp']['m_from']; ?></th> <th><?php echo $hesk_settings['mailtmp']['m_from']; ?></th>
<th><?php echo $hesklang['date']; ?></th> <th><?php echo $hesklang['date_colon']; ?></th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
@ -620,78 +629,89 @@ function show_new_form()
{ {
global $hesk_settings, $hesklang, $admins; global $hesk_settings, $hesklang, $admins;
?> ?>
<br/>
<form action="mail.php" method="post" name="form2" class="form-horizontal" role="form" data-toggle="validator"> <form action="mail.php" method="post" name="form2" class="form-horizontal" role="form" data-toggle="validator">
<h3><?php echo $hesklang['new_mail']; ?></h3> <div class="box">
<div class="box-header with-border">
<div class="footerWithBorder blankSpace"></div> <h1 class="box-title">
<?php echo $hesklang['new_mail']; ?>
<div class="form-group"> </h1>
<label for="to" class="col-sm-3 control-label"><?php echo $hesklang['m_to']; ?></label> <div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<div class="col-sm-9"> <i class="fa fa-minus"></i>
<select class="form-control" name="to" type="number" </button>
data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>" required> </div>
<option value="" selected="selected"><?php echo $hesklang['select']; ?></option>
<?php
foreach ($admins as $k => $v) {
if ($k != $_SESSION['id']) {
if (isset($_SESSION['mail']) && $k == $_SESSION['mail']['to']) {
echo '<option value="' . $k . '" selected="selected">' . $v . '</option>';
} else {
echo '<option value="' . $k . '">' . $v . '</option>';
}
}
}
?>
</select>
<div class="help-block with-errors"></div>
</div>
</div>
<div class="form-group">
<label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['m_sub']; ?></label>
<div class="col-sm-9">
<input type="text" class="form-control" placeholder="<?php echo htmlspecialchars($hesklang['subject']); ?>"
name="subject" size="40" maxlength="50"
<?php
if (isset($_SESSION['mail']['subject'])) {
echo ' value="' . stripslashes($_SESSION['mail']['subject']) . '" ';
}
?> data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>" required>
<div class="help-block with-errors"></div>
</div> </div>
</div> <div class="box-body">
<div class="form-group"> <div class="form-group">
<label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message']; ?>:</label> <label for="to" class="col-sm-3 control-label"><?php echo $hesklang['m_to']; ?></label>
<div class="col-sm-9">
<select class="form-control" name="to" type="number"
data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>" required>
<option value="" selected="selected"><?php echo $hesklang['select']; ?></option>
<?php
foreach ($admins as $k => $v) {
if ($k != $_SESSION['id']) {
if (isset($_SESSION['mail']) && $k == $_SESSION['mail']['to']) {
echo '<option value="' . $k . '" selected="selected">' . $v . '</option>';
} else {
echo '<option value="' . $k . '">' . $v . '</option>';
}
}
}
?>
</select>
<div class="help-block with-errors"></div>
</div>
</div>
<div class="form-group">
<label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['m_sub']; ?></label>
<div class="col-sm-9">
<input type="text" class="form-control" placeholder="<?php echo htmlspecialchars($hesklang['subject']); ?>"
name="subject" size="40" maxlength="50"
<?php
if (isset($_SESSION['mail']['subject'])) {
echo ' value="' . stripslashes($_SESSION['mail']['subject']) . '" ';
}
?> data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>" required>
<div class="help-block with-errors"></div>
</div>
</div>
<div class="form-group">
<label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message']; ?>:</label>
<div class="col-sm-9"> <div class="col-sm-9">
<textarea name="message" class="form-control" data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>" <textarea name="message" class="form-control" data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>" rows="15" cols="70" required><?php placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>" rows="15" cols="70" required><?php
if (isset($_SESSION['mail']['message'])) { if (isset($_SESSION['mail']['message'])) {
echo stripslashes($_SESSION['mail']['message']); echo stripslashes($_SESSION['mail']['message']);
} }
?></textarea> ?></textarea>
<div class="help-block with-errors"></div> <div class="help-block with-errors"></div>
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<div class="col-sm-9 col-sm-offset-3"> <div class="col-sm-9 col-sm-offset-3">
<div class="checkbox"> <div class="checkbox">
<label> <label>
<input type="checkbox" name="signature" value="1" checked> <input type="checkbox" name="signature" value="1" checked>
<?php echo $hesklang['attach_sign']; ?> <?php echo $hesklang['attach_sign']; ?>
</label> (<a href="profile.php"><?php echo $hesklang['profile_settings']; ?></a>) </label> (<a href="profile.php"><?php echo $hesklang['profile_settings']; ?></a>)
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-9 col-sm-offset-3">
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
<input type="hidden" name="a" value="send"/>
<input type="submit" value="<?php echo $hesklang['m_send']; ?>" class="btn btn-default"/>
</div>
</div> </div>
</div> </div>
</div> </div>
<div class="form-group"> </form>
<div class="col-sm-9 col-sm-offset-3">
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
<input type="hidden" name="a" value="send"/>
<input type="submit" value="<?php echo $hesklang['m_send']; ?>" class="btn btn-default"/>
</div>
</div>
<?php <?php
} // END show_new_form() } // END show_new_form()
?> ?>

443
admin/manage_canned.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -37,6 +20,7 @@ define('PAGE_TITLE', 'ADMIN_CANNED');
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -47,6 +31,9 @@ define('WYSIWYG', 1);
/* Check permissions for this feature */ /* Check permissions for this feature */
hesk_checkPermission('can_man_canned'); hesk_checkPermission('can_man_canned');
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
/* What should we do? */ /* What should we do? */
if ($action = hesk_REQUEST('a')) { if ($action = hesk_REQUEST('a')) {
if (defined('HESK_DEMO')) { if (defined('HESK_DEMO')) {
@ -125,82 +112,89 @@ $i = 1;
$j = 0; $j = 0;
$num = hesk_dbNumRows($result); $num = hesk_dbNumRows($result);
?> ?>
<div class="row move-down-20"> <section class="content">
<div class="col-md-4"> <div class="box">
<div class="panel panel-default"> <div class="box-header with-border">
<div class="panel-heading"><?php echo $hesklang['savedResponses']; ?></div> <h1 class="box-title">
<div class="panel-body"> <?php echo $hesklang['savedResponses']; ?>
<?php if ($num < 1) </h1>
{ <div class="box-tools pull-right">
echo '<p>' . $hesklang['no_saved'] . '</p>'; <button type="button" class="btn btn-box-tool" data-widget="collapse">
} <i class="fa fa-minus"></i>
else </button>
{ ?> </div>
<table class="table table-hover"> </div>
<tr> <div class="box-body">
<th><?php echo $hesklang['saved_title']; ?></th> <?php if ($num < 1)
<th><?php echo $hesklang['opt']; ?></th> {
</tr> echo '<p>' . $hesklang['no_saved'] . '</p>';
<?php }
else
while ($mysaved = hesk_dbFetchAssoc($result)) { { ?>
$j++; <table class="table table-hover">
<tr>
if (isset($_SESSION['canned']['selcat2']) && $mysaved['id'] == $_SESSION['canned']['selcat2']) { <th><?php echo $hesklang['saved_title']; ?></th>
$color = 'admin_green'; <th><?php echo $hesklang['opt']; ?></th>
unset($_SESSION['canned']['selcat2']); </tr>
} else { <?php
$color = $i ? 'admin_white' : 'admin_gray';
} while ($mysaved = hesk_dbFetchAssoc($result)) {
$j++;
if (isset($_SESSION['canned']['selcat2']) && $mysaved['id'] == $_SESSION['canned']['selcat2']) {
$color = 'admin_green';
unset($_SESSION['canned']['selcat2']);
} else {
$color = $i ? 'admin_white' : 'admin_gray';
}
$tmp = $i ? 'White' : 'Blue'; $tmp = $i ? 'White' : 'Blue';
$style = 'class="option' . $tmp . 'OFF" onmouseover="this.className=\'option' . $tmp . 'ON\'" onmouseout="this.className=\'option' . $tmp . 'OFF\'"'; $style = 'class="option' . $tmp . 'OFF" onmouseover="this.className=\'option' . $tmp . 'ON\'" onmouseout="this.className=\'option' . $tmp . 'OFF\'"';
$i = $i ? 0 : 1; $i = $i ? 0 : 1;
$options .= '<option value="' . $mysaved['id'] . '"'; $options .= '<option value="' . $mysaved['id'] . '"';
$options .= (isset($_SESSION['canned']['id']) && $_SESSION['canned']['id'] == $mysaved['id']) ? ' selected="selected" ' : ''; $options .= (isset($_SESSION['canned']['id']) && $_SESSION['canned']['id'] == $mysaved['id']) ? ' selected="selected" ' : '';
$options .= '>' . $mysaved['title'] . '</option>'; $options .= '>' . $mysaved['title'] . '</option>';
$javascript_titles .= 'myTitle[' . $mysaved['id'] . ']=\'' . addslashes($mysaved['title']) . "';\n"; $javascript_titles .= 'myTitle[' . $mysaved['id'] . ']=\'' . addslashes($mysaved['title']) . "';\n";
if ($modsForHesk_settings['rich_text_for_tickets']) { if ($modsForHesk_settings['rich_text_for_tickets']) {
$theMessage = hesk_html_entity_decode($mysaved['message']); $theMessage = hesk_html_entity_decode($mysaved['message']);
$theMessage = addslashes($theMessage); $theMessage = addslashes($theMessage);
$javascript_messages .= 'myMsgTxt[' . $mysaved['id'] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", $theMessage) . "';\n"; $javascript_messages .= 'myMsgTxt[' . $mysaved['id'] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", $theMessage) . "';\n";
} else { } else {
$javascript_messages .= 'myMsgTxt[' . $mysaved['id'] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved['message'])) . "';\n"; $javascript_messages .= 'myMsgTxt[' . $mysaved['id'] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved['message'])) . "';\n";
} }
echo ' echo '
<tr> <tr>
<td>' . $mysaved['title'] . '</td> <td>' . $mysaved['title'] . '</td>
<td> <td>
'; ';
if ($num > 1) { if ($num > 1) {
if ($j == 1) { if ($j == 1) {
echo '<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" /> <a href="manage_canned.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_dn'] . '"></i></a>'; echo '<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" /> <a href="manage_canned.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_dn'] . '"></i></a>';
} elseif ($j == $num) { } elseif ($j == $num) {
echo '<a href="manage_canned.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_up'] . '"></i></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />'; echo '<a href="manage_canned.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_up'] . '"></i></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
} else { } else {
echo ' echo '
<a href="manage_canned.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_up'] . '"></i></a> <a href="manage_canned.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_up'] . '"></i></a>
<a href="manage_canned.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_dn'] . '"></i></a> <a href="manage_canned.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_dn'] . '"></i></a>
'; ';
}
} else {
echo '';
} }
} else {
echo '';
}
echo ' echo '
<a href="manage_canned.php?a=remove&amp;id=' . $mysaved['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();"><i class="fa fa-times icon-link red" data-toggle="tooltip" data-placement="top" title="' . $hesklang['delete'] . '"></i></a>&nbsp;</td> <a href="manage_canned.php?a=remove&amp;id=' . $mysaved['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();"><i class="fa fa-times icon-link red" data-toggle="tooltip" data-placement="top" title="' . $hesklang['delete'] . '"></i></a>&nbsp;</td>
</tr> </tr>
'; ';
} // End while } // End while
} }
?> ?>
</table> </table>
</div>
</div> </div>
</div> </div>
<?php if ($modsForHesk_settings['rich_text_for_tickets']): ?> <?php if ($modsForHesk_settings['rich_text_for_tickets']): ?>
@ -225,117 +219,123 @@ $num = hesk_dbNumRows($result);
/* ]]> */ /* ]]> */
</script> </script>
<?php endif; ?> <?php endif; ?>
<div class="col-md-8"> <div class="box">
<script language="javascript" type="text/javascript"><!-- <div class="box-header with-border">
// --> <h1 class="box-title">
var myMsgTxt = new Array(); <?php echo $hesklang['manage_saved']; ?> <a href="javascript:void(0)"
var myTitle = new Array(); onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['manage_intro']); ?>')"><i
myMsgTxt[0] = ''; class="fa fa-question-circle settingsquestionmark"></i></a>
myTitle[0] = ''; </h1>
<div class="box-tools pull-right">
<?php <button type="button" class="btn btn-box-tool" data-widget="collapse">
echo $javascript_titles; <i class="fa fa-minus"></i>
echo $javascript_messages; </button>
?> </div>
</div>
function setMessage(msgid) { <div class="box-body">
var useHtmlEditor = <?php echo $modsForHesk_settings['rich_text_for_tickets']; ?>; <script language="javascript" type="text/javascript"><!--
var myMsg = myMsgTxt[msgid]; // -->
var mySubject = myTitle[msgid]; var myMsgTxt = new Array();
var myTitle = new Array();
if (myMsg == '') { myMsgTxt[0] = '';
if (useHtmlEditor) { myTitle[0] = '';
tinymce.get("message").setContent('');
tinymce.get("message").execCommand('mceInsertRawHTML', false, ''); <?php
echo $javascript_titles;
echo $javascript_messages;
?>
function setMessage(msgid) {
var useHtmlEditor = <?php echo $modsForHesk_settings['rich_text_for_tickets']; ?>;
var myMsg = myMsgTxt[msgid];
var mySubject = myTitle[msgid];
if (myMsg == '') {
if (useHtmlEditor) {
tinymce.get("message").setContent('');
tinymce.get("message").execCommand('mceInsertRawHTML', false, '');
}
else {
$('#message').val('');
}
$('#subject').val('');
return true;
}
if (document.getElementById) {
if (useHtmlEditor) {
tinymce.get("message").setContent('');
tinymce.get("message").execCommand('mceInsertRawHTML', false, myMsg);
} else {
myMsg = $('<textarea />').html(myMsg).text();
$('#message').val(myMsg).trigger('input');
}
mySubject = $('<textarea />').html(mySubject).text();
$('#subject').val(mySubject).trigger('input');
} }
else { else {
$('#message').val(''); document.form1.message.value = myMsg;
document.form1.subject.value = mySubject;
} }
$('#subject').val('');
return true; if (msgid == 0) {
} document.form1.a[0].checked = true;
if (document.getElementById) {
if (useHtmlEditor) {
tinymce.get("message").setContent('');
tinymce.get("message").execCommand('mceInsertRawHTML', false, myMsg);
} else { } else {
myMsg = $('<textarea />').html(myMsg).text(); document.form1.a[1].checked = true;
$('#message').val(myMsg).trigger('input');
} }
mySubject = $('<textarea />').html(mySubject).text();
$('#subject').val(mySubject).trigger('input');
}
else {
document.form1.message.value = myMsg;
document.form1.subject.value = mySubject;
}
if (msgid == 0) {
document.form1.a[0].checked = true;
} else {
document.form1.a[1].checked = true;
} }
//-->
</script>
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<?php
$onsubmit = '';
if ($modsForHesk_settings['rich_text_for_tickets']) {
$onsubmit = 'onsubmit="return validateRichText(\'message-help-block\', \'message-group\', \'message\', \''.htmlspecialchars($hesklang['this_field_is_required']).'\')"';
} }
//--> ?>
</script> <form action="manage_canned.php" method="post" name="form1" class="form-horizontal" role="form" data-toggle="validator" <?php echo $onsubmit; ?>>
<?php <div class="form-group">
/* This will handle error, success and notice messages */ <div class="col-sm-12">
hesk_handle_messages(); <?php
?> if ($num > 0) {
<h3><?php echo $hesklang['manage_saved']; ?> <a href="javascript:void(0)" ?>
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['manage_intro']); ?>')"><i <div class="row">
class="fa fa-question-circle settingsquestionmark"></i></a></h3> <div class="col-sm-12">
<div class="radio">
<div class="footerWithBorder blankSpace"></div> <label><input type="radio" name="a"
value="new" <?php echo (!isset($_SESSION['canned']['what']) || $_SESSION['canned']['what'] != 'EDIT') ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['canned_add']; ?>
<?php </label>
$onsubmit = ''; </div>
if ($modsForHesk_settings['rich_text_for_tickets']) {
$onsubmit = 'onsubmit="return validateRichText(\'message-help-block\', \'message-group\', \'message\', \''.htmlspecialchars($hesklang['this_field_is_required']).'\')"';
}
?>
<form action="manage_canned.php" method="post" name="form1" class="form-horizontal" role="form" data-toggle="validator" <?php echo $onsubmit; ?>>
<h3><?php echo $hesklang['new_saved']; ?></h3>
<div class="footerWithBorder blankSpace"></div>
<div class="form-group">
<div class="col-sm-12">
<?php
if ($num > 0) {
?>
<div class="col-sm-12">
<div class="radio">
<label><input type="radio" name="a"
value="new" <?php echo (!isset($_SESSION['canned']['what']) || $_SESSION['canned']['what'] != 'EDIT') ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['canned_add']; ?>
</label>
</div>
</div>
<div class="row">
<div class="col-sm-6">
<div class="radio">
<label><input type="radio" name="a"
value="edit" <?php echo (isset($_SESSION['canned']['what']) && $_SESSION['canned']['what'] == 'EDIT') ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['canned_edit']; ?>
</label>:
</div> </div>
</div> </div>
<div class="col-sm-6"> <div class="row">
<select class="form-control" name="saved_replies" onchange="setMessage(this.value)"> <div class="col-sm-6">
<option value="0"> - <?php echo $hesklang['select_empty']; ?>- <div class="radio">
</option><?php echo $options; ?></select> <label><input type="radio" name="a"
value="edit" <?php echo (isset($_SESSION['canned']['what']) && $_SESSION['canned']['what'] == 'EDIT') ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['canned_edit']; ?>
</label>:
</div>
</div>
<div class="col-sm-6">
<select class="form-control" name="saved_replies" onchange="setMessage(this.value)">
<option value="0"> - <?php echo $hesklang['select_empty']; ?>-
</option><?php echo $options; ?></select>
</div>
</div> </div>
</div> <?php
<?php } else {
} else { echo '<input type="hidden" name="a" value="new" /><label> ' . $hesklang['canned_add'] . '</label>';
echo '<input type="hidden" name="a" value="new" /><label> ' . $hesklang['canned_add'] . '</label>'; }
} ?>
?> </div>
</div> </div>
</div> <div class="form-group">
<div class="form-group"> <label for="name" class="col-sm-2 control-label"><?php echo $hesklang['saved_title']; ?></label>
<label for="name" class="col-sm-2 control-label"><?php echo $hesklang['saved_title']; ?></label>
<div class="col-sm-10"> <div class="col-sm-10">
<span id="HeskTitle"><input id="subject" class="form-control" <span id="HeskTitle"><input id="subject" class="form-control"
placeholder="<?php echo htmlspecialchars($hesklang['saved_title']); ?>" placeholder="<?php echo htmlspecialchars($hesklang['saved_title']); ?>"
type="text" name="name" size="40" type="text" name="name" size="40"
@ -343,13 +343,13 @@ $num = hesk_dbNumRows($result);
maxlength="50" <?php if (isset($_SESSION['canned']['name'])) { maxlength="50" <?php if (isset($_SESSION['canned']['name'])) {
echo ' value="' . stripslashes($_SESSION['canned']['name']) . '" '; echo ' value="' . stripslashes($_SESSION['canned']['name']) . '" ';
} ?> required></span> } ?> required></span>
<div class="help-block with-errors"></div> <div class="help-block with-errors"></div>
</div>
</div> </div>
</div> <div class="form-group" id="message-group">
<div class="form-group" id="message-group"> <label for="msg" class="col-sm-2 control-label"><?php echo $hesklang['message']; ?></label>
<label for="msg" class="col-sm-2 control-label"><?php echo $hesklang['message']; ?></label>
<div class="col-sm-10"> <div class="col-sm-10">
<span id="HeskMsg"> <span id="HeskMsg">
<textarea id="message" class="htmlEditor form-control" <textarea id="message" class="htmlEditor form-control"
placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>" name="msg" placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>" name="msg"
@ -360,38 +360,39 @@ $num = hesk_dbNumRows($result);
} }
?></textarea> ?></textarea>
</span> </span>
<div class="help-block with-errors" id="message-help-block"></div> <div class="help-block with-errors" id="message-help-block"></div>
<?php echo $hesklang['insert_special']; ?>: <?php echo $hesklang['insert_special']; ?>:
<a href="javascript:void(0)" <a href="javascript:void(0)"
onclick="hesk_insertTag('HESK_ID')"><?php echo $hesklang['seqid']; ?></a> | onclick="hesk_insertTag('HESK_ID')"><?php echo $hesklang['seqid']; ?></a> |
<a href="javascript:void(0)" <a href="javascript:void(0)"
onclick="hesk_insertTag('HESK_TRACK_ID')"><?php echo $hesklang['trackID']; ?></a> | onclick="hesk_insertTag('HESK_TRACK_ID')"><?php echo $hesklang['trackID']; ?></a> |
<a href="javascript:void(0)" <a href="javascript:void(0)"
onclick="hesk_insertTag('HESK_NAME')"><?php echo $hesklang['name']; ?></a> | onclick="hesk_insertTag('HESK_NAME')"><?php echo $hesklang['name']; ?></a> |
<a href="javascript:void(0)" <a href="javascript:void(0)"
onclick="hesk_insertTag('HESK_EMAIL')"><?php echo $hesklang['email']; ?></a> | onclick="hesk_insertTag('HESK_EMAIL')"><?php echo $hesklang['email']; ?></a> |
<a href="javascript:void(0)" <a href="javascript:void(0)"
onclick="hesk_insertTag('HESK_OWNER')"><?php echo $hesklang['owner']; ?></a> onclick="hesk_insertTag('HESK_OWNER')"><?php echo $hesklang['owner']; ?></a>
<?php <?php
foreach ($hesk_settings['custom_fields'] as $k => $v) { foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) { if ($v['use']) {
if ($modsForHesk_settings['custom_field_setting']) { if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']]; $v['name'] = $hesklang[$v['name']];
} }
echo '| <a href="javascript:void(0)" onclick="hesk_insertTag(\'HESK_' . $k . '\')">' . $v['name'] . '</a> '; echo '| <a href="javascript:void(0)" onclick="hesk_insertTag(\'HESK_' . $k . '\')">' . $v['name'] . '</a> ';
}
} }
} ?>
?> </div>
</div> </div>
</div> <div class="form-group text-center">
<div class="form-group text-center"> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/> <input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default"/>
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default"/> </div>
</div> </form>
</form> </div>
</div> </div>
</div> </section>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
@ -427,7 +428,7 @@ function edit_saved()
hesk_process_messages($hesk_error_buffer, 'manage_canned.php?saved_replies=' . $id); hesk_process_messages($hesk_error_buffer, 'manage_canned.php?saved_replies=' . $id);
} }
$result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "' LIMIT 1"); $result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "'");
unset($_SESSION['canned']['what']); unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['id']); unset($_SESSION['canned']['id']);
@ -486,7 +487,7 @@ function remove()
$mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']); $mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']);
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` WHERE `id`='" . intval($mysaved) . "' LIMIT 1"); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` WHERE `id`='" . intval($mysaved) . "'");
if (hesk_dbAffectedRows() != 1) { if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[reply_not_found]."); hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");
} }
@ -507,7 +508,7 @@ function order_saved()
$reply_move = intval(hesk_GET('move')); $reply_move = intval(hesk_GET('move'));
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=`reply_order`+" . intval($reply_move) . " WHERE `id`='" . intval($replyid) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=`reply_order`+" . intval($reply_move) . " WHERE `id`='" . intval($replyid) . "'");
if (hesk_dbAffectedRows() != 1) { if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[reply_not_found]."); hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");
} }
@ -517,7 +518,7 @@ function order_saved()
$i = 10; $i = 10;
while ($myreply = hesk_dbFetchAssoc($result)) { while ($myreply = hesk_dbFetchAssoc($result)) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=" . intval($i) . " WHERE `id`='" . intval($myreply['id']) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=" . intval($i) . " WHERE `id`='" . intval($myreply['id']) . "'");
$i += 10; $i += 10;
} }

462
admin/manage_categories.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -37,6 +20,7 @@ define('PAGE_TITLE', 'ADMIN_CATEGORIES');
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -49,9 +33,9 @@ hesk_checkPermission('can_man_cat');
// Possible priorities // Possible priorities
$priorities = array( $priorities = array(
3 => array('value' => 3, 'text' => $hesklang['low'], 'formatted' => $hesklang['low']), 3 => array('value' => 3, 'text' => $hesklang['low'], 'formatted' => $hesklang['low']),
2 => array('value' => 2, 'text' => $hesklang['medium'], 'formatted' => '<font class="medium">' . $hesklang['medium'] . '</font>'), 2 => array('value' => 2, 'text' => $hesklang['medium'], 'formatted' => '<span class="medium">' . $hesklang['medium'] . '</span>'),
1 => array('value' => 1, 'text' => $hesklang['high'], 'formatted' => '<font class="important">' . $hesklang['high'] . '</font>'), 1 => array('value' => 1, 'text' => $hesklang['high'], 'formatted' => '<span class="important">' . $hesklang['high'] . '</span>'),
0 => array('value' => 0, 'text' => $hesklang['critical'], 'formatted' => '<font class="critical">' . $hesklang['critical'] . '</font>'), 0 => array('value' => 0, 'text' => $hesklang['critical'], 'formatted' => '<span class="critical">' . $hesklang['critical'] . '</span>'),
); );
/* What should we do? */ /* What should we do? */
@ -106,221 +90,232 @@ while ($mycat = hesk_dbFetchAssoc($res)) {
$options .= '>' . $mycat['name'] . '</option>'; $options .= '>' . $mycat['name'] . '</option>';
} }
?> ?>
<div class="row move-down-20"> <section class="content">
<div align="left" class="col-md-4"> <div class="box collapsed-box">
<div class="panel panel-default"> <div class="box-header with-border">
<div class="panel-heading"> <h1 class="box-title">
<?php echo $hesklang['add_cat']; ?> <?php echo $hesklang['add_cat']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-plus"></i>
</button>
</div> </div>
<div class="panel-body"> </div>
<form action="manage_categories.php" method="post" role="form" class="form-horizontal" data-toggle="validator"> <div class="box-body">
<div class="form-group"> <form action="manage_categories.php" method="post" role="form" class="form-horizontal" data-toggle="validator">
<p class="col-sm-4 control-label" style="font-size: .87em"> <div class="form-group">
<b><?php echo $hesklang['cat_name']; ?></b> (<?php echo $hesklang['max_chars']; ?>)</p> <p class="col-sm-4 control-label" style="font-size: .87em">
<b><?php echo $hesklang['cat_name']; ?></b> (<?php echo $hesklang['max_chars']; ?>)</p>
<div class="col-sm-8">
<input class="form-control" <div class="col-sm-8">
placeholder="<?php echo htmlspecialchars($hesklang['cat_name']); ?>" type="text" <input class="form-control"
name="name" size="40" maxlength="40" placeholder="<?php echo htmlspecialchars($hesklang['cat_name']); ?>" type="text"
<?php name="name" size="40" maxlength="40"
if (isset($_SESSION['catname'])) { <?php
echo ' value="' . hesk_input($_SESSION['catname']) . '" '; if (isset($_SESSION['catname'])) {
} echo ' value="' . hesk_input($_SESSION['catname']) . '" ';
?> }
data-error="<?php echo htmlspecialchars($hesklang['enter_cat_name']); ?>" ?>
required> data-error="<?php echo htmlspecialchars($hesklang['enter_cat_name']); ?>"
<div class="help-block with-errors"></div> required>
</div> <div class="help-block with-errors"></div>
</div> </div>
<div class="form-group"> </div>
<label for="priority" class="col-sm-4 control-label" <div class="form-group">
style="font-size: .87em"><?php echo $hesklang['def_pri']; ?> <a href="#" <label for="priority" class="col-sm-4 control-label"
onclick="alert('<?php echo hesk_makeJsString($hesklang['cat_pri']); ?>')"><i style="font-size: .87em"><?php echo $hesklang['def_pri']; ?> <a href="#"
class="fa fa-question-circle settingsquestionmark"></i> </a> </label> onclick="alert('<?php echo hesk_makeJsString($hesklang['cat_pri']); ?>')"><i
class="fa fa-question-circle settingsquestionmark"></i> </a> </label>
<div class="col-sm-8">
<select name="priority" class="form-control"> <div class="col-sm-8">
<?php <select name="priority" class="form-control">
// Default priority: low <?php
if (!isset($_SESSION['cat_priority'])) { // Default priority: low
$_SESSION['cat_priority'] = 3; if (!isset($_SESSION['cat_priority'])) {
} $_SESSION['cat_priority'] = 3;
}
// List possible priorities
foreach ($priorities as $value => $info) { // List possible priorities
echo '<option value="' . $value . '"' . ($_SESSION['cat_priority'] == $value ? ' selected="selected"' : '') . '>' . $info['text'] . '</option>'; foreach ($priorities as $value => $info) {
} echo '<option value="' . $value . '"' . ($_SESSION['cat_priority'] == $value ? ' selected="selected"' : '') . '>' . $info['text'] . '</option>';
?> }
</select></p> ?>
</select>
</div>
</div> </div>
<div class="form-group"> </div>
<label for="color" class="col-sm-4 control-label"> <div class="form-group">
<?php echo $hesklang['category_color']; ?> <label for="color" class="col-sm-4 control-label">
<i class="fa fa-question-circle settingsquestionmark" data-toggle="popover" <?php echo $hesklang['category_color']; ?>
title="<?php echo htmlspecialchars($hesklang['category_color']); ?>" <i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
data-content="<?php echo htmlspecialchars($hesklang['category_color_help']); ?>"></i> title="<?php echo htmlspecialchars($hesklang['category_color']); ?>"
</label> data-content="<?php echo htmlspecialchars($hesklang['category_color_help']); ?>"></i>
<div class="col-sm-8"> </label>
<input class="form-control colorpicker-trigger" <div class="col-sm-8">
placeholder="<?php echo htmlspecialchars($hesklang['category_color']); ?>" type="text" <input class="form-control colorpicker-trigger"
name="color" maxlength="7"> placeholder="<?php echo htmlspecialchars($hesklang['category_color']); ?>" type="text"
</div> name="color" maxlength="7">
</div> </div>
<div class="form-group"> </div>
<label for="usage" class="col-sm-4 control-label"><?php echo $hesklang['usage']; ?></label> <div class="form-group">
<div class="col-sm-8"> <label for="usage" class="col-sm-4 control-label"><?php echo $hesklang['usage']; ?></label>
<select name="usage" class="form-control"> <div class="col-sm-8">
<option value="0"><?php echo $hesklang['tickets_and_events']; ?></option> <select name="usage" class="form-control">
<option value="1"><?php echo $hesklang['tickets_only']; ?></option> <option value="0"><?php echo $hesklang['tickets_and_events']; ?></option>
<option value="2"><?php echo $hesklang['events_only']; ?></option> <option value="1"><?php echo $hesklang['tickets_only']; ?></option>
</select> <option value="2"><?php echo $hesklang['events_only']; ?></option>
</div> </select>
</div> </div>
<div class="form-group"> </div>
<label for="options" class="col-sm-4 control-label"><?php echo $hesklang['opt']; ?></label> <div class="form-group">
<label for="options" class="col-sm-4 control-label"><?php echo $hesklang['opt']; ?></label>
<div class="col-sm-8"> <div class="col-sm-8">
<?php <?php
if ($hesk_settings['autoassign']) { if ($hesk_settings['autoassign']) {
?>
<div class="checkbox">
<label><input type="checkbox" name="autoassign"
value="Y" <?php if (!isset($_SESSION['cat_autoassign']) || $_SESSION['cat_autoassign'] == 1) {
echo 'checked="checked"';
} ?> /> <?php echo $hesklang['cat_aa']; ?></label><br/>
</div>
<?php
}
?> ?>
<div class="checkbox"> <div class="checkbox">
<label><input type="checkbox" name="type" <label><input type="checkbox" name="autoassign"
value="Y" <?php if (isset($_SESSION['cat_type']) && $_SESSION['cat_type'] == 1) { value="Y" <?php if (!isset($_SESSION['cat_autoassign']) || $_SESSION['cat_autoassign'] == 1) {
echo 'checked="checked"'; echo 'checked="checked"';
} ?> /> <?php echo $hesklang['cat_type']; ?></label> } ?> /> <?php echo $hesklang['cat_aa']; ?></label><br/>
</div> </div>
<?php
}
?>
<div class="checkbox">
<label><input type="checkbox" name="type"
value="Y" <?php if (isset($_SESSION['cat_type']) && $_SESSION['cat_type'] == 1) {
echo 'checked="checked"';
} ?> /> <?php echo $hesklang['cat_type']; ?></label>
</div> </div>
</div> </div>
<div class="form-group text-center"> </div>
<input type="hidden" name="a" value="new"/> <div class="form-group text-center">
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/> <input type="hidden" name="a" value="new"/>
<input type="submit" value="<?php echo $hesklang['create_cat']; ?>" class="btn btn-default"/> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
</div> <input type="submit" value="<?php echo $hesklang['create_cat']; ?>" class="btn btn-default"/>
</form> </div>
</div> </form>
</div> </div>
</div> </div>
<div class="col-md-8"> <div class="box">
<div class="panel panel-default"> <div class="box-header with-border">
<div class="panel-heading"> <h1 class="box-title">
<?php echo $hesklang['manage_cat']; ?> <a href="javascript:void(0)" <?php echo $hesklang['manage_cat']; ?> <a href="javascript:void(0)"
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['cat_intro']); ?>')"><i onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['cat_intro']); ?>')"><i
class="fa fa-question-circle settingsquestionmark"></i></a> class="fa fa-question-circle settingsquestionmark"></i></a>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div> </div>
<div class="panel-body"> </div>
<?php <div class="box-body">
/* This will handle error, success and notice messages */ <?php
hesk_handle_messages(); /* This will handle error, success and notice messages */
hesk_handle_messages();
if ($hesk_settings['cust_urgency']) { if ($hesk_settings['cust_urgency']) {
hesk_show_notice($hesklang['cat_pri_info'] . ' ' . $hesklang['cpri']); hesk_show_notice($hesklang['cat_pri_info'] . ' ' . $hesklang['cpri']);
}
?>
<table class="table table-hover">
<tr>
<th style="display: none"><?php echo $hesklang['id']; ?></th>
<th><?php echo $hesklang['cat_name']; ?></th>
<th><?php echo $hesklang['priority']; ?></th>
<th><?php echo $hesklang['not']; ?></th>
<th><?php echo $hesklang['graph']; ?></th>
<th><?php echo $hesklang['usage']; ?></th>
<th><?php echo $hesklang['manager']; ?></th>
<th><?php echo $hesklang['opt']; ?></th>
</tr>
<?php
/* Get number of tickets per category */
$tickets_all = array();
$tickets_total = 0;
$res = hesk_dbQuery('SELECT COUNT(*) AS `cnt`, `category` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` GROUP BY `category`');
while ($tmp = hesk_dbFetchAssoc($res)) {
$tickets_all[$tmp['category']] = $tmp['cnt'];
$tickets_total += $tmp['cnt'];
} }
?>
<table class="table table-hover">
<tr>
<th style="display: none"><?php echo $hesklang['id']; ?></th>
<th><?php echo $hesklang['cat_name']; ?></th>
<th><?php echo $hesklang['priority']; ?></th>
<th><?php echo $hesklang['not']; ?></th>
<th><?php echo $hesklang['graph']; ?></th>
<th><?php echo $hesklang['usage']; ?></th>
<th><?php echo $hesklang['manager']; ?></th>
<th><?php echo $hesklang['opt']; ?></th>
</tr>
<?php
/* Get number of tickets per category */
$tickets_all = array();
$tickets_total = 0;
$res = hesk_dbQuery('SELECT COUNT(*) AS `cnt`, `category` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` GROUP BY `category`');
while ($tmp = hesk_dbFetchAssoc($res)) {
$tickets_all[$tmp['category']] = $tmp['cnt'];
$tickets_total += $tmp['cnt'];
}
/* Get list of categories */ /* Get list of categories */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ORDER BY `" . $orderBy . "` ASC"); $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ORDER BY `" . $orderBy . "` ASC");
$usersRes = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `isadmin` = '0' ORDER BY `name` ASC"); $usersRes = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `isadmin` = '0' ORDER BY `name` ASC");
$users = array(); $users = array();
while ($userRow = hesk_dbFetchAssoc($usersRes)) { while ($userRow = hesk_dbFetchAssoc($usersRes)) {
array_push($users, $userRow); array_push($users, $userRow);
} }
$i = 1; $i = 1;
$j = 0; $j = 0;
$num = hesk_dbNumRows($res); $num = hesk_dbNumRows($res);
$usage = array( $usage = array(
0 => '<i class="fa fa-fw fa-ticket icon-link" data-toggle="tooltip" title="' . $hesklang['tickets'] . '"></i> 0 => '<i class="fa fa-fw fa-ticket icon-link" data-toggle="tooltip" title="' . $hesklang['tickets'] . '"></i>
<i class="fa fa-fw fa-calendar icon-link" data-toggle="tooltip" title="' . $hesklang['events'] . '"></i>', <i class="fa fa-fw fa-calendar icon-link" data-toggle="tooltip" title="' . $hesklang['events'] . '"></i>',
1 => '<i class="fa fa-fw fa-ticket icon-link" data-toggle="tooltip" title="' . $hesklang['tickets'] . '"></i><i class="fa fa-fw"></i>', 1 => '<i class="fa fa-fw fa-ticket icon-link" data-toggle="tooltip" title="' . $hesklang['tickets'] . '"></i><i class="fa fa-fw"></i>',
2 => '<i class="fa fa-fw icon-link">&nbsp;</i> <i class="fa fa-fw fa-calendar icon-link" data-toggle="tooltip" title="' . $hesklang['events'] . '"></i>' 2 => '<i class="fa fa-fw icon-link">&nbsp;</i> <i class="fa fa-fw fa-calendar icon-link" data-toggle="tooltip" title="' . $hesklang['events'] . '"></i>'
); );
while ($mycat = hesk_dbFetchAssoc($res)) { while ($mycat = hesk_dbFetchAssoc($res)) {
$j++; $j++;
if (isset($_SESSION['selcat2']) && $mycat['id'] == $_SESSION['selcat2']) { if (isset($_SESSION['selcat2']) && $mycat['id'] == $_SESSION['selcat2']) {
$color = 'admin_green'; $color = 'admin_green';
unset($_SESSION['selcat2']); unset($_SESSION['selcat2']);
} else { } else {
$color = $i ? 'admin_white' : 'admin_gray'; $color = $i ? 'admin_white' : 'admin_gray';
} }
$tmp = $i ? 'White' : 'Blue'; $tmp = $i ? 'White' : 'Blue';
$style = ''; $style = '';
if ($mycat['color'] == null) { if ($mycat['color'] == null) {
$style .= 'color: black; border: solid 1px #000'; $style .= 'color: black; border: solid 1px #000';
} else { } else {
$style .= 'background: ' . $mycat['color']; $style .= 'background: ' . $mycat['color'];
} }
$i = $i ? 0 : 1; $i = $i ? 0 : 1;
/* Number of tickets and graph width */ /* Number of tickets and graph width */
$all = isset($tickets_all[$mycat['id']]) ? $tickets_all[$mycat['id']] : 0; $all = isset($tickets_all[$mycat['id']]) ? $tickets_all[$mycat['id']] : 0;
$width_all = 0; $width_all = 0;
if ($tickets_total && $all) { if ($tickets_total && $all) {
$width_all = round(($all / $tickets_total) * 100); $width_all = round(($all / $tickets_total) * 100);
} }
/* Deleting category with ID 1 (default category) is not allowed */ /* Deleting category with ID 1 (default category) is not allowed */
if ($mycat['id'] == 1) { if ($mycat['id'] == 1) {
$remove_code = ' <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />'; $remove_code = ' <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
} else { } else {
$remove_code = ' <a href="manage_categories.php?a=remove&amp;catid=' . $mycat['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();"><i class="fa fa-times icon-link red" data-toggle="tooltip" data-placement="top" title="' . $hesklang['delete'] . '"></i></a>'; $remove_code = ' <a href="manage_categories.php?a=remove&amp;catid=' . $mycat['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();"><i class="fa fa-times icon-link red" data-toggle="tooltip" data-placement="top" title="' . $hesklang['delete'] . '"></i></a>';
} }
/* Is category private or public? */ /* Is category private or public? */
if ($mycat['type']) { if ($mycat['type']) {
$type_code = '<a href="manage_categories.php?a=type&amp;s=0&amp;catid=' . $mycat['id'] . '&amp;token=' . hesk_token_echo(0) . '"><span class="glyphicon glyphicon-user gray" data-toggle="tooltip" data-placement="top" title="' . $hesklang['cat_private'] . '"></span></a>'; $type_code = '<a href="manage_categories.php?a=type&amp;s=0&amp;catid=' . $mycat['id'] . '&amp;token=' . hesk_token_echo(0) . '"><span class="glyphicon glyphicon-user gray" data-toggle="tooltip" data-placement="top" title="' . $hesklang['cat_private'] . '"></span></a>';
} else { } else {
$type_code = '<a href="manage_categories.php?a=type&amp;s=1&amp;catid=' . $mycat['id'] . '&amp;token=' . hesk_token_echo(0) . '"><span class="glyphicon glyphicon-user blue" data-toggle="tooltip" data-placement="top" title="' . $hesklang['cat_public'] . '"></span></a>'; $type_code = '<a href="manage_categories.php?a=type&amp;s=1&amp;catid=' . $mycat['id'] . '&amp;token=' . hesk_token_echo(0) . '"><span class="glyphicon glyphicon-user blue" data-toggle="tooltip" data-placement="top" title="' . $hesklang['cat_public'] . '"></span></a>';
} }
/* Is auto assign enabled? */ /* Is auto assign enabled? */
if ($hesk_settings['autoassign']) { if ($hesk_settings['autoassign']) {
if ($mycat['autoassign']) { if ($mycat['autoassign']) {
$autoassign_code = '<a href="manage_categories.php?a=autoassign&amp;s=0&amp;catid=' . $mycat['id'] . '&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-bolt icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['aaon'] . '"></i></a>'; $autoassign_code = '<a href="manage_categories.php?a=autoassign&amp;s=0&amp;catid=' . $mycat['id'] . '&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-bolt icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['aaon'] . '"></i></a>';
} else {
$autoassign_code = '<a href="manage_categories.php?a=autoassign&amp;s=1&amp;catid=' . $mycat['id'] . '&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-bolt icon-link gray" data-toggle="tooltip" data-placement="top" title="' . $hesklang['aaoff'] . '"></i></a>';
}
} else { } else {
$autoassign_code = ''; $autoassign_code = '<a href="manage_categories.php?a=autoassign&amp;s=1&amp;catid=' . $mycat['id'] . '&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-bolt icon-link gray" data-toggle="tooltip" data-placement="top" title="' . $hesklang['aaoff'] . '"></i></a>';
} }
} else {
$autoassign_code = '';
}
echo ' echo '
<tr data-category-id="' . $mycat['id'] . '" data-name="' . htmlspecialchars($mycat['name']) . '" <tr data-category-id="' . $mycat['id'] . '" data-name="' . htmlspecialchars($mycat['name']) . '"
data-color="'. htmlspecialchars($mycat['color']) . '" data-priority="' . $mycat['priority'] . '" data-color="'. htmlspecialchars($mycat['color']) . '" data-priority="' . $mycat['priority'] . '"
data-manager="' . $mycat['manager'] . '" data-usage="'. $mycat['usage'] .'"> data-manager="' . $mycat['manager'] . '" data-usage="'. $mycat['usage'] .'">
@ -342,31 +337,30 @@ while ($mycat = hesk_dbFetchAssoc($res)) {
' . $autoassign_code . ' ' . $autoassign_code . '
' . $type_code . ' '; ' . $type_code . ' ';
if ($orderBy != 'name' && $num > 1) { if ($orderBy != 'name' && $num > 1) {
if ($j == 1) { if ($j == 1) {
echo '<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" /> <a href="manage_categories.php?a=order&amp;catid=' . $mycat['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_dn'] . '"></i></a>&nbsp;'; echo '<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" /> <a href="manage_categories.php?a=order&amp;catid=' . $mycat['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_dn'] . '"></i></a>&nbsp;';
} elseif ($j == $num) { } elseif ($j == $num) {
echo '<a href="manage_categories.php?a=order&amp;catid=' . $mycat['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_up'] . '"></i></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />'; echo '<a href="manage_categories.php?a=order&amp;catid=' . $mycat['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_up'] . '"></i></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
} else { } else {
echo ' echo '
<a href="manage_categories.php?a=order&amp;catid=' . $mycat['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_up'] . '"></i></a> <a href="manage_categories.php?a=order&amp;catid=' . $mycat['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_up'] . '"></i></a>
<a href="manage_categories.php?a=order&amp;catid=' . $mycat['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_dn'] . '"></i></a>&nbsp; <a href="manage_categories.php?a=order&amp;catid=' . $mycat['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_dn'] . '"></i></a>&nbsp;
'; ';
}
} }
echo '<a href="javascript:;" class="category-modal-trigger" data-category-id="' . $mycat['id'] . '"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" title="Edit"></i></a>'; }
echo $remove_code . '</td> echo '<a href="javascript:;" class="category-modal-trigger" data-category-id="' . $mycat['id'] . '"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" title="Edit"></i></a>';
echo $remove_code . '</td>
</tr> </tr>
'; ';
} // End while } // End while
?> ?>
</table> </table>
</div>
</div> </div>
</div> </div>
</div> </section>
<!-- Edit category modal --> <!-- Edit category modal -->
<div class="modal fade" id="edit-category-modal" tabindex="-1" role="dialog" style="overflow: hidden"> <div class="modal fade" id="edit-category-modal" tabindex="-1" role="dialog" style="overflow: hidden">
<div class="modal-dialog modal-lg" role="document"> <div class="modal-dialog modal-lg" role="document">
@ -538,7 +532,7 @@ function change_priority()
$priority = 3; $priority = 3;
} }
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `priority`='{$priority}' WHERE `id`='" . intval($catid) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `priority`='{$priority}' WHERE `id`='" . intval($catid) . "'");
hesk_cleanSessionVars('cat_ch_priority'); hesk_cleanSessionVars('cat_ch_priority');
@ -692,7 +686,7 @@ function update_category()
`manager` = " . intval($manager) . ", `manager` = " . intval($manager) . ",
`color` = " . $color . ", `color` = " . $color . ",
`usage` = " . intval($usage) . " `usage` = " . intval($usage) . "
WHERE `id`='" . intval($catid) . "' LIMIT 1"); WHERE `id`='" . intval($catid) . "'");
unset($_SESSION['selcat']); unset($_SESSION['selcat']);
unset($_SESSION['catname2']); unset($_SESSION['catname2']);
@ -715,7 +709,7 @@ function remove()
hesk_process_messages($hesklang['cant_del_default_cat'], $_SERVER['PHP_SELF']); hesk_process_messages($hesklang['cant_del_default_cat'], $_SERVER['PHP_SELF']);
} }
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($mycat) . "' LIMIT 1"); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($mycat) . "'");
if (hesk_dbAffectedRows() != 1) { if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[cat_not_found]."); hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
} }
@ -738,7 +732,7 @@ function order_cat()
$cat_move = intval(hesk_GET('move')); $cat_move = intval(hesk_GET('move'));
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=`cat_order`+" . intval($cat_move) . " WHERE `id`='" . intval($catid) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=`cat_order`+" . intval($cat_move) . " WHERE `id`='" . intval($catid) . "'");
if (hesk_dbAffectedRows() != 1) { if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[cat_not_found]."); hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
} }
@ -748,7 +742,7 @@ function order_cat()
$i = 10; $i = 10;
while ($mycat = hesk_dbFetchAssoc($res)) { while ($mycat = hesk_dbFetchAssoc($res)) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($mycat['id']) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($mycat['id']) . "'");
$i += 10; $i += 10;
} }
@ -776,7 +770,7 @@ function toggle_autoassign()
} }
/* Update auto-assign settings */ /* Update auto-assign settings */
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `autoassign`='" . intval($autoassign) . "' WHERE `id`='" . intval($catid) . "' LIMIT 1"); $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `autoassign`='" . intval($autoassign) . "' WHERE `id`='" . intval($catid) . "'");
if (hesk_dbAffectedRows() != 1) { if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php'); hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
} }
@ -805,7 +799,7 @@ function toggle_type()
} }
/* Update auto-assign settings */ /* Update auto-assign settings */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `type`='{$type}' WHERE `id`='" . intval($catid) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `type`='{$type}' WHERE `id`='" . intval($catid) . "'");
if (hesk_dbAffectedRows() != 1) { if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php'); hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
} }

