Netsyms
/
Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch '3-0-0' into 'master'

Browse Source 
3.0.0 Update

See merge request !29
merge-requests/30/head 3.0.0-beta-1
Mike Koch 8 years ago
parent df46cc7579 c5aff8b9db
commit 38d56f195f
88 changed files with 14319 additions and 11628 deletions
Show Stats Download Patch File Download Diff File

15
.gitignore vendored
Unescape Escape View File

@ -1,14 +1,13 @@
admin/admin_suggest_articles.php
admin/archive.php
admin/custom_statuses.php
admin/email_templates.php
admin/generate_spam_question.php
admin/priority.php
admin/test_connection.php
attachments/index.htm
docs/changelog.html
docs/docs_style.css
docs/index.html
docs/quick-guide.html
docs/step-by-step-guide.html
cache/
docs/
file_limits.php
footer.txt
header.txt
@ -27,6 +26,7 @@ img/clip.png
img/code.png
img/code_off.png
img/delete.png
img/delete_off.png
img/delete_ticket.png
img/edit.png
img/error.png
@ -114,6 +114,7 @@ img/print.png
img/private.png
img/public.png
img/reload.png
img/refresh.png
img/roundcornersb.jpg
img/roundcornerslb.jpg
img/roundcornerslm.jpg
@ -156,10 +157,11 @@ inc/calendar/tcal.js
inc/calendar/tcal.php
inc/database.inc.php
inc/database_mysqli.inc.php
inc/footer.inc.php
inc/htmlpurifier
inc/index.htm
inc/jscolor/
inc/mail/email_parser.php
inc/mail/hesk_imap.php
inc/mail/hesk_pipe.php
inc/mail/hesk_pop3.php
inc/mail/index.htm
@ -184,6 +186,7 @@ inc/recaptcha/recaptchalib.php
inc/reporting_functions.inc.php
inc/secimg.inc.php
inc/setup_functions.inc.php
inc/statuses.inc.php
inc/tabs/index.htm
inc/tabs/tabber-minimized.js
inc/tabs/tabber.css

113
admin/admin_main.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -41,6 +24,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/status_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -50,52 +34,60 @@ hesk_isLoggedIn();
define('CALENDAR', 1);
define('MAIN_PAGE', 1);
define('PAGE_TITLE', 'ADMIN_HOME');
define('AUTO_RELOAD', 1);
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row">
<div class="col-md-12 pad-down-20">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
/* Print tickets? */
if (hesk_checkPermission('can_view_tickets', 0)) {
if (!isset($_SESSION['hide']['ticket_list'])) //Number of tickets (table header. NOT ACTUAL TABLE)
{
echo '
<div class="panel panel-default">
<div class="panel-heading">
<h4>' . $hesklang['open_tickets'] . ' <span class="nu-floatRight panel-button"><a href="new_ticket.php" class="btn btn-success"><span class="glyphicon glyphicon-plus-sign"></span> ' . $hesklang['nti'] . '</a></span></h4>
</div>'; // The rest of the panel will be printed by print_tickets.inc.php
}
/* Reset default settings? */
if (isset($_GET['reset']) && hesk_token_check()) {
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
/* Reset default settings? */
if (isset($_GET['reset']) && hesk_token_check()) {
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "'");
$_SESSION['default_list'] = '';
} /* Get default settings */
else {
} /* Get default settings */
else {
parse_str($_SESSION['default_list'], $defaults);
$_GET = isset($_GET) && is_array($_GET) ? array_merge($_GET, $defaults) : $defaults;
}
}
?>
<section class="content">
<?php hesk_handle_messages(); ?>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['tickets']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<div class="checkbox">
<label>
<input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
<?php echo $hesklang['arp']; ?>
<span id="timer"></span>
</label>
</div>
<script type="text/javascript">heskCheckReloading();</script><br>
<?php
/* Print tickets? */
if (hesk_checkPermission('can_view_tickets', 0)) {
/* Print the list of tickets */
require(HESK_PATH . 'inc/print_tickets.inc.php');
echo "&nbsp;<br />";
echo '<br>';
/* Print forms for listing and searching tickets */
require(HESK_PATH . 'inc/show_search_form.inc.php');
} else {
echo '<p><i>' . $hesklang['na_view_tickets'] . '</i></p>';
}
?>
</div>
</div>
<?php
$hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
@ -114,13 +106,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
C9wPic7DQp9DQo=', "\112");
echo '<hr />&nbsp;<br />';
/* Clean unneeded session variables */
hesk_cleanSessionVars('hide');
?>
</div>
</div>
</section>
<?php

57
admin/admin_reply_ticket.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -74,6 +57,11 @@ if (hesk_dbNumRows($result) != 1) {
$ticket = hesk_dbFetchAssoc($result);
$trackingID = $ticket['trackid'];
// Do we require owner before allowing to reply?
if ($hesk_settings['require_owner'] && ! $ticket['owner']) {
hesk_process_messages($hesklang['atbr'],'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
}
$hesk_error_buffer = array();
// Get the message
@ -87,7 +75,7 @@ if (strlen($message)) {
// Save message for later and ignore the rest?
if (isset($_POST['save_reply'])) {
// Delete any existing drafts from this owner for this ticket
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
// Save the message draft
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` (`owner`, `ticket`, `message`) VALUES (" . intval($_SESSION['id']) . ", " . intval($ticket['id']) . ", '" . hesk_dbEscape($message) . "')");
@ -237,6 +225,7 @@ $lockedTicketStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID` FROM `" . hesk
// Get new ticket status
$sql_status = '';
$change_status = true;
// -> If locked, keep it resolved
if ($ticket['locked']) {
$new_status = $lockedTicketStatus['ID'];
@ -248,7 +237,7 @@ if ($ticket['locked']) {
$newStatusRs = hesk_dbQuery('SELECT `IsClosed`, `Key` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `ID` = ' . hesk_dbEscape($new_status));
$newStatus = hesk_dbFetchAssoc($newStatusRs);
if ($newStatus['IsClosed']) {
if ($newStatus['IsClosed'] && hesk_checkPermission('can_resolve', 0)) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql_status = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
@ -257,7 +246,7 @@ if ($ticket['locked']) {
$sql_status .= " , `locked`='1' ";
}
} else {
// Ticket isn't being closed, just add the history to the sql query
// Ticket isn't being closed, just add the history to the sql query (or tried to close but doesn't have permission)
$revision = sprintf($hesklang['thist9'], hesk_date(), $hesklang[$newStatus['Key']], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql_status = " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
}
@ -310,12 +299,12 @@ $sql .= " , `replies`=`replies`+1 ";
$sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 ";
// End and execute the query
$sql .= " WHERE `id`='{$replyto}' LIMIT 1";
$sql .= " WHERE `id`='{$replyto}'";
hesk_dbQuery($sql);
unset($sql);
/* Update number of replies in the users table */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "'");
// --> Prepare reply message
@ -357,7 +346,7 @@ elseif (!isset($_POST['no_notify']) || intval(hesk_POST('no_notify')) != 1) {
}
// Delete any existing drafts from this owner for this ticket
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
/* Set reply submitted message */
$_SESSION['HESK_SUCCESS'] = TRUE;

1308
admin/admin_settings.php
View File

File diff suppressed because it is too large Load Diff

179
admin/admin_settings_save.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -85,9 +68,6 @@ if (isset($lang[1]) && in_array($lang[1], hesk_getLanguagesArray(1))) {
hesk_error($hesklang['err_lang']);
}
/* --> Database settings */
hesk_dbClose();
if (hesk_testMySQL()) {
// Database connection OK
} elseif ($mysql_log) {
@ -125,6 +105,7 @@ if ( ! is_writable(HESK_PATH . $set['attach_dir']) )
}
*/
$set['cache_dir'] = isset($_POST['s_cache_dir']) && ! is_array($_POST['s_cache_dir']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_POST['s_cache_dir']) : 'cache';
$set['max_listings'] = hesk_checkMinMax(intval(hesk_POST('s_max_listings')), 1, 999, 10);
$set['print_font_size'] = hesk_checkMinMax(intval(hesk_POST('s_print_font_size')), 1, 99, 12);
$set['autoclose'] = hesk_checkMinMax(intval(hesk_POST('s_autoclose')), 0, 999, 7);
@ -135,6 +116,10 @@ $set['reply_top'] = empty($_POST['s_reply_top']) ? 0 : 1;
/* --> Features */
$set['autologin'] = empty($_POST['s_autologin']) ? 0 : 1;
$set['autoassign'] = empty($_POST['s_autoassign']) ? 0 : 1;
$set['require_email'] = empty($_POST['s_require_email']) ? 0 : 1;
$set['require_owner'] = empty($_POST['s_require_owner']) ? 0 : 1;
$set['require_subject'] = hesk_checkMinMax( intval( hesk_POST('s_require_subject') ) , -1, 1, 1);
$set['require_message'] = hesk_checkMinMax( intval( hesk_POST('s_require_message') ) , -1, 1, 1);
$set['custclose'] = empty($_POST['s_custclose']) ? 0 : 1;
$set['custopen'] = empty($_POST['s_custopen']) ? 0 : 1;
$set['rating'] = empty($_POST['s_rating']) ? 0 : 1;
@ -147,6 +132,7 @@ $set['debug_mode'] = empty($_POST['s_debug_mode']) ? 0 : 1;
$set['short_link'] = empty($_POST['s_short_link']) ? 0 : 1;
$set['select_cat'] = empty($_POST['s_select_cat']) ? 0 : 1;
$set['select_pri'] = empty($_POST['s_select_pri']) ? 0 : 1;
$set['cat_show_select'] = hesk_checkMinMax( intval( hesk_POST('s_cat_show_select') ) , 0, 999, 10);
/* --> SPAM prevention */
$set['secimg_use'] = empty($_POST['s_secimg_use']) ? 0 : (hesk_POST('s_secimg_use') == 2 ? 2 : 1);
@ -168,7 +154,14 @@ if ($set['attempt_limit'] > 0) {
}
$set['attempt_banmin'] = hesk_checkMinMax(intval(hesk_POST('s_attempt_banmin')), 5, 99999, 60);
$set['reset_pass'] = empty($_POST['s_reset_pass']) ? 0 : 1;
$set['email_view_ticket'] = empty($_POST['s_email_view_ticket']) ? 0 : 1;
$set['email_view_ticket'] = ($set['require_email'] == 0) ? 0 : (empty($_POST['s_email_view_ticket']) ? 0 : 1);
$set['x_frame_opt'] = empty($_POST['s_x_frame_opt']) ? 0 : 1;
$set['force_ssl'] = HESK_SSL && isset($_POST['s_force_ssl']) && $_POST['s_force_ssl'] == 1 ? 1 : 0;
// Make sure help desk URL starts with https if forcing SSL
if ($set['force_ssl']) {
$set['hesk_url'] = preg_replace('/^http:/i', 'https:', $set['hesk_url']);
}
/* --> Attachments */
$set['attachments']['use'] = empty($_POST['s_attach_use']) ? 0 : 1;
@ -246,7 +239,7 @@ if ($set['smtp']) {
$set['smtp'] = 0;
}
} else {
$set['smtp_host_name'] = hesk_input(hesk_POST('tmp_smtp_host_name', 'mail.domain.com'));
$set['smtp_host_name'] = hesk_input(hesk_POST('tmp_smtp_host_name', 'mail.example.com'));
$set['smtp_host_port'] = intval(hesk_POST('tmp_smtp_host_port', 25));
$set['smtp_timeout'] = intval(hesk_POST('tmp_smtp_timeout', 10));
$set['smtp_ssl'] = empty($_POST['tmp_smtp_ssl']) ? 0 : 1;
@ -279,7 +272,7 @@ if ($set['pop3']) {
}
} else {
$set['pop3_job_wait'] = intval(hesk_POST('s_pop3_job_wait', 15));
$set['pop3_host_name'] = hesk_input(hesk_POST('tmp_pop3_host_name', 'mail.domain.com'));
$set['pop3_host_name'] = hesk_input(hesk_POST('tmp_pop3_host_name', 'mail.example.com'));
$set['pop3_host_port'] = intval(hesk_POST('tmp_pop3_host_port', 110));
$set['pop3_tls'] = empty($_POST['tmp_pop3_tls']) ? 0 : 1;
$set['pop3_keep'] = empty($_POST['tmp_pop3_keep']) ? 0 : 1;
@ -287,6 +280,32 @@ if ($set['pop3']) {
$set['pop3_password'] = hesk_input(hesk_POST('tmp_pop3_password'));
}
/* --> IMAP fetching */
$imap_OK = true;
$set['imap'] = empty($_POST['s_imap']) ? 0 : 1;
if ($set['imap']) {
// Get IMAP fetching timeout
$set['imap_job_wait'] = hesk_checkMinMax( intval( hesk_POST('s_imap_job_wait') ) , 0, 1440, 15);
// Test IMAP connection
$imap_OK = hesk_testIMAP(true);
// If IMAP not working, disable it
if ( ! $imap_OK) {
$set['imap'] = 0;
}
} else {
$set['imap_job_wait'] = intval( hesk_POST('s_imap_job_wait', 15) );
$set['imap_host_name'] = hesk_input( hesk_POST('tmp_imap_host_name', 'mail.example.com') );
$set['imap_host_port'] = intval( hesk_POST('tmp_imap_host_port', 110) );
$set['imap_enc'] = hesk_POST('tmp_imap_enc');
$set['imap_enc'] = ($set['imap_enc'] == 'ssl' || $set['imap_enc'] == 'tls') ? $set['imap_enc'] : '';
$set['imap_keep'] = empty($_POST['tmp_imap_keep']) ? 0 : 1;
$set['imap_user'] = hesk_input( hesk_POST('tmp_imap_user') );
$set['imap_password'] = hesk_input( hesk_POST('tmp_imap_password') );
}
/* --> Email loops */
$set['loop_hits'] = hesk_checkMinMax(intval(hesk_POST('s_loop_hits')), 0, 999, 5);
$set['loop_time'] = hesk_checkMinMax(intval(hesk_POST('s_loop_time')), 1, 86400, 300);
@ -323,10 +342,10 @@ if (!empty($_POST['s_email_providers']) && !is_array($_POST['s_email_providers']
if (!$set['detect_typos'] || count($set['email_providers']) < 1) {
$set['detect_typos'] = 0;
$set['email_providers'] = array('gmail.com', 'hotmail.com', 'hotmail.co.uk', 'yahoo.com', 'yahoo.co.uk', 'aol.com', 'aol.co.uk', 'msn.com', 'live.com', 'live.co.uk', 'mail.com', 'googlemail.com', 'btinternet.com', 'btopenworld.com');
$set['email_providers']=array('aim.com','aol.co.uk','aol.com','att.net','bellsouth.net','blueyonder.co.uk','bt.com','btinternet.com','btopenworld.com','charter.net','comcast.net','cox.net','earthlink.net','email.com','facebook.com','fastmail.fm','free.fr','freeserve.co.uk','gmail.com','gmx.at','gmx.ch','gmx.com','gmx.de','gmx.fr','gmx.net','gmx.us','googlemail.com','hotmail.be','hotmail.co.uk','hotmail.com','hotmail.com.ar','hotmail.com.mx','hotmail.de','hotmail.es','hotmail.fr','hushmail.com','icloud.com','inbox.com','laposte.net','lavabit.com','list.ru','live.be','live.co.uk','live.com','live.com.ar','live.com.mx','live.de','live.fr','love.com','lycos.com','mac.com','mail.com','mail.ru','me.com','msn.com','nate.com','naver.com','neuf.fr','ntlworld.com','o2.co.uk','online.de','orange.fr','orange.net','outlook.com','pobox.com','prodigy.net.mx','qq.com','rambler.ru','rocketmail.com','safe-mail.net','sbcglobal.net','t-online.de','talktalk.co.uk','tiscali.co.uk','verizon.net','virgin.net','virginmedia.com','wanadoo.co.uk','wanadoo.fr','yahoo.co.id','yahoo.co.in','yahoo.co.jp','yahoo.co.kr','yahoo.co.uk','yahoo.com','yahoo.com.ar','yahoo.com.mx','yahoo.com.ph','yahoo.com.sg','yahoo.de','yahoo.fr','yandex.com','yandex.ru','ymail.com');
}
$set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", $set['email_providers']) . "'" : '';
$set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", array_unique($set['email_providers'])) . "'" : '';
/* --> Notify customer when */
@ -386,7 +405,8 @@ foreach ($hesk_settings['possible_ticket_list'] as $key => $title) {
// We need at least one of these: id, trackid, subject
if (!in_array('id', $set['ticket_list']) && !in_array('trackid', $set['ticket_list']) && !in_array('subject', $set['ticket_list'])) {
$set['ticket_list'][] = 'trackid';
// None of the required fields are there, add "trackid" as the first one
array_unshift($set['ticket_list'], 'trackid');
}
$set['ticket_list'] = count($set['ticket_list']) ? "'" . implode("','", $set['ticket_list']) . "'" : 'trackid';
@ -419,49 +439,9 @@ $set['submit_notice'] = empty($_POST['s_submit_notice']) ? 0 : 1;
$set['online'] = empty($_POST['s_online']) ? 0 : 1;
$set['online_min'] = hesk_checkMinMax(intval(hesk_POST('s_online_min')), 1, 999, 10);
$set['check_updates'] = empty($_POST['s_check_updates']) ? 0 : 1;
/*** CUSTOM FIELDS ***/
for ($i = 1; $i <= 20; $i++) {
$this_field = 'custom' . $i;
$set['custom_fields'][$this_field]['use'] = !empty($_POST['s_custom' . $i . '_use']) ? 1 : 0;
if ($set['custom_fields'][$this_field]['use']) {
$set['custom_fields'][$this_field]['place'] = empty($_POST['s_custom' . $i . '_place']) ? 0 : 1;
$set['custom_fields'][$this_field]['type'] = hesk_htmlspecialchars(hesk_POST('s_custom' . $i . '_type', 'text'));
$set['custom_fields'][$this_field]['req'] = !empty($_POST['s_custom' . $i . '_req']) ? 1 : 0;
$set['custom_fields'][$this_field]['name'] = hesk_input(hesk_POST('s_custom' . $i . '_name'), $hesklang['err_custname']);
$set['custom_fields'][$this_field]['maxlen'] = intval(hesk_POST('s_custom' . $i . '_maxlen', 255));
$set['custom_fields'][$this_field]['value'] = hesk_input(hesk_POST('s_custom' . $i . '_val'));
if ($set['custom_fields'][$this_field]['type'] == 'email' && $set['custom_fields'][$this_field]['value'] == '') {
// New custom field without any options set. Default to Cc
$set['custom_fields'][$this_field]['value'] = 'cc';
}
if (!in_array($set['custom_fields'][$this_field]['type'], array('text', 'textarea', 'select', 'radio', 'checkbox', 'date', 'multiselect', 'email', 'hidden', 'readonly'))) {
$set['custom_fields'][$this_field]['type'] = 'text';
}
// Try to detect if field type changed to anything except "select"
if ($set['custom_fields'][$this_field]['type'] != 'select') {
// If type is "radio" or "checkbox" remove "please select", keep other options
$set['custom_fields'][$this_field]['value'] = str_replace('{HESK_SELECT}', '', $set['custom_fields'][$this_field]['value']);
// Field type changed to "text" or "textarea", clear default value if it contains "#HESK#" separator
if (in_array($set['custom_fields'][$this_field]['type'], array('text', 'textarea')) && !in_array($hesk_settings['custom_fields'][$this_field]['type'], array('text', 'textarea')) && strpos($set['custom_fields'][$this_field]['value'], '#HESK#') !== false) {
$set['custom_fields'][$this_field]['value'] = '';
}
}
} else {
$set['custom_fields'][$this_field] = array('use' => 0, 'place' => 0, 'type' => 'text', 'req' => 0, 'name' => 'Custom field ' . $i, 'maxlen' => 255, 'value' => '');
}
}
$set['hesk_version'] = $hesk_settings['hesk_version'];
// Process quick help sections
hesk_dbConnect();
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "quick_help_sections` SET `show` = '0'");
$postArray = hesk_POST_array('quick_help_sections');
foreach ($postArray as $value) {
@ -516,6 +496,7 @@ $set['dropdownItemTextColor'] = hesk_input(hesk_POST('dropdownItemTextColor'));
$set['dropdownItemTextHoverColor'] = hesk_input(hesk_POST('dropdownItemTextHoverColor'));
$set['questionMarkColor'] = hesk_input(hesk_POST('questionMarkColor'));
$set['dropdownItemTextHoverBackgroundColor'] = hesk_input(hesk_POST('dropdownItemTextHoverBackgroundColor'));
$set['admin_color_scheme'] = hesk_input(hesk_POST('admin-color-scheme'));
mfh_updateSetting('rtl', $set['rtl']);
mfh_updateSetting('show_icons', $set['show-icons']);
mfh_updateSetting('custom_field_setting', $set['custom-field-setting']);
@ -552,6 +533,7 @@ mfh_updateSetting('use_mailgun', $set['use_mailgun'], false);
mfh_updateSetting('enable_calendar', $set['enable_calendar'], false);
mfh_updateSetting('first_day_of_week', $set['first_day_of_week'], false);
mfh_updateSetting('default_calendar_view', $set['default_view'], true);
mfh_updateSetting('admin_color_scheme', $set['admin_color_scheme'], true);
// Prepare settings file and save it
$settings_file_content = '<?php
@ -588,6 +570,7 @@ $hesk_settings[\'hesk_title\']=\'' . $set['hesk_title'] . '\';
$hesk_settings[\'hesk_url\']=\'' . $set['hesk_url'] . '\';
$hesk_settings[\'admin_dir\']=\'' . $set['admin_dir'] . '\';
$hesk_settings[\'attach_dir\']=\'' . $set['attach_dir'] . '\';
$hesk_settings[\'cache_dir\']=\'' . $set['cache_dir'] . '\';
$hesk_settings[\'max_listings\']=' . $set['max_listings'] . ';
$hesk_settings[\'print_font_size\']=' . $set['print_font_size'] . ';
$hesk_settings[\'autoclose\']=' . $set['autoclose'] . ';
@ -598,6 +581,10 @@ $hesk_settings[\'reply_top\']=' . $set['reply_top'] . ';
// --> Features
$hesk_settings[\'autologin\']=' . $set['autologin'] . ';
$hesk_settings[\'autoassign\']=' . $set['autoassign'] . ';
$hesk_settings[\'require_email\']=' . $set['require_email'] . ';
$hesk_settings[\'require_owner\']=' . $set['require_owner'] . ';
$hesk_settings[\'require_subject\']=' . $set['require_subject'] . ';
$hesk_settings[\'require_message\']=' . $set['require_message'] . ';
$hesk_settings[\'custclose\']=' . $set['custclose'] . ';
$hesk_settings[\'custopen\']=' . $set['custopen'] . ';
$hesk_settings[\'rating\']=' . $set['rating'] . ';
@ -610,6 +597,7 @@ $hesk_settings[\'debug_mode\']=' . $set['debug_mode'] . ';
$hesk_settings[\'short_link\']=' . $set['short_link'] . ';
$hesk_settings[\'select_cat\']=' . $set['select_cat'] . ';
$hesk_settings[\'select_pri\']=' . $set['select_pri'] . ';
$hesk_settings[\'cat_show_select\']=' . $set['cat_show_select'] . ';
// --> SPAM Prevention
$hesk_settings[\'secimg_use\']=' . $set['secimg_use'] . ';
@ -626,6 +614,8 @@ $hesk_settings[\'attempt_limit\']=' . $set['attempt_limit'] . ';
$hesk_settings[\'attempt_banmin\']=' . $set['attempt_banmin'] . ';
$hesk_settings[\'reset_pass\']=' . $set['reset_pass'] . ';
$hesk_settings[\'email_view_ticket\']=' . $set['email_view_ticket'] . ';
$hesk_settings[\'x_frame_opt\']=' . $set['x_frame_opt'] . ';
$hesk_settings[\'force_ssl\']=' . $set['force_ssl'] . ';
// --> Attachments
$hesk_settings[\'attachments\']=array (
@ -635,6 +625,15 @@ $hesk_settings[\'attachments\']=array (
\'allowed_types\' => array(\'' . implode('\',\'', $set['attachments']['allowed_types']) . '\')
);
// --> IMAP Fetching
$hesk_settings[\'imap\']=' . $set['imap'] . ';
$hesk_settings[\'imap_job_wait\']=' . $set['imap_job_wait'] . ';
$hesk_settings[\'imap_host_name\']=\'' . $set['imap_host_name'] . '\';
$hesk_settings[\'imap_host_port\']=' . $set['imap_host_port'] . ';
$hesk_settings[\'imap_enc\']=\'' . $set['imap_enc'] . '\';
$hesk_settings[\'imap_keep\']=' . $set['imap_keep'] . ';
$hesk_settings[\'imap_user\']=\'' . $set['imap_user'] . '\';
$hesk_settings[\'imap_password\']=\'' . $set['imap_password'] . '\';
// ==> KNOWLEDGEBASE
@ -731,22 +730,6 @@ $hesk_settings[\'online_min\']=' . $set['online_min'] . ';
$hesk_settings[\'check_updates\']=' . $set['check_updates'] . ';
// ==> CUSTOM FIELDS
$hesk_settings[\'custom_fields\']=array (
';
for ($i = 1; $i <= 20; $i++) {
$settings_file_content .= '\'custom' . $i . '\'=>array(\'use\'=>' . $set['custom_fields']['custom' . $i]['use'] . ',\'place\'=>' . $set['custom_fields']['custom' . $i]['place'] . ',\'type\'=>\'' . $set['custom_fields']['custom' . $i]['type'] . '\',\'req\'=>' . $set['custom_fields']['custom' . $i]['req'] . ',\'name\'=>\'' . $set['custom_fields']['custom' . $i]['name'] . '\',\'maxlen\'=>' . $set['custom_fields']['custom' . $i]['maxlen'] . ',\'value\'=>\'' . $set['custom_fields']['custom' . $i]['value'] . '\')';
if ($i != 20) {
$settings_file_content .= ',
';
}
}
$settings_file_content .= '
);
#############################
# DO NOT EDIT BELOW #
#############################
@ -796,14 +779,6 @@ function mfh_updateSetting($key, $value, $isString = false)
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET `Value` = " . $formattedValue . " WHERE `Key` = '" . $key . "'");
}
function hesk_checkMinMax($myint, $min, $max, $defval)
{
if ($myint > $max || $myint < $min) {
return $defval;
}
return $myint;
} // END hesk_checkMinMax()
function hesk_getLanguagesArray($returnArray = 0)
{
@ -847,7 +822,7 @@ function hesk_getLanguagesArray($returnArray = 0)
$add = 0;
} elseif (!preg_match('/\$hesklang\[\'EMAIL_HR\'\]\=\'(.*)\'\;/', $tmp, $hr)) {
$add = 0;
} elseif (!preg_match('/\$hesklang\[\'ms01\'\]/', $tmp)) {
} elseif (!preg_match('/\$hesklang\[\'refresh_page\'\]/', $tmp)) {
$add = 0;
}
} else {

151
admin/admin_submit_ticket.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -62,7 +45,22 @@ if ($hesk_settings['can_sel_lang']) {
$tmpvar['language'] = hesk_POST('customerLanguage');
}
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
$tmpvar['email'] = hesk_POST('email');
$email_available = true;
if ($hesk_settings['require_email']) {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
} else {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
// Not required, but must be valid if it is entered
if ($tmpvar['email'] == '') {
$email_available = false;
if (strlen(hesk_POST('email'))) {
$hesk_error_buffer['email'] = $hesklang['not_valid_email'];
}
}
}
if ($hesk_settings['multi_eml']) {
$tmpvar['email'] = str_replace(';',',', $tmpvar['email']);
}
@ -80,11 +78,22 @@ if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3) {
}
}
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer['message'] = $hesklang['enter_message'];
$tmpvar['subject'] = hesk_input( hesk_POST('subject') );
if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
$hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
}
$tmpvar['message'] = hesk_input( hesk_POST('message') );
if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
$hesk_error_buffer['message'] = $hesklang['enter_message'];
}
// Is category a valid choice?
if ($tmpvar['category']) {
if ( ! hesk_checkPermission('can_submit_any_cat', 0) && ! hesk_okCategory($tmpvar['category'], 0) ) {
hesk_process_messages($hesklang['noauth_submit'],'new_ticket.php');
}
hesk_verifyCategory(1);
// Is auto-assign of tickets disabled in this category?
@ -94,19 +103,69 @@ if ($tmpvar['category']) {
}
// Custom fields
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && isset($_POST[$k])) {
// Date will be handled by the jQuery datepicker
if ($v['type'] == 'date' && $_POST[$k] != '') {
$tmpvar[$k] = strtotime($_POST[$k]);
} else if (is_array($_POST[$k])) {
$tmpvar[$k] = '';
foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use'] && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
if ($v['type'] == 'checkbox') {
$tmpvar[$k]='';
if (isset($_POST[$k]) && is_array($_POST[$k])) {
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';
$tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';;
}
$tmpvar[$k] = substr($tmpvar[$k], 0, -6);
$tmpvar[$k]=substr($tmpvar[$k],0,-6);
} else {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k])));
if ($v['req'] == 2) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
$_POST[$k] = '';
}
} elseif ($v['type'] == 'date') {
$tmpvar[$k] = hesk_POST($k);
$_SESSION["as_$k"] = '';
if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
$date = strtotime($tmpvar[$k] . ' t00:00:00');
$dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
$dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
$_SESSION["as_$k"] = $tmpvar[$k];
if ($dmin && $dmin > $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
} elseif ($dmax && $dmax < $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
} else {
$tmpvar[$k] = $date;
}
} else {
$tmpvar[$k] = '';
if ($v['req'] == 2) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
}
} elseif ($v['type'] == 'email')
{
$tmp = $hesk_settings['multi_eml'];
$hesk_settings['multi_eml'] = $v['value']['multiple'];
$tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
$hesk_settings['multi_eml'] = $tmp;
if ($tmpvar[$k] != '') {
$_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
} else {
$_SESSION["as_$k"] = '';
if ($v['req'] == 2) {
$hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
}
}
} elseif ($v['req'] == 2) {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
if ($tmpvar[$k] == '') {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
} else {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
}
} else {
$tmpvar[$k] = '';
@ -202,7 +261,6 @@ if (count($hesk_error_buffer) != 0) {
$_SESSION['as_name'] = hesk_POST('name');
$_SESSION['as_email'] = hesk_POST('email');
$_SESSION['as_category'] = hesk_POST('category');
$_SESSION['as_priority'] = $tmpvar['priority'];
$_SESSION['as_subject'] = hesk_POST('subject');
$_SESSION['as_message'] = hesk_POST('message');
@ -211,7 +269,7 @@ if (count($hesk_error_buffer) != 0) {
$_SESSION['as_show'] = $show;
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
if ($v['use'] && ! in_array($v['type'], array('date', 'email'))) {
$_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
}
}
@ -228,7 +286,7 @@ if (count($hesk_error_buffer) != 0) {
}
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'new_ticket.php');
hesk_process_messages($hesk_error_buffer,'new_ticket.php?category='.$tmpvar['category']);
}
if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
@ -258,7 +316,7 @@ $tmpvar['screen_resolution_width'] = "NULL";
$ticket = hesk_newTicket($tmpvar);
// Notify the customer about the ticket?
if ($notify) {
if ($notify && $email_available) {
hesk_notifyCustomer($modsForHesk_settings);
}
@ -288,9 +346,7 @@ hesk_cleanSessionVars('as_owner');
hesk_cleanSessionVars('as_notify');
hesk_cleanSessionVars('as_show');
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
hesk_cleanSessionVars("as_$k");
}
}
// If ticket has been assigned to the person submitting it lets show a message saying so
@ -305,4 +361,3 @@ if ($show) {
} else {
hesk_process_messages($hesklang['new_ticket_submitted'] . '. <a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999) . '">' . $hesklang['view_ticket'] . '</a>', 'new_ticket.php', 'SUCCESS');
}
?>

1502
admin/admin_ticket.php
View File

File diff suppressed because it is too large Load Diff

109
admin/api_settings.php
Unescape Escape View File

@ -41,6 +41,7 @@ if (is_dir(HESK_PATH . 'install')) {
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -60,55 +61,74 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
// Print main manage users page
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row move-down-20">
<div class="col-sm-4">
<div class="panel panel-default">
<div class="panel-heading">
API Information
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['api_information']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<table class="table table-striped table-fixed">
<tr>
<td class="text-right">
API Version
<?php echo $hesklang['api_version']; ?>
</td>
<td class="pad-right-10 warning">
<td class="warning">
<?php echo $hesklang['beta_text']; ?>
</td>
</tr>
<tr>
<td class="text-right">
External API
<?php echo $hesklang['external_api']; ?>
</td>
<td class="pad-right-10 success" id="public-api-sidebar">
<td class="success" id="public-api-sidebar">
<?php
$enabled = $modsForHesk_settings['public_api'] == '1' ? '' : 'hide';
$disabled = $modsForHesk_settings['public_api'] == '1' ? 'hide' : '';
?>
<span id="public-api-sidebar-disabled" class="<?php echo $disabled; ?>">Disabled</span>
<span id="public-api-sidebar-enabled" class="<?php echo $enabled; ?>">Enabled</span>
<span id="public-api-sidebar-disabled" class="<?php echo $disabled; ?>">
<?php echo $hesklang['disabled_title_case']; ?>
</span>
<span id="public-api-sidebar-enabled" class="<?php echo $enabled; ?>">
<?php echo $hesklang['enabled_title_case']; ?>
</span>
</td>
</tr>
</table>
</div>
</div>
<div class="col-sm-8">
<h3>API Settings</h3>
<div class="footerWithBorder blankSpace"></div>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['api_settings']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body nav-tabs-custom">
<ul class="nav nav-tabs">
<li class="active"><a href="#general" data-toggle="tab"><?php echo $hesklang['tab_1']; ?></a></li>
<li><a href="#user-security" data-toggle="tab">User Security</a></li>
<li><a href="#" target="_blank">API Documentation <i class="fa fa-external-link"></i></a></li>
<li><a href="#user-security" data-toggle="tab"><?php echo $hesklang['user_security']; ?></a></li>
<li><a href="#" target="_blank"><?php echo $hesklang['api_documentation']; ?> <i class="fa fa-external-link"></i></a></li>
</ul>
<div class="tab-content summaryList tabPadding">
<div class="tab-pane fade in active" id="general">
<form class="form-horizontal">
<div class="form-group">
<label for="public-api" class="col-sm-3 control-label">
Public API
<?php echo $hesklang['external_api']; ?>
<i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
title="Public API"
data-content="Enable or Disable the Public REST API."></i>
title="<?php echo $hesklang['external_api']; ?>"
data-content="<?php echo $hesklang['external_api_help']; ?>"></i>
</label>
<div class="col-sm-9">
<span class="btn-group" data-toggle="buttons">
@ -117,29 +137,27 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
$off = $modsForHesk_settings['public_api'] == '1' ? '' : 'active';
?>
<label id="enable-api-button" class="btn btn-success <?php echo $on; ?>">
<input type="radio" name="public-api" value="1" checked> <i class="fa fa-check-circle"></i> Enable
<input type="radio" name="public-api" value="1"> <i class="fa fa-check-circle"></i>
<?php echo $hesklang['enable']; ?>
</label>
<label id="disable-api-button" class="btn btn-danger <?php echo $off; ?>">
<input type="radio" name="public-api" value="0"> <i class="fa fa-times-circle"></i> Disable
<input type="radio" name="public-api" value="0"> <i class="fa fa-times-circle"></i>
<?php echo $hesklang['disable']; ?>
</label>
</span>
<span>
<i id="public-api-success" class="fa fa-check-circle fa-2x green hide media-middle"
data-toggle="tooltip" title="Changes saved!"></i>
data-toggle="tooltip" title="<?php echo $hesklang['changes_saved']; ?>"></i>
<i id="public-api-failure" class="fa fa-times-circle fa-2x red hide media-middle"
data-toggle="tooltip" title="Saving changes failed. Check the logs for more information."></i>
data-toggle="tooltip" title="<?php echo $hesklang['save_failed_check_logs']; ?>"></i>
<i id="public-api-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
data-toggle="tooltip" title="Saving..."></i>
data-toggle="tooltip" title="<?php echo $hesklang['saving']; ?>"></i>
</span>
</div>
</div>
</form>
</div>
<div class="tab-pane fade in" id="user-security">
<div class="panel panel-default">
<div class="panel-heading">
User Security
</div>
<?php
$users = array();
$userRs = hesk_dbQuery("SELECT `id`, `user`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1'");
@ -155,10 +173,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<table class="table table-striped">
<thead>
<tr>
<th>Username</th>
<th>Name</th>
<th>Number of Tokens</th>
<th>Actions</th>
<th><?php echo $hesklang['username']; ?></th>
<th><?php echo $hesklang['name']; ?></th>
<th><?php echo $hesklang['number_of_tokens']; ?></th>
<th><?php echo $hesklang['actions']; ?></th>
</tr>
</thead>
<tbody>
@ -172,31 +190,33 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td>
<span class="btn-group">
<button class="btn btn-default btn-xs" onclick="generateToken(<?php echo $row['id']; ?>)">
<i class="fa fa-plus-circle"></i> Generate New Token
<i class="fa fa-plus-circle"></i>
<?php echo $hesklang['generate_new_token']; ?>
</button>
<button class="btn btn-danger btn-xs" onclick="clearTokens(<?php echo $row['id']; ?>)">
<i class="fa fa-undo"></i> Reset Tokens
<i class="fa fa-times"></i>
<?php echo $hesklang['revoke_all_tokens']; ?>
</button>
</span>
<span>
<i id="token-<?php echo $row['id']; ?>-success" class="fa fa-check-circle fa-2x green hide media-middle"
data-toggle="tooltip" title="Changes saved!"></i>
data-toggle="tooltip" title="<?php echo $hesklang['changes_saved']; ?>"></i>
<i id="token-<?php echo $row['id']; ?>-failure" class="fa fa-times-circle fa-2x red hide media-middle"
data-toggle="tooltip" title="Saving changes failed. Check the logs for more information."></i>
data-toggle="tooltip" title="<?php echo $hesklang['save_failed_check_logs']; ?>"></i>
<i id="token-<?php echo $row['id']; ?>-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
data-toggle="tooltip" title="Saving..."></i>
data-toggle="tooltip" title="<?php echo $hesklang['saving']; ?>"></i>
</span>
</td>
</tr>
<tr id="token-<?php echo $row['id']; ?>-created" class="success hide">
<td colspan="4">
Generated Token: <code class="token"></code>
<p><b>NOTE:</b> Please record this token, as this is the only time you will be able to view it!</p>
<?php echo $hesklang['generated_token_colon']; ?> <code class="token"></code>
<p><b><?php echo $hesklang['record_this_token_warning']; ?></b></p>
</td>
</tr>
<tr id="token-<?php echo $row['id']; ?>-reset" class="success hide">
<td colspan="4">
<p>All tokens for this user have been removed!</p>
<p><?php echo $hesklang['all_tokens_revoked']; ?></p>
</td>
</tr>
<?php
@ -208,7 +228,8 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();

