Merge remote-tracking branch 'origin/api' into add-logging

merge-requests/3/head
Mike Koch 8 years ago
commit 5255ef0425

@ -0,0 +1,214 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.5 from 28th August 2015
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
define('PAGE_TITLE', 'ADMIN_SETTINGS');
// Make sure the install folder is deleted
if (is_dir(HESK_PATH . 'install')) {
die('Please delete the <b>install</b> folder from your server for security reasons then refresh this page!');
}
// Get all the required files and functions
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
// Check permissions for this feature
hesk_checkPermission('can_man_settings');
$modsForHesk_settings = mfh_getSettings();
define('EXTRA_JS', '<script src="'.HESK_PATH.'internal-api/js/api-settings.js"></script>');
// Print header
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
// Print main manage users page
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row move-down-20">
<div class="col-sm-4">
<div class="panel panel-default">
<div class="panel-heading">
API Information
</div>
<table class="table table-striped table-fixed">
<tr>
<td class="text-right">
API Version
</td>
<td class="pad-right-10 warning">
<?php echo $hesklang['beta_text']; ?>
</td>
</tr>
<tr>
<td class="text-right">
External API
</td>
<td class="pad-right-10 success" id="public-api-sidebar">
<?php
$enabled = $modsForHesk_settings['public_api'] == '1' ? '' : 'hide';
$disabled = $modsForHesk_settings['public_api'] == '1' ? 'hide' : '';
?>
<span id="public-api-sidebar-disabled" class="<?php echo $disabled; ?>">Disabled</span>
<span id="public-api-sidebar-enabled" class="<?php echo $enabled; ?>">Enabled</span>
</td>
</tr>
</table>
</div>
</div>
<div class="col-sm-8">
<h3>API Settings</h3>
<div class="footerWithBorder blankSpace"></div>
<ul class="nav nav-tabs">
<li class="active"><a href="#general" data-toggle="tab"><?php echo $hesklang['tab_1']; ?></a></li>
<li><a href="#user-security" data-toggle="tab">User Security</a></li>
<li><a href="#" target="_blank">API Documentation <i class="fa fa-external-link"></i></a></li>
</ul>
<div class="tab-content summaryList tabPadding">
<div class="tab-pane fade in active" id="general">
<form class="form-horizontal">
<div class="form-group">
<label for="public-api" class="col-sm-3 control-label">
Public API
<i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
title="Public API"
data-content="Enable or Disable the Public REST API."></i>
</label>
<div class="col-sm-9">
<span class="btn-group" data-toggle="buttons">
<?php
$on = $modsForHesk_settings['public_api'] == '1' ? 'active' : '';
$off = $modsForHesk_settings['public_api'] == '1' ? '' : 'active';
?>
<label id="enable-api-button" class="btn btn-success <?php echo $on; ?>">
<input type="radio" name="public-api" value="1" checked> <i class="fa fa-check-circle"></i> Enable
</label>
<label id="disable-api-button" class="btn btn-danger <?php echo $off; ?>">
<input type="radio" name="public-api" value="0"> <i class="fa fa-times-circle"></i> Disable
</label>
</span>
<span>
<i id="public-api-success" class="fa fa-check-circle fa-2x green hide media-middle"
data-toggle="tooltip" title="Changes saved!"></i>
<i id="public-api-failure" class="fa fa-times-circle fa-2x red hide media-middle"
data-toggle="tooltip" title="Saving changes failed. Check the logs for more information."></i>
<i id="public-api-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
data-toggle="tooltip" title="Saving..."></i>
</span>
</div>
</div>
</form>
</div>
<div class="tab-pane fade in" id="user-security">
<div class="panel panel-default">
<div class="panel-heading">
User Security
</div>
<?php
$users = [];
$userRs = hesk_dbQuery("SELECT `id`, `user`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1'");
while ($row = hesk_dbFetchAssoc($userRs)) {
$row['number_of_tokens'] = 0;
$users[$row['id']] = $row;
}
$tokensRs = hesk_dbQuery("SELECT `user_id`, 1 FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens`");
while ($row = hesk_dbFetchAssoc($tokensRs)) {
$users[$row['user_id']]['number_of_tokens']++;
}
?>
<table class="table table-striped">
<thead>
<tr>
<th>Username</th>
<th>Name</th>
<th>Number of Tokens</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php
foreach ($users as $row):
?>
<tr>
<td><?php echo $row['user']; ?></td>
<td><?php echo $row['name']; ?></td>
<td id="token-<?php echo $row['id']; ?>-count"><?php echo $row['number_of_tokens']; ?></td>
<td>
<span class="btn-group">
<button class="btn btn-default btn-xs" onclick="generateToken(<?php echo $row['id']; ?>)">
<i class="fa fa-plus-circle"></i> Generate New Token
</button>
<button class="btn btn-danger btn-xs" onclick="clearTokens(<?php echo $row['id']; ?>)">
<i class="fa fa-undo"></i> Reset Tokens
</button>
</span>
<span>
<i id="token-<?php echo $row['id']; ?>-success" class="fa fa-check-circle fa-2x green hide media-middle"
data-toggle="tooltip" title="Changes saved!"></i>
<i id="token-<?php echo $row['id']; ?>-failure" class="fa fa-times-circle fa-2x red hide media-middle"
data-toggle="tooltip" title="Saving changes failed. Check the logs for more information."></i>
<i id="token-<?php echo $row['id']; ?>-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
data-toggle="tooltip" title="Saving..."></i>
</span>
</td>
</tr>
<tr id="token-<?php echo $row['id']; ?>-created" class="success hide">
<td colspan="4">
Generated Token: <code class="token"></code>
<p><b>NOTE:</b> Please record this token, as this is the only time you will be able to view it!</p>
</td>
</tr>
<tr id="token-<?php echo $row['id']; ?>-reset" class="success hide">
<td colspan="4">
<p>All tokens for this user have been removed!</p>
</td>
</tr>
<?php
endforeach;
?>
</tbody>
</table>
</div>
</div>
</div>
</div>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();