328
admin/manage_email_templates.php
Unescape Escape View File

@ -8,6 +8,7 @@ define('PAGE_TITLE', 'ADMIN_TOOLS');
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -60,192 +61,209 @@ if ($modsForHesk_settings['html_emails']) {
/* Print main manage users page */ /* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<section class="content">
<div class="row pad-20"> <div class="box">
<ul class="nav nav-tabs" role="tablist"> <div class="box-body">
<?php <div class="nav-tabs-custom">
// Show a link to banned_emails.php if user has permission <ul class="nav nav-tabs" role="tablist">
if (hesk_checkPermission('can_ban_emails', 0)) { <?php
echo ' // Show a link to banned_emails.php if user has permission
if (hesk_checkPermission('can_ban_emails', 0)) {
echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a> <a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a>
</li> </li>
'; ';
} }
if (hesk_checkPermission('can_ban_ips', 0)) { if (hesk_checkPermission('can_ban_ips', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a> <a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>
</li>'; </li>';
} }
// Show a link to status_message.php if user has permission to do so // Show a link to status_message.php if user has permission to do so
if (hesk_checkPermission('can_service_msg', 0)) { if (hesk_checkPermission('can_service_msg', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a> <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
</li>'; </li>';
} }
?> ?>
<li role="presentation" class="active"> <li role="presentation" class="active">
<a href="#"><?php echo $hesklang['email_templates']; ?> <i <a href="#"><?php echo $hesklang['email_templates']; ?> <i
class="fa fa-question-circle settingsquestionmark" data-toggle="popover" class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
title="<?php echo $hesklang['email_templates']; ?>" title="<?php echo $hesklang['email_templates']; ?>"
data-content="<?php echo $hesklang['email_templates_intro']; ?>"></i></a> data-content="<?php echo $hesklang['email_templates_intro']; ?>"></i></a>
</li> </li>
<?php <?php
if (hesk_checkPermission('can_man_ticket_statuses', 0)) { if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a> <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
</li> </li>
'; ';
} }
?>
</ul>
<div class="tab-content summaryList tabPadding">
<?php if ($showEditPanel): ?>
<div class="row">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
<h4>
<?php
$isHtml = ($_GET['html'] == 'true');
$class = 'plaintext-editor';
if ($isHtml) {
$class = 'htmlEditor';
echo sprintf($hesklang['editing_html_template'], $_GET['template']);
} else {
echo sprintf($hesklang['editing_plain_text_template'], $_GET['template']);
} ?>
</h4>
</div>
<div class="panel-body">
<?php
$fileContent = '';
if ($isHtml) {
$fileContent = file_get_contents(HESK_PATH . 'language/' . urldecode($_GET['language']) . '/emails/html/' . $_GET['template']);
} else {
$fileContent = file_get_contents(HESK_PATH . 'language/' . urldecode($_GET['language']) . '/emails/' . $_GET['template']);
}
if ($fileContent === false) {
//throw error
}
?>
<a href="#" id="showSpecialTags"
onclick="toggleContainers(['specialTags'],['showSpecialTags'])">
<?php echo $hesklang['show_special_tags']; ?>
</a>
<div id="specialTags" style="display: none"> if (hesk_checkPermission('can_man_settings', 0)) {
<a href="#" onclick="toggleContainers(['showSpecialTags'],['specialTags'])"> echo '
<?php echo $hesklang['hide_special_tags']; ?> <li role="presentation">
</a> <a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' .
<table class="table table-striped table-responsive table-condensed"> $hesklang['tab_4']
<thead> . '</a>
<tr> </li>
<th><?php echo $hesklang['special_tag']; ?></th> ';
<th><?php echo $hesklang['description'] ?></th> }
</tr> ?>
</thead> </ul>
<tbody> <div class="tab-content summaryList tabPadding">
<?php if ($showEditPanel): ?>
<div class="row">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
<h4>
<?php
$isHtml = ($_GET['html'] == 'true');
$class = 'plaintext-editor';
if ($isHtml) {
$class = 'htmlEditor';
echo sprintf($hesklang['editing_html_template'], $_GET['template']);
} else {
echo sprintf($hesklang['editing_plain_text_template'], $_GET['template']);
} ?>
</h4>
</div>
<div class="panel-body">
<?php <?php
$tags = getSpecialTagMap(); $fileContent = '';
foreach ($tags as $tag => $text): ?> if ($isHtml) {
<tr> $fileContent = file_get_contents(HESK_PATH . 'language/' . urldecode($_GET['language']) . '/emails/html/' . $_GET['template']);
<td><?php echo $tag; ?></td> } else {
<td><?php echo $text; ?></td> $fileContent = file_get_contents(HESK_PATH . 'language/' . urldecode($_GET['language']) . '/emails/' . $_GET['template']);
</tr> }
<?php endforeach; ?> if ($fileContent === false) {
</tbody> //throw error
</table> }
</div> ?>
<form action="manage_email_templates.php" method="post"> <a href="#" id="showSpecialTags"
onclick="toggleContainers(['specialTags'],['showSpecialTags'])">
<?php echo $hesklang['show_special_tags']; ?>
</a>
<div id="specialTags" style="display: none">
<a href="#" onclick="toggleContainers(['showSpecialTags'],['specialTags'])">
<?php echo $hesklang['hide_special_tags']; ?>
</a>
<table class="table table-striped table-responsive table-condensed">
<thead>
<tr>
<th><?php echo $hesklang['special_tag']; ?></th>
<th><?php echo $hesklang['description'] ?></th>
</tr>
</thead>
<tbody>
<?php
$tags = getSpecialTagMap();
foreach ($tags as $tag => $text): ?>
<tr>
<td><?php echo $tag; ?></td>
<td><?php echo $text; ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<form action="manage_email_templates.php" method="post">
<textarea name="text" rows="15" <textarea name="text" rows="15"
class="form-control <?php echo $class; ?>"><?php echo $fileContent; ?></textarea> class="form-control <?php echo $class; ?>"><?php echo $fileContent; ?></textarea>
<input type="hidden" name="action" value="save"> <input type="hidden" name="action" value="save">
<input type="hidden" name="template" <input type="hidden" name="template"
value="<?php echo htmlspecialchars($_GET['template']); ?>"> value="<?php echo htmlspecialchars($_GET['template']); ?>">
<input type="hidden" name="language" <input type="hidden" name="language"
value="<?php echo htmlspecialchars($_GET['language']); ?>"> value="<?php echo htmlspecialchars($_GET['language']); ?>">
<input type="hidden" name="html" value="<?php echo $isHtml; ?>"> <input type="hidden" name="html" value="<?php echo $isHtml; ?>">
<br> <br>
<?php <?php
$fileWritable = false; $fileWritable = false;
if ($isHtml) { if ($isHtml) {
$fileWritable = is_writable(HESK_PATH . 'language/' . $_GET['language'] . '/emails/html/' . $_GET['template']); $fileWritable = is_writable(HESK_PATH . 'language/' . $_GET['language'] . '/emails/html/' . $_GET['template']);
} else { } else {
$fileWritable = is_writable(HESK_PATH . 'language/' . $_GET['language'] . '/emails/' . $_GET['template']); $fileWritable = is_writable(HESK_PATH . 'language/' . $_GET['language'] . '/emails/' . $_GET['template']);
} }
if (!$fileWritable) { if (!$fileWritable) {
echo '<div class="alert alert-danger"> echo '<div class="alert alert-danger">
<p>' . sprintf($hesklang['email_template_directory_not_writable'], $_GET['template']) . '</p> <p>' . sprintf($hesklang['email_template_directory_not_writable'], $_GET['template']) . '</p>
</div>'; </div>';
} else { } else {
echo '<input type="submit" class="btn btn-default" value="' . $hesklang['save'] . '">'; echo '<input type="submit" class="btn btn-default" value="' . $hesklang['save'] . '">';
} }
?> ?>
</form> </form>
</div>
</div>
</div> </div>
</div> </div>
</div> <?php endif; ?>
</div> <div class="row">
<?php endif; ?> <div class="col-md-12">
<div class="row"> <?php
<div class="col-md-12"> /* This will handle error, success and notice messages */
<?php hesk_handle_messages();
/* This will handle error, success and notice messages */
hesk_handle_messages();
// Output list of templates, and provide links to edit the plaintext and HTML versions for each language // Output list of templates, and provide links to edit the plaintext and HTML versions for each language
// First get list of languages // First get list of languages
$languages = array(); $languages = array();
foreach ($hesk_settings['languages'] as $key => $value) { foreach ($hesk_settings['languages'] as $key => $value) {
$languages[$key] = $hesk_settings['languages'][$key]['folder']; $languages[$key] = $hesk_settings['languages'][$key]['folder'];
} }
// Get all files, but don't worry about index.htm, items beginning with '.', or the html folder // Get all files, but don't worry about index.htm, items beginning with '.', or the html folder
// We'll also assume the template file exists in all language folders and in the html folder // We'll also assume the template file exists in all language folders and in the html folder
reset($languages); reset($languages);
$firstKey = key($languages); $firstKey = key($languages);
$firstDirectory = HESK_PATH . 'language/' . $languages[$firstKey] . '/emails'; $firstDirectory = HESK_PATH . 'language/' . $languages[$firstKey] . '/emails';
$directoryListing = preg_grep('/^([^.])/', scandir($firstDirectory)); $directoryListing = preg_grep('/^([^.])/', scandir($firstDirectory));
$emailTemplates = array_diff($directoryListing, array('html', 'index.htm')); $emailTemplates = array_diff($directoryListing, array('html', 'index.htm'));
?> ?>
<table class="table table-striped table-responsive"> <table class="table table-striped table-responsive">
<thead> <thead>
<tr> <tr>
<th><?php echo $hesklang['file_name']; ?></th> <th><?php echo $hesklang['file_name']; ?></th>
<?php foreach ($languages as $language => $languageCode): ?> <?php foreach ($languages as $language => $languageCode): ?>
<th><?php echo $language; ?></th> <th><?php echo $language; ?></th>
<?php endforeach; ?> <?php endforeach; ?>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<?php foreach ($emailTemplates as $template): ?> <?php foreach ($emailTemplates as $template): ?>
<tr> <tr>
<td><?php echo $template; ?></td> <td><?php echo $template; ?></td>
<?php foreach ($languages as $language => $languageCode): ?> <?php foreach ($languages as $language => $languageCode): ?>
<td> <td>
<?php <?php
echo getTemplateMarkup($template, $languageCode); echo getTemplateMarkup($template, $languageCode);
echo '&nbsp;&nbsp;&nbsp;'; echo '&nbsp;&nbsp;&nbsp;';
if ($modsForHesk_settings['html_emails']) { if ($modsForHesk_settings['html_emails']) {
echo getTemplateMarkup($template, $languageCode, true); echo getTemplateMarkup($template, $languageCode, true);
} }
?> ?>
</td> </td>
<?php endforeach; ?>
</tr>
<?php endforeach; ?> <?php endforeach; ?>
</tr> </tbody>
<?php endforeach; ?> </table>
</tbody> </div>
</table> </div>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
</section>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');

1248
admin/manage_knowledgebase.php
View File

File diff suppressed because it is too large Load Diff

116
admin/manage_permission_templates.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -37,6 +20,7 @@ define('PAGE_TITLE', 'ADMIN_USERS');
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -96,23 +80,25 @@ while ($row = hesk_dbFetchAssoc($res)) {
array_push($categories, $row); array_push($categories, $row);
} }
?> ?>
<div class="row move-down-20"> <section class="content">
<div class="col-md-12"> <?php hesk_handle_messages(); ?>
<?php <div class="box">
hesk_handle_messages(); <div class="box-header with-border">
?> <h1 class="box-title">
<div class="panel panel-default"> <?php echo $hesklang['manage_permission_templates']; ?>
<div class="panel-heading"> <i class="fa fa-question-circle settingsquestionmark" data-toggle="tooltip" data-placement="right"
<h4><?php echo $hesklang['manage_permission_templates']; ?> title="<?php echo $hesklang['manage_permission_templates_help']; ?>"></i>
<i class="fa fa-question-circle settingsquestionmark" data-toggle="tooltip" data-placement="right" </h1>
title="<?php echo $hesklang['manage_permission_templates_help']; ?>"></i> <div class="box-tools pull-right">
<span class="nu-floatRight panel-button"> <button type="button" class="btn btn-box-tool" data-widget="collapse">
<a href="#" data-toggle="modal" data-target="#modal-template-new" class="btn btn-success nu-floatRight"> <i class="fa fa-minus"></i>
<i class="fa fa-plus-circle"></i> <?php echo $hesklang['create_new_template']; ?> </button>
</a>
</span>
</h4>
</div> </div>
</div>
<div class="box-body">
<a href="#" data-toggle="modal" data-target="#modal-template-new" class="btn btn-success nu-floatRight">
<i class="fa fa-plus-circle"></i> <?php echo $hesklang['create_new_template']; ?>
</a>
<table class="table table-striped"> <table class="table table-striped">
<thead> <thead>
<th><?php echo $hesklang['name']; ?></th> <th><?php echo $hesklang['name']; ?></th>
@ -129,23 +115,23 @@ while ($row = hesk_dbFetchAssoc($res)) {
<i class="fa fa-pencil icon-link" data-toggle="tooltip" <i class="fa fa-pencil icon-link" data-toggle="tooltip"
title="<?php echo $hesklang['view_permissions_for_this_template'] ?>"></i></a> title="<?php echo $hesklang['view_permissions_for_this_template'] ?>"></i></a>
<?php if ($row['id'] == 1) { ?> <?php if ($row['id'] == 1) { ?>
<i class="fa fa-star icon-link orange" data-toggle="tooltip" <i class="fa fa-star icon-link orange" data-toggle="tooltip"
title="<?php echo $hesklang['admin_cannot_be_staff']; ?>"></i></a> title="<?php echo $hesklang['admin_cannot_be_staff']; ?>"></i></a>
<?php } elseif ($row['heskprivileges'] == 'ALL' && $row['categories'] == 'ALL'){ ?> <?php } elseif ($row['heskprivileges'] == 'ALL' && $row['categories'] == 'ALL'){ ?>
<a href="manage_permission_templates.php?a=deladmin&amp;id=<?php echo $row['id']; ?>"> <a href="manage_permission_templates.php?a=deladmin&amp;id=<?php echo $row['id']; ?>">
<i class="fa fa-star icon-link orange" data-toggle="tooltip" <i class="fa fa-star icon-link orange" data-toggle="tooltip"
title="<?php echo $hesklang['template_has_admin_privileges']; ?>"></i></a> title="<?php echo $hesklang['template_has_admin_privileges']; ?>"></i></a>
<?php } elseif ($row['id'] != 2) { ?> <?php } elseif ($row['id'] != 2) { ?>
<a href="manage_permission_templates.php?a=addadmin&amp;id=<?php echo $row['id']; ?>"> <a href="manage_permission_templates.php?a=addadmin&amp;id=<?php echo $row['id']; ?>">
<i class="fa fa-star-o icon-link gray" data-toggle="tooltip" <i class="fa fa-star-o icon-link gray" data-toggle="tooltip"
title="<?php echo $hesklang['template_has_no_admin_privileges']; ?>"></i></a> title="<?php echo $hesklang['template_has_no_admin_privileges']; ?>"></i></a>
<?php <?php
} else { } else {
?> ?>
<i class="fa fa-star-o icon-link gray" data-toggle="tooltip" <i class="fa fa-star-o icon-link gray" data-toggle="tooltip"
title="<?php echo $hesklang['staff_cannot_be_admin']; ?>"></i> title="<?php echo $hesklang['staff_cannot_be_admin']; ?>"></i>
<?php <?php
} }
if ($row['id'] != 1 && $row['id'] != 2): if ($row['id'] != 1 && $row['id'] != 2):
?> ?>
<a href="manage_permission_templates.php?a=delete&amp;id=<?php echo $row['id']; ?>"> <a href="manage_permission_templates.php?a=delete&amp;id=<?php echo $row['id']; ?>">
@ -159,7 +145,7 @@ while ($row = hesk_dbFetchAssoc($res)) {
</table> </table>
</div> </div>
</div> </div>
</div> </section>
<?php <?php
foreach ($templates as $template) { foreach ($templates as $template) {
createEditModal($template, $featureArray, $categories); createEditModal($template, $featureArray, $categories);
@ -207,8 +193,10 @@ function createEditModal($template, $features, $categories)
<div class="modal-body"> <div class="modal-body">
<div class="row"> <div class="row">
<?php if ($showNotice): ?> <?php if ($showNotice): ?>
<div class="alert alert-info"> <div class="col-sm-12">
<i class="fa fa-info-circle"></i> <?php echo $hesklang['template_is_admin_cannot_change']; ?> <div class="alert alert-info">
<i class="fa fa-info-circle"></i> <?php echo $hesklang['template_is_admin_cannot_change']; ?>
</div>
</div> </div>
<?php endif; ?> <?php endif; ?>
<div class="form-group"> <div class="form-group">

571
admin/manage_statuses.php
Unescape Escape View File

@ -9,6 +9,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/status_functions.inc.php'); require(HESK_PATH . 'inc/status_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -45,318 +46,336 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */ /* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<section class="content">
<div class="row pad-20"> <div class="box">
<ul class="nav nav-tabs" role="tablist"> <div class="box-body">
<?php <div class="nav-tabs-custom">
// Show a link to banned_emails.php if user has permission <ul class="nav nav-tabs" role="tablist">
if (hesk_checkPermission('can_ban_emails', 0)) { <?php
echo ' // Show a link to banned_emails.php if user has permission
if (hesk_checkPermission('can_ban_emails', 0)) {
echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a> <a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a>
</li> </li>
'; ';
} }
if (hesk_checkPermission('can_ban_ips', 0)) { if (hesk_checkPermission('can_ban_ips', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a> <a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>
</li>'; </li>';
} }
// Show a link to status_message.php if user has permission to do so // Show a link to status_message.php if user has permission to do so
if (hesk_checkPermission('can_service_msg', 0)) { if (hesk_checkPermission('can_service_msg', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a> <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
</li>'; </li>';
} }
if (hesk_checkPermission('can_man_email_tpl', 0)) { if (hesk_checkPermission('can_man_email_tpl', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a> <a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>
</li> </li>
'; ';
} }
?> ?>
<li role="presentation" class="active"> <li role="presentation" class="active">
<a href="#"><?php echo $hesklang['statuses']; ?> <i class="fa fa-question-circle settingsquestionmark" <a href="#"><?php echo $hesklang['statuses']; ?> <i class="fa fa-question-circle settingsquestionmark"
data-toggle="popover" data-toggle="popover"
title="<?php echo $hesklang['statuses']; ?>" title="<?php echo $hesklang['statuses']; ?>"
data-content="<?php echo $hesklang['statuses_intro']; ?>"></i></a> data-content="<?php echo $hesklang['statuses_intro']; ?>"></i></a>
</li> </li>
</ul>
<div class="tab-content summaryList tabPadding">
<div class="row">
<div class="col-md-12">
<?php <?php
/* This will handle error, success and notice messages */ if (hesk_checkPermission('can_man_settings', 0)) {
hesk_handle_messages(); echo '
<li role="presentation">
//-- We need to get all of the statuses and dump the information to the page. <a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' .
$numOfStatusesRS = hesk_dbQuery('SELECT 1 FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses`'); $hesklang['tab_4']
$numberOfStatuses = hesk_dbNumRows($numOfStatusesRS); . '</a>
</li>
$statuses = mfh_getAllStatuses(); ';
}
?> ?>
<form class="form-horizontal" method="post" action="manage_statuses.php" role="form"> </ul>
<div class="panel panel-default"> <div class="tab-content summaryList tabPadding">
<div class="panel-heading"> <div class="row">
<h4> <div class="col-md-12">
<?php echo $hesklang['statuses']; ?> <?php
<span class="nu-floatRight panel-button"> /* This will handle error, success and notice messages */
<button type="button" class="btn btn-success" data-toggle="modal" data-target="#modal-status-new"> hesk_handle_messages();
<i class="fa fa-plus-circle"></i>
<?php //-- We need to get all of the statuses and dump the information to the page.
echo $hesklang['new_status']; $numOfStatusesRS = hesk_dbQuery('SELECT 1 FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses`');
?> $numberOfStatuses = hesk_dbNumRows($numOfStatusesRS);
</button>
</span> $statuses = mfh_getAllStatuses();
</h4> ?>
</div> <form class="form-horizontal" method="post" action="manage_statuses.php" role="form">
<table class="table table-hover"> <div class="panel panel-default">
<thead> <div class="panel-heading">
<tr> <h4>
<th><?php echo $hesklang['name']; ?></th> <?php echo $hesklang['statuses']; ?>
<th><?php echo $hesklang['closable_question']; ?></th> <span style="float: right; margin-top: -7px">
<th><?php echo $hesklang['closedQuestionMark']; ?></th> <button type="button" class="btn btn-success" data-toggle="modal" data-target="#modal-status-new">
<th><?php echo $hesklang['actions']; ?></th> <i class="fa fa-plus-circle"></i>
</tr> <?php
</thead> echo $hesklang['new_status'];
<tbody> ?>
<?php </button>
$j = 1; </span>
foreach ($statuses as $key => $row): </h4>
?> </div>
<tr id="s<?php echo $row['ID']; ?>_row"> <table class="table table-hover">
<td class="bold" style="color: <?php echo $row['TextColor']; ?>"> <thead>
<?php echo $row['text']; ?> <tr>
</td> <th><?php echo $hesklang['name']; ?></th>
<td> <th><?php echo $hesklang['closable_question']; ?></th>
<?php <th><?php echo $hesklang['closedQuestionMark']; ?></th>
if ($row['Closable'] == 'yes') { <th><?php echo $hesklang['actions']; ?></th>
echo $hesklang['yes_title_case']; </tr>
} elseif ($row['Closable'] == 'conly') { </thead>
echo $hesklang['customers_only']; <tbody>
} elseif ($row['Closable'] == 'sonly') { <?php
echo $hesklang['staff_only']; $j = 1;
} elseif ($row['Closable'] == 'no') { foreach ($statuses as $key => $row):
echo $hesklang['no_title_case'];
}
?>
</td>
<td>
<?php
if ($row['IsClosed']) {
echo '<i class="fa fa-check-circle icon-link green"></i>';
}
?> ?>
</td> <tr id="s<?php echo $row['ID']; ?>_row">
<td> <td class="bold" style="color: <?php echo $row['TextColor']; ?>">
<?php echo $row['text']; ?>
</td>
<td>
<?php
if ($row['Closable'] == 'yes') {
echo $hesklang['yes_title_case'];
} elseif ($row['Closable'] == 'conly') {
echo $hesklang['customers_only'];
} elseif ($row['Closable'] == 'sonly') {
echo $hesklang['staff_only'];
} elseif ($row['Closable'] == 'no') {
echo $hesklang['no_title_case'];
}
?>
</td>
<td>
<?php
if ($row['IsClosed']) {
echo '<i class="fa fa-check-circle icon-link green"></i>';
}
?>
</td>
<td>
<span data-toggle="modal" data-target="#modal-status-<?php echo $row['ID']; ?>" <span data-toggle="modal" data-target="#modal-status-<?php echo $row['ID']; ?>"
style="cursor: pointer;"> style="cursor: pointer;">
<i class="fa fa-pencil icon-link orange" <i class="fa fa-pencil icon-link orange"
data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i> data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i>
</span> </span>
<?php echoArrows($j, $numberOfStatuses, $row['ID'], $modsForHesk_settings); ?> <?php echoArrows($j, $numberOfStatuses, $row['ID'], $modsForHesk_settings); ?>
<?php <?php
// Only show the delete button if (1) it's not a default action and (2) no tickets are set to that status // Only show the delete button if (1) it's not a default action and (2) no tickets are set to that status
$delete = canStatusBeDeleted($row['ID']); $delete = canStatusBeDeleted($row['ID']);
$cursor = 'cursor: pointer'; $cursor = 'cursor: pointer';
$iconStyle = 'color: red'; $iconStyle = 'color: red';
$dataTarget = 'data-target="#modal-status-delete-' . $row['ID'] . '"'; $dataTarget = 'data-target="#modal-status-delete-' . $row['ID'] . '"';
$tooltip = $hesklang['delete']; $tooltip = $hesklang['delete'];
if ($delete == 'no-default' || $delete == 'no-tickets') { if ($delete == 'no-default' || $delete == 'no-tickets') {
$cursor = ''; $cursor = '';
$dataTarget = ''; $dataTarget = '';
$iconStyle = 'color: grey'; $iconStyle = 'color: grey';
} }
if ($delete == 'no-default') { if ($delete == 'no-default') {
$tooltip = $hesklang['whyCantIDeleteThisStatusReason']; $tooltip = $hesklang['whyCantIDeleteThisStatusReason'];
} elseif ($delete == 'no-tickets') { } elseif ($delete == 'no-tickets') {
$tooltip = $hesklang['cannot_delete_status_tickets']; $tooltip = $hesklang['cannot_delete_status_tickets'];
} }
?> ?>
<span data-toggle="modal" <?php echo $dataTarget; ?> <span data-toggle="modal" <?php echo $dataTarget; ?>
style="<?php echo $cursor; ?>;"> style="<?php echo $cursor; ?>;">
<i class="fa fa-times icon-link" style="<?php echo $iconStyle; ?>" <i class="fa fa-times icon-link" style="<?php echo $iconStyle; ?>"
data-toggle="tooltip" title="<?php echo $tooltip; ?>"></i> data-toggle="tooltip" title="<?php echo $tooltip; ?>"></i>
</span> </span>
</td> </td>
</tr> </tr>
<?php
$j++;
endforeach; ?>
</tbody>
</table>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h4><?php echo $hesklang['defaultStatusForAction']; ?></h4>
</div>
<div class="panel-body">
<div class="form-group">
<label for="newTicket"
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isNewTicketMsg']; ?></label>
<div class="col-sm-6 col-xs-12">
<select name="newTicket" class="form-control" id="newTicket">
<?php
foreach ($statuses as $key => $row) {
if ($row['IsClosed'] == 1) {
continue;
}
$selectedEcho = ($row['IsNewTicketStatus'] == 1) ? 'selected="selected"' : '';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="closedByClient"
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isClosedByClientMsg']; ?></label>
<div class="col-sm-6 col-xs-12">
<select name="closedByClient" class="form-control" id="closedByClient">
<?php
foreach ($statuses as $key => $row) {
if ($row['IsClosed'] == 0) {
continue;
}
$selectedEcho = ($row['IsClosedByClient'] == 1) ? 'selected="selected"' : '';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="replyFromClient"
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isRepliedByClientMsg']; ?></label>
<div class="col-sm-6 col-xs-12">
<select name="replyFromClient" class="form-control" id="replyFromClient">
<?php
foreach ($statuses as $key => $row) {
if ($row['IsClosed'] == 1) {
continue;
}
$selectedEcho = ($row['IsCustomerReplyStatus'] == 1) ? 'selected="selected"' : '';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="staffClosedOption"
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isStaffClosedOptionMsg']; ?></label>
<div class="col-sm-6 col-xs-12">
<select name="staffClosedOption" class="form-control" id="staffClosedOption">
<?php <?php
foreach ($statuses as $key => $row) { $j++;
if ($row['IsClosed'] == 0) { endforeach; ?>
continue; </tbody>
} </table>
$selectedEcho = ($row['IsStaffClosedOption'] == 1) ? 'selected="selected"' : '';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div>
</div> </div>
<div class="form-group"> <div class="panel panel-default">
<label for="staffReopenedStatus" <div class="panel-heading">
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isStaffReopenedStatusMsg']; ?></label> <h4><?php echo $hesklang['defaultStatusForAction']; ?></h4>
<div class="col-sm-6 col-xs-12">
<select name="staffReopenedStatus" class="form-control"
id="staffReopenedStatus">
<?php
foreach ($statuses as $key => $row) {
if ($row['IsClosed'] == 1) {
continue;
}
$selectedEcho = ($row['IsStaffReopenedStatus'] == 1) ? 'selected="selected"' : '';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div> </div>
</div> <div class="panel-body">
<div class="form-group"> <div class="form-group">
<label for="defaultStaffReplyStatus" <label for="newTicket"
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isDefaultStaffReplyStatusMsg']; ?></label> class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isNewTicketMsg']; ?></label>
<div class="col-sm-6 col-xs-12"> <div class="col-sm-6 col-xs-12">
<select name="defaultStaffReplyStatus" class="form-control" <select name="newTicket" class="form-control" id="newTicket">
id="defaultStaffReplyStatus"> <?php
<?php foreach ($statuses as $key => $row) {
foreach ($statuses as $key => $row) { if ($row['IsClosed'] == 1) {
if ($row['IsClosed'] == 1) { continue;
continue; }
}
$selectedEcho = ($row['IsNewTicketStatus'] == 1) ? 'selected="selected"' : '';
$selectedEcho = ($row['IsDefaultStaffReplyStatus'] == 1) ? 'selected="selected"' : ''; echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>'; }
} ?>
?> </select>
</select> </div>
</div> </div>
</div> <div class="form-group">
<div class="form-group"> <label for="closedByClient"
<label for="lockedTicketStatus" class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isClosedByClientMsg']; ?></label>
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['lockedTicketStatusMsg']; ?></label>
<div class="col-sm-6 col-xs-12">
<div class="col-sm-6 col-xs-12"> <select name="closedByClient" class="form-control" id="closedByClient">
<select name="lockedTicketStatus" class="form-control" id="lockedTicketStatus"> <?php
<?php foreach ($statuses as $key => $row) {
foreach ($statuses as $key => $row) { if ($row['IsClosed'] == 0) {
$selectedEcho = ($row['LockedTicketStatus'] == 1) ? 'selected="selected"' : ''; continue;
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>'; }
}
?> $selectedEcho = ($row['IsClosedByClient'] == 1) ? 'selected="selected"' : '';
</select> echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="replyFromClient"
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isRepliedByClientMsg']; ?></label>
<div class="col-sm-6 col-xs-12">
<select name="replyFromClient" class="form-control" id="replyFromClient">
<?php
foreach ($statuses as $key => $row) {
if ($row['IsClosed'] == 1) {
continue;
}
$selectedEcho = ($row['IsCustomerReplyStatus'] == 1) ? 'selected="selected"' : '';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="staffClosedOption"
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isStaffClosedOptionMsg']; ?></label>
<div class="col-sm-6 col-xs-12">
<select name="staffClosedOption" class="form-control" id="staffClosedOption">
<?php
foreach ($statuses as $key => $row) {
if ($row['IsClosed'] == 0) {
continue;
}
$selectedEcho = ($row['IsStaffClosedOption'] == 1) ? 'selected="selected"' : '';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="staffReopenedStatus"
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isStaffReopenedStatusMsg']; ?></label>
<div class="col-sm-6 col-xs-12">
<select name="staffReopenedStatus" class="form-control"
id="staffReopenedStatus">
<?php
foreach ($statuses as $key => $row) {
if ($row['IsClosed'] == 1) {
continue;
}
$selectedEcho = ($row['IsStaffReopenedStatus'] == 1) ? 'selected="selected"' : '';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="defaultStaffReplyStatus"
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isDefaultStaffReplyStatusMsg']; ?></label>
<div class="col-sm-6 col-xs-12">
<select name="defaultStaffReplyStatus" class="form-control"
id="defaultStaffReplyStatus">
<?php
foreach ($statuses as $key => $row) {
if ($row['IsClosed'] == 1) {
continue;
}
$selectedEcho = ($row['IsDefaultStaffReplyStatus'] == 1) ? 'selected="selected"' : '';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="lockedTicketStatus"
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['lockedTicketStatusMsg']; ?></label>
<div class="col-sm-6 col-xs-12">
<select name="lockedTicketStatus" class="form-control" id="lockedTicketStatus">
<?php
foreach ($statuses as $key => $row) {
$selectedEcho = ($row['LockedTicketStatus'] == 1) ? 'selected="selected"' : '';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="autocloseTicketOption"
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['autoclose_ticket_status']; ?></label>
<div class="col-sm-6 col-xs-12">
<select name="autocloseTicketOption" class="form-control"
id="autocloseTicketOption">
<?php
foreach ($statuses as $key => $row) {
if ($row['IsClosed'] == 0) {
continue;
}
$selectedEcho = ($row['IsAutocloseOption'] == 1) ? 'selected' : '';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div>
</div>
</div> </div>
</div> </div>
<div class="form-group"> <div class="col-sm-6 col-sm-offset-6">
<label for="autocloseTicketOption" <input type="hidden" name="a" value="save">
class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['autoclose_ticket_status']; ?></label> <input type="submit" class="btn btn-default"
value="<?php echo $hesklang['save_changes']; ?>">
<div class="col-sm-6 col-xs-12">
<select name="autocloseTicketOption" class="form-control"
id="autocloseTicketOption">
<?php
foreach ($statuses as $key => $row) {
if ($row['IsClosed'] == 0) {
continue;
}
$selectedEcho = ($row['IsAutocloseOption'] == 1) ? 'selected' : '';
echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
?>
</select>
</div>
</div> </div>
</div> </form>
</div>
<div class="col-sm-6 col-sm-offset-6">
<input type="hidden" name="a" value="save">
<input type="submit" class="btn btn-default"
value="<?php echo $hesklang['save_changes']; ?>">
</div> </div>
</form> </div>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
</section>
<?php <?php
foreach ($statuses as $status) { foreach ($statuses as $status) {