25
admin/assign_owner.php
Unescape Escape View File

@ -70,7 +70,7 @@ $owner = intval(hesk_REQUEST('owner'));
/* If ID is -1 the ticket will be unassigned */
if ($owner == -1) {
$revision = sprintf($hesklang['thist2'], hesk_date(), '<i>' . $hesklang['unas'] . '</i>', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
hesk_process_messages($hesklang['tunasi2'], $_SERVER['PHP_SELF'], 'SUCCESS');
} elseif ($owner < 1) {
@ -89,10 +89,31 @@ if (!$row['isadmin']) {
}
}
// Make sure two people don't assign a ticket to a different user at the same time
if ($ticket['owner'] && $ticket['owner'] != $owner && hesk_REQUEST('unassigned') && hesk_GET('confirm') != 'Y') {
$new_owner = ($owner == $_SESSION['id']) ? $hesklang['scoy'] : sprintf($hesklang['scot'], $row['name']);
$res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$ticket['owner']}' LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
$row = hesk_dbFetchAssoc($res);
hesk_process_messages(
sprintf($hesklang['taat'], $row['name']) .
'<br /><br />' .
$new_owner .
'<br /><br />' .
'<a href="assign_owner.php?track='.$ticket['trackid'].'&amp;owner='.$owner.'&amp;token='.hesk_token_echo(0).'&amp;unassigned=1&amp;confirm=Y">'.$hesklang['ycto'].'</a> | ' .
'<a href="admin_ticket.php?track='.$ticket['trackid'].'">'.$hesklang['ncto'].'</a>',
$_SERVER['PHP_SELF'], 'NOTICE'
);
}
}
/* Assigning to self? */
if ($can_assign_others || ($owner == $_SESSION['id'] && $can_assign_self)) {
$revision = sprintf($hesklang['thist2'], hesk_date(), $row['name'] . ' (' . $row['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) {
$_SERVER['PHP_SELF'] = 'admin_main.php';

64
admin/banned_emails.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -36,6 +19,7 @@ define('PAGE_TITLE', 'ADMIN_TOOLS');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -66,8 +50,10 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row pad-down-20">
<section class="content">
<div class="box">
<div class="box-body">
<div class="nav-tabs-custom">
<ul class="nav nav-tabs" role="tablist">
<li role="presentation" class="active">
<a href="#"><?php echo $hesklang['banemail']; ?> <i class="fa fa-question-circle settingsquestionmark"
@ -104,6 +90,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</li>
';
}
if (hesk_checkPermission('can_man_settings', 0)) {
echo '<li role="presentation"><a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a></li> ';
}
?>
</ul>
<div class="tab-content summaryList tabPadding">
@ -149,11 +138,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<h6 class="bold"><?php echo $hesklang['banex']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<b>john@email.com</b><br/>
<b>@domain.com</b>
<b>john@example.com</b><br/>
<b>@example.com</b>
</div>
</div>
<div class="row">
<div class="col-sm-12">
<?php
// Get banned emails from database
@ -234,7 +224,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
@ -297,7 +293,7 @@ function unban_email()
hesk_token_check();
// Delete from bans
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')));
// Redirect either to banned emails or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';

66
admin/banned_ips.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -36,6 +19,7 @@ define('PAGE_TITLE', 'ADMIN_TOOLS');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -68,8 +52,10 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row pad-20">
<section class="content">
<div class="box">
<div class="box-body">
<div class="nav-tabs-custom">
<ul class="nav nav-tabs" role="tablist">
<?php
// Show a link to banned_emails.php if user has permission to do so
@ -107,6 +93,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
</li>
';
}
if (hesk_checkPermission('can_man_settings', 0)) {
echo '
<li role="presentation">
<a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a>
</li>';
}
?>
</ul>
@ -158,6 +150,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
</div>
<div class="row">
<div class="col-sm-12">
<?php
// Get login failures
@ -285,7 +278,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
@ -366,7 +364,7 @@ function ban_ip()
// Delete temporary bans from logins table
if ($ip_to == $ip_from) {
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "' LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "'");
}
// Redirect either to banned ips or ticket page from now on
@ -398,7 +396,7 @@ function unban_temp_ip()
$ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip'));
// Delete from bans
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "'");
// Show success
hesk_process_messages($hesklang['ip_tempun'], 'banned_ips.php', 'SUCCESS');
@ -414,7 +412,7 @@ function unban_ip()
hesk_token_check();
// Delete from bans
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `id`=" . intval(hesk_GET('id')));
// Redirect either to banned ips or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_ips.php';

59
admin/calendar.php
Unescape Escape View File

@ -37,6 +37,7 @@ define('PAGE_TITLE', 'ADMIN_CALENDAR');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -75,14 +76,21 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row pad-20">
<div class="col-lg-3">
<div class="panel panel-default">
<div class="panel-heading">
<h4><?php echo $hesklang['calendar_categories']; ?></h4>
<section class="content">
<div class="row">
<div class="col-md-4">
<div class="box">
<div class="box-header">
<h1 class="box-title">
<?php echo $hesklang['calendar_categories']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
<div class="panel-body">
</div>
<div class="box-body">
<div class="btn-group btn-group-sm">
<button id="select-all" class="btn btn-default" data-select-all="category-toggle"><?php echo $hesklang['select_all_title_case']; ?></button>
<button id="deselect-all" class="btn btn-default" data-deselect-all="category-toggle"><?php echo $hesklang['deselect_all_title_case']; ?></button>
@ -101,11 +109,18 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</ul>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h4><?php echo $hesklang['legend']; ?></h4>
<div class="box">
<div class="box-header">
<h1 class="box-title">
<?php echo $hesklang['legend']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
<div class="panel-body">
</div>
<div class="box-body">
<div class="row">
<div class="col-sm-6">
<i class="fa fa-calendar"></i> <?php echo $hesklang['event']; ?>
@ -120,6 +135,26 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
</div>
</div>
<div class="col-md-8">
<div class="box">
<div class="box-header">
<h1 class="box-title">
<?php echo $hesklang['calendar_title_case']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body no-padding">
<div id="calendar"></div>
</div>
</div>
</div>
</div>
</section>
<div class="row pad-20">
<div class="col-lg-9">
<div class="panel panel-default">
<div class="panel-heading">
@ -138,7 +173,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</h4>
</div>
<div class="panel-body">
<div id="calendar"></div>
</div>
</div>
</div>

48
admin/change_status.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -74,6 +57,10 @@ $locked = 0;
$statusRow = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE ID = " . $status));
if ($statusRow['IsClosed']) // Closed
{
if ( ! hesk_checkPermission('can_resolve', 0)) {
hesk_process_messages($hesklang['noauth_resolve'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'NOTICE');
}
$action = $hesklang['ticket_been'] . ' ' . $hesklang['close'];
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
@ -101,7 +88,7 @@ if ($statusRow['IsClosed']) // Closed
// Log who marked the ticket resolved
$closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' ';
} elseif ($statusRow['ID'] != 0) //Ticket is still open, but not new
} elseif ($statusRow['IsNewTicketStatus'] == '0') //Ticket is still open, but not new
{
$action = sprintf($hesklang['tsst'], $status_options[$status]);
$revision = sprintf($hesklang['thist9'], hesk_date(), $status_options[$status], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
@ -118,11 +105,10 @@ if ($statusRow['IsClosed']) // Closed
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[trackID_not_found].");
}
hesk_process_messages($action, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
?>

1317
admin/custom_fields.php
View File

File diff suppressed because it is too large Load Diff

46
admin/delete_tickets.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -131,7 +114,7 @@ if (array_key_exists($_POST['a'], $priorities)) {
hesk_okCategory($ticket['category']);
$revision = sprintf($hesklang['thist8'], hesk_date(), $priority['formatted'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`={$this_id} LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`={$this_id}");
$i++;
}
@ -223,7 +206,7 @@ elseif ($_POST['a'] == 'tag' || $_POST['a'] == 'untag') {
hesk_okCategory($ticket['category']);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `archive`='$archived' WHERE `id`='" . intval($this_id) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `archive`='$archived' WHERE `id`='" . intval($this_id) . "'");
$i++;
}
@ -233,6 +216,7 @@ else {
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
hesk_checkPermission('can_resolve');
/* A security check */
hesk_token_check('POST');
@ -255,7 +239,7 @@ else {
$closedStatusRS = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsStaffClosedOption` = 1");
$closedStatus = hesk_dbFetchAssoc($closedStatusRS);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($this_id) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($this_id) . "'");
$i++;
// Notify customer of closed ticket?

72
admin/edit_note.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -35,6 +18,7 @@ define('HESK_PATH', '../');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -104,12 +88,19 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<li class="active"><?php echo $hesklang['ednote']; ?></li>
</ol>
<div class="row">
<div class="col-md-8 col-md-offset-2">
<h3><?php echo $hesklang['ednote']; ?></h3>
<div class="footerWithBorder blankSpace"></div>
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['ednote']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<form method="post" action="edit_note.php" name="form1" class="form-horizontal" role="form">
<div class="form-group">
<label for="message" class="col-md-2 control-label"><?php echo $hesklang['message']; ?></label>
@ -121,17 +112,20 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
<div class="form-group">
<div class="col-md-10 col-md-offset-2">
<input type="hidden" name="save" value="1"/><input type="hidden" name="track"
value="<?php echo $trackingID; ?>"/>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
<input type="hidden" name="note" value="<?php echo $noteID; ?>"/>
<input type="hidden" name="save" value="1">
<input type="hidden" name="track" value="<?php echo $trackingID; ?>">
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
<input type="hidden" name="note" value="<?php echo $noteID; ?>">
<div class="btn-group">
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-primary">
<a href="javascript:history.go(-1)" class="btn btn-default"><?php echo $hesklang['back']; ?></a>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');

475
admin/edit_post.php
Unescape Escape View File

@ -1,41 +1,27 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
define('WYSIWYG', 1);
define('VALIDATOR', 1);
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
require(HESK_PATH . 'inc/custom_fields.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -55,6 +41,10 @@ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['n
$is_reply = 0;
$tmpvar = array();
if (!isset($_SESSION['iserror'])) {
$_SESSION['iserror'] = array();
}
/* Get ticket info */
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
@ -81,6 +71,7 @@ if (hesk_isREQUEST('reply')) {
}
$reply = hesk_dbFetchAssoc($result);
$ticket['message'] = $reply['message'];
$ticket['html'] = $reply['html'];
$is_reply = 1;
}
@ -109,13 +100,29 @@ if (isset($_POST['save'])) {
$tmpvar['html'] = hesk_POST('html');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "'");
} else {
$tmpvar['language'] = hesk_POST('customerLanguage');
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name'];
$tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0);
if ($hesk_settings['require_email']) {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
} else {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
// Not required, but must be valid if it is entered
if ($tmpvar['email'] == '') {
if (strlen(hesk_POST('email'))) {
$hesk_error_buffer['email'] = $hesklang['not_valid_email'];
}
}
}
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['enter_ticket_subject'];
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
$tmpvar['message'] = hesk_input( hesk_POST('message') );
if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
$hesk_error_buffer[] = $hesklang['enter_message'];
}
$tmpvar['html'] = hesk_POST('html');
// Demo mode
@ -123,6 +130,82 @@ if (isset($_POST['save'])) {
$tmpvar['email'] = 'hidden@demo.com';
}
// Custom fields
foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
if ($v['req'] == 2) {
$v['req'] = '<span class="important">*</span>';
$required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
} else {
$v['req'] = '';
$required_attribute = '';
}
if ($v['type'] == 'checkbox') {
$tmpvar[$k]='';
if (isset($_POST[$k]) && is_array($_POST[$k])) {
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br>';
}
$tmpvar[$k]=substr($tmpvar[$k],0,-6);
} else {
if ($v['req'] == 2) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
$_POST[$k] = '';
}
} elseif ($v['type'] == 'date') {
$tmpvar[$k] = hesk_POST($k);
$_SESSION["as_$k"] = '';
if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
$date = strtotime($tmpvar[$k] . ' t00:00:00');
$dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
$dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
$_SESSION["as_$k"] = $tmpvar[$k];
if ($dmin && $dmin > $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
} elseif ($dmax && $dmax < $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
} else {
$tmpvar[$k] = $date;
}
} else {
if ($v['req'] == 2) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
}
} elseif ($v['type'] == 'email') {
$tmp = $hesk_settings['multi_eml'];
$hesk_settings['multi_eml'] = $v['value']['multiple'];
$tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
$hesk_settings['multi_eml'] = $tmp;
if ($tmpvar[$k] != '') {
$_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
} else {
$_SESSION["as_$k"] = '';
if ($v['req'] == 2) {
$hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
}
}
} elseif ($v['req'] == 2) {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
if ($tmpvar[$k] == '') {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
} else {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
}
} else {
$tmpvar[$k] = '';
}
}
if (count($hesk_error_buffer)) {
$myerror = '<ul>';
foreach ($hesk_error_buffer as $error) {
@ -137,51 +220,20 @@ if (isset($_POST['save'])) {
$tmpvar['message'] = nl2br($tmpvar['message']);
}
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && isset($_POST[$k])) {
if ($v['type'] == 'date' && $_POST[$k] != '') {
$tmpvar[$k] = strtotime($_POST[$k]);
} elseif (is_array($_POST[$k])) {
$tmpvar[$k] = '';
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';
}
$tmpvar[$k] = substr($tmpvar[$k], 0, -6);
} else {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k])));
}
} else {
$tmpvar[$k] = '';
}
$custom_SQL = '';
for ($i = 1; $i <= 50; $i++) {
$custom_SQL .= '`custom'.$i.'`=' . (isset($tmpvar['custom'.$i]) ? "'".hesk_dbEscape($tmpvar['custom'.$i])."'" : "''") . ',';
}
$custom_SQL = rtrim($custom_SQL, ',');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET
`name`='" . hesk_dbEscape($tmpvar['name']) . "',
`email`='" . hesk_dbEscape($tmpvar['email']) . "',
`subject`='" . hesk_dbEscape($tmpvar['subject']) . "',
`message`='" . hesk_dbEscape($tmpvar['message']) . "',
`custom1`='" . hesk_dbEscape($tmpvar['custom1']) . "',
`custom2`='" . hesk_dbEscape($tmpvar['custom2']) . "',
`custom3`='" . hesk_dbEscape($tmpvar['custom3']) . "',
`custom4`='" . hesk_dbEscape($tmpvar['custom4']) . "',
`custom5`='" . hesk_dbEscape($tmpvar['custom5']) . "',
`custom6`='" . hesk_dbEscape($tmpvar['custom6']) . "',
`custom7`='" . hesk_dbEscape($tmpvar['custom7']) . "',
`custom8`='" . hesk_dbEscape($tmpvar['custom8']) . "',
`custom9`='" . hesk_dbEscape($tmpvar['custom9']) . "',
`custom10`='" . hesk_dbEscape($tmpvar['custom10']) . "',
`custom11`='" . hesk_dbEscape($tmpvar['custom11']) . "',
`custom12`='" . hesk_dbEscape($tmpvar['custom12']) . "',
`custom13`='" . hesk_dbEscape($tmpvar['custom13']) . "',
`custom14`='" . hesk_dbEscape($tmpvar['custom14']) . "',
`custom15`='" . hesk_dbEscape($tmpvar['custom15']) . "',
`custom16`='" . hesk_dbEscape($tmpvar['custom16']) . "',
`custom17`='" . hesk_dbEscape($tmpvar['custom17']) . "',
`custom18`='" . hesk_dbEscape($tmpvar['custom18']) . "',
`custom19`='" . hesk_dbEscape($tmpvar['custom19']) . "',
`custom20`='" . hesk_dbEscape($tmpvar['custom20']) . "',
`language`='" . hesk_dbEscape($tmpvar['language']) . "',
`html`='" . hesk_dbEscape($tmpvar['html']) . "'
`html`='" . hesk_dbEscape($tmpvar['html']) . "',
$custom_SQL
WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
}
@ -207,21 +259,34 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<li class="active"><?php echo $hesklang['edtt']; ?></li>
</ol>
<div class="row">
<div class="col-md-8 col-md-offset-2">
<h3><?php echo $hesklang['edtt']; ?></h3>
<div class="footerWithBorder blankSpace"></div>
<form role="form" class="form-horizontal" method="post" action="edit_post.php" name="form1">
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['edtt']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php
$onsubmit = '';
if ($modsForHesk_settings['rich_text_for_tickets']) {
$onsubmit = 'onsubmit="return validateRichText(\'message-help-block\', \'message-group\', \'message\', \''.htmlspecialchars($hesklang['this_field_is_required']).'\')"';
}
?>
<form role="form" class="form-horizontal" method="post" action="edit_post.php" name="form1" <?php echo $onsubmit; ?>>
<?php
/* If it's not a reply edit all the fields */
if (!$is_reply) {
if ($hesk_settings['can_sel_lang']) {
?>
<div class="form-group">
<label for="customerLanguage" class="col-sm-3 control-label"><?php echo $hesklang['chol']; ?>
:</label>
<label for="customerLanguage"
class="col-sm-3 control-label"><?php echo $hesklang['chol']; ?></label>
<div class="col-sm-9">
<select name="customerLanguage" id="customerLanguage" class="form-control">
@ -233,7 +298,15 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
echo '<input type="hidden" name="customerLanguage" value="' . $ticket['language'] . '">';
} ?>
<div class="form-group">
<label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject']; ?>:</label>
<?php
$required = '';
$required_attribute = '';
if ($hesk_settings['require_subject'] == 1) {
$required = ' <span class="important">*</span>';
$required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
}
?>
<label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject'] . $required; ?></label>
<div class="col-sm-9">
<input class="form-control" type="text" name="subject" size="40" maxlength="40"
@ -242,83 +315,101 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
</div>
<div class="form-group">
<label for="name" class="col-sm-3 control-label"><?php echo $hesklang['name']; ?>:</label>
<label for="name" class="col-sm-3 control-label">
<?php echo $hesklang['name']; ?>
<span class="important">*</span>
</label>
<div class="col-sm-9">
<input class="form-control" type="text" name="name" size="40" maxlength="30"
value="<?php echo $ticket['name']; ?>"
placeholder="<?php echo htmlspecialchars($hesklang['name']); ?>"/>
placeholder="<?php echo htmlspecialchars($hesklang['name']); ?>"
data-error="<?php echo $hesklang['this_field_is_required']; ?>"
required>
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>:</label>
<?php
$required = '';
$required_attribute = '';
if ($hesk_settings['require_email']) {
$required = ' <span class="important">*</span>';
$required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
}
?>
<label for="email"
class="col-sm-3 control-label"><?php echo $hesklang['email'] . $required; ?></label>
<div class="col-sm-9">
<input class="form-control" type="text" name="email" size="40" maxlength="1000"
value="<?php echo $ticket['email']; ?>"
placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>"/>
placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>"
<?php echo $required_attribute ?>>
<div class="help-block with-errors"></div>
</div>
</div>
<?php
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
$k_value = $ticket[$k];
if ($v['type'] == 'checkbox') {
$k_value = explode('<br />', $k_value);
$k_value = explode('<br>', $k_value);
}
if ($v['req'] == 2) {
$v['req'] = '<span class="important">*</span>';
$required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
} else {
$v['req'] = '';
$required_attribute = '';
}
switch ($v['type']) {
/* Radio box */
case 'radio':
$cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">';
$options = explode('#HESK#', $v['value']);
foreach ($options as $option) {
if (strlen($k_value) == 0 || $k_value == $option) {
foreach ($v['value']['radio_options'] as $option) {
if (strlen($k_value) == 0) {
$k_value = $option;
$checked = empty($v['value']['no_default']) ? 'checked="checked"' : '';
} elseif ($k_value == $option) {
$k_value = $option;
$checked = 'checked="checked"';
} else {
$checked = '';
}
echo '<div class="radio"><label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' /> ' . $option . '</label></div>';
echo '<div class="radio"><label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
}
echo '<div class="help-block with-errors"></div></div>
</div>';
echo '</div>
</div>
';
break;
/* Select drop-down box */
case 'select':
$cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9"><select class="form-control" name="' . $k . '">';
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">
<select name="' . $k . '" class="form-control" ' . $required_attribute . '>';
// Show "Click to select"?
$v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
if ($num) {
if (!empty($v['value']['show_select'])) {
echo '<option value="">' . $hesklang['select'] . '</option>';
}
$options = explode('#HESK#', $v['value']);
foreach ($options as $option) {
if (strlen($k_value) == 0 || $k_value == $option) {
foreach ($v['value']['select_options'] as $option) {
if ($k_value == $option) {
$k_value = $option;
$selected = 'selected="selected"';
$selected = 'selected';
} else {
$selected = '';
}
@ -326,164 +417,149 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
echo '<option ' . $selected . '>' . $option . '</option>';
}
echo '</select></div>
echo '</select>
<div class="help-block with-errors"></div>
</div>
';
</div>';
break;
/* Checkbox */
case 'checkbox':
$cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">';
$options = explode('#HESK#', $v['value']);
foreach ($options as $option) {
foreach ($v['value']['checkbox_options'] as $option) {
if (in_array($option, $k_value)) {
$checked = 'checked="checked"';
$checked = 'checked';
} else {
$checked = '';
}
echo '<div class="checkbox"><label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' /> ' . $option . '</label></div>';
echo '<div class="checkbox"><label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
}
echo '</div>
echo '<div class="help-block with-errors"></div>
</div>
';
</div>';
break;
/* Large text box */
case 'textarea':
$size = explode('#', $v['value']);
$size[0] = empty($size[0]) ? 5 : intval($size[0]);
$size[1] = empty($size[1]) ? 30 : intval($size[1]);
$cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
$k_value = hesk_msgToPlain($k_value, 0, 0);
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">
<textarea class="form-control" name="' . $k . '" rows="' . $size[0] . '" placeholder="' . htmlspecialchars($v['name']) . '" cols="' . $size[1] . '">' . $k_value . '</textarea>
<textarea name="' . $k . '" class="form-control" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>
<div class="help-block with-errors"></div>
</div>
</div>';
break;
// Date
case 'date':
if (strlen($k_value) != 0) {
$v['value'] = $k_value;
if ($required_attribute !== '') {
$required_attribute .= ' pattern="[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])"';
}
$cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
$k_value = hesk_custom_date_display_format($k_value, 'Y-m-d');
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">
<input type="text" class="datepicker form-control white-readonly" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $v['name'] . '" name="' . $k . '" size="40"
maxlength="' . $v['maxlen'] . '" value="' . date('Y-m-d', $v['value']) . '" readonly/>
<input type="text" name="' . $k . '" value="' . $k_value . '" class="datepicker form-control" size="10" ' . $required_attribute . '>
<div class="help-block with-errors"></div>
</div>
</div>';
break;
case 'multiselect':
echo '<div class="form-group"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9"><select class="form-control" id="' . $v['name'] . '" name="' . $k . '" multiple>';
$options = explode('#HESK#', $v['value']);
foreach ($options as $option) {
if (strlen($k_value) == 0 || $k_value == $option) {
$k_value = $option;
$selected = 'selected="selected"';
} else {
$selected = '';
}
echo '<option ' . $selected . '>' . $option . '</option>';
}
echo '</select>
<div class="btn-group" role="group">
<button type="button" class="btn btn-default" onclick="selectAll(\'' . $v['name'] . '\')">'.$hesklang['select_all_title_case'].'</button>
<button type="button" class="btn btn-default" onclick="deselectAll(\'' . $v['name'] . '\')">'.$hesklang['deselect_all_title_case'].'</button>
</div></div></div>';
break;
case 'hidden':
//Clean up multiple dashes or whitespaces
$formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
$formattedId = preg_replace("/[\s_]/", "-", $formattedId);
// Email
case 'email':
$cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
if (strlen($k_value) != 0) {
$v['value'] = $k_value;
}
echo '<input type="hidden" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '"/>';
$suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\'' . $k . '\', \'' . $k . '_suggestions\', 0, 1' . ($v['value']['multiple'] ? ',1' : '') . ')"' : '';
echo '
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">
<input class="form-control" type="text" name="' . $k . '" id="' . $k . '" value="' . $k_value . '" size="40" ' . $suggest . ' ' . $required_attribute . '>
<div class="help-block with-errors"></div>
</div>
<div id="' . $k . '_suggestions"></div>
</div>
';
break;
// Hidden (same as text for staff)
case 'hidden':
case 'readonly':
//Clean up multiple dashes or whitespaces
$formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
$formattedId = preg_replace("/[\s_]/", "-", $formattedId);
default:
if (strlen($k_value) != 0) {
$v['value'] = $k_value;
$v['value']['default_value'] = $k_value;
}
echo '<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" readonly></div>
</div>';
break;
$cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
/* Default text input */
default:
if (strlen($k_value) != 0) {
$k_value = hesk_msgToPlain($k_value, 0, 0);
$v['value'] = $k_value;
}
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">
<input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" />
<input type="text" class="form-control" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $required_attribute . '>
<div class="help-block with-errors"></div>
</div>
</div>
';
}
}
}
?>
} ?>
<div class="form-group" id="message-group">
<?php
$required = '';
$required_attribute = '';
if ($hesk_settings['require_message'] == 1) {
$required = ' <span class="important">*</span>';
$required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
}
<?php } ?>
<div class="form-group">
<label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message']; ?>:</label>
?>
<label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message'] . $required; ?></label>
<div class="col-sm-9">
<?php
$message = $modsForHesk_settings['rich_text_for_tickets'] ? hesk_html_entity_decode($ticket['message']) : $ticket['message'];
$message = $ticket['html'] ? hesk_html_entity_decode($ticket['message']) : $ticket['message'];
?>
<textarea class="form-control htmlEditor" name="message" rows="12"
placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>"
cols="60"><?php echo $message; ?></textarea>
cols="60" <?php echo $required_attribute; ?>><?php echo $message; ?></textarea>
<div class="help-block with-errors" id="message-help-block"></div>
</div>
</div>
<div class="form-group">
<input type="hidden" name="save" value="1"/><input type="hidden" name="track"
value="<?php echo $trackingID; ?>"/>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
<input type="hidden" name="save" value="1">
<input type="hidden" name="track" value="<?php echo $trackingID; ?>">
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
<?php
if ($is_reply) {
?>
<input type="hidden" name="reply" value="<?php echo $tmpvar['id']; ?>"/>
<input type="hidden" name="reply" value="<?php echo $tmpvar['id']; ?>">
<?php
}
?>
</div>
<div class="form-group" style="text-align: center">
<?php
$html = $modsForHesk_settings['rich_text_for_tickets'] ? 1 : 0;
$html = $ticket['html'] ? 1 : 0;
?>
<input type="hidden" name="html" value="<?php echo $html; ?>">
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default"/>
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default">
<?php if (isset($_REQUEST['isManager']) && $_REQUEST['isManager']): ?>
<input type="hidden" name="isManager" value="1">
<?php endif; ?>
@ -492,7 +568,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</form>
</div>
</div>
<?php if ($modsForHesk_settings['rich_text_for_tickets']): ?>
<script>
buildValidatorForTicketSubmission('form1', "<?php echo addslashes($hesklang['select_at_least_one_value']); ?>");
</script>
<?php if ($ticket['html']): ?>
<script type="text/javascript">
/* <![CDATA[ */
tinyMCE.init({

152
admin/export.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
define('PAGE_TITLE', 'ADMIN_REPORTS');
@ -37,6 +20,8 @@ require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/reporting_functions.inc.php');
require(HESK_PATH . 'inc/status_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
require(HESK_PATH . 'inc/custom_fields.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -47,6 +32,13 @@ hesk_isLoggedIn();
hesk_checkPermission('can_export');
$modsForHesk_settings = mfh_getSettings();
// Just a delete file action?
$delete = hesk_GET('delete');
if (strlen($delete) && preg_match('/^hesk_export_[0-9_\-]+$/', $delete)) {
hesk_unlink(HESK_PATH.$hesk_settings['cache_dir'].'/'.$delete.'.zip');
hesk_process_messages($hesklang['fd'], 'export.php','SUCCESS');
}
// Set default values
define('CALENDAR', 1);
define('MAIN_PAGE', 1);
@ -61,23 +53,23 @@ $is_all_time = 0;
// Default this month to date
$date_from = date('Y-m-d', mktime(0, 0, 0, date("m"), 1, date("Y")));
$date_to = date('Y-m-d');
$input_datefrom = date('m/d/Y', strtotime('last month'));
$input_dateto = date('m/d/Y');
$input_datefrom = date('Y-m-d', strtotime('last month'));
$input_dateto = date('Y-m-d');
/* Date */
if (!empty($_GET['w'])) {
$df = preg_replace('/[^0-9]/', '', hesk_GET('datefrom'));
if (strlen($df) == 8) {
$date_from = substr($df, 4, 4) . '-' . substr($df, 0, 2) . '-' . substr($df, 2, 2);
$input_datefrom = substr($df, 0, 2) . '/' . substr($df, 2, 2) . '/' . substr($df, 4, 4);
$date_from = substr($df, 0, 4) . '-' . substr($df, 4, 2) . '-' . substr($df, 6, 2);
$input_datefrom = $date_from;
} else {
$date_from = date('Y-m-d', strtotime('last month'));
}
$dt = preg_replace('/[^0-9]/', '', hesk_GET('dateto'));
if (strlen($dt) == 8) {
$date_to = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2);
$input_dateto = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4);
$date_to = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
$input_dateto = $date_to;
} else {
$date_to = date('Y-m-d');
}
@ -316,7 +308,7 @@ if (isset($_GET['w'])) {
}
// This will be the export directory
$export_dir = HESK_PATH . $hesk_settings['attach_dir'] . '/export/';
$export_dir = HESK_PATH.$hesk_settings['cache_dir'].'/';
// This will be the name of the export and the XML file
$export_name = 'hesk_export_' . date('Y-m-d_H-i-s') . '_' . mt_rand(10000, 99999);
@ -330,12 +322,7 @@ if (isset($_GET['w'])) {
}
// Cleanup old files
$files = preg_grep('/index\.htm$/', glob($export_dir.'*', GLOB_NOSORT), PREG_GREP_INVERT);
if (is_array($files) && count($files)) {
foreach ($files as $file) {
hesk_unlink($file, 86400);
}
}
hesk_purge_cache('export', 86400);
} else {
hesk_error($hesklang['ede']);
}
@ -347,6 +334,7 @@ if (isset($_GET['w'])) {
}
// Start generating the report message and generating the export
$success_msg = '';
$flush_me = '<br /><br />';
$flush_me .= hesk_date() . " | {$hesklang['inite']} ";
@ -388,6 +376,9 @@ if (isset($_GET['w'])) {
<Style ss:ID="s62">
<NumberFormat ss:Format="General Date"/>
</Style>
<Style ss:ID="s63">
<NumberFormat ss:Format="Short Date"/>
</Style>
<Style ss:ID="s65">
<NumberFormat ss:Format="[h]:mm:ss"/>
</Style>
@ -439,10 +430,6 @@ if (isset($_GET['w'])) {
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
$tmp .= '<Cell><Data ss:Type="String">' . $v['name'] . '</Data></Cell>' . "\n";
}
}
@ -505,14 +492,17 @@ if (isset($_GET['w'])) {
';
// Add custom fields
foreach ($hesk_settings['custom_fields'] as $k => $v) {
foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use']) {
$output = $ticket[$k];
if ($v['type'] == 'date' && !empty($ticket[$k])) {
$dt = date('Y-m-d', $ticket[$k]);
$output = hesk_dateToString($dt, 0);
switch ($v['type']) {
case 'date':
$tmp_dt = hesk_custom_date_display_format($ticket[$k], 'Y-m-d\T00:00:00.000');
$tmp .= strlen($tmp_dt) ? '<Cell ss:StyleID="s63"><Data ss:Type="DateTime">'.$tmp_dt : '<Cell><Data ss:Type="String">';
$tmp .= "</Data></Cell> \n";
break;
default:
$tmp .= '<Cell><Data ss:Type="String"><![CDATA['.hesk_msgToPlain($ticket[$k], 1, 0).']]></Data></Cell> ' . "\n";
}
$tmp .= '<Cell><Data ss:Type="String"><![CDATA[' . hesk_msgToPlain($output, 1, 0) . ']]></Data></Cell> ' . "\n";
}
}
@ -636,7 +626,10 @@ if (isset($_GET['w'])) {
// We're done!
$flush_me .= hesk_date() . " | {$hesklang['fZIP']}<br /><br />";
$flush_me .= '<a href="' . $save_to_zip . '">' . $hesklang['ch2d'] . "</a>\n";
// Success message
$success_msg .= $hesk_settings['debug_mode'] ? $flush_me : '<br /><br />';
$success_msg .= $hesklang['step1'] . ': <a href="' . $save_to_zip . '">' . $hesklang['ch2d'] . '</a><br /><br />' . $hesklang['step2'] . ': <a href="export.php?delete='.urlencode($export_name).'">' . $hesklang['dffs'] . '</a>';
} // No tickets exported, cleanup
else {
hesk_unlink($save_to);
@ -649,55 +642,46 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row move-down-20">
<div class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading"><?php echo $hesklang['export']; ?></div>
<section class="content">
<div class="box">
<div class="box-header">
<h1 class="box-title">
<?php echo $hesklang['export']; ?>
</h1>
<?php
if (hesk_checkPermission('can_run_reports', 0)) {
$canRunReports = true;
} else {
$canRunReports = false;
echo '<br><small><a href="reports.php">' . $hesklang['reports_tab'] . '</a></small>';
}
?>
<div class="panel-body" <?php if ($canRunReports) {
echo 'style="margin-top: -15px;"';
} ?>>
<?php if ($canRunReports) {
echo '<small><a href="reports.php">' . $hesklang['reports_tab'] . '</a></small><div class="blankSpace"></div>';
} ?>
<p><?php echo $hesklang['export_intro']; ?></p>
</div>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="col-md-8">
<div class="box-body">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
// If an export was generated, show the link to download
if (isset($flush_me)) {
if (isset($success_msg)) {
if ($tickets_exported > 0) {
hesk_show_success($flush_me);
hesk_show_success($success_msg);
} else {
hesk_show_notice($hesklang['n2ex']);
}
}
?>
<h3><?php echo $hesklang['export']; ?></h3>
<div class="footerWithBorder blankSpace"></div>
<form name="showt" action="export.php" method="get" class="form-horizontal" role="form">
<form name="showt" action="export.php" method="get" role="form">
<div class="form-group">
<label for="time" class="control-label col-sm-2"><?php echo $hesklang['dtrg']; ?>:</label>
<div class="col-sm-10">
<div class="col-sm-10 form-inline">
<!-- START DATE -->
<input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> />
<select name="time" onclick="document.getElementById('w0').checked = true"
class="form-control"
onfocus="document.getElementById('w0').checked = true"
style="margin-top:5px;margin-bottom:5px;">
<option value="1" <?php echo $selected['time'][1]; ?>><?php echo $hesklang['r1']; ?>
@ -728,16 +712,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<option value="12" <?php echo $selected['time'][12]; ?>><?php echo $hesklang['r12']; ?></option>
</select>
<br/>
<br>
<input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> />
<?php echo $hesklang['from']; ?> <input type="text" name="datefrom"
value="<?php echo $input_datefrom; ?>" id="datefrom"
class="tcal" size="10"
class="datepicker form-control" size="10"
onclick="document.getElementById('w1').checked = true"
onfocus="document.getElementById('w1').checked = true;this.focus;"/>
<?php echo $hesklang['to']; ?> <input type="text" name="dateto" value="<?php echo $input_dateto; ?>"
id="dateto" class="tcal" size="10"
id="dateto" class="datepicker form-control" size="10"
onclick="document.getElementById('w1').checked = true"
onfocus="document.getElementById('w1').checked = true; this.focus;"/>
<!-- END DATE -->
@ -907,14 +891,14 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
</div>
</div>
<div class="form-group text-center">
<div class="form-group">
<input type="submit" value="<?php echo $hesklang['export_btn']; ?>" class="btn btn-default"/>
<input type="hidden" name="cot" value="1"/>
</div>
</form>
</div>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();

112
admin/find_tickets.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -37,6 +20,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/status_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -51,31 +35,18 @@ hesk_checkPermission('can_view_tickets');
$_SERVER['PHP_SELF'] = './admin_main.php';
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
</td>
</tr>
<tr>
<td>
<div class="row pad-down-20">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
<h4><?php echo $hesklang['tickets_found']; ?> <span class="nu-floatRight panel-button"><a
href="new_ticket.php"
class="btn btn-success"><span class="glyphicon glyphicon-plus-sign"></span> <?php echo $hesklang['nti']; ?></a></span></h4>
</div>
<?php
// This SQL code will be used to retrieve results
$sql_final = "SELECT
// This SQL code will be used to retrieve results
$sql_final = "SELECT
`id`,
`trackid`,
`name`,
@ -220,16 +191,11 @@ LEFT(`message`, 400) AS `message`,
}
/* Date */
/* -> Check for compatibility with old date format */
if (preg_match("/(\d{4})-(\d{2})-(\d{2})/", hesk_GET('dt'), $m)) {
$_GET['dt'] = $m[2] . $m[3] . $m[1];
}
/* -> Now process the date value */
$dt = preg_replace('/[^0-9]/', '', hesk_GET('dt'));
if (strlen($dt) == 8) {
$date = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2);
$date_input = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4);
$date = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
$date_input = $date;
/* This search is valid even if no query is entered */
if ($no_query) {
@ -247,9 +213,6 @@ LEFT(`message`, 400) AS `message`,
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
}
/* This will handle error, success and notice messages */
$handle = hesk_handle_messages();
# echo "$sql<br/>";
// That's all the SQL we need for count
@ -258,24 +221,49 @@ LEFT(`message`, 400) AS `message`,
/* Prepare variables used in search and forms */
require_once(HESK_PATH . 'inc/prepare_ticket_search.inc.php');
/* If there has been an error message skip searching for tickets */
?>
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['tickets']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php $handle = hesk_handle_messages(); ?>
<div class="checkbox">
<label>
<input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
<?php echo $hesklang['arp']; ?>
<span id="timer"></span>
</label>
</div>
<script type="text/javascript">heskCheckReloading();</script>
<?php
if ($handle !== FALSE) {
$href = 'find_tickets.php';
require_once(HESK_PATH . 'inc/ticket_list.inc.php');
echo '<br>';
}
?>
<?php
/* Clean unneeded session variables */
hesk_cleanSessionVars('hide');
/* Show the search form */
require_once(HESK_PATH . 'inc/show_search_form.inc.php');
?>
</div>
</div>
</section>
<?php
/* Print footer */
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
?>

196
admin/index.php
Unescape Escape View File

@ -1,35 +1,19 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
define('PAGE_TITLE', 'LOGIN');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
@ -58,9 +42,6 @@ switch ($action) {
hesk_autoLogin();
print_login();
}
/* Print footer */
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
/*** START FUNCTIONS ***/
@ -208,15 +189,15 @@ function do_login()
/* Remember username? */
if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
setcookie('hesk_username', "$user", strtotime('+1 year'));
setcookie('hesk_p', "$pass_enc", strtotime('+1 year'));
hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
hesk_setcookie('hesk_p', "$pass_enc", strtotime('+1 year'));
} elseif (hesk_POST('remember_user') == 'JUSTUSER') {
setcookie('hesk_username', "$user", strtotime('+1 year'));
setcookie('hesk_p', '');
hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
hesk_setcookie('hesk_p', '');
} else {
// Expire cookie if set otherwise
setcookie('hesk_username', '');
setcookie('hesk_p', '');
hesk_setcookie('hesk_username', '');
hesk_setcookie('hesk_p', '');
}
/* Close any old tickets here so Cron jobs aren't necessary */
@ -274,7 +255,7 @@ function print_login()
}
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['admin_login'];
require_once(HESK_PATH . 'inc/header.inc.php');
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
if ( hesk_isREQUEST('notice') )
{
@ -287,29 +268,37 @@ function print_login()
}
?>
<div class="loginError"><?php
<div class="login-box">
<div class="login-logo">
<?php echo $hesk_settings['hesk_title']; ?>
</div>
<div class="login-box-body">
<div class="loginError">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?></div>
<div>
<div class="panel panel-default form-signin">
<div class="panel-heading">
<h4><span <?php echo $iconDisplay; ?>><span class="mega-octicon octicon-sign-in"></span>&nbsp;</span><?php echo $hesklang['admin_login']; ?></h4>
?>
</div>
<div class="panel-body">
<form class="form-signin form-horizontal" role="form" action="index.php" method="post" name="form1">
<?php if (in_array('pass',$_SESSION['a_iserror'])) { echo '<div class="form-group has-error">';} else { echo '<div class="form-group">';}?>
<label for="user" class="col-sm-4 control-label"><?php echo $hesklang['username']; ?>:</label>
<h4 class="login-box-msg">
<?php echo $hesklang['staff_login_title']; ?>
</h4>
<form class="form-horizontal" role="form" action="index.php" method="post" name="form1">
<?php
$has_error = '';
if (in_array('pass',$_SESSION['a_iserror'])) {
$has_error = 'has-error';
}
?>
<div class="form-group <?php echo $has_error; ?>">
<label for="user" class="col-sm-4 control-label">
<?php echo $hesklang['username']; ?>
</label>
<div class="col-sm-8">
<?php
if (defined('HESK_USER'))
{
if (defined('HESK_USER')) {
$savedUser = HESK_USER;
}
else
{
$savedUser = hesk_htmlspecialchars( hesk_COOKIE('hesk_username') );
} else {
$savedUser = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
}
$is_1 = '';
@ -318,42 +307,46 @@ function print_login()
$remember_user = hesk_POST('remember_user');
if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN') )
{
$is_1 = 'checked="checked"';
}
elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER' )
{
$is_2 = 'checked="checked"';
}
else
{
$is_3 = 'checked="checked"';
}
if ($hesk_settings['list_users'])
{
echo '<select class="form-control" name="user">';
$res = hesk_dbQuery('SELECT `user` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `user` ASC');
while ($row=hesk_dbFetchAssoc($res))
{
$sel = (strtolower($savedUser) == strtolower($row['user'])) ? 'selected="selected"' : '';
echo '<option value="'.$row['user'].'" '.$sel.'>'.$row['user'].'</option>';
if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN')) {
$is_1 = 'checked';
} elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER') {
$is_2 = 'checked';
} else {
$is_3 = 'checked';
}
echo '</select>';
}
else
{
echo '<input class="form-control" type="text" name="user" size="35" placeholder="'.htmlspecialchars($hesklang['username']).'" value="'.$savedUser.'" />';
}
if ($hesk_settings['list_users']) :
$res = hesk_dbQuery("SELECT `user` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1' ORDER BY `user` ASC");
?>
<select class="form-control" name="user">
<?php
while ($row = hesk_dbFetchAssoc($res)):
$sel = (strtolower($savedUser) == strtolower($row['user'])) ? 'selected' : '';
?>
<option value="<?php echo $row['user']; ?>" <?php echo $sel; ?>>
<?php echo $row['user']; ?>
</option>
<?php endwhile; ?>
</select>
<?php else: ?>
<input class="form-control" type="text" name="user" size="35"
placeholder="<?php echo htmlspecialchars($hesklang['username']); ?>"
value="<?php echo $savedUser; ?>">
<?php endif; ?>
</div>
</div>
<?php if (in_array('pass',$_SESSION['a_iserror'])) { echo '<div class="form-group has-error">';} else { echo '<div class="form-group">';}?>
<label for="pass" class="col-sm-4 control-label"><?php echo $hesklang['pass']; ?>:</label>
<?php
$has_error = '';
if (in_array('pass',$_SESSION['a_iserror'])) {
$has_error = 'has-error';
}
?>
<div class="form-group <?php echo $has_error; ?>">
<label for="pass" class="col-sm-4 control-label">
<?php echo $hesklang['pass']; ?>
</label>
<div class="col-sm-8">
<input type="password" class="form-control" id="pass" name="pass" size="35" placeholder="<?php echo htmlspecialchars($hesklang['pass']); ?>" />
<input type="password" class="form-control" id="pass" name="pass" size="35" placeholder="<?php echo htmlspecialchars($hesklang['pass']); ?>">
</div>
</div>
<?php
@ -410,9 +403,9 @@ function print_login()
echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">';
$cls = in_array('mysecnum',$_SESSION['a_iserror']) ? ' class="isError" ' : '';
echo $hesklang['sec_enter'].'<br />&nbsp;<br /><img src="'.HESK_PATH.'print_sec_img.php?'.rand(10000,99999).'" width="150" height="40" alt="'.$hesklang['sec_img'].'" title="'.$hesklang['sec_img'].'" border="1" name="secimg" style="vertical-align:text-bottom" /> '.
'<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\''.HESK_PATH.'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="'.HESK_PATH.'img/reload.png" height="24" width="24" alt="'.$hesklang['reload'].'" title="'.$hesklang['reload'].'" border="0" style="vertical-align:text-bottom" /></a>'.
'<br />&nbsp;<br /><input type="text" name="mysecnum" size="20" maxlength="5" '.$cls.' />';
echo $hesklang['sec_enter'].'<br><br><img src="'.HESK_PATH.'print_sec_img.php?'.rand(10000,99999).'" width="150" height="40" alt="'.$hesklang['sec_img'].'" title="'.$hesklang['sec_img'].'" border="1" name="secimg" style="vertical-align:text-bottom"> '.
'<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\''.HESK_PATH.'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="'.HESK_PATH.'img/reload.png" height="24" width="24" alt="'.$hesklang['reload'].'" title="'.$hesklang['reload'].'" border="0" style="vertical-align:text-bottom"></a>'.
'<br><br><input type="text" name="mysecnum" size="20" maxlength="5" '.$cls.'>';
echo '</div></div>';
}
} // End if $hesk_settings['secimg_use'] == 2
@ -423,13 +416,13 @@ function print_login()
<div class="form-group">
<div class="col-md-offset-4 col-md-8">
<div class="radio">
<label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php echo $is_1; ?> /> <?php echo $hesklang['autologin']; ?></label>
<label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php echo $is_1; ?>> <?php echo $hesklang['autologin']; ?></label>
</div>
<div class="radio">
<label><input type="radio" name="remember_user" value="JUSTUSER" <?php echo $is_2; ?> /> <?php echo $hesklang['just_user']; ?></label>
<label><input type="radio" name="remember_user" value="JUSTUSER" <?php echo $is_2; ?>> <?php echo $hesklang['just_user']; ?></label>
</div>
<div class="radio">
<label><input type="radio" name="remember_user" value="NOTHANKS" <?php echo $is_3; ?> /> <?php echo $hesklang['nothx']; ?></label>
<label><input type="radio" name="remember_user" value="NOTHANKS" <?php echo $is_3; ?>> <?php echo $hesklang['nothx']; ?></label>
</div>
</div>
</div>
@ -450,35 +443,28 @@ function print_login()
?>
<div class="form-group">
<div class="col-md-offset-4 col-md-8">
<input type="submit" value="<?php echo $hesklang['click_login']; ?>" class="btn btn-default" />
<input type="hidden" name="a" value="do_login" />
<input type="submit" value="<?php echo $hesklang['click_login']; ?>" class="btn btn-default">
<input type="hidden" name="a" value="do_login">
<?php
if ( hesk_isREQUEST('goto') && $url=hesk_REQUEST('goto') )
{
echo '<input type="hidden" name="goto" value="'.$url.'" />';
echo '<input type="hidden" name="goto" value="'.$url.'">';
}
// Do we allow staff password reset?
if ($hesk_settings['reset_pass'])
{
echo '<br />&nbsp;<br /><a href="password.php" class="smaller">'.$hesklang['fpass'].'</a>';
echo '<br><br><a href="password.php" class="smaller">'.$hesklang['fpass'].'</a>';
}
?>
</div>
</div>
</form>
</div>
</div>
</div>
<p>&nbsp;</p>
<?php
</div>
<?php
hesk_cleanSessionVars('a_iserror');
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
} // End print_login()
@ -507,7 +493,7 @@ function logout()
/* Show success message and reset the cookie */
hesk_process_messages($hesklang['logout_success'], 'NOREDIRECT', 'SUCCESS');
setcookie('hesk_p', '');
hesk_setcookie('hesk_p', '');
/* Print the login form */
print_login();

266
admin/knowledgebase_private.php
Unescape Escape View File

@ -37,6 +37,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/knowledgebase_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -56,6 +57,7 @@ $can_man_kb = hesk_checkPermission('can_man_kb',0);
$catid = intval( hesk_GET('category', 1) );
$artid = intval( hesk_GET('article', 0) );
if (isset($_GET['search']))
{
$query = hesk_input( hesk_GET('search') );
@ -69,7 +71,9 @@ $hesk_settings['kb_link'] = ($artid || $catid != 1 || $query) ? '<a href="knowle
if ($hesk_settings['kb_search'] && $query)
{
hesk_kb_search($query);
if (hesk_kb_search($query)) {
hesk_show_kb_category(1,1);
}
}
elseif ($artid)
{
@ -98,7 +102,7 @@ else
{
hesk_show_kb_category($catid);
}
?> </div> <?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
@ -114,11 +118,6 @@ function hesk_kb_header($kb_link, $catid=1)
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
</td>
</tr>
<tr>
<td>
<ol class="breadcrumb">
<?php
if ($can_man_kb)
@ -130,15 +129,10 @@ function hesk_kb_header($kb_link, $catid=1)
?>
<li class="active"><?php echo $kb_link; ?></li>
</ol>
<!-- SUB NAVIGATION -->
<?php show_subnav('view', $catid); ?>
<!-- SUB NAVIGATION -->
<div style="margin-left:40px;margin-right:40px">
<section style="padding: 15px;">
<?php hesk_kbSearchLarge(1); ?>
</section>
<?php
} // END hesk_kb_header()
@ -154,25 +148,28 @@ function hesk_kb_search($query)
$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, LEFT(`t1`.`content`, '.max(200, $hesk_settings['kb_substrart'] * 2).') AS `content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit']));
$num = hesk_dbNumRows($res);
$show_default_category = false;
?>
<h4><?php echo $hesklang['sr']; ?> (<?php echo $num; ?>)</h4>
<div class="footerWithBorder blankSpace"></div>
<section style="padding: 15px">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['sr']; ?> (<?php echo $num; ?>)
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php
if ($num == 0)
{
echo '<p style="margin-left:20px"><i>'.$hesklang['nosr'].'</i></p>';
hesk_show_kb_category(1,1);
}
else
{
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center">
<table border="0" cellspacing="1" cellpadding="3" width="100%">
if ($num == 0) {
echo '<i>'.$hesklang['nosr'].'</i>';
$show_default_category = true;
} else {
?>
<table class="table table-striped">
<?php
while ($article = hesk_dbFetchAssoc($res))
{
@ -180,8 +177,7 @@ function hesk_kb_search($query)
if ($hesk_settings['kb_rating'])
{
$alt = $article['rating'] ? sprintf($hesklang['kb_rated'], sprintf("%01.1f", $article['rating'])) : $hesklang['kb_not_rated'];
$rat = '<td width="1" valign="top"><img src="../img/star_'.(hesk_round_to_half($article['rating'])*10).'.png" width="85" height="16" alt="'.$alt.'" border="0" style="vertical-align:text-bottom" /></td>';
$rat = '<td width="1" valign="top">' . mfh_get_stars($article['rating']) . '</td>';
}
else
{
@ -210,15 +206,13 @@ function hesk_kb_search($query)
}
?>
</table>
<a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>&nbsp;<?php echo $hesklang['back']; ?></a>
<?php } ?>
</div>
</td>
</tr>
</table>
<p><br /><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>&nbsp;<?php echo $hesklang['back']; ?></a></p>
</div>
</section>
<?php
} // END else
return $show_default_category;
} // END hesk_kb_search()
@ -231,29 +225,39 @@ function hesk_show_kb_article($artid)
hesk_kb_header($hesk_settings['kb_link'], $article['catid']);
// Update views by 1
hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
echo '<h3>'.$article['subject'].'</h3>
<div class="footerWithBorder blankSpace"></div>
hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid}");
<h4>'.$hesklang['as'].'</h4>
'. $article['content'];
if ( ! empty($article['attachments']))
{
echo '<p><b>'.$hesklang['attachments'].':</b><br />';
?>
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $article['subject']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php echo $article['content']; ?>
</div>
<?php if (!empty($article['attachments'])): ?>
<div class="box-footer">
<p><b><?php echo $hesklang['attachments']; ?></b></p>
<?php
$att=explode(',',substr($article['attachments'], 0, -1));
foreach ($att as $myatt)
{
list($att_id, $att_name) = explode('#', $myatt);
echo '<i class="fa fa-papercip"></i> <a href="../download_attachment.php?kb_att='.$att_id.'" rel="nofollow">'.$att_name.'</a><br />';
}
echo '</p>';
echo '<i class="fa fa-paperclip"></i> <a href="../download_attachment.php?kb_att='.$att_id.'" rel="nofollow">'.$att_name.'</a><br />';
}
?>
</div>
<?php endif; ?>
</div>
<?php
if ($article['catid']==1)
{
@ -310,12 +314,30 @@ function hesk_show_kb_article($artid)
}
?>
<div class="<?php echo $column; ?> col-sm-12">
<h4><?php echo $hesklang['ad']; ?></h4>
<div class="footerWithBorder blankSpace"></div>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['ad']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<table border="0">
<tr>
<td><?php echo $hesklang['aid']; ?>: </td>
<td><?php echo $article['id']; ?></td>
<td>
<?php
echo $article['id'];
if ($article['type'] == 0)
{
echo ' [<a href="' . $hesk_settings['hesk_url'] . '/knowledgebase.php?article=' . $article['id'] . '">' . $hesklang['public_link'] . '</a>]';
}
?>
</td>
</tr>
<tr>
<td><?php echo $hesklang['category']; ?>: </td>
@ -331,10 +353,22 @@ function hesk_show_kb_article($artid)
</tr>
</table>
</div>
</div>
</div>
<?php if ($showRelated) { ?>
<div class="col-md-6 col-sm-12">
<h4><?php echo $hesklang['relart']; ?></h4>
<div class="footerWithBorder blankSpace"></div>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['relart']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php
// Related articles
foreach ($related_articles as $id => $subject)
@ -343,6 +377,8 @@ function hesk_show_kb_article($artid)
}
?>
</div>
</div>
</div>
<?php } ?>
</div>
@ -353,12 +389,9 @@ function hesk_show_kb_article($artid)
<p><br /><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>&nbsp;<?php echo $hesklang['back']; ?></a></p>
<?php
}
else
{
?>
<p>&nbsp;</p>
<?php
}
</section>
<?php
} // END hesk_show_kb_article()
@ -370,38 +403,39 @@ function hesk_show_kb_category($catid, $is_search = 0) {
{
/* Print header */
hesk_kb_header($hesk_settings['kb_link'], $catid);
if ($catid == 1)
{
echo $hesklang['priv'];
}
}
$res = hesk_dbQuery("SELECT `name`,`parent` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."' LIMIT 1");
$thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']);
if ($thiscat['parent'])
{
$link = ($thiscat['parent'] == 1) ? 'knowledgebase_private.php' : 'knowledgebase_private.php?category='.$thiscat['parent'];
echo '<h3>'.$hesklang['kb_cat'].': '.$thiscat['name'].'</h3>
<p align="left"><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>'.$hesklang['back'].'</a></p>
<div class="footerWithBorder blankSpace"></div>';
}
?>
<section class="content">
<?php if ($thiscat['parent']): ?>
<h3><?php echo $hesklang['kb_cat'].': '.$thiscat['name']; ?></h3>
<p align="left"><a href="javascript:history.go(-1)">
<span class="glyphicon glyphicon-circle-arrow-left"></span>
<?php echo $hesklang['back']; ?>
</a></p>
<?php
endif;
$result = hesk_dbQuery("SELECT `id`,`name`,`articles`,`type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='".intval($catid)."' ORDER BY `parent` ASC, `cat_order` ASC");
if (hesk_dbNumRows($result) > 0)
{
?>
<h4><?php echo $hesklang['kb_cat_sub']; ?></h4>
<div class="footerWithBorder blankSpace"></div>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table border="0" cellspacing="1" cellpadding="3" width="100%">
if (hesk_dbNumRows($result) > 0) {
?>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['kb_cat_sub']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<table class="table table-striped">
<?php
$per_col = $hesk_settings['kb_cols'];
$i = 1;
@ -480,31 +514,33 @@ function hesk_show_kb_category($catid, $is_search = 0) {
?>
</table>
</td>
</tr>
</table>
<?php
} // END if NumRows > 0
?>
<br>
<h4><?php echo $hesklang['ac']; ?></h4>
<div class="footerWithBorder blankSpace"></div>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
</div>
<div class="box-footer">
<?php echo $hesklang['private_category_star']; ?>
</div>
</div>
<?php } ?>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['ac']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php
$res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, ".max(200, $hesk_settings['kb_substrart'] * 2).") AS `content`, `rating`, `type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($catid)."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `art_order` ASC");
if (hesk_dbNumRows($res) == 0)
{
echo '<p><i>'.$hesklang['noac'].'</i></p>';
echo '<i>'.$hesklang['noac'].'</i>';
}
else
{
echo '<div align="center"><table border="0" cellspacing="1" cellpadding="3" width="100%">';
echo '<table border="0" cellspacing="1" cellpadding="3" width="100%">';
while ($article = hesk_dbFetchAssoc($res))
{
$private = ($article['type'] == 1) ? ' *' : '';
@ -529,13 +565,15 @@ function hesk_show_kb_category($catid, $is_search = 0) {
</td>
</tr>';
}
echo '</table></div>';
echo '</table>';
}
?>
</td>
</tr>
</table>
</div>
<div class="box-footer">
<?php echo $hesklang['private_article_star']; ?>
</div>
</div>
</section>
<?php
} // END hesk_show_kb_category()

42
admin/lock.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -46,6 +29,7 @@ $modsForHesk_settings = mfh_getSettings();
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
hesk_checkPermission('can_edit_tickets');
hesk_checkPermission('can_resolve');
/* A security check */
hesk_token_check();
@ -98,7 +82,7 @@ $statusRs = hesk_dbQuery($statusSql);
$statusRow = hesk_dbFetchAssoc($statusRs);
$statusId = $statusRow['ID'];
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
/* Back to ticket page and show a success message */
hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');

226
admin/mail.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -36,6 +19,7 @@ define('PAGE_TITLE', 'ADMIN_MAIL');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -124,42 +108,62 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
//-->
</script>
<div class="row move-down-20">
<section class="content">
<div class="row">
<div class="col-md-3">
<div class="panel panel-default">
<div class="panel-heading"><?php echo $hesklang['navigation']; ?></div>
<ul class="list-group">
<?php
/* Print sub-navigation */
echo
'<li class="list-group-item">' . $hesk_settings['mailtmp']['inbox'] . '</li>
<li class="list-group-item">' . $hesk_settings['mailtmp']['outbox'] . '</li>
<li class="list-group-item">' . $hesk_settings['mailtmp']['new'] . '</li>';
?>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['navigation']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<ul class="products-list product-list-in-box">
<li class="item">
<?php echo $hesk_settings['mailtmp']['inbox']; ?>
</li>
<li class="item">
<?php echo $hesk_settings['mailtmp']['outbox']; ?>
</li>
<li class="item">
<?php echo $hesk_settings['mailtmp']['new']; ?>
</li>
</ul>
</div>
</div>
<div class="col-md-7">
<h3><?php echo $hesklang['m_h']; ?></h3>
<div class="footerWithBorder blankSpace"></div>
</div>
<div class="col-md-9">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
/* Show a message? */
if ($action == 'read') {
show_message();
}
if (!isset($_SESSION['hide']['list'])):
?>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['m_h']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php mail_list_messages(); ?>
</div>
</div>
<?php endif; ?>
/* Hide list of messages? */
if (!isset($_SESSION['hide']['list'])) {
mail_list_messages();
} // END hide list of messages
<?php
/* Show new message form */
show_new_form();
@ -168,7 +172,8 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
hesk_cleanSessionVars('mail');
?>
</div>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
@ -189,10 +194,10 @@ function mail_delete()
if ($ids) {
foreach ($ids as $id) {
/* If both correspondents deleted the mail remove it from database, otherwise mark as deleted by this user */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `deletedby`='" . intval($_SESSION['id']) . "' WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`=0 LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `deletedby`='" . intval($_SESSION['id']) . "' WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`=0");
if (hesk_dbAffectedRows() != 1) {
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`!=0 LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`!=0");
}
}
@ -214,7 +219,7 @@ function mail_mark_unread()
if ($ids) {
foreach ($ids as $id) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='0' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='0' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "'");
}
hesk_process_messages($hesklang['smmu'], 'NOREDIRECT', 'SUCCESS');
@ -235,7 +240,7 @@ function mail_mark_read()
if ($ids) {
foreach ($ids as $id) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "'");
}
hesk_process_messages($hesklang['smmr'], 'NOREDIRECT', 'SUCCESS');
@ -399,62 +404,66 @@ function show_message()
/* Mark as read */
if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read'])
{
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` SET `read`='1' WHERE `id`='".intval($id)."' LIMIT 1");
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` SET `read`='1' WHERE `id`='".intval($id)."'");
}
$pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&amp;id='.$pm[$hesk_settings['mailtmp']['other']].'">'.$admins[$pm[$hesk_settings['mailtmp']['other']]].'</a>' : (($pm['from'] == 9999) ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']);
echo $pm['dt'];
$pm['dt'] = hesk_dateToString($pm['dt'],0,1,0,true);
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['private_message_header']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<div class="callout callout-info">
<div class="row">
<div class="col-md-4 col-sm-6">
<b><?php echo $hesk_settings['mailtmp']['m_from']; ?></b>
<?php echo $pm['name']; ?>
</div>
<div class="col-md-4 col-sm-6">
<b><?php echo $hesklang['date_colon']; ?></b>
<?php echo $pm['dt']; ?>
</div>
<div class="col-md-4 col-sm-6">
<b><?php echo $hesklang['m_sub']; ?></b>
<?php echo $pm['subject']; ?>
</div>
</div>
</div>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td valign="top">
<table border="0">
<tr>
<td><b><?php echo $hesk_settings['mailtmp']['m_from']; ?></b></td>
<td><?php echo $pm['name']; ?></td>
</tr>
<tr>
<td><b><?php echo $hesklang['date']; ?></b></td>
<td><?php echo $pm['dt']; ?></td>
</tr>
<tr>
<td><b><?php echo $hesklang['m_sub']; ?></b></td>
<td><?php echo $pm['subject']; ?></td>
</tr>
</table>
</td>
<td class="text-right" style="vertical-align:top;">
</td>
</tr>
</table>
<p><?php echo $pm['message']; ?></p>
</div>
<div class="box-footer">
<div class="pull-right">
<?php
$folder = '&amp;folder=outbox';
if ($pm['to'] == $_SESSION['id'])
{
echo '<a href="mail.php?a=mark_unread&amp;id='.$id.'&amp;token='.hesk_token_echo(0).'"><i class="fa fa-envelope-o font-size-14p"></i></a> ';
echo '<a class="btn btn-default" href="mail.php?a=mark_unread&amp;id='.$id.'&amp;token='.hesk_token_echo(0).'"><i class="fa fa-envelope-o icon-link"></i> '.$hesklang['mau'].'</a> ';
$folder = '';
}
echo '<a href="mail.php?a=delete&amp;id='.$id.'&amp;token='.hesk_token_echo(0).$folder.'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['delm']).'?\');"><i class="fa fa-times font-size-14p red"></i></a>';
echo '<a class="btn btn-danger" href="mail.php?a=delete&amp;id='.$id.'&amp;token='.hesk_token_echo(0).$folder.'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['delm']).'?\');"><i class="fa fa-times icon-link"></i> '.$hesklang['delm'].'</a>';
?>
</td>
</tr>
</table>
<p><?php echo $pm['message']; ?></p>
</td>
</tr>
</table>
</div><hr />
</div>
</div>
</div>
<?php
} // END if $num
@ -547,7 +556,7 @@ function mail_list_messages()
<th><input type="checkbox" name="checkall" value="2" onclick="hesk_changeAll(this)"/></th>
<th><?php echo $hesklang['m_sub']; ?></th>
<th><?php echo $hesk_settings['mailtmp']['m_from']; ?></th>
<th><?php echo $hesklang['date']; ?></th>
<th><?php echo $hesklang['date_colon']; ?></th>
</tr>
</thead>
<tbody>
@ -620,12 +629,20 @@ function show_new_form()
{
global $hesk_settings, $hesklang, $admins;
?>
<br/>
<form action="mail.php" method="post" name="form2" class="form-horizontal" role="form" data-toggle="validator">
<h3><?php echo $hesklang['new_mail']; ?></h3>
<div class="footerWithBorder blankSpace"></div>
<form action="mail.php" method="post" name="form2" class="form-horizontal" role="form" data-toggle="validator">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['new_mail']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<div class="form-group">
<label for="to" class="col-sm-3 control-label"><?php echo $hesklang['m_to']; ?></label>
@ -692,6 +709,9 @@ global $hesk_settings, $hesklang, $admins;
<input type="submit" value="<?php echo $hesklang['m_send']; ?>" class="btn btn-default"/>
</div>
</div>
</div>
</div>
</form>
<?php
} // END show_new_form()
?>

99
admin/manage_canned.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -37,6 +20,7 @@ define('PAGE_TITLE', 'ADMIN_CANNED');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -47,6 +31,9 @@ define('WYSIWYG', 1);
/* Check permissions for this feature */
hesk_checkPermission('can_man_canned');
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
/* What should we do? */
if ($action = hesk_REQUEST('a')) {
if (defined('HESK_DEMO')) {
@ -125,11 +112,19 @@ $i = 1;
$j = 0;
$num = hesk_dbNumRows($result);
?>
<div class="row move-down-20">
<div class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading"><?php echo $hesklang['savedResponses']; ?></div>
<div class="panel-body">
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['savedResponses']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php if ($num < 1)
{
echo '<p>' . $hesklang['no_saved'] . '</p>';
@ -202,7 +197,6 @@ $num = hesk_dbNumRows($result);
</table>
</div>
</div>
</div>
<?php if ($modsForHesk_settings['rich_text_for_tickets']): ?>
<script type="text/javascript">
/* <![CDATA[ */
@ -225,7 +219,20 @@ $num = hesk_dbNumRows($result);
/* ]]> */
</script>
<?php endif; ?>
<div class="col-md-8">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['manage_saved']; ?> <a href="javascript:void(0)"
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['manage_intro']); ?>')"><i
class="fa fa-question-circle settingsquestionmark"></i></a>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<script language="javascript" type="text/javascript"><!--
// -->
var myMsgTxt = new Array();
@ -283,12 +290,6 @@ $num = hesk_dbNumRows($result);
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<h3><?php echo $hesklang['manage_saved']; ?> <a href="javascript:void(0)"
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['manage_intro']); ?>')"><i
class="fa fa-question-circle settingsquestionmark"></i></a></h3>
<div class="footerWithBorder blankSpace"></div>
<?php
$onsubmit = '';
if ($modsForHesk_settings['rich_text_for_tickets']) {
@ -296,14 +297,12 @@ $num = hesk_dbNumRows($result);
}
?>
<form action="manage_canned.php" method="post" name="form1" class="form-horizontal" role="form" data-toggle="validator" <?php echo $onsubmit; ?>>
<h3><?php echo $hesklang['new_saved']; ?></h3>
<div class="footerWithBorder blankSpace"></div>
<div class="form-group">
<div class="col-sm-12">
<?php
if ($num > 0) {
?>
<div class="row">
<div class="col-sm-12">
<div class="radio">
<label><input type="radio" name="a"
@ -311,6 +310,7 @@ $num = hesk_dbNumRows($result);
</label>
</div>
</div>
</div>
<div class="row">
<div class="col-sm-6">
<div class="radio">
@ -391,7 +391,8 @@ $num = hesk_dbNumRows($result);
</div>
</form>
</div>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
@ -427,7 +428,7 @@ function edit_saved()
hesk_process_messages($hesk_error_buffer, 'manage_canned.php?saved_replies=' . $id);
}
$result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "' LIMIT 1");
$result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "'");
unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['id']);
@ -486,7 +487,7 @@ function remove()
$mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']);
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` WHERE `id`='" . intval($mysaved) . "' LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` WHERE `id`='" . intval($mysaved) . "'");
if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");
}
@ -507,7 +508,7 @@ function order_saved()
$reply_move = intval(hesk_GET('move'));
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=`reply_order`+" . intval($reply_move) . " WHERE `id`='" . intval($replyid) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=`reply_order`+" . intval($reply_move) . " WHERE `id`='" . intval($replyid) . "'");
if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");
}
@ -517,7 +518,7 @@ function order_saved()
$i = 10;
while ($myreply = hesk_dbFetchAssoc($result)) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=" . intval($i) . " WHERE `id`='" . intval($myreply['id']) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=" . intval($i) . " WHERE `id`='" . intval($myreply['id']) . "'");
$i += 10;
}