317
admin/manage_ticket_templates.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -37,6 +20,7 @@ define('PAGE_TITLE', 'ADMIN_CANNED');
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -78,10 +62,6 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<div class="row">
</div>
<script language="javascript" type="text/javascript"><!-- <script language="javascript" type="text/javascript"><!--
function confirm_delete() { function confirm_delete() {
if (confirm('<?php echo hesk_makeJsString($hesklang['delete_tpl']); ?>')) { if (confirm('<?php echo hesk_makeJsString($hesklang['delete_tpl']); ?>')) {
@ -105,141 +85,159 @@ $i = 1;
$j = 0; $j = 0;
$num = hesk_dbNumRows($result); $num = hesk_dbNumRows($result);
?> ?>
<div class="row move-down-20"> <section class="content">
<div class="col-md-4"> <div class="box">
<div class="panel panel-default"> <div class="box-header with-border">
<div class="panel-heading"> <h1 class="box-title">
<?php echo $hesklang['saved_ticket_tpl']; ?> <?php echo $hesklang['saved_ticket_tpl']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div> </div>
<div class="panel-body"> </div>
<?php if ($num < 1) { <div class="box-body">
echo '<p>' . $hesklang['no_ticket_tpl'] . '</p>'; <?php if ($num < 1) {
} else { echo '<p>' . $hesklang['no_ticket_tpl'] . '</p>';
?> } else {
<table class="table table-hover"> ?>
<thead> <table class="table table-hover">
<tr> <thead>
<th><?php echo $hesklang['ticket_tpl_title']; ?></th> <tr>
<th><?php echo $hesklang['opt']; ?></th> <th><?php echo $hesklang['ticket_tpl_title']; ?></th>
</tr> <th><?php echo $hesklang['opt']; ?></th>
</thead> </tr>
<tbody> </thead>
<?php <tbody>
<?php
while ($mysaved = hesk_dbFetchAssoc($result)) {
$j++;
$color = '';
if (isset($_SESSION['canned']['selcat2']) && $mysaved['id'] == $_SESSION['canned']['selcat2']) {
$color = 'success';
unset($_SESSION['canned']['selcat2']);
}
$options .= '<option class="form-control" value="' . $mysaved['id'] . '"';
$options .= (isset($_SESSION['canned']['id']) && $_SESSION['canned']['id'] == $mysaved['id']) ? ' selected="selected" ' : '';
$options .= '>' . $mysaved['title'] . '</option>';
if ($modsForHesk_settings['rich_text_for_tickets']) {
$theMessage = html_entity_decode($mysaved['message']);
$theMessage = addslashes($theMessage);
$javascript_messages .= 'myMsgTxt[' . $mysaved['id'] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", $theMessage) . "';\n";
} else {
$javascript_messages .= 'myMsgTxt[' . $mysaved['id'] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved['message'])) . "';\n";
}
$javascript_titles .= 'myTitle[' . $mysaved['id'] . ']=\'' . addslashes($mysaved['title']) . "';\n";
echo ' while ($mysaved = hesk_dbFetchAssoc($result)) {
$j++;
$color = '';
if (isset($_SESSION['canned']['selcat2']) && $mysaved['id'] == $_SESSION['canned']['selcat2']) {
$color = 'success';
unset($_SESSION['canned']['selcat2']);
}
$options .= '<option class="form-control" value="' . $mysaved['id'] . '"';
$options .= (isset($_SESSION['canned']['id']) && $_SESSION['canned']['id'] == $mysaved['id']) ? ' selected="selected" ' : '';
$options .= '>' . $mysaved['title'] . '</option>';
if ($modsForHesk_settings['rich_text_for_tickets']) {
$theMessage = html_entity_decode($mysaved['message']);
$theMessage = addslashes($theMessage);
$javascript_messages .= 'myMsgTxt[' . $mysaved['id'] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", $theMessage) . "';\n";
} else {
$javascript_messages .= 'myMsgTxt[' . $mysaved['id'] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved['message'])) . "';\n";
}
$javascript_titles .= 'myTitle[' . $mysaved['id'] . ']=\'' . addslashes($mysaved['title']) . "';\n";
echo '
<tr> <tr>
<td>' . $mysaved['title'] . '</td> <td>' . $mysaved['title'] . '</td>
<td class="text-left"> <td class="text-left">
'; ';
if ($num > 1) { if ($num > 1) {
if ($j == 1) { if ($j == 1) {
echo '<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" /> echo '<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
<a href="manage_ticket_templates.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"> <a href="manage_ticket_templates.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '">
<i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['move_dn'] . '"></i></a>'; <i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['move_dn'] . '"></i></a>';
} elseif ($j == $num) { } elseif ($j == $num) {
echo '<a href="manage_ticket_templates.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['move_up'] . '"></i></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />'; echo '<a href="manage_ticket_templates.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['move_up'] . '"></i></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
} else { } else {
echo ' echo '
<a href="manage_ticket_templates.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['move_up'] . '"></i></a> <a href="manage_ticket_templates.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['move_up'] . '"></i></a>
<a href="manage_ticket_templates.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['move_dn'] . '"></i></a> <a href="manage_ticket_templates.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['move_dn'] . '"></i></a>
'; ';
}
} else {
echo '';
} }
} else {
echo '';
}
echo ' echo '
<a href="manage_ticket_templates.php?a=remove&amp;id=' . $mysaved['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();"><i class="fa fa-times icon-link red" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delete'] . '"></i></a></td> <a href="manage_ticket_templates.php?a=remove&amp;id=' . $mysaved['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();"><i class="fa fa-times icon-link red" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delete'] . '"></i></a></td>
</tr> </tr>
'; ';
} // End while } // End while
?> ?>
</tbody> </tbody>
</table> </table>
<?php <?php
} }
?> ?>
</div>
</div> </div>
</div> </div>
<div class="col-md-8"> <div class="box">
<?php <div class="box-header with-border">
/* This will handle error, success and notice messages */ <h1 class="box-title">
hesk_handle_messages(); <?php echo $hesklang['new_ticket_tpl']; ?>
<a href="javascript:void(0)"
$onsubmit = ''; onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['ticket_tpl_intro']); ?>')"><i
if ($modsForHesk_settings['rich_text_for_tickets']) { class="fa fa-question-circle settingsquestionmark"></i></a>
$onsubmit = 'onsubmit="return validateRichText(\'message-help-block\', \'message-group\', \'message\', \''.htmlspecialchars($hesklang['this_field_is_required']).'\')"'; </h1>
} <div class="box-tools pull-right">
?> <button type="button" class="btn btn-box-tool" data-widget="collapse">
<form class="form-horizontal" action="manage_ticket_templates.php" method="post" name="form1" role="form" data-toggle="validator" <?php echo $onsubmit; ?>> <i class="fa fa-minus"></i>
<h3><?php echo $hesklang['new_ticket_tpl']; ?> <a href="javascript:void(0)" </button>
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['ticket_tpl_intro']); ?>')"><i </div>
class="fa fa-question-circle settingsquestionmark"></i></a></h3> </div>
<div class="box-body">
<div class="footerWithBorder blankSpace"></div>
<?php <?php
if ($num > 0) { /* This will handle error, success and notice messages */
?> hesk_handle_messages();
<div class="form-group">
<div class="col-sm-12"> $onsubmit = '';
<div class="radio"> if ($modsForHesk_settings['rich_text_for_tickets']) {
<label> $onsubmit = 'onsubmit="return validateRichText(\'message-help-block\', \'message-group\', \'message\', \''.htmlspecialchars($hesklang['this_field_is_required']).'\')"';
<input type="radio" name="a" }
value="new" <?php echo (!isset($_SESSION['canned']['what']) || $_SESSION['canned']['what'] != 'EDIT') ? 'checked=' : ''; ?>> ?>
<?php echo $hesklang['ticket_tpl_add']; ?> <form class="form-horizontal" action="manage_ticket_templates.php" method="post" name="form1" role="form" data-toggle="validator" <?php echo $onsubmit; ?>>
</label> <?php
</div> if ($num > 0) {
</div> ?>
<div class="row"> <div class="form-group">
<div class="col-sm-6"> <div class="col-sm-12">
<div class="radio"> <div class="row">
<label> <div class="col-sm-12">
<input type="radio" name="a" <div class="radio">
value="edit" <?php echo (isset($_SESSION['canned']['what']) && $_SESSION['canned']['what'] == 'EDIT') ? 'checked' : ''; ?>> <label>
<?php echo $hesklang['ticket_tpl_edit']; ?> <input type="radio" name="a"
</label> value="new" <?php echo (!isset($_SESSION['canned']['what']) || $_SESSION['canned']['what'] != 'EDIT') ? 'checked=' : ''; ?>>
<?php echo $hesklang['ticket_tpl_add']; ?>
</label>
</div>
</div>
</div>
<div class="row">
<div class="col-sm-6">
<div class="radio">
<label>
<input type="radio" name="a"
value="edit" <?php echo (isset($_SESSION['canned']['what']) && $_SESSION['canned']['what'] == 'EDIT') ? 'checked' : ''; ?>>
<?php echo $hesklang['ticket_tpl_edit']; ?>
</label>
</div>
</div>
<div class="col-sm-6">
<select class="form-control" name="saved_replies" onchange="setMessage(this.value)">
<option value="0"> - <?php echo $hesklang['select_empty']; ?>-
</option><?php echo $options; ?></select>
</div>
</div> </div>
</div>
<div class="col-sm-6">
<select class="form-control" name="saved_replies" onchange="setMessage(this.value)">
<option value="0"> - <?php echo $hesklang['select_empty']; ?>-
</option><?php echo $options; ?></select>
</div> </div>
</div> </div>
</div> <?php
<?php } else {
} else { echo '<p><input type="hidden" name="a" value="new" /> ' . $hesklang['ticket_tpl_add'] . '</label></p>';
echo '<p><input type="hidden" name="a" value="new" /> ' . $hesklang['ticket_tpl_add'] . '</label></p>'; }
} ?>
?> <div class="form-group">
<div class="form-group"> <label for="name" class="col-sm-2 control-label"><?php echo $hesklang['ticket_tpl_title']; ?></label>
<label for="name" class="col-sm-2 control-label"><?php echo $hesklang['ticket_tpl_title']; ?></label>
<div class="col-sm-10"> <div class="col-sm-10">
<span id="HeskTitle"> <span id="HeskTitle">
<input id="subject" class="form-control" type="text" name="name" size="40" maxlength="50" <input id="subject" class="form-control" type="text" name="name" size="40" maxlength="50"
data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>" data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
@ -248,13 +246,13 @@ $num = hesk_dbNumRows($result);
echo ' value="' . stripslashes($_SESSION['canned']['name']) . '" '; echo ' value="' . stripslashes($_SESSION['canned']['name']) . '" ';
} ?> required> } ?> required>
</span> </span>
<div class="help-block with-errors"></div> <div class="help-block with-errors"></div>
</div>
</div> </div>
</div> <div class="form-group" id="message-group">
<div class="form-group" id="message-group"> <label for="msg" class="col-sm-2 control-label"><?php echo $hesklang['message']; ?></label>
<label for="msg" class="col-sm-2 control-label"><?php echo $hesklang['message']; ?></label>
<div class="col-sm-10"> <div class="col-sm-10">
<span id="HeskMsg"> <span id="HeskMsg">
<textarea id="message" class="form-control htmlEditor" <textarea id="message" class="form-control htmlEditor"
data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>" data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
@ -269,18 +267,19 @@ $num = hesk_dbNumRows($result);
} }
?></textarea> ?></textarea>
</span> </span>
<div class="help-block with-errors" id="message-help-block"></div> <div class="help-block with-errors" id="message-help-block"></div>
</div>
</div> </div>
</div> <div class="form-group">
<div class="form-group"> <div class="col-sm-10 col-sm-offset-2">
<div class="col-sm-10 col-sm-offset-2"> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/> <input type="submit" value="<?php echo $hesklang['save_ticket_tpl']; ?>" class="btn btn-default">
<input type="submit" value="<?php echo $hesklang['save_ticket_tpl']; ?>" class="btn btn-default"> </div>
</div> </div>
</div> </form>
</form> </div>
</div> </div>
</div> </section>
<?php if ($modsForHesk_settings['rich_text_for_tickets']): ?> <?php if ($modsForHesk_settings['rich_text_for_tickets']): ?>
<script type="text/javascript"> <script type="text/javascript">
/* <![CDATA[ */ /* <![CDATA[ */
@ -392,7 +391,7 @@ function edit_saved()
hesk_process_messages($hesk_error_buffer, 'manage_ticket_templates.php?saved_replies=' . $id); hesk_process_messages($hesk_error_buffer, 'manage_ticket_templates.php?saved_replies=' . $id);
} }
$result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "' LIMIT 1"); $result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "'");
unset($_SESSION['canned']['what']); unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['id']); unset($_SESSION['canned']['id']);
@ -451,7 +450,7 @@ function remove()
$mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']); $mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']);
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` WHERE `id`='" . intval($mysaved) . "' LIMIT 1"); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` WHERE `id`='" . intval($mysaved) . "'");
if (hesk_dbAffectedRows() != 1) { if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found]."); hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
} }
@ -472,7 +471,7 @@ function order_saved()
$tpl_move = intval(hesk_GET('move')); $tpl_move = intval(hesk_GET('move'));
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=`tpl_order`+" . intval($tpl_move) . " WHERE `id`='" . intval($tplid) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=`tpl_order`+" . intval($tpl_move) . " WHERE `id`='" . intval($tplid) . "'");
if (hesk_dbAffectedRows() != 1) { if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found]."); hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
} }
@ -482,7 +481,7 @@ function order_saved()
$i = 10; $i = 10;
while ($mytpl = hesk_dbFetchAssoc($result)) { while ($mytpl = hesk_dbFetchAssoc($result)) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=" . intval($i) . " WHERE `id`='" . intval($mytpl['id']) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=" . intval($i) . " WHERE `id`='" . intval($mytpl['id']) . "'");
$i += 10; $i += 10;
} }

210
admin/manage_users.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -38,6 +21,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/profile_functions.inc.php'); require(HESK_PATH . 'inc/profile_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -78,13 +62,13 @@ $default_userdata = array(
// Preferences // Preferences
'afterreply' => 0, 'afterreply' => 0,
'autorefresh' => 0,
// Defaults // Defaults
'autostart' => 1, 'autostart' => 1,
'notify_customer_new' => 1, 'notify_customer_new' => 1,
'notify_customer_reply' => 1, 'notify_customer_reply' => 1,
'show_suggested' => 1, 'show_suggested' => 1,
'autoreload' => 0,
'default_calendar_view' => $default_view, 'default_calendar_view' => $default_view,
// Notifications // Notifications
@ -169,38 +153,60 @@ if ($action = hesk_REQUEST('a')) {
unset($_SESSION['edit_userdata']); unset($_SESSION['edit_userdata']);
} }
/* Print header */ /* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php'); require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<section class="content">
<div class="row move-down-20"> <?php hesk_handle_messages(); ?>
<div class="col-md-10 col-md-offset-1"> <script language="Javascript" type="text/javascript"><!--
<script language="Javascript" type="text/javascript"><!-- function confirm_delete() {
function confirm_delete() { if (confirm('<?php echo addslashes($hesklang['sure_remove_user']); ?>')) {
if (confirm('<?php echo addslashes($hesklang['sure_remove_user']); ?>')) { return true;
return true; }
} else {
else { return false;
return false; }
} }
} //-->
//--> </script>
</script> <div class="box collapsed-box">
<div class="box-header with-border">
<?php <h1 class="box-title">
/* This will handle error, success and notice messages */ <?php echo $hesklang['add_user']; ?>
hesk_handle_messages(); <a href="javascript:void(0)" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['users_intro']); ?>')">
?> <i class="fa fa-question-circle settingsquestionmark"></i>
</a>
<h3 style="padding-bottom:5px"><?php echo $hesklang['manage_users']; ?> <a href="javascript:void(0)" </h1>
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['users_intro']); ?>')"><i <div class="box-tools pull-right">
class="fa fa-question-circle settingsquestionmark"></i></a></h3> <button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-plus"></i>
<div class="footerWithBorder blankSpace"></div> </button>
</div>
</div>
<div class="box-body">
<?php echo $hesklang['req_marked_with']; ?> <span class="red">*</span>
<form data-toggle="validator" name="form1" method="post" action="manage_users.php" class="form-horizontal" role="form">
<?php hesk_profile_tab('userdata', false, 'create_user'); ?>
</form>
</div>
</div>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['manage_users']; ?>
<a href="javascript:void(0)" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['users_intro']); ?>')">
<i class="fa fa-question-circle settingsquestionmark"></i>
</a>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<table class="table table-hover"> <table class="table table-hover">
<tr> <tr>
<th><b><i><?php echo $hesklang['name']; ?></i></b></th> <th><b><i><?php echo $hesklang['name']; ?></i></b></th>
@ -253,11 +259,11 @@ if ($action = hesk_REQUEST('a')) {
/* To edit yourself go to "Profile" page, not here. */ /* To edit yourself go to "Profile" page, not here. */
if ($myuser['id'] == $_SESSION['id']) { if ($myuser['id'] == $_SESSION['id']) {
$edit_code = '<a href="profile.php"><i class="fa fa-pencil icon-link" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>'; $edit_code = '<a href="profile.php"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
} elseif ($myuser['id'] == 1) { } elseif ($myuser['id'] == 1) {
$edit_code = ' <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />'; $edit_code = ' <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
} else { } else {
$edit_code = '<a href="manage_users.php?a=edit&amp;id=' . $myuser['id'] . '"><i class="fa fa-pencil icon-link" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>'; $edit_code = '<a href="manage_users.php?a=edit&amp;id=' . $myuser['id'] . '"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
} }
if ($myuser['isadmin']) { if ($myuser['isadmin']) {
@ -329,29 +335,15 @@ EOC;
} ?> } ?>
</div> </div>
</div> </div>
<div class="row">
<div class="col-md-10 col-md-offset-1">
<h3><?php echo $hesklang['add_user']; ?></h3>
<h6><?php echo $hesklang['req_marked_with']; ?> <font class="important">*</font></h6>
<div class="footerWithBorder blankSpace"></div>
<form data-toggle="validator" name="form1" method="post" action="manage_users.php" class="form-horizontal" role="form">
<?php hesk_profile_tab('userdata', false, 'create_user'); ?>
</form>
</div>
</div>
<script language="Javascript" type="text/javascript"><!-- <script language="Javascript" type="text/javascript"><!--
hesk_checkPassword(document.form1.newpass.value); hesk_checkPassword(document.form1.newpass.value);
//--> //-->
</script> </script>
</section>
<p>&nbsp;</p> <?php
require_once(HESK_PATH . 'inc/footer.inc.php');
<?php exit();
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
} // End else } // End else
@ -447,27 +439,29 @@ function edit_user()
<li class="active"><?php echo $hesklang['editing_user'] . ' ' . $_SESSION['original_user']; ?></li> <li class="active"><?php echo $hesklang['editing_user'] . ' ' . $_SESSION['original_user']; ?></li>
</ol> </ol>
<div class="row pad-down-20"> <section class="content">
<div class="col-md-8 col-md-offset-2"> <div class="box">
<?php <div class="box-header with-border">
/* This will handle error, success and notice messages */ <h1 class="box-title">
hesk_handle_messages(); <?php echo $hesklang['editing_user'] . ' <b>' . $_SESSION['original_user'] . '</b>'; ?>
?> </h1>
</div>
<h3><?php echo $hesklang['editing_user'] . ' ' . $_SESSION['original_user']; ?></h3> <div class="box-body">
<h6><?php echo $hesklang['req_marked_with']; ?> <font class="important">*</font></h6> <?php
/* This will handle error, success and notice messages */
<div class="footerWithBorder blankSpace"></div> hesk_handle_messages();
?>
<form role="form" class="form-horizontal" name="form1" method="post" action="manage_users.php"> <h6><?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span></h6>
<?php hesk_profile_tab('userdata', false, 'edit_user'); ?> <form role="form" class="form-horizontal" name="form1" method="post" action="manage_users.php">
</form> <?php hesk_profile_tab('userdata', false, 'edit_user'); ?>
<script language="Javascript" type="text/javascript"><!-- </form>
hesk_checkPassword(document.form1.newpass.value); <script language="Javascript" type="text/javascript"><!--
//--> hesk_checkPassword(document.form1.newpass.value);
</script> //-->
</script>
</div>
</div> </div>
</div> </section>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
@ -512,6 +506,7 @@ function new_user()
`heskprivileges`, `heskprivileges`,
`afterreply`, `afterreply`,
`autostart`, `autostart`,
`autoreload`,
`notify_customer_new`, `notify_customer_new`,
`notify_customer_reply`, `notify_customer_reply`,
`show_suggested`, `show_suggested`,
@ -524,7 +519,6 @@ function new_user()
`notify_note`, `notify_note`,
`notify_note_unassigned`, `notify_note_unassigned`,
`notify_overdue_unassigned`, `notify_overdue_unassigned`,
`autorefresh`,
`permission_template`, `permission_template`,
`default_calendar_view`) VALUES ( `default_calendar_view`) VALUES (
'" . hesk_dbEscape($myuser['user']) . "', '" . hesk_dbEscape($myuser['user']) . "',
@ -538,6 +532,7 @@ function new_user()
'" . hesk_dbEscape($myuser['features']) . "', '" . hesk_dbEscape($myuser['features']) . "',
'" . ($myuser['afterreply']) . "' , '" . ($myuser['afterreply']) . "' ,
'" . ($myuser['autostart']) . "' , '" . ($myuser['autostart']) . "' ,
'" . ($myuser['autoreload']) . "' ,
'" . ($myuser['notify_customer_new']) . "' , '" . ($myuser['notify_customer_new']) . "' ,
'" . ($myuser['notify_customer_reply']) . "' , '" . ($myuser['notify_customer_reply']) . "' ,
'" . ($myuser['show_suggested']) . "' , '" . ($myuser['show_suggested']) . "' ,
@ -550,7 +545,6 @@ function new_user()
'" . ($myuser['notify_note']) . "', '" . ($myuser['notify_note']) . "',
'" . ($myuser['notify_note_unassigned']) . "', '" . ($myuser['notify_note_unassigned']) . "',
'" . ($myuser['notify_overdue_unassigned']) . "', '" . ($myuser['notify_overdue_unassigned']) . "',
" . intval($myuser['autorefresh']) . ",
" . intval($myuser['template']) . ", " . intval($myuser['template']) . ",
" . intval($myuser['default_calendar_view']) . ")"); " . intval($myuser['default_calendar_view']) . ")");
@ -664,6 +658,7 @@ function update_user()
`heskprivileges`='" . hesk_dbEscape($myuser['features']) . "', `heskprivileges`='" . hesk_dbEscape($myuser['features']) . "',
`afterreply`='" . ($myuser['afterreply']) . "' , `afterreply`='" . ($myuser['afterreply']) . "' ,
`autostart`='" . ($myuser['autostart']) . "' , `autostart`='" . ($myuser['autostart']) . "' ,
`autoreload`='" . ($myuser['autoreload']) . "' ,
`notify_customer_new`='" . ($myuser['notify_customer_new']) . "' , `notify_customer_new`='" . ($myuser['notify_customer_new']) . "' ,
`notify_customer_reply`='" . ($myuser['notify_customer_reply']) . "' , `notify_customer_reply`='" . ($myuser['notify_customer_reply']) . "' ,
`show_suggested`='" . ($myuser['show_suggested']) . "' , `show_suggested`='" . ($myuser['show_suggested']) . "' ,
@ -676,10 +671,9 @@ function update_user()
`notify_note`='" . ($myuser['notify_note']) . "', `notify_note`='" . ($myuser['notify_note']) . "',
`notify_note_unassigned`='" . ($myuser['notify_note_unassigned']) . "', `notify_note_unassigned`='" . ($myuser['notify_note_unassigned']) . "',
`notify_overdue_unassigned`='" . ($myuser['notify_overdue_unassigned']) . "', `notify_overdue_unassigned`='" . ($myuser['notify_overdue_unassigned']) . "',
`autorefresh`=" . intval($myuser['autorefresh']) . ",
`permission_template`=" . intval($myuser['template']) . ", `permission_template`=" . intval($myuser['template']) . ",
`default_calendar_view`=" . intval($myuser['default_calendar_view']) . " `default_calendar_view`=" . intval($myuser['default_calendar_view']) . "
WHERE `id`='" . intval($myuser['id']) . "' LIMIT 1"); WHERE `id`='" . intval($myuser['id']) . "'");
// If they are now inactive, remove any manager rights // If they are now inactive, remove any manager rights
if (!$myuser['active']) { if (!$myuser['active']) {
@ -772,13 +766,25 @@ function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_user
if ($myuser['afterreply'] != 1 && $myuser['afterreply'] != 2) { if ($myuser['afterreply'] != 1 && $myuser['afterreply'] != 2) {
$myuser['afterreply'] = 0; $myuser['afterreply'] = 0;
} }
$myuser['autorefresh'] = intval(hesk_POST('autorefresh'));
// Defaults // Defaults
$myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0; $myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0;
$myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0; $myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
$myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0; $myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
$myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0; $myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
$myuser['autoreload'] = isset($_POST['autoreload']) ? 1 : 0;
if ($myuser['autoreload']) {
$myuser['autoreload'] = intval(hesk_POST('reload_time'));
if (hesk_POST('secmin') == 'min') {
$myuser['autoreload'] *= 60;
}
if ($myuser['autoreload'] < 0 || $myuser['autoreload'] > 65535) {
$myuser['autoreload'] = 30;
}
}
$myuser['default_calendar_view'] = hesk_POST('default-calendar-view', 0); $myuser['default_calendar_view'] = hesk_POST('default-calendar-view', 0);
/* Notifications */ /* Notifications */

11
admin/move_category.php
Unescape Escape View File

@ -44,7 +44,9 @@ hesk_isLoggedIn();
$modsForHesk_settings = mfh_getSettings(); $modsForHesk_settings = mfh_getSettings();
/* Check permissions for this feature */ /* Check permissions for this feature */
hesk_checkPermission('can_change_cat'); if (hesk_checkPermission('can_change_cat', 0)) {
hesk_checkPermission('can_change_own_cat');
}
/* A security check */ /* A security check */
hesk_token_check('POST'); hesk_token_check('POST');
@ -73,6 +75,11 @@ if (!$row['autoassign']) {
/* Is user allowed to view tickets in new category? */ /* Is user allowed to view tickets in new category? */
$category_ok = hesk_okCategory($category, 0); $category_ok = hesk_okCategory($category, 0);
// Is user allowed to move tickets to this category?
if (!$category_ok && !hesk_checkPermission('can_submit_any_cat', 0)) {
hesk_process_messages($hesklang['noauth_move'],'admin_main.php');
}
/* Get details about the original ticket */ /* Get details about the original ticket */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($res) != 1) { if (hesk_dbNumRows($res) != 1) {
@ -113,7 +120,7 @@ if ($need_to_reassign || !$ticket['owner']) {
} }
} }
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `category`='" . intval($category) . "', `owner`='" . intval($ticket['owner']) . "' , `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `category`='" . intval($category) . "', `owner`='" . intval($ticket['owner']) . "' , `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
$ticket['category'] = $category; $ticket['category'] = $category;

1989
admin/new_ticket.php
View File

File diff suppressed because it is too large Load Diff

393
admin/options.php
Unescape Escape View File

@ -1,393 +0,0 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
$id = hesk_input(hesk_GET('i'));
$query = hesk_input(hesk_utf8_urldecode(hesk_GET('q')));
$type = hesk_input(hesk_GET('t', 'text'));
$maxlen = intval(hesk_GET('m', 255));
$query = stripslashes($query);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML; 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title><?php echo $hesklang['opt']; ?></title>
<meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>"/>
<style type="text/css">
body {
margin: 5px 5px;
padding: 0;
background: #fff;
color: black;
font: 68.8%/1.5 Verdana, Geneva, Arial, Helvetica, sans-serif;
text-align: left;
}
p {
color: black;
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
font-size: 1.0em;
}
h3 {
color: #AF0000;
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
font-weight: bold;
font-size: 1.0em;
text-align: center;
}
.title {
color: black;
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
font-weight: bold;
font-size: 1.0em;
}
.wrong {
color: red;
}
.correct {
color: green;
}
</style>
</head>
<body>
<h3><?php echo $hesklang['opt']; ?></h3>
<p><i><?php echo $hesklang['ns']; ?></i></p>
<?php
switch ($type) {
case 'text':
echo '
<script language="javascript">
function hesk_saveOptions()
{
window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o2\').value;
window.opener.document.getElementById(\'s_' . $id . '_maxlen\').value = document.getElementById(\'o1\').value;
window.close();
}
</script>
<table border="0">
<tr>
<td>' . $hesklang['custom_l'] . ':<td>
<td><input type="text" name="o1" id="o1" value="' . $maxlen . '" size="30" /></td>
</tr>
<tr>
<td>' . $hesklang['defw'] . ':<td>
<td><input type="text" name="o2" id="o2" value="' . $query . '" size="30" /></td>
</tr>
</table>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'hidden':
echo '
<script language="javascript">
function hesk_saveOptions()
{
window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o1\').value;
window.close();
}
</script>
<p>' . $hesklang['hidden_custom_field_help'] . '</p>
<table border="0">
<tr>
<td>' . $hesklang['value_colon'] . '<td>
<td><input type="text" name="o1" id="o1" value="' . $query . '" size="30" /></td>
</tr>
</table>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'readonly':
echo '
<script language="javascript">
function hesk_saveOptions()
{
window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o1\').value;
window.close();
}
</script>
<p>' . $hesklang['readonly_custom_field_help'] . '</p>
<table border="0">
<tr>
<td>' . $hesklang['value_colon'] . '<td>
<td><input type="text" name="o1" id="o1" value="' . $query . '" size="30" /></td>
</tr>
</table>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'textarea':
if (strpos($query, '#') !== false) {
list($rows, $cols) = explode('#', $query);
} else {
$rows = '';
$cols = '';
}
echo '
<script language="javascript">
function hesk_saveOptions()
{
window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o1\').value + "#" + document.getElementById(\'o2\').value;
window.close();
}
</script>
<table border="0">
<tr>
<td>' . $hesklang['rows'] . ':<td>
<td><input type="text" name="o1" id="o1" value="' . $rows . '" size="5" /></td>
</tr>
<tr>
<td>' . $hesklang['cols'] . ':<td>
<td><input type="text" name="o2" id="o2" value="' . $cols . '" size="5" /></td>
</tr>
</table>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'radio':
$options = str_replace('#HESK#', "\n", $query);
echo '
<script language="javascript">
function hesk_saveOptions()
{
text = document.getElementById(\'o1\').value;
text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
text = escape(text);
if(text.indexOf(\'%0D%0A\') > -1)
{
re_nlchar = /%0D%0A/g ;
}
else if(text.indexOf(\'%0A\') > -1)
{
re_nlchar = /%0A/g ;
}
else if(text.indexOf(\'%0D\') > -1)
{
re_nlchar = /%0D/g ;
}
else
{
alert(\'' . addslashes($hesklang['atl2']) . '\');
return false;
}
text = unescape(text.replace(re_nlchar,\'#HESK#\'));
window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
window.close();
}
</script>
<p>' . $hesklang['opt2'] . '</p>
<textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'select':
$query = str_replace('{HESK_SELECT}', '', $query, $show_select);
$options = str_replace('#HESK#', "\n", $query);
echo '
<script language="javascript">
function hesk_saveOptions()
{
text = document.getElementById(\'o1\').value;
text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
text = escape(text);
if(text.indexOf(\'%0D%0A\') > -1)
{
re_nlchar = /%0D%0A/g ;
}
else if(text.indexOf(\'%0A\') > -1)
{
re_nlchar = /%0A/g ;
}
else if(text.indexOf(\'%0D\') > -1)
{
re_nlchar = /%0D/g ;
}
else
{
alert(\'' . addslashes($hesklang['atl2']) . '\');
return false;
}
text = unescape(text.replace(re_nlchar,\'#HESK#\'));
if (document.getElementById(\'show_select\').checked)
{
text = "{HESK_SELECT}" + text;
}
window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
window.close();
}
</script>
<p>' . $hesklang['opt3'] . '</p>
<p><label><input type="checkbox" name="show_select" id="show_select" value="1" ' . ($show_select ? 'checked="checked"' : '') . ' /> ' . $hesklang['show_select'] . '</label></p>
<textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'checkbox':
$options = str_replace('#HESK#', "\n", $query);
echo '
<script language="javascript">
function hesk_saveOptions()
{
text = document.getElementById(\'o1\').value;
text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
text = escape(text);
if(text.indexOf(\'%0D%0A\') > -1)
{
re_nlchar = /%0D%0A/g ;
}
else if(text.indexOf(\'%0A\') > -1)
{
re_nlchar = /%0A/g ;
}
else if(text.indexOf(\'%0D\') > -1)
{
re_nlchar = /%0D/g ;
}
else
{
alert(\'' . addslashes($hesklang['atl2']) . '\');
return false;
}
text = unescape(text.replace(re_nlchar,\'#HESK#\'));
window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
window.close();
}
</script>
<p>' . $hesklang['opt4'] . '</p>
<textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'date':
echo '<p>' . $hesklang['date_custom_field_text'] . '</p>';
break;
case 'multiselect':
$options = str_replace('#HESK#', "\n", $query);
echo '
<script language="javascript">
function hesk_saveOptions()
{
text = document.getElementById(\'o1\').value;
text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
text = escape(text);
if(text.indexOf(\'%0D%0A\') > -1)
{
re_nlchar = /%0D%0A/g ;
}
else if(text.indexOf(\'%0A\') > -1)
{
re_nlchar = /%0A/g ;
}
else if(text.indexOf(\'%0D\') > -1)
{
re_nlchar = /%0D/g ;
}
else
{
alert(\'' . addslashes($hesklang['atl2']) . '\');
return false;
}
text = unescape(text.replace(re_nlchar,\'#HESK#\'));
window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
window.close();
}
</script>
<p>' . $hesklang['multiple_select_custom_field_text'] . '</p>
<textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'email':
$ccSelected = $query == 'cc' ? 'selected="selected"' : '';
$bccSelected = $query == 'bcc' ? 'selected="selected"' : '';
echo '
<script language="javascript">
function hesk_saveOptions()
{
var dropdown = document.getElementById(\'o1\');
window.opener.document.getElementById(\'s_' . $id . '_val\').value = dropdown.options[dropdown.selectedIndex].value;
window.close();
}
</script>
<p>' . $hesklang['email_custom_field_help'] . '</p>
<table border="0">
<tr>
<td>' . $hesklang['email_custom_field_label'] . ':</td>
<td>
<select name="o1" id="o1">
<option value="cc" ' . $ccSelected . '>' . $hesklang['cc'] . '</option>
<option value="bcc" ' . $bccSelected . '>' . $hesklang['bcc'] . '</option>
</select>
</td>
</tr>
</table>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
default:
die('Invalid type');
}
?>
<p align="center"><a href="#" onclick="Javascript:window.close()"><?php echo $hesklang['cwin']; ?></a></p>
<p>&nbsp;</p>
</body>
</html>
<?php
exit();
?>

96
admin/password.php
Unescape Escape View File

@ -1,35 +1,19 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
define('PAGE_TITLE', 'LOGIN');
/* Get all the required files and functions */ /* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
@ -38,7 +22,6 @@ require(HESK_PATH . 'inc/common.inc.php');
// Connect to database and check for brute force attempts // Connect to database and check for brute force attempts
hesk_load_database_functions(); hesk_load_database_functions();
hesk_dbConnect(); hesk_dbConnect();
hesk_limitBfAttempts();
$modsForHesk_settings = mfh_getSettings(); $modsForHesk_settings = mfh_getSettings();
@ -112,6 +95,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
} }
} }
} }
hesk_limitBfAttempts();
// Get email // Get email
$email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email']; $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email'];
@ -236,32 +220,38 @@ if ($hesk_settings['recaptcha_use'] == 2) {
} }
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['passr']; $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['passr'];
require_once(HESK_PATH . 'inc/header.inc.php'); require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
?> ?>
<ol class="breadcrumb"> <div class="login-box">
<li><a href="<?php echo $hesk_settings['site_url']; ?>"><?php echo $hesk_settings['site_title']; ?></a></li> <div class="login-logo">
<li><a href="index.php"><?php echo $hesklang['admin_login']; ?></a></li> <?php echo $hesk_settings['hesk_title']; ?>
<li class="active"><?php echo $hesklang['passr']; ?></li> </div>
</ol> <div class="login-box-body">
<h4 class="login-box-msg">
<div class="row"> <?php echo $hesklang['passr']; ?>
<div class="col-md-10 col-md-offset-1"> </h4>
<form action="password.php" method="post" name="form1" class="form-signin form-horizontal" role="form"> <form action="password.php" method="post" name="form1" class="form-horizontal" role="form">
<?php <?php
/* This will handle error, success and notice messages */ /* This will handle error, success and notice messages */
hesk_handle_messages(); hesk_handle_messages();
?>
<h2><span <?php echo $iconDisplay; ?>><span
class="mega-octicon octicon-sign-in"></span>&nbsp;</span><?php echo $hesklang['passr']; ?></h2>
<div class="footerWithBorder blankSpace"></div> $has_error = '';
<div class="form-group <?php echo in_array('email', $_SESSION['a_iserror']) ? 'has-error' : ''; ?>"> if (in_array('email', $_SESSION['a_iserror'])) {
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?></label> $has_error = 'has-error';
}
$form_email = '';
if (isset($email)) {
$form_email = stripslashes(hesk_input($email));
}
?>
<div class="form-group <?php echo $has_error; ?>">
<label for="email" class="col-sm-3 control-label">
<?php echo $hesklang['email']; ?>
</label>
<div class="col-sm-9"> <div class="col-sm-9">
<input type="text" name="email" size="35" value="<?php if (isset($email)) { <input type="text" name="email" size="35" value="<?php echo $form_email; ?>"
echo stripslashes(hesk_input($email)); class="form-control" placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>">
} ?>" class="form-control" placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>">
</div> </div>
</div> </div>
<?php <?php
@ -287,8 +277,8 @@ require_once(HESK_PATH . 'inc/header.inc.php');
play_again: "<?php echo hesk_slashJS($hesklang['play_again']); ?>", play_again: "<?php echo hesk_slashJS($hesklang['play_again']); ?>",
cant_hear_this: "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?>", cant_hear_this: "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?>",
incorrect_try_again: "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?>", incorrect_try_again: "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?>",
image_alt_text: "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>", image_alt_text: "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>"
}, }
}; };
</script> </script>
<?php <?php
@ -318,19 +308,15 @@ require_once(HESK_PATH . 'inc/header.inc.php');
} }
?> ?>
<div class="form-group"> <div class="form-group">
<div class="col-sm-10 col-sm-offset-1"> <div class="col-sm-9 col-sm-offset-3">
<input type="submit" value="<?php echo $hesklang['passs']; ?>" class="btn btn-default"> <input type="submit" value="<?php echo $hesklang['passs']; ?>" class="btn btn-default">
</div> </div>
</div> </div>
</form> </form>
</div> </div>
</div> </div>
<?php <?php
// Clean session errors // Clean session errors
hesk_cleanSessionVars('a_iserror'); hesk_cleanSessionVars('a_iserror');
hesk_cleanSessionVars('img_a_verified'); hesk_cleanSessionVars('img_a_verified');
// Print footer
require_once(HESK_PATH . 'inc/footer.inc.php');
?> ?>

179
admin/profile.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -37,6 +20,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/profile_functions.inc.php'); require(HESK_PATH . 'inc/profile_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -84,75 +68,80 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print admin navigation */ /* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['profile_for']; ?> <b><?php echo $_SESSION['new']['user']; ?></b>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span>
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
<div class="row"> if (defined('WARN_PASSWORD')) {
<div class="col-md-8 col-md-offset-2 pad-down-20"> hesk_show_notice($hesklang['chdp2'], $hesklang['security']);
<?php }
/* This will handle error, success and notice messages */
hesk_handle_messages();
if (defined('WARN_PASSWORD')) {
hesk_show_notice($hesklang['chdp2'], $hesklang['security']);
}
?>
<h3><?php echo $hesklang['profile_for'] . ' <b>' . $_SESSION['new']['user']; ?></b></h3>
<h6><?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span></h6>
<div class="footerWithBorder blankSpace"></div>
<?php if ($hesk_settings['can_sel_lang']) {
if ($hesk_settings['can_sel_lang']) { /* Update preferred language in the database? */
/* Update preferred language in the database? */ if (isset($_GET['save_language'])) {
if (isset($_GET['save_language'])) { $newlang = hesk_input(hesk_GET('language'));
$newlang = hesk_input(hesk_GET('language'));
/* Only update if it's a valid language */ /* Only update if it's a valid language */
if (isset($hesk_settings['languages'][$newlang])) { if (isset($hesk_settings['languages'][$newlang])) {
$newlang = ($newlang == HESK_DEFAULT_LANGUAGE) ? "NULL" : "'" . hesk_dbEscape($newlang) . "'"; $newlang = ($newlang == HESK_DEFAULT_LANGUAGE) ? "NULL" : "'" . hesk_dbEscape($newlang) . "'";
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `language`=$newlang WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `language`=$newlang WHERE `id`='" . intval($_SESSION['id']) . "'");
}
} }
}
$str = '<form class="form-horizontal" role="form" method="get" action="profile.php">'; $str = '<form class="form-horizontal" role="form" method="get" action="profile.php">';
$str .= '<input type="hidden" name="save_language" value="1" />'; $str .= '<input type="hidden" name="save_language" value="1" />';
$str .= '<div class="form-group">'; $str .= '<div class="form-group">';
$str .= '<label for="language" class="col-sm-3 control-label">' . $hesklang['chol'] . ':</label>'; $str .= '<label for="language" class="col-sm-3 control-label">' . $hesklang['chol'] . ':</label>';
if (!isset($_GET)) { if (!isset($_GET)) {
$_GET = array(); $_GET = array();
} }
foreach ($_GET as $k => $v) { foreach ($_GET as $k => $v) {
if ($k == 'language' || $k == 'save_language') { if ($k == 'language' || $k == 'save_language') {
continue; continue;
}
$str .= '<input type="hidden" name="' . htmlentitieshesk_htmlentities($k) . '" value="' . hesk_htmlentities($v) . '" />';
} }
$str .= '<input type="hidden" name="' . htmlentitieshesk_htmlentities($k) . '" value="' . hesk_htmlentities($v) . '" />';
}
$str .= '<div class="col-sm-9"><select class="form-control" name="language" onchange="this.form.submit()">'; $str .= '<div class="col-sm-9"><select class="form-control" name="language" onchange="this.form.submit()">';
$str .= hesk_listLanguages(0); $str .= hesk_listLanguages(0);
$str .= '</select></div>'; $str .= '</select></div>';
$str .= '</div>' $str .= '</div>'
?>
<script language="javascript" type="text/javascript">
document.write('<?php echo str_replace(array('"','<','=','>',"'"),array('\42','\74','\75','\76','\47'),$str . '</form>'); ?>');
</script>
<noscript>
<?php
echo $str . '<input type="submit" value="' . $hesklang['go'] . '" /></form>';
?> ?>
</noscript> <script language="javascript" type="text/javascript">
<?php document.write('<?php echo str_replace(array('"','<','=','>',"'"),array('\42','\74','\75','\76','\47'),$str . '</form>'); ?>');
} </script>
?> <noscript>
<?php
echo $str . '<input type="submit" value="' . $hesklang['go'] . '" /></form>';
?>
</noscript>
<?php
}
?>
<form role="form" class="form-horizontal" method="post" action="profile.php" name="form1" data-toggle="validator"> <form role="form" class="form-horizontal" method="post" action="profile.php" name="form1" data-toggle="validator">
<?php hesk_profile_tab('new'); ?> <?php hesk_profile_tab('new'); ?>
</form> </form>
</div>
</div> </div>
</div> </section>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
@ -226,6 +215,21 @@ function update_profile()
$_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0; $_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
$_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0; $_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
$_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0; $_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
$_SESSION['new']['autoreload'] = isset($_POST['autoreload']) ? 1 : 0;
if ($_SESSION['new']['autoreload']) {
$_SESSION['new']['autoreload'] = intval(hesk_POST('reload_time'));
if (hesk_POST('secmin') == 'min') {
$_SESSION['new']['autoreload'] *= 60;
}
if ($_SESSION['new']['autoreload'] < 0 || $_SESSION['new']['autoreload'] > 65535) {
$_SESSION['new']['autoreload'] = 30;
}
} else {
hesk_setcookie('autorefresh', '');
}
/* Auto-start ticket timer */ /* Auto-start ticket timer */
$_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0; $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
@ -233,9 +237,6 @@ function update_profile()
/* Default calendar view */ /* Default calendar view */
$_SESSION['new']['default_calendar_view'] = hesk_POST('default-calendar-view', 0); $_SESSION['new']['default_calendar_view'] = hesk_POST('default-calendar-view', 0);
/* Update auto-refresh time */
$_SESSION['new']['autorefresh'] = isset($_POST['autorefresh']) ? $_POST['autorefresh'] : 0;
/* Notifications */ /* Notifications */
if (!(!$_SESSION[$session_array]['isadmin'] && isset($_SESSION[$session_array]['heskprivileges']) if (!(!$_SESSION[$session_array]['isadmin'] && isset($_SESSION[$session_array]['heskprivileges'])
&& strpos($_SESSION[$session_array]['heskprivileges'], 'can_change_notification_settings') === false)) { && strpos($_SESSION[$session_array]['heskprivileges'], 'can_change_notification_settings') === false)) {
@ -268,7 +269,7 @@ function update_profile()
$sql_pass , $sql_pass ,
`afterreply`='" . intval($_SESSION['new']['afterreply']) . "' , `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,
`autostart`='" . intval($_SESSION['new']['autostart']) . "' , `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,
`autorefresh`='" . intval($_SESSION['new']['autorefresh']) . "' , `autoreload`='".($_SESSION['new']['autoreload'])."' ,
`notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' , `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,
`notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' , `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,
`notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' , `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,
@ -282,7 +283,7 @@ function update_profile()
`notify_overdue_unassigned`='" . $_SESSION['new']['notify_overdue_unassigned'] . "', `notify_overdue_unassigned`='" . $_SESSION['new']['notify_overdue_unassigned'] . "',
`show_suggested`='" . $_SESSION['new']['show_suggested'] . "', `show_suggested`='" . $_SESSION['new']['show_suggested'] . "',
`default_calendar_view`=" . intval($_SESSION['new']['default_calendar_view']) . " `default_calendar_view`=" . intval($_SESSION['new']['default_calendar_view']) . "
WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1" WHERE `id`='" . intval($_SESSION['id']) . "'"
); );
/* Process the session variables */ /* Process the session variables */