96
admin/manage_categories.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -37,6 +20,7 @@ define('PAGE_TITLE', 'ADMIN_CATEGORIES');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -49,9 +33,9 @@ hesk_checkPermission('can_man_cat');
// Possible priorities
$priorities = array(
3 => array('value' => 3, 'text' => $hesklang['low'], 'formatted' => $hesklang['low']),
2 => array('value' => 2, 'text' => $hesklang['medium'], 'formatted' => '<font class="medium">' . $hesklang['medium'] . '</font>'),
1 => array('value' => 1, 'text' => $hesklang['high'], 'formatted' => '<font class="important">' . $hesklang['high'] . '</font>'),
0 => array('value' => 0, 'text' => $hesklang['critical'], 'formatted' => '<font class="critical">' . $hesklang['critical'] . '</font>'),
2 => array('value' => 2, 'text' => $hesklang['medium'], 'formatted' => '<span class="medium">' . $hesklang['medium'] . '</span>'),
1 => array('value' => 1, 'text' => $hesklang['high'], 'formatted' => '<span class="important">' . $hesklang['high'] . '</span>'),
0 => array('value' => 0, 'text' => $hesklang['critical'], 'formatted' => '<span class="critical">' . $hesklang['critical'] . '</span>'),
);
/* What should we do? */
@ -106,13 +90,19 @@ while ($mycat = hesk_dbFetchAssoc($res)) {
$options .= '>' . $mycat['name'] . '</option>';
}
?>
<div class="row move-down-20">
<div align="left" class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading">
<section class="content">
<div class="box collapsed-box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['add_cat']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-plus"></i>
</button>
</div>
</div>
<div class="panel-body">
<div class="box-body">
<form action="manage_categories.php" method="post" role="form" class="form-horizontal" data-toggle="validator">
<div class="form-group">
<p class="col-sm-4 control-label" style="font-size: .87em">
@ -151,7 +141,7 @@ while ($mycat = hesk_dbFetchAssoc($res)) {
echo '<option value="' . $value . '"' . ($_SESSION['cat_priority'] == $value ? ' selected="selected"' : '') . '>' . $info['text'] . '</option>';
}
?>
</select></p>
</select>
</div>
</div>
@ -210,15 +200,20 @@ while ($mycat = hesk_dbFetchAssoc($res)) {
</form>
</div>
</div>
</div>
<div class="col-md-8">
<div class="panel panel-default">
<div class="panel-heading">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['manage_cat']; ?> <a href="javascript:void(0)"
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['cat_intro']); ?>')"><i
class="fa fa-question-circle settingsquestionmark"></i></a>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="panel-body">
<div class="box-body">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
@ -365,8 +360,7 @@ while ($mycat = hesk_dbFetchAssoc($res)) {
</table>
</div>
</div>
</div>
</div>
</section>
<!-- Edit category modal -->
<div class="modal fade" id="edit-category-modal" tabindex="-1" role="dialog" style="overflow: hidden">
<div class="modal-dialog modal-lg" role="document">
@ -538,7 +532,7 @@ function change_priority()
$priority = 3;
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `priority`='{$priority}' WHERE `id`='" . intval($catid) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `priority`='{$priority}' WHERE `id`='" . intval($catid) . "'");
hesk_cleanSessionVars('cat_ch_priority');
@ -692,7 +686,7 @@ function update_category()
`manager` = " . intval($manager) . ",
`color` = " . $color . ",
`usage` = " . intval($usage) . "
WHERE `id`='" . intval($catid) . "' LIMIT 1");
WHERE `id`='" . intval($catid) . "'");
unset($_SESSION['selcat']);
unset($_SESSION['catname2']);
@ -715,7 +709,7 @@ function remove()
hesk_process_messages($hesklang['cant_del_default_cat'], $_SERVER['PHP_SELF']);
}
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($mycat) . "' LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($mycat) . "'");
if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
}
@ -738,7 +732,7 @@ function order_cat()
$cat_move = intval(hesk_GET('move'));
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=`cat_order`+" . intval($cat_move) . " WHERE `id`='" . intval($catid) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=`cat_order`+" . intval($cat_move) . " WHERE `id`='" . intval($catid) . "'");
if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
}
@ -748,7 +742,7 @@ function order_cat()
$i = 10;
while ($mycat = hesk_dbFetchAssoc($res)) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($mycat['id']) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($mycat['id']) . "'");
$i += 10;
}
@ -776,7 +770,7 @@ function toggle_autoassign()
}
/* Update auto-assign settings */
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `autoassign`='" . intval($autoassign) . "' WHERE `id`='" . intval($catid) . "' LIMIT 1");
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `autoassign`='" . intval($autoassign) . "' WHERE `id`='" . intval($catid) . "'");
if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
}
@ -805,7 +799,7 @@ function toggle_type()
}
/* Update auto-assign settings */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `type`='{$type}' WHERE `id`='" . intval($catid) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `type`='{$type}' WHERE `id`='" . intval($catid) . "'");
if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
}

22
admin/manage_email_templates.php
Unescape Escape View File

@ -8,6 +8,7 @@ define('PAGE_TITLE', 'ADMIN_TOOLS');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -60,8 +61,10 @@ if ($modsForHesk_settings['html_emails']) {
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row pad-20">
<section class="content">
<div class="box">
<div class="box-body">
<div class="nav-tabs-custom">
<ul class="nav nav-tabs" role="tablist">
<?php
// Show a link to banned_emails.php if user has permission
@ -98,6 +101,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<li role="presentation">
<a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
</li>
';
}
if (hesk_checkPermission('can_man_settings', 0)) {
echo '
<li role="presentation">
<a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' .
$hesklang['tab_4']
. '</a>
</li>
';
}
?>
@ -246,6 +259,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
</div>
</div>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');

622
admin/manage_knowledgebase.php
View File

File diff suppressed because it is too large Load Diff

70
admin/manage_permission_templates.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -37,6 +20,7 @@ define('PAGE_TITLE', 'ADMIN_USERS');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -96,23 +80,25 @@ while ($row = hesk_dbFetchAssoc($res)) {
array_push($categories, $row);
}
?>
<div class="row move-down-20">
<div class="col-md-12">
<?php
hesk_handle_messages();
?>
<div class="panel panel-default">
<div class="panel-heading">
<h4><?php echo $hesklang['manage_permission_templates']; ?>
<section class="content">
<?php hesk_handle_messages(); ?>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['manage_permission_templates']; ?>
<i class="fa fa-question-circle settingsquestionmark" data-toggle="tooltip" data-placement="right"
title="<?php echo $hesklang['manage_permission_templates_help']; ?>"></i>
<span class="nu-floatRight panel-button">
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<a href="#" data-toggle="modal" data-target="#modal-template-new" class="btn btn-success nu-floatRight">
<i class="fa fa-plus-circle"></i> <?php echo $hesklang['create_new_template']; ?>
</a>
</span>
</h4>
</div>
<table class="table table-striped">
<thead>
<th><?php echo $hesklang['name']; ?></th>
@ -159,7 +145,7 @@ while ($row = hesk_dbFetchAssoc($res)) {
</table>
</div>
</div>
</div>
</section>
<?php
foreach ($templates as $template) {
createEditModal($template, $featureArray, $categories);
@ -207,9 +193,11 @@ function createEditModal($template, $features, $categories)
<div class="modal-body">
<div class="row">
<?php if ($showNotice): ?>
<div class="col-sm-12">
<div class="alert alert-info">
<i class="fa fa-info-circle"></i> <?php echo $hesklang['template_is_admin_cannot_change']; ?>
</div>
</div>
<?php endif; ?>
<div class="form-group">
<div class="col-sm-2">

25
admin/manage_statuses.php
Unescape Escape View File

@ -9,6 +9,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/status_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -45,8 +46,10 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row pad-20">
<section class="content">
<div class="box">
<div class="box-body">
<div class="nav-tabs-custom">
<ul class="nav nav-tabs" role="tablist">
<?php
// Show a link to banned_emails.php if user has permission
@ -84,6 +87,17 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
title="<?php echo $hesklang['statuses']; ?>"
data-content="<?php echo $hesklang['statuses_intro']; ?>"></i></a>
</li>
<?php
if (hesk_checkPermission('can_man_settings', 0)) {
echo '
<li role="presentation">
<a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' .
$hesklang['tab_4']
. '</a>
</li>
';
}
?>
</ul>
<div class="tab-content summaryList tabPadding">
<div class="row">
@ -103,7 +117,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<div class="panel-heading">
<h4>
<?php echo $hesklang['statuses']; ?>
<span class="nu-floatRight panel-button">
<span style="float: right; margin-top: -7px">
<button type="button" class="btn btn-success" data-toggle="modal" data-target="#modal-status-new">
<i class="fa fa-plus-circle"></i>
<?php
@ -357,6 +371,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
</div>
</div>
</div>
</div>
</section>
<?php
foreach ($statuses as $status) {

95
admin/manage_ticket_templates.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -37,6 +20,7 @@ define('PAGE_TITLE', 'ADMIN_CANNED');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -78,10 +62,6 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row">
</div>
<script language="javascript" type="text/javascript"><!--
function confirm_delete() {
if (confirm('<?php echo hesk_makeJsString($hesklang['delete_tpl']); ?>')) {
@ -105,13 +85,19 @@ $i = 1;
$j = 0;
$num = hesk_dbNumRows($result);
?>
<div class="row move-down-20">
<div class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading">
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['saved_ticket_tpl']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="panel-body">
<div class="box-body">
<?php if ($num < 1) {
echo '<p>' . $hesklang['no_ticket_tpl'] . '</p>';
} else {
@ -184,8 +170,21 @@ $num = hesk_dbNumRows($result);
?>
</div>
</div>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['new_ticket_tpl']; ?>
<a href="javascript:void(0)"
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['ticket_tpl_intro']); ?>')"><i
class="fa fa-question-circle settingsquestionmark"></i></a>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="col-md-8">
<div class="box-body">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
@ -196,15 +195,12 @@ $num = hesk_dbNumRows($result);
}
?>
<form class="form-horizontal" action="manage_ticket_templates.php" method="post" name="form1" role="form" data-toggle="validator" <?php echo $onsubmit; ?>>
<h3><?php echo $hesklang['new_ticket_tpl']; ?> <a href="javascript:void(0)"
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['ticket_tpl_intro']); ?>')"><i
class="fa fa-question-circle settingsquestionmark"></i></a></h3>
<div class="footerWithBorder blankSpace"></div>
<?php
if ($num > 0) {
?>
<div class="form-group">
<div class="col-sm-12">
<div class="row">
<div class="col-sm-12">
<div class="radio">
<label>
@ -214,6 +210,7 @@ $num = hesk_dbNumRows($result);
</label>
</div>
</div>
</div>
<div class="row">
<div class="col-sm-6">
<div class="radio">
@ -231,6 +228,7 @@ $num = hesk_dbNumRows($result);
</div>
</div>
</div>
</div>
<?php
} else {
echo '<p><input type="hidden" name="a" value="new" /> ' . $hesklang['ticket_tpl_add'] . '</label></p>';
@ -280,7 +278,8 @@ $num = hesk_dbNumRows($result);
</div>
</form>
</div>
</div>
</div>
</section>
<?php if ($modsForHesk_settings['rich_text_for_tickets']): ?>
<script type="text/javascript">
/* <![CDATA[ */
@ -392,7 +391,7 @@ function edit_saved()
hesk_process_messages($hesk_error_buffer, 'manage_ticket_templates.php?saved_replies=' . $id);
}
$result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "' LIMIT 1");
$result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "'");
unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['id']);
@ -451,7 +450,7 @@ function remove()
$mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']);
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` WHERE `id`='" . intval($mysaved) . "' LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` WHERE `id`='" . intval($mysaved) . "'");
if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
}
@ -472,7 +471,7 @@ function order_saved()
$tpl_move = intval(hesk_GET('move'));
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=`tpl_order`+" . intval($tpl_move) . " WHERE `id`='" . intval($tplid) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=`tpl_order`+" . intval($tpl_move) . " WHERE `id`='" . intval($tplid) . "'");
if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
}
@ -482,7 +481,7 @@ function order_saved()
$i = 10;
while ($mytpl = hesk_dbFetchAssoc($result)) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=" . intval($i) . " WHERE `id`='" . intval($mytpl['id']) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=" . intval($i) . " WHERE `id`='" . intval($mytpl['id']) . "'");
$i += 10;
}

164
admin/manage_users.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -38,6 +21,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/profile_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -78,13 +62,13 @@ $default_userdata = array(
// Preferences
'afterreply' => 0,
'autorefresh' => 0,
// Defaults
'autostart' => 1,
'notify_customer_new' => 1,
'notify_customer_reply' => 1,
'show_suggested' => 1,
'autoreload' => 0,
'default_calendar_view' => $default_view,
// Notifications
@ -169,15 +153,13 @@ if ($action = hesk_REQUEST('a')) {
unset($_SESSION['edit_userdata']);
}
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row move-down-20">
<div class="col-md-10 col-md-offset-1">
<section class="content">
<?php hesk_handle_messages(); ?>
<script language="Javascript" type="text/javascript"><!--
function confirm_delete() {
if (confirm('<?php echo addslashes($hesklang['sure_remove_user']); ?>')) {
@ -189,18 +171,42 @@ if ($action = hesk_REQUEST('a')) {
}
//-->
</script>
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<h3 style="padding-bottom:5px"><?php echo $hesklang['manage_users']; ?> <a href="javascript:void(0)"
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['users_intro']); ?>')"><i
class="fa fa-question-circle settingsquestionmark"></i></a></h3>
<div class="footerWithBorder blankSpace"></div>
<div class="box collapsed-box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['add_user']; ?>
<a href="javascript:void(0)" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['users_intro']); ?>')">
<i class="fa fa-question-circle settingsquestionmark"></i>
</a>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-plus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php echo $hesklang['req_marked_with']; ?> <span class="red">*</span>
<form data-toggle="validator" name="form1" method="post" action="manage_users.php" class="form-horizontal" role="form">
<?php hesk_profile_tab('userdata', false, 'create_user'); ?>
</form>
</div>
</div>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['manage_users']; ?>
<a href="javascript:void(0)" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['users_intro']); ?>')">
<i class="fa fa-question-circle settingsquestionmark"></i>
</a>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<table class="table table-hover">
<tr>
<th><b><i><?php echo $hesklang['name']; ?></i></b></th>
@ -253,11 +259,11 @@ if ($action = hesk_REQUEST('a')) {
/* To edit yourself go to "Profile" page, not here. */
if ($myuser['id'] == $_SESSION['id']) {
$edit_code = '<a href="profile.php"><i class="fa fa-pencil icon-link" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
$edit_code = '<a href="profile.php"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
} elseif ($myuser['id'] == 1) {
$edit_code = ' <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
} else {
$edit_code = '<a href="manage_users.php?a=edit&amp;id=' . $myuser['id'] . '"><i class="fa fa-pencil icon-link" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
$edit_code = '<a href="manage_users.php?a=edit&amp;id=' . $myuser['id'] . '"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
}
if ($myuser['isadmin']) {
@ -329,29 +335,15 @@ EOC;
} ?>
</div>
</div>
<div class="row">
<div class="col-md-10 col-md-offset-1">
<h3><?php echo $hesklang['add_user']; ?></h3>
<h6><?php echo $hesklang['req_marked_with']; ?> <font class="important">*</font></h6>
<div class="footerWithBorder blankSpace"></div>
<form data-toggle="validator" name="form1" method="post" action="manage_users.php" class="form-horizontal" role="form">
<?php hesk_profile_tab('userdata', false, 'create_user'); ?>
</form>
</div>
</div>
<script language="Javascript" type="text/javascript"><!--
hesk_checkPassword(document.form1.newpass.value);
//-->
</script>
</section>
<p>&nbsp;</p>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
} // End else
@ -447,18 +439,19 @@ function edit_user()
<li class="active"><?php echo $hesklang['editing_user'] . ' ' . $_SESSION['original_user']; ?></li>
</ol>
<div class="row pad-down-20">
<div class="col-md-8 col-md-offset-2">
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['editing_user'] . ' <b>' . $_SESSION['original_user'] . '</b>'; ?>
</h1>
</div>
<div class="box-body">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<h3><?php echo $hesklang['editing_user'] . ' ' . $_SESSION['original_user']; ?></h3>
<h6><?php echo $hesklang['req_marked_with']; ?> <font class="important">*</font></h6>
<div class="footerWithBorder blankSpace"></div>
<h6><?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span></h6>
<form role="form" class="form-horizontal" name="form1" method="post" action="manage_users.php">
<?php hesk_profile_tab('userdata', false, 'edit_user'); ?>
</form>
@ -468,6 +461,7 @@ function edit_user()
</script>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
@ -512,6 +506,7 @@ function new_user()
`heskprivileges`,
`afterreply`,
`autostart`,
`autoreload`,
`notify_customer_new`,
`notify_customer_reply`,
`show_suggested`,
@ -524,7 +519,6 @@ function new_user()
`notify_note`,
`notify_note_unassigned`,
`notify_overdue_unassigned`,
`autorefresh`,
`permission_template`,
`default_calendar_view`) VALUES (
'" . hesk_dbEscape($myuser['user']) . "',
@ -538,6 +532,7 @@ function new_user()
'" . hesk_dbEscape($myuser['features']) . "',
'" . ($myuser['afterreply']) . "' ,
'" . ($myuser['autostart']) . "' ,
'" . ($myuser['autoreload']) . "' ,
'" . ($myuser['notify_customer_new']) . "' ,
'" . ($myuser['notify_customer_reply']) . "' ,
'" . ($myuser['show_suggested']) . "' ,
@ -550,7 +545,6 @@ function new_user()
'" . ($myuser['notify_note']) . "',
'" . ($myuser['notify_note_unassigned']) . "',
'" . ($myuser['notify_overdue_unassigned']) . "',
" . intval($myuser['autorefresh']) . ",
" . intval($myuser['template']) . ",
" . intval($myuser['default_calendar_view']) . ")");
@ -664,6 +658,7 @@ function update_user()
`heskprivileges`='" . hesk_dbEscape($myuser['features']) . "',
`afterreply`='" . ($myuser['afterreply']) . "' ,
`autostart`='" . ($myuser['autostart']) . "' ,
`autoreload`='" . ($myuser['autoreload']) . "' ,
`notify_customer_new`='" . ($myuser['notify_customer_new']) . "' ,
`notify_customer_reply`='" . ($myuser['notify_customer_reply']) . "' ,
`show_suggested`='" . ($myuser['show_suggested']) . "' ,
@ -676,10 +671,9 @@ function update_user()
`notify_note`='" . ($myuser['notify_note']) . "',
`notify_note_unassigned`='" . ($myuser['notify_note_unassigned']) . "',
`notify_overdue_unassigned`='" . ($myuser['notify_overdue_unassigned']) . "',
`autorefresh`=" . intval($myuser['autorefresh']) . ",
`permission_template`=" . intval($myuser['template']) . ",
`default_calendar_view`=" . intval($myuser['default_calendar_view']) . "
WHERE `id`='" . intval($myuser['id']) . "' LIMIT 1");
WHERE `id`='" . intval($myuser['id']) . "'");
// If they are now inactive, remove any manager rights
if (!$myuser['active']) {
@ -772,13 +766,25 @@ function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_user
if ($myuser['afterreply'] != 1 && $myuser['afterreply'] != 2) {
$myuser['afterreply'] = 0;
}
$myuser['autorefresh'] = intval(hesk_POST('autorefresh'));
// Defaults
$myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0;
$myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
$myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
$myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
$myuser['autoreload'] = isset($_POST['autoreload']) ? 1 : 0;
if ($myuser['autoreload']) {
$myuser['autoreload'] = intval(hesk_POST('reload_time'));
if (hesk_POST('secmin') == 'min') {
$myuser['autoreload'] *= 60;
}
if ($myuser['autoreload'] < 0 || $myuser['autoreload'] > 65535) {
$myuser['autoreload'] = 30;
}
}
$myuser['default_calendar_view'] = hesk_POST('default-calendar-view', 0);
/* Notifications */

11
admin/move_category.php
Unescape Escape View File

@ -44,7 +44,9 @@ hesk_isLoggedIn();
$modsForHesk_settings = mfh_getSettings();
/* Check permissions for this feature */
hesk_checkPermission('can_change_cat');
if (hesk_checkPermission('can_change_cat', 0)) {
hesk_checkPermission('can_change_own_cat');
}
/* A security check */
hesk_token_check('POST');
@ -73,6 +75,11 @@ if (!$row['autoassign']) {
/* Is user allowed to view tickets in new category? */
$category_ok = hesk_okCategory($category, 0);
// Is user allowed to move tickets to this category?
if (!$category_ok && !hesk_checkPermission('can_submit_any_cat', 0)) {
hesk_process_messages($hesklang['noauth_move'],'admin_main.php');
}
/* Get details about the original ticket */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
@ -113,7 +120,7 @@ if ($need_to_reassign || !$ticket['owner']) {
}
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `category`='" . intval($category) . "', `owner`='" . intval($ticket['owner']) . "' , `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `category`='" . intval($category) . "', `owner`='" . intval($ticket['owner']) . "' , `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
$ticket['category'] = $category;

971
admin/new_ticket.php
View File

File diff suppressed because it is too large Load Diff

393
admin/options.php
Unescape Escape View File

@ -1,393 +0,0 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
$id = hesk_input(hesk_GET('i'));
$query = hesk_input(hesk_utf8_urldecode(hesk_GET('q')));
$type = hesk_input(hesk_GET('t', 'text'));
$maxlen = intval(hesk_GET('m', 255));
$query = stripslashes($query);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML; 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title><?php echo $hesklang['opt']; ?></title>
<meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>"/>
<style type="text/css">
body {
margin: 5px 5px;
padding: 0;
background: #fff;
color: black;
font: 68.8%/1.5 Verdana, Geneva, Arial, Helvetica, sans-serif;
text-align: left;
}
p {
color: black;
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
font-size: 1.0em;
}
h3 {
color: #AF0000;
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
font-weight: bold;
font-size: 1.0em;
text-align: center;
}
.title {
color: black;
font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
font-weight: bold;
font-size: 1.0em;
}
.wrong {
color: red;
}
.correct {
color: green;
}
</style>
</head>
<body>
<h3><?php echo $hesklang['opt']; ?></h3>
<p><i><?php echo $hesklang['ns']; ?></i></p>
<?php
switch ($type) {
case 'text':
echo '
<script language="javascript">
function hesk_saveOptions()
{
window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o2\').value;
window.opener.document.getElementById(\'s_' . $id . '_maxlen\').value = document.getElementById(\'o1\').value;
window.close();
}
</script>
<table border="0">
<tr>
<td>' . $hesklang['custom_l'] . ':<td>
<td><input type="text" name="o1" id="o1" value="' . $maxlen . '" size="30" /></td>
</tr>
<tr>
<td>' . $hesklang['defw'] . ':<td>
<td><input type="text" name="o2" id="o2" value="' . $query . '" size="30" /></td>
</tr>
</table>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'hidden':
echo '
<script language="javascript">
function hesk_saveOptions()
{
window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o1\').value;
window.close();
}
</script>
<p>' . $hesklang['hidden_custom_field_help'] . '</p>
<table border="0">
<tr>
<td>' . $hesklang['value_colon'] . '<td>
<td><input type="text" name="o1" id="o1" value="' . $query . '" size="30" /></td>
</tr>
</table>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'readonly':
echo '
<script language="javascript">
function hesk_saveOptions()
{
window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o1\').value;
window.close();
}
</script>
<p>' . $hesklang['readonly_custom_field_help'] . '</p>
<table border="0">
<tr>
<td>' . $hesklang['value_colon'] . '<td>
<td><input type="text" name="o1" id="o1" value="' . $query . '" size="30" /></td>
</tr>
</table>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'textarea':
if (strpos($query, '#') !== false) {
list($rows, $cols) = explode('#', $query);
} else {
$rows = '';
$cols = '';
}
echo '
<script language="javascript">
function hesk_saveOptions()
{
window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o1\').value + "#" + document.getElementById(\'o2\').value;
window.close();
}
</script>
<table border="0">
<tr>
<td>' . $hesklang['rows'] . ':<td>
<td><input type="text" name="o1" id="o1" value="' . $rows . '" size="5" /></td>
</tr>
<tr>
<td>' . $hesklang['cols'] . ':<td>
<td><input type="text" name="o2" id="o2" value="' . $cols . '" size="5" /></td>
</tr>
</table>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'radio':
$options = str_replace('#HESK#', "\n", $query);
echo '
<script language="javascript">
function hesk_saveOptions()
{
text = document.getElementById(\'o1\').value;
text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
text = escape(text);
if(text.indexOf(\'%0D%0A\') > -1)
{
re_nlchar = /%0D%0A/g ;
}
else if(text.indexOf(\'%0A\') > -1)
{
re_nlchar = /%0A/g ;
}
else if(text.indexOf(\'%0D\') > -1)
{
re_nlchar = /%0D/g ;
}
else
{
alert(\'' . addslashes($hesklang['atl2']) . '\');
return false;
}
text = unescape(text.replace(re_nlchar,\'#HESK#\'));
window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
window.close();
}
</script>
<p>' . $hesklang['opt2'] . '</p>
<textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'select':
$query = str_replace('{HESK_SELECT}', '', $query, $show_select);
$options = str_replace('#HESK#', "\n", $query);
echo '
<script language="javascript">
function hesk_saveOptions()
{
text = document.getElementById(\'o1\').value;
text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
text = escape(text);
if(text.indexOf(\'%0D%0A\') > -1)
{
re_nlchar = /%0D%0A/g ;
}
else if(text.indexOf(\'%0A\') > -1)
{
re_nlchar = /%0A/g ;
}
else if(text.indexOf(\'%0D\') > -1)
{
re_nlchar = /%0D/g ;
}
else
{
alert(\'' . addslashes($hesklang['atl2']) . '\');
return false;
}
text = unescape(text.replace(re_nlchar,\'#HESK#\'));
if (document.getElementById(\'show_select\').checked)
{
text = "{HESK_SELECT}" + text;
}
window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
window.close();
}
</script>
<p>' . $hesklang['opt3'] . '</p>
<p><label><input type="checkbox" name="show_select" id="show_select" value="1" ' . ($show_select ? 'checked="checked"' : '') . ' /> ' . $hesklang['show_select'] . '</label></p>
<textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'checkbox':
$options = str_replace('#HESK#', "\n", $query);
echo '
<script language="javascript">
function hesk_saveOptions()
{
text = document.getElementById(\'o1\').value;
text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
text = escape(text);
if(text.indexOf(\'%0D%0A\') > -1)
{
re_nlchar = /%0D%0A/g ;
}
else if(text.indexOf(\'%0A\') > -1)
{
re_nlchar = /%0A/g ;
}
else if(text.indexOf(\'%0D\') > -1)
{
re_nlchar = /%0D/g ;
}
else
{
alert(\'' . addslashes($hesklang['atl2']) . '\');
return false;
}
text = unescape(text.replace(re_nlchar,\'#HESK#\'));
window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
window.close();
}
</script>
<p>' . $hesklang['opt4'] . '</p>
<textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'date':
echo '<p>' . $hesklang['date_custom_field_text'] . '</p>';
break;
case 'multiselect':
$options = str_replace('#HESK#', "\n", $query);
echo '
<script language="javascript">
function hesk_saveOptions()
{
text = document.getElementById(\'o1\').value;
text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
text = escape(text);
if(text.indexOf(\'%0D%0A\') > -1)
{
re_nlchar = /%0D%0A/g ;
}
else if(text.indexOf(\'%0A\') > -1)
{
re_nlchar = /%0A/g ;
}
else if(text.indexOf(\'%0D\') > -1)
{
re_nlchar = /%0D/g ;
}
else
{
alert(\'' . addslashes($hesklang['atl2']) . '\');
return false;
}
text = unescape(text.replace(re_nlchar,\'#HESK#\'));
window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
window.close();
}
</script>
<p>' . $hesklang['multiple_select_custom_field_text'] . '</p>
<textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
case 'email':
$ccSelected = $query == 'cc' ? 'selected="selected"' : '';
$bccSelected = $query == 'bcc' ? 'selected="selected"' : '';
echo '
<script language="javascript">
function hesk_saveOptions()
{
var dropdown = document.getElementById(\'o1\');
window.opener.document.getElementById(\'s_' . $id . '_val\').value = dropdown.options[dropdown.selectedIndex].value;
window.close();
}
</script>
<p>' . $hesklang['email_custom_field_help'] . '</p>
<table border="0">
<tr>
<td>' . $hesklang['email_custom_field_label'] . ':</td>
<td>
<select name="o1" id="o1">
<option value="cc" ' . $ccSelected . '>' . $hesklang['cc'] . '</option>
<option value="bcc" ' . $bccSelected . '>' . $hesklang['bcc'] . '</option>
</select>
</td>
</tr>
</table>
<p><input type="button" value=" ' . $hesklang['ok'] . ' " onclick="Javascript:hesk_saveOptions()" /></p>
';
break;
default:
die('Invalid type');
}
?>
<p align="center"><a href="#" onclick="Javascript:window.close()"><?php echo $hesklang['cwin']; ?></a></p>
<p>&nbsp;</p>
</body>
</html>
<?php
exit();
?>

96
admin/password.php
Unescape Escape View File

@ -1,35 +1,19 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
define('PAGE_TITLE', 'LOGIN');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
@ -38,7 +22,6 @@ require(HESK_PATH . 'inc/common.inc.php');
// Connect to database and check for brute force attempts
hesk_load_database_functions();
hesk_dbConnect();
hesk_limitBfAttempts();
$modsForHesk_settings = mfh_getSettings();
@ -112,6 +95,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
}
}
}
hesk_limitBfAttempts();
// Get email
$email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email'];
@ -236,32 +220,38 @@ if ($hesk_settings['recaptcha_use'] == 2) {
}
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['passr'];
require_once(HESK_PATH . 'inc/header.inc.php');
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
?>
<ol class="breadcrumb">
<li><a href="<?php echo $hesk_settings['site_url']; ?>"><?php echo $hesk_settings['site_title']; ?></a></li>
<li><a href="index.php"><?php echo $hesklang['admin_login']; ?></a></li>
<li class="active"><?php echo $hesklang['passr']; ?></li>
</ol>
<div class="row">
<div class="col-md-10 col-md-offset-1">
<form action="password.php" method="post" name="form1" class="form-signin form-horizontal" role="form">
<div class="login-box">
<div class="login-logo">
<?php echo $hesk_settings['hesk_title']; ?>
</div>
<div class="login-box-body">
<h4 class="login-box-msg">
<?php echo $hesklang['passr']; ?>
</h4>
<form action="password.php" method="post" name="form1" class="form-horizontal" role="form">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<h2><span <?php echo $iconDisplay; ?>><span
class="mega-octicon octicon-sign-in"></span>&nbsp;</span><?php echo $hesklang['passr']; ?></h2>
<div class="footerWithBorder blankSpace"></div>
<div class="form-group <?php echo in_array('email', $_SESSION['a_iserror']) ? 'has-error' : ''; ?>">
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?></label>
$has_error = '';
if (in_array('email', $_SESSION['a_iserror'])) {
$has_error = 'has-error';
}
$form_email = '';
if (isset($email)) {
$form_email = stripslashes(hesk_input($email));
}
?>
<div class="form-group <?php echo $has_error; ?>">
<label for="email" class="col-sm-3 control-label">
<?php echo $hesklang['email']; ?>
</label>
<div class="col-sm-9">
<input type="text" name="email" size="35" value="<?php if (isset($email)) {
echo stripslashes(hesk_input($email));
} ?>" class="form-control" placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>">
<input type="text" name="email" size="35" value="<?php echo $form_email; ?>"
class="form-control" placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>">
</div>
</div>
<?php
@ -287,8 +277,8 @@ require_once(HESK_PATH . 'inc/header.inc.php');
play_again: "<?php echo hesk_slashJS($hesklang['play_again']); ?>",
cant_hear_this: "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?>",
incorrect_try_again: "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?>",
image_alt_text: "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>",
},
image_alt_text: "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>"
}
};
</script>
<?php
@ -318,19 +308,15 @@ require_once(HESK_PATH . 'inc/header.inc.php');
}
?>
<div class="form-group">
<div class="col-sm-10 col-sm-offset-1">
<div class="col-sm-9 col-sm-offset-3">
<input type="submit" value="<?php echo $hesklang['passs']; ?>" class="btn btn-default">
</div>
</div>
</form>
</div>
</div>
<?php
// Clean session errors
hesk_cleanSessionVars('a_iserror');
hesk_cleanSessionVars('img_a_verified');
// Print footer
require_once(HESK_PATH . 'inc/footer.inc.php');
?>

91
admin/profile.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -37,6 +20,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/profile_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -84,9 +68,20 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row">
<div class="col-md-8 col-md-offset-2 pad-down-20">
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['profile_for']; ?> <b><?php echo $_SESSION['new']['user']; ?></b>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span>
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
@ -94,14 +89,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
if (defined('WARN_PASSWORD')) {
hesk_show_notice($hesklang['chdp2'], $hesklang['security']);
}
?>
<h3><?php echo $hesklang['profile_for'] . ' <b>' . $_SESSION['new']['user']; ?></b></h3>
<h6><?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span></h6>
<div class="footerWithBorder blankSpace"></div>
<?php
if ($hesk_settings['can_sel_lang']) {
/* Update preferred language in the database? */
if (isset($_GET['save_language'])) {
@ -110,7 +98,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
/* Only update if it's a valid language */
if (isset($hesk_settings['languages'][$newlang])) {
$newlang = ($newlang == HESK_DEFAULT_LANGUAGE) ? "NULL" : "'" . hesk_dbEscape($newlang) . "'";
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `language`=$newlang WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `language`=$newlang WHERE `id`='" . intval($_SESSION['id']) . "'");
}
}
@ -152,7 +140,8 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<?php hesk_profile_tab('new'); ?>
</form>
</div>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
@ -226,6 +215,21 @@ function update_profile()
$_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
$_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
$_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
$_SESSION['new']['autoreload'] = isset($_POST['autoreload']) ? 1 : 0;
if ($_SESSION['new']['autoreload']) {
$_SESSION['new']['autoreload'] = intval(hesk_POST('reload_time'));
if (hesk_POST('secmin') == 'min') {
$_SESSION['new']['autoreload'] *= 60;
}
if ($_SESSION['new']['autoreload'] < 0 || $_SESSION['new']['autoreload'] > 65535) {
$_SESSION['new']['autoreload'] = 30;
}
} else {
hesk_setcookie('autorefresh', '');
}
/* Auto-start ticket timer */
$_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
@ -233,9 +237,6 @@ function update_profile()
/* Default calendar view */
$_SESSION['new']['default_calendar_view'] = hesk_POST('default-calendar-view', 0);
/* Update auto-refresh time */
$_SESSION['new']['autorefresh'] = isset($_POST['autorefresh']) ? $_POST['autorefresh'] : 0;
/* Notifications */
if (!(!$_SESSION[$session_array]['isadmin'] && isset($_SESSION[$session_array]['heskprivileges'])
&& strpos($_SESSION[$session_array]['heskprivileges'], 'can_change_notification_settings') === false)) {
@ -268,7 +269,7 @@ function update_profile()
$sql_pass ,
`afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,
`autostart`='" . intval($_SESSION['new']['autostart']) . "' ,
`autorefresh`='" . intval($_SESSION['new']['autorefresh']) . "' ,
`autoreload`='".($_SESSION['new']['autoreload'])."' ,
`notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,
`notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,
`notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,
@ -282,7 +283,7 @@ function update_profile()
`notify_overdue_unassigned`='" . $_SESSION['new']['notify_overdue_unassigned'] . "',
`show_suggested`='" . $_SESSION['new']['show_suggested'] . "',
`default_calendar_view`=" . intval($_SESSION['new']['default_calendar_view']) . "
WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1"
WHERE `id`='" . intval($_SESSION['id']) . "'"
);
/* Process the session variables */

143
admin/reports.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -37,6 +20,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/reporting_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -64,23 +48,23 @@ $is_all_time = 0;
/* Default this month to date */
$date_from = date('Y-m-d', mktime(0, 0, 0, date("m"), 1, date("Y")));
$date_to = date('Y-m-d');
$input_datefrom = date('m/d/Y', strtotime('last month'));
$input_dateto = date('m/d/Y');
$input_datefrom = date('Y-m-d', strtotime('last month'));
$input_dateto = date('Y-m-d');
/* Date */
if (!empty($_GET['w'])) {
$df = preg_replace('/[^0-9]/', '', hesk_GET('datefrom'));
if (strlen($df) == 8) {
$date_from = substr($df, 4, 4) . '-' . substr($df, 0, 2) . '-' . substr($df, 2, 2);
$input_datefrom = substr($df, 0, 2) . '/' . substr($df, 2, 2) . '/' . substr($df, 4, 4);
$date_from = substr($df, 0, 4) . '-' . substr($df, 4, 2) . '-' . substr($df, 6, 2);
$input_datefrom = $date_from;
} else {
$date_from = date('Y-m-d', strtotime('last month'));
}
$dt = preg_replace('/[^0-9]/', '', hesk_GET('dateto'));
if (strlen($dt) == 8) {
$date_to = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2);
$input_dateto = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4);
$date_to = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
$input_dateto = $date_to;
} else {
$date_to = date('Y-m-d');
}
@ -214,15 +198,8 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row move-down-20">
<div align="left" class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading">
<?php echo $hesklang['reports_tab']; ?> <a href="#"
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['reports_intro']); ?>')"><i
class="fa fa-question-circle settingsquestionmark"></i></a>
</div>
<section class="content">
<div class="box">
<?php if (hesk_checkPermission('can_export', 0)) {
$canExport = true;
$panelMargin = '-15px';
@ -230,20 +207,33 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
$canExport = false;
}
?>
<div class="panel-body" <?php if ($canExport) echo 'style="margin-top: -15px";'; ?>>
<div class="box-header">
<h1 class="box-title">
<?php echo $hesklang['reports_tab']; ?> <a href="#"
onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['reports_intro']); ?>')"><i
class="fa fa-question-circle settingsquestionmark"></i></a>
</h1>
<?php
// Show a link to export.php if user has permission to do so
if ($canExport) {
echo '<small><a title="' . $hesklang['export'] . '" href="export.php">' . $hesklang['export'] . '</a></small><div class="blankSpace"></div>';
echo '<br><small><a title="' . $hesklang['export'] . '" href="export.php">' . $hesklang['export'] . '</a></small><div class="blankSpace"></div>';
}
?>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<form action="reports.php" method="get" name="form1" role="form">
<div class="form-group">
<label for="dtrg" class="control-label"><?php echo $hesklang['dtrg']; ?></b>:</label>
<label for="dtrg" class="control-label"><?php echo $hesklang['dtrg']; ?>:</label>
<div class="radio move-right-20">
<input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> />
<div class="radio form-inline move-right-20">
<input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> style="position: relative">
<select name="time" onclick="document.getElementById('w0').checked = true"
class="form-control"
onfocus="document.getElementById('w0').checked = true"
style="margin-top:5px;margin-bottom:5px;">
<option value="1" <?php echo $selected['time'][1]; ?>><?php echo $hesklang['r1']; ?>
@ -282,16 +272,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
value="12" <?php echo $selected['time'][12]; ?>><?php echo $hesklang['r12']; ?></option>
</select>
</div>
<div class="radio move-right-20">
<input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> />
<div class="radio form-inline move-right-20">
<input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> style="position: relative">
<?php echo $hesklang['from']; ?> <input type="text" name="datefrom"
value="<?php echo $input_datefrom; ?>"
id="datefrom" class="tcal" size="10"
id="datefrom" class="datepicker form-control" size="10"
onclick="document.getElementById('w1').checked = true"
onfocus="document.getElementById('w1').checked = true;this.focus;"/>
<?php echo $hesklang['to']; ?> <input type="text" name="dateto"
value="<?php echo $input_dateto; ?>" id="dateto"
class="tcal" size="10"
class="datepicker form-control" size="10"
onclick="document.getElementById('w1').checked = true"
onfocus="document.getElementById('w1').checked = true; this.focus;"/>
</div>
@ -309,32 +299,37 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
value="4" <?php echo $selected['type'][4]; ?>><?php echo $hesklang['t4']; ?></option>
</select>
</div>
<div class="form-group text-center">
<div class="form-group">
<input type="submit" value="<?php echo $hesklang['dire']; ?>" class="btn btn-default"/>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
</div>
</form>
</div>
</div>
<div class="box">
<div class="box-header">
<h1 class="box-title">
<?php
if ($date_from == $date_to) {
echo hesk_dateToString($date_from, 0);
} else {
echo hesk_dateToString($date_from, 0) . ' - ' . hesk_dateToString($date_to, 0);
}
?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="col-sm-8">
<div class="box-body">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<?php
if ($date_from == $date_to) {
?>
<h3><?php echo hesk_dateToString($date_from, 0); ?></h3>
<div class="footerWithBorder blankSpace"></div>
<?php
} else {
?>
<h3><?php echo hesk_dateToString($date_from, 0); ?> - <?php echo hesk_dateToString($date_to, 0); ?></h3>
<div class="footerWithBorder blankSpace"></div>
<?php
}
// Show a note if reports are limited
if (!$can_run_reports_full) {
@ -519,7 +514,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
// Some variables we will need
$tickets = array();
$totals = array('asstickets' => 0, 'resolved' => 0, 'tickets' => 0, 'replies' => 0, 'worked' => 0);
$totals = array('asstickets' => 0, 'resolved' => 0, 'tickets' => 0, 'replies' => 0, 'worked' => 0, 'openedby' => 0);
// Get list of users
$admins = array();
@ -539,6 +534,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
'tickets' => 0,
'replies' => 0,
'worked' => '',
'openedby' => 0,
);
}
@ -614,10 +610,21 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
// Convert total seconds worked to HH:MM:SS
$totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;
// Get total opened by tickets
$res = hesk_dbQuery("SELECT `openedby`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `openedby` IN ('" . implode("','", array_keys($admins) ) . "') AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `openedby`");
// -> update ticket list values
while ($row = hesk_dbFetchAssoc($res))
{
$tickets[$row['openedby']]['openedby'] += $row['cnt'];
$totals['openedby'] += $row['cnt'];
}
?>
<table class="table table-striped table-condensed">
<tr>
<th><?php echo $hesklang['user']; ?></th>
<th><?php echo $hesklang['numsub']; ?></th>
<th><?php echo $hesklang['ticass']; ?></th>
<th><?php echo $hesklang['topen']; ?></th>
<th><?php echo $hesklang['closed_title']; ?></th>
@ -636,6 +643,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<tr>
<td><b><?php echo $hesklang['totals']; ?></b></td>
<td><b><?php echo $totals['openedby']; ?></b></td>
<td><b><?php echo $totals['asstickets']; ?></b></td>
<td><b><?php echo $totals['asstickets'] - $totals['resolved']; ?></b></td>
<td><b><?php echo $totals['resolved']; ?></b></td>
@ -655,6 +663,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<tr>
<td><?php echo $admins[$k]; ?></td>
<td><?php echo $d['openedby']; ?></td>
<td><?php echo $d['asstickets']; ?></td>
<td><?php echo $d['asstickets'] - $d['resolved']; ?></td>
<td><?php echo $d['resolved']; ?></td>
@ -671,6 +680,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<tr>
<td><b><?php echo $hesklang['totals']; ?></b></td>
<td><b><?php echo $totals['openedby']; ?></b></td>
<td><b><?php echo $totals['asstickets']; ?></b></td>
<td><b><?php echo $totals['asstickets'] - $totals['resolved']; ?></b></td>
<td><b><?php echo $totals['resolved']; ?></b></td>
@ -909,6 +919,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');

92
admin/service_messages.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -36,6 +19,7 @@ define('PAGE_TITLE', 'ADMIN_TOOLS');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -72,8 +56,10 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row pad-20">
<section class="content">
<div class="box">
<div class="box-body">
<div class="nav-tabs-custom">
<ul class="nav nav-tabs" role="tablist">
<?php
// Show a link to banned_emails.php if user has permission to do so
@ -108,23 +94,21 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<li role="presentation">
<a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
</li>
';
}
// Show a link to custom_fields.php if user has permission to do so
if ( hesk_checkPermission('can_man_settings',0) ) {
echo '
<li role="presentation">
<a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a>
</li>
';
}
?>
</ul>
<div class="tab-content summaryList tabPadding">
<script language="javascript" type="text/javascript"><!--
function confirm_delete() {
if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {
return true;
}
else {
return false;
}
}
//-->
</script>
<div class="row">
<div class="col-sm-12">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
@ -449,7 +433,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
<?php
@ -486,9 +474,9 @@ function save_sm()
$message = hesk_getHTML(hesk_POST('message'));
// Clean the HTML code
require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
$purifier = new HTMLPurifier();
$message = $purifier->purify($message);
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$message = $purifier->heskPurify($message);
// Any errors?
if (count($hesk_error_buffer)) {
@ -539,7 +527,7 @@ function save_sm()
`style` = '{$style}',
`type` = '{$type}',
`icon` = '{$icon}'
WHERE `id`={$id} LIMIT 1");
WHERE `id`={$id}");
$_SESSION['smord'] = $id;
hesk_process_messages($hesklang['sm_mdf'], 'service_messages.php', 'SUCCESS');
@ -580,7 +568,7 @@ function order_sm()
$_SESSION['smord'] = $id;
// Update article details
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=`order`+" . intval($move) . " WHERE `id`={$id} LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=`order`+" . intval($move) . " WHERE `id`={$id}");
// Update order of all service messages
update_sm_order();
@ -602,7 +590,7 @@ function update_sm_order()
// Update database
$i = 10;
while ($sm = hesk_dbFetchAssoc($res)) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=" . intval($i) . " WHERE `id`='" . intval($sm['id']) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=" . intval($i) . " WHERE `id`='" . intval($sm['id']) . "'");
$i += 10;
}
@ -622,7 +610,7 @@ function remove_sm()
$id = intval(hesk_GET('id')) or hesk_error($hesklang['sm_e_id']);
// Delete the service message
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `id`={$id} LIMIT 1");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `id`={$id}");
// Were we successful?
if (hesk_dbAffectedRows() == 1) {
@ -655,9 +643,9 @@ function new_sm()
$message = hesk_getHTML(hesk_POST('message'));
// Clean the HTML code
require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
$purifier = new HTMLPurifier();
$message = $purifier->purify($message);
require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
$message = $purifier->heskPurify($message);
// Any errors?
if (count($hesk_error_buffer)) {

109
admin/show_tickets.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
@ -37,6 +20,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/status_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -44,34 +28,44 @@ hesk_dbConnect();
hesk_isLoggedIn();
define('CALENDAR', 1);
define('AUTO_RELOAD',1);
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row">
<div class="col-md-12 move-down-20">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<div class="panel panel-default">
<div class="panel-heading">
<h4><?php echo $hesklang['tickets']; ?> <span class="nu-floatRight panel-button"><a
href="new_ticket.php" class="btn btn-success"><span
class="glyphicon glyphicon-plus-sign"></span> <?php echo $hesklang['nti']; ?></a></span></h4>
<section class="content">
<?php hesk_handle_messages(); ?>
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['tickets']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="box-body">
<div class="checkbox">
<label>
<input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
<?php echo $hesklang['arp']; ?>
<span id="timer"></span>
</label>
</div>
<script type="text/javascript">heskCheckReloading();</script>
<?php
/* Print the list of tickets */
$is_search = 1;
require_once(HESK_PATH . 'inc/print_tickets.inc.php');
echo '<br>';
/* Update staff default settings? */
if (!empty($_GET['def'])) {
hesk_updateStaffDefaults();
@ -83,11 +77,34 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
</div>
<?php
$hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
SBzdHJfcmVwbGFjZSgnd3d3LicsJycsc3RydG9sb3dlcigkaCkpOw0KaW5jbHVkZShIRVNLX1BBVEggL
iAnaGVza19saWNlbnNlLnBocCcpOw0KaWYgKGlzc2V0KCRoZXNrX3NldHRpbmdzWydsaWNlbnNlJ10pI
CYmIHN0cnBvcygkaGVza19zZXR0aW5nc1snbGljZW5zZSddLHNoYTEoJGguJ2gzJkZwMiNMYUEmNTkhd
yg4LlpjXSordVI1MTInKSkgIT09IGZhbHNlKQ0Kew0KJHMgPSAwOw0KfQ0KZWxzZQ0Kew0KZWNobyAnP
HAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyO2NvbG9yOnJlZDsiPklOVkFMSUQgTElDRU5TRSAoTk9UI
FJFR0lTVEVSRUQgRk9SICcuJGguJykhPC9wPic7DQp9DQp9DQppZiAoJHMpDQp7DQplY2hvICc8aHIgL
z48dGFibGUgYm9yZGVyPSIwIiB3aWR0aD0iMTAwJSI+PHRyPjx0ZD48Yj4nLiRoZXNrbGFuZ1sncmVtb
3ZlX3N0YXRlbWVudCddLic8L2I+PC90ZD48dGQgc3R5bGU9InRleHQtYWxpZ246cmlnaHQiPjxhIGhyZ
WY9IkphdmFzY3JpcHQ6dm9pZCgwKSIgb25jbGljaz0iYWxlcnQoXCcnLiRoZXNrbGFuZ1snc3VwcG9yd
F9ub3RpY2UnXS4nXCcpIj4nLiRoZXNrbGFuZ1snc2gnXS4nPC9hPjwvdGQ+PC90cj48L3RhYmxlPjxwP
icuJGhlc2tsYW5nWydzdXBwb3J0X3JlbW92ZSddLicuIDxhIGhyZWY9Imh0dHBzOi8vd3d3Lmhlc2suY
29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
C9wPic7DQp9DQo=', "\112");
/* Print footer */
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
/* Clean unneeded session variables */
hesk_cleanSessionVars('hide');
?>
</section>
<?php
/* Print footer */
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
?>

37
admin/view_message_log.php
Unescape Escape View File

@ -8,6 +8,7 @@ define('PAGE_TITLE', 'ADMIN_TOOLS');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/mail_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -24,14 +25,19 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row pad-20">
<div class="col-sm-4">
<div class="panel panel-default">
<div class="panel-heading">
<section class="content">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['search_logs']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
</div>
<div class="panel-body">
<div class="box-body">
<div class="form-horizontal">
<div class="form-group">
<label for="location" class="control-label col-sm-4">
@ -70,13 +76,18 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
</div>
</div>
</div>
<div class="col-sm-8">
<div class="panel panel-default">
<div class="panel-heading">
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['logs']; ?>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
<i class="fa fa-minus"></i>
</button>
</div>
<div class="panel-body">
</div>
<div class="box-body">
<table class="table table-striped" id="results-table">
<thead>
<tr>
@ -90,9 +101,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</table>
</div>
</div>
</div>
</div>
</section>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();

2
build.php
Unescape Escape View File

@ -1,4 +1,4 @@
<?php
// Define the current build
define('MODS_FOR_HESK_BUILD', 31);
define('MODS_FOR_HESK_BUILD', 32);

59
change_status.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', './');
@ -107,11 +90,21 @@ hesk_dbConnect();
// Verify email address match if needed
hesk_verifyEmailMatch($trackingID);
// Setup required session vars
$_SESSION['t_track'] = $trackingID;
$_SESSION['t_email'] = $hesk_settings['e_email'];
// Load statuses
require_once(HESK_PATH . 'inc/statuses.inc.php');
// Is current ticket status even changeable by customers?
$ticket = hesk_dbFetchAssoc( hesk_dbQuery( "SELECT `status`, `staffreplies`, `lastreplier` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1") );
if (!hesk_can_customer_change_status($ticket['status'])) {
hesk_process_messages($hesklang['scno'],'ticket.php');
}
// Lets make status assignment a bit smarter when reopening tickets
if ($oldStatus == 2) {
// Get number of replies and last replier (customer or staff)
$ticket = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `staffreplies`, `lastreplier` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"));
// If ticket has no staff replies set the status to "New"
if ($ticket['staffreplies'] < 1) {
$statusRes = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1');
@ -128,11 +121,11 @@ if ($oldStatus == 2) {
// Modify values in the database
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND `locked` != '1' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND `locked` != '1'");
// Did we modify anything*
if (hesk_dbAffectedRows() != 1) {
hesk_error($hesklang['elocked']);
hesk_process_messages($hesklang['elocked'],'ticket.php');
}
// Show success message

7
css/AdminLTE.min.css vendored
View File

File diff suppressed because one or more lines are too long

51
css/colors.css
Unescape Escape View File

@ -0,0 +1,51 @@
.white {
color: #fff;
}
.red,
.important,
.critical-priority {
color: red;
}
.green {
color: green;
}
.orange,
.rating {
color: orange;
}
.medium {
color: #FF9900;
}
.gray {
color: grey;
}
.critical {
color: #9400d3;
}
.blue {
color: blue;
}
.med-low-priority {
background-color: #8BB467;
}
.high-priority {
background-color: #ff6a00;
}
/* Hover colors */
.red-on-hover:hover {
color: red;
}
.gray-on-hover:hover {
color: grey;
}

13
css/displays.css
Unescape Escape View File

@ -0,0 +1,13 @@
.hide-on-overflow {
overflow: hidden;
text-overflow: ellipsis;
}
.no-wrap {
white-space: nowrap;
}
.event-category {
border-radius: 4px;
padding: 5px;
}

179
css/mods-for-hesk-new.css
Unescape Escape View File

@ -0,0 +1,179 @@
.navbar-nav > .messages-menu > .dropdown-menu >li .menu > li > a,
.sidebar-menu, .main-sidebar .user-panel, .sidebar-menu > li.header{
white-space: normal;
}
.icon-link {
font-size: 16px; !important;
}
#due-date:hover,
.click-to-edit:hover {
font-weight: bolder;
cursor: pointer;
}
.linkless-dropdown {
display: block;
padding: 3px 20px;
clear: both;
font-weight: normal;
line-height: 1.42857143;
white-space: nowrap;
}
.dropdown-menu>li>span>.fa {
margin-right: 10px;
}
.no-margins {
margin: 0;
}
@media (max-width: 991px) {
.ticket-cell-admin {
border-bottom: solid 1px #ddd;
border-right: 0;
padding-top: 5px;
height: 100px;
}
}
@media (min-width: 992px) {
.ticket-cell-admin {
border-bottom: 0;
border-right: solid 1px #ddd;
margin-top: 1px;
height: 100px;
padding-top: 10px;
}
}
.ticket-property-title {
color: rgba(255, 255, 255, .75);
font-size: 11px;
text-transform: uppercase;
}
@media (min-width: 992px) {
.ticketPropertyText {
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
.ticketPropertyText:hover {
white-space: normal;
overflow: visible;
}
}
.ticketPropertyText {
font-size: 16px;
line-height: 1em;
color: #fff;
padding-bottom: 2px;
}
.status-row {
margin-bottom: 20px;
}
.push-down-10 {
margin-top: 10px;
}
.attachment-table > tbody > tr > td > i {
color: #ddd;
text-shadow: 2px 2px #ccc;
}
.attachment-table > tbody > tr > td {
vertical-align: middle;
}
.attachment-table > tbody > tr > td > span > img {
max-height: 80px;
max-width: 80px;
cursor: pointer;
}
.note {
border-bottom: solid 1px #000;
}
.fileinput-button {
width: 100%;
border-top-left-radius: 0;
border-top-right-radius: 0;
margin-top: -2px;
}
.file-row p.name {
overflow: hidden;
text-overflow: ellipsis;
}
.timeline-footer {
border-top: 1px solid #f4f4f4;
}
.timeline > .today-top {
margin-bottom: 60px;
}
.white-readonly {
cursor: text !important;
background-color: #fff !important;
}
button.dropdown-submit {
background: none !important;
border: none;
}
.form-signin {
max-width: 800px;
margin: 0 auto;
}
.loginError {
padding-top: 20px;
margin-left: auto;
margin-right: auto;
}
.login-box {
width: 500px;
}
.login-box-body {
border-radius: 5px;
}
.button-link {
color: #4a5571;
}
.button-link:hover {
text-decoration: none;
color: #000;
}
.button-link .col-xs-1 {
margin: 0 auto;
padding: 0;
}
.button-link .panel-body:hover {
background-color: #EEE;
}
.timeline-header.header-info {
font-size: 14px !important;
}
.full-width {
width: 100%;
}

7
css/positions.css
Unescape Escape View File

@ -0,0 +1,7 @@
.move-down-20 {
margin-top: 20px;
}
.move-right-20 {
margin-left: 20px;
}

1
css/skins/_all-skins.min.css vendored
View File

File diff suppressed because one or more lines are too long

39
download_attachment.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', './');

15
hesk_javascript.js
Unescape Escape View File

@ -241,9 +241,10 @@ function hesk_suggestKBsearch(isAdmin) {
setTimeout('hesk_suggestKBsearch(' + isAdmin + ');', 2000);
}
function hesk_suggestEmail(isAdmin) {
var email = document.form1.email.value;
var element = document.getElementById('email_suggestions');
function hesk_suggestEmail(emailField, displayDiv, padDiv, isAdmin, allowMultiple) {
allowMultiple = allowMultiple || 0;
var email = document.getElementById(emailField).value;
var element = document.getElementById(displayDiv);
if (isAdmin) {
var path = '../suggest_email.php';
@ -253,7 +254,11 @@ function hesk_suggestEmail(isAdmin) {
}
if (email != '') {
var params = "e=" + encodeURIComponent(email);
var params = "e=" + encodeURIComponent(email) + "&ef=" + encodeURIComponent(emailField) + "&dd=" + encodeURIComponent(displayDiv) + "&pd=" + encodeURIComponent(padDiv);
if (allowMultiple) {
params += "&am=1";
}
xmlHttp = GetXmlHttpObject();
if (xmlHttp == null) {
@ -369,7 +374,7 @@ function hesk_contains(password, validChars) {
}
function setCookie(name, value, expires, path, domain, secure) {
document.cookie = name + "=" + escape(value) +
document.cookie= name + "=" + escape(value) +
((expires) ? "; expires=" + expires.toGMTString() : "") +
((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "") +

56
hesk_style.css
Unescape Escape View File

@ -756,3 +756,59 @@ td.admin_yellow {
font-size:12px;
margin-top:2px;
}
/* New styles in HESK version 2.7 */
div.select_category
{
min-width: 50%;
min-height: 300px;
display: inline-block;
text-align:left;
margin-top: 10px;
}
#select_category {
border: 1px solid #111;
background: transparent;
width: 100%;
padding: 5px 35px 5px 5px;
font-size: 14px;
border: 1px solid #ccc;
height: 34px;
}
#ul_category {
list-style-type: none;
margin: 0;
padding: 0;
}
#ul_category li {
border: 1px solid #d1d5d7;
border-top: none;
border-radius: 2px;
}
#ul_category li:first-child {
border-top: 1px solid #d1d5d7;
}
#ul_category li a {
display: block;
font-size: 14px;
padding: 0.75em 0.75em;
text-decoration: none;
transition: all 0.12s ease;
word-wrap: break-word;
}
#ul_category li a:hover {
color: black;
background-color: #e9ffdb;
}
select.multiple {
font-size: 12px;
height: auto;
}

113
inc/admin_functions.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {
@ -51,13 +34,6 @@ $hesk_settings['possible_ticket_list'] = array(
'time_worked' => $hesklang['ts'],
);
// Also possible to display all custom fields
for ($i = 1; $i <= 20; $i++) {
if ($hesk_settings['custom_fields']['custom' . $i]['use']) {
$hesk_settings['possible_ticket_list']['custom' . $i] = $hesk_settings['custom_fields']['custom' . $i]['name'];
}
}
/*** FUNCTIONS ***/
@ -256,7 +232,7 @@ function hesk_mergeTickets($merge_these, $merge_into)
}
/* Update history (log) and merged IDs of target ticket */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET $replies_sql `time_worked`=ADDTIME(`time_worked`, '" . hesk_dbEscape($sec_worked) . "'), `merged`=CONCAT(`merged`,'" . hesk_dbEscape($merged . '#') . "'), `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `id`='" . intval($merge_into) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET $replies_sql `time_worked`=ADDTIME(`time_worked`, '" . hesk_dbEscape($sec_worked) . "'), `merged`=CONCAT(`merged`,'" . hesk_dbEscape($merged . '#') . "'), `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `id`='" . intval($merge_into) . "'");
return true;
@ -393,8 +369,8 @@ function hesk_autoLogin($noredirect = 0)
/* Check username */
$result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
setcookie('hesk_username', '');
setcookie('hesk_p', '');
hesk_setcookie('hesk_username', '');
hesk_setcookie('hesk_p', '');
header('Location: '.$url);
exit();
}
@ -403,8 +379,8 @@ function hesk_autoLogin($noredirect = 0)
/* Check password */
if ($hash != hesk_Pass2Hash($res['pass'] . strtolower($user) . $res['pass'])) {
setcookie('hesk_username', '');
setcookie('hesk_p', '');
hesk_setcookie('hesk_username', '');
hesk_setcookie('hesk_p', '');
header('Location: '.$url);
exit();
}
@ -437,8 +413,8 @@ function hesk_autoLogin($noredirect = 0)
}
/* Renew cookies */
setcookie('hesk_username', "$user", strtotime('+1 year'));
setcookie('hesk_p', "$hash", strtotime('+1 year'));
hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
hesk_setcookie('hesk_p', "$hash", strtotime('+1 year'));
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
@ -646,7 +622,8 @@ function hesk_formatDate($dt, $from_database = true)
function hesk_jsString($str)
{
$str = str_replace(array('\'', '<br />'), array('\\\'', ''), $str);
$str = addslashes($str);
$str = str_replace('<br />' , '' , $str);
$from = array("/\r\n|\n|\r/", '/\<a href="mailto\:([^"]*)"\>([^\<]*)\<\/a\>/i', '/\<a href="([^"]*)" target="_blank"\>([^\<]*)\<\/a\>/i');
$to = array("\\r\\n' + \r\n'", "$1", "$1");
return preg_replace($from, $to, $str);
@ -715,3 +692,53 @@ function hesk_checkPermission($feature, $showerror = 1)
}
} // END hesk_checkPermission()
function hesk_purge_cache($type = '', $expire_after_seconds = 0)
{
global $hesk_settings;
$cache_dir = dirname(dirname(__FILE__)).'/'.$hesk_settings['cache_dir'].'/';
if ( ! is_dir($cache_dir))
{
return false;
}
switch ($type)
{
case 'export':
$files = glob($cache_dir.'hesk_export_*', GLOB_NOSORT);
break;
case 'status':
$files = glob($cache_dir.'status_*', GLOB_NOSORT);
break;
case 'cf':
$files = glob($cache_dir.'cf_*', GLOB_NOSORT);
break;
default:
hesk_rrmdir(trim($cache_dir, '/'), true);
return true;
}
if (is_array($files))
{
array_walk($files, 'hesk_unlink_callable', $expire_after_seconds);
}
return true;
} // END hesk_purge_cache()
function hesk_rrmdir($dir, $keep_top_level=false)
{
$files = $keep_top_level ? array_diff(scandir($dir), array('.','..','index.htm')) : array_diff(scandir($dir), array('.','..'));
foreach ($files as $file)
{
(is_dir("$dir/$file")) ? hesk_rrmdir("$dir/$file") : @unlink("$dir/$file");
}
return $keep_top_level ? true : @rmdir($dir);
} // END hesk_rrmdir()

39
inc/attachments.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {

232
inc/common.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {
@ -35,10 +18,20 @@ if (!defined('IN_SCRIPT')) {
#error_reporting(E_ALL);
// Set correct Content-Type header
if (!defined('NO_HTTP_HEADER')) {
/*
* If code is executed from CLI, don't force SSL
* else set correct Content-Type header
*/
if (defined('NO_HTTP_HEADER')) {
$hesk_settings['force_ssl'] = false;
} else {
header('Content-Type: text/html; charset=utf-8');
// Don't allow HESK to be loaded in a frame on third party domains
if ($hesk_settings['x_frame_opt'])
{
header('X-Frame-Options: SAMEORIGIN');
}
}
// Set backslash options
@ -56,12 +49,47 @@ if (!defined('ENT_XHTML')) {
define('ENT_XHTML', 0);
}
// Is this is a SSL connection?
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') {
define('HESK_SSL', true);
// Use https-only cookies
@ini_set('session.cookie_secure', 1);
} else {
// Force redirect?
if ($hesk_settings['force_ssl']) {
header('HTTP/1.1 301 Moved Permanently');
header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit();
}
define('HESK_SSL', false);
}
// Prevents javascript XSS attacks aimed to steal the session ID
@ini_set('session.cookie_httponly', 1);
// **PREVENTING SESSION FIXATION**
// Session ID cannot be passed through URLs
@ini_set('session.use_only_cookies', 1);
// Load language file
hesk_getLanguage();
/*** FUNCTIONS ***/
function hesk_setcookie($name, $value, $expire=0, $path=""){
if (HESK_SSL) {
setcookie($name, $value, $expire, $path, "", true, true);
} else {
setcookie($name, $value, $expire, $path, "", false, true);
}
return true;
} // END hesk_setcookie()
function hesk_service_message($sm)
{
$faIcon = $sm['icon'];
@ -145,6 +173,11 @@ function hesk_clean_utf8($in)
function hesk_load_database_functions()
{
// Already loaded?
if (function_exists('hesk_dbQuery')) {
return true;
}
// Preferrably use the MySQLi functions
if (function_exists('mysqli_connect')) {
require(HESK_PATH . 'inc/database_mysqli.inc.php');
@ -196,6 +229,12 @@ function hesk_unlink($file, $older_than = 0)
} // END hesk_unlink()
function hesk_unlink_callable($file, $key, $older_than=0)
{
return hesk_unlink($file, $older_than);
} // END hesk_unlink_callable()
function hesk_utf8_urldecode($in)
{
$in = preg_replace("/%u([0-9a-f]{3,4})/i", "&#x\\1;", urldecode($in));
@ -204,7 +243,11 @@ function hesk_utf8_urldecode($in)
function hesk_SESSION($in, $default = '')
{
if (is_array($in)) {
return isset($_SESSION[$in[0]][$in[1]]) && ! is_array(isset($_SESSION[$in[0]][$in[1]])) ? $_SESSION[$in[0]][$in[1]] : $default;
} else {
return isset($_SESSION[$in]) && ! is_array($_SESSION[$in]) ? $_SESSION[$in] : $default;
}
} // END hesk_SESSION();
@ -327,7 +370,7 @@ function hesk_verifyEmailMatch($trackingID, $my_email = 0, $ticket_email = 0, $e
/* Email doesn't match, clean cookies and error out */
if ($error) {
setcookie('hesk_myemail', '');
hesk_setcookie('hesk_myemail', '');
hesk_process_messages($hesklang['enmdb'], 'ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999));
} else {
return false;
@ -365,7 +408,7 @@ function hesk_getCustomerEmail($can_remember = 0, $field = '')
if (isset($_GET['e']) || isset($_POST['e'])) {
$my_email = hesk_validateEmail(hesk_REQUEST('e'), 'ERR', 0);
} /* Is email in cookie? */
elseif ( isset($_GET['e']) || isset($_POST['e']) ) {
elseif (isset($_COOKIE['hesk_myemail'])) {
$my_email = hesk_validateEmail(hesk_COOKIE('hesk_myemail'), 'ERR', 0);
if ($can_remember && $my_email) {
$do_remember = ' checked="checked" ';
@ -970,7 +1013,7 @@ function hesk_showTopBar($page_title)
echo $page_title;
} // END hesk_showTopBar()
function hesk_getLanguagesAsFormIfNecessary()
function hesk_getLanguagesAsFormIfNecessary($trackingID = false)
{
global $hesk_settings, $hesklang;
@ -979,6 +1022,14 @@ function hesk_getLanguagesAsFormIfNecessary()
$str = '<form method="get" action="" role="form" style="margin:0;padding:0;border:0;white-space:nowrap;">';
if ($trackingID !== false) {
$str .= '<input type="hidden" name="track" value="'.hesk_htmlentities($trackingID).'">';
if ($hesk_settings['email_view_ticket'] && isset($hesk_settings['e_email'])) {
$str .= '<input type="hidden" name="e" value="'.hesk_htmlentities($hesk_settings['e_email']).'">';
}
}
if (!isset($_GET)) {
$_GET = array();
}
@ -1105,7 +1156,7 @@ function hesk_getLanguage()
}
/* Remember and set the selected language */
setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/');
hesk_setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/');
return hesk_returnLanguage();
} // END hesk_getLanguage()
@ -1113,10 +1164,45 @@ function hesk_getLanguage()
function hesk_returnLanguage()
{
global $hesk_settings, $hesklang;
require(HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php');
$customLanguagePath = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php';
if (file_exists($customLanguagePath)) {
include($customLanguagePath);
// Variable that will be set to true if a language file was loaded
$language_loaded = false;
// Load requested language file
$language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php';
if (file_exists($language_file)) {
require($language_file);
$language_loaded = true;
}
// Requested language file not found, try to load default installed language
if (!$language_loaded && $hesk_settings['language'] != HESK_DEFAULT_LANGUAGE) {
$language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][HESK_DEFAULT_LANGUAGE]['folder'] . '/text.php';
if (file_exists($language_file)) {
require($language_file);
$language_loaded = true;
$hesk_settings['language'] = HESK_DEFAULT_LANGUAGE;
}
}
// Requested language file not found, can we at least load English?
if (!$language_loaded && $hesk_settings['language'] != 'English' && HESK_DEFAULT_LANGUAGE != 'English') {
$language_file = HESK_PATH . 'language/en/text.php';
if (file_exists($language_file)) {
require($language_file);
$language_loaded = true;
$hesk_settings['language'] = 'English';
}
}
// If a language is still not loaded, give up
if (!$language_loaded) {
die('Count not load a valid language file.');
}
// Load a custom text file if available
$language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php';
if (file_exists($language_file)) {
require($language_file);
}
return true;
} // END hesk_returnLanguage()
@ -1637,9 +1723,43 @@ function hesk_check_maintenance($dodie = true)
<div class="alert alert-warning" style="margin: 20px">
<i class="fa fa-exclamation-triangle"></i>
<b><?php echo $hesklang['mm1']; ?></b><br/><br/>
<?php echo $hesklang['mm2']; ?><br/><br/>
<?php echo $hesklang['mm3']; ?>
<?php
// Has the help desk been installed yet?
if (
$hesk_settings['maintenance_mode'] == 0 &&
$hesk_settings['question_ans'] == 'PB6YM' &&
$hesk_settings['site_title'] == 'My Web site' &&
$hesk_settings['site_url'] == 'http://www.example.com' &&
$hesk_settings['webmaster_mail'] == 'support@example.com' &&
$hesk_settings['noreply_mail'] == 'support@example.com' &&
$hesk_settings['noreply_name'] == 'Help Desk' &&
$hesk_settings['db_host'] == 'localhost' &&
$hesk_settings['db_name'] == 'hesk' &&
$hesk_settings['db_user'] == 'test' &&
$hesk_settings['db_pass'] == 'test' &&
$hesk_settings['db_pfix'] == 'hesk_' &&
$hesk_settings['db_vrsn'] == 0 &&
$hesk_settings['hesk_title'] == 'Help Desk' &&
$hesk_settings['hesk_url'] == 'http://www.example.com/helpdesk'
)
{
echo "
<b>{$hesklang['hni1']}</b><br /><br />
{$hesklang['hni2']}<br /><br />
{$hesklang['hni3']}";
}
// Hesk appears to be installed, show a "Maintenance in progress" message
else
{
echo "
<b>{$hesklang['mm1']}</b><br /><br />
{$hesklang['mm2']}<br /><br />
{$hesklang['mm3']}";
}
?>
</div>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
@ -1769,8 +1889,11 @@ function hesk_getFeatureArray()
'can_del_tickets', /* User can delete tickets */
'can_edit_tickets', /* User can edit tickets */
'can_merge_tickets', /* User can merge tickets */
'can_resolve', /* User can resolve tickets */
'can_submit_any_cat', /* User can submit a ticket to any category/department */
'can_del_notes', /* User can delete ticket notes posted by other staff members */
'can_change_cat', /* User can move ticke to a new category/department */
'can_change_cat', /* User can move ticket to any category/department */
'can_change_own_cat', /* User can move ticket to a category/department he/she has access to */
'can_man_kb', /* User can manage knowledgebase articles and categories */
'can_man_users', /* User can create and edit staff accounts */
'can_man_cat', /* User can manage categories/departments */
@ -1790,7 +1913,7 @@ function hesk_getFeatureArray()
'can_ban_ips', /* User can ban IP addresses */
'can_unban_ips', /* User can delete IP bans. Also enables "can_ban_ips" */
'can_service_msg', /* User can manage service messages shown in customer interface */
'can_man_email_tpl', /* User can manage email templates */
'can_email_tpl', /* User can manage email templates */
'can_man_ticket_statuses', /* User can manage ticket statuses */
'can_set_manager', /* User can set category managers */
'can_man_permission_tpl', /* User can manage permission templates */
@ -1886,3 +2009,26 @@ function mfh_bytesToUnits($size) {
return intval($quotient);
}
/**
* Returns the star markup based on the rating provided. Filled in stars are orange, empty stars are gray.
*/
function mfh_get_stars($rating) {
$int_value = intval($rating);
$has_half = $int_value === $rating;
$markup = '';
for ($i = 0; $i < $int_value; $i++) {
$markup .= '<i class="fa fa-star orange"></i>';
}
if ($has_half) {
$markup .= '<i class="fa fa-star-half-o orange"></i>';
}
for ($i = 0; $i < 5 - $int_value; $i++) {
$markup .= '<i class="fa fa-star-o gray"></i>';
}
return $markup;
}