299
admin/reports.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -37,6 +20,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/reporting_functions.inc.php'); require(HESK_PATH . 'inc/reporting_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -64,23 +48,23 @@ $is_all_time = 0;
/* Default this month to date */ /* Default this month to date */
$date_from = date('Y-m-d', mktime(0, 0, 0, date("m"), 1, date("Y"))); $date_from = date('Y-m-d', mktime(0, 0, 0, date("m"), 1, date("Y")));
$date_to = date('Y-m-d'); $date_to = date('Y-m-d');
$input_datefrom = date('m/d/Y', strtotime('last month')); $input_datefrom = date('Y-m-d', strtotime('last month'));
$input_dateto = date('m/d/Y'); $input_dateto = date('Y-m-d');
/* Date */ /* Date */
if (!empty($_GET['w'])) { if (!empty($_GET['w'])) {
$df = preg_replace('/[^0-9]/', '', hesk_GET('datefrom')); $df = preg_replace('/[^0-9]/', '', hesk_GET('datefrom'));
if (strlen($df) == 8) { if (strlen($df) == 8) {
$date_from = substr($df, 4, 4) . '-' . substr($df, 0, 2) . '-' . substr($df, 2, 2); $date_from = substr($df, 0, 4) . '-' . substr($df, 4, 2) . '-' . substr($df, 6, 2);
$input_datefrom = substr($df, 0, 2) . '/' . substr($df, 2, 2) . '/' . substr($df, 4, 4); $input_datefrom = $date_from;
} else { } else {
$date_from = date('Y-m-d', strtotime('last month')); $date_from = date('Y-m-d', strtotime('last month'));
} }
$dt = preg_replace('/[^0-9]/', '', hesk_GET('dateto')); $dt = preg_replace('/[^0-9]/', '', hesk_GET('dateto'));
if (strlen($dt) == 8) { if (strlen($dt) == 8) {
$date_to = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2); $date_to = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
$input_dateto = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4); $input_dateto = $date_to;
} else { } else {
$date_to = date('Y-m-d'); $date_to = date('Y-m-d');
} }
@ -214,127 +198,138 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */ /* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<section class="content">
<div class="row move-down-20"> <div class="box">
<div align="left" class="col-md-4"> <?php if (hesk_checkPermission('can_export', 0)) {
<div class="panel panel-default"> $canExport = true;
<div class="panel-heading"> $panelMargin = '-15px';
<?php echo $hesklang['reports_tab']; ?> <a href="#" } else {
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['reports_intro']); ?>')"><i $canExport = false;
class="fa fa-question-circle settingsquestionmark"></i></a> }
?>
<div class="box-header">
<h1 class="box-title">
<?php echo $hesklang['reports_tab']; ?> <a href="#"
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['reports_intro']); ?>')"><i
class="fa fa-question-circle settingsquestionmark"></i></a>
</h1>
<?php
// Show a link to export.php if user has permission to do so
if ($canExport) {
echo '<br><small><a title="' . $hesklang['export'] . '" href="export.php">' . $hesklang['export'] . '</a></small><div class="blankSpace"></div>';
}
?>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<form action="reports.php" method="get" name="form1" role="form">
<div class="form-group">
<label for="dtrg" class="control-label"><?php echo $hesklang['dtrg']; ?>:</label>
<div class="radio form-inline move-right-20">
<input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> style="position: relative">
<select name="time" onclick="document.getElementById('w0').checked = true"
class="form-control"
onfocus="document.getElementById('w0').checked = true"
style="margin-top:5px;margin-bottom:5px;">
<option value="1" <?php echo $selected['time'][1]; ?>><?php echo $hesklang['r1']; ?>
(<?php echo $hesklang['d' . date('w')]; ?>)
</option>
<option value="2" <?php echo $selected['time'][2]; ?>><?php echo $hesklang['r2']; ?>
(<?php echo $hesklang['d' . date('w', mktime(0, 0, 0, date('m'), date('d') - 1, date('Y')))]; ?>
)
</option>
<option value="3" <?php echo $selected['time'][3]; ?>><?php echo $hesklang['r3']; ?>
(<?php echo $hesklang['m' . date('n')]; ?>)
</option>
<option value="4" <?php echo $selected['time'][4]; ?>><?php echo $hesklang['r4']; ?>
(<?php echo $hesklang['m' . date('n', mktime(0, 0, 0, date('m') - 1, date('d'), date('Y')))]; ?>
)
</option>
<option
value="5" <?php echo $selected['time'][5]; ?>><?php echo $hesklang['r5']; ?></option>
<option
value="6" <?php echo $selected['time'][6]; ?>><?php echo $hesklang['r6']; ?></option>
<option
value="7" <?php echo $selected['time'][7]; ?>><?php echo $hesklang['r7']; ?></option>
<option
value="8" <?php echo $selected['time'][8]; ?>><?php echo $hesklang['r8']; ?></option>
<option
value="9" <?php echo $selected['time'][9]; ?>><?php echo $hesklang['r9']; ?></option>
<option
value="10" <?php echo $selected['time'][10]; ?>><?php echo $hesklang['r10']; ?>
(<?php echo date('Y'); ?>)
</option>
<option
value="11" <?php echo $selected['time'][11]; ?>><?php echo $hesklang['r11']; ?>
(<?php echo date('Y', mktime(0, 0, 0, date('m'), date('d'), date('Y') - 1)); ?>)
</option>
<option
value="12" <?php echo $selected['time'][12]; ?>><?php echo $hesklang['r12']; ?></option>
</select>
</div>
<div class="radio form-inline move-right-20">
<input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> style="position: relative">
<?php echo $hesklang['from']; ?> <input type="text" name="datefrom"
value="<?php echo $input_datefrom; ?>"
id="datefrom" class="datepicker form-control" size="10"
onclick="document.getElementById('w1').checked = true"
onfocus="document.getElementById('w1').checked = true;this.focus;"/>
<?php echo $hesklang['to']; ?> <input type="text" name="dateto"
value="<?php echo $input_dateto; ?>" id="dateto"
class="datepicker form-control" size="10"
onclick="document.getElementById('w1').checked = true"
onfocus="document.getElementById('w1').checked = true; this.focus;"/>
</div>
</div> </div>
<?php if (hesk_checkPermission('can_export', 0)) { <div class="form-group">
$canExport = true; <label for="type" class="control-label"><?php echo $hesklang['crt']; ?></b>:</label>
$panelMargin = '-15px'; <select name="type" class="form-control">
<option
value="1" <?php echo $selected['type'][1]; ?>><?php echo $hesklang['t1']; ?></option>
<option
value="2" <?php echo $selected['type'][2]; ?>><?php echo $hesklang['t2']; ?></option>
<option
value="3" <?php echo $selected['type'][3]; ?>><?php echo $hesklang['t3']; ?></option>
<option
value="4" <?php echo $selected['type'][4]; ?>><?php echo $hesklang['t4']; ?></option>
</select>
</div>
<div class="form-group">
<input type="submit" value="<?php echo $hesklang['dire']; ?>" class="btn btn-default"/>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
</div>
</form>
</div>
</div>
<div class="box">
<div class="box-header">
<h1 class="box-title">
<?php
if ($date_from == $date_to) {
echo hesk_dateToString($date_from, 0);
} else { } else {
$canExport = false; echo hesk_dateToString($date_from, 0) . ' - ' . hesk_dateToString($date_to, 0);
} }
?> ?>
<div class="panel-body" <?php if ($canExport) echo 'style="margin-top: -15px";'; ?>> </h1>
<?php <div class="box-tools pull-right">
// Show a link to export.php if user has permission to do so <button type="button" class="btn btn-box-tool" data-widget="collapse">
if ($canExport) { <i class="fa fa-minus"></i>
echo '<small><a title="' . $hesklang['export'] . '" href="export.php">' . $hesklang['export'] . '</a></small><div class="blankSpace"></div>'; </button>
}
?>
<form action="reports.php" method="get" name="form1" role="form">
<div class="form-group">
<label for="dtrg" class="control-label"><?php echo $hesklang['dtrg']; ?></b>:</label>
<div class="radio move-right-20">
<input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> />
<select name="time" onclick="document.getElementById('w0').checked = true"
onfocus="document.getElementById('w0').checked = true"
style="margin-top:5px;margin-bottom:5px;">
<option value="1" <?php echo $selected['time'][1]; ?>><?php echo $hesklang['r1']; ?>
(<?php echo $hesklang['d' . date('w')]; ?>)
</option>
<option value="2" <?php echo $selected['time'][2]; ?>><?php echo $hesklang['r2']; ?>
(<?php echo $hesklang['d' . date('w', mktime(0, 0, 0, date('m'), date('d') - 1, date('Y')))]; ?>
)
</option>
<option value="3" <?php echo $selected['time'][3]; ?>><?php echo $hesklang['r3']; ?>
(<?php echo $hesklang['m' . date('n')]; ?>)
</option>
<option value="4" <?php echo $selected['time'][4]; ?>><?php echo $hesklang['r4']; ?>
(<?php echo $hesklang['m' . date('n', mktime(0, 0, 0, date('m') - 1, date('d'), date('Y')))]; ?>
)
</option>
<option
value="5" <?php echo $selected['time'][5]; ?>><?php echo $hesklang['r5']; ?></option>
<option
value="6" <?php echo $selected['time'][6]; ?>><?php echo $hesklang['r6']; ?></option>
<option
value="7" <?php echo $selected['time'][7]; ?>><?php echo $hesklang['r7']; ?></option>
<option
value="8" <?php echo $selected['time'][8]; ?>><?php echo $hesklang['r8']; ?></option>
<option
value="9" <?php echo $selected['time'][9]; ?>><?php echo $hesklang['r9']; ?></option>
<option
value="10" <?php echo $selected['time'][10]; ?>><?php echo $hesklang['r10']; ?>
(<?php echo date('Y'); ?>)
</option>
<option
value="11" <?php echo $selected['time'][11]; ?>><?php echo $hesklang['r11']; ?>
(<?php echo date('Y', mktime(0, 0, 0, date('m'), date('d'), date('Y') - 1)); ?>)
</option>
<option
value="12" <?php echo $selected['time'][12]; ?>><?php echo $hesklang['r12']; ?></option>
</select>
</div>
<div class="radio move-right-20">
<input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> />
<?php echo $hesklang['from']; ?> <input type="text" name="datefrom"
value="<?php echo $input_datefrom; ?>"
id="datefrom" class="tcal" size="10"
onclick="document.getElementById('w1').checked = true"
onfocus="document.getElementById('w1').checked = true;this.focus;"/>
<?php echo $hesklang['to']; ?> <input type="text" name="dateto"
value="<?php echo $input_dateto; ?>" id="dateto"
class="tcal" size="10"
onclick="document.getElementById('w1').checked = true"
onfocus="document.getElementById('w1').checked = true; this.focus;"/>
</div>
</div>
<div class="form-group">
<label for="type" class="control-label"><?php echo $hesklang['crt']; ?></b>:</label>
<select name="type" class="form-control">
<option
value="1" <?php echo $selected['type'][1]; ?>><?php echo $hesklang['t1']; ?></option>
<option
value="2" <?php echo $selected['type'][2]; ?>><?php echo $hesklang['t2']; ?></option>
<option
value="3" <?php echo $selected['type'][3]; ?>><?php echo $hesklang['t3']; ?></option>
<option
value="4" <?php echo $selected['type'][4]; ?>><?php echo $hesklang['t4']; ?></option>
</select>
</div>
<div class="form-group text-center">
<input type="submit" value="<?php echo $hesklang['dire']; ?>" class="btn btn-default"/>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
</div>
</form>
</div>
</div> </div>
</div> </div>
<div class="col-sm-8"> <div class="box-body">
<?php <?php
/* This will handle error, success and notice messages */ /* This will handle error, success and notice messages */
hesk_handle_messages(); hesk_handle_messages();
?> ?>
<?php <?php
if ($date_from == $date_to) {
?>
<h3><?php echo hesk_dateToString($date_from, 0); ?></h3>
<div class="footerWithBorder blankSpace"></div>
<?php
} else {
?>
<h3><?php echo hesk_dateToString($date_from, 0); ?> - <?php echo hesk_dateToString($date_to, 0); ?></h3>
<div class="footerWithBorder blankSpace"></div>
<?php
}
// Show a note if reports are limited // Show a note if reports are limited
if (!$can_run_reports_full) { if (!$can_run_reports_full) {
@ -519,7 +514,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
// Some variables we will need // Some variables we will need
$tickets = array(); $tickets = array();
$totals = array('asstickets' => 0, 'resolved' => 0, 'tickets' => 0, 'replies' => 0, 'worked' => 0); $totals = array('asstickets' => 0, 'resolved' => 0, 'tickets' => 0, 'replies' => 0, 'worked' => 0, 'openedby' => 0);
// Get list of users // Get list of users
$admins = array(); $admins = array();
@ -539,6 +534,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
'tickets' => 0, 'tickets' => 0,
'replies' => 0, 'replies' => 0,
'worked' => '', 'worked' => '',
'openedby' => 0,
); );
} }
@ -614,10 +610,21 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
// Convert total seconds worked to HH:MM:SS // Convert total seconds worked to HH:MM:SS
$totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0; $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;
// Get total opened by tickets
$res = hesk_dbQuery("SELECT `openedby`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `openedby` IN ('" . implode("','", array_keys($admins) ) . "') AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `openedby`");
// -> update ticket list values
while ($row = hesk_dbFetchAssoc($res))
{
$tickets[$row['openedby']]['openedby'] += $row['cnt'];
$totals['openedby'] += $row['cnt'];
}
?> ?>
<table class="table table-striped table-condensed"> <table class="table table-striped table-condensed">
<tr> <tr>
<th><?php echo $hesklang['user']; ?></th> <th><?php echo $hesklang['user']; ?></th>
<th><?php echo $hesklang['numsub']; ?></th>
<th><?php echo $hesklang['ticass']; ?></th> <th><?php echo $hesklang['ticass']; ?></th>
<th><?php echo $hesklang['topen']; ?></th> <th><?php echo $hesklang['topen']; ?></th>
<th><?php echo $hesklang['closed_title']; ?></th> <th><?php echo $hesklang['closed_title']; ?></th>
@ -636,6 +643,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<tr> <tr>
<td><b><?php echo $hesklang['totals']; ?></b></td> <td><b><?php echo $hesklang['totals']; ?></b></td>
<td><b><?php echo $totals['openedby']; ?></b></td>
<td><b><?php echo $totals['asstickets']; ?></b></td> <td><b><?php echo $totals['asstickets']; ?></b></td>
<td><b><?php echo $totals['asstickets'] - $totals['resolved']; ?></b></td> <td><b><?php echo $totals['asstickets'] - $totals['resolved']; ?></b></td>
<td><b><?php echo $totals['resolved']; ?></b></td> <td><b><?php echo $totals['resolved']; ?></b></td>
@ -655,6 +663,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<tr> <tr>
<td><?php echo $admins[$k]; ?></td> <td><?php echo $admins[$k]; ?></td>
<td><?php echo $d['openedby']; ?></td>
<td><?php echo $d['asstickets']; ?></td> <td><?php echo $d['asstickets']; ?></td>
<td><?php echo $d['asstickets'] - $d['resolved']; ?></td> <td><?php echo $d['asstickets'] - $d['resolved']; ?></td>
<td><?php echo $d['resolved']; ?></td> <td><?php echo $d['resolved']; ?></td>
@ -671,6 +680,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<tr> <tr>
<td><b><?php echo $hesklang['totals']; ?></b></td> <td><b><?php echo $hesklang['totals']; ?></b></td>
<td><b><?php echo $totals['openedby']; ?></b></td>
<td><b><?php echo $totals['asstickets']; ?></b></td> <td><b><?php echo $totals['asstickets']; ?></b></td>
<td><b><?php echo $totals['asstickets'] - $totals['resolved']; ?></b></td> <td><b><?php echo $totals['asstickets'] - $totals['resolved']; ?></b></td>
<td><b><?php echo $totals['resolved']; ?></b></td> <td><b><?php echo $totals['resolved']; ?></b></td>
@ -909,6 +919,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
</div> </div>
</div> </div>
</section>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');

746
admin/service_messages.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -36,6 +19,7 @@ define('PAGE_TITLE', 'ADMIN_TOOLS');
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -72,384 +56,388 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */ /* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<section class="content">
<div class="row pad-20"> <div class="box">
<ul class="nav nav-tabs" role="tablist"> <div class="box-body">
<?php <div class="nav-tabs-custom">
// Show a link to banned_emails.php if user has permission to do so <ul class="nav nav-tabs" role="tablist">
if (hesk_checkPermission('can_ban_emails', 0)) { <?php
echo ' // Show a link to banned_emails.php if user has permission to do so
if (hesk_checkPermission('can_ban_emails', 0)) {
echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a> <a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a>
</li>'; </li>';
} }
if (hesk_checkPermission('can_ban_ips', 0)) { if (hesk_checkPermission('can_ban_ips', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a> <a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>
</li>'; </li>';
} }
?> ?>
<li role="presentation" class="active"> <li role="presentation" class="active">
<a href="#"><?php echo $hesklang['sm_title']; ?> <i class="fa fa-question-circle settingsquestionmark" <a href="#"><?php echo $hesklang['sm_title']; ?> <i class="fa fa-question-circle settingsquestionmark"
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['sm_intro']); ?>')"></i></a> onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['sm_intro']); ?>')"></i></a>
</li> </li>
<?php <?php
// Show a link to email tpl management if user has permission to do so // Show a link to email tpl management if user has permission to do so
if (hesk_checkPermission('can_man_email_tpl', 0)) { if (hesk_checkPermission('can_man_email_tpl', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a> <a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>
</li> </li>
'; ';
} }
if (hesk_checkPermission('can_man_ticket_statuses', 0)) { if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
echo ' echo '
<li role="presentation"> <li role="presentation">
<a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a> <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
</li> </li>
'; ';
} }
?> // Show a link to custom_fields.php if user has permission to do so
</ul> if ( hesk_checkPermission('can_man_settings',0) ) {
<div class="tab-content summaryList tabPadding"> echo '
<script language="javascript" type="text/javascript"><!-- <li role="presentation">
function confirm_delete() { <a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a>
if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) { </li>
return true; ';
} }
else { ?>
return false; </ul>
} <div class="tab-content summaryList tabPadding">
} <div class="row">
//--> <div class="col-sm-12">
</script> <?php
<div class="row"> /* This will handle error, success and notice messages */
<?php hesk_handle_messages();
/* This will handle error, success and notice messages */
hesk_handle_messages();
if (isset($_SESSION['new_sm']) && !isset($_SESSION['edit_sm'])) {
$_SESSION['new_sm'] = hesk_stripArray($_SESSION['new_sm']);
}
if (isset($_SESSION['preview_sm'])) {
hesk_service_message($_SESSION['new_sm']);
}
if ($hesk_settings['kb_wysiwyg']) {
?>
<script type="text/javascript">
tinyMCE.init({
mode: "exact",
elements: "content",
theme: "advanced",
convert_urls: false,
gecko_spellcheck: true,
theme_advanced_buttons1: "cut,copy,paste,|,undo,redo,|,formatselect,fontselect,fontsizeselect,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull",
theme_advanced_buttons2: "sub,sup,|,charmap,|,bullist,numlist,|,outdent,indent,insertdate,inserttime,preview,|,forecolor,backcolor,|,hr,removeformat,visualaid,|,link,unlink,anchor,image,cleanup,code",
theme_advanced_buttons3: "",
theme_advanced_toolbar_location: "top",
theme_advanced_toolbar_align: "left",
theme_advanced_statusbar_location: "bottom",
theme_advanced_resizing: true
});
</script>
<?php
}
?>
<div class="panel panel-default">
<div class="panel-heading">
<h4><?php echo $hesklang['ex_sm']; ?></h4>
</div>
<div class="panel-body">
<?php
// Get service messages from database if (isset($_SESSION['new_sm']) && !isset($_SESSION['edit_sm'])) {
$res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'service_messages` ORDER BY `order` ASC'); $_SESSION['new_sm'] = hesk_stripArray($_SESSION['new_sm']);
$num = hesk_dbNumRows($res);
if ($num < 1) {
echo '<p>' . $hesklang['no_sm'] . '</p>';
} else {
// List of staff
if (!isset($admins)) {
$admins = array();
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");
while ($row = hesk_dbFetchAssoc($res2)) {
$admins[$row['id']] = $row['name'];
} }
}
?>
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['sm_mtitle']; ?></th>
<th><?php echo $hesklang['sm_author']; ?></th>
<th><?php echo $hesklang['sm_type']; ?></th>
<th>&nbsp;<?php echo $hesklang['opt']; ?>&nbsp;</th>
</tr>
</thead>
<tbody>
<?php
$j = 1;
$k = 1;
while ($sm = hesk_dbFetchAssoc($res)) {
$faIcon = $sm['icon'];
switch ($sm['style']) {
case 1:
$sm_style = "alert alert-success";
break;
case 2:
$sm_style = "alert alert-info";
break;
case 3:
$sm_style = "alert alert-warning";
break;
case 4:
$sm_style = "alert alert-danger";
break;
default:
$sm_style = "none";
}
$type = $sm['type'] ? $hesklang['sm_draft'] : $hesklang['sm_published'];
if (isset($_SESSION['preview_sm'])) {
hesk_service_message($_SESSION['new_sm']);
}
if ($hesk_settings['kb_wysiwyg']) {
?> ?>
<tr> <script type="text/javascript">
<td> tinyMCE.init({
<div class="<?php echo $sm_style; ?>"> mode: "exact",
<i class="<?php echo $faIcon; ?>"></i> elements: "content",
<b><?php echo $sm['title']; ?></b> theme: "advanced",
</div> convert_urls: false,
</td> gecko_spellcheck: true,
<td><?php echo(isset($admins[$sm['author']]) ? $admins[$sm['author']] : $hesklang['e_udel']); ?></td>
<td><?php echo $type; ?></td> theme_advanced_buttons1: "cut,copy,paste,|,undo,redo,|,formatselect,fontselect,fontsizeselect,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull",
<td> theme_advanced_buttons2: "sub,sup,|,charmap,|,bullist,numlist,|,outdent,indent,insertdate,inserttime,preview,|,forecolor,backcolor,|,hr,removeformat,visualaid,|,link,unlink,anchor,image,cleanup,code",
<?php theme_advanced_buttons3: "",
if ($num > 1) {
if ($k == 1) { theme_advanced_toolbar_location: "top",
?> theme_advanced_toolbar_align: "left",
<img src="../img/blank.gif" width="16" height="16" alt="" theme_advanced_statusbar_location: "bottom",
style="padding:3px;border:none;"/> theme_advanced_resizing: true
<a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>"> });
<i class="fa fa-arrow-down font-size-16p green" </script>
data-toggle="tooltip" data-placement="top" <?php
data-original-title="<?php echo $hesklang['move_dn']; ?>"></i></a> }
<?php ?>
} elseif ($k == $num) { <div class="panel panel-default">
?> <div class="panel-heading">
<a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>"> <h4><?php echo $hesklang['ex_sm']; ?></h4>
<i class="fa fa-arrow-up font-size-16p green" data-toggle="tooltip" </div>
data-placement="top" <div class="panel-body">
data-original-title="<?php echo $hesklang['move_up']; ?>"></i></a> <?php
<img src="../img/blank.gif" width="16" height="16" alt=""
style="padding:3px;border:none;"/> // Get service messages from database
<?php $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'service_messages` ORDER BY `order` ASC');
} else { $num = hesk_dbNumRows($res);
?>
<a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>"> if ($num < 1) {
<i class="fa fa-arrow-up font-size-16p green" data-toggle="tooltip" echo '<p>' . $hesklang['no_sm'] . '</p>';
data-placement="top" } else {
data-original-title="<?php echo $hesklang['move_up']; ?>"></i></a> // List of staff
<a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>"> if (!isset($admins)) {
<i class="fa fa-arrow-down font-size-16p green" $admins = array();
data-toggle="tooltip" data-placement="top" $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");
data-original-title="<?php echo $hesklang['move_dn']; ?>"></i></a> while ($row = hesk_dbFetchAssoc($res2)) {
<?php $admins[$row['id']] = $row['name'];
} }
} }
?> ?>
<a href="service_messages.php?a=edit_sm&amp;id=<?php echo $sm['id']; ?>"> <table class="table table-hover">
<i class="fa fa-pencil font-size-16p orange" data-toggle="tooltip" <thead>
data-placement="top" <tr>
data-original-title="<?php echo $hesklang['edit']; ?>"></i></a> <th><?php echo $hesklang['sm_mtitle']; ?></th>
<a href="service_messages.php?a=remove_sm&amp;id=<?php echo $sm['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" <th><?php echo $hesklang['sm_author']; ?></th>
onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_sm']); ?>');"> <th><?php echo $hesklang['sm_type']; ?></th>
<i class="fa fa-times font-size-16p red" data-toggle="tooltip" <th>&nbsp;<?php echo $hesklang['opt']; ?>&nbsp;</th>
data-placement="top" </tr>
data-original-title="<?php echo $hesklang['delete']; ?>"></i></a>&nbsp; </thead>
</td> <tbody>
</tr> <?php
<?php $j = 1;
$j++; $k = 1;
$k++;
} // End while while ($sm = hesk_dbFetchAssoc($res)) {
$faIcon = $sm['icon'];
switch ($sm['style']) {
case 1:
$sm_style = "alert alert-success";
break;
case 2:
$sm_style = "alert alert-info";
break;
case 3:
$sm_style = "alert alert-warning";
break;
case 4:
$sm_style = "alert alert-danger";
break;
default:
$sm_style = "none";
}
$type = $sm['type'] ? $hesklang['sm_draft'] : $hesklang['sm_published'];
?> ?>
</tbody> <tr>
</table> <td>
<?php <div class="<?php echo $sm_style; ?>">
} <i class="<?php echo $faIcon; ?>"></i>
<b><?php echo $sm['title']; ?></b>
</div>
</td>
<td><?php echo(isset($admins[$sm['author']]) ? $admins[$sm['author']] : $hesklang['e_udel']); ?></td>
<td><?php echo $type; ?></td>
<td>
<?php
if ($num > 1) {
if ($k == 1) {
?>
<img src="../img/blank.gif" width="16" height="16" alt=""
style="padding:3px;border:none;"/>
<a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>">
<i class="fa fa-arrow-down font-size-16p green"
data-toggle="tooltip" data-placement="top"
data-original-title="<?php echo $hesklang['move_dn']; ?>"></i></a>
<?php
} elseif ($k == $num) {
?>
<a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>">
<i class="fa fa-arrow-up font-size-16p green" data-toggle="tooltip"
data-placement="top"
data-original-title="<?php echo $hesklang['move_up']; ?>"></i></a>
<img src="../img/blank.gif" width="16" height="16" alt=""
style="padding:3px;border:none;"/>
<?php
} else {
?>
<a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>">
<i class="fa fa-arrow-up font-size-16p green" data-toggle="tooltip"
data-placement="top"
data-original-title="<?php echo $hesklang['move_up']; ?>"></i></a>
<a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>">
<i class="fa fa-arrow-down font-size-16p green"
data-toggle="tooltip" data-placement="top"
data-original-title="<?php echo $hesklang['move_dn']; ?>"></i></a>
<?php
}
}
?>
<a href="service_messages.php?a=edit_sm&amp;id=<?php echo $sm['id']; ?>">
<i class="fa fa-pencil font-size-16p orange" data-toggle="tooltip"
data-placement="top"
data-original-title="<?php echo $hesklang['edit']; ?>"></i></a>
<a href="service_messages.php?a=remove_sm&amp;id=<?php echo $sm['id']; ?>&amp;token=<?php hesk_token_echo(); ?>"
onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_sm']); ?>');">
<i class="fa fa-times font-size-16p red" data-toggle="tooltip"
data-placement="top"
data-original-title="<?php echo $hesklang['delete']; ?>"></i></a>&nbsp;
</td>
</tr>
<?php
$j++;
$k++;
} // End while
?> ?>
</div> </tbody>
</div> </table>
<?php
}
<div class="panel panel-default"> ?>
<div class="panel-heading">
<h4><a name="new_article"></a><?php echo hesk_SESSION('edit_sm') ? $hesklang['edit_sm'] : $hesklang['new_sm']; ?></h4>
</div>
<div class="panel-body">
<form action="service_messages.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">
<div class="form-group">
<label for="style"
class="col-md-2 control-label"><?php echo $hesklang['sm_style']; ?></label>
<div class="col-md-2">
<div class="radio alert pad-5" style="box-shadow: none; border-radius: 4px;">
<label>
<input type="radio" name="style" value="0" onclick="setIcon('')"
<?php if (!isset($_SESSION['new_sm']['style']) || (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 0)) {
echo 'checked';
} ?>>
<?php echo $hesklang['sm_none']; ?>
</label>
</div>
</div>
<div class="col-md-2">
<div class="radio alert alert-success pad-5">
<label style="margin-top: -5px">
<input type="radio" name="style" value="1"
onclick="setIcon('fa fa-check-circle')"
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 1) {
echo 'checked';
} ?>>
<?php echo $hesklang['sm_success']; ?>
</label>
</div> </div>
</div> </div>
<div class="col-md-2">
<div class="radio alert alert-info pad-5" onclick="setIcon('fa fa-comment')"> <div class="panel panel-default">
<label style="margin-top: -5px"> <div class="panel-heading">
<input type="radio" name="style" value="2" <h4><a name="new_article"></a><?php echo hesk_SESSION('edit_sm') ? $hesklang['edit_sm'] : $hesklang['new_sm']; ?></h4>
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 2) {
echo 'checked';
} ?>>
<?php echo $hesklang['sm_info']; ?>
</label>
</div>
</div>
<div class="col-md-2">
<div class="radio alert alert-warning pad-5"
onclick="setIcon('fa fa-exclamation-triangle')">
<label style="margin-top: -5px">
<input type="radio" name="style" value="3"
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 3) {
echo 'checked';
} ?>>
<?php echo $hesklang['sm_notice']; ?>
</label>
</div>
</div>
<div class="col-md-2">
<div class="radio alert alert-danger pad-5" onclick="setIcon('fa fa-times-circle')">
<label style="margin-top: -5px">
<input type="radio" name="style" value="4"
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 4) {
echo 'checked';
} ?> >
<?php echo $hesklang['sm_error']; ?>
</label>
</div> </div>
</div> <div class="panel-body">
</div> <form action="service_messages.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">
<div class="form-group"> <div class="form-group">
<label for="icon" class="col-md-2 control-label"><?php echo $hesklang['sm_icon']; ?></label> <label for="style"
<?php class="col-md-2 control-label"><?php echo $hesklang['sm_style']; ?></label>
$icon = '';
if (isset($_SESSION['new_sm']['icon'])) { <div class="col-md-2">
$icon = $_SESSION['new_sm']['icon']; <div class="radio alert pad-5" style="box-shadow: none; border-radius: 4px;">
} <label>
?> <input type="radio" name="style" value="0" onclick="setIcon('')"
<div class="col-md-10"> <?php if (!isset($_SESSION['new_sm']['style']) || (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 0)) {
<p style="display:none" id="no-icon"><?php echo $hesklang['sm_no_icon']; ?></p> echo 'checked';
} ?>>
<?php echo $hesklang['sm_none']; ?>
</label>
</div>
</div>
<div class="col-md-2">
<div class="radio alert alert-success pad-5">
<label style="margin-top: -5px">
<input type="radio" name="style" value="1"
onclick="setIcon('fa fa-check-circle')"
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 1) {
echo 'checked';
} ?>>
<?php echo $hesklang['sm_success']; ?>
</label>
</div>
</div>
<div class="col-md-2">
<div class="radio alert alert-info pad-5" onclick="setIcon('fa fa-comment')">
<label style="margin-top: -5px">
<input type="radio" name="style" value="2"
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 2) {
echo 'checked';
} ?>>
<?php echo $hesklang['sm_info']; ?>
</label>
</div>
</div>
<div class="col-md-2">
<div class="radio alert alert-warning pad-5"
onclick="setIcon('fa fa-exclamation-triangle')">
<label style="margin-top: -5px">
<input type="radio" name="style" value="3"
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 3) {
echo 'checked';
} ?>>
<?php echo $hesklang['sm_notice']; ?>
</label>
</div>
</div>
<div class="col-md-2">
<div class="radio alert alert-danger pad-5" onclick="setIcon('fa fa-times-circle')">
<label style="margin-top: -5px">
<input type="radio" name="style" value="4"
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 4) {
echo 'checked';
} ?> >
<?php echo $hesklang['sm_error']; ?>
</label>
</div>
</div>
</div>
<div class="form-group">
<label for="icon" class="col-md-2 control-label"><?php echo $hesklang['sm_icon']; ?></label>
<?php
$icon = '';
if (isset($_SESSION['new_sm']['icon'])) {
$icon = $_SESSION['new_sm']['icon'];
}
?>
<div class="col-md-10">
<p style="display:none" id="no-icon"><?php echo $hesklang['sm_no_icon']; ?></p>
<p style="display:none" id="search-icon"><?php echo $hesklang['sm_search_icon']; ?></p> <p style="display:none" id="search-icon"><?php echo $hesklang['sm_search_icon']; ?></p>
<p style="display:none" <p style="display:none"
id="footer-icon"><?php echo $hesklang['sm_iconpicker_footer_label']; ?></p> id="footer-icon"><?php echo $hesklang['sm_iconpicker_footer_label']; ?></p>
<div name="icon" class="btn btn-default iconpicker-container" data-toggle="iconpicker" <div name="icon" class="btn btn-default iconpicker-container" data-toggle="iconpicker"
data-icon="<?php echo $icon; ?>"></div> data-icon="<?php echo $icon; ?>"></div>
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="type" class="col-md-2 control-label"><?php echo $hesklang['sm_type']; ?></label> <label for="type" class="col-md-2 control-label"><?php echo $hesklang['sm_type']; ?></label>
<div class="col-md-2"> <div class="col-md-2">
<div class="radio pad-5"> <div class="radio pad-5">
<label> <label>
<input type="radio" name="type" value="0" <input type="radio" name="type" value="0"
<?php if (!isset($_SESSION['new_sm']['type']) || (isset($_SESSION['new_sm']['type']) && $_SESSION['new_sm']['type'] == 0)) { <?php if (!isset($_SESSION['new_sm']['type']) || (isset($_SESSION['new_sm']['type']) && $_SESSION['new_sm']['type'] == 0)) {
echo 'checked'; echo 'checked';
} ?> > } ?> >
<?php echo $hesklang['sm_published']; ?> <?php echo $hesklang['sm_published']; ?>
</label> </label>
</div> </div>
</div> </div>
<div class="col-md-2"> <div class="col-md-2">
<div class="radio pad-5"> <div class="radio pad-5">
<label> <label>
<input type="radio" name="type" value="1" <input type="radio" name="type" value="1"
<?php if (isset($_SESSION['new_sm']['type']) && $_SESSION['new_sm']['type'] == 1) { <?php if (isset($_SESSION['new_sm']['type']) && $_SESSION['new_sm']['type'] == 1) {
echo 'checked'; echo 'checked';
} ?> > } ?> >
<?php echo $hesklang['sm_draft']; ?> <?php echo $hesklang['sm_draft']; ?>
</label> </label>
</div> </div>
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="title" <label for="title"
class="col-md-2 control-label"><?php echo $hesklang['sm_mtitle']; ?></label> class="col-md-2 control-label"><?php echo $hesklang['sm_mtitle']; ?></label>
<div class="col-md-10"> <div class="col-md-10">
<input class="form-control" <input class="form-control"
placeholder="<?php echo htmlspecialchars($hesklang['sm_mtitle']); ?>" placeholder="<?php echo htmlspecialchars($hesklang['sm_mtitle']); ?>"
type="text" name="title" size="70" maxlength="255" type="text" name="title" size="70" maxlength="255"
<?php if (isset($_SESSION['new_sm']['title'])) { <?php if (isset($_SESSION['new_sm']['title'])) {
echo 'value="' . $_SESSION['new_sm']['title'] . '"'; echo 'value="' . $_SESSION['new_sm']['title'] . '"';
} ?> data-error="<?php echo htmlspecialchars($hesklang['sm_e_title']); ?>" required> } ?> data-error="<?php echo htmlspecialchars($hesklang['sm_e_title']); ?>" required>
<div class="help-block with-errors"></div> <div class="help-block with-errors"></div>
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="message" <label for="message"
class="col-md-2 control-label"><?php echo $hesklang['sm_msg']; ?></label> class="col-md-2 control-label"><?php echo $hesklang['sm_msg']; ?></label>
<div class="col-md-10"> <div class="col-md-10">
<textarea placeholder="<?php echo htmlspecialchars($hesklang['sm_msg']); ?>" <textarea placeholder="<?php echo htmlspecialchars($hesklang['sm_msg']); ?>"
class="form-control" name="message" rows="25" cols="70" id="content"> class="form-control" name="message" rows="25" cols="70" id="content">
<?php if (isset($_SESSION['new_sm']['message'])) { <?php if (isset($_SESSION['new_sm']['message'])) {
echo $_SESSION['new_sm']['message']; echo $_SESSION['new_sm']['message'];
} ?> } ?>
</textarea> </textarea>
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<?php echo isset($_SESSION['edit_sm']) ? '<input type="hidden" name="a" value="save_sm" /><input type="hidden" name="id" value="' . intval($_SESSION['new_sm']['id']) . '" />' : '<input type="hidden" name="a" value="new_sm" />'; ?> <?php echo isset($_SESSION['edit_sm']) ? '<input type="hidden" name="a" value="save_sm" /><input type="hidden" name="id" value="' . intval($_SESSION['new_sm']['id']) . '" />' : '<input type="hidden" name="a" value="new_sm" />'; ?>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/> <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
<div class="col-md-10 col-md-offset-2"> <div class="col-md-10 col-md-offset-2">
<div class="btn-group" role="group"> <div class="btn-group" role="group">
<input type="submit" name="sm_save" value="<?php echo $hesklang['sm_save']; ?>" <input type="submit" name="sm_save" value="<?php echo $hesklang['sm_save']; ?>"
class="btn btn-primary"> class="btn btn-primary">
<input type="submit" name="sm_preview" <input type="submit" name="sm_preview"
value="<?php echo $hesklang['sm_preview']; ?>" class="btn btn-default"> value="<?php echo $hesklang['sm_preview']; ?>" class="btn btn-default">
</div>
</div>
</div>
</form>
</div> </div>
</div> </div>
</div> </div>
</form> </div>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
</div> </section>
<?php <?php
@ -486,9 +474,9 @@ function save_sm()
$message = hesk_getHTML(hesk_POST('message')); $message = hesk_getHTML(hesk_POST('message'));
// Clean the HTML code // Clean the HTML code
require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php'); require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
$purifier = new HTMLPurifier(); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$message = $purifier->purify($message); $message = $purifier->heskPurify($message);
// Any errors? // Any errors?
if (count($hesk_error_buffer)) { if (count($hesk_error_buffer)) {
@ -539,7 +527,7 @@ function save_sm()
`style` = '{$style}', `style` = '{$style}',
`type` = '{$type}', `type` = '{$type}',
`icon` = '{$icon}' `icon` = '{$icon}'
WHERE `id`={$id} LIMIT 1"); WHERE `id`={$id}");
$_SESSION['smord'] = $id; $_SESSION['smord'] = $id;
hesk_process_messages($hesklang['sm_mdf'], 'service_messages.php', 'SUCCESS'); hesk_process_messages($hesklang['sm_mdf'], 'service_messages.php', 'SUCCESS');
@ -580,7 +568,7 @@ function order_sm()
$_SESSION['smord'] = $id; $_SESSION['smord'] = $id;
// Update article details // Update article details
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=`order`+" . intval($move) . " WHERE `id`={$id} LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=`order`+" . intval($move) . " WHERE `id`={$id}");
// Update order of all service messages // Update order of all service messages
update_sm_order(); update_sm_order();
@ -602,7 +590,7 @@ function update_sm_order()
// Update database // Update database
$i = 10; $i = 10;
while ($sm = hesk_dbFetchAssoc($res)) { while ($sm = hesk_dbFetchAssoc($res)) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=" . intval($i) . " WHERE `id`='" . intval($sm['id']) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=" . intval($i) . " WHERE `id`='" . intval($sm['id']) . "'");
$i += 10; $i += 10;
} }
@ -622,7 +610,7 @@ function remove_sm()
$id = intval(hesk_GET('id')) or hesk_error($hesklang['sm_e_id']); $id = intval(hesk_GET('id')) or hesk_error($hesklang['sm_e_id']);
// Delete the service message // Delete the service message
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `id`={$id} LIMIT 1"); hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `id`={$id}");
// Were we successful? // Were we successful?
if (hesk_dbAffectedRows() == 1) { if (hesk_dbAffectedRows() == 1) {
@ -655,9 +643,9 @@ function new_sm()
$message = hesk_getHTML(hesk_POST('message')); $message = hesk_getHTML(hesk_POST('message'));
// Clean the HTML code // Clean the HTML code
require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php'); require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
$purifier = new HTMLPurifier(); $purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$message = $purifier->purify($message); $message = $purifier->heskPurify($message);
// Any errors? // Any errors?
if (count($hesk_error_buffer)) { if (count($hesk_error_buffer)) {