249
inc/custom_fields.inc.php
Unescape Escape View File

@ -0,0 +1,249 @@
<?php
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
// Get and append custom fields setup to the settings
hesk_load_custom_fields();
// Save number of custom fields
$hesk_settings['num_custom_fields'] = count($hesk_settings['custom_fields']);
// Load custom fields for admin functions
if (function_exists('hesk_checkPermission'))
{
foreach ($hesk_settings['custom_fields'] as $k => $v)
{
$hesk_settings['possible_ticket_list'][$k] = $hesk_settings['custom_fields'][$k]['title'];
}
}
/*** FUNCTIONS ***/
function hesk_load_custom_fields($category=0, $use_cache=1)
{
global $hesk_settings, $hesklang;
// Do we have a cached version available
$cache_dir = dirname(dirname(__FILE__)).'/'.$hesk_settings['cache_dir'].'/';
$cache_file = $cache_dir . 'cf_' . sha1($hesk_settings['language']).'.cache.php';
if ($use_cache && file_exists($cache_file))
{
require($cache_file);
return true;
}
// Get custom fields from the database
$hesk_settings['custom_fields'] = array();
// Make sure we have database connection
hesk_load_database_functions();
hesk_dbConnect();
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` WHERE `use` IN ('1', '2') ORDER BY `place` ASC, `order` ASC");
while ($row = hesk_dbFetchAssoc($res))
{
$id = 'custom' . $row['id'];
unset($row['id']);
// Let's set field name for current language (or the first one we find)
$names = json_decode($row['name'], true);
$row['name'] = (isset($names[$hesk_settings['language']])) ? $names[$hesk_settings['language']] : reset($names);
// Name for display in ticket list; punctuation removed and shortened
$row['title'] = hesk_remove_punctuation($row['name']);
$row['title'] = strlen($row['title']) > 30 ? substr($row['title'], 0, 30) . '...' : $row['title'];
// A version with forced punctuation
$row['name:'] = in_array(substr($row['name'], -1), array(':', '?', '!', '.') ) ? $row['name'] : $row['name'] . ':';
// Decode categories
$row['category'] = strlen($row['category']) ? json_decode($row['category'], true) : array();
// Decode options
$row['value'] = json_decode($row['value'], true);
// Add to custom_fields array
$hesk_settings['custom_fields'][$id] = $row;
}
// Try to cache results
if ($use_cache && (is_dir($cache_dir) || ( @mkdir($cache_dir, 0777) && is_writable($cache_dir) ) ) )
{
// Is there an index.htm file?
if ( ! file_exists($cache_dir.'index.htm'))
{
@file_put_contents($cache_dir.'index.htm', '');
}
// Write data
@file_put_contents($cache_file, '<?php if (!defined(\'IN_SCRIPT\')) {die();} $hesk_settings[\'custom_fields\']=' . var_export($hesk_settings['custom_fields'], true) . ';' );
}
return true;
} // END hesk_load_custom_fields()
function hesk_is_custom_field_in_category($custom_id, $category_id)
{
global $hesk_settings;
return (
empty($hesk_settings['custom_fields'][$custom_id]['category']) ||
in_array($category_id, $hesk_settings['custom_fields'][$custom_id]['category'])
) ? true : false;
} // END hesk_is_custom_field_in_category()
function hesk_custom_field_type($type)
{
global $hesklang;
switch ($type)
{
case 'text':
return $hesklang['stf'];
case 'textarea':
return $hesklang['stb'];
case 'radio':
return $hesklang['srb'];
case 'select':
return $hesklang['ssb'];
case 'checkbox':
return $hesklang['scb'];
case 'email':
return $hesklang['email'];
case 'date':
return $hesklang['date'];
case 'hidden':
return $hesklang['sch'];
case 'readonly':
return $hesklang['readonly'];
default:
return false;
}
} // END hesk_custom_field_type()
function hesk_custom_date_display_format($timestamp, $format = 'F j, Y')
{
global $hesklang;
if ($timestamp == '')
{
return '';
}
if ( ! is_int($timestamp))
{
$timestamp = $timestamp * 1;
}
if ($hesklang['LANGUAGE']=='English')
{
return gmdate($format, $timestamp);
}
// Attempt to translate date for non-English users
$translate_months = array(
'January' => $hesklang['m1'],
'February' => $hesklang['m2'],
'March' => $hesklang['m3'],
'April' => $hesklang['m4'],
'May' => $hesklang['m5'],
'June' => $hesklang['m6'],
'July' => $hesklang['m7'],
'August' => $hesklang['m8'],
'September' => $hesklang['m9'],
'October' => $hesklang['m10'],
'November' => $hesklang['m11'],
'December' => $hesklang['m12']
);
$translate_months_short = array(
'Jan' => $hesklang['ms01'],
'Feb' => $hesklang['ms02'],
'Mar' => $hesklang['ms03'],
'Apr' => $hesklang['ms04'],
'May' => $hesklang['ms05'],
'Jun' => $hesklang['ms06'],
'Jul' => $hesklang['ms07'],
'Aug' => $hesklang['ms08'],
'Sep' => $hesklang['ms09'],
'Oct' => $hesklang['ms10'],
'Nov' => $hesklang['ms11'],
'Dec' => $hesklang['ms12']
);
$translate_days = array(
'Monday' => $hesklang['d1'],
'Tuesday' => $hesklang['d2'],
'Wednesday' => $hesklang['d3'],
'Thursday' => $hesklang['d4'],
'Friday' => $hesklang['d5'],
'Saturday' => $hesklang['d6'],
'Sunday' => $hesklang['d0']
);
$translate_days_short = array(
'Mon' => $hesklang['mo'],
'Tuw' => $hesklang['tu'],
'Wes' => $hesklang['we'],
'Thu' => $hesklang['th'],
'Fri' => $hesklang['fr'],
'Sat' => $hesklang['sa'],
'Sun' => $hesklang['su']
);
$date_translate = array();
if (strpos($format, 'F') !== false)
{
$date_translate = array_merge($date_translate, $translate_months);
}
if (strpos($format, 'M') !== false)
{
$date_translate = array_merge($date_translate, $translate_months_short);
}
if (strpos($format, 'l') !== false)
{
$date_translate = array_merge($date_translate, $translate_days);
}
if (strpos($format, 'D') !== false)
{
$date_translate = array_merge($date_translate, $translate_days_short);
}
if (count($date_translate))
{
return str_replace( array_keys($date_translate), array_values($date_translate), gmdate($format, $timestamp));
}
return gmdate($format, $timestamp);
} // END hesk_custom_date_display_format()
function hesk_remove_punctuation($in)
{
return rtrim($in, ':?!.');
} // END hesk_remove_punctuation()

75
inc/email_functions.inc.php
Unescape Escape View File

@ -1,38 +1,24 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {
die('Invalid attempt');
}
// Make sure custom fields are loaded
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
/* Get includes for SMTP */
if ($hesk_settings['smtp']) {
require(HESK_PATH . 'inc/mail/smtp.php');
@ -63,7 +49,9 @@ function hesk_notifyCustomerForVerifyEmail($email_template = 'verify_email', $ac
// Add Cc / Bcc recipents if needed
$ccEmails = array();
$bccEmails = array();
foreach ($hesk_settings['custom_fields'] as $k => $v) {
//TODO Update the email custom field to handle this properly
/*foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
if ($v['type'] == 'email' && !empty($ticket[$k])) {
if ($v['value'] == 'cc') {
@ -75,7 +63,7 @@ function hesk_notifyCustomerForVerifyEmail($email_template = 'verify_email', $ac
}
}
}
}
}*/
hesk_mail($ticket['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, $ccEmails, $bccEmails, $hasMessage);
}
@ -106,7 +94,9 @@ function hesk_notifyCustomer($modsForHesk_settings, $email_template = 'new_ticke
// Add Cc / Bcc recipents if needed
$ccEmails = array();
$bccEmails = array();
foreach ($hesk_settings['custom_fields'] as $k => $v) {
//TODO Update the email custom field to handle this properly
/*foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
if ($v['type'] == 'email' && !empty($ticket[$k])) {
if ($v['value'] == 'cc') {
@ -116,7 +106,7 @@ function hesk_notifyCustomer($modsForHesk_settings, $email_template = 'new_ticke
}
}
}
}
}*/
// Send e-mail
hesk_mail($ticket['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, $ccEmails, $bccEmails, $hasMessage);
@ -846,15 +836,24 @@ function hesk_processMessage($msg, $ticket, $is_admin, $is_ticket, $just_message
$msg = str_replace('%%ID%%', $ticket['id'], $msg);
/* All custom fields */
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
if ($v['type'] == 'checkbox') {
$ticket[$k] = str_replace("<br />", "\n", $ticket[$k]);
for ($i=1; $i<=50; $i++) {
$k = 'custom'.$i;
if (isset($hesk_settings['custom_fields'][$k])) {
$v = $hesk_settings['custom_fields'][$k];
switch ($v['type']) {
case 'checkbox':
$ticket[$k] = str_replace("<br>","\n",$ticket[$k]);
break;
case 'date':
$ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
break;
}
$msg = str_replace('%%' . strtoupper($k) . '%%', stripslashes($ticket[$k]), $msg);
$msg = str_replace('%%'.strtoupper($k).'%%',stripslashes($ticket[$k]),$msg);
} else {
$msg = str_replace('%%' . strtoupper($k) . '%%', '', $msg);
$msg = str_replace('%%'.strtoupper($k).'%%','',$msg);
}
}

90
inc/footer.inc.php
Unescape Escape View File

@ -0,0 +1,90 @@
<?php
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
// Check if this is a valid include
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
// Auto-select first empty or error field on non-staff pages?
if (defined('AUTOFOCUS'))
{
?>
<script language="javascript">
(function(){
var forms = document.forms || [];
for(var i = 0; i < forms.length; i++)
{
for(var j = 0; j < forms[i].length; j++)
{
if(
!forms[i][j].readonly != undefined &&
forms[i][j].type != "hidden" &&
forms[i][j].disabled != true &&
forms[i][j].style.display != 'none' &&
(forms[i][j].className == 'isError' || forms[i][j].className == 'isNotice' || forms[i][j].value == '')
)
{
forms[i][j].focus();
return;
}
}
}
})();
</script>
<?php
}
// Users online
if (defined('SHOW_ONLINE'))
{
hesk_printOnline();
}
// The closing div here is to close the content area on each page. Annoying, but necessary.
if (defined('ADMIN_PAGE')) {
echo '
</div>
<footer class="main-footer">';
}
/*******************************************************************************
The code below handles HESK licensing. Removing or modifying this code without
purchasing a HESK license is strictly prohibited.
To purchase a HESK license and support future HESK development please visit:
https://www.hesk.com/buy.php
*******************************************************************************/
$hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
SBzdHJfcmVwbGFjZSgnd3d3LicsJycsc3RydG9sb3dlcigkaCkpOw0KaW5jbHVkZShIRVNLX1BBVEggL
iAnaGVza19saWNlbnNlLnBocCcpOw0KaWYgKGlzc2V0KCRoZXNrX3NldHRpbmdzWydsaWNlbnNlJ10pI
CYmIHN0cnBvcygkaGVza19zZXR0aW5nc1snbGljZW5zZSddLHNoYTEoJGguJ2gzJkZwMiNMYUEmNTkhd
yg4LlpjXSordVI1MTInKSkgIT09IGZhbHNlKQ0Kew0KJHMgPSAwOw0KfQ0KZWxzZQ0Kew0KZWNobyAnP
HAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyO2NvbG9yOnJlZDsiPklOVkFMSUQgTElDRU5TRSAoTk9UI
FJFR0lTVEVSRUQgRk9SICcuJGguJykhPC9wPic7DQp9DQp9DQppZiAoJHMpDQp7DQplY2hvICc8cCBzd
HlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPjxzcGFuIGNsYXNzPSJzbWFsbGVyIj4mbmJzcDs8YnIgLz5Qb
3dlcmVkIGJ5IDxhIGhyZWY9Imh0dHA6Ly93d3cuaGVzay5jb20iIGNsYXNzPSJzbWFsbGVyIiB0aXRsZ
T0iRnJlZSBQSFAgSGVscCBEZXNrIFNvZnR3YXJlIj5IZWxwIERlc2sgU29mdHdhcmU8L2E+IDxiPkhFU
0s8L2I+LCBicm91Z2h0IHRvIHlvdSBieSA8YSBocmVmPSJodHRwczovL3d3dy5zeXNhaWQuY29tLz91d
G1fc291cmNlPUhlc2smYW1wO3V0bV9tZWRpdW09Y3BjJmFtcDt1dG1fY2FtcGFpZ249SGVza1Byb2R1Y
3RfVG9fSFAiPlN5c0FpZDwvYT48L3NwYW4+PC9wPic7DQp9DQplY2hvICc8L3RkPjwvdHI+PC90YWJsZ
T48L2Rpdj4nOw0KaW5jbHVkZShIRVNLX1BBVEggLiAnZm9vdGVyLnR4dCcpOw0KZWNobyAnPC9ib2R5P
jwvaHRtbD4nOw==',"\112");
if (defined('ADMIN_PAGE')) {
echo '</footer>';
}
exit();

63
inc/header.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
require_once(HESK_PATH . 'build.php');
@ -40,6 +23,7 @@ if (!function_exists('mfh_getSettings')) {
$modsForHesk_settings = array();
if (is_dir(HESK_PATH . 'install')) {
define('MAINTENANCE_MODE', true);
$modsForHesk_settings['navbar_title_url'] = 'javascript:;';
$modsForHesk_settings['rtl'] = 0;
$modsForHesk_settings['use_bootstrap_theme'] = 1;
@ -55,14 +39,14 @@ if (is_dir(HESK_PATH . 'install')) {
$modsForHesk_settings['dropdownItemTextHoverColor'] = '#262626';
$modsForHesk_settings['dropdownItemTextHoverBackgroundColor'] = '#f5f5f5';
$modsForHesk_settings['questionMarkColor'] = '#000000';
$modsForHesk_settings['enable_calendar'] = 1;
} else {
$modsForHesk_settings = mfh_getSettings();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!DOCTYPE html>
<html>
<head>
<title><?php echo(isset($hesk_settings['tmp_title']) ? $hesk_settings['tmp_title'] : $hesk_settings['hesk_title']); ?></title>
<meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>"/>
@ -283,6 +267,7 @@ if ($modsForHesk_settings['show_icons']) {
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<?php
if ($hesk_settings['kb_enable'] !== 2 && !defined('MAINTENANCE_MODE')) {
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_HOME') {
$active = 'class="active"';
@ -310,7 +295,9 @@ if ($modsForHesk_settings['show_icons']) {
</a></li>
</ul>
</li>
<?php if ($hesk_settings['kb_enable']) {
<?php
}
if ($hesk_settings['kb_enable'] && !defined('MAINTENANCE_MODE')) {
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_KB') {
$active = 'class="active"';
@ -323,7 +310,7 @@ if ($modsForHesk_settings['show_icons']) {
if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_CALENDAR') {
$active = ' active';
}
if ($modsForHesk_settings['enable_calendar'] == 1):
if ($modsForHesk_settings['enable_calendar'] == 1 && !defined('MAINTENANCE_MODE')):
?>
<li class="<?php echo $active; ?>">
<a href="<?php echo HESK_PATH; ?>calendar.php"><i class="fa fa-calendar" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['calendar_title_case']; ?></a>
@ -333,7 +320,15 @@ if ($modsForHesk_settings['show_icons']) {
</ul>
<?php if ($hesk_settings['can_sel_lang']) { ?>
<div class="navbar-form navbar-right" role="search" style="margin-right: 20px; min-width: 80px;">
<?php echo hesk_getLanguagesAsFormIfNecessary(); ?>
<?php
if (!defined('MAINTENANCE_MODE')) {
if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_TICKET') {
hesk_getLanguagesAsFormIfNecessary($trackingID);
} else {
hesk_getLanguagesAsFormIfNecessary();
}
}
?>
</div>
<?php } ?>

137
inc/headerAdmin.inc.php
Unescape Escape View File

@ -35,44 +35,21 @@ if (!defined('IN_SCRIPT')) {
die('Invalid attempt');
}
define('ADMIN_PAGE', true);
$modsForHesk_settings = mfh_getSettings();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<!DOCTYPE html>
<html>
<head>
<title><?php echo(isset($hesk_settings['tmp_title']) ? $hesk_settings['tmp_title'] : $hesk_settings['hesk_title']); ?></title>
<meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>"/>
<meta name="viewport" content="width=device-width, user-scalable=no">
<meta name="theme-color" content="<?php echo '#414a5c'; ?>">
<?php if ($modsForHesk_settings['rtl']) { ?>
<link href="<?php echo HESK_PATH; ?>hesk_style_RTL.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>" type="text/css"
rel="stylesheet"/>
<?php } else { ?>
<link href="<?php echo HESK_PATH; ?>hesk_style.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>" type="text/css"
rel="stylesheet"/>
<?php } ?>
<link href="<?php echo HESK_PATH; ?>css/datepicker.css" type="text/css" rel="stylesheet"/>
<link href="<?php echo HESK_PATH; ?>css/bootstrap.css?v=21" type="text/css" rel="stylesheet"/>
<link href="<?php echo HESK_PATH; ?>css/bootstrap-theme.css?v=21" type="text/css"
rel="stylesheet" <?php if ($modsForHesk_settings['use_bootstrap_theme'] == 0) {
echo 'disabled';
} ?>>
<?php if ($modsForHesk_settings['rtl']) { ?>
<link href="<?php echo HESK_PATH; ?>css/bootstrap-rtl.min.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>"
type="text/css" rel="stylesheet"/>
<link href="<?php echo HESK_PATH; ?>css/mods-for-hesk.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>" type="text/css"
rel="stylesheet"/>
<link href="<?php echo HESK_PATH; ?>css/hesk_newStyleRTL.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>"
type="text/css" rel="stylesheet"/>
<?php } else { ?>
<link href="<?php echo HESK_PATH; ?>css/mods-for-hesk.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>" type="text/css"
rel="stylesheet"/>
<link href="<?php echo HESK_PATH; ?>css/hesk_newStyle.css?v=<?php echo MODS_FOR_HESK_BUILD; ?>" type="text/css"
rel="stylesheet"/>
<?php } ?>
<link href="<?php echo HESK_PATH; ?>css/bootstrap-iconpicker.min.css" rel="stylesheet">
<link href="//netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet">
<link href="//netdna.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css" rel="stylesheet">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/octicons.css" type="text/css">
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/leaflet/0.7.3/leaflet.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/dropzone.min.css">
@ -81,7 +58,14 @@ $modsForHesk_settings = mfh_getSettings();
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/bootstrap-clockpicker.min.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/jquery.jgrowl.min.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/bootstrap-colorpicker.min.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/AdminLTE.min.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/skins/_all-skins.min.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/mods-for-hesk-new.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/colors.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/positions.css">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/displays.css">
<script src="<?php echo HESK_PATH; ?>js/jquery-1.10.2.min.js"></script>
<script type="text/javascript" src="<?php echo HESK_PATH; ?>js/adminlte.min.js"></script>
<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>hesk_javascript.js"></script>
<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap.min.js"></script>
<script type="text/javascript" src="<?php echo HESK_PATH; ?>js/dropzone.min.js"></script>
@ -105,51 +89,6 @@ $modsForHesk_settings = mfh_getSettings();
}
?>
<style>
.navbar-default {
background-color: <?php echo $modsForHesk_settings['navbarBackgroundColor']; ?>;
background-image: none;
filter: none;
}
.navbar-default .navbar-brand {
color: <?php echo $modsForHesk_settings['navbarBrandColor']; ?>;
}
.navbar-default .navbar-brand:focus, .navbar-default .navbar-brand:hover {
color: <?php echo $modsForHesk_settings['navbarBrandHoverColor']; ?>;
background-color: transparent;
}
.navbar-default .navbar-nav > li > a {
color: <?php echo $modsForHesk_settings['navbarItemTextColor']; ?>;
}
.navbar-default .navbar-nav > li > a:focus, .navbar-default .navbar-nav > li > a:hover {
color: <?php echo $modsForHesk_settings['navbarItemTextHoverColor']; ?>;
background-color: transparent;
}
.dropdown-menu > li > a {
color: <?php echo $modsForHesk_settings['dropdownItemTextColor']; ?>;
}
.dropdown-menu > li > a:focus, .dropdown-menu > li > a:hover {
color: <?php echo $modsForHesk_settings['dropdownItemTextHoverColor']; ?>;
text-decoration: none;
background-color: <?php echo $modsForHesk_settings['dropdownItemTextHoverBackgroundColor']; ?>;
}
.navbar-default .navbar-nav > .open > a,
.navbar-default .navbar-nav > .open > a:focus,
.navbar-default .navbar-nav > .open > a:hover,
.navbar-default .navbar-nav > .active > a,
.navbar-default .navbar-nav > .active > a:focus,
.navbar-default .navbar-nav > .active > a:hover {
color: <?php echo $modsForHesk_settings['navbarItemTextSelectedColor']; ?>;
background-color: <?php echo $modsForHesk_settings['navbarItemSelectedBackgroundColor']; ?>;
background-image: none;
}
.settingsquestionmark {
color: <?php echo $modsForHesk_settings['questionMarkColor']; ?>;
cursor: pointer;
@ -158,6 +97,12 @@ $modsForHesk_settings = mfh_getSettings();
.h3questionmark {
color: <?php echo $modsForHesk_settings['questionMarkColor']; ?>;
}
<?php if (defined('PAGE_TITLE') && PAGE_TITLE == 'LOGIN'): ?>
body {
background: #d2d6de;
}
<?php endif; ?>
</style>
<?php
@ -222,6 +167,50 @@ $modsForHesk_settings = mfh_getSettings();
}
}
// Auto reload
if (defined('AUTO_RELOAD') && hesk_checkPermission('can_view_tickets',0) && ! isset($_SESSION['hide']['ticket_list'])) {
?>
<script type="text/javascript">
var count = <?php echo empty($_SESSION['autoreload']) ? 30 : intval($_SESSION['autoreload']); ?>;
var reloadcounter;
var countstart = count;
function heskReloadTimer() {
count = count-1;
if (count <= 0) {
clearInterval(reloadcounter);
window.location.reload();
return;
}
document.getElementById("timer").innerHTML = "(" + count + ")";
}
function heskCheckReloading() {
if (<?php if ($_SESSION['autoreload']) echo "getCookie('autorefresh') == null || "; ?>getCookie('autorefresh') == '1') {
document.getElementById("reloadCB").checked=true;
document.getElementById("timer").innerHTML = "(" + count + ")";
reloadcounter = setInterval(heskReloadTimer, 1000);
}
}
function toggleAutoRefresh(cb) {
if (cb.checked) {
setCookie('autorefresh', '1');
document.getElementById("timer").innerHTML = "(" + count + ")";
reloadcounter = setInterval(heskReloadTimer, 1000);
} else {
setCookie('autorefresh', '0');
count = countstart;
clearInterval(reloadcounter);
document.getElementById("timer").innerHTML = "";
}
}
</script>
<?php
}
if (defined('MFH_CALENDAR')) { ?>
<script src="<?php echo HESK_PATH; ?>js/calendar/moment.js"></script>
<script src="<?php echo HESK_PATH; ?>js/calendar/fullcalendar.min.js"></script>
@ -236,7 +225,7 @@ $modsForHesk_settings = mfh_getSettings();
</head>
<body onload="<?php echo $onload;
unset($onload); ?>">
unset($onload); ?>" class="hold-transition <?php echo $modsForHesk_settings['admin_color_scheme']; ?> sidebar-mini">
<?php
include(HESK_PATH . 'header.txt');

39
inc/knowledgebase_functions.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {

30
inc/mail_functions.inc.php
Unescape Escape View File

@ -0,0 +1,30 @@
<?php
function mfh_get_mail_headers_for_dropdown($user_id, $hesk_settings, $hesklang) {
$deleted_user_text = hesk_dbEscape($hesklang['deleted_user_title_case']);
$sql = "SELECT `mail`.`id` AS `id`, `mail`.`subject` AS `subject`,
`users`.`name` AS `from`, `mail`.`dt` AS `date`, `mail`.`from` AS `from_id`
FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` AS `mail`
LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `users`
ON `mail`.`from` = `users`.`id`
WHERE `to` = " . hesk_dbEscape($user_id) . "
AND `read` = '0'
ORDER BY `mail`.`dt` DESC";
$rs = hesk_dbQuery($sql);
$mails = array();
while ($row = hesk_dbFetchAssoc($rs)) {
if ($row['from'] == null) {
if ($row['from_id'] == 9999) {
$row['from'] = 'HESK.com';
} else {
$row['from'] = $deleted_user_text;
}
}
$mails[] = $row;
}
return $mails;
}

43
inc/pipe_functions.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {
@ -227,7 +210,7 @@ function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority
$ticket['status'] = $ticket['status'] ? $waiting_reply_rs['id'] : $new_status['id'];
// Update ticket as necessary
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "'");
// If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened)
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' ");
@ -475,7 +458,7 @@ function hesk_isEmailLoop($email, $message_hash)
}
// Update DB entry
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '" . hesk_dbEscape($message_hash) . "' WHERE `email` LIKE '{$email_like}' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '" . hesk_dbEscape($message_hash) . "' WHERE `email` LIKE '{$email_like}'");
} else {
// First instance, insert a new database row
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` (`email`, `message_hash`) VALUES ('" . hesk_dbEscape($email) . "', '" . hesk_dbEscape($message_hash) . "')");

105
inc/posting_functions.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {
@ -39,6 +22,12 @@ function hesk_newTicket($ticket, $isVerified = true)
{
global $hesk_settings, $hesklang, $hesk_db_link;
// Generate a subject if necessary
if (strlen($ticket['subject']) < 1)
{
$ticket['subject'] = sprintf($hesklang['default_subject'], $ticket['name']);
}
// If language is not set or default, set it to NULL.
if (!isset($ticket['language']) || empty($ticket['language'])) {
$language = (!$hesk_settings['can_sel_lang']) ? HESK_DEFAULT_LANGUAGE : hesk_dbEscape($hesklang['LANGUAGE']);
@ -59,6 +48,16 @@ function hesk_newTicket($ticket, $isVerified = true)
$due_date = "'" . hesk_dbEscape($ticket['due_date']) . "'";
}
// Prepare SQL for custom fields
$custom_where = '';
$custom_what = '';
for ($i=1; $i<=50; $i++)
{
$custom_where .= ", `custom{$i}`";
$custom_what .= ", '" . (isset($ticket['custom'.$i]) ? hesk_dbEscape($ticket['custom'.$i]) : '') . "'";
}
// Insert ticket into database
hesk_dbQuery("
INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . $tableName . "`
@ -79,27 +78,6 @@ function hesk_newTicket($ticket, $isVerified = true)
`owner`,
`attachments`,
`merged`,
`history`,
`custom1`,
`custom2`,
`custom3`,
`custom4`,
`custom5`,
`custom6`,
`custom7`,
`custom8`,
`custom9`,
`custom10`,
`custom11`,
`custom12`,
`custom13`,
`custom14`,
`custom15`,
`custom16`,
`custom17`,
`custom18`,
`custom19`,
`custom20`,
`status`,
`latitude`,
`longitude`,
@ -107,7 +85,9 @@ function hesk_newTicket($ticket, $isVerified = true)
`user_agent`,
`screen_resolution_height`,
`screen_resolution_width`,
`due_date`
`due_date`,
`history`
{$custom_where}
)
VALUES
(
@ -127,27 +107,6 @@ function hesk_newTicket($ticket, $isVerified = true)
'" . intval($ticket['owner']) . "',
'" . hesk_dbEscape($ticket['attachments']) . "',
'',
'" . hesk_dbEscape($ticket['history']) . "',
'" . hesk_dbEscape($ticket['custom1']) . "',
'" . hesk_dbEscape($ticket['custom2']) . "',
'" . hesk_dbEscape($ticket['custom3']) . "',
'" . hesk_dbEscape($ticket['custom4']) . "',
'" . hesk_dbEscape($ticket['custom5']) . "',
'" . hesk_dbEscape($ticket['custom6']) . "',
'" . hesk_dbEscape($ticket['custom7']) . "',
'" . hesk_dbEscape($ticket['custom8']) . "',
'" . hesk_dbEscape($ticket['custom9']) . "',
'" . hesk_dbEscape($ticket['custom10']) . "',
'" . hesk_dbEscape($ticket['custom11']) . "',
'" . hesk_dbEscape($ticket['custom12']) . "',
'" . hesk_dbEscape($ticket['custom13']) . "',
'" . hesk_dbEscape($ticket['custom14']) . "',
'" . hesk_dbEscape($ticket['custom15']) . "',
'" . hesk_dbEscape($ticket['custom16']) . "',
'" . hesk_dbEscape($ticket['custom17']) . "',
'" . hesk_dbEscape($ticket['custom18']) . "',
'" . hesk_dbEscape($ticket['custom19']) . "',
'" . hesk_dbEscape($ticket['custom20']) . "',
'" . intval($ticket['status']) . "',
'" . hesk_dbEscape($ticket['latitude']) . "',
'" . hesk_dbEscape($ticket['longitude']) . "',
@ -155,7 +114,9 @@ function hesk_newTicket($ticket, $isVerified = true)
'" . hesk_dbEscape($ticket['user_agent']) . "',
" . hesk_dbEscape($ticket['screen_resolution_height']) . ",
" . hesk_dbEscape($ticket['screen_resolution_width']) . ",
{$due_date}
{$due_date},
'" . hesk_dbEscape($ticket['history']) . "'
{$custom_what}
)
");

42
inc/print_tickets.inc.php
Unescape Escape View File

@ -1,38 +1,24 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {
die('Invalid attempt');
}
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
// This SQL code will be used to retrieve results
$sql_final = "SELECT
`id`,

78
inc/profile_functions.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {
@ -38,7 +21,7 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
{
global $hesk_settings, $hesklang, $can_reply_tickets, $can_view_tickets, $can_view_unassigned;
?>
<div role="tabpanel">
<div role="tabpanel" class="nav-tabs-custom">
<!-- Nav tabs -->
<ul class="nav nav-tabs" role="tablist">
@ -98,6 +81,7 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
<div class="col-md-9">
<input type="text" class="form-control" name="user" size="40" maxlength="20"
autocomplete="off"
value="<?php echo $_SESSION[$session_array]['user']; ?>"
placeholder="<?php echo htmlspecialchars($hesklang['username']); ?>"
data-error="<?php echo htmlspecialchars($hesklang['enter_username']); ?>"
@ -297,7 +281,32 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
</div>
<?php
}
if (empty($_SESSION[$session_array]['autoreload'])) {
$reload_time = 30;
$sec = 'selected';
$min = '';
} else {
$reload_time = intval($_SESSION[$session_array]['autoreload']);
if ($reload_time >= 60 && $reload_time % 60 == 0) {
$reload_time = $reload_time / 60;
$sec = '';
$min = 'selected';
} else {
$sec = 'selected';
$min = '';
}
}
?>
<div class="checkbox form-inline">
<label><input type="checkbox" name="autoreload" value="1" <?php if (!empty($_SESSION[$session_array]['autoreload'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['arpp']; ?></label>
<input type="text" class="form-control" name="reload_time" value="<?php echo $reload_time; ?>" size="5" maxlength="5" onkeyup="this.value=this.value.replace(/[^\d]+/,'')" />
<select name="secmin" class="form-control">
<option value="sec" <?php echo $sec; ?>><?php echo $hesklang['seconds']; ?></option>
<option value="min" <?php echo $min; ?>><?php echo $hesklang['minutes']; ?></option>
</select>
</div>
<div class="checkbox">
<label><input type="checkbox" name="notify_customer_new"
value="1" <?php if (!empty($_SESSION[$session_array]['notify_customer_new'])) {
@ -337,17 +346,6 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
</select>
</div>
</div>
<div class="form-group">
<label for="autoRefresh"
class="col-sm-3 control-label"><?php echo $hesklang['ticket_auto_refresh']; ?></label>
<div class="col-sm-9">
<input type="text" class="form-control" id="autorefresh" name="autorefresh"
placeholder="<?php echo htmlspecialchars($hesklang['ticket_auto_refresh']); ?>"
value="<?php echo $_SESSION[$session_array]['autorefresh']; ?>">
<span class="help-block"><?php echo $hesklang['autorefresh_restrictions']; ?></span>
</div>
</div>
</div>
<div role="tabpanel" class="tab-pane fade" id="notifications">
<?php $disabledText =