109
admin/show_tickets.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', '../'); define('HESK_PATH', '../');
@ -37,6 +20,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/status_functions.inc.php'); require(HESK_PATH . 'inc/status_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -44,34 +28,44 @@ hesk_dbConnect();
hesk_isLoggedIn(); hesk_isLoggedIn();
define('CALENDAR', 1); define('CALENDAR', 1);
define('AUTO_RELOAD',1);
/* Check permissions for this feature */ /* Check permissions for this feature */
hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_view_tickets');
/* Print header */ /* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php'); require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<div class="row"> <section class="content">
<div class="col-md-12 move-down-20"> <?php hesk_handle_messages(); ?>
<?php <div class="box">
/* This will handle error, success and notice messages */ <div class="box-header with-border">
hesk_handle_messages(); <h1 class="box-title">
?> <?php echo $hesklang['tickets']; ?>
<div class="panel panel-default"> </h1>
<div class="panel-heading"> <div class="box-tools pull-right">
<h4><?php echo $hesklang['tickets']; ?> <span class="nu-floatRight panel-button"><a <button type="button" class="btn btn-box-tool" data-widget="collapse">
href="new_ticket.php" class="btn btn-success"><span <i class="fa fa-minus"></i>
class="glyphicon glyphicon-plus-sign"></span> <?php echo $hesklang['nti']; ?></a></span></h4> </button>
</div> </div>
</div>
<div class="box-body">
<div class="checkbox">
<label>
<input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
<?php echo $hesklang['arp']; ?>
<span id="timer"></span>
</label>
</div>
<script type="text/javascript">heskCheckReloading();</script>
<?php <?php
/* Print the list of tickets */ /* Print the list of tickets */
$is_search = 1; $is_search = 1;
require_once(HESK_PATH . 'inc/print_tickets.inc.php'); require_once(HESK_PATH . 'inc/print_tickets.inc.php');
echo '<br>';
/* Update staff default settings? */ /* Update staff default settings? */
if (!empty($_GET['def'])) { if (!empty($_GET['def'])) {
hesk_updateStaffDefaults(); hesk_updateStaffDefaults();
@ -83,11 +77,34 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div> </div>
</div> </div>
<?php <?php
$hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
SBzdHJfcmVwbGFjZSgnd3d3LicsJycsc3RydG9sb3dlcigkaCkpOw0KaW5jbHVkZShIRVNLX1BBVEggL
iAnaGVza19saWNlbnNlLnBocCcpOw0KaWYgKGlzc2V0KCRoZXNrX3NldHRpbmdzWydsaWNlbnNlJ10pI
CYmIHN0cnBvcygkaGVza19zZXR0aW5nc1snbGljZW5zZSddLHNoYTEoJGguJ2gzJkZwMiNMYUEmNTkhd
yg4LlpjXSordVI1MTInKSkgIT09IGZhbHNlKQ0Kew0KJHMgPSAwOw0KfQ0KZWxzZQ0Kew0KZWNobyAnP
HAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyO2NvbG9yOnJlZDsiPklOVkFMSUQgTElDRU5TRSAoTk9UI
FJFR0lTVEVSRUQgRk9SICcuJGguJykhPC9wPic7DQp9DQp9DQppZiAoJHMpDQp7DQplY2hvICc8aHIgL
z48dGFibGUgYm9yZGVyPSIwIiB3aWR0aD0iMTAwJSI+PHRyPjx0ZD48Yj4nLiRoZXNrbGFuZ1sncmVtb
3ZlX3N0YXRlbWVudCddLic8L2I+PC90ZD48dGQgc3R5bGU9InRleHQtYWxpZ246cmlnaHQiPjxhIGhyZ
WY9IkphdmFzY3JpcHQ6dm9pZCgwKSIgb25jbGljaz0iYWxlcnQoXCcnLiRoZXNrbGFuZ1snc3VwcG9yd
F9ub3RpY2UnXS4nXCcpIj4nLiRoZXNrbGFuZ1snc2gnXS4nPC9hPjwvdGQ+PC90cj48L3RhYmxlPjxwP
icuJGhlc2tsYW5nWydzdXBwb3J0X3JlbW92ZSddLicuIDxhIGhyZWY9Imh0dHBzOi8vd3d3Lmhlc2suY
29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
C9wPic7DQp9DQo=', "\112");
/* Clean unneeded session variables */
/* Print footer */ hesk_cleanSessionVars('hide');
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
?> ?>
</section>
<?php
/* Print footer */
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
?>

131
admin/view_message_log.php
Unescape Escape View File

@ -8,6 +8,7 @@ define('PAGE_TITLE', 'ADMIN_TOOLS');
require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions(); hesk_load_database_functions();
hesk_session_start(); hesk_session_start();
@ -24,75 +25,83 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */ /* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?> ?>
<section class="content">
<div class="row pad-20"> <div class="box">
<div class="col-sm-4"> <div class="box-header with-border">
<div class="panel panel-default"> <h1 class="box-title">
<div class="panel-heading"> <?php echo $hesklang['search_logs']; ?>
<?php echo $hesklang['search_logs']; ?> </h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<div class="form-horizontal">
<div class="form-group">
<label for="location" class="control-label col-sm-4">
<?php echo $hesklang['custom_place']; ?>
</label>
<div class="col-sm-8">
<input type="text" name="location" class="form-control" placeholder="<?php echo hesk_htmlspecialchars($hesklang['custom_place']); ?>">
</div>
</div> </div>
<div class="panel-body"> <div class="form-group">
<div class="form-horizontal"> <label for="date" class="control-label col-sm-4">
<div class="form-group"> <?php echo $hesklang['date_logged']; ?>
<label for="location" class="control-label col-sm-4"> </label>
<?php echo $hesklang['custom_place']; ?> <div class="col-sm-8">
</label> <input type="text" name="from-date" class="datepicker form-control white-readonly no-bottom-round-corners no-bottom-border" placeholder="<?php echo hesk_htmlspecialchars($hesklang['from_date']); ?>" readonly>
<div class="col-sm-8"> <input type="text" name="to-date" class="datepicker form-control white-readonly no-top-round-corners" placeholder="<?php echo hesk_htmlspecialchars($hesklang['to_date']); ?>" readonly>
<input type="text" name="location" class="form-control" placeholder="<?php echo hesk_htmlspecialchars($hesklang['custom_place']); ?>">
</div>
</div>
<div class="form-group">
<label for="date" class="control-label col-sm-4">
<?php echo $hesklang['date_logged']; ?>
</label>
<div class="col-sm-8">
<input type="text" name="from-date" class="datepicker form-control white-readonly no-bottom-round-corners no-bottom-border" placeholder="<?php echo hesk_htmlspecialchars($hesklang['from_date']); ?>" readonly>
<input type="text" name="to-date" class="datepicker form-control white-readonly no-top-round-corners" placeholder="<?php echo hesk_htmlspecialchars($hesklang['to_date']); ?>" readonly>
</div>
</div>
<div class="form-group">
<label for="severity" class="control-label col-sm-4"><?php echo $hesklang['severity']; ?></label>
<div class="col-sm-8">
<select name="severity" class="form-control">
<option value="-1" selected><?php echo $hesklang['all']; ?></option>
<option value="0"><?php echo $hesklang['debug']; ?></option>
<option value="1"><?php echo $hesklang['info']; ?></option>
<option value="2"><?php echo $hesklang['warning_title_case']; ?></option>
<option value="3"><?php echo $hesklang['sm_error']; ?></option>
</select>
</div>
</div>
<div class="form-group">
<div class="col-sm-8 col-sm-offset-4">
<button class="btn btn-default" id="search-button"><?php echo $hesklang['search']; ?></button>
</div>
</div>
</div> </div>
</div> </div>
</div> <div class="form-group">
</div> <label for="severity" class="control-label col-sm-4"><?php echo $hesklang['severity']; ?></label>
<div class="col-sm-8"> <div class="col-sm-8">
<div class="panel panel-default"> <select name="severity" class="form-control">
<div class="panel-heading"> <option value="-1" selected><?php echo $hesklang['all']; ?></option>
<?php echo $hesklang['logs']; ?> <option value="0"><?php echo $hesklang['debug']; ?></option>
<option value="1"><?php echo $hesklang['info']; ?></option>
<option value="2"><?php echo $hesklang['warning_title_case']; ?></option>
<option value="3"><?php echo $hesklang['sm_error']; ?></option>
</select>
</div>
</div> </div>
<div class="panel-body"> <div class="form-group">
<table class="table table-striped" id="results-table"> <div class="col-sm-8 col-sm-offset-4">
<thead> <button class="btn btn-default" id="search-button"><?php echo $hesklang['search']; ?></button>
<tr> </div>
<th><?php echo $hesklang['date']; ?></th>
<th><?php echo $hesklang['user']; ?></th>
<th><?php echo $hesklang['custom_place']; ?></th>
<th><?php echo $hesklang['message']; ?></th>
</tr>
</thead>
<tbody></tbody>
</table>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['logs']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<table class="table table-striped" id="results-table">
<thead>
<tr>
<th><?php echo $hesklang['date']; ?></th>
<th><?php echo $hesklang['user']; ?></th>
<th><?php echo $hesklang['custom_place']; ?></th>
<th><?php echo $hesklang['message']; ?></th>
</tr>
</thead>
<tbody></tbody>
</table>
</div>
</div>
</section>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
exit(); exit();

2
build.php
Unescape Escape View File

@ -1,4 +1,4 @@
<?php <?php
// Define the current build // Define the current build
define('MODS_FOR_HESK_BUILD', 31); define('MODS_FOR_HESK_BUILD', 32);

59
change_status.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', './'); define('HESK_PATH', './');
@ -107,11 +90,21 @@ hesk_dbConnect();
// Verify email address match if needed // Verify email address match if needed
hesk_verifyEmailMatch($trackingID); hesk_verifyEmailMatch($trackingID);
// Setup required session vars
$_SESSION['t_track'] = $trackingID;
$_SESSION['t_email'] = $hesk_settings['e_email'];
// Load statuses
require_once(HESK_PATH . 'inc/statuses.inc.php');
// Is current ticket status even changeable by customers?
$ticket = hesk_dbFetchAssoc( hesk_dbQuery( "SELECT `status`, `staffreplies`, `lastreplier` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1") );
if (!hesk_can_customer_change_status($ticket['status'])) {
hesk_process_messages($hesklang['scno'],'ticket.php');
}
// Lets make status assignment a bit smarter when reopening tickets // Lets make status assignment a bit smarter when reopening tickets
if ($oldStatus == 2) { if ($oldStatus == 2) {
// Get number of replies and last replier (customer or staff)
$ticket = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `staffreplies`, `lastreplier` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"));
// If ticket has no staff replies set the status to "New" // If ticket has no staff replies set the status to "New"
if ($ticket['staffreplies'] < 1) { if ($ticket['staffreplies'] < 1) {
$statusRes = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1'); $statusRes = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1');
@ -128,11 +121,11 @@ if ($oldStatus == 2) {
// Modify values in the database // Modify values in the database
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND `locked` != '1' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND `locked` != '1'");
// Did we modify anything* // Did we modify anything*
if (hesk_dbAffectedRows() != 1) { if (hesk_dbAffectedRows() != 1) {
hesk_error($hesklang['elocked']); hesk_process_messages($hesklang['elocked'],'ticket.php');
} }
// Show success message // Show success message

7
css/AdminLTE.min.css vendored
View File

File diff suppressed because one or more lines are too long

51
css/colors.css
Unescape Escape View File

@ -0,0 +1,51 @@
.white {
color: #fff;
}
.red,
.important,
.critical-priority {
color: red;
}
.green {
color: green;
}
.orange,
.rating {
color: orange;
}
.medium {
color: #FF9900;
}
.gray {
color: grey;
}
.critical {
color: #9400d3;
}
.blue {
color: blue;
}
.med-low-priority {
background-color: #8BB467;
}
.high-priority {
background-color: #ff6a00;
}
/* Hover colors */
.red-on-hover:hover {
color: red;
}
.gray-on-hover:hover {
color: grey;
}

13
css/displays.css
Unescape Escape View File

@ -0,0 +1,13 @@
.hide-on-overflow {
overflow: hidden;
text-overflow: ellipsis;
}
.no-wrap {
white-space: nowrap;
}
.event-category {
border-radius: 4px;
padding: 5px;
}

179
css/mods-for-hesk-new.css
Unescape Escape View File

@ -0,0 +1,179 @@
.navbar-nav > .messages-menu > .dropdown-menu >li .menu > li > a,
.sidebar-menu, .main-sidebar .user-panel, .sidebar-menu > li.header{
white-space: normal;
}
.icon-link {
font-size: 16px; !important;
}
#due-date:hover,
.click-to-edit:hover {
font-weight: bolder;
cursor: pointer;
}
.linkless-dropdown {
display: block;
padding: 3px 20px;
clear: both;
font-weight: normal;
line-height: 1.42857143;
white-space: nowrap;
}
.dropdown-menu>li>span>.fa {
margin-right: 10px;
}
.no-margins {
margin: 0;
}
@media (max-width: 991px) {
.ticket-cell-admin {
border-bottom: solid 1px #ddd;
border-right: 0;
padding-top: 5px;
height: 100px;
}
}
@media (min-width: 992px) {
.ticket-cell-admin {
border-bottom: 0;
border-right: solid 1px #ddd;
margin-top: 1px;
height: 100px;
padding-top: 10px;
}
}
.ticket-property-title {
color: rgba(255, 255, 255, .75);
font-size: 11px;
text-transform: uppercase;
}
@media (min-width: 992px) {
.ticketPropertyText {
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
.ticketPropertyText:hover {
white-space: normal;
overflow: visible;
}
}
.ticketPropertyText {
font-size: 16px;
line-height: 1em;
color: #fff;
padding-bottom: 2px;
}
.status-row {
margin-bottom: 20px;
}
.push-down-10 {
margin-top: 10px;
}
.attachment-table > tbody > tr > td > i {
color: #ddd;
text-shadow: 2px 2px #ccc;
}
.attachment-table > tbody > tr > td {
vertical-align: middle;
}
.attachment-table > tbody > tr > td > span > img {
max-height: 80px;
max-width: 80px;
cursor: pointer;
}
.note {
border-bottom: solid 1px #000;
}
.fileinput-button {
width: 100%;
border-top-left-radius: 0;
border-top-right-radius: 0;
margin-top: -2px;
}
.file-row p.name {
overflow: hidden;
text-overflow: ellipsis;
}
.timeline-footer {
border-top: 1px solid #f4f4f4;
}
.timeline > .today-top {
margin-bottom: 60px;
}
.white-readonly {
cursor: text !important;
background-color: #fff !important;
}
button.dropdown-submit {
background: none !important;
border: none;
}
.form-signin {
max-width: 800px;
margin: 0 auto;
}
.loginError {
padding-top: 20px;
margin-left: auto;
margin-right: auto;
}
.login-box {
width: 500px;
}
.login-box-body {
border-radius: 5px;
}
.button-link {
color: #4a5571;
}
.button-link:hover {
text-decoration: none;
color: #000;
}
.button-link .col-xs-1 {
margin: 0 auto;
padding: 0;
}
.button-link .panel-body:hover {
background-color: #EEE;
}
.timeline-header.header-info {
font-size: 14px !important;
}
.full-width {
width: 100%;
}

7
css/positions.css
Unescape Escape View File

@ -0,0 +1,7 @@
.move-down-20 {
margin-top: 20px;
}
.move-right-20 {
margin-left: 20px;
}

1
css/skins/_all-skins.min.css vendored
View File

File diff suppressed because one or more lines are too long

39
download_attachment.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', './'); define('HESK_PATH', './');

15
hesk_javascript.js
Unescape Escape View File

@ -241,9 +241,10 @@ function hesk_suggestKBsearch(isAdmin) {
setTimeout('hesk_suggestKBsearch(' + isAdmin + ');', 2000); setTimeout('hesk_suggestKBsearch(' + isAdmin + ');', 2000);
} }
function hesk_suggestEmail(isAdmin) { function hesk_suggestEmail(emailField, displayDiv, padDiv, isAdmin, allowMultiple) {
var email = document.form1.email.value; allowMultiple = allowMultiple || 0;
var element = document.getElementById('email_suggestions'); var email = document.getElementById(emailField).value;
var element = document.getElementById(displayDiv);
if (isAdmin) { if (isAdmin) {
var path = '../suggest_email.php'; var path = '../suggest_email.php';
@ -253,7 +254,11 @@ function hesk_suggestEmail(isAdmin) {
} }
if (email != '') { if (email != '') {
var params = "e=" + encodeURIComponent(email); var params = "e=" + encodeURIComponent(email) + "&ef=" + encodeURIComponent(emailField) + "&dd=" + encodeURIComponent(displayDiv) + "&pd=" + encodeURIComponent(padDiv);
if (allowMultiple) {
params += "&am=1";
}
xmlHttp = GetXmlHttpObject(); xmlHttp = GetXmlHttpObject();
if (xmlHttp == null) { if (xmlHttp == null) {
@ -369,7 +374,7 @@ function hesk_contains(password, validChars) {
} }
function setCookie(name, value, expires, path, domain, secure) { function setCookie(name, value, expires, path, domain, secure) {
document.cookie = name + "=" + escape(value) + document.cookie= name + "=" + escape(value) +
((expires) ? "; expires=" + expires.toGMTString() : "") + ((expires) ? "; expires=" + expires.toGMTString() : "") +
((path) ? "; path=" + path : "") + ((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "") + ((domain) ? "; domain=" + domain : "") +

56
hesk_style.css
Unescape Escape View File

@ -755,4 +755,60 @@ td.admin_yellow {
height:16px; height:16px;
font-size:12px; font-size:12px;
margin-top:2px; margin-top:2px;
}
/* New styles in HESK version 2.7 */
div.select_category
{
min-width: 50%;
min-height: 300px;
display: inline-block;
text-align:left;
margin-top: 10px;
}
#select_category {
border: 1px solid #111;
background: transparent;
width: 100%;
padding: 5px 35px 5px 5px;
font-size: 14px;
border: 1px solid #ccc;
height: 34px;
}
#ul_category {
list-style-type: none;
margin: 0;
padding: 0;
}
#ul_category li {
border: 1px solid #d1d5d7;
border-top: none;
border-radius: 2px;
}
#ul_category li:first-child {
border-top: 1px solid #d1d5d7;
}
#ul_category li a {
display: block;
font-size: 14px;
padding: 0.75em 0.75em;
text-decoration: none;
transition: all 0.12s ease;
word-wrap: break-word;
}
#ul_category li a:hover {
color: black;
background-color: #e9ffdb;
}
select.multiple {
font-size: 12px;
height: auto;
} }

113
inc/admin_functions.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {
@ -51,13 +34,6 @@ $hesk_settings['possible_ticket_list'] = array(
'time_worked' => $hesklang['ts'], 'time_worked' => $hesklang['ts'],
); );
// Also possible to display all custom fields
for ($i = 1; $i <= 20; $i++) {
if ($hesk_settings['custom_fields']['custom' . $i]['use']) {
$hesk_settings['possible_ticket_list']['custom' . $i] = $hesk_settings['custom_fields']['custom' . $i]['name'];
}
}
/*** FUNCTIONS ***/ /*** FUNCTIONS ***/
@ -256,7 +232,7 @@ function hesk_mergeTickets($merge_these, $merge_into)
} }
/* Update history (log) and merged IDs of target ticket */ /* Update history (log) and merged IDs of target ticket */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET $replies_sql `time_worked`=ADDTIME(`time_worked`, '" . hesk_dbEscape($sec_worked) . "'), `merged`=CONCAT(`merged`,'" . hesk_dbEscape($merged . '#') . "'), `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `id`='" . intval($merge_into) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET $replies_sql `time_worked`=ADDTIME(`time_worked`, '" . hesk_dbEscape($sec_worked) . "'), `merged`=CONCAT(`merged`,'" . hesk_dbEscape($merged . '#') . "'), `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `id`='" . intval($merge_into) . "'");
return true; return true;
@ -393,8 +369,8 @@ function hesk_autoLogin($noredirect = 0)
/* Check username */ /* Check username */
$result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1"); $result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) { if (hesk_dbNumRows($result) != 1) {
setcookie('hesk_username', ''); hesk_setcookie('hesk_username', '');
setcookie('hesk_p', ''); hesk_setcookie('hesk_p', '');
header('Location: '.$url); header('Location: '.$url);
exit(); exit();
} }
@ -403,8 +379,8 @@ function hesk_autoLogin($noredirect = 0)
/* Check password */ /* Check password */
if ($hash != hesk_Pass2Hash($res['pass'] . strtolower($user) . $res['pass'])) { if ($hash != hesk_Pass2Hash($res['pass'] . strtolower($user) . $res['pass'])) {
setcookie('hesk_username', ''); hesk_setcookie('hesk_username', '');
setcookie('hesk_p', ''); hesk_setcookie('hesk_p', '');
header('Location: '.$url); header('Location: '.$url);
exit(); exit();
} }
@ -437,8 +413,8 @@ function hesk_autoLogin($noredirect = 0)
} }
/* Renew cookies */ /* Renew cookies */
setcookie('hesk_username', "$user", strtotime('+1 year')); hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
setcookie('hesk_p', "$hash", strtotime('+1 year')); hesk_setcookie('hesk_p', "$hash", strtotime('+1 year'));
/* Close any old tickets here so Cron jobs aren't necessary */ /* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) { if ($hesk_settings['autoclose']) {
@ -646,7 +622,8 @@ function hesk_formatDate($dt, $from_database = true)
function hesk_jsString($str) function hesk_jsString($str)
{ {
$str = str_replace(array('\'', '<br />'), array('\\\'', ''), $str); $str = addslashes($str);
$str = str_replace('<br />' , '' , $str);
$from = array("/\r\n|\n|\r/", '/\<a href="mailto\:([^"]*)"\>([^\<]*)\<\/a\>/i', '/\<a href="([^"]*)" target="_blank"\>([^\<]*)\<\/a\>/i'); $from = array("/\r\n|\n|\r/", '/\<a href="mailto\:([^"]*)"\>([^\<]*)\<\/a\>/i', '/\<a href="([^"]*)" target="_blank"\>([^\<]*)\<\/a\>/i');
$to = array("\\r\\n' + \r\n'", "$1", "$1"); $to = array("\\r\\n' + \r\n'", "$1", "$1");
return preg_replace($from, $to, $str); return preg_replace($from, $to, $str);
@ -715,3 +692,53 @@ function hesk_checkPermission($feature, $showerror = 1)
} }
} // END hesk_checkPermission() } // END hesk_checkPermission()
function hesk_purge_cache($type = '', $expire_after_seconds = 0)
{
global $hesk_settings;
$cache_dir = dirname(dirname(__FILE__)).'/'.$hesk_settings['cache_dir'].'/';
if ( ! is_dir($cache_dir))
{
return false;
}
switch ($type)
{
case 'export':
$files = glob($cache_dir.'hesk_export_*', GLOB_NOSORT);
break;
case 'status':
$files = glob($cache_dir.'status_*', GLOB_NOSORT);
break;
case 'cf':
$files = glob($cache_dir.'cf_*', GLOB_NOSORT);
break;
default:
hesk_rrmdir(trim($cache_dir, '/'), true);
return true;
}
if (is_array($files))
{
array_walk($files, 'hesk_unlink_callable', $expire_after_seconds);
}
return true;
} // END hesk_purge_cache()
function hesk_rrmdir($dir, $keep_top_level=false)
{
$files = $keep_top_level ? array_diff(scandir($dir), array('.','..','index.htm')) : array_diff(scandir($dir), array('.','..'));
foreach ($files as $file)
{
(is_dir("$dir/$file")) ? hesk_rrmdir("$dir/$file") : @unlink("$dir/$file");
}
return $keep_top_level ? true : @rmdir($dir);
} // END hesk_rrmdir()

39
inc/attachments.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {

236
inc/common.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {
@ -35,10 +18,20 @@ if (!defined('IN_SCRIPT')) {
#error_reporting(E_ALL); #error_reporting(E_ALL);
// Set correct Content-Type header /*
if (!defined('NO_HTTP_HEADER')) { * If code is executed from CLI, don't force SSL
* else set correct Content-Type header
*/
if (defined('NO_HTTP_HEADER')) {
$hesk_settings['force_ssl'] = false;
} else {
header('Content-Type: text/html; charset=utf-8'); header('Content-Type: text/html; charset=utf-8');
header('X-Frame-Options: SAMEORIGIN');
// Don't allow HESK to be loaded in a frame on third party domains
if ($hesk_settings['x_frame_opt'])
{
header('X-Frame-Options: SAMEORIGIN');
}
} }
// Set backslash options // Set backslash options
@ -56,12 +49,47 @@ if (!defined('ENT_XHTML')) {
define('ENT_XHTML', 0); define('ENT_XHTML', 0);
} }
// Is this is a SSL connection?
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') {
define('HESK_SSL', true);
// Use https-only cookies
@ini_set('session.cookie_secure', 1);
} else {
// Force redirect?
if ($hesk_settings['force_ssl']) {
header('HTTP/1.1 301 Moved Permanently');
header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit();
}
define('HESK_SSL', false);
}
// Prevents javascript XSS attacks aimed to steal the session ID
@ini_set('session.cookie_httponly', 1);
// **PREVENTING SESSION FIXATION**
// Session ID cannot be passed through URLs
@ini_set('session.use_only_cookies', 1);
// Load language file // Load language file
hesk_getLanguage(); hesk_getLanguage();
/*** FUNCTIONS ***/ /*** FUNCTIONS ***/
function hesk_setcookie($name, $value, $expire=0, $path=""){
if (HESK_SSL) {
setcookie($name, $value, $expire, $path, "", true, true);
} else {
setcookie($name, $value, $expire, $path, "", false, true);
}
return true;
} // END hesk_setcookie()
function hesk_service_message($sm) function hesk_service_message($sm)
{ {
$faIcon = $sm['icon']; $faIcon = $sm['icon'];
@ -145,6 +173,11 @@ function hesk_clean_utf8($in)
function hesk_load_database_functions() function hesk_load_database_functions()
{ {
// Already loaded?
if (function_exists('hesk_dbQuery')) {
return true;
}
// Preferrably use the MySQLi functions // Preferrably use the MySQLi functions
if (function_exists('mysqli_connect')) { if (function_exists('mysqli_connect')) {
require(HESK_PATH . 'inc/database_mysqli.inc.php'); require(HESK_PATH . 'inc/database_mysqli.inc.php');
@ -196,6 +229,12 @@ function hesk_unlink($file, $older_than = 0)
} // END hesk_unlink() } // END hesk_unlink()
function hesk_unlink_callable($file, $key, $older_than=0)
{
return hesk_unlink($file, $older_than);
} // END hesk_unlink_callable()
function hesk_utf8_urldecode($in) function hesk_utf8_urldecode($in)
{ {
$in = preg_replace("/%u([0-9a-f]{3,4})/i", "&#x\\1;", urldecode($in)); $in = preg_replace("/%u([0-9a-f]{3,4})/i", "&#x\\1;", urldecode($in));
@ -204,7 +243,11 @@ function hesk_utf8_urldecode($in)
function hesk_SESSION($in, $default = '') function hesk_SESSION($in, $default = '')
{ {
return isset($_SESSION[$in]) && ! is_array($_SESSION[$in]) ? $_SESSION[$in] : $default; if (is_array($in)) {
return isset($_SESSION[$in[0]][$in[1]]) && ! is_array(isset($_SESSION[$in[0]][$in[1]])) ? $_SESSION[$in[0]][$in[1]] : $default;
} else {
return isset($_SESSION[$in]) && ! is_array($_SESSION[$in]) ? $_SESSION[$in] : $default;
}
} // END hesk_SESSION(); } // END hesk_SESSION();
@ -327,7 +370,7 @@ function hesk_verifyEmailMatch($trackingID, $my_email = 0, $ticket_email = 0, $e
/* Email doesn't match, clean cookies and error out */ /* Email doesn't match, clean cookies and error out */
if ($error) { if ($error) {
setcookie('hesk_myemail', ''); hesk_setcookie('hesk_myemail', '');
hesk_process_messages($hesklang['enmdb'], 'ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999)); hesk_process_messages($hesklang['enmdb'], 'ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999));
} else { } else {
return false; return false;
@ -365,7 +408,7 @@ function hesk_getCustomerEmail($can_remember = 0, $field = '')
if (isset($_GET['e']) || isset($_POST['e'])) { if (isset($_GET['e']) || isset($_POST['e'])) {
$my_email = hesk_validateEmail(hesk_REQUEST('e'), 'ERR', 0); $my_email = hesk_validateEmail(hesk_REQUEST('e'), 'ERR', 0);
} /* Is email in cookie? */ } /* Is email in cookie? */
elseif ( isset($_GET['e']) || isset($_POST['e']) ) { elseif (isset($_COOKIE['hesk_myemail'])) {
$my_email = hesk_validateEmail(hesk_COOKIE('hesk_myemail'), 'ERR', 0); $my_email = hesk_validateEmail(hesk_COOKIE('hesk_myemail'), 'ERR', 0);
if ($can_remember && $my_email) { if ($can_remember && $my_email) {
$do_remember = ' checked="checked" '; $do_remember = ' checked="checked" ';
@ -970,7 +1013,7 @@ function hesk_showTopBar($page_title)
echo $page_title; echo $page_title;
} // END hesk_showTopBar() } // END hesk_showTopBar()
function hesk_getLanguagesAsFormIfNecessary() function hesk_getLanguagesAsFormIfNecessary($trackingID = false)
{ {
global $hesk_settings, $hesklang; global $hesk_settings, $hesklang;
@ -979,6 +1022,14 @@ function hesk_getLanguagesAsFormIfNecessary()
$str = '<form method="get" action="" role="form" style="margin:0;padding:0;border:0;white-space:nowrap;">'; $str = '<form method="get" action="" role="form" style="margin:0;padding:0;border:0;white-space:nowrap;">';
if ($trackingID !== false) {
$str .= '<input type="hidden" name="track" value="'.hesk_htmlentities($trackingID).'">';
if ($hesk_settings['email_view_ticket'] && isset($hesk_settings['e_email'])) {
$str .= '<input type="hidden" name="e" value="'.hesk_htmlentities($hesk_settings['e_email']).'">';
}
}
if (!isset($_GET)) { if (!isset($_GET)) {
$_GET = array(); $_GET = array();
} }
@ -1105,7 +1156,7 @@ function hesk_getLanguage()
} }
/* Remember and set the selected language */ /* Remember and set the selected language */
setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/'); hesk_setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/');
return hesk_returnLanguage(); return hesk_returnLanguage();
} // END hesk_getLanguage() } // END hesk_getLanguage()
@ -1113,10 +1164,45 @@ function hesk_getLanguage()
function hesk_returnLanguage() function hesk_returnLanguage()
{ {
global $hesk_settings, $hesklang; global $hesk_settings, $hesklang;
require(HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php'); // Variable that will be set to true if a language file was loaded
$customLanguagePath = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php'; $language_loaded = false;
if (file_exists($customLanguagePath)) {
include($customLanguagePath); // Load requested language file
$language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php';
if (file_exists($language_file)) {
require($language_file);
$language_loaded = true;
}
// Requested language file not found, try to load default installed language
if (!$language_loaded && $hesk_settings['language'] != HESK_DEFAULT_LANGUAGE) {
$language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][HESK_DEFAULT_LANGUAGE]['folder'] . '/text.php';
if (file_exists($language_file)) {
require($language_file);
$language_loaded = true;
$hesk_settings['language'] = HESK_DEFAULT_LANGUAGE;
}
}
// Requested language file not found, can we at least load English?
if (!$language_loaded && $hesk_settings['language'] != 'English' && HESK_DEFAULT_LANGUAGE != 'English') {
$language_file = HESK_PATH . 'language/en/text.php';
if (file_exists($language_file)) {
require($language_file);
$language_loaded = true;
$hesk_settings['language'] = 'English';
}
}
// If a language is still not loaded, give up
if (!$language_loaded) {
die('Count not load a valid language file.');
}
// Load a custom text file if available
$language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php';
if (file_exists($language_file)) {
require($language_file);
} }
return true; return true;
} // END hesk_returnLanguage() } // END hesk_returnLanguage()
@ -1637,9 +1723,43 @@ function hesk_check_maintenance($dodie = true)
<div class="alert alert-warning" style="margin: 20px"> <div class="alert alert-warning" style="margin: 20px">
<i class="fa fa-exclamation-triangle"></i> <i class="fa fa-exclamation-triangle"></i>
<b><?php echo $hesklang['mm1']; ?></b><br/><br/> <?php
<?php echo $hesklang['mm2']; ?><br/><br/> // Has the help desk been installed yet?
<?php echo $hesklang['mm3']; ?> if (
$hesk_settings['maintenance_mode'] == 0 &&
$hesk_settings['question_ans'] == 'PB6YM' &&
$hesk_settings['site_title'] == 'My Web site' &&
$hesk_settings['site_url'] == 'http://www.example.com' &&
$hesk_settings['webmaster_mail'] == 'support@example.com' &&
$hesk_settings['noreply_mail'] == 'support@example.com' &&
$hesk_settings['noreply_name'] == 'Help Desk' &&
$hesk_settings['db_host'] == 'localhost' &&
$hesk_settings['db_name'] == 'hesk' &&
$hesk_settings['db_user'] == 'test' &&
$hesk_settings['db_pass'] == 'test' &&
$hesk_settings['db_pfix'] == 'hesk_' &&
$hesk_settings['db_vrsn'] == 0 &&
$hesk_settings['hesk_title'] == 'Help Desk' &&
$hesk_settings['hesk_url'] == 'http://www.example.com/helpdesk'
)
{
echo "
<b>{$hesklang['hni1']}</b><br /><br />
{$hesklang['hni2']}<br /><br />
{$hesklang['hni3']}";
}
// Hesk appears to be installed, show a "Maintenance in progress" message
else
{
echo "
<b>{$hesklang['mm1']}</b><br /><br />
{$hesklang['mm2']}<br /><br />
{$hesklang['mm3']}";
}
?>
</div> </div>
<?php <?php
require_once(HESK_PATH . 'inc/footer.inc.php'); require_once(HESK_PATH . 'inc/footer.inc.php');
@ -1769,8 +1889,11 @@ function hesk_getFeatureArray()
'can_del_tickets', /* User can delete tickets */ 'can_del_tickets', /* User can delete tickets */
'can_edit_tickets', /* User can edit tickets */ 'can_edit_tickets', /* User can edit tickets */
'can_merge_tickets', /* User can merge tickets */ 'can_merge_tickets', /* User can merge tickets */
'can_resolve', /* User can resolve tickets */
'can_submit_any_cat', /* User can submit a ticket to any category/department */
'can_del_notes', /* User can delete ticket notes posted by other staff members */ 'can_del_notes', /* User can delete ticket notes posted by other staff members */
'can_change_cat', /* User can move ticke to a new category/department */ 'can_change_cat', /* User can move ticket to any category/department */
'can_change_own_cat', /* User can move ticket to a category/department he/she has access to */
'can_man_kb', /* User can manage knowledgebase articles and categories */ 'can_man_kb', /* User can manage knowledgebase articles and categories */
'can_man_users', /* User can create and edit staff accounts */ 'can_man_users', /* User can create and edit staff accounts */
'can_man_cat', /* User can manage categories/departments */ 'can_man_cat', /* User can manage categories/departments */
@ -1790,7 +1913,7 @@ function hesk_getFeatureArray()
'can_ban_ips', /* User can ban IP addresses */ 'can_ban_ips', /* User can ban IP addresses */
'can_unban_ips', /* User can delete IP bans. Also enables "can_ban_ips" */ 'can_unban_ips', /* User can delete IP bans. Also enables "can_ban_ips" */
'can_service_msg', /* User can manage service messages shown in customer interface */ 'can_service_msg', /* User can manage service messages shown in customer interface */
'can_man_email_tpl', /* User can manage email templates */ 'can_email_tpl', /* User can manage email templates */
'can_man_ticket_statuses', /* User can manage ticket statuses */ 'can_man_ticket_statuses', /* User can manage ticket statuses */
'can_set_manager', /* User can set category managers */ 'can_set_manager', /* User can set category managers */
'can_man_permission_tpl', /* User can manage permission templates */ 'can_man_permission_tpl', /* User can manage permission templates */
@ -1885,4 +2008,27 @@ function mfh_bytesToUnits($size) {
$quotient = $size / $bytes_in_megabyte; $quotient = $size / $bytes_in_megabyte;
return intval($quotient); return intval($quotient);
}
/**
* Returns the star markup based on the rating provided. Filled in stars are orange, empty stars are gray.
*/
function mfh_get_stars($rating) {
$int_value = intval($rating);
$has_half = $int_value === $rating;
$markup = '';
for ($i = 0; $i < $int_value; $i++) {
$markup .= '<i class="fa fa-star orange"></i>';
}
if ($has_half) {
$markup .= '<i class="fa fa-star-half-o orange"></i>';
}
for ($i = 0; $i < 5 - $int_value; $i++) {
$markup .= '<i class="fa fa-star-o gray"></i>';
}
return $markup;
} }

249
inc/custom_fields.inc.php
Unescape Escape View File

@ -0,0 +1,249 @@
<?php
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
// Get and append custom fields setup to the settings
hesk_load_custom_fields();
// Save number of custom fields
$hesk_settings['num_custom_fields'] = count($hesk_settings['custom_fields']);
// Load custom fields for admin functions
if (function_exists('hesk_checkPermission'))
{
foreach ($hesk_settings['custom_fields'] as $k => $v)
{
$hesk_settings['possible_ticket_list'][$k] = $hesk_settings['custom_fields'][$k]['title'];
}
}
/*** FUNCTIONS ***/
function hesk_load_custom_fields($category=0, $use_cache=1)
{
global $hesk_settings, $hesklang;
// Do we have a cached version available
$cache_dir = dirname(dirname(__FILE__)).'/'.$hesk_settings['cache_dir'].'/';
$cache_file = $cache_dir . 'cf_' . sha1($hesk_settings['language']).'.cache.php';
if ($use_cache && file_exists($cache_file))
{
require($cache_file);
return true;
}
// Get custom fields from the database
$hesk_settings['custom_fields'] = array();
// Make sure we have database connection
hesk_load_database_functions();
hesk_dbConnect();
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` WHERE `use` IN ('1', '2') ORDER BY `place` ASC, `order` ASC");
while ($row = hesk_dbFetchAssoc($res))
{
$id = 'custom' . $row['id'];
unset($row['id']);
// Let's set field name for current language (or the first one we find)
$names = json_decode($row['name'], true);
$row['name'] = (isset($names[$hesk_settings['language']])) ? $names[$hesk_settings['language']] : reset($names);
// Name for display in ticket list; punctuation removed and shortened
$row['title'] = hesk_remove_punctuation($row['name']);
$row['title'] = strlen($row['title']) > 30 ? substr($row['title'], 0, 30) . '...' : $row['title'];
// A version with forced punctuation
$row['name:'] = in_array(substr($row['name'], -1), array(':', '?', '!', '.') ) ? $row['name'] : $row['name'] . ':';
// Decode categories
$row['category'] = strlen($row['category']) ? json_decode($row['category'], true) : array();
// Decode options
$row['value'] = json_decode($row['value'], true);
// Add to custom_fields array
$hesk_settings['custom_fields'][$id] = $row;
}
// Try to cache results
if ($use_cache && (is_dir($cache_dir) || ( @mkdir($cache_dir, 0777) && is_writable($cache_dir) ) ) )
{
// Is there an index.htm file?
if ( ! file_exists($cache_dir.'index.htm'))
{
@file_put_contents($cache_dir.'index.htm', '');
}
// Write data
@file_put_contents($cache_file, '<?php if (!defined(\'IN_SCRIPT\')) {die();} $hesk_settings[\'custom_fields\']=' . var_export($hesk_settings['custom_fields'], true) . ';' );
}
return true;
} // END hesk_load_custom_fields()
function hesk_is_custom_field_in_category($custom_id, $category_id)
{
global $hesk_settings;
return (
empty($hesk_settings['custom_fields'][$custom_id]['category']) ||
in_array($category_id, $hesk_settings['custom_fields'][$custom_id]['category'])
) ? true : false;
} // END hesk_is_custom_field_in_category()
function hesk_custom_field_type($type)
{
global $hesklang;
switch ($type)
{
case 'text':
return $hesklang['stf'];
case 'textarea':
return $hesklang['stb'];
case 'radio':
return $hesklang['srb'];
case 'select':
return $hesklang['ssb'];
case 'checkbox':
return $hesklang['scb'];
case 'email':
return $hesklang['email'];
case 'date':
return $hesklang['date'];
case 'hidden':
return $hesklang['sch'];
case 'readonly':
return $hesklang['readonly'];
default:
return false;
}
} // END hesk_custom_field_type()
function hesk_custom_date_display_format($timestamp, $format = 'F j, Y')
{
global $hesklang;
if ($timestamp == '')
{
return '';
}
if ( ! is_int($timestamp))
{
$timestamp = $timestamp * 1;
}
if ($hesklang['LANGUAGE']=='English')
{
return gmdate($format, $timestamp);
}
// Attempt to translate date for non-English users
$translate_months = array(
'January' => $hesklang['m1'],
'February' => $hesklang['m2'],
'March' => $hesklang['m3'],
'April' => $hesklang['m4'],
'May' => $hesklang['m5'],
'June' => $hesklang['m6'],
'July' => $hesklang['m7'],
'August' => $hesklang['m8'],
'September' => $hesklang['m9'],
'October' => $hesklang['m10'],
'November' => $hesklang['m11'],
'December' => $hesklang['m12']
);
$translate_months_short = array(
'Jan' => $hesklang['ms01'],
'Feb' => $hesklang['ms02'],
'Mar' => $hesklang['ms03'],
'Apr' => $hesklang['ms04'],
'May' => $hesklang['ms05'],
'Jun' => $hesklang['ms06'],
'Jul' => $hesklang['ms07'],
'Aug' => $hesklang['ms08'],
'Sep' => $hesklang['ms09'],
'Oct' => $hesklang['ms10'],
'Nov' => $hesklang['ms11'],
'Dec' => $hesklang['ms12']
);
$translate_days = array(
'Monday' => $hesklang['d1'],
'Tuesday' => $hesklang['d2'],
'Wednesday' => $hesklang['d3'],
'Thursday' => $hesklang['d4'],
'Friday' => $hesklang['d5'],
'Saturday' => $hesklang['d6'],
'Sunday' => $hesklang['d0']
);
$translate_days_short = array(
'Mon' => $hesklang['mo'],
'Tuw' => $hesklang['tu'],
'Wes' => $hesklang['we'],
'Thu' => $hesklang['th'],
'Fri' => $hesklang['fr'],
'Sat' => $hesklang['sa'],
'Sun' => $hesklang['su']
);
$date_translate = array();
if (strpos($format, 'F') !== false)
{
$date_translate = array_merge($date_translate, $translate_months);
}
if (strpos($format, 'M') !== false)
{
$date_translate = array_merge($date_translate, $translate_months_short);
}
if (strpos($format, 'l') !== false)
{
$date_translate = array_merge($date_translate, $translate_days);
}
if (strpos($format, 'D') !== false)
{
$date_translate = array_merge($date_translate, $translate_days_short);
}
if (count($date_translate))
{
return str_replace( array_keys($date_translate), array_values($date_translate), gmdate($format, $timestamp));
}
return gmdate($format, $timestamp);
} // END hesk_custom_date_display_format()
function hesk_remove_punctuation($in)
{
return rtrim($in, ':?!.');
} // END hesk_remove_punctuation()

75
inc/email_functions.inc.php
Unescape Escape View File

@ -1,38 +1,24 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {
die('Invalid attempt'); die('Invalid attempt');
} }
// Make sure custom fields are loaded
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
/* Get includes for SMTP */ /* Get includes for SMTP */
if ($hesk_settings['smtp']) { if ($hesk_settings['smtp']) {
require(HESK_PATH . 'inc/mail/smtp.php'); require(HESK_PATH . 'inc/mail/smtp.php');
@ -63,7 +49,9 @@ function hesk_notifyCustomerForVerifyEmail($email_template = 'verify_email', $ac
// Add Cc / Bcc recipents if needed // Add Cc / Bcc recipents if needed
$ccEmails = array(); $ccEmails = array();
$bccEmails = array(); $bccEmails = array();
foreach ($hesk_settings['custom_fields'] as $k => $v) {
//TODO Update the email custom field to handle this properly
/*foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) { if ($v['use']) {
if ($v['type'] == 'email' && !empty($ticket[$k])) { if ($v['type'] == 'email' && !empty($ticket[$k])) {
if ($v['value'] == 'cc') { if ($v['value'] == 'cc') {
@ -75,7 +63,7 @@ function hesk_notifyCustomerForVerifyEmail($email_template = 'verify_email', $ac
} }
} }
} }
} }*/
hesk_mail($ticket['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, $ccEmails, $bccEmails, $hasMessage); hesk_mail($ticket['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, $ccEmails, $bccEmails, $hasMessage);
} }
@ -106,7 +94,9 @@ function hesk_notifyCustomer($modsForHesk_settings, $email_template = 'new_ticke
// Add Cc / Bcc recipents if needed // Add Cc / Bcc recipents if needed
$ccEmails = array(); $ccEmails = array();
$bccEmails = array(); $bccEmails = array();
foreach ($hesk_settings['custom_fields'] as $k => $v) {
//TODO Update the email custom field to handle this properly
/*foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) { if ($v['use']) {
if ($v['type'] == 'email' && !empty($ticket[$k])) { if ($v['type'] == 'email' && !empty($ticket[$k])) {
if ($v['value'] == 'cc') { if ($v['value'] == 'cc') {
@ -116,7 +106,7 @@ function hesk_notifyCustomer($modsForHesk_settings, $email_template = 'new_ticke
} }
} }
} }
} }*/
// Send e-mail // Send e-mail
hesk_mail($ticket['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, $ccEmails, $bccEmails, $hasMessage); hesk_mail($ticket['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, $ccEmails, $bccEmails, $hasMessage);
@ -846,15 +836,24 @@ function hesk_processMessage($msg, $ticket, $is_admin, $is_ticket, $just_message
$msg = str_replace('%%ID%%', $ticket['id'], $msg); $msg = str_replace('%%ID%%', $ticket['id'], $msg);
/* All custom fields */ /* All custom fields */
foreach ($hesk_settings['custom_fields'] as $k => $v) { for ($i=1; $i<=50; $i++) {
if ($v['use']) { $k = 'custom'.$i;
if ($v['type'] == 'checkbox') {
$ticket[$k] = str_replace("<br />", "\n", $ticket[$k]); if (isset($hesk_settings['custom_fields'][$k])) {
$v = $hesk_settings['custom_fields'][$k];
switch ($v['type']) {
case 'checkbox':
$ticket[$k] = str_replace("<br>","\n",$ticket[$k]);
break;
case 'date':
$ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
break;
} }
$msg = str_replace('%%' . strtoupper($k) . '%%', stripslashes($ticket[$k]), $msg); $msg = str_replace('%%'.strtoupper($k).'%%',stripslashes($ticket[$k]),$msg);
} else { } else {
$msg = str_replace('%%' . strtoupper($k) . '%%', '', $msg); $msg = str_replace('%%'.strtoupper($k).'%%','',$msg);
} }
} }

90
inc/footer.inc.php
Unescape Escape View File

@ -0,0 +1,90 @@
<?php
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
// Check if this is a valid include
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
// Auto-select first empty or error field on non-staff pages?
if (defined('AUTOFOCUS'))
{
?>
<script language="javascript">
(function(){
var forms = document.forms || [];
for(var i = 0; i < forms.length; i++)
{
for(var j = 0; j < forms[i].length; j++)
{
if(
!forms[i][j].readonly != undefined &&
forms[i][j].type != "hidden" &&
forms[i][j].disabled != true &&
forms[i][j].style.display != 'none' &&
(forms[i][j].className == 'isError' || forms[i][j].className == 'isNotice' || forms[i][j].value == '')
)
{
forms[i][j].focus();
return;
}
}
}
})();
</script>
<?php
}
// Users online
if (defined('SHOW_ONLINE'))
{
hesk_printOnline();
}
// The closing div here is to close the content area on each page. Annoying, but necessary.
if (defined('ADMIN_PAGE')) {
echo '
</div>
<footer class="main-footer">';
}
/*******************************************************************************
The code below handles HESK licensing. Removing or modifying this code without
purchasing a HESK license is strictly prohibited.
To purchase a HESK license and support future HESK development please visit:
https://www.hesk.com/buy.php
*******************************************************************************/
$hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
SBzdHJfcmVwbGFjZSgnd3d3LicsJycsc3RydG9sb3dlcigkaCkpOw0KaW5jbHVkZShIRVNLX1BBVEggL
iAnaGVza19saWNlbnNlLnBocCcpOw0KaWYgKGlzc2V0KCRoZXNrX3NldHRpbmdzWydsaWNlbnNlJ10pI
CYmIHN0cnBvcygkaGVza19zZXR0aW5nc1snbGljZW5zZSddLHNoYTEoJGguJ2gzJkZwMiNMYUEmNTkhd
yg4LlpjXSordVI1MTInKSkgIT09IGZhbHNlKQ0Kew0KJHMgPSAwOw0KfQ0KZWxzZQ0Kew0KZWNobyAnP
HAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyO2NvbG9yOnJlZDsiPklOVkFMSUQgTElDRU5TRSAoTk9UI
FJFR0lTVEVSRUQgRk9SICcuJGguJykhPC9wPic7DQp9DQp9DQppZiAoJHMpDQp7DQplY2hvICc8cCBzd
HlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPjxzcGFuIGNsYXNzPSJzbWFsbGVyIj4mbmJzcDs8YnIgLz5Qb
3dlcmVkIGJ5IDxhIGhyZWY9Imh0dHA6Ly93d3cuaGVzay5jb20iIGNsYXNzPSJzbWFsbGVyIiB0aXRsZ
T0iRnJlZSBQSFAgSGVscCBEZXNrIFNvZnR3YXJlIj5IZWxwIERlc2sgU29mdHdhcmU8L2E+IDxiPkhFU
0s8L2I+LCBicm91Z2h0IHRvIHlvdSBieSA8YSBocmVmPSJodHRwczovL3d3dy5zeXNhaWQuY29tLz91d
G1fc291cmNlPUhlc2smYW1wO3V0bV9tZWRpdW09Y3BjJmFtcDt1dG1fY2FtcGFpZ249SGVza1Byb2R1Y
3RfVG9fSFAiPlN5c0FpZDwvYT48L3NwYW4+PC9wPic7DQp9DQplY2hvICc8L3RkPjwvdHI+PC90YWJsZ
T48L2Rpdj4nOw0KaW5jbHVkZShIRVNLX1BBVEggLiAnZm9vdGVyLnR4dCcpOw0KZWNobyAnPC9ib2R5P
jwvaHRtbD4nOw==',"\112");
if (defined('ADMIN_PAGE')) {
echo '</footer>';
}
exit();

111
inc/header.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
require_once(HESK_PATH . 'build.php'); require_once(HESK_PATH . 'build.php');
@ -40,6 +23,7 @@ if (!function_exists('mfh_getSettings')) {
$modsForHesk_settings = array(); $modsForHesk_settings = array();
if (is_dir(HESK_PATH . 'install')) { if (is_dir(HESK_PATH . 'install')) {
define('MAINTENANCE_MODE', true);
$modsForHesk_settings['navbar_title_url'] = 'javascript:;'; $modsForHesk_settings['navbar_title_url'] = 'javascript:;';
$modsForHesk_settings['rtl'] = 0; $modsForHesk_settings['rtl'] = 0;
$modsForHesk_settings['use_bootstrap_theme'] = 1; $modsForHesk_settings['use_bootstrap_theme'] = 1;
@ -55,14 +39,14 @@ if (is_dir(HESK_PATH . 'install')) {
$modsForHesk_settings['dropdownItemTextHoverColor'] = '#262626'; $modsForHesk_settings['dropdownItemTextHoverColor'] = '#262626';
$modsForHesk_settings['dropdownItemTextHoverBackgroundColor'] = '#f5f5f5'; $modsForHesk_settings['dropdownItemTextHoverBackgroundColor'] = '#f5f5f5';
$modsForHesk_settings['questionMarkColor'] = '#000000'; $modsForHesk_settings['questionMarkColor'] = '#000000';
$modsForHesk_settings['enable_calendar'] = 1;
} else { } else {
$modsForHesk_settings = mfh_getSettings(); $modsForHesk_settings = mfh_getSettings();
} }
?> ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" <!DOCTYPE html>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head> <head>
<title><?php echo(isset($hesk_settings['tmp_title']) ? $hesk_settings['tmp_title'] : $hesk_settings['hesk_title']); ?></title> <title><?php echo(isset($hesk_settings['tmp_title']) ? $hesk_settings['tmp_title'] : $hesk_settings['hesk_title']); ?></title>
<meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>"/> <meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>"/>
@ -283,34 +267,37 @@ if ($modsForHesk_settings['show_icons']) {
<div class="navbar-collapse collapse"> <div class="navbar-collapse collapse">
<ul class="nav navbar-nav"> <ul class="nav navbar-nav">
<?php <?php
$active = ''; if ($hesk_settings['kb_enable'] !== 2 && !defined('MAINTENANCE_MODE')) {
if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_HOME') { $active = '';
$active = 'class="active"'; if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_HOME') {
} $active = 'class="active"';
}
?> ?>
<li <?php echo $active; ?>><a href="<?php echo HESK_PATH; ?>"><i <li <?php echo $active; ?>><a href="<?php echo HESK_PATH; ?>"><i
class="fa fa-home" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['main_page']; ?> class="fa fa-home" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['main_page']; ?>
</a></li> </a></li>
<?php
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_TICKET') {
$active = ' active';
}
?>
<li class="dropdown<?php echo $active; ?>">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><i
class="fa fa-ticket" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['ticket'] ?>
<b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="<?php echo HESK_PATH; ?>index.php?a=add"><i
class="fa fa-plus-circle" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['sub_support'] ?>
</a></li>
<li><a href="<?php echo HESK_PATH; ?>ticket.php"><i
class="fa fa-search" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['view_ticket_nav'] ?>
</a></li>
</ul>
</li>
<?php <?php
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_TICKET') {
$active = ' active';
} }
?> if ($hesk_settings['kb_enable'] && !defined('MAINTENANCE_MODE')) {
<li class="dropdown<?php echo $active; ?>">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><i
class="fa fa-ticket" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['ticket'] ?>
<b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="<?php echo HESK_PATH; ?>index.php?a=add"><i
class="fa fa-plus-circle" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['sub_support'] ?>
</a></li>
<li><a href="<?php echo HESK_PATH; ?>ticket.php"><i
class="fa fa-search" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['view_ticket_nav'] ?>
</a></li>
</ul>
</li>
<?php if ($hesk_settings['kb_enable']) {
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_KB') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_KB') {
$active = 'class="active"'; $active = 'class="active"';
@ -323,7 +310,7 @@ if ($modsForHesk_settings['show_icons']) {
if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_CALENDAR') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_CALENDAR') {
$active = ' active'; $active = ' active';
} }
if ($modsForHesk_settings['enable_calendar'] == 1): if ($modsForHesk_settings['enable_calendar'] == 1 && !defined('MAINTENANCE_MODE')):
?> ?>
<li class="<?php echo $active; ?>"> <li class="<?php echo $active; ?>">
<a href="<?php echo HESK_PATH; ?>calendar.php"><i class="fa fa-calendar" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['calendar_title_case']; ?></a> <a href="<?php echo HESK_PATH; ?>calendar.php"><i class="fa fa-calendar" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['calendar_title_case']; ?></a>
@ -333,7 +320,15 @@ if ($modsForHesk_settings['show_icons']) {
</ul> </ul>
<?php if ($hesk_settings['can_sel_lang']) { ?> <?php if ($hesk_settings['can_sel_lang']) { ?>
<div class="navbar-form navbar-right" role="search" style="margin-right: 20px; min-width: 80px;"> <div class="navbar-form navbar-right" role="search" style="margin-right: 20px; min-width: 80px;">
<?php echo hesk_getLanguagesAsFormIfNecessary(); ?> <?php
if (!defined('MAINTENANCE_MODE')) {
if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_TICKET') {
hesk_getLanguagesAsFormIfNecessary($trackingID);
} else {
hesk_getLanguagesAsFormIfNecessary();
}
}
?>
</div> </div>
<?php } ?> <?php } ?>

137
inc/headerAdmin.inc.php
Unescape Escape View File

@ -35,44 +35,21 @@ if (!defined('IN_SCRIPT')) {
die('Invalid attempt'); die('Invalid attempt');
} }
define('ADMIN_PAGE', true);
$modsForHesk_settings = mfh_getSettings(); $modsForHesk_settings = mfh_getSettings();
?> ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" <!DOCTYPE html>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head> <head>
<title><?php echo(isset($hesk_settings['tmp_title']) ? $hesk_settings['tmp_title'] : $hesk_settings['hesk_title']); ?></title> <title><?php echo(isset($hesk_settings['tmp_title']) ? $hesk_settings['tmp_title'] : $hesk_settings['hesk_title']); ?></title>
<meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>"/> <meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>"/>
<meta name="viewport" content="width=device-width, user-scalable=no"> <meta name="viewport" content="width=device-width, user-scalable=no">
<meta name="theme-color" content="<?php echo '#414a5c'; ?>"> <meta name="theme-color" content="<?php echo '#414a5c'; ?>">
<?php if ($modsForHesk_settings['rtl']) { ?>
<link href="<?php echo HESK_PATH; ?>hesk_style_RTL.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>" type="text/css"
rel="stylesheet"/>
<?php } else { ?>
<link href="<?php echo HESK_PATH; ?>hesk_style.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>" type="text/css"
rel="stylesheet"/>
<?php } ?>
<link href="<?php echo HESK_PATH; ?>css/datepicker.css" type="text/css" rel="stylesheet"/> <link href="<?php echo HESK_PATH; ?>css/datepicker.css" type="text/css" rel="stylesheet"/>
<link href="<?php echo HESK_PATH; ?>css/bootstrap.css?v=21" type="text/css" rel="stylesheet"/> <link href="<?php echo HESK_PATH; ?>css/bootstrap.css?v=21" type="text/css" rel="stylesheet"/>
<link href="<?php echo HESK_PATH; ?>css/bootstrap-theme.css?v=21" type="text/css"
rel="stylesheet" <?php if ($modsForHesk_settings['use_bootstrap_theme'] == 0) {
echo 'disabled';
} ?>>
<?php if ($modsForHesk_settings['rtl']) { ?>
<link href="<?php echo HESK_PATH; ?>css/bootstrap-rtl.min.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>"
type="text/css" rel="stylesheet"/>
<link href="<?php echo HESK_PATH; ?>css/mods-for-hesk.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>" type="text/css"
rel="stylesheet"/>
<link href="<?php echo HESK_PATH; ?>css/hesk_newStyleRTL.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>"
type="text/css" rel="stylesheet"/>
<?php } else { ?>
<link href="<?php echo HESK_PATH; ?>css/mods-for-hesk.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>" type="text/css"
rel="stylesheet"/>
<link href="<?php echo HESK_PATH; ?>css/hesk_newStyle.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>" type="text/css"
rel="stylesheet"/>
<?php } ?>
<link href="<?php echo HESK_PATH; ?>css/bootstrap-iconpicker.min.css" rel="stylesheet"> <link href="<?php echo HESK_PATH; ?>css/bootstrap-iconpicker.min.css" rel="stylesheet">
<link href="//netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet"> <link href="//netdna.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css" rel="stylesheet">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/octicons.css" type="text/css"> <link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/octicons.css" type="text/css">
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/leaflet/0.7.3/leaflet.css"> <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/leaflet/0.7.3/leaflet.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/dropzone.min.css"> <link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/dropzone.min.css">
@ -81,7 +58,14 @@ $modsForHesk_settings = mfh_getSettings();
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/bootstrap-clockpicker.min.css"> <link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/bootstrap-clockpicker.min.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/jquery.jgrowl.min.css"> <link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/jquery.jgrowl.min.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/bootstrap-colorpicker.min.css"> <link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/bootstrap-colorpicker.min.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/AdminLTE.min.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/skins/_all-skins.min.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/mods-for-hesk-new.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/colors.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/positions.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/displays.css">
<script src="<?php echo HESK_PATH; ?>js/jquery-1.10.2.min.js"></script> <script src="<?php echo HESK_PATH; ?>js/jquery-1.10.2.min.js"></script>
<script type="text/javascript" src="<?php echo HESK_PATH; ?>js/adminlte.min.js"></script>
<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>hesk_javascript.js"></script> <script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>hesk_javascript.js"></script>
<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap.min.js"></script> <script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap.min.js"></script>
<script type="text/javascript" src="<?php echo HESK_PATH; ?>js/dropzone.min.js"></script> <script type="text/javascript" src="<?php echo HESK_PATH; ?>js/dropzone.min.js"></script>
@ -105,51 +89,6 @@ $modsForHesk_settings = mfh_getSettings();
} }
?> ?>
<style> <style>
.navbar-default {
background-color: <?php echo $modsForHesk_settings['navbarBackgroundColor']; ?>;
background-image: none;
filter: none;
}
.navbar-default .navbar-brand {
color: <?php echo $modsForHesk_settings['navbarBrandColor']; ?>;
}
.navbar-default .navbar-brand:focus, .navbar-default .navbar-brand:hover {
color: <?php echo $modsForHesk_settings['navbarBrandHoverColor']; ?>;
background-color: transparent;
}
.navbar-default .navbar-nav > li > a {
color: <?php echo $modsForHesk_settings['navbarItemTextColor']; ?>;
}
.navbar-default .navbar-nav > li > a:focus, .navbar-default .navbar-nav > li > a:hover {
color: <?php echo $modsForHesk_settings['navbarItemTextHoverColor']; ?>;
background-color: transparent;
}
.dropdown-menu > li > a {
color: <?php echo $modsForHesk_settings['dropdownItemTextColor']; ?>;
}
.dropdown-menu > li > a:focus, .dropdown-menu > li > a:hover {
color: <?php echo $modsForHesk_settings['dropdownItemTextHoverColor']; ?>;
text-decoration: none;
background-color: <?php echo $modsForHesk_settings['dropdownItemTextHoverBackgroundColor']; ?>;
}
.navbar-default .navbar-nav > .open > a,
.navbar-default .navbar-nav > .open > a:focus,
.navbar-default .navbar-nav > .open > a:hover,
.navbar-default .navbar-nav > .active > a,
.navbar-default .navbar-nav > .active > a:focus,
.navbar-default .navbar-nav > .active > a:hover {
color: <?php echo $modsForHesk_settings['navbarItemTextSelectedColor']; ?>;
background-color: <?php echo $modsForHesk_settings['navbarItemSelectedBackgroundColor']; ?>;
background-image: none;
}
.settingsquestionmark { .settingsquestionmark {
color: <?php echo $modsForHesk_settings['questionMarkColor']; ?>; color: <?php echo $modsForHesk_settings['questionMarkColor']; ?>;
cursor: pointer; cursor: pointer;
@ -158,6 +97,12 @@ $modsForHesk_settings = mfh_getSettings();
.h3questionmark { .h3questionmark {
color: <?php echo $modsForHesk_settings['questionMarkColor']; ?>; color: <?php echo $modsForHesk_settings['questionMarkColor']; ?>;
} }
<?php if (defined('PAGE_TITLE') && PAGE_TITLE == 'LOGIN'): ?>
body {
background: #d2d6de;
}
<?php endif; ?>
</style> </style>
<?php <?php
@ -222,6 +167,50 @@ $modsForHesk_settings = mfh_getSettings();
} }
} }
// Auto reload
if (defined('AUTO_RELOAD') && hesk_checkPermission('can_view_tickets',0) && ! isset($_SESSION['hide']['ticket_list'])) {
?>
<script type="text/javascript">
var count = <?php echo empty($_SESSION['autoreload']) ? 30 : intval($_SESSION['autoreload']); ?>;
var reloadcounter;
var countstart = count;
function heskReloadTimer() {
count = count-1;
if (count <= 0) {
clearInterval(reloadcounter);
window.location.reload();
return;
}
document.getElementById("timer").innerHTML = "(" + count + ")";
}
function heskCheckReloading() {
if (<?php if ($_SESSION['autoreload']) echo "getCookie('autorefresh') == null || "; ?>getCookie('autorefresh') == '1') {
document.getElementById("reloadCB").checked=true;
document.getElementById("timer").innerHTML = "(" + count + ")";
reloadcounter = setInterval(heskReloadTimer, 1000);
}
}
function toggleAutoRefresh(cb) {
if (cb.checked) {
setCookie('autorefresh', '1');
document.getElementById("timer").innerHTML = "(" + count + ")";
reloadcounter = setInterval(heskReloadTimer, 1000);
} else {
setCookie('autorefresh', '0');
count = countstart;
clearInterval(reloadcounter);
document.getElementById("timer").innerHTML = "";
}
}
</script>
<?php
}
if (defined('MFH_CALENDAR')) { ?> if (defined('MFH_CALENDAR')) { ?>
<script src="<?php echo HESK_PATH; ?>js/calendar/moment.js"></script> <script src="<?php echo HESK_PATH; ?>js/calendar/moment.js"></script>
<script src="<?php echo HESK_PATH; ?>js/calendar/fullcalendar.min.js"></script> <script src="<?php echo HESK_PATH; ?>js/calendar/fullcalendar.min.js"></script>
@ -236,7 +225,7 @@ $modsForHesk_settings = mfh_getSettings();
</head> </head>
<body onload="<?php echo $onload; <body onload="<?php echo $onload;
unset($onload); ?>"> unset($onload); ?>" class="hold-transition <?php echo $modsForHesk_settings['admin_color_scheme']; ?> sidebar-mini">
<?php <?php
include(HESK_PATH . 'header.txt'); include(HESK_PATH . 'header.txt');

39
inc/knowledgebase_functions.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {

30
inc/mail_functions.inc.php
Unescape Escape View File

@ -0,0 +1,30 @@
<?php
function mfh_get_mail_headers_for_dropdown($user_id, $hesk_settings, $hesklang) {
$deleted_user_text = hesk_dbEscape($hesklang['deleted_user_title_case']);
$sql = "SELECT `mail`.`id` AS `id`, `mail`.`subject` AS `subject`,
`users`.`name` AS `from`, `mail`.`dt` AS `date`, `mail`.`from` AS `from_id`
FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` AS `mail`
LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `users`
ON `mail`.`from` = `users`.`id`
WHERE `to` = " . hesk_dbEscape($user_id) . "
AND `read` = '0'
ORDER BY `mail`.`dt` DESC";
$rs = hesk_dbQuery($sql);
$mails = array();
while ($row = hesk_dbFetchAssoc($rs)) {
if ($row['from'] == null) {
if ($row['from_id'] == 9999) {
$row['from'] = 'HESK.com';
} else {
$row['from'] = $deleted_user_text;
}
}
$mails[] = $row;
}
return $mails;
}

43
inc/pipe_functions.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {
@ -227,7 +210,7 @@ function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority
$ticket['status'] = $ticket['status'] ? $waiting_reply_rs['id'] : $new_status['id']; $ticket['status'] = $ticket['status'] ? $waiting_reply_rs['id'] : $new_status['id'];
// Update ticket as necessary // Update ticket as necessary
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "'");
// If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened) // If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened)
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' "); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' ");
@ -475,7 +458,7 @@ function hesk_isEmailLoop($email, $message_hash)
} }
// Update DB entry // Update DB entry
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '" . hesk_dbEscape($message_hash) . "' WHERE `email` LIKE '{$email_like}' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '" . hesk_dbEscape($message_hash) . "' WHERE `email` LIKE '{$email_like}'");
} else { } else {
// First instance, insert a new database row // First instance, insert a new database row
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` (`email`, `message_hash`) VALUES ('" . hesk_dbEscape($email) . "', '" . hesk_dbEscape($message_hash) . "')"); hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` (`email`, `message_hash`) VALUES ('" . hesk_dbEscape($email) . "', '" . hesk_dbEscape($message_hash) . "')");

105
inc/posting_functions.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {
@ -39,6 +22,12 @@ function hesk_newTicket($ticket, $isVerified = true)
{ {
global $hesk_settings, $hesklang, $hesk_db_link; global $hesk_settings, $hesklang, $hesk_db_link;
// Generate a subject if necessary
if (strlen($ticket['subject']) < 1)
{
$ticket['subject'] = sprintf($hesklang['default_subject'], $ticket['name']);
}
// If language is not set or default, set it to NULL. // If language is not set or default, set it to NULL.
if (!isset($ticket['language']) || empty($ticket['language'])) { if (!isset($ticket['language']) || empty($ticket['language'])) {
$language = (!$hesk_settings['can_sel_lang']) ? HESK_DEFAULT_LANGUAGE : hesk_dbEscape($hesklang['LANGUAGE']); $language = (!$hesk_settings['can_sel_lang']) ? HESK_DEFAULT_LANGUAGE : hesk_dbEscape($hesklang['LANGUAGE']);
@ -59,6 +48,16 @@ function hesk_newTicket($ticket, $isVerified = true)
$due_date = "'" . hesk_dbEscape($ticket['due_date']) . "'"; $due_date = "'" . hesk_dbEscape($ticket['due_date']) . "'";
} }
// Prepare SQL for custom fields
$custom_where = '';
$custom_what = '';
for ($i=1; $i<=50; $i++)
{
$custom_where .= ", `custom{$i}`";
$custom_what .= ", '" . (isset($ticket['custom'.$i]) ? hesk_dbEscape($ticket['custom'.$i]) : '') . "'";
}
// Insert ticket into database // Insert ticket into database
hesk_dbQuery(" hesk_dbQuery("
INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . $tableName . "` INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . $tableName . "`
@ -79,27 +78,6 @@ function hesk_newTicket($ticket, $isVerified = true)
`owner`, `owner`,
`attachments`, `attachments`,
`merged`, `merged`,
`history`,
`custom1`,
`custom2`,
`custom3`,
`custom4`,
`custom5`,
`custom6`,
`custom7`,
`custom8`,
`custom9`,
`custom10`,
`custom11`,
`custom12`,
`custom13`,
`custom14`,
`custom15`,
`custom16`,
`custom17`,
`custom18`,
`custom19`,
`custom20`,
`status`, `status`,
`latitude`, `latitude`,
`longitude`, `longitude`,
@ -107,7 +85,9 @@ function hesk_newTicket($ticket, $isVerified = true)
`user_agent`, `user_agent`,
`screen_resolution_height`, `screen_resolution_height`,
`screen_resolution_width`, `screen_resolution_width`,
`due_date` `due_date`,
`history`
{$custom_where}
) )
VALUES VALUES
( (
@ -127,27 +107,6 @@ function hesk_newTicket($ticket, $isVerified = true)
'" . intval($ticket['owner']) . "', '" . intval($ticket['owner']) . "',
'" . hesk_dbEscape($ticket['attachments']) . "', '" . hesk_dbEscape($ticket['attachments']) . "',
'', '',
'" . hesk_dbEscape($ticket['history']) . "',
'" . hesk_dbEscape($ticket['custom1']) . "',
'" . hesk_dbEscape($ticket['custom2']) . "',
'" . hesk_dbEscape($ticket['custom3']) . "',
'" . hesk_dbEscape($ticket['custom4']) . "',
'" . hesk_dbEscape($ticket['custom5']) . "',
'" . hesk_dbEscape($ticket['custom6']) . "',
'" . hesk_dbEscape($ticket['custom7']) . "',
'" . hesk_dbEscape($ticket['custom8']) . "',
'" . hesk_dbEscape($ticket['custom9']) . "',
'" . hesk_dbEscape($ticket['custom10']) . "',
'" . hesk_dbEscape($ticket['custom11']) . "',
'" . hesk_dbEscape($ticket['custom12']) . "',
'" . hesk_dbEscape($ticket['custom13']) . "',
'" . hesk_dbEscape($ticket['custom14']) . "',
'" . hesk_dbEscape($ticket['custom15']) . "',
'" . hesk_dbEscape($ticket['custom16']) . "',
'" . hesk_dbEscape($ticket['custom17']) . "',
'" . hesk_dbEscape($ticket['custom18']) . "',
'" . hesk_dbEscape($ticket['custom19']) . "',
'" . hesk_dbEscape($ticket['custom20']) . "',
'" . intval($ticket['status']) . "', '" . intval($ticket['status']) . "',
'" . hesk_dbEscape($ticket['latitude']) . "', '" . hesk_dbEscape($ticket['latitude']) . "',
'" . hesk_dbEscape($ticket['longitude']) . "', '" . hesk_dbEscape($ticket['longitude']) . "',
@ -155,7 +114,9 @@ function hesk_newTicket($ticket, $isVerified = true)
'" . hesk_dbEscape($ticket['user_agent']) . "', '" . hesk_dbEscape($ticket['user_agent']) . "',
" . hesk_dbEscape($ticket['screen_resolution_height']) . ", " . hesk_dbEscape($ticket['screen_resolution_height']) . ",
" . hesk_dbEscape($ticket['screen_resolution_width']) . ", " . hesk_dbEscape($ticket['screen_resolution_width']) . ",
{$due_date} {$due_date},
'" . hesk_dbEscape($ticket['history']) . "'
{$custom_what}
) )
"); ");

42
inc/print_tickets.inc.php
Unescape Escape View File

@ -1,38 +1,24 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {
die('Invalid attempt'); die('Invalid attempt');
} }
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
// This SQL code will be used to retrieve results // This SQL code will be used to retrieve results
$sql_final = "SELECT $sql_final = "SELECT
`id`, `id`,

78
inc/profile_functions.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {
@ -38,7 +21,7 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
{ {
global $hesk_settings, $hesklang, $can_reply_tickets, $can_view_tickets, $can_view_unassigned; global $hesk_settings, $hesklang, $can_reply_tickets, $can_view_tickets, $can_view_unassigned;
?> ?>
<div role="tabpanel"> <div role="tabpanel" class="nav-tabs-custom">
<!-- Nav tabs --> <!-- Nav tabs -->
<ul class="nav nav-tabs" role="tablist"> <ul class="nav nav-tabs" role="tablist">
@ -98,6 +81,7 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
<div class="col-md-9"> <div class="col-md-9">
<input type="text" class="form-control" name="user" size="40" maxlength="20" <input type="text" class="form-control" name="user" size="40" maxlength="20"
autocomplete="off"
value="<?php echo $_SESSION[$session_array]['user']; ?>" value="<?php echo $_SESSION[$session_array]['user']; ?>"
placeholder="<?php echo htmlspecialchars($hesklang['username']); ?>" placeholder="<?php echo htmlspecialchars($hesklang['username']); ?>"
data-error="<?php echo htmlspecialchars($hesklang['enter_username']); ?>" data-error="<?php echo htmlspecialchars($hesklang['enter_username']); ?>"
@ -297,7 +281,32 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
</div> </div>
<?php <?php
} }
if (empty($_SESSION[$session_array]['autoreload'])) {
$reload_time = 30;
$sec = 'selected';
$min = '';
} else {
$reload_time = intval($_SESSION[$session_array]['autoreload']);
if ($reload_time >= 60 && $reload_time % 60 == 0) {
$reload_time = $reload_time / 60;
$sec = '';
$min = 'selected';
} else {
$sec = 'selected';
$min = '';
}
}
?> ?>
<div class="checkbox form-inline">
<label><input type="checkbox" name="autoreload" value="1" <?php if (!empty($_SESSION[$session_array]['autoreload'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['arpp']; ?></label>
<input type="text" class="form-control" name="reload_time" value="<?php echo $reload_time; ?>" size="5" maxlength="5" onkeyup="this.value=this.value.replace(/[^\d]+/,'')" />
<select name="secmin" class="form-control">
<option value="sec" <?php echo $sec; ?>><?php echo $hesklang['seconds']; ?></option>
<option value="min" <?php echo $min; ?>><?php echo $hesklang['minutes']; ?></option>
</select>
</div>
<div class="checkbox"> <div class="checkbox">
<label><input type="checkbox" name="notify_customer_new" <label><input type="checkbox" name="notify_customer_new"
value="1" <?php if (!empty($_SESSION[$session_array]['notify_customer_new'])) { value="1" <?php if (!empty($_SESSION[$session_array]['notify_customer_new'])) {
@ -337,17 +346,6 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
</select> </select>
</div> </div>
</div> </div>
<div class="form-group">
<label for="autoRefresh"
class="col-sm-3 control-label"><?php echo $hesklang['ticket_auto_refresh']; ?></label>
<div class="col-sm-9">
<input type="text" class="form-control" id="autorefresh" name="autorefresh"
placeholder="<?php echo htmlspecialchars($hesklang['ticket_auto_refresh']); ?>"
value="<?php echo $_SESSION[$session_array]['autorefresh']; ?>">
<span class="help-block"><?php echo $hesklang['autorefresh_restrictions']; ?></span>
</div>
</div>
</div> </div>
<div role="tabpanel" class="tab-pane fade" id="notifications"> <div role="tabpanel" class="tab-pane fade" id="notifications">
<?php $disabledText = <?php $disabledText =