559
inc/show_admin_nav.inc.php
Unescape Escape View File

@ -1,286 +1,451 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {
die('Invalid attempt');
}
$num_mail = hesk_checkNewMail();
$mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hesklang);
?>
<?php
// Show a notice if we are in maintenance mode
if (hesk_check_maintenance(false)) {
echo '<div style="margin-bottom: -20px">';
hesk_show_notice($hesklang['mma2'], $hesklang['mma1'], false);
echo '</div>';
}
<div class="wrapper">
<header class="main-header">
// Show a notice if we are in "Knowledgebase only" mode
if (hesk_check_kb_only(false)) {
echo '<div style="margin-bottom: -20px">';
hesk_show_notice($hesklang['kbo2'], $hesklang['kbo1'], false);
echo '</div>';
}
?>
<div class="enclosing">
<nav class="navbar navbar-default navbar-static-top" role="navigation">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target=".navbar-collapse">
<!-- Logo -->
<a href="<?php echo $modsForHesk_settings['navbar_title_url']; ?>" class="logo">
<!-- mini logo for sidebar mini 50x50 pixels -->
<span class="logo-mini"><!-- TODO Add setting for "Mini Title" --></span>
<!-- logo for regular state and mobile devices -->
<span class="logo-lg"><?php echo $hesk_settings['hesk_title'] ?></span>
</a>
<!-- Header Navbar: style can be found in header.less -->
<nav class="navbar navbar-static-top">
<!-- Sidebar toggle button-->
<a href="#" class="sidebar-toggle" data-toggle="offcanvas" role="button">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="<?php echo $modsForHesk_settings['navbar_title_url']; ?>"><?php echo $hesk_settings['hesk_title'] ?></a>
</div>
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
</a>
<!-- Navbar Right Menu -->
<div class="navbar-custom-menu">
<ul class="nav navbar-nav">
<!-- Messages: style can be found in dropdown.less-->
<?php
$number_of_maintenance_warnings = 0;
if (hesk_check_maintenance(false)) {
$number_of_maintenance_warnings++;
}
if (hesk_check_kb_only(false)) {
$number_of_maintenance_warnings++;
}
if ($number_of_maintenance_warnings > 0): ?>
<li class="dropdown messages-menu">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
<i class="fa fa-exclamation-triangle"></i>
<?php echo sprintf($hesklang['x_system_warnings'],
$number_of_maintenance_warnings,
$number_of_maintenance_warnings == 1
? $hesklang['warning_title_case']
: $hesklang['warnings_title_case']); ?>
</a>
<ul class="dropdown-menu">
<li class="header"><?php echo sprintf($hesklang['x_system_warnings'],
$number_of_maintenance_warnings,
$number_of_maintenance_warnings == 1
? $hesklang['warning_title_case']
: $hesklang['warnings_title_case']); ?></li>
<li>
<ul class="menu">
<?php if (hesk_check_maintenance(false)): ?>
<li>
<a href="#">
<div class="pull-left">
<i class="fa fa-exclamation-triangle orange fa-2x"></i>
</div>
<h4>
<?php echo $hesklang['mma1']; ?>
</h4>
<p><?php echo $hesklang['mma2']; ?></p>
</a>
</li>
<?php
endif;
if (hesk_check_kb_only(false)):
?>
<li>
<a href="#">
<div class="pull-left">
<i class="fa fa-exclamation-triangle orange fa-2x"></i>
</div>
<h4>
<?php echo $hesklang['kbo1']; ?>
</h4>
<p><?php echo $hesklang['kbo2']; ?></p>
</a>
</li>
<?php endif; ?>
</ul>
</li>
</ul>
</li>
<?php endif; ?>
<li class="dropdown messages-menu">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
<i class="fa fa-envelope-o"></i>
<?php if (count($mails) > 0): ?>
<span class="label label-success"><?php echo count($mails); ?></span>
<?php endif; ?>
</a>
<ul class="dropdown-menu">
<li class="header"><?php echo sprintf($hesklang['you_have_x_messages'],
count($mails),
count($mails) == 1
? $hesklang['message_lower_case']
: $hesklang['messages_lower_case']); ?></li>
<!-- Begin New Messages -->
<li>
<!-- inner menu: contains the actual data -->
<ul class="menu">
<?php foreach ($mails as $mail): ?>
<li><!-- start message -->
<a href="mail.php?a=read&id=<?php echo $mail['id']; ?>">
<h4>
<?php echo $mail['from']; ?>
<small><i class="fa fa-clock-o"></i> <?php echo hesk_dateToString($mail['date'], 0, 0, 0, true); ?></small>
</h4>
<p><?php echo $mail['subject']; ?></p>
</a>
</li>
<!-- end message -->
<?php endforeach; ?>
</ul>
</li>
<li class="footer"><a href="mail.php">See All Messages</a></li>
</ul>
</li>
<!-- User Account: style can be found in dropdown.less -->
<li class="dropdown user user-menu">
<a href="profile.php">
<!--<img src="dist/img/user2-160x160.jpg" class="user-image" alt="User Image">-->
<i class="fa fa-user"></i>
<span class="hidden-xs"><?php echo hesk_SESSION('name'); ?></span>
</a>
</li>
<!-- Control Sidebar Toggle Button -->
<li>
<a href="index.php?a=logout&amp;token=<?php echo hesk_token_echo(); ?>">
<i class="octicon octicon-sign-out"></i>
</a>
</li>
</ul>
</div>
</nav>
</header>
<aside class="main-sidebar">
<!-- sidebar: style can be found in sidebar.less -->
<section class="sidebar">
<!-- sidebar menu: : style can be found in sidebar.less -->
<ul class="sidebar-menu">
<li class="header"><?php echo $hesklang['main_navigation_uppercase']; ?></li>
<?php
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_HOME') {
$active = ' class="active"';
$active = 'active';
}
?>
<li<?php echo $active; ?>><a href="admin_main.php"><i
class="fa fa-home" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['main_page']; ?>
</a></li>
<?php if (hesk_checkPermission('can_man_users', 0) && hesk_checkPermission('can_man_permission_tpl', 0)) {
<li class="<?php echo $active; ?> treeview">
<a href="admin_main.php">
<i class="fa fa-home" <?php echo $iconDisplay; ?>></i> <span><?php echo $hesklang['main_page']; ?></span>
</a>
</li>
<?php if (hesk_checkPermission('can_man_users', 0) && hesk_checkPermission('can_man_permission_tpl', 0)) :
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_USERS') {
$active = ' active';
$active = 'active';
}
echo '<li class="dropdown'.$active.'">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">
<i class="fa fa-users" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_users'] . '<span class="caret"></span>
?>
<li class="<?php echo $active; ?> treeview">
<a href="#">
<i class="fa fa-users" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_users']; ?></span>
<span class="pull-right-container">
<i class="fa fa-angle-left pull-right"></i>
</span>
</a>
<ul class="dropdown-menu" role="menu">
<li><a href="manage_users.php">' . $hesklang['manage_users'] . '</a></li>
<li><a href="manage_permission_templates.php">' . $hesklang['permission_tpl_man'] . '</a></li>
<ul class="treeview-menu">
<li>
<a href="manage_users.php"><i class="fa fa-circle-o"></i> <?php echo $hesklang['manage_users']; ?></a>
</li>
<li>
<a href="manage_permission_templates.php"><i class="fa fa-circle-o"></i> <?php echo $hesklang['permission_tpl_man']; ?></a>
</li>
</ul>
</li>';
} elseif (hesk_checkPermission('can_man_users', 0)) {
</li>
<?php
elseif (hesk_checkPermission('can_man_users', 0)) :
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_USERS') {
$active = ' class="active"';
$active = 'active';
}
echo '<li'.$active.'><a href="manage_users.php"><i class="fa fa-users" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_users'] . '</a></li>';
} elseif (hesk_checkPermission('can_man_permission_tpl', 0)) {
?>
<li class="<?php echo $active; ?> treeview">
<a href="manage_users.php">
<i class="fa fa-users" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_users']; ?></span>
</a>
</li>
<?php
elseif (hesk_checkPermission('can_man_permission_tpl', 0)) :
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_USERS') {
$active = ' class="active"';
$active = 'active';
}
echo '<li'.$active.'><a href="manage_permission_templates.php">
<i class="fa fa-users" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['permission_templates'] . '</a></li>';
}
if (hesk_checkPermission('can_man_cat', 0)) {
?>
<li class="<?php echo $active; ?> treeview">
<a href="manage_permission_templates.php">
<i class="fa fa-users" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['permission_templates']; ?></span>
</a>
</li>
<?php
endif;
if (hesk_checkPermission('can_man_cat', 0)):
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CATEGORIES') {
$active = ' class="active"';
$active = 'active';
}
echo '<li'.$active.'><a href="manage_categories.php"><i class="fa fa-pie-chart" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_cat'] . '</a></li>';
}
if (hesk_checkPermission('can_man_canned', 0) && hesk_checkPermission('can_man_ticket_tpl', 0)) {
?>
<li class="<?php echo $active; ?> treeview">
<a href="manage_categories.php">
<i class="fa fa-pie-chart" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_cat']; ?></span>
</a>
</li>
<?php
endif;
if (hesk_checkPermission('can_man_canned', 0) && hesk_checkPermission('can_man_ticket_tpl', 0)):
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CANNED') {
$active = ' active';
$active = 'active';
}
echo '<li class="dropdown'.$active.'">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">
<i class="fa fa-file-text-o" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_can'] . '<span class="caret"></span>
?>
<li class="<?php echo $active; ?> treeview">
<a href="#">
<i class="fa fa-file-text-o" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_can']; ?></span>
<span class="pull-right-container">
<i class="fa fa-angle-left pull-right"></i>
</span>
</a>
<ul class="dropdown-menu" role="menu">
<li><a href="manage_canned.php">' . $hesklang['can_man_canned'] . '</a></li>
<li><a href="manage_ticket_templates.php">' . $hesklang['ticket_tpl_man'] . '</a></li>
<ul class="treeview-menu">
<li>
<a href="manage_canned.php"><i class="fa fa-circle-o"></i> <?php echo $hesklang['can_man_canned']; ?></a>
</li>
<li>
<a href="manage_ticket_templates.php"><i class="fa fa-circle-o"></i> <?php echo $hesklang['ticket_tpl_man']; ?></a>
</li>
</ul>
</li>';
} elseif (hesk_checkPermission('can_man_canned', 0)) {
</li>
<?php
elseif (hesk_checkPermission('can_man_canned', 0)):
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CANNED') {
$active = ' class="active"';
$active = 'active';
}
echo '<li'.$active.'><a href="manage_canned.php"><i class="fa fa-file-text-o" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_can'] . '</a></li>';
} elseif (hesk_checkPermission('can_man_ticket_tpl', 0)) {
?>
<li class="<?php echo $active; ?> treeview">
<a href="manage_canned.php">
<i class="fa fa-file-text-o" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_can']; ?></span>
</a>
</li>
<?php
elseif (hesk_checkPermission('can_man_ticket_tpl', 0)):
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CANNED') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="manage_ticket_templates.php"><i class="fa fa-file-text-o" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_can'] . '</a></li>';
$active = 'active';
}
if ($hesk_settings['kb_enable']) {
?>
<li class="<?php echo $active; ?> treeview">
<a href="manage_ticket_templates.php">
<i class="fa fa-file-text-o" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_can']; ?></span>
</a>
</li>
<?php
endif;
if ($hesk_settings['kb_enable']):
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_KB') {
$active = ' class="active"';
$active = 'active';
}
if (hesk_checkPermission('can_man_kb', 0)) {
echo '<li'.$active.'><a href="manage_knowledgebase.php"><i class="fa fa-book" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_kb'] . '</a></li>';
} else {
echo '<li'.$active.'><a href="knowledgebase_private.php"><i class="fa fa-book" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['menu_kb'] . '</a></li>';
}
}
if ($modsForHesk_settings['enable_calendar'] != 0) {
if (hesk_checkPermission('can_man_kb', 0)):
?>
<li class="<?php echo $active; ?> treeview">
<a href="manage_knowledgebase.php">
<i class="fa fa-book" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_kb']; ?></span>
</a>
</li>
<?php else: ?>
<li class="<?php echo $active; ?> treeview">
<a href="knowledgebase_private.php">
<i class="fa fa-book" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_kb']; ?></span>
</a>
</li>
<?php endif; ?>
<?php
endif;
if ($modsForHesk_settings['enable_calendar'] != 0):
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_CALENDAR') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="calendar.php"><i class="fa fa-calendar" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['calendar_title_case'] . '</a></li>';
$active = 'active';
}
if (hesk_checkPermission('can_run_reports', 0)) {
?>
<li class="<?php echo $active; ?> treeview">
<a href="calendar.php">
<i class="fa fa-calendar" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['calendar_title_case']; ?></span>
</a>
</li>
<?php
endif;
if (hesk_checkPermission('can_run_reports', 0)):
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_REPORTS') {
$active = ' class="active"';
$active = 'active';
}
echo '<li'.$active.'><a href="reports.php"><i class="fa fa-line-chart" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['reports'] . '</a></li>';
} elseif (hesk_checkPermission('can_export', 0)) {
?>
<li class="<?php echo $active; ?> treeview">
<a href="reports.php">
<i class="fa fa-line-chart" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['reports']; ?></span>
</a>
</li>
<?php
elseif (hesk_checkPermission('can_export', 0)):
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_REPORTS') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="export.php"><i class="fa fa-line-chart" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['reports'] . '</a></li>';
$active = 'active';
}
?>
<li class="<?php echo $active; ?> treeview">
<a href="export.php">
<i class="fa fa-line-chart" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['reports']; ?></span>
</a>
</li>
<?php
endif;
$tools_count = 0;
$dropdown_items = '<ul class="dropdown-menu" role="menu">';
$dropdown_items = array();
if (hesk_checkPermission('can_ban_emails', 0)) {
$tools_count++;
$dropdown_items .= '<li><a href="banned_emails.php">' . $hesklang['manage_banned_emails'] . '</a></li>';
$dropdown_items['banned_emails'] = $hesklang['manage_banned_emails'];
}
if (hesk_checkPermission('can_ban_ips', 0)) {
$tools_count++;
$dropdown_items .= '<li><a href="banned_ips.php">' . $hesklang['manage_banned_ips'] . '</a></li>';
$dropdown_items['banned_ips'] = $hesklang['manage_banned_ips'];
}
if (hesk_checkPermission('can_service_msg', 0)) {
$tools_count++;
$dropdown_items .= '<li><a href="service_messages.php">' . $hesklang['manage_service_messages'] . '</a></li>';
$dropdown_items['service_messages'] = $hesklang['manage_service_messages'];
}
if (hesk_checkPermission('can_man_email_tpl', 0)) {
$tools_count++;
$dropdown_items .= '<li><a href="manage_email_templates.php">' . $hesklang['manage_email_templates'] . '</a></li>';
$dropdown_items['manage_email_templates'] = $hesklang['manage_email_templates'];
}
if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
$tools_count++;
$dropdown_items .= '<li><a href="manage_statuses.php">' . $hesklang['manage_statuses'] . '</a></li>';
$dropdown_items['manage_statuses'] = $hesklang['manage_statuses'];
}
if (hesk_checkPermission('can_man_settings', 0)) {
$tools_count++;
$dropdown_items['custom_fields'] = $hesklang['manage_custom_fields'];
}
if (hesk_checkPermission('can_view_logs', 0)) {
$tools_count++;
$dropdown_items .= '<li><a href="view_message_log.php">' . $hesklang['view_message_log'] . '</a></li>';
$dropdown_items['view_message_log'] = $hesklang['view_message_log'];
}
$dropdown_items .= '</ul>';
if ($tools_count > 1) {
if (count($dropdown_items) > 1):
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') {
$active = ' active';
$active = 'active';
}
echo '<li class="dropdown'.$active.'">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">
<i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '<span class="caret"></span>
?>
<li class="<?php echo $active; ?> treeview">
<a href="#">
<i class="fa fa-wrench" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['tools']; ?></span>
<span class="pull-right-container">
<i class="fa fa-angle-left pull-right"></i>
</span>
</a>
'.$dropdown_items.'
</li>';
} else {
if (hesk_checkPermission('can_ban_emails', 0)) {
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="banned_emails.php"><i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '</a></li>';
} elseif (hesk_checkPermission('can_ban_ips', 0)) {
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="banned_ips.php"><i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '</a></li>';
} elseif (hesk_checkPermission('can_service_msg', 0)) {
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="service_messages.php"><i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '</a></li>';
} elseif (hesk_checkPermission('can_man_email_tpl', 0)) {
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="manage_email_templates.php"><i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '</a></li>';
} elseif (hesk_checkPermission('can_man_ticket_statuses', 0)) {
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="manage_statuses.php"><i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '</a></li>';
} elseif (hesk_checkPermission('can_view_logs', 0)) {
<ul class="treeview-menu">
<?php foreach($dropdown_items as $path => $text): ?>
<li>
<a href="<?php echo $path; ?>.php"><i class="fa fa-circle-o"></i> <?php echo $text; ?></a>
</li>
<?php endforeach; ?>
</ul>
</li>
<?php
elseif (count($dropdown_items) == 1):
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_TOOLS') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="view_message_log.php"><i class="fa fa-wrench" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['tools'] . '</a></li>';
$active = 'active';
}
}
if (hesk_checkPermission('can_man_settings', 0)) {
reset($dropdown_items);
$page = key($dropdown_items);
?>
<li class="<?php echo $active; ?> treeview">
<a href="<?php echo $page; ?>.php">
<i class="fa fa-wrench" <?php echo $iconDisplay; ?>></i>
<span><?php echo $dropdown_items[$page]; ?></span>
</a>
</li>
<?php
endif;
if (hesk_checkPermission('can_man_settings', 0)):
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_SETTINGS') {
$active = ' class="active"';
}
echo '<li'.$active.'><a href="admin_settings.php"><i class="fa fa-cog" ' . $iconDisplay . '></i>&nbsp;' . $hesklang['settings'] . '</a></li>';
}
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_PROFILE') {
$active = ' class="active"';
$active = 'active';
}
?>
<li<?php echo $active; ?>><a href="profile.php"><i
class="fa fa-user" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['menu_profile']; ?>
</a></li>
<li class="<?php echo $active; ?> treeview">
<a href="admin_settings.php">
<i class="fa fa-cog" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['settings']; ?></span>
</a>
</li>
<?php
endif;
$active = '';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_MAIL') {
$active = ' class="active"';
if (defined('PAGE_TITLE') && PAGE_TITLE == 'ADMIN_PROFILE') {
$active = 'active';
}
?>
<li<?php echo $active; ?>><a href="mail.php"><i
class="fa fa-envelope-o" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['menu_msg']; ?>
<?php if ($num_mail != 0) {
echo '<span class="badge">';
echo $num_mail;
unset($num_mail);
echo '</span>';
} ?>
</a></li>
<?php include('custom/show_admin_nav-custom.inc.php');
$iconDisplay = ($iconDisplay == '') ? 'style="font-size: 14px"' : $iconDisplay;
?>
<li><a href="index.php?a=logout&amp;token=<?php echo hesk_token_echo(); ?>"><span
class="octicon octicon-sign-out" <?php echo $iconDisplay; ?>></span>&nbsp;<?php echo $hesklang['logout']; ?>
</a></li>
<li class="<?php echo $active; ?> treeview">
<a href="profile.php">
<i class="fa fa-user" <?php echo $iconDisplay; ?>></i>
<span><?php echo $hesklang['menu_profile']; ?></span>
</a>
</li>
</ul>
</div>
<!-- /.navbar-collapse -->
</nav>
</section>
<!-- /.sidebar -->
</aside>
<div class="content-wrapper">

46
inc/show_search_form.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {
@ -411,10 +394,7 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
<div class="form-group">
<input class="form-control" type="text" name="q" size="30" <?php if (isset($q)) {
echo 'value="' . $q . '"';
} ?>
data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
required>
<div class="help-block with-errors"></div>
} ?>>
</div>
</td>
<td class="text-left" style="border: none">
@ -515,7 +495,7 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
<tr>
<td class="alignMiddle"><b><?php echo $hesklang['date']; ?></b>: &nbsp; </td>
<td class="alignMiddle">
<div class="col-md-3" style="padding-left: 0px"><input class="form-control tcal"
<div class="col-md-3" style="padding-left: 0px"><input class="form-control datepicker"
type="text" name="dt"
id="dt"
size="10" <?php if ($date_input) {

39
inc/status_functions.inc.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {

168
inc/ticket/get_tickets.inc.php
Unescape Escape View File

@ -0,0 +1,168 @@
<?php
/**
* @param $search_filter Filter to search by. Valid criteria:
* //TODO
*/
function get_tickets($search_filter, $hesk_settings) {
$sql = "SELECT `id`, `trackid`, `name`, `email`, `category`, `priority`, `subject`, LEFT(`message`, 400) AS `message`,
`dt`, `lastchange`, `firstreply`, `closedat`, `status`, `openedby`, `firstreplyby`, `closedby`, `replies`, `staffreplies`, `owner`,
`time_worked`, `lastreplier`, `replierid`, `archive`, `locked`, `merged`, `due_date`, `latitude`, `longitude`, `user_agent`,
`screen_resolution_width`, `screen_resolution_height`";
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
$sql .= ", `" . $k . "`";
}
}
$sql .= " FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
// --> CATEGORY
$category = $search_filter['category'];
if ($category > 0 && hesk_okCategory($category, 0)) {
$sql .= " `category`='{$category}' ";
} else {
$sql .= hesk_myCategories();
}
// --> TAGGED
$tagged = $search_filter['tagged'];
if ($tagged) {
$sql .= " AND `archive`='1' ";
}
// --> TICKET ASSIGNMENT
$sql = handle_ticket_assignments($search_filter, $sql);
// --> TICKET STATUS
$statuses = $search_filter['status'];
if (count($statuses) > 0) {
$sql .= " AND `status` IN ('" . implode("','", $statuses) . "') ";
}
// --> TICKET PRIORITY
$priorities = $search_filter['priority'];
if (count($priorities) > 0) {
$sql .= " AND `priority` IN ('" . implode("','", array_keys($priority)) . "') ";
}
// Sorting
$sql .= " ORDER BY ";
// --> PUSH TO TOP
$force_to_top = $search_filter['force_to_top'];
$direction = $search_filter['force_direction'];
if ($force_to_top != NULL) {
if ($force_to_top == 'owner') {
$sql .= " CASE WHEN `owner` = '".intval($_SESSION['id'])."' THEN 1 ELSE 0 END DESC, `owner` ASC, ";
} else {
$sql .= ' `'.hesk_dbEscape($force_to_top).'` ';
$sql .= $direction == 'ascending' ? 'ASC, ' : 'DESC, ';
}
}
// --> CRITICAL ON TOP
$critical_on_top = $search_filter['critical_on_top'];
if ($critical_on_top) {
$sql .= " CASE WHEN `priority` = '0' THEN 1 ELSE 0 END DESC , ";
}
// --> SORT BY
$sort_by = $search_filter['sort_by'];
$sort_direction = $search_filter['sort_direction'];
if ($sort_by) {
$sql .= $sort_by == 'lastreplier'
? " CASE WHEN `lastreplier` = '0' THEN 0 ELSE 1 END DESC, COALESCE(`replierid`, NULLIF(`lastreplier`, '0'), `name`) "
: ' `'.hesk_dbEscape($sort_by).'` ';
} else {
$sql .= ' `status` ';
$sort_by = 'status';
}
$sql .= $sort_direction == 'ascending'
? ' ASC '
: ' DESC ';
if ($sort_by != 'priority') {
$sql .= ' , `priority` ASC ';
}
//Uncomment for debugging purposes
//echo "SQL: $sql";
$results = hesk_dbQuery($sql);
return $results;
}
function handle_ticket_assignments($search_filter, $sql) {
$assigned_to_self = $search_filter['assignment']['self'];
$assigned_to_others = $search_filter['assignment']['others'];
$assigned_to_no_one = $search_filter['assignment']['no_one'];
if (!$assigned_to_self && !$assigned_to_others && !$assigned_to_no_one) {
$assigned_to_self = true;
$assigned_to_others = true;
$assigned_to_no_one = true;
if (!defined('MAIN_PAGE')) {
hesk_show_notice($hesklang['e_nose']);
}
}
/* If the user doesn't have permission to view assigned to others block those */
if (!hesk_checkPermission('can_view_ass_others',0)) {
$assigned_to_others = 0;
}
/* If the user doesn't have permission to view unassigned tickets block those */
if (!hesk_checkPermission('can_view_unassigned',0)) {
$assigned_to_no_one = 0;
}
/* Process assignments */
if (!$assigned_to_self || !$assigned_to_others || !$assigned_to_no_one) {
if ($assigned_to_self && $assigned_to_others) {
// All but unassigned
$sql .= " AND `owner` > 0 ";
} elseif ($assigned_to_self && $assigned_to_no_one) {
// My tickets + unassigned
$sql .= " AND `owner` IN ('0', '" . intval($_SESSION['id']) . "') ";
} elseif ($assigned_to_others && $assigned_to_no_one) {
// Assigned to others + unassigned
$sql .= " AND `owner` != '" . intval($_SESSION['id']) . "' ";
}
elseif ($assigned_to_self) {
// Assigned to me only
$sql .= " AND `owner` = '" . intval($_SESSION['id']) . "' ";
} elseif ($assigned_to_others) {
// Assigned to others
$sql .= " AND `owner` NOT IN ('0', '" . intval($_SESSION['id']) . "') ";
} elseif ($assigned_to_no_one) {
// Only unassigned
$sql .= " AND `owner` = 0 ";
}
}
return $sql;
}
function get_empty_filter() {
$search_filter['category'] = NULL;
$search_filter['tagged'] = NULL;
$search_filter['status'] = NULL;
$search_filter['priority'] = NULL;
$search_filter['force_to_top'] = NULL;
$search_filter['force_direction'] = NULL;
$search_filter['critical_on_top'] = NULL;
$search_filter['sort_by'] = NULL;
$search_filter['sort_direction'] = NULL;
$search_filter['assignment'] = array();
$search_filter['assignment']['self'] = 0;
$search_filter['assignment']['others'] = 0;
$search_filter['assignment']['no_one'] = 0;
return $search_filter;
}

97
inc/ticket_list.inc.php
Unescape Escape View File

@ -1,33 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('MINIMUM_REFRESH_THRESHOLD_IN_SECONDS', 1);
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {
die('Invalid attempt');
@ -58,7 +40,6 @@ $result = hesk_dbQuery($sql_count);
$total = hesk_dbResult($result);
//-- Precondition: The panel has already been created, and there is NO open <div class="panel-body"> tag yet.
echo '<div class="panel-body">';
if ($total > 0) {
/* This query string will be used to browse pages */
@ -107,15 +88,7 @@ if ($total > 0) {
$next_page = ($page + 1 > $pages) ? 0 : $page + 1;
$autorefreshInSeconds = $_SESSION['autorefresh'] / 1000;
$autorefresh = '';
if ($autorefreshInSeconds >= MINIMUM_REFRESH_THRESHOLD_IN_SECONDS) {
$autorefresh = ' | ' . $hesklang['autorefresh'] . ' ' . $autorefreshInSeconds . ' ' . $hesklang['abbr']['second'];
?>
<script>
(function () {
setTimeout("location.reload(true);", <?php echo $_SESSION['autorefresh']; ?>);
})();
</script>
<?php }
echo sprintf($hesklang['tickets_on_pages'], $total, $pages) . $autorefresh . ' <br />';
if ($pages > 1) {
@ -244,13 +217,13 @@ if ($total > 0) {
$owner = '';
$first_line = '(' . $hesklang['unas'] . ')' . " \n\n";
if ($ticket['owner'] == $_SESSION['id']) {
$owner = '<span class="assignedyou" title="' . $hesklang['tasy2'] . '"><span class="glyphicon glyphicon-user" data-toggle="tooltip" data-placement="top" title="' . $hesklang['tasy2'] . '"></span></span> ';
$owner = '<span class="red" title="' . $hesklang['tasy2'] . '"><span class="glyphicon glyphicon-user" data-toggle="tooltip" data-placement="top" title="' . $hesklang['tasy2'] . '"></span></span> ';
$first_line = $hesklang['tasy2'] . " \n\n";
} elseif ($ticket['owner']) {
if (!isset($admins[$ticket['owner']])) {
$admins[$ticket['owner']] = $hesklang['e_udel'];
}
$owner = '<span class="assignedother" title="' . $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . '"><span class="glyphicon glyphicon-user" data-toggle="tooltip" data-placement="top" title="' . $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . '"></span></span> ';
$owner = '<span class="green" title="' . $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . '"><span class="glyphicon glyphicon-user" data-toggle="tooltip" data-placement="top" title="' . $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . '"></span></span> ';
$first_line = $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . " \n\n";
}
@ -404,14 +377,11 @@ if ($total > 0) {
// Print custom fields
foreach ($hesk_settings['custom_fields'] as $key => $value) {
if ($value['use'] && hesk_show_column($key)) {
echo '<td class="' . $color . '">';
if ($value['type'] == 'date' && !empty($ticket[$key])) {
$dt = date('Y-m-d h:i:s', $ticket[$key]);
echo hesk_dateToString($dt, 0);
} else {
echo $ticket[$key];
}
echo '</td>';
echo '<td class="'.$color.'">'.
($value['type'] == 'date'
? hesk_custom_date_display_format($ticket[$key], $value['value']['date_format'])
: $ticket[$key]).
'</td>';
}
}
@ -422,11 +392,15 @@ if ($total > 0) {
} // End while
?>
</table>
</div>
&nbsp;<br/>
<hr>
<table border="0" width="100%">
<tr>
<td>
<a href="new_ticket.php" class="btn btn-success pull-left">
<span class="glyphicon glyphicon-plus-sign"></span>
<?php echo $hesklang['nti']; ?>
</a>
</td>
<td width="50%" class="text-right" style="vertical-align:top">
<select class="form-control" name="a">
<option value="low"
@ -436,8 +410,13 @@ if ($total > 0) {
<option value="high"><?php echo $hesklang['set_pri_to'] . ' ' . $hesklang['high']; ?></option>
<option
value="critical"><?php echo $hesklang['set_pri_to'] . ' ' . $hesklang['critical']; ?></option>
<?php
if (hesk_checkPermission('can_resolve', 0)) {
?>
<option value="close"><?php echo $hesklang['close_selected']; ?></option>
<?php
}
if (hesk_checkPermission('can_add_archive', 0)) {
?>
<option value="tag"><?php echo $hesklang['add_archive_quick']; ?></option>
@ -475,17 +454,6 @@ else {
echo '<div class="row"><div class="col-sm-12">';
$autorefreshInSeconds = $_SESSION['autorefresh'] / 1000;
if ($autorefreshInSeconds >= MINIMUM_REFRESH_THRESHOLD_IN_SECONDS) {
echo $hesklang['autorefresh'] . ' ' . $autorefreshInSeconds . ' ' . $hesklang['abbr']['second'];
?>
<script>
(function () {
setTimeout("location.reload(true);", <?php echo $_SESSION['autorefresh']; ?>);
})();
</script>
<?php
}
if (isset($is_search) || $href == 'find_tickets.php') {
hesk_show_notice($hesklang['no_tickets_crit']);
} else {
@ -494,8 +462,7 @@ else {
echo '</div></div>';
}
echo '</div>
</div>';
echo '</div>';
function hesk_print_list_head()

1
inc/view_attachment_functions.inc.php
Unescape Escape View File

@ -14,7 +14,6 @@ function mfh_listAttachments($attachments = '', $reply = 0, $is_staff)
}
/* List attachments */
echo '<p><b>' . $hesklang['attachments'] . ':</b></p><br />';
$att = explode(',', substr($attachments, 0, -1));
echo '<div class="table-responsive">';
echo '<table class="table table-striped attachment-table">';

893
index.php
View File

File diff suppressed because it is too large Load Diff

4
install/install_functions.inc.php
Unescape Escape View File

@ -36,8 +36,8 @@
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
// We will be installing this HESK version:
define('HESK_NEW_VERSION','2.6.7');
define('MODS_FOR_HESK_NEW_VERSION','2.6.4');
define('HESK_NEW_VERSION','2.7.0');
define('MODS_FOR_HESK_NEW_VERSION','3.0.0 beta 1');
define('REQUIRE_PHP_VERSION','5.3.0');
define('REQUIRE_MYSQL_VERSION','5.0.7');

2
install/mods-for-hesk/ajax/install-database-ajax.php
Unescape Escape View File

@ -68,6 +68,8 @@ if ($version == 2) {
execute263Scripts();
} elseif ($version == 31) {
execute264Scripts();
} elseif ($version == 32) {
execute300Beta1Scripts();
} else {
$response = 'The version "' . $version . '" was not recognized. Check the value submitted and try again.';
print $response;

1
install/mods-for-hesk/installModsForHesk.php
Unescape Escape View File

@ -40,6 +40,7 @@ $buildToVersionMap = array(
29 => '2.6.2',
30 => '2.6.3',
31 => '2.6.4',
32 => '3.0.0 beta 1',
);
function echoInitialVersionRows($version, $build_to_version_map)

3
install/mods-for-hesk/js/version-scripts.js
Unescape Escape View File

@ -89,6 +89,9 @@ function processUpdates(startingVersion) {
} else if (startingVersion < 31) {
startVersionUpgrade('264');
executeUpdate(31, '264', '2.6.4');
} else if (startingVersion < 32) {
startVersionUpgrade('300b1');
executeUpdate(32, '300b1', '3.0.0 beta 1');
} else {
installationFinished();
}

1
install/mods-for-hesk/modsForHesk.php
Unescape Escape View File

@ -117,6 +117,7 @@ hesk_dbConnect();
<div class="col-md-8">
<select name="current-version" class="form-control">
<optgroup label="Mods for HESK 2">
<option value="31">2.6.3</option>
<option value="30">2.6.3</option>
<option value="29">2.6.2</option>
<option value="28">2.6.1</option>

85
install/mods-for-hesk/sql/installSql.php
Unescape Escape View File

@ -822,25 +822,70 @@ function execute264Scripts() {
updateVersion('2.6.4');
}
function execute270Scripts() {
global $hesk_settings;
hesk_dbConnect();
// Verison 3.0.0 Beta 1
function execute300Beta1Scripts() {
global $hesk_settings;
hesk_dbConnect();
$hesk_statuses = executeQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "custom_statuses` ORDER BY `order`");
$next_status_id_rs = executeQuery("SELECT MAX(`ID`) AS `last_id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses`");
$next_status_id_row = hesk_dbFetchAssoc($next_status_id_rs);
$next_status_id = intval($next_status_id_row['last_id']) + 1;
$next_sort_rs = executeQuery("SELECT MAX(`sort`) AS `last_sort` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses`");
$next_sort_row = hesk_dbFetchAssoc($next_sort_rs);
$next_sort = intval($next_sort_row['last_sort']) + 10;
while ($row = hesk_dbFetchAssoc($hesk_statuses)) {
$closable = $row['can_customers_change'] == '1' ? 'yes' : 'sonly';
executeQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` (`ID`,
`TextColor`,
`IsNewTicketStatus`,
`IsClosed`,
`IsClosedByClient`,
`IsCustomerReplyStatus`,
`IsStaffClosedOption`,
`IsStaffReopenedStatus`,
`IsDefaultStaffReplyStatus`,
`LockedTicketStatus`,
`IsAutocloseOption`,
`Closable`,
`Key`,
`sort`)
VALUES (" . $next_status_id . ",
'#" . $row['color'] . "',
0,
0,
0,
0,
0,
0,
0,
0,
0,
'" . $closable . "',
'STORED IN XREF TABLE',
" . $next_sort . ")");
$languages = json_decode($row['name']);
foreach ($languages as $language => $text) {
executeQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "text_to_status_xref` (`language`, `text`, `status_id`)
VALUES ('" . $language . "', '" . $text . "', " . $next_status_id . ")");
}
executeQuery("CREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "custom_nav_element` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
`location` INT NOT NULL,
`image_url` VARCHAR(255),
`font_icon` VARCHAR(255),
`header_text_key` VARCHAR(255) NOT NULL,
`description_key` VARCHAR(255),
`url` VARCHAR(255) NOT NULL
) ENGINE = MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci");
executeQuery("CREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "text_to_nav_element_xref` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
`language` VARCHAR(200) NOT NULL,
`text` VARCHAR(200) NOT NULL,
`nav_element_id` INT NOT NULL,
`nav_element_text_type` INT NOT NULL
)");
// Increment the next ID and sort
$next_status_id++;
$next_sort += 10;
}
// Migrate user's autorefresh columns to the new autoreload column
// Mods for HESK is in millis; HESK is in seconds.
executeQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `autoreload` = `autorefresh` / 10");
// Add the admin_color_scheme setting
executeQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` (`Key`, `Value`) VALUES ('admin_color_scheme', 'skin-blue')");
updateVersion('3.0.0 beta 1');
}

8
internal-api/js/admin-ticket.js
Unescape Escape View File

@ -1,8 +1,7 @@
$(document).ready(function() {
var $readonlyDueDateContainer = $('#readonly-due-date');
var $editableDueDateContainer = $('#editable-due-date');
var $dueDateButton = $('#due-date-button');
$dueDateButton.click(function() {
$readonlyDueDateContainer.click(function() {
$readonlyDueDateContainer.hide();
$editableDueDateContainer.show();
if ($readonlyDueDateContainer.find('span#due-date').text().trim() == 'None') {
@ -37,4 +36,9 @@ $(document).ready(function() {
}
});
});
$('#related-tickets-link').click(function() {
$(this).hide();
$('.related-ticket').show();
})
});