575
inc/show_admin_nav.inc.php
Unescape Escape View File

@ -1,286 +1,451 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {
die('Invalid attempt'); die('Invalid attempt');
} }
$num_mail = hesk_checkNewMail(); $mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hesklang);
?> ?>
<?php <div class="wrapper">
// Show a notice if we are in maintenance mode <header class="main-header">
if (hesk_check_maintenance(false)) {
echo '<div style="margin-bottom: -20px">';
hesk_show_notice($hesklang['mma2'], $hesklang['mma1'], false);
echo '</div>';
}
// Show a notice if we are in "Knowledgebase only" mode <!-- Logo -->
if (hesk_check_kb_only(false)) { <a href="<?php echo $modsForHesk_settings['navbar_title_url']; ?>" class="logo">
echo '<div style="margin-bottom: -20px">'; <!-- mini logo for sidebar mini 50x50 pixels -->
hesk_show_notice($hesklang['kbo2'], $hesklang['kbo1'], false); <span class="logo-mini"><!-- TODO Add setting for "Mini Title" --></span>
echo '</div>'; <!-- logo for regular state and mobile devices -->
} <span class="logo-lg"><?php echo $hesk_settings['hesk_title'] ?></span>
?> </a>
<div class="enclosing">
<nav class="navbar navbar-default navbar-static-top" role="navigation"> <!-- Header Navbar: style can be found in header.less -->
<div class="navbar-header"> <nav class="navbar navbar-static-top">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target=".navbar-collapse"> <!-- Sidebar toggle button-->
<a href="#" class="sidebar-toggle" data-toggle="offcanvas" role="button">
<span class="sr-only">Toggle navigation</span> <span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span> </a>
<span class="icon-bar"></span> <!-- Navbar Right Menu -->
<span class="icon-bar"></span> <div class="navbar-custom-menu">
</button> <ul class="nav navbar-nav">
<a class="navbar-brand" href="<?php echo $modsForHesk_settings['navbar_title_url']; ?>"><?php echo $hesk_settings['hesk_title'] ?></a> <!-- Messages: style can be found in dropdown.less-->
</div> <?php
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> $number_of_maintenance_warnings = 0;
<ul class="nav navbar-nav"> if (hesk_check_maintenance(false)) {
$number_of_maintenance_warnings++;
}
if (hesk_check_kb_only(false)) {
$number_of_maintenance_warnings++;
}
if ($number_of_maintenance_warnings > 0): ?>
<li class="dropdown messages-menu">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
<i class="fa fa-exclamation-triangle"></i>
<?php echo sprintf($hesklang['x_system_warnings'],
$number_of_maintenance_warnings,
$number_of_maintenance_warnings == 1
? $hesklang['warning_title_case']
: $hesklang['warnings_title_case']); ?>
</a>
<ul class="dropdown-menu">
<li class="header"><?php echo sprintf($hesklang['x_system_warnings'],
$number_of_maintenance_warnings,
$number_of_maintenance_warnings == 1
? $hesklang['warning_title_case']
: $hesklang['warnings_title_case']); ?></li>
<li>
<ul class="menu">
<?php if (hesk_check_maintenance(false)): ?>
<li>
<a href="#">
<div class="pull-left">
<i class="fa fa-exclamation-triangle orange fa-2x"></i>
</div>
<h4>
<?php echo $hesklang['mma1']; ?>
</h4>
<p><?php echo $hesklang['mma2']; ?></p>
</a>
</li>
<?php
endif;
if (hesk_check_kb_only(false)):
?>
<li>
<a href="#">
<div class="pull-left">
<i class="fa fa-exclamation-triangle orange fa-2x"></i>
</div>
<h4>
<?php echo $hesklang['kbo1']; ?>
</h4>
<p><?php echo $hesklang['kbo2']; ?></p>
</a>
</li>
<?php endif; ?>
</ul>
</li>
</ul>
</li>
<?php endif; ?>
<li class="dropdown messages-menu">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
<i class="fa fa-envelope-o"></i>
<?php if (count($mails) > 0): ?>
<span class="label label-success"><?php echo count($mails); ?></span>
<?php endif; ?>
</a>
<ul class="dropdown-menu">
<li class="header"><?php echo sprintf($hesklang['you_have_x_messages'],
count($mails),
count($mails) == 1
? $hesklang['message_lower_case']
: $hesklang['messages_lower_case']); ?></li>
<!-- Begin New Messages -->
<li>
<!-- inner menu: contains the actual data -->
<ul class="menu">
<?php foreach ($mails as $mail): ?>
<li><!-- start message -->
<a href="mail.php?a=read&id=<?php echo $mail['id']; ?>">
<h4>
<?php echo $mail['from']; ?>
<small><i class="fa fa-clock-o"></i> <?php echo hesk_dateToString($mail['date'], 0, 0, 0, true); ?></small>
</h4>
<p><?php echo $mail['subject']; ?></p>
</a>
</li>
<!-- end message -->
<?php endforeach; ?>
</ul>
</li>
<li class="footer"><a href="mail.php">See All Messages</a></li>
</ul>
</li>
<!-- User Account: style can be found in dropdown.less -->
<li class="dropdown user user-menu">
<a href="profile.php">
<!--<img src="dist/img/user2-160x160.jpg" class="user-image" alt="User Image">-->
<i class="fa fa-user"></i>
<span class="hidden-xs"><?php echo hesk_SESSION('name'); ?></span>
</a>
</li>
<!-- Control Sidebar Toggle Button -->
<li>
<a href="index.php?a=logout&amp;token=<?php echo hesk_token_echo(); ?>">
<i class="octicon octicon-sign-out"></i>
</a>
</li>
</ul>
</div>
</nav>
</header>
<aside class="main-sidebar">
<!-- sidebar: style can be found in sidebar.less -->
<section class="sidebar">
<!-- sidebar menu: : style can be found in sidebar.less -->
<ul class="sidebar-menu">
<li class="header"><?php echo $hesklang['main_navigation_uppercase']; ?></li>
<?php <?php
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_HOME') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_HOME') {
$active = ' class="active"'; $active = 'active';
} }
?> ?>
<li<?php echo $active; ?>><a href="admin_main.php"><i <li class="<?php echo $active; ?> treeview">
class="fa fa-home" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['main_page']; ?> <a href="admin_main.php">
</a></li> <i class="fa fa-home" <?php echo $iconDisplay; ?>></i> <span><?php echo $hesklang['main_page']; ?></span>
<?php if (hesk_checkPermission('can_man_users', 0) && hesk_checkPermission('can_man_permission_tpl', 0)) { </a>
</li>
<?php if (hesk_checkPermission('can_man_users', 0) && hesk_checkPermission('can_man_permission_tpl', 0)) :
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_USERS') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_USERS') {
$active = ' active'; $active = 'active';
} }
echo '<li class="dropdown'.$active.'"> ?>
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"> <li class="<?php echo $active; ?> treeview">
<i class="fa fa-users" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_users'] . '<span class="caret"></span> <a href="#">
</a> <i class="fa fa-users" <?php echo $iconDisplay; ?>></i>
<ul class="dropdown-menu" role="menu"> <span><?php echo $hesklang['menu_users']; ?></span>
<li><a href="manage_users.php">' . $hesklang['manage_users'] . '</a></li> <span class="pull-right-container">
<li><a href="manage_permission_templates.php">' . $hesklang['permission_tpl_man'] . '</a></li> <i class="fa fa-angle-left pull-right"></i>
</ul> </span>
</li>'; </a>
} elseif (hesk_checkPermission('can_man_users', 0)) { <ul class="treeview-menu">
<li>
<a href="manage_users.php"><i class="fa fa-circle-o"></i> <?php echo $hesklang['manage_users']; ?></a>
</li>
<li>
<a href="manage_permission_templates.php"><i class="fa fa-circle-o"></i> <?php echo $hesklang['permission_tpl_man']; ?></a>
</li>
</ul>
</li>
<?php
elseif (hesk_checkPermission('can_man_users', 0)) :
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_USERS') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_USERS') {
$active = ' class="active"'; $active = 'active';
} }
echo '<li'.$active.'><a href="manage_users.php"><i class="fa fa-users" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_users'] . '</a></li>'; ?>
} elseif (hesk_checkPermission('can_man_permission_tpl', 0)) { <li class="<?php echo $active; ?> treeview">
<a href="manage_users.php">
<i class="fa fa-users" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_users']; ?></span>
</a>
</li>
<?php
elseif (hesk_checkPermission('can_man_permission_tpl', 0)) :
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_USERS') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_USERS') {
$active = ' class="active"'; $active = 'active';
} }
echo '<li'.$active.'><a href="manage_permission_templates.php"> ?>
<i class="fa fa-users" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['permission_templates'] . '</a></li>'; <li class="<?php echo $active; ?> treeview">
} <a href="manage_permission_templates.php">
if (hesk_checkPermission('can_man_cat', 0)) { <i class="fa fa-users" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['permission_templates']; ?></span>
</a>
</li>
<?php
endif;
if (hesk_checkPermission('can_man_cat', 0)):
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CATEGORIES') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CATEGORIES') {
$active = ' class="active"'; $active = 'active';
} }
echo '<li'.$active.'><a href="manage_categories.php"><i class="fa fa-pie-chart" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_cat'] . '</a></li>'; ?>
} <li class="<?php echo $active; ?> treeview">
if (hesk_checkPermission('can_man_canned', 0) && hesk_checkPermission('can_man_ticket_tpl', 0)) { <a href="manage_categories.php">
<i class="fa fa-pie-chart" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_cat']; ?></span>
</a>
</li>
<?php
endif;
if (hesk_checkPermission('can_man_canned', 0) && hesk_checkPermission('can_man_ticket_tpl', 0)):
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CANNED') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CANNED') {
$active = ' active'; $active = 'active';
} }
echo '<li class="dropdown'.$active.'"> ?>
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"> <li class="<?php echo $active; ?> treeview">
<i class="fa fa-file-text-o" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_can'] . '<span class="caret"></span> <a href="#">
</a> <i class="fa fa-file-text-o" <?php echo $iconDisplay; ?>></i>
<ul class="dropdown-menu" role="menu"> <span><?php echo $hesklang['menu_can']; ?></span>
<li><a href="manage_canned.php">' . $hesklang['can_man_canned'] . '</a></li> <span class="pull-right-container">
<li><a href="manage_ticket_templates.php">' . $hesklang['ticket_tpl_man'] . '</a></li> <i class="fa fa-angle-left pull-right"></i>
</ul> </span>
</li>'; </a>
} elseif (hesk_checkPermission('can_man_canned', 0)) { <ul class="treeview-menu">
<li>
<a href="manage_canned.php"><i class="fa fa-circle-o"></i> <?php echo $hesklang['can_man_canned']; ?></a>
</li>
<li>
<a href="manage_ticket_templates.php"><i class="fa fa-circle-o"></i> <?php echo $hesklang['ticket_tpl_man']; ?></a>
</li>
</ul>
</li>
<?php
elseif (hesk_checkPermission('can_man_canned', 0)):
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CANNED') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CANNED') {
$active = ' class="active"'; $active = 'active';
} }
echo '<li'.$active.'><a href="manage_canned.php"><i class="fa fa-file-text-o" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_can'] . '</a></li>'; ?>
} elseif (hesk_checkPermission('can_man_ticket_tpl', 0)) { <li class="<?php echo $active; ?> treeview">
<a href="manage_canned.php">
<i class="fa fa-file-text-o" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_can']; ?></span>
</a>
</li>
<?php
elseif (hesk_checkPermission('can_man_ticket_tpl', 0)):
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CANNED') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CANNED') {
$active = ' class="active"'; $active = 'active';
} }
echo '<li'.$active.'><a href="manage_ticket_templates.php"><i class="fa fa-file-text-o" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_can'] . '</a></li>'; ?>
} <li class="<?php echo $active; ?> treeview">
if ($hesk_settings['kb_enable']) { <a href="manage_ticket_templates.php">
<i class="fa fa-file-text-o" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_can']; ?></span>
</a>
</li>
<?php
endif;
if ($hesk_settings['kb_enable']):
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_KB') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_KB') {
$active = ' class="active"'; $active = 'active';
} }
if (hesk_checkPermission('can_man_kb', 0)) { if (hesk_checkPermission('can_man_kb', 0)):
echo '<li'.$active.'><a href="manage_knowledgebase.php"><i class="fa fa-book" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_kb'] . '</a></li>'; ?>
} else { <li class="<?php echo $active; ?> treeview">
echo '<li'.$active.'><a href="knowledgebase_private.php"><i class="fa fa-book" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_kb'] . '</a></li>'; <a href="manage_knowledgebase.php">
} <i class="fa fa-book" <?php echo $iconDisplay; ?>></i>
} <span><?php echo $hesklang['menu_kb']; ?></span>
if ($modsForHesk_settings['enable_calendar'] != 0) { </a>
</li>
<?php else: ?>
<li class="<?php echo $active; ?> treeview">
<a href="knowledgebase_private.php">
<i class="fa fa-book" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_kb']; ?></span>
</a>
</li>
<?php endif; ?>
<?php
endif;
if ($modsForHesk_settings['enable_calendar'] != 0):
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CALENDAR') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CALENDAR') {
$active = ' class="active"'; $active = 'active';
} }
echo '<li'.$active.'><a href="calendar.php"><i class="fa fa-calendar" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['calendar_title_case'] . '</a></li>'; ?>
} <li class="<?php echo $active; ?> treeview">
if (hesk_checkPermission('can_run_reports', 0)) { <a href="calendar.php">
<i class="fa fa-calendar" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['calendar_title_case']; ?></span>
</a>
</li>
<?php
endif;
if (hesk_checkPermission('can_run_reports', 0)):
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_REPORTS') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_REPORTS') {
$active = ' class="active"'; $active = 'active';
} }
echo '<li'.$active.'><a href="reports.php"><i class="fa fa-line-chart" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['reports'] . '</a></li>'; ?>
} elseif (hesk_checkPermission('can_export', 0)) { <li class="<?php echo $active; ?> treeview">
<a href="reports.php">
<i class="fa fa-line-chart" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['reports']; ?></span>
</a>
</li>
<?php
elseif (hesk_checkPermission('can_export', 0)):
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_REPORTS') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_REPORTS') {
$active = ' class="active"'; $active = 'active';
} }
echo '<li'.$active.'><a href="export.php"><i class="fa fa-line-chart" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['reports'] . '</a></li>'; ?>
} <li class="<?php echo $active; ?> treeview">
<a href="export.php">
<i class="fa fa-line-chart" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['reports']; ?></span>
</a>
</li>
<?php
endif;
$tools_count = 0; $tools_count = 0;
$dropdown_items = '<ul class="dropdown-menu" role="menu">'; $dropdown_items = array();
if (hesk_checkPermission('can_ban_emails', 0)) { if (hesk_checkPermission('can_ban_emails', 0)) {
$tools_count++; $tools_count++;
$dropdown_items .= '<li><a href="banned_emails.php">' . $hesklang['manage_banned_emails'] . '</a></li>'; $dropdown_items['banned_emails'] = $hesklang['manage_banned_emails'];
} }
if (hesk_checkPermission('can_ban_ips', 0)) { if (hesk_checkPermission('can_ban_ips', 0)) {
$tools_count++; $tools_count++;
$dropdown_items .= '<li><a href="banned_ips.php">' . $hesklang['manage_banned_ips'] . '</a></li>'; $dropdown_items['banned_ips'] = $hesklang['manage_banned_ips'];
} }
if (hesk_checkPermission('can_service_msg', 0)) { if (hesk_checkPermission('can_service_msg', 0)) {
$tools_count++; $tools_count++;
$dropdown_items .= '<li><a href="service_messages.php">' . $hesklang['manage_service_messages'] . '</a></li>'; $dropdown_items['service_messages'] = $hesklang['manage_service_messages'];
} }
if (hesk_checkPermission('can_man_email_tpl', 0)) { if (hesk_checkPermission('can_man_email_tpl', 0)) {
$tools_count++; $tools_count++;
$dropdown_items .= '<li><a href="manage_email_templates.php">' . $hesklang['manage_email_templates'] . '</a></li>'; $dropdown_items['manage_email_templates'] = $hesklang['manage_email_templates'];
} }
if (hesk_checkPermission('can_man_ticket_statuses', 0)) { if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
$tools_count++; $tools_count++;
$dropdown_items .= '<li><a href="manage_statuses.php">' . $hesklang['manage_statuses'] . '</a></li>'; $dropdown_items['manage_statuses'] = $hesklang['manage_statuses'];
}
if (hesk_checkPermission('can_man_settings', 0)) {
$tools_count++;
$dropdown_items['custom_fields'] = $hesklang['manage_custom_fields'];
} }
if (hesk_checkPermission('can_view_logs', 0)) { if (hesk_checkPermission('can_view_logs', 0)) {
$tools_count++; $tools_count++;
$dropdown_items .= '<li><a href="view_message_log.php">' . $hesklang['view_message_log'] . '</a></li>'; $dropdown_items['view_message_log'] = $hesklang['view_message_log'];
} }
$dropdown_items .= '</ul>';
if ($tools_count > 1) { if (count($dropdown_items) > 1):
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') {
$active = ' active'; $active = 'active';
} }
echo '<li class="dropdown'.$active.'"> ?>
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"> <li class="<?php echo $active; ?> treeview">
<i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '<span class="caret"></span> <a href="#">
</a> <i class="fa fa-wrench" <?php echo $iconDisplay; ?>></i>
'.$dropdown_items.' <span><?php echo $hesklang['tools']; ?></span>
</li>'; <span class="pull-right-container">
} else { <i class="fa fa-angle-left pull-right"></i>
if (hesk_checkPermission('can_ban_emails', 0)) { </span>
$active = ''; </a>
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') { <ul class="treeview-menu">
$active = ' class="active"'; <?php foreach($dropdown_items as $path => $text): ?>
} <li>
echo '<li'.$active.'><a href="banned_emails.php"><i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '</a></li>'; <a href="<?php echo $path; ?>.php"><i class="fa fa-circle-o"></i> <?php echo $text; ?></a>
} elseif (hesk_checkPermission('can_ban_ips', 0)) { </li>
$active = ''; <?php endforeach; ?>
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') { </ul>
$active = ' class="active"'; </li>
} <?php
echo '<li'.$active.'><a href="banned_ips.php"><i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '</a></li>'; elseif (count($dropdown_items) == 1):
} elseif (hesk_checkPermission('can_service_msg', 0)) { $active = '';
$active = ''; if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') {
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') { $active = 'active';
$active = ' class="active"';
}
echo '<li'.$active.'><a href="service_messages.php"><i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '</a></li>';
} elseif (hesk_checkPermission('can_man_email_tpl', 0)) {
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="manage_email_templates.php"><i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '</a></li>';
} elseif (hesk_checkPermission('can_man_ticket_statuses', 0)) {
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="manage_statuses.php"><i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '</a></li>';
} elseif (hesk_checkPermission('can_view_logs', 0)) {
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="view_message_log.php"><i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '</a></li>';
} }
} reset($dropdown_items);
if (hesk_checkPermission('can_man_settings', 0)) { $page = key($dropdown_items);
?>
<li class="<?php echo $active; ?> treeview">
<a href="<?php echo $page; ?>.php">
<i class="fa fa-wrench" <?php echo $iconDisplay; ?>></i>
<span><?php echo $dropdown_items[$page]; ?></span>
</a>
</li>
<?php
endif;
if (hesk_checkPermission('can_man_settings', 0)):
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_SETTINGS') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_SETTINGS') {
$active = ' class="active"'; $active = 'active';
} }
echo '<li'.$active.'><a href="admin_settings.php"><i class="fa fa-cog" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['settings'] . '</a></li>';
}
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_PROFILE') {
$active = ' class="active"';
}
?> ?>
<li<?php echo $active; ?>><a href="profile.php"><i <li class="<?php echo $active; ?> treeview">
class="fa fa-user" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['menu_profile']; ?> <a href="admin_settings.php">
</a></li> <i class="fa fa-cog" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['settings']; ?></span>
</a>
</li>
<?php <?php
endif;
$active = ''; $active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_MAIL') { if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_PROFILE') {
$active = ' class="active"'; $active = 'active';
} }
?> ?>
<li<?php echo $active; ?>><a href="mail.php"><i <li class="<?php echo $active; ?> treeview">
class="fa fa-envelope-o" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['menu_msg']; ?> <a href="profile.php">
<?php if ($num_mail != 0) { <i class="fa fa-user" <?php echo $iconDisplay; ?>></i>
echo '<span class="badge">'; <span><?php echo $hesklang['menu_profile']; ?></span>
echo $num_mail; </a>
unset($num_mail); </li>
echo '</span>';
} ?>
</a></li>
<?php include('custom/show_admin_nav-custom.inc.php');
$iconDisplay = ($iconDisplay == '') ? 'style="font-size: 14px"' : $iconDisplay;
?>
<li><a href="index.php?a=logout&amp;token=<?php echo hesk_token_echo(); ?>"><span
class="octicon octicon-sign-out" <?php echo $iconDisplay; ?>></span>&nbsp;<?php echo $hesklang['logout']; ?>
</a></li>
</ul> </ul>
</div> </section>
<!-- /.navbar-collapse --> <!-- /.sidebar -->
</nav> </aside>
<div class="content-wrapper">

46
inc/show_search_form.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {
@ -411,10 +394,7 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
<div class="form-group"> <div class="form-group">
<input class="form-control" type="text" name="q" size="30" <?php if (isset($q)) { <input class="form-control" type="text" name="q" size="30" <?php if (isset($q)) {
echo 'value="' . $q . '"'; echo 'value="' . $q . '"';
} ?> } ?>>
data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
required>
<div class="help-block with-errors"></div>
</div> </div>
</td> </td>
<td class="text-left" style="border: none"> <td class="text-left" style="border: none">
@ -515,7 +495,7 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
<tr> <tr>
<td class="alignMiddle"><b><?php echo $hesklang['date']; ?></b>: &nbsp; </td> <td class="alignMiddle"><b><?php echo $hesklang['date']; ?></b>: &nbsp; </td>
<td class="alignMiddle"> <td class="alignMiddle">
<div class="col-md-3" style="padding-left: 0px"><input class="form-control tcal" <div class="col-md-3" style="padding-left: 0px"><input class="form-control datepicker"
type="text" name="dt" type="text" name="dt"
id="dt" id="dt"
size="10" <?php if ($date_input) { size="10" <?php if ($date_input) {

39
inc/status_functions.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {

168
inc/ticket/get_tickets.inc.php
Unescape Escape View File

@ -0,0 +1,168 @@
<?php
/**
* @param $search_filter Filter to search by. Valid criteria:
* //TODO
*/
function get_tickets($search_filter, $hesk_settings) {
$sql = "SELECT `id`, `trackid`, `name`, `email`, `category`, `priority`, `subject`, LEFT(`message`, 400) AS `message`,
`dt`, `lastchange`, `firstreply`, `closedat`, `status`, `openedby`, `firstreplyby`, `closedby`, `replies`, `staffreplies`, `owner`,
`time_worked`, `lastreplier`, `replierid`, `archive`, `locked`, `merged`, `due_date`, `latitude`, `longitude`, `user_agent`,
`screen_resolution_width`, `screen_resolution_height`";
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
$sql .= ", `" . $k . "`";
}
}
$sql .= " FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
// --> CATEGORY
$category = $search_filter['category'];
if ($category > 0 && hesk_okCategory($category, 0)) {
$sql .= " `category`='{$category}' ";
} else {
$sql .= hesk_myCategories();
}
// --> TAGGED
$tagged = $search_filter['tagged'];
if ($tagged) {
$sql .= " AND `archive`='1' ";
}
// --> TICKET ASSIGNMENT
$sql = handle_ticket_assignments($search_filter, $sql);
// --> TICKET STATUS
$statuses = $search_filter['status'];
if (count($statuses) > 0) {
$sql .= " AND `status` IN ('" . implode("','", $statuses) . "') ";
}
// --> TICKET PRIORITY
$priorities = $search_filter['priority'];
if (count($priorities) > 0) {
$sql .= " AND `priority` IN ('" . implode("','", array_keys($priority)) . "') ";
}
// Sorting
$sql .= " ORDER BY ";
// --> PUSH TO TOP
$force_to_top = $search_filter['force_to_top'];
$direction = $search_filter['force_direction'];
if ($force_to_top != NULL) {
if ($force_to_top == 'owner') {
$sql .= " CASE WHEN `owner` = '".intval($_SESSION['id'])."' THEN 1 ELSE 0 END DESC, `owner` ASC, ";
} else {
$sql .= ' `'.hesk_dbEscape($force_to_top).'` ';
$sql .= $direction == 'ascending' ? 'ASC, ' : 'DESC, ';
}
}
// --> CRITICAL ON TOP
$critical_on_top = $search_filter['critical_on_top'];
if ($critical_on_top) {
$sql .= " CASE WHEN `priority` = '0' THEN 1 ELSE 0 END DESC , ";
}
// --> SORT BY
$sort_by = $search_filter['sort_by'];
$sort_direction = $search_filter['sort_direction'];
if ($sort_by) {
$sql .= $sort_by == 'lastreplier'
? " CASE WHEN `lastreplier` = '0' THEN 0 ELSE 1 END DESC, COALESCE(`replierid`, NULLIF(`lastreplier`, '0'), `name`) "
: ' `'.hesk_dbEscape($sort_by).'` ';
} else {
$sql .= ' `status` ';
$sort_by = 'status';
}
$sql .= $sort_direction == 'ascending'
? ' ASC '
: ' DESC ';
if ($sort_by != 'priority') {
$sql .= ' , `priority` ASC ';
}
//Uncomment for debugging purposes
//echo "SQL: $sql";
$results = hesk_dbQuery($sql);
return $results;
}
function handle_ticket_assignments($search_filter, $sql) {
$assigned_to_self = $search_filter['assignment']['self'];
$assigned_to_others = $search_filter['assignment']['others'];
$assigned_to_no_one = $search_filter['assignment']['no_one'];
if (!$assigned_to_self && !$assigned_to_others && !$assigned_to_no_one) {
$assigned_to_self = true;
$assigned_to_others = true;
$assigned_to_no_one = true;
if (!defined('MAIN_PAGE')) {
hesk_show_notice($hesklang['e_nose']);
}
}
/* If the user doesn't have permission to view assigned to others block those */
if (!hesk_checkPermission('can_view_ass_others',0)) {
$assigned_to_others = 0;
}
/* If the user doesn't have permission to view unassigned tickets block those */
if (!hesk_checkPermission('can_view_unassigned',0)) {
$assigned_to_no_one = 0;
}
/* Process assignments */
if (!$assigned_to_self || !$assigned_to_others || !$assigned_to_no_one) {
if ($assigned_to_self && $assigned_to_others) {
// All but unassigned
$sql .= " AND `owner` > 0 ";
} elseif ($assigned_to_self && $assigned_to_no_one) {
// My tickets + unassigned
$sql .= " AND `owner` IN ('0', '" . intval($_SESSION['id']) . "') ";
} elseif ($assigned_to_others && $assigned_to_no_one) {
// Assigned to others + unassigned
$sql .= " AND `owner` != '" . intval($_SESSION['id']) . "' ";
}
elseif ($assigned_to_self) {
// Assigned to me only
$sql .= " AND `owner` = '" . intval($_SESSION['id']) . "' ";
} elseif ($assigned_to_others) {
// Assigned to others
$sql .= " AND `owner` NOT IN ('0', '" . intval($_SESSION['id']) . "') ";
} elseif ($assigned_to_no_one) {
// Only unassigned
$sql .= " AND `owner` = 0 ";
}
}
return $sql;
}
function get_empty_filter() {
$search_filter['category'] = NULL;
$search_filter['tagged'] = NULL;
$search_filter['status'] = NULL;
$search_filter['priority'] = NULL;
$search_filter['force_to_top'] = NULL;
$search_filter['force_direction'] = NULL;
$search_filter['critical_on_top'] = NULL;
$search_filter['sort_by'] = NULL;
$search_filter['sort_direction'] = NULL;
$search_filter['assignment'] = array();
$search_filter['assignment']['self'] = 0;
$search_filter['assignment']['others'] = 0;
$search_filter['assignment']['no_one'] = 0;
return $search_filter;
}

99
inc/ticket_list.inc.php
Unescape Escape View File

@ -1,33 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('MINIMUM_REFRESH_THRESHOLD_IN_SECONDS', 1);
/* Check if this is a valid include */ /* Check if this is a valid include */
if (!defined('IN_SCRIPT')) { if (!defined('IN_SCRIPT')) {
die('Invalid attempt'); die('Invalid attempt');
@ -58,7 +40,6 @@ $result = hesk_dbQuery($sql_count);
$total = hesk_dbResult($result); $total = hesk_dbResult($result);
//-- Precondition: The panel has already been created, and there is NO open <div class="panel-body"> tag yet. //-- Precondition: The panel has already been created, and there is NO open <div class="panel-body"> tag yet.
echo '<div class="panel-body">';
if ($total > 0) { if ($total > 0) {
/* This query string will be used to browse pages */ /* This query string will be used to browse pages */
@ -107,15 +88,7 @@ if ($total > 0) {
$next_page = ($page + 1 > $pages) ? 0 : $page + 1; $next_page = ($page + 1 > $pages) ? 0 : $page + 1;
$autorefreshInSeconds = $_SESSION['autorefresh'] / 1000; $autorefreshInSeconds = $_SESSION['autorefresh'] / 1000;
$autorefresh = ''; $autorefresh = '';
if ($autorefreshInSeconds >= MINIMUM_REFRESH_THRESHOLD_IN_SECONDS) {
$autorefresh = ' | ' . $hesklang['autorefresh'] . ' ' . $autorefreshInSeconds . ' ' . $hesklang['abbr']['second'];
?>
<script>
(function () {
setTimeout("location.reload(true);", <?php echo $_SESSION['autorefresh']; ?>);
})();
</script>
<?php }
echo sprintf($hesklang['tickets_on_pages'], $total, $pages) . $autorefresh . ' <br />'; echo sprintf($hesklang['tickets_on_pages'], $total, $pages) . $autorefresh . ' <br />';
if ($pages > 1) { if ($pages > 1) {
@ -244,13 +217,13 @@ if ($total > 0) {
$owner = ''; $owner = '';
$first_line = '(' . $hesklang['unas'] . ')' . " \n\n"; $first_line = '(' . $hesklang['unas'] . ')' . " \n\n";
if ($ticket['owner'] == $_SESSION['id']) { if ($ticket['owner'] == $_SESSION['id']) {
$owner = '<span class="assignedyou" title="' . $hesklang['tasy2'] . '"><span class="glyphicon glyphicon-user" data-toggle="tooltip" data-placement="top" title="' . $hesklang['tasy2'] . '"></span></span> '; $owner = '<span class="red" title="' . $hesklang['tasy2'] . '"><span class="glyphicon glyphicon-user" data-toggle="tooltip" data-placement="top" title="' . $hesklang['tasy2'] . '"></span></span> ';
$first_line = $hesklang['tasy2'] . " \n\n"; $first_line = $hesklang['tasy2'] . " \n\n";
} elseif ($ticket['owner']) { } elseif ($ticket['owner']) {
if (!isset($admins[$ticket['owner']])) { if (!isset($admins[$ticket['owner']])) {
$admins[$ticket['owner']] = $hesklang['e_udel']; $admins[$ticket['owner']] = $hesklang['e_udel'];
} }
$owner = '<span class="assignedother" title="' . $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . '"><span class="glyphicon glyphicon-user" data-toggle="tooltip" data-placement="top" title="' . $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . '"></span></span> '; $owner = '<span class="green" title="' . $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . '"><span class="glyphicon glyphicon-user" data-toggle="tooltip" data-placement="top" title="' . $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . '"></span></span> ';
$first_line = $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . " \n\n"; $first_line = $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . " \n\n";
} }
@ -404,14 +377,11 @@ if ($total > 0) {
// Print custom fields // Print custom fields
foreach ($hesk_settings['custom_fields'] as $key => $value) { foreach ($hesk_settings['custom_fields'] as $key => $value) {
if ($value['use'] && hesk_show_column($key)) { if ($value['use'] && hesk_show_column($key)) {
echo '<td class="' . $color . '">'; echo '<td class="'.$color.'">'.
if ($value['type'] == 'date' && !empty($ticket[$key])) { ($value['type'] == 'date'
$dt = date('Y-m-d h:i:s', $ticket[$key]); ? hesk_custom_date_display_format($ticket[$key], $value['value']['date_format'])
echo hesk_dateToString($dt, 0); : $ticket[$key]).
} else { '</td>';
echo $ticket[$key];
}
echo '</td>';
} }
} }
@ -422,11 +392,15 @@ if ($total > 0) {
} // End while } // End while
?> ?>
</table> </table>
</div> <hr>
&nbsp;<br/>
<table border="0" width="100%"> <table border="0" width="100%">
<tr> <tr>
<td>
<a href="new_ticket.php" class="btn btn-success pull-left">
<span class="glyphicon glyphicon-plus-sign"></span>
<?php echo $hesklang['nti']; ?>
</a>
</td>
<td width="50%" class="text-right" style="vertical-align:top"> <td width="50%" class="text-right" style="vertical-align:top">
<select class="form-control" name="a"> <select class="form-control" name="a">
<option value="low" <option value="low"
@ -436,8 +410,13 @@ if ($total > 0) {
<option value="high"><?php echo $hesklang['set_pri_to'] . ' ' . $hesklang['high']; ?></option> <option value="high"><?php echo $hesklang['set_pri_to'] . ' ' . $hesklang['high']; ?></option>
<option <option
value="critical"><?php echo $hesklang['set_pri_to'] . ' ' . $hesklang['critical']; ?></option> value="critical"><?php echo $hesklang['set_pri_to'] . ' ' . $hesklang['critical']; ?></option>
<option value="close"><?php echo $hesklang['close_selected']; ?></option>
<?php <?php
if (hesk_checkPermission('can_resolve', 0)) {
?>
<option value="close"><?php echo $hesklang['close_selected']; ?></option>
<?php
}
if (hesk_checkPermission('can_add_archive', 0)) { if (hesk_checkPermission('can_add_archive', 0)) {
?> ?>
<option value="tag"><?php echo $hesklang['add_archive_quick']; ?></option> <option value="tag"><?php echo $hesklang['add_archive_quick']; ?></option>
@ -475,17 +454,6 @@ else {
echo '<div class="row"><div class="col-sm-12">'; echo '<div class="row"><div class="col-sm-12">';
$autorefreshInSeconds = $_SESSION['autorefresh'] / 1000; $autorefreshInSeconds = $_SESSION['autorefresh'] / 1000;
if ($autorefreshInSeconds >= MINIMUM_REFRESH_THRESHOLD_IN_SECONDS) {
echo $hesklang['autorefresh'] . ' ' . $autorefreshInSeconds . ' ' . $hesklang['abbr']['second'];
?>
<script>
(function () {
setTimeout("location.reload(true);", <?php echo $_SESSION['autorefresh']; ?>);
})();
</script>
<?php
}
if (isset($is_search) || $href == 'find_tickets.php') { if (isset($is_search) || $href == 'find_tickets.php') {
hesk_show_notice($hesklang['no_tickets_crit']); hesk_show_notice($hesklang['no_tickets_crit']);
} else { } else {
@ -494,8 +462,7 @@ else {
echo '</div></div>'; echo '</div></div>';
} }
echo '</div> echo '</div>';
</div>';
function hesk_print_list_head() function hesk_print_list_head()

1
inc/view_attachment_functions.inc.php
Unescape Escape View File

@ -14,7 +14,6 @@ function mfh_listAttachments($attachments = '', $reply = 0, $is_staff)
} }
/* List attachments */ /* List attachments */
echo '<p><b>' . $hesklang['attachments'] . ':</b></p><br />';
$att = explode(',', substr($attachments, 0, -1)); $att = explode(',', substr($attachments, 0, -1));
echo '<div class="table-responsive">'; echo '<div class="table-responsive">';
echo '<table class="table table-striped attachment-table">'; echo '<table class="table table-striped attachment-table">';

1041
index.php
View File

File diff suppressed because it is too large Load Diff

4
install/install_functions.inc.php
Unescape Escape View File

@ -36,8 +36,8 @@
if (!defined('IN_SCRIPT')) {die('Invalid attempt');} if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
// We will be installing this HESK version: // We will be installing this HESK version:
define('HESK_NEW_VERSION','2.6.7'); define('HESK_NEW_VERSION','2.7.0');
define('MODS_FOR_HESK_NEW_VERSION','2.6.4'); define('MODS_FOR_HESK_NEW_VERSION','3.0.0 beta 1');
define('REQUIRE_PHP_VERSION','5.3.0'); define('REQUIRE_PHP_VERSION','5.3.0');
define('REQUIRE_MYSQL_VERSION','5.0.7'); define('REQUIRE_MYSQL_VERSION','5.0.7');

2
install/mods-for-hesk/ajax/install-database-ajax.php
Unescape Escape View File

@ -68,6 +68,8 @@ if ($version == 2) {
execute263Scripts(); execute263Scripts();
} elseif ($version == 31) { } elseif ($version == 31) {
execute264Scripts(); execute264Scripts();
} elseif ($version == 32) {
execute300Beta1Scripts();
} else { } else {
$response = 'The version "' . $version . '" was not recognized. Check the value submitted and try again.'; $response = 'The version "' . $version . '" was not recognized. Check the value submitted and try again.';
print $response; print $response;

1
install/mods-for-hesk/installModsForHesk.php
Unescape Escape View File

@ -40,6 +40,7 @@ $buildToVersionMap = array(
29 => '2.6.2', 29 => '2.6.2',
30 => '2.6.3', 30 => '2.6.3',
31 => '2.6.4', 31 => '2.6.4',
32 => '3.0.0 beta 1',
); );
function echoInitialVersionRows($version, $build_to_version_map) function echoInitialVersionRows($version, $build_to_version_map)

3
install/mods-for-hesk/js/version-scripts.js
Unescape Escape View File

@ -89,6 +89,9 @@ function processUpdates(startingVersion) {
} else if (startingVersion < 31) { } else if (startingVersion < 31) {
startVersionUpgrade('264'); startVersionUpgrade('264');
executeUpdate(31, '264', '2.6.4'); executeUpdate(31, '264', '2.6.4');
} else if (startingVersion < 32) {
startVersionUpgrade('300b1');
executeUpdate(32, '300b1', '3.0.0 beta 1');
} else { } else {
installationFinished(); installationFinished();
} }

1
install/mods-for-hesk/modsForHesk.php
Unescape Escape View File

@ -117,6 +117,7 @@ hesk_dbConnect();
<div class="col-md-8"> <div class="col-md-8">
<select name="current-version" class="form-control"> <select name="current-version" class="form-control">
<optgroup label="Mods for HESK 2"> <optgroup label="Mods for HESK 2">
<option value="31">2.6.3</option>
<option value="30">2.6.3</option> <option value="30">2.6.3</option>
<option value="29">2.6.2</option> <option value="29">2.6.2</option>
<option value="28">2.6.1</option> <option value="28">2.6.1</option>

87
install/mods-for-hesk/sql/installSql.php
Unescape Escape View File

@ -822,25 +822,70 @@ function execute264Scripts() {
updateVersion('2.6.4'); updateVersion('2.6.4');
} }
function execute270Scripts() { // Verison 3.0.0 Beta 1
global $hesk_settings; function execute300Beta1Scripts() {
hesk_dbConnect(); global $hesk_settings;
hesk_dbConnect();
$hesk_statuses = executeQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "custom_statuses` ORDER BY `order`");
$next_status_id_rs = executeQuery("SELECT MAX(`ID`) AS `last_id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses`");
$next_status_id_row = hesk_dbFetchAssoc($next_status_id_rs);
$next_status_id = intval($next_status_id_row['last_id']) + 1;
$next_sort_rs = executeQuery("SELECT MAX(`sort`) AS `last_sort` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses`");
$next_sort_row = hesk_dbFetchAssoc($next_sort_rs);
$next_sort = intval($next_sort_row['last_sort']) + 10;
while ($row = hesk_dbFetchAssoc($hesk_statuses)) {
$closable = $row['can_customers_change'] == '1' ? 'yes' : 'sonly';
executeQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` (`ID`,
`TextColor`,
`IsNewTicketStatus`,
`IsClosed`,
`IsClosedByClient`,
`IsCustomerReplyStatus`,
`IsStaffClosedOption`,
`IsStaffReopenedStatus`,
`IsDefaultStaffReplyStatus`,
`LockedTicketStatus`,
`IsAutocloseOption`,
`Closable`,
`Key`,
`sort`)
VALUES (" . $next_status_id . ",
'#" . $row['color'] . "',
0,
0,
0,
0,
0,
0,
0,
0,
0,
'" . $closable . "',
'STORED IN XREF TABLE',
" . $next_sort . ")");
$languages = json_decode($row['name']);
foreach ($languages as $language => $text) {
executeQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "text_to_status_xref` (`language`, `text`, `status_id`)
VALUES ('" . $language . "', '" . $text . "', " . $next_status_id . ")");
}
executeQuery("CREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "custom_nav_element` ( // Increment the next ID and sort
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY, $next_status_id++;
`location` INT NOT NULL, $next_sort += 10;
`image_url` VARCHAR(255), }
`font_icon` VARCHAR(255),
`header_text_key` VARCHAR(255) NOT NULL, // Migrate user's autorefresh columns to the new autoreload column
`description_key` VARCHAR(255), // Mods for HESK is in millis; HESK is in seconds.
`url` VARCHAR(255) NOT NULL executeQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `autoreload` = `autorefresh` / 10");
) ENGINE = MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci");
// Add the admin_color_scheme setting
executeQuery("CREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "text_to_nav_element_xref` ( executeQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` (`Key`, `Value`) VALUES ('admin_color_scheme', 'skin-blue')");
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
`language` VARCHAR(200) NOT NULL, updateVersion('3.0.0 beta 1');
`text` VARCHAR(200) NOT NULL, }
`nav_element_id` INT NOT NULL,
`nav_element_text_type` INT NOT NULL
)");
}

8
internal-api/js/admin-ticket.js
Unescape Escape View File

@ -1,8 +1,7 @@
$(document).ready(function() { $(document).ready(function() {
var $readonlyDueDateContainer = $('#readonly-due-date'); var $readonlyDueDateContainer = $('#readonly-due-date');
var $editableDueDateContainer = $('#editable-due-date'); var $editableDueDateContainer = $('#editable-due-date');
var $dueDateButton = $('#due-date-button'); $readonlyDueDateContainer.click(function() {
$dueDateButton.click(function() {
$readonlyDueDateContainer.hide(); $readonlyDueDateContainer.hide();
$editableDueDateContainer.show(); $editableDueDateContainer.show();
if ($readonlyDueDateContainer.find('span#due-date').text().trim() == 'None') { if ($readonlyDueDateContainer.find('span#due-date').text().trim() == 'None') {
@ -37,4 +36,9 @@ $(document).ready(function() {
} }
}); });
}); });
$('#related-tickets-link').click(function() {
$(this).hide();
$('.related-ticket').show();
})
}); });

13
js/adminlte.min.js vendored
View File

File diff suppressed because one or more lines are too long

43
knowledgebase.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', './'); define('HESK_PATH', './');
@ -91,7 +74,7 @@ if (isset($_GET['rating'])) {
"); ");
} }
setcookie('hesk_kb_rate', $_COOKIE['hesk_kb_rate'] . 'a' . $artid . '%', time() + 2592000); hesk_setcookie('hesk_kb_rate', $_COOKIE['hesk_kb_rate'] . 'a' . $artid . '%', time() + 2592000);
header('Location: knowledgebase.php?article=' . $artid . '&rated=1'); header('Location: knowledgebase.php?article=' . $artid . '&rated=1');
exit(); exit();
} }
@ -263,7 +246,7 @@ if (!$show['show']) {
// Update views by 1 - exclude known bots and reloads because of ratings // Update views by 1 - exclude known bots and reloads because of ratings
if (!isset($_GET['rated']) && !hesk_detect_bots()) { if (!isset($_GET['rated']) && !hesk_detect_bots()) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid}");
} }
if (!isset($_GET['suggest'])) { if (!isset($_GET['suggest'])) {
$historyNumber = isset($_GET['rated']) ? '-2' : '-1'; $historyNumber = isset($_GET['rated']) ? '-2' : '-1';