13
js/adminlte.min.js vendored
View File

File diff suppressed because one or more lines are too long

43
knowledgebase.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', './');
@ -91,7 +74,7 @@ if (isset($_GET['rating'])) {
");
}
setcookie('hesk_kb_rate', $_COOKIE['hesk_kb_rate'] . 'a' . $artid . '%', time() + 2592000);
hesk_setcookie('hesk_kb_rate', $_COOKIE['hesk_kb_rate'] . 'a' . $artid . '%', time() + 2592000);
header('Location: knowledgebase.php?article=' . $artid . '&rated=1');
exit();
}
@ -263,7 +246,7 @@ if (!$show['show']) {
// Update views by 1 - exclude known bots and reloads because of ratings
if (!isset($_GET['rated']) && !hesk_detect_bots()) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid}");
}
if (!isset($_GET['suggest'])) {
$historyNumber = isset($_GET['rated']) ? '-2' : '-1';

229
language/en/text.php
Unescape Escape View File

@ -21,6 +21,55 @@ $hesklang['_COLLATE']='utf8_unicode_ci';
// This is the email break line that will be used in email piping
$hesklang['EMAIL_HR']='------ Reply above this line ------';
// ADDED OR MODIFIED IN Mods for HESK 2.7.0
$hesklang['you_have_x_messages'] = 'You have %s new %s'; // %s: Number of new messages, "message" or "messages", depending on #
$hesklang['message_lower_case'] = 'message';
$hesklang['messages_lower_case'] = 'messages';
$hesklang['deleted_user_title_case'] = 'Deleted User';
$hesklang['main_navigation_uppercase'] = 'MAIN NAVIGATION';
$hesklang['x_system_warnings'] = '%s System %s'; // %s: Number of warnings, $s: "Warning" or "Warnings", depending on #
$hesklang['warnings_title_case'] = 'Warnings';
$hesklang['articles_in_category_x'] = 'Articles in Category %s'; // %s: category name
$hesklang['private_category_star'] = 'Private categories indicated by *';
$hesklang['private_article_star'] = 'Private articles indicated by *';
$hesklang['ticket_details'] = 'Ticket Details';
$hesklang['more'] = 'More';
$hesklang['language_colon'] = 'Language:';
$hesklang['created_colon'] = 'Created:';
$hesklang['updated_colon'] = 'Updated:';
$hesklang['last_replier_colon'] = 'Last replier:';
$hesklang['click_to_edit'] = 'Click to edit';
$hesklang['no_device_information'] = 'No device information';
$hesklang['message_colon'] = 'Message:';
$hesklang['original_message'] = 'Original message';
$hesklang['reply_by_customer'] = 'Reply by customer';
$hesklang['reply_by_staff'] = 'Reply by staff';
$hesklang['timeline_today'] = 'Today';
$hesklang['no_notes_for_this_ticket'] = 'No notes for this ticket';
$hesklang['private_message_header'] = 'Private Message';
$hesklang['date_colon'] = 'Date:';
$hesklang['api_information'] = 'API Information';
$hesklang['api_version'] = 'API Version';
$hesklang['external_api'] = 'External API';
$hesklang['external_api_help'] = 'Enable or Disable the external REST API';
$hesklang['disabled_title_case'] = 'Disabled';
$hesklang['enabled_title_case'] = 'Enabled';
$hesklang['api_settings'] = 'API Settings';
$hesklang['user_security'] = 'User Security';
$hesklang['api_documentation'] = 'API Documentation';
$hesklang['changes_saved'] = 'Changes saved!';
$hesklang['save_failed_check_logs'] = 'Saving changes failed. Check the logs for more information.';
$hesklang['number_of_tokens'] = 'Number of Tokens';
$hesklang['generate_new_token'] = 'Generate New Token';
$hesklang['revoke_all_tokens'] = 'Revoke All Tokens';
$hesklang['generated_token_colon'] = 'Generated Token:';
$hesklang['record_this_token_warning'] = 'Please record this token, as this is the only time you will be able to view it!';
$hesklang['all_tokens_revoked'] = 'All tokens for this user have been revoked';
$hesklang['staff_login_title'] = 'Staff Login';
$hesklang['manage_custom_fields'] = 'Manage Custom Fields';
$hesklang['value'] = 'Value';
$hesklang['readonly'] = 'Readonly';
// ADDED OR MODIFIED IN Mods for HESK 2.6.0
$hesklang['search_logs'] = 'Search Logs';
$hesklang['date_logged'] = 'Date Logged';
@ -1351,7 +1400,6 @@ $hesklang['import']='You are importing a <i>private ticket</i> into a <i>public
$hesklang['tab_1']='General';
$hesklang['tab_2']='Help Desk';
$hesklang['tab_3']='Knowledgebase';
$hesklang['tab_4']='Custom Fields';
$hesklang['tab_5']='Misc';
$hesklang['disable']='Disable';
$hesklang['dat']='Date &amp; Time';
@ -1717,7 +1765,6 @@ $hesklang['mm3']='We apologize for the inconvenience and ask that you please try
$hesklang['mma1']='Maintenance mode is active!';
$hesklang['mma2']='Customers are not able to use the help desk.';
$hesklang['tools']='Tools';
$hesklang['banemail']='Banned Emails';
$hesklang['banemail_intro']='Prevent certain email addresses from submitting tickets to your help desk.';
$hesklang['no_banemails']='<i>No emails are being banned.</i>';
$hesklang['eperm']='Permanent email bans:';
@ -1737,7 +1784,6 @@ $hesklang['can_ban_emails']='Can ban emails';
$hesklang['can_unban_emails']='Can unban emails (enables Can ban emails)';
$hesklang['eisban']='This email address is banned.';
$hesklang['click_unban']='Click here to unban.';
$hesklang['banip']='Banned IPs';
$hesklang['banip_intro']='Visitors from banned IP addresses will not be able to view or submit tickets and login into the help desk.';
$hesklang['ipperm']='Permanent IP bans:';
$hesklang['iptemp']='Login failure bans:';
@ -1809,7 +1855,7 @@ $hesklang['ekb_y']='<b>YES</b>, enable Knowledgebase';
$hesklang['ekb_o']='<b>YES</b>, use HESK as a Knowledgebase only (<i>disable help desk</i>)';
$hesklang['kb_set']='Knowledgebase settings';
$hesklang['kbo1']='Knowledgebase-only mode';
$hesklang['kbo2']='<br /><br />Visitors cannot submit new support tickets and are taken directly to the knowledgebase.';
$hesklang['kbo2']='Visitors cannot submit new support tickets and are taken directly to the knowledgebase.';
$hesklang['fpass']='Forgot your password?';
$hesklang['passr']='Password reset';
$hesklang['passa']='Allow users to reset a forgot password over email';
@ -1843,5 +1889,180 @@ $hesklang['rcpv']='Secret key (Private key)';
// If your language is NOT in the supported langauges, leave 'en'
$hesklang['RECAPTCHA']='en';
// Added or modified in version 2.7.0
$hesklang['imap']='IMAP Fetching';
$hesklang['imaph']='IMAP Host';
$hesklang['imapp']='IMAP Port';
$hesklang['enc']='Encryption';
$hesklang['ssl']='SSL';
$hesklang['tls']='TLS';
$hesklang['none']='None';
$hesklang['imapu']='IMAP Username';
$hesklang['imapw']='IMAP Password';
$hesklang['imaptest']='Test IMAP connection';
$hesklang['ifd']='[HESK] IMAP FETCHING IS DISABLED IN SETTINGS';
$hesklang['iei']='[HESK] PHP IMAP extension is not installed.';
$hesklang['ifr']='Another IMAP fetching task is still in progress.';
$hesklang['arp']='Auto reload page';
$hesklang['arpp']='Automatically reload page with ticket list every:';
$hesklang['seconds']='seconds'; // Reload page every X 'seconds'
$hesklang['minutes']='minutes'; // Reload page every X 'minutes'
$hesklang['atbr']='This ticket needs to be assigned before it can be replied to.';
$hesklang['attm']='Assign this ticket to me';
$hesklang['owneed']='Owner needed';
$hesklang['taat']='This ticket is already assigned to <b>%s</b>.';
$hesklang['scoy']='Are you sure you want to assign it to yourself?';
$hesklang['scot']='Are you sure you want to assign it to %s?';
$hesklang['ycto']='YES, change the owner';
$hesklang['ncto']='NO, keep current owner';
$hesklang['fass']='Require owner';
$hesklang['req_sub']='Require subject';
$hesklang['req_msg']='Require message';
$hesklang['req_email']='Require email';
$hesklang['default_subject']='Ticket from %s'; // Default ticket subject, %s will be replaced with name
$hesklang['off-hide']='Hide in customer form';
$hesklang['ons']='ON - Everyone'; // For admin settings page
$hesklang['not_valid_email']='Enter a valid email address or leave this field empty';
$hesklang['write_down']='<span style="color:red">We recommend that you write down your Ticket ID for future reference.</span>';
$hesklang['re_confirm1']='Disabling this will also disable "Require email to view tickets" under "Security". Proceed?';
$hesklang['re_confirm2']='Enabling this will also enable "Require email" under "Features". Proceed?';
$hesklang['can_email_tpl']='Edit email templates'; // Staff permission
$hesklang['et_title']='Email templates';
$hesklang['et_intro']='Modify emails that are sent to your staff and customers';
$hesklang['file']='File';
$hesklang['efile']='Editing file';
$hesklang['rdesc']='(Recipient) Description';
$hesklang['desc_forgot_ticket_id'] = '(Customer) Forgot ticket tracking ID';
$hesklang['desc_new_reply_by_staff'] = '(Customer) New staff reply';
$hesklang['desc_new_ticket'] = '(Customer) Ticket received';
$hesklang['desc_ticket_closed'] = '(Customer) Ticket closed/resolved';
$hesklang['desc_category_moved'] = '(Staff) Ticket moved to a new category';
$hesklang['desc_new_reply_by_customer'] = '(Staff) New customer reply';
$hesklang['desc_new_ticket_staff'] = '(Staff) New ticket submitted';
$hesklang['desc_ticket_assigned_to_you'] = '(Staff) A ticket was assigned to you';
$hesklang['desc_new_pm'] = '(Staff) New private message';
$hesklang['desc_new_note'] = '(Staff) New note on a ticket assigned to you';
$hesklang['desc_reset_password'] = '(Staff) Reset your password';
$hesklang['etfm']='One or more email templates are missing.<br /><br />Make sure you upload all email template files inside your <i>/language/%s/emails</i> folder.';
$hesklang['etfw']='Some email templates are not writable.<br /><br />
Make sure PHP has permission to write to all files inside your <i>/language/%s/emails</i> folder.<br /><br />
On Unix servers you might need to CHMOD email templates to 666 (rw-rw-rw-)';
$hesklang['et_e_id']='Missing template ID';
$hesklang['et_fm']='This email template file is missing';
$hesklang['et_fw']='This email template file is not writable';
$hesklang['et_save']='Save email template';
$hesklang['updated_on']='Updated on';
$hesklang['ticket_url']='Ticket URL';
$hesklang['pm_url']='Private message URL';
$hesklang['et_num']='Number of tickets';
$hesklang['et_list']='List of support tickets';
$hesklang['et_empty']='Email template cannot be empty';
$hesklang['et_saved']='Email template saved';
$hesklang['source']='Source';
$hesklang['select_category']='Select a category';
$hesklang['select_category_text']='What can we help you with?';
$hesklang['select_category_staff']='Select ticket category';
$hesklang['scat']='Category select limit';
$hesklang['scat2']='(a select box will show if category count is higher)';
$hesklang['new_cf']='New custom field';
$hesklang['cf_intro']='Use this feature to add custom fields to the Submit a ticket form so you can collect additional data from customers.';
$hesklang['cf_public']='Public';
$hesklang['cf_private']='Staff only';
$hesklang['cf_cust']='For customers';
$hesklang['cf_all']='All';
$hesklang['cf_cat']='Selected';
$hesklang['cf_ctrl']='Tip: hold down CTRL key to select multiple categories';
$hesklang['visibility']='Visibility';
$hesklang['cf_save']='Save custom field';
$hesklang['ex_cf']='Active custom fields';
$hesklang['no_cf']='No active custom fields';
$hesklang['del_cf']='Delete this custom field? This will also delete any saved custom field data from the database!';
$hesklang['cf_e_id']='Invalid ID';
$hesklang['edit_cf']='Edit custom field';
$hesklang['cf_deleted']='Custom field deleted';
$hesklang['cf_not_found']='This custom field does not exist';
$hesklang['err_custname']='Enter custom field name';
$hesklang['cf_added']='A new custom field has been added';
$hesklang['cf_nocat']='Select at least one category for this custom field';
$hesklang['cf_mdf']='Custom field has been saved';
$hesklang['opt4']='Options for this checkbox, enter one option per line. Each line will be a choice your customers can choose from, multiple choices are possible.';
$hesklang['atl1']='Enter at least one option.';
$hesklang['sch']='Hidden';
$hesklang['meml3']='Allow multiple emails to be entered';
$hesklang['dmin']='Minimum accepted date';
$hesklang['dmax']='Maximum accepted date';
$hesklang['d_day']='day(s)';
$hesklang['d_week']='week(s)';
$hesklang['d_month']='month(s)';
$hesklang['d_year']='year(s)';
$hesklang['d_any']='Any date';
$hesklang['d_fixed']='Fixed date';
$hesklang['d_relative']='Relative date';
$hesklang['d_mm']='Minimum date may not be higher than maximum date';
$hesklang['d_emin']='Minimum date for <i>%s</i> is %s'; // Minimum date for FIELD_NAME is DATE
$hesklang['d_emax']='Maximum date for <i>%s</i> is %s'; // Maximum date for FIELD_NAME is DATE
$hesklang['d_format']='Date display format';
$hesklang['d_custom']='Custom format';
$hesklang['d_ci']='ADVANCED USERS ONLY: a valid PHP date format, see PHP manual.';
$hesklang['cf_noe']='Enter a valid email address into <i>%s</i>';
$hesklang['cf_noem']='Enter one or more valid email addresses into <i>%s</i>';
$hesklang['cf_limit']='You have 50 active custom fields, no new can be created.';
$hesklang['can_resolve']='Can resolve tickets';
$hesklang['can_change_cat']='Change ticket category (to any)';
$hesklang['can_change_own_cat']='Change ticket category (to allowed)';
$hesklang['can_submit_any_cat']='Can submit tickets to any category';
$hesklang['noauth_submit']='You are not authorized to submit tickets to this category!';
$hesklang['noauth_move']='You are not authorized to move tickets to this category!';
$hesklang['noauth_resolve']='You are not authorized to resolve tickets!';
$hesklang['force_ssl']='Force SSL connections';
$hesklang['d_ssl']='<i>disabled</i> - open this page with https:// to manage this option';
$hesklang['enn']='Except for tickets from emails if email subject contains:';
$hesklang['scno']='This status cannot be changed';
$hesklang['statuses']='Statuses';
$hesklang['statuses_intro']='Use this tool to add custom ticket statuses to your help desk';
$hesklang['color']='Color';
$hesklang['csscl']='CSS class or color';
$hesklang['clr_view']='Color preview on text';
$hesklang['cbc']='Changeable by customers';
$hesklang['ccc']='Can customers change this status?';
$hesklang['del_status']='Delete this status?';
$hesklang['ex_status']='Existing statuses';
$hesklang['status_hesk']='Built-in Statuses (cannot be modified here)';
$hesklang['status_custom']='Custom Statuses';
$hesklang['status_custom_none']='No custom statuses. You can add them using the form above.';
$hesklang['status_save']='Save status';
$hesklang['list_tkt_status']='List all tickets with this status';
$hesklang['new_status']='New custom status';
$hesklang['edit_status']='Edit custom status';
$hesklang['err_status']='Enter the status name';
$hesklang['status_added']='A new custom status has been added';
$hesklang['status_e_id']='Invalid ID';
$hesklang['status_mdf']='Custom status has been saved';
$hesklang['status_deleted']='Custom status deleted';
$hesklang['status_not_found']='This custom status does not exist';
$hesklang['status_not_empty']='This status cannot be removed because tickets with this status exist';
$hesklang['status_limit']='You have 100 custom statuses, no new can be created.';
$hesklang['public_link']='Public link'; // Link to the public KB article in the private KB pages
$hesklang['frames']='Frames';
$hesklang['frames2']='Prevent loading HESK in frames on third party domains';
$hesklang['numsub']='Submitted tickets'; // Will show how many tickets this user submitted
$hesklang['hidf']='Hidden inputs are not visible to customers on the Submit a ticket form (the value will still be visible on ticket details page if they are set as public). They behave as normal text fields for staff members.';
$hesklang['rcheck']='Do not select a default option';
$hesklang['refresh_page']='Refresh this page';
$hesklang['banemail']='Ban emails';
$hesklang['banip']='Ban IPs';
$hesklang['tab_4']='Custom fields';
$hesklang['del_kba']='Delete this article';
$hesklang['del_kbaa']='Permanently delete this article';
$hesklang['hni1']='HESK not installed yet?';
$hesklang['hni2']='It appears that this help desk has not been properly installed and configured yet.';
$hesklang['hni3']='To install HESK, follow <a href="docs/">Instructions in the documentation</a>';
$hesklang['cf']='Cache folder';
$hesklang['e_cdir']='Hesk will not be able to parse emails or cache results unless the cache folder exists and is writable.';
$hesklang['step1']='Step 1';
$hesklang['step2']='Step 2';
$hesklang['dffs']='When download completes, delete the file from server';
$hesklang['fd']='Export file deleted from server';
// DO NOT CHANGE BELOW
if (!defined('IN_SCRIPT')) die('PHP syntax OK!');

63
print.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', './');
@ -55,6 +38,9 @@ $trackingID = hesk_cleanID('p_track') or die("$hesklang[int_error]: $hesklang[no
/* Connect to database */
hesk_dbConnect();
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
// Perform additional checks for customers
if (empty($_SESSION['id'])) {
// Are we in maintenance mode?
@ -218,15 +204,17 @@ echo '</tr>';
$num_cols = 0;
echo '<tr>';
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
if (($v['use'] == 1 || (! empty($_SESSION['id']) && $v['use'] == 2)) && hesk_is_custom_field_in_category($k, $ticket['category'])) {
if ($num_cols == 3) {
echo '</tr><tr>';
$num_cols = 0;
}
switch ($v['type']) {
case 'date':
$ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
break;
}
?>
<td bgcolor="#EEE"><b><?php echo $v['name']; ?>:</b></td>
<td bgcolor="#DDD"><?php echo hesk_unhortenUrl($ticket[$k]); ?></td>
@ -239,11 +227,14 @@ foreach ($hesk_settings['custom_fields'] as $k => $v) {
echo '</table><br>';
// Print initial ticket message
$newMessage = hesk_unhortenUrl($ticket['message']);
if ($ticket['html']) {
if ($ticket['message'] != '') {
$newMessage = hesk_unhortenUrl($ticket['message']);
if ($ticket['html']) {
$newMessage = hesk_html_entity_decode($newMessage);
}
echo '<p>' . $newMessage . '</p>';
}
echo '<p>' . $newMessage . '</p>';
// Print replies
while ($reply = hesk_dbFetchAssoc($res)) {

59
reply_ticket.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', './');
@ -185,17 +168,19 @@ if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
}
// If staff hasn't replied yet, don't change the status; otherwise set it to the status for customer replies.
$customerReplyStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsCustomerReplyStatus` = 1';
$defaultNewTicketStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1';
$newStatusRs = hesk_dbQuery($customerReplyStatusQuery);
$newStatus = hesk_dbFetchAssoc($newStatusRs);
$defaultNewTicketStatusRs = hesk_dbQuery($defaultNewTicketStatusQuery);
$defaultNewTicketStatus = hesk_dbFetchAssoc($defaultNewTicketStatusRs);
$ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];
if (hesk_can_customer_change_status($ticket['status'])) {
$customerReplyStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsCustomerReplyStatus` = 1';
$defaultNewTicketStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1';
$newStatusRs = hesk_dbQuery($customerReplyStatusQuery);
$newStatus = hesk_dbFetchAssoc($newStatusRs);
$defaultNewTicketStatusRs = hesk_dbQuery($defaultNewTicketStatusQuery);
$defaultNewTicketStatus = hesk_dbFetchAssoc($defaultNewTicketStatusRs);
$ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];
}
/* Update ticket as necessary */
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}' LIMIT 1");
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}'");
// Insert reply into database
$modsForHesk_settings = mfh_getSettings();

186
submit_ticket.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', './');
@ -150,24 +133,46 @@ if ($hesk_settings['secimg_use'] && !isset($_SESSION['img_verified'])) {
}
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
$tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email'];
$email_available = true;
if ($hesk_settings['require_email']) {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
} else {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
// Not required, but must be valid if it is entered
if ($tmpvar['email'] == '') {
$email_available = false;
if (strlen(hesk_POST('email'))) {
$hesk_error_buffer['email'] = $hesklang['not_valid_email'];
}
// No need to confirm the email
$hesk_settings['confirm_email'] = 0;
$_POST['email2'] = '';
$_SESSION['c_email'] = '';
$_SESSION['c_email2'] = '';
}
}
if ($hesk_settings['confirm_email']) {
$tmpvar['email2'] = hesk_validateEmail(hesk_POST('email2'), 'ERR', 0) or $hesk_error_buffer['email2'] = $hesklang['confemail2'];
// Anything entered as email confirmation?
if (strlen($tmpvar['email2'])) {
if ($tmpvar['email2'] != '') {
// Do we have multiple emails?
if ($hesk_settings['multi_eml']) {
$tmpvar['email'] = str_replace(';', ',', $tmpvar['email']);
$tmpvar['email2'] = str_replace(';', ',', $tmpvar['email2']);
if (count(array_diff(explode(',', strtolower($tmpvar['email'])), explode(',', strtolower($tmpvar['email2'])))) == 0) {
$_SESSION['c_email2'] = $_POST['email2'];
$_SESSION['c_email2'] = hesk_POST('email2');
}
} // Single email address match
elseif (!$hesk_settings['multi_eml'] && strtolower($tmpvar['email']) == strtolower($tmpvar['email2'])) {
$_SESSION['c_email2'] = $_POST['email2'];
$_SESSION['c_email2'] = hesk_POST('email2');
} else {
// Invalid match
$tmpvar['email2'] = '';
@ -177,7 +182,7 @@ if ($hesk_settings['confirm_email']) {
$hesk_error_buffer['email2'] = $hesklang['confemaile'];
}
} else {
$_SESSION['c_email2'] = $_POST['email2'];
$_SESSION['c_email2'] = hesk_POST('email2');
}
}
@ -207,8 +212,25 @@ else {
}
}
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer['message'] = $hesklang['enter_message'];;
if ($hesk_settings['require_subject'] == -1) {
$tmpvar['subject'] = '';
} else {
$tmpvar['subject'] = hesk_input( hesk_POST('subject') );
if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
$hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
}
}
if ($hesk_settings['require_message'] == -1) {
$tmpvar['message'] = '';
} else {
$tmpvar['message'] = hesk_input( hesk_POST('message') );
if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
$hesk_error_buffer['message'] = $hesklang['enter_message'];
}
}
// Is category a valid choice?
if ($tmpvar['category']) {
@ -222,60 +244,86 @@ if ($tmpvar['category']) {
// Custom fields
$modsForHesk_settings = mfh_getSettings();
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use']==1 && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
if ($v['type'] == 'checkbox') {
$tmpvar[$k]='';
if ($v['type'] == 'checkbox' || $v['type'] == 'multiselect') {
$tmpvar[$k] = '';
if (isset($_POST[$k])) {
if (is_array($_POST[$k])) {
if (isset($_POST[$k]) && is_array($_POST[$k])) {
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';;
}
$tmpvar[$k] = substr($tmpvar[$k], 0, -6);
$tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';;
}
$tmpvar[$k]=substr($tmpvar[$k],0,-6);
} else {
if ($v['req']) {
$hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name'];
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
$_POST[$k] = '';
}
$_SESSION["c_$k"] = hesk_POST_array($k);
} elseif ($v['req']) {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
$_SESSION["c_$k"] = hesk_POST($k);
if (!strlen($tmpvar[$k])) {
$hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name'];
}
$_SESSION["c_$k"]=hesk_POST_array($k);
} elseif ($v['type'] == 'date') {
$tmpvar[$k] = hesk_POST($k);
$_SESSION["c_$k"] = '';
if ($v['type'] == 'date') {
$tmpvar[$k] = strtotime($_POST[$k]);
if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
$date = strtotime($tmpvar[$k] . ' t00:00:00');
$dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
$dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
$_SESSION["c_$k"] = $tmpvar[$k];
if ($dmin && $dmin > $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
} elseif ($dmax && $dmax < $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
} else {
$tmpvar[$k] = $date;
}
} else {
if ($v['type'] == 'date' && $_POST[$k] != '') {
$tmpvar[$k] = strtotime($_POST[$k]);
if ($v['req']) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
}
} elseif ($v['type'] == 'email') {
$tmp = $hesk_settings['multi_eml'];
$hesk_settings['multi_eml'] = $v['value']['multiple'];
$tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
$hesk_settings['multi_eml'] = $tmp;
if ($tmpvar[$k] != '') {
$_SESSION["c_$k"] = hesk_input($tmpvar[$k]);
} else {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
$_SESSION["c_$k"] = '';
if ($v['req']) {
$hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
}
}
} elseif ($v['req']) {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
if ($tmpvar[$k] == '') {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
$_SESSION["c_$k"]=hesk_POST($k);
} else {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
$_SESSION["c_$k"]=hesk_POST($k);
}
} else {
$tmpvar[$k] = '';
}
}
// Check bans
if (!isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
if ($email_available && ! isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
hesk_error($hesklang['baned_e']);
}
// Check maximum open tickets limit
$below_limit = true;
if ($hesk_settings['max_open'] && !isset($hesk_error_buffer['email'])) {
if ($email_available && $hesk_settings['max_open'] && ! isset($hesk_error_buffer['email'])) {
$res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN (SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsClosed` = 0) AND " . hesk_dbFormatEmail($tmpvar['email']));
$num = hesk_dbResult($res);
@ -327,7 +375,6 @@ if (count($hesk_error_buffer)) {
$_SESSION['c_name'] = hesk_POST('name');
$_SESSION['c_email'] = hesk_POST('email');
$_SESSION['c_category'] = hesk_POST('category');
$_SESSION['c_priority'] = hesk_POST('priority');
$_SESSION['c_subject'] = hesk_POST('subject');
$_SESSION['c_message'] = hesk_POST('message');
@ -343,7 +390,7 @@ if (count($hesk_error_buffer)) {
}
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $tmp . '</ul>';
hesk_process_messages($hesk_error_buffer, 'index.php?a=add');
hesk_process_messages($hesk_error_buffer, 'index.php?a=add&category='.$tmpvar['category']);
}
if (!$modsForHesk_settings['rich_text_for_tickets_for_customers']) {
@ -389,7 +436,7 @@ $tmpvar['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
// Should the helpdesk validate emails?
$createTicket = true;
if ($modsForHesk_settings['customer_email_verification_required']) {
if ($modsForHesk_settings['customer_email_verification_required'] && $email_available) {
$verifiedEmailSql = "SELECT `Email` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "verified_emails` WHERE `Email` = '" . hesk_dbEscape($tmpvar['email']) . "'";
$verifiedEmailRS = hesk_dbQuery($verifiedEmailSql);
if ($verifiedEmailRS->num_rows == 0) {
@ -414,7 +461,7 @@ if ($createTicket) {
$ticket = hesk_newTicket($tmpvar);
// Notify the customer
if ($hesk_settings['notify_new']) {
if ($hesk_settings['notify_new'] && $email_available) {
hesk_notifyCustomer($modsForHesk_settings);
}
@ -434,7 +481,7 @@ $_SESSION['already_submitted'] = 1;
// Need email to view ticket? If yes, remember it by default
if ($hesk_settings['email_view_ticket']) {
setcookie('hesk_myemail', $tmpvar['email'], strtotime('+1 year'));
hesk_setcookie('hesk_myemail', $tmpvar['email'], strtotime('+1 year'));
}
// Unset temporary variables
@ -466,7 +513,8 @@ require_once(HESK_PATH . 'inc/header.inc.php');
$hesklang['ticket_submitted'] . '<br /><br />' .
$hesklang['ticket_submitted_success'] . ': <b>' . $ticket['trackid'] . '</b><br /><br /> ' .
($hesk_settings['notify_new'] && $hesk_settings['spam_notice'] ? $hesklang['spam_inbox'] . '<br /><br />' : '') .
( ! $email_available ? $hesklang['write_down'] . '<br /><br />' : '') .
($email_available && $hesk_settings['notify_new'] && $hesk_settings['spam_notice'] ? $hesklang['spam_inbox'] . '<br /><br />' : '') .
'<a href="' . $hesk_settings['hesk_url'] . '/ticket.php?track=' . $ticket['trackid'] . '">' . $hesklang['view_your_ticket'] . '</a>'
);
} else {

39
suggest_articles.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', './');

54
suggest_email.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', './');
@ -48,10 +31,13 @@ header("Pragma: no-cache");
// Get the search query composed of the subject and message
$address = hesk_REQUEST('e') or die('');
$email_field = hesk_REQUEST('ef') or die('');
$display_div = hesk_REQUEST('dd') or die('');
$pad_div = hesk_REQUEST('pd') ? 1 : 0;
$div = 1;
// Do we allow multiple emails? If yes, check all
if ($hesk_settings['multi_eml']) {
if ($hesk_settings['multi_eml'] || hesk_REQUEST('am')) {
// Make sure the format is correct
$address = preg_replace('/\s/', '', $address);
$address = str_replace(';', ',', $address);
@ -75,9 +61,9 @@ exit();
function hesk_emailTypoShow($address, $suggest, $div = '')
{
global $hesk_settings, $hesklang;
global $hesk_settings, $hesklang, $email_field, $display_div, $pad_div;
?>
<div id="emailtypo<?php echo $div; ?>" style="display:block">
<div id="emailtypo<?php echo $display_div.$div; ?>" style="display:block">
<table border="0" width="100%">
<tr>
<td width="150">&nbsp;</td>
@ -85,10 +71,8 @@ function hesk_emailTypoShow($address, $suggest, $div = '')
<div class="alert alert-info">
<?php echo sprintf($hesklang['didum'], str_replace('@', '@<b>', $suggest . '</b>')); ?>
<br/><br/>
<a class="btn btn-default" href="javascript:void();"
onclick="javascript:var eml=document.form1.email.value;document.form1.email.value=eml.replace(/<?php echo preg_quote($address, '/'); ?>/gi, '<?php echo addslashes($suggest); ?>' );hesk_toggleLayerDisplay('emailtypo<?php echo $div; ?>');"><?php echo $hesklang['yfix']; ?></a>
<a class="btn btn-default" href="javascript:void();"
onclick="javascript:hesk_toggleLayerDisplay('emailtypo<?php echo $div; ?>');"><?php echo $hesklang['nole']; ?></a>
<a class="btn btn-default" href="javascript:void(0);" onclick="var eml=document.getElementById('<?php echo $email_field; ?>').value;document.getElementById('<?php echo $email_field; ?>').value=eml.replace(/<?php echo preg_quote($address, '/'); ?>/gi, '<?php echo addslashes($suggest); ?>' );document.getElementById('emailtypo<?php echo $display_div.$div; ?>').style.display='none';"><?php echo $hesklang['yfix']; ?></a>
<a class="btn btn-default" href="javascript:void(0);" onclick="document.getElementById('emailtypo<?php echo $display_div.$div; ?>').style.display='none';"><?php echo $hesklang['nole']; ?></a>
</div>
</td>
</tr>

106
ticket.php
Unescape Escape View File

@ -1,32 +1,15 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.8 from 10th August 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* http://www.hesk.com
*
* For the full copyright and license agreement information visit
* http://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT', 1);
define('HESK_PATH', './');
@ -118,6 +101,8 @@ if ($is_form) {
/* Limit brute force attempts */
hesk_limitBfAttempts();
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
/* Get ticket info */
$res = hesk_dbQuery("SELECT `t1`.* , `t2`.name AS `repliername`, `ticketStatus`.`IsClosed` AS `isClosed`, `ticketStatus`.`Key` AS `statusKey` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` AS `ticketStatus` ON `t1`.`status` = `ticketStatus`.`ID` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
@ -158,9 +143,9 @@ hesk_cleanBfAttempts();
/* Remember email address? */
if ($is_form) {
if ( strlen($do_remember) ) {
setcookie('hesk_myemail', $my_email, strtotime('+1 year'));
hesk_setcookie('hesk_myemail', $my_email, strtotime('+1 year'));
} elseif (isset($_COOKIE['hesk_myemail'])) {
setcookie('hesk_myemail', '');
hesk_setcookie('hesk_myemail', '');
}
}
@ -175,7 +160,7 @@ if ($ticket['lastreplier']) {
// If IP is unknown (tickets via email pipe/pop3 fetching) assume current visitor IP as customer IP
if ($ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown']) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `ip` = '" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' WHERE `id`=" . intval($ticket['id']) . " LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `ip` = '" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' WHERE `id`=" . intval($ticket['id']));
}
/* Get category name and ID */
@ -257,9 +242,15 @@ if (!$show['show']) {
<div class="blankSpace"></div>
<div class="table-bordered">
<div class="row">
<div class="col-md-12">
<div class="col-md-10">
<h2><?php echo $ticket['subject']; ?></h2>
</div>
<div class="col-md-2 pull-right pad-down-20">
<a href="ticket.php?track=<?php echo $trackingID.$hesk_settings['e_query']; ?>">
<i class="fa fa-refresh"></i>
<?php echo $hesklang['refresh_page']; ?>
</a>
</div>
</div>
<div class="row">
<div class="col-md-3 col-sm-12">
@ -282,7 +273,8 @@ if (!$show['show']) {
echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=3&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['close_action'] . '">' . $hesklang['close_action'] . '</a>';
}
}
?></p>
?>
</p>
</div>
</div>
<div class="row medLowPriority">
@ -340,7 +332,9 @@ if (!$show['show']) {
<div class="row ticketMessageContainer">
<div class="col-md-3 col-xs-12">
<div class="ticketName"><?php echo $ticket['name']; ?></div>
<?php if ($ticket['email'] != '') { ?>
<div class="ticketEmail"><a href="mailto:<?php echo $ticket['email']; ?>"><?php echo $ticket['email']; ?></a></div>
<?php } ?>
</div>
<div class="col-md-9 col-xs-12 pushMarginLeft">
<div class="ticketMessageTop withBorder">
@ -350,24 +344,24 @@ if (!$show['show']) {
<!-- Custom Fields Before Message -->
<?php
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && $v['place'] == 0) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
if ($v['use'] == 1 && $v['place'] == 0 && hesk_is_custom_field_in_category($k, $ticket['category'])) {
echo '<p>' . $v['name'] . ': ';
if ($v['type'] == 'date' && !empty($ticket[$k])) {
$dt = date('Y-m-d h:i:s', $ticket[$k]);
echo hesk_dateToString($dt, 0);
} else {
echo $ticket[$k];
switch ($v['type'])
{
case 'email':
$ticket[$k] = '<a href="mailto:'.$ticket[$k].'">'.$ticket[$k].'</a>';
break;
case 'date':
$ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
break;
}
echo '</p>';
echo $ticket[$k].'</p>';
}
}
?>
</div>
<div class="ticketMessageBottom">
<?php if ($ticket['message'] != '') { ?>
<!-- Message -->
<p><b><?php echo $hesklang['message']; ?>:</b></p>
@ -379,24 +373,24 @@ if (!$show['show']) {
}
?>
</div>
<?php } ?>
</div>
<div class="ticketMessageTop">
<!-- Custom Fields after Message -->
<?php
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && $v['place']) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
if ($v['use'] == 1 && $v['place'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
echo '<p>' . $v['name'] . ': ';
if ($v['type'] == 'date' && !empty($ticket[$k])) {
$dt = date('Y-m-d h:i:s', $ticket[$k]);
echo hesk_dateToString($dt, 0);
} else {
echo $ticket[$k];
}
echo '</p>';
switch ($v['type'])
{
case 'email':
$ticket[$k] = '<a href="mailto:'.$ticket[$k].'">'.$ticket[$k].'</a>';
break;
case 'date':
$ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
break;
}
echo $ticket[$k].'</p>';
}
}
/* Attachments */

Write Preview
Loading…
Cancel
Save