229
language/en/text.php
Unescape Escape View File

@ -21,6 +21,55 @@ $hesklang['_COLLATE']='utf8_unicode_ci';
// This is the email break line that will be used in email piping // This is the email break line that will be used in email piping
$hesklang['EMAIL_HR']='------ Reply above this line ------'; $hesklang['EMAIL_HR']='------ Reply above this line ------';
// ADDED OR MODIFIED IN Mods for HESK 2.7.0
$hesklang['you_have_x_messages'] = 'You have %s new %s'; // %s: Number of new messages, "message" or "messages", depending on #
$hesklang['message_lower_case'] = 'message';
$hesklang['messages_lower_case'] = 'messages';
$hesklang['deleted_user_title_case'] = 'Deleted User';
$hesklang['main_navigation_uppercase'] = 'MAIN NAVIGATION';
$hesklang['x_system_warnings'] = '%s System %s'; // %s: Number of warnings, $s: "Warning" or "Warnings", depending on #
$hesklang['warnings_title_case'] = 'Warnings';
$hesklang['articles_in_category_x'] = 'Articles in Category %s'; // %s: category name
$hesklang['private_category_star'] = 'Private categories indicated by *';
$hesklang['private_article_star'] = 'Private articles indicated by *';
$hesklang['ticket_details'] = 'Ticket Details';
$hesklang['more'] = 'More';
$hesklang['language_colon'] = 'Language:';
$hesklang['created_colon'] = 'Created:';
$hesklang['updated_colon'] = 'Updated:';
$hesklang['last_replier_colon'] = 'Last replier:';
$hesklang['click_to_edit'] = 'Click to edit';
$hesklang['no_device_information'] = 'No device information';
$hesklang['message_colon'] = 'Message:';
$hesklang['original_message'] = 'Original message';
$hesklang['reply_by_customer'] = 'Reply by customer';
$hesklang['reply_by_staff'] = 'Reply by staff';
$hesklang['timeline_today'] = 'Today';
$hesklang['no_notes_for_this_ticket'] = 'No notes for this ticket';
$hesklang['private_message_header'] = 'Private Message';
$hesklang['date_colon'] = 'Date:';
$hesklang['api_information'] = 'API Information';
$hesklang['api_version'] = 'API Version';
$hesklang['external_api'] = 'External API';
$hesklang['external_api_help'] = 'Enable or Disable the external REST API';
$hesklang['disabled_title_case'] = 'Disabled';
$hesklang['enabled_title_case'] = 'Enabled';
$hesklang['api_settings'] = 'API Settings';
$hesklang['user_security'] = 'User Security';
$hesklang['api_documentation'] = 'API Documentation';
$hesklang['changes_saved'] = 'Changes saved!';
$hesklang['save_failed_check_logs'] = 'Saving changes failed. Check the logs for more information.';
$hesklang['number_of_tokens'] = 'Number of Tokens';
$hesklang['generate_new_token'] = 'Generate New Token';
$hesklang['revoke_all_tokens'] = 'Revoke All Tokens';
$hesklang['generated_token_colon'] = 'Generated Token:';
$hesklang['record_this_token_warning'] = 'Please record this token, as this is the only time you will be able to view it!';
$hesklang['all_tokens_revoked'] = 'All tokens for this user have been revoked';
$hesklang['staff_login_title'] = 'Staff Login';
$hesklang['manage_custom_fields'] = 'Manage Custom Fields';
$hesklang['value'] = 'Value';
$hesklang['readonly'] = 'Readonly';
// ADDED OR MODIFIED IN Mods for HESK 2.6.0 // ADDED OR MODIFIED IN Mods for HESK 2.6.0
$hesklang['search_logs'] = 'Search Logs'; $hesklang['search_logs'] = 'Search Logs';
$hesklang['date_logged'] = 'Date Logged'; $hesklang['date_logged'] = 'Date Logged';
@ -1351,7 +1400,6 @@ $hesklang['import']='You are importing a <i>private ticket</i> into a <i>public
$hesklang['tab_1']='General'; $hesklang['tab_1']='General';
$hesklang['tab_2']='Help Desk'; $hesklang['tab_2']='Help Desk';
$hesklang['tab_3']='Knowledgebase'; $hesklang['tab_3']='Knowledgebase';
$hesklang['tab_4']='Custom Fields';
$hesklang['tab_5']='Misc'; $hesklang['tab_5']='Misc';
$hesklang['disable']='Disable'; $hesklang['disable']='Disable';
$hesklang['dat']='Date &amp; Time'; $hesklang['dat']='Date &amp; Time';
@ -1717,7 +1765,6 @@ $hesklang['mm3']='We apologize for the inconvenience and ask that you please try
$hesklang['mma1']='Maintenance mode is active!'; $hesklang['mma1']='Maintenance mode is active!';
$hesklang['mma2']='Customers are not able to use the help desk.'; $hesklang['mma2']='Customers are not able to use the help desk.';
$hesklang['tools']='Tools'; $hesklang['tools']='Tools';
$hesklang['banemail']='Banned Emails';
$hesklang['banemail_intro']='Prevent certain email addresses from submitting tickets to your help desk.'; $hesklang['banemail_intro']='Prevent certain email addresses from submitting tickets to your help desk.';
$hesklang['no_banemails']='<i>No emails are being banned.</i>'; $hesklang['no_banemails']='<i>No emails are being banned.</i>';
$hesklang['eperm']='Permanent email bans:'; $hesklang['eperm']='Permanent email bans:';
@ -1737,7 +1784,6 @@ $hesklang['can_ban_emails']='Can ban emails';
$hesklang['can_unban_emails']='Can unban emails (enables Can ban emails)'; $hesklang['can_unban_emails']='Can unban emails (enables Can ban emails)';
$hesklang['eisban']='This email address is banned.'; $hesklang['eisban']='This email address is banned.';
$hesklang['click_unban']='Click here to unban.'; $hesklang['click_unban']='Click here to unban.';
$hesklang['banip']='Banned IPs';
$hesklang['banip_intro']='Visitors from banned IP addresses will not be able to view or submit tickets and login into the help desk.'; $hesklang['banip_intro']='Visitors from banned IP addresses will not be able to view or submit tickets and login into the help desk.';
$hesklang['ipperm']='Permanent IP bans:'; $hesklang['ipperm']='Permanent IP bans:';
$hesklang['iptemp']='Login failure bans:'; $hesklang['iptemp']='Login failure bans:';
@ -1809,7 +1855,7 @@ $hesklang['ekb_y']='<b>YES</b>, enable Knowledgebase';
$hesklang['ekb_o']='<b>YES</b>, use HESK as a Knowledgebase only (<i>disable help desk</i>)'; $hesklang['ekb_o']='<b>YES</b>, use HESK as a Knowledgebase only (<i>disable help desk</i>)';
$hesklang['kb_set']='Knowledgebase settings'; $hesklang['kb_set']='Knowledgebase settings';
$hesklang['kbo1']='Knowledgebase-only mode'; $hesklang['kbo1']='Knowledgebase-only mode';
$hesklang['kbo2']='<br /><br />Visitors cannot submit new support tickets and are taken directly to the knowledgebase.'; $hesklang['kbo2']='Visitors cannot submit new support tickets and are taken directly to the knowledgebase.';
$hesklang['fpass']='Forgot your password?'; $hesklang['fpass']='Forgot your password?';
$hesklang['passr']='Password reset'; $hesklang['passr']='Password reset';
$hesklang['passa']='Allow users to reset a forgot password over email'; $hesklang['passa']='Allow users to reset a forgot password over email';
@ -1843,5 +1889,180 @@ $hesklang['rcpv']='Secret key (Private key)';
// If your language is NOT in the supported langauges, leave 'en' // If your language is NOT in the supported langauges, leave 'en'
$hesklang['RECAPTCHA']='en'; $hesklang['RECAPTCHA']='en';
// Added or modified in version 2.7.0
$hesklang['imap']='IMAP Fetching';
$hesklang['imaph']='IMAP Host';
$hesklang['imapp']='IMAP Port';
$hesklang['enc']='Encryption';
$hesklang['ssl']='SSL';
$hesklang['tls']='TLS';
$hesklang['none']='None';
$hesklang['imapu']='IMAP Username';
$hesklang['imapw']='IMAP Password';
$hesklang['imaptest']='Test IMAP connection';
$hesklang['ifd']='[HESK] IMAP FETCHING IS DISABLED IN SETTINGS';
$hesklang['iei']='[HESK] PHP IMAP extension is not installed.';
$hesklang['ifr']='Another IMAP fetching task is still in progress.';
$hesklang['arp']='Auto reload page';
$hesklang['arpp']='Automatically reload page with ticket list every:';
$hesklang['seconds']='seconds'; // Reload page every X 'seconds'
$hesklang['minutes']='minutes'; // Reload page every X 'minutes'
$hesklang['atbr']='This ticket needs to be assigned before it can be replied to.';
$hesklang['attm']='Assign this ticket to me';
$hesklang['owneed']='Owner needed';
$hesklang['taat']='This ticket is already assigned to <b>%s</b>.';
$hesklang['scoy']='Are you sure you want to assign it to yourself?';
$hesklang['scot']='Are you sure you want to assign it to %s?';
$hesklang['ycto']='YES, change the owner';
$hesklang['ncto']='NO, keep current owner';
$hesklang['fass']='Require owner';
$hesklang['req_sub']='Require subject';
$hesklang['req_msg']='Require message';
$hesklang['req_email']='Require email';
$hesklang['default_subject']='Ticket from %s'; // Default ticket subject, %s will be replaced with name
$hesklang['off-hide']='Hide in customer form';
$hesklang['ons']='ON - Everyone'; // For admin settings page
$hesklang['not_valid_email']='Enter a valid email address or leave this field empty';
$hesklang['write_down']='<span style="color:red">We recommend that you write down your Ticket ID for future reference.</span>';
$hesklang['re_confirm1']='Disabling this will also disable "Require email to view tickets" under "Security". Proceed?';
$hesklang['re_confirm2']='Enabling this will also enable "Require email" under "Features". Proceed?';
$hesklang['can_email_tpl']='Edit email templates'; // Staff permission
$hesklang['et_title']='Email templates';
$hesklang['et_intro']='Modify emails that are sent to your staff and customers';
$hesklang['file']='File';
$hesklang['efile']='Editing file';
$hesklang['rdesc']='(Recipient) Description';
$hesklang['desc_forgot_ticket_id'] = '(Customer) Forgot ticket tracking ID';
$hesklang['desc_new_reply_by_staff'] = '(Customer) New staff reply';
$hesklang['desc_new_ticket'] = '(Customer) Ticket received';
$hesklang['desc_ticket_closed'] = '(Customer) Ticket closed/resolved';
$hesklang['desc_category_moved'] = '(Staff) Ticket moved to a new category';
$hesklang['desc_new_reply_by_customer'] = '(Staff) New customer reply';
$hesklang['desc_new_ticket_staff'] = '(Staff) New ticket submitted';
$hesklang['desc_ticket_assigned_to_you'] = '(Staff) A ticket was assigned to you';
$hesklang['desc_new_pm'] = '(Staff) New private message';
$hesklang['desc_new_note'] = '(Staff) New note on a ticket assigned to you';
$hesklang['desc_reset_password'] = '(Staff) Reset your password';
$hesklang['etfm']='One or more email templates are missing.<br /><br />Make sure you upload all email template files inside your <i>/language/%s/emails</i> folder.';
$hesklang['etfw']='Some email templates are not writable.<br /><br />
Make sure PHP has permission to write to all files inside your <i>/language/%s/emails</i> folder.<br /><br />
On Unix servers you might need to CHMOD email templates to 666 (rw-rw-rw-)';
$hesklang['et_e_id']='Missing template ID';
$hesklang['et_fm']='This email template file is missing';
$hesklang['et_fw']='This email template file is not writable';
$hesklang['et_save']='Save email template';
$hesklang['updated_on']='Updated on';
$hesklang['ticket_url']='Ticket URL';
$hesklang['pm_url']='Private message URL';
$hesklang['et_num']='Number of tickets';
$hesklang['et_list']='List of support tickets';
$hesklang['et_empty']='Email template cannot be empty';
$hesklang['et_saved']='Email template saved';
$hesklang['source']='Source';
$hesklang['select_category']='Select a category';
$hesklang['select_category_text']='What can we help you with?';
$hesklang['select_category_staff']='Select ticket category';
$hesklang['scat']='Category select limit';
$hesklang['scat2']='(a select box will show if category count is higher)';
$hesklang['new_cf']='New custom field';
$hesklang['cf_intro']='Use this feature to add custom fields to the Submit a ticket form so you can collect additional data from customers.';
$hesklang['cf_public']='Public';
$hesklang['cf_private']='Staff only';
$hesklang['cf_cust']='For customers';
$hesklang['cf_all']='All';
$hesklang['cf_cat']='Selected';
$hesklang['cf_ctrl']='Tip: hold down CTRL key to select multiple categories';
$hesklang['visibility']='Visibility';
$hesklang['cf_save']='Save custom field';
$hesklang['ex_cf']='Active custom fields';
$hesklang['no_cf']='No active custom fields';
$hesklang['del_cf']='Delete this custom field? This will also delete any saved custom field data from the database!';
$hesklang['cf_e_id']='Invalid ID';
$hesklang['edit_cf']='Edit custom field';
$hesklang['cf_deleted']='Custom field deleted';
$hesklang['cf_not_found']='This custom field does not exist';
$hesklang['err_custname']='Enter custom field name';
$hesklang['cf_added']='A new custom field has been added';
$hesklang['cf_nocat']='Select at least one category for this custom field';
$hesklang['cf_mdf']='Custom field has been saved';
$hesklang['opt4']='Options for this checkbox, enter one option per line. Each line will be a choice your customers can choose from, multiple choices are possible.';
$hesklang['atl1']='Enter at least one option.';
$hesklang['sch']='Hidden';
$hesklang['meml3']='Allow multiple emails to be entered';
$hesklang['dmin']='Minimum accepted date';
$hesklang['dmax']='Maximum accepted date';
$hesklang['d_day']='day(s)';
$hesklang['d_week']='week(s)';
$hesklang['d_month']='month(s)';
$hesklang['d_year']='year(s)';
$hesklang['d_any']='Any date';
$hesklang['d_fixed']='Fixed date';
$hesklang['d_relative']='Relative date';
$hesklang['d_mm']='Minimum date may not be higher than maximum date';
$hesklang['d_emin']='Minimum date for <i>%s</i> is %s'; // Minimum date for FIELD_NAME is DATE
$hesklang['d_emax']='Maximum date for <i>%s</i> is %s'; // Maximum date for FIELD_NAME is DATE
$hesklang['d_format']='Date display format';
$hesklang['d_custom']='Custom format';
$hesklang['d_ci']='ADVANCED USERS ONLY: a valid PHP date format, see PHP manual.';
$hesklang['cf_noe']='Enter a valid email address into <i>%s</i>';
$hesklang['cf_noem']='Enter one or more valid email addresses into <i>%s</i>';
$hesklang['cf_limit']='You have 50 active custom fields, no new can be created.';
$hesklang['can_resolve']='Can resolve tickets';
$hesklang['can_change_cat']='Change ticket category (to any)';
$hesklang['can_change_own_cat']='Change ticket category (to allowed)';
$hesklang['can_submit_any_cat']='Can submit tickets to any category';
$hesklang['noauth_submit']='You are not authorized to submit tickets to this category!';
$hesklang['noauth_move']='You are not authorized to move tickets to this category!';
$hesklang['noauth_resolve']='You are not authorized to resolve tickets!';
$hesklang['force_ssl']='Force SSL connections';
$hesklang['d_ssl']='<i>disabled</i> - open this page with https:// to manage this option';
$hesklang['enn']='Except for tickets from emails if email subject contains:';
$hesklang['scno']='This status cannot be changed';
$hesklang['statuses']='Statuses';
$hesklang['statuses_intro']='Use this tool to add custom ticket statuses to your help desk';
$hesklang['color']='Color';
$hesklang['csscl']='CSS class or color';
$hesklang['clr_view']='Color preview on text';
$hesklang['cbc']='Changeable by customers';
$hesklang['ccc']='Can customers change this status?';
$hesklang['del_status']='Delete this status?';
$hesklang['ex_status']='Existing statuses';
$hesklang['status_hesk']='Built-in Statuses (cannot be modified here)';
$hesklang['status_custom']='Custom Statuses';
$hesklang['status_custom_none']='No custom statuses. You can add them using the form above.';
$hesklang['status_save']='Save status';
$hesklang['list_tkt_status']='List all tickets with this status';
$hesklang['new_status']='New custom status';
$hesklang['edit_status']='Edit custom status';
$hesklang['err_status']='Enter the status name';
$hesklang['status_added']='A new custom status has been added';
$hesklang['status_e_id']='Invalid ID';
$hesklang['status_mdf']='Custom status has been saved';
$hesklang['status_deleted']='Custom status deleted';
$hesklang['status_not_found']='This custom status does not exist';
$hesklang['status_not_empty']='This status cannot be removed because tickets with this status exist';
$hesklang['status_limit']='You have 100 custom statuses, no new can be created.';
$hesklang['public_link']='Public link'; // Link to the public KB article in the private KB pages
$hesklang['frames']='Frames';
$hesklang['frames2']='Prevent loading HESK in frames on third party domains';
$hesklang['numsub']='Submitted tickets'; // Will show how many tickets this user submitted
$hesklang['hidf']='Hidden inputs are not visible to customers on the Submit a ticket form (the value will still be visible on ticket details page if they are set as public). They behave as normal text fields for staff members.';
$hesklang['rcheck']='Do not select a default option';
$hesklang['refresh_page']='Refresh this page';
$hesklang['banemail']='Ban emails';
$hesklang['banip']='Ban IPs';
$hesklang['tab_4']='Custom fields';
$hesklang['del_kba']='Delete this article';
$hesklang['del_kbaa']='Permanently delete this article';
$hesklang['hni1']='HESK not installed yet?';
$hesklang['hni2']='It appears that this help desk has not been properly installed and configured yet.';
$hesklang['hni3']='To install HESK, follow <a href="docs/">Instructions in the documentation</a>';
$hesklang['cf']='Cache folder';
$hesklang['e_cdir']='Hesk will not be able to parse emails or cache results unless the cache folder exists and is writable.';
$hesklang['step1']='Step 1';
$hesklang['step2']='Step 2';
$hesklang['dffs']='When download completes, delete the file from server';
$hesklang['fd']='Export file deleted from server';
// DO NOT CHANGE BELOW // DO NOT CHANGE BELOW
if (!defined('IN_SCRIPT')) die('PHP syntax OK!'); if (!defined('IN_SCRIPT')) die('PHP syntax OK!');

65
print.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', './'); define('HESK_PATH', './');
@ -55,6 +38,9 @@ $trackingID = hesk_cleanID('p_track') or die("$hesklang[int_error]: $hesklang[no
/* Connect to database */ /* Connect to database */
hesk_dbConnect(); hesk_dbConnect();
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
// Perform additional checks for customers // Perform additional checks for customers
if (empty($_SESSION['id'])) { if (empty($_SESSION['id'])) {
// Are we in maintenance mode? // Are we in maintenance mode?
@ -218,15 +204,17 @@ echo '</tr>';
$num_cols = 0; $num_cols = 0;
echo '<tr>'; echo '<tr>';
foreach ($hesk_settings['custom_fields'] as $k => $v) { foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) { if (($v['use'] == 1 || (! empty($_SESSION['id']) && $v['use'] == 2)) && hesk_is_custom_field_in_category($k, $ticket['category'])) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
if ($num_cols == 3) { if ($num_cols == 3) {
echo '</tr><tr>'; echo '</tr><tr>';
$num_cols = 0; $num_cols = 0;
} }
switch ($v['type']) {
case 'date':
$ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
break;
}
?> ?>
<td bgcolor="#EEE"><b><?php echo $v['name']; ?>:</b></td> <td bgcolor="#EEE"><b><?php echo $v['name']; ?>:</b></td>
<td bgcolor="#DDD"><?php echo hesk_unhortenUrl($ticket[$k]); ?></td> <td bgcolor="#DDD"><?php echo hesk_unhortenUrl($ticket[$k]); ?></td>
@ -239,11 +227,14 @@ foreach ($hesk_settings['custom_fields'] as $k => $v) {
echo '</table><br>'; echo '</table><br>';
// Print initial ticket message // Print initial ticket message
$newMessage = hesk_unhortenUrl($ticket['message']); if ($ticket['message'] != '') {
if ($ticket['html']) { $newMessage = hesk_unhortenUrl($ticket['message']);
$newMessage = hesk_html_entity_decode($newMessage); if ($ticket['html']) {
$newMessage = hesk_html_entity_decode($newMessage);
}
echo '<p>' . $newMessage . '</p>';
} }
echo '<p>' . $newMessage . '</p>';
// Print replies // Print replies
while ($reply = hesk_dbFetchAssoc($res)) { while ($reply = hesk_dbFetchAssoc($res)) {

59
reply_ticket.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', './'); define('HESK_PATH', './');
@ -185,17 +168,19 @@ if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
} }
// If staff hasn't replied yet, don't change the status; otherwise set it to the status for customer replies. // If staff hasn't replied yet, don't change the status; otherwise set it to the status for customer replies.
$customerReplyStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsCustomerReplyStatus` = 1'; if (hesk_can_customer_change_status($ticket['status'])) {
$defaultNewTicketStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1'; $customerReplyStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsCustomerReplyStatus` = 1';
$newStatusRs = hesk_dbQuery($customerReplyStatusQuery); $defaultNewTicketStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1';
$newStatus = hesk_dbFetchAssoc($newStatusRs); $newStatusRs = hesk_dbQuery($customerReplyStatusQuery);
$defaultNewTicketStatusRs = hesk_dbQuery($defaultNewTicketStatusQuery); $newStatus = hesk_dbFetchAssoc($newStatusRs);
$defaultNewTicketStatus = hesk_dbFetchAssoc($defaultNewTicketStatusRs); $defaultNewTicketStatusRs = hesk_dbQuery($defaultNewTicketStatusQuery);
$defaultNewTicketStatus = hesk_dbFetchAssoc($defaultNewTicketStatusRs);
$ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];
$ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];
}
/* Update ticket as necessary */ /* Update ticket as necessary */
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}' LIMIT 1"); $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}'");
// Insert reply into database // Insert reply into database
$modsForHesk_settings = mfh_getSettings(); $modsForHesk_settings = mfh_getSettings();

192
submit_ticket.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', './'); define('HESK_PATH', './');
@ -150,24 +133,46 @@ if ($hesk_settings['secimg_use'] && !isset($_SESSION['img_verified'])) {
} }
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name']; $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
$tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email'];
$email_available = true;
if ($hesk_settings['require_email']) {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
} else {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
// Not required, but must be valid if it is entered
if ($tmpvar['email'] == '') {
$email_available = false;
if (strlen(hesk_POST('email'))) {
$hesk_error_buffer['email'] = $hesklang['not_valid_email'];
}
// No need to confirm the email
$hesk_settings['confirm_email'] = 0;
$_POST['email2'] = '';
$_SESSION['c_email'] = '';
$_SESSION['c_email2'] = '';
}
}
if ($hesk_settings['confirm_email']) { if ($hesk_settings['confirm_email']) {
$tmpvar['email2'] = hesk_validateEmail(hesk_POST('email2'), 'ERR', 0) or $hesk_error_buffer['email2'] = $hesklang['confemail2']; $tmpvar['email2'] = hesk_validateEmail(hesk_POST('email2'), 'ERR', 0) or $hesk_error_buffer['email2'] = $hesklang['confemail2'];
// Anything entered as email confirmation? // Anything entered as email confirmation?
if (strlen($tmpvar['email2'])) { if ($tmpvar['email2'] != '') {
// Do we have multiple emails? // Do we have multiple emails?
if ($hesk_settings['multi_eml']) { if ($hesk_settings['multi_eml']) {
$tmpvar['email'] = str_replace(';', ',', $tmpvar['email']); $tmpvar['email'] = str_replace(';', ',', $tmpvar['email']);
$tmpvar['email2'] = str_replace(';', ',', $tmpvar['email2']); $tmpvar['email2'] = str_replace(';', ',', $tmpvar['email2']);
if (count(array_diff(explode(',', strtolower($tmpvar['email'])), explode(',', strtolower($tmpvar['email2'])))) == 0) { if (count(array_diff(explode(',', strtolower($tmpvar['email'])), explode(',', strtolower($tmpvar['email2'])))) == 0) {
$_SESSION['c_email2'] = $_POST['email2']; $_SESSION['c_email2'] = hesk_POST('email2');
} }
} // Single email address match } // Single email address match
elseif (!$hesk_settings['multi_eml'] && strtolower($tmpvar['email']) == strtolower($tmpvar['email2'])) { elseif (!$hesk_settings['multi_eml'] && strtolower($tmpvar['email']) == strtolower($tmpvar['email2'])) {
$_SESSION['c_email2'] = $_POST['email2']; $_SESSION['c_email2'] = hesk_POST('email2');
} else { } else {
// Invalid match // Invalid match
$tmpvar['email2'] = ''; $tmpvar['email2'] = '';
@ -177,7 +182,7 @@ if ($hesk_settings['confirm_email']) {
$hesk_error_buffer['email2'] = $hesklang['confemaile']; $hesk_error_buffer['email2'] = $hesklang['confemaile'];
} }
} else { } else {
$_SESSION['c_email2'] = $_POST['email2']; $_SESSION['c_email2'] = hesk_POST('email2');
} }
} }
@ -207,8 +212,25 @@ else {
} }
} }
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject']; if ($hesk_settings['require_subject'] == -1) {
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer['message'] = $hesklang['enter_message'];; $tmpvar['subject'] = '';
} else {
$tmpvar['subject'] = hesk_input( hesk_POST('subject') );
if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
$hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
}
}
if ($hesk_settings['require_message'] == -1) {
$tmpvar['message'] = '';
} else {
$tmpvar['message'] = hesk_input( hesk_POST('message') );
if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
$hesk_error_buffer['message'] = $hesklang['enter_message'];
}
}
// Is category a valid choice? // Is category a valid choice?
if ($tmpvar['category']) { if ($tmpvar['category']) {
@ -222,46 +244,72 @@ if ($tmpvar['category']) {
// Custom fields // Custom fields
$modsForHesk_settings = mfh_getSettings(); $modsForHesk_settings = mfh_getSettings();
foreach ($hesk_settings['custom_fields'] as $k => $v) { foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use']) { if ($v['use']==1 && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
if ($modsForHesk_settings['custom_field_setting']) { if ($v['type'] == 'checkbox') {
$v['name'] = $hesklang[$v['name']]; $tmpvar[$k]='';
}
if (isset($_POST[$k]) && is_array($_POST[$k])) {
if ($v['type'] == 'checkbox' || $v['type'] == 'multiselect') { foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] = ''; $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';;
if (isset($_POST[$k])) {
if (is_array($_POST[$k])) {
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';;
}
$tmpvar[$k] = substr($tmpvar[$k], 0, -6);
} }
$tmpvar[$k]=substr($tmpvar[$k],0,-6);
} else { } else {
if ($v['req']) { if ($v['req']) {
$hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name']; $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
} }
$_POST[$k] = ''; $_POST[$k] = '';
} }
$_SESSION["c_$k"] = hesk_POST_array($k); $_SESSION["c_$k"]=hesk_POST_array($k);
} elseif ($v['req']) { } elseif ($v['type'] == 'date') {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k)))); $tmpvar[$k] = hesk_POST($k);
$_SESSION["c_$k"] = hesk_POST($k); $_SESSION["c_$k"] = '';
if (!strlen($tmpvar[$k])) {
$hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name']; if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
} $date = strtotime($tmpvar[$k] . ' t00:00:00');
$dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
$dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
if ($v['type'] == 'date') { $_SESSION["c_$k"] = $tmpvar[$k];
$tmpvar[$k] = strtotime($_POST[$k]);
if ($dmin && $dmin > $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
} elseif ($dmax && $dmax < $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
} else {
$tmpvar[$k] = $date;
}
} else {
if ($v['req']) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
} }
} else { } elseif ($v['type'] == 'email') {
if ($v['type'] == 'date' && $_POST[$k] != '') { $tmp = $hesk_settings['multi_eml'];
$tmpvar[$k] = strtotime($_POST[$k]); $hesk_settings['multi_eml'] = $v['value']['multiple'];
$tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
$hesk_settings['multi_eml'] = $tmp;
if ($tmpvar[$k] != '') {
$_SESSION["c_$k"] = hesk_input($tmpvar[$k]);
} else { } else {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k)))); $_SESSION["c_$k"] = '';
if ($v['req']) {
$hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
}
}
} elseif ($v['req']) {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
if ($tmpvar[$k] == '') {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
} }
$_SESSION["c_$k"]=hesk_POST($k);
} else {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
$_SESSION["c_$k"]=hesk_POST($k);
} }
} else { } else {
$tmpvar[$k] = ''; $tmpvar[$k] = '';
@ -269,13 +317,13 @@ foreach ($hesk_settings['custom_fields'] as $k => $v) {
} }
// Check bans // Check bans
if (!isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) { if ($email_available && ! isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
hesk_error($hesklang['baned_e']); hesk_error($hesklang['baned_e']);
} }
// Check maximum open tickets limit // Check maximum open tickets limit
$below_limit = true; $below_limit = true;
if ($hesk_settings['max_open'] && !isset($hesk_error_buffer['email'])) { if ($email_available && $hesk_settings['max_open'] && ! isset($hesk_error_buffer['email'])) {
$res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN (SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsClosed` = 0) AND " . hesk_dbFormatEmail($tmpvar['email'])); $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN (SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsClosed` = 0) AND " . hesk_dbFormatEmail($tmpvar['email']));
$num = hesk_dbResult($res); $num = hesk_dbResult($res);
@ -327,7 +375,6 @@ if (count($hesk_error_buffer)) {
$_SESSION['c_name'] = hesk_POST('name'); $_SESSION['c_name'] = hesk_POST('name');
$_SESSION['c_email'] = hesk_POST('email'); $_SESSION['c_email'] = hesk_POST('email');
$_SESSION['c_category'] = hesk_POST('category');
$_SESSION['c_priority'] = hesk_POST('priority'); $_SESSION['c_priority'] = hesk_POST('priority');
$_SESSION['c_subject'] = hesk_POST('subject'); $_SESSION['c_subject'] = hesk_POST('subject');
$_SESSION['c_message'] = hesk_POST('message'); $_SESSION['c_message'] = hesk_POST('message');
@ -343,7 +390,7 @@ if (count($hesk_error_buffer)) {
} }
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $tmp . '</ul>'; $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $tmp . '</ul>';
hesk_process_messages($hesk_error_buffer, 'index.php?a=add'); hesk_process_messages($hesk_error_buffer, 'index.php?a=add&category='.$tmpvar['category']);
} }
if (!$modsForHesk_settings['rich_text_for_tickets_for_customers']) { if (!$modsForHesk_settings['rich_text_for_tickets_for_customers']) {
@ -389,7 +436,7 @@ $tmpvar['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
// Should the helpdesk validate emails? // Should the helpdesk validate emails?
$createTicket = true; $createTicket = true;
if ($modsForHesk_settings['customer_email_verification_required']) { if ($modsForHesk_settings['customer_email_verification_required'] && $email_available) {
$verifiedEmailSql = "SELECT `Email` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "verified_emails` WHERE `Email` = '" . hesk_dbEscape($tmpvar['email']) . "'"; $verifiedEmailSql = "SELECT `Email` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "verified_emails` WHERE `Email` = '" . hesk_dbEscape($tmpvar['email']) . "'";
$verifiedEmailRS = hesk_dbQuery($verifiedEmailSql); $verifiedEmailRS = hesk_dbQuery($verifiedEmailSql);
if ($verifiedEmailRS->num_rows == 0) { if ($verifiedEmailRS->num_rows == 0) {
@ -414,7 +461,7 @@ if ($createTicket) {
$ticket = hesk_newTicket($tmpvar); $ticket = hesk_newTicket($tmpvar);
// Notify the customer // Notify the customer
if ($hesk_settings['notify_new']) { if ($hesk_settings['notify_new'] && $email_available) {
hesk_notifyCustomer($modsForHesk_settings); hesk_notifyCustomer($modsForHesk_settings);
} }
@ -434,7 +481,7 @@ $_SESSION['already_submitted'] = 1;
// Need email to view ticket? If yes, remember it by default // Need email to view ticket? If yes, remember it by default
if ($hesk_settings['email_view_ticket']) { if ($hesk_settings['email_view_ticket']) {
setcookie('hesk_myemail', $tmpvar['email'], strtotime('+1 year')); hesk_setcookie('hesk_myemail', $tmpvar['email'], strtotime('+1 year'));
} }
// Unset temporary variables // Unset temporary variables
@ -466,7 +513,8 @@ require_once(HESK_PATH . 'inc/header.inc.php');
$hesklang['ticket_submitted'] . '<br /><br />' . $hesklang['ticket_submitted'] . '<br /><br />' .
$hesklang['ticket_submitted_success'] . ': <b>' . $ticket['trackid'] . '</b><br /><br /> ' . $hesklang['ticket_submitted_success'] . ': <b>' . $ticket['trackid'] . '</b><br /><br /> ' .
($hesk_settings['notify_new'] && $hesk_settings['spam_notice'] ? $hesklang['spam_inbox'] . '<br /><br />' : '') . ( ! $email_available ? $hesklang['write_down'] . '<br /><br />' : '') .
($email_available && $hesk_settings['notify_new'] && $hesk_settings['spam_notice'] ? $hesklang['spam_inbox'] . '<br /><br />' : '') .
'<a href="' . $hesk_settings['hesk_url'] . '/ticket.php?track=' . $ticket['trackid'] . '">' . $hesklang['view_your_ticket'] . '</a>' '<a href="' . $hesk_settings['hesk_url'] . '/ticket.php?track=' . $ticket['trackid'] . '">' . $hesklang['view_your_ticket'] . '</a>'
); );
} else { } else {

39
suggest_articles.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', './'); define('HESK_PATH', './');

54
suggest_email.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', './'); define('HESK_PATH', './');
@ -48,10 +31,13 @@ header("Pragma: no-cache");
// Get the search query composed of the subject and message // Get the search query composed of the subject and message
$address = hesk_REQUEST('e') or die(''); $address = hesk_REQUEST('e') or die('');
$email_field = hesk_REQUEST('ef') or die('');
$display_div = hesk_REQUEST('dd') or die('');
$pad_div = hesk_REQUEST('pd') ? 1 : 0;
$div = 1; $div = 1;
// Do we allow multiple emails? If yes, check all // Do we allow multiple emails? If yes, check all
if ($hesk_settings['multi_eml']) { if ($hesk_settings['multi_eml'] || hesk_REQUEST('am')) {
// Make sure the format is correct // Make sure the format is correct
$address = preg_replace('/\s/', '', $address); $address = preg_replace('/\s/', '', $address);
$address = str_replace(';', ',', $address); $address = str_replace(';', ',', $address);
@ -75,9 +61,9 @@ exit();
function hesk_emailTypoShow($address, $suggest, $div = '') function hesk_emailTypoShow($address, $suggest, $div = '')
{ {
global $hesk_settings, $hesklang; global $hesk_settings, $hesklang, $email_field, $display_div, $pad_div;
?> ?>
<div id="emailtypo<?php echo $div; ?>" style="display:block"> <div id="emailtypo<?php echo $display_div.$div; ?>" style="display:block">
<table border="0" width="100%"> <table border="0" width="100%">
<tr> <tr>
<td width="150">&nbsp;</td> <td width="150">&nbsp;</td>
@ -85,10 +71,8 @@ function hesk_emailTypoShow($address, $suggest, $div = '')
<div class="alert alert-info"> <div class="alert alert-info">
<?php echo sprintf($hesklang['didum'], str_replace('@', '@<b>', $suggest . '</b>')); ?> <?php echo sprintf($hesklang['didum'], str_replace('@', '@<b>', $suggest . '</b>')); ?>
<br/><br/> <br/><br/>
<a class="btn btn-default" href="javascript:void();" <a class="btn btn-default" href="javascript:void(0);" onclick="var eml=document.getElementById('<?php echo $email_field; ?>').value;document.getElementById('<?php echo $email_field; ?>').value=eml.replace(/<?php echo preg_quote($address, '/'); ?>/gi, '<?php echo addslashes($suggest); ?>' );document.getElementById('emailtypo<?php echo $display_div.$div; ?>').style.display='none';"><?php echo $hesklang['yfix']; ?></a>
onclick="javascript:var eml=document.form1.email.value;document.form1.email.value=eml.replace(/<?php echo preg_quote($address, '/'); ?>/gi, '<?php echo addslashes($suggest); ?>' );hesk_toggleLayerDisplay('emailtypo<?php echo $div; ?>');"><?php echo $hesklang['yfix']; ?></a> <a class="btn btn-default" href="javascript:void(0);" onclick="document.getElementById('emailtypo<?php echo $display_div.$div; ?>').style.display='none';"><?php echo $hesklang['nole']; ?></a>
<a class="btn btn-default" href="javascript:void();"
onclick="javascript:hesk_toggleLayerDisplay('emailtypo<?php echo $div; ?>');"><?php echo $hesklang['nole']; ?></a>
</div> </div>
</td> </td>
</tr> </tr>

126
ticket.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php <?php
/******************************************************************************* /**
* Title: Help Desk Software HESK *
* Version: 2.6.8 from 10th August 2016 * This file is part of HESK - PHP Help Desk Software.
* Author: Klemen Stirn *
* Website: http://www.hesk.com * (c) Copyright Klemen Stirn. All rights reserved.
******************************************************************************** * http://www.hesk.com
* COPYRIGHT AND TRADEMARK NOTICE *
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved. * For the full copyright and license agreement information visit
* HESK is a registered trademark of Klemen Stirn. * http://www.hesk.com/eula.php
* The HESK may be used and modified free of charge by anyone *
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT. */
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1); define('IN_SCRIPT', 1);
define('HESK_PATH', './'); define('HESK_PATH', './');
@ -118,6 +101,8 @@ if ($is_form) {
/* Limit brute force attempts */ /* Limit brute force attempts */
hesk_limitBfAttempts(); hesk_limitBfAttempts();
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
/* Get ticket info */ /* Get ticket info */
$res = hesk_dbQuery("SELECT `t1`.* , `t2`.name AS `repliername`, `ticketStatus`.`IsClosed` AS `isClosed`, `ticketStatus`.`Key` AS `statusKey` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` AS `ticketStatus` ON `t1`.`status` = `ticketStatus`.`ID` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); $res = hesk_dbQuery("SELECT `t1`.* , `t2`.name AS `repliername`, `ticketStatus`.`IsClosed` AS `isClosed`, `ticketStatus`.`Key` AS `statusKey` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` AS `ticketStatus` ON `t1`.`status` = `ticketStatus`.`ID` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
@ -158,9 +143,9 @@ hesk_cleanBfAttempts();
/* Remember email address? */ /* Remember email address? */
if ($is_form) { if ($is_form) {
if ( strlen($do_remember) ) { if ( strlen($do_remember) ) {
setcookie('hesk_myemail', $my_email, strtotime('+1 year')); hesk_setcookie('hesk_myemail', $my_email, strtotime('+1 year'));
} elseif (isset($_COOKIE['hesk_myemail'])) { } elseif (isset($_COOKIE['hesk_myemail'])) {
setcookie('hesk_myemail', ''); hesk_setcookie('hesk_myemail', '');
} }
} }
@ -175,7 +160,7 @@ if ($ticket['lastreplier']) {
// If IP is unknown (tickets via email pipe/pop3 fetching) assume current visitor IP as customer IP // If IP is unknown (tickets via email pipe/pop3 fetching) assume current visitor IP as customer IP
if ($ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown']) { if ($ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown']) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `ip` = '" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' WHERE `id`=" . intval($ticket['id']) . " LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `ip` = '" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' WHERE `id`=" . intval($ticket['id']));
} }
/* Get category name and ID */ /* Get category name and ID */
@ -257,9 +242,15 @@ if (!$show['show']) {
<div class="blankSpace"></div> <div class="blankSpace"></div>
<div class="table-bordered"> <div class="table-bordered">
<div class="row"> <div class="row">
<div class="col-md-12"> <div class="col-md-10">
<h2><?php echo $ticket['subject']; ?></h2> <h2><?php echo $ticket['subject']; ?></h2>
</div> </div>
<div class="col-md-2 pull-right pad-down-20">
<a href="ticket.php?track=<?php echo $trackingID.$hesk_settings['e_query']; ?>">
<i class="fa fa-refresh"></i>
<?php echo $hesklang['refresh_page']; ?>
</a>
</div>
</div> </div>
<div class="row"> <div class="row">
<div class="col-md-3 col-sm-12"> <div class="col-md-3 col-sm-12">
@ -282,7 +273,8 @@ if (!$show['show']) {
echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=3&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['close_action'] . '">' . $hesklang['close_action'] . '</a>'; echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=3&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['close_action'] . '">' . $hesklang['close_action'] . '</a>';
} }
} }
?></p> ?>
</p>
</div> </div>
</div> </div>
<div class="row medLowPriority"> <div class="row medLowPriority">
@ -340,7 +332,9 @@ if (!$show['show']) {
<div class="row ticketMessageContainer"> <div class="row ticketMessageContainer">
<div class="col-md-3 col-xs-12"> <div class="col-md-3 col-xs-12">
<div class="ticketName"><?php echo $ticket['name']; ?></div> <div class="ticketName"><?php echo $ticket['name']; ?></div>
<div class="ticketEmail"><a href="mailto:<?php echo $ticket['email']; ?>"><?php echo $ticket['email']; ?></a></div> <?php if ($ticket['email'] != '') { ?>
<div class="ticketEmail"><a href="mailto:<?php echo $ticket['email']; ?>"><?php echo $ticket['email']; ?></a></div>
<?php } ?>
</div> </div>
<div class="col-md-9 col-xs-12 pushMarginLeft"> <div class="col-md-9 col-xs-12 pushMarginLeft">
<div class="ticketMessageTop withBorder"> <div class="ticketMessageTop withBorder">
@ -350,53 +344,53 @@ if (!$show['show']) {
<!-- Custom Fields Before Message --> <!-- Custom Fields Before Message -->
<?php <?php
foreach ($hesk_settings['custom_fields'] as $k => $v) { foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && $v['place'] == 0) { if ($v['use'] == 1 && $v['place'] == 0 && hesk_is_custom_field_in_category($k, $ticket['category'])) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
echo '<p>' . $v['name'] . ': '; echo '<p>' . $v['name'] . ': ';
if ($v['type'] == 'date' && !empty($ticket[$k])) { switch ($v['type'])
$dt = date('Y-m-d h:i:s', $ticket[$k]); {
echo hesk_dateToString($dt, 0); case 'email':
} else { $ticket[$k] = '<a href="mailto:'.$ticket[$k].'">'.$ticket[$k].'</a>';
echo $ticket[$k]; break;
case 'date':
$ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
break;
} }
echo '</p>'; echo $ticket[$k].'</p>';
} }
} }
?> ?>
</div> </div>
<div class="ticketMessageBottom"> <div class="ticketMessageBottom">
<!-- Message --> <?php if ($ticket['message'] != '') { ?>
<p><b><?php echo $hesklang['message']; ?>:</b></p> <!-- Message -->
<p><b><?php echo $hesklang['message']; ?>:</b></p>
<div class="message"> <div class="message">
<?php if ($ticket['html']) { <?php if ($ticket['html']) {
echo hesk_html_entity_decode($ticket['message']); echo hesk_html_entity_decode($ticket['message']);
} else { } else {
echo $ticket['message']; echo $ticket['message'];
} }
?> ?>
</div> </div>
<?php } ?>
</div> </div>
<div class="ticketMessageTop"> <div class="ticketMessageTop">
<!-- Custom Fields after Message --> <!-- Custom Fields after Message -->
<?php <?php
foreach ($hesk_settings['custom_fields'] as $k => $v) { foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && $v['place']) { if ($v['use'] == 1 && $v['place'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
echo '<p>' . $v['name'] . ': '; echo '<p>' . $v['name'] . ': ';
if ($v['type'] == 'date' && !empty($ticket[$k])) { switch ($v['type'])
$dt = date('Y-m-d h:i:s', $ticket[$k]); {
echo hesk_dateToString($dt, 0); case 'email':
} else { $ticket[$k] = '<a href="mailto:'.$ticket[$k].'">'.$ticket[$k].'</a>';
echo $ticket[$k]; break;
case 'date':
$ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
break;
} }
echo '</p>'; echo $ticket[$k].'</p>';
} }
} }
/* Attachments */ /* Attachments */

Write Preview
Loading…
Cancel
Save