@ -0,0 +1,65 @@
<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', '../../../');
define('API_PATH', '../../');
require_once(HESK_PATH . 'hesk_settings.inc.php');
require_once(HESK_PATH . 'inc/common.inc.php');
require_once(API_PATH . 'core/output.php');
require_once(API_PATH . 'core/headers.php');
require_once(API_PATH . 'dao/canned_dao.php');
require_once(API_PATH . 'businesslogic/security_retriever.php');
hesk_load_api_database_functions();
hesk_dbConnect();
// Routing
$request_method = $_SERVER['REQUEST_METHOD'];
/**
* @api {get} /admin/canned Retrieve a canned response
* @apiVersion 0.0.0
* @apiName GetCanned
* @apiGroup Canned Response
* @apiPermission protected
*
* @apiParam {Number} [id] The ID of the canned response. Omit for all canned responses.
*
* @apiSuccess {Number} id ID of the canned response
* @apiSuccess {String} title The title of the canned response.
* @apiSuccess {String} message The contents of the canned response, including HTML markup.
* @apiSuccess {Integer} replyOrder The position of the canned response in the list of canned responses (in multiples of 10).
*
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200 OK
* {
* "id": 2,
* "title": "html",
* "message": "<p><strong>My<em> canned response&nbsp;</em></strong></p>\r\n<p>%%HESK_ID%%</p>",
* "replyOrder": 10
* }
*
* @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
* @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
*/
if ($request_method == 'GET') {
$token = get_header('X-Auth-Token');
try {
get_user_for_token($token, $hesk_settings);
} catch (AccessException $e) {
return http_response_code($e->getCode());
}
if (isset($_GET['id'])) {
$results = get_canned_response($hesk_settings, $_GET['id']);
} else {
$results = get_canned_response($hesk_settings);
}
if ($results == NULL) {
return http_response_code(404);
}
return output($results);
}
return http_response_code(405);

@ -0,0 +1,65 @@
<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', '../../../');
define('API_PATH', '../../');
require_once(HESK_PATH . 'hesk_settings.inc.php');
require_once(HESK_PATH . 'inc/common.inc.php');
require_once(API_PATH . 'core/headers.php');
require_once(API_PATH . 'core/output.php');
require_once(API_PATH . 'dao/ticket_template_dao.php');
require_once(API_PATH . 'businesslogic/security_retriever.php');
hesk_load_api_database_functions();
hesk_dbConnect();
// Routing
$request_method = $_SERVER['REQUEST_METHOD'];
/**
* @api {get} /admin/ticket-template Retrieve a ticket templates
* @apiVersion 0.0.0
* @apiName GetTicketTemplate
* @apiGroup Ticket Template
* @apiPermission protected
*
* @apiParam {Number} [id] The ID of the ticket template. Omit for all templates.
*
* @apiSuccess {Number} id ID of the template
* @apiSuccess {String} title The title of the template.
* @apiSuccess {String} message The contents of the template, including HTML markup.
* @apiSuccess {Integer} displayOrder The position of the template in the list of templates (in multiples of 10).
*
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200 OK
* {
* "id": 2,
* "title": "html",
* "message": "<p><strong>My<em> ticket template&nbsp;</em></strong></p>",
* "displayOrder": 10
* }
*
* @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
* @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
*/
if ($request_method == 'GET') {
$token = get_header('X-Auth-Token');
try {
get_user_for_token($token, $hesk_settings);
} catch (AccessException $e) {
return http_response_code($e->getCode());
}
if (isset($_GET['id'])) {
$results = get_ticket_template($hesk_settings, $_GET['id']);
} else {
$results = get_ticket_template($hesk_settings);
}
if ($results == NULL) {
return http_response_code(404);
}
return output($results);
}
return http_response_code(405);

@ -0,0 +1,132 @@
<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', '../../../');
define('API_PATH', '../../');
require_once(HESK_PATH . 'hesk_settings.inc.php');
require_once(HESK_PATH . 'inc/common.inc.php');
require_once(API_PATH . 'core/headers.php');
require_once(API_PATH . 'core/output.php');
require_once(API_PATH . 'businesslogic/ticket_retriever.php');
require_once(API_PATH . 'businesslogic/security_retriever.php');
hesk_load_api_database_functions();
hesk_dbConnect();
// Routing
$request_method = $_SERVER['REQUEST_METHOD'];
/**
* @api {get} /admin/ticket Retrieve a ticket (staff-side)
* @apiVersion 0.0.0
* @apiName GetTicketStaff
* @apiGroup Ticket
* @apiPermission protected
*
* @apiParam {Number} [id] The ID of the ticket. Omit for all tickets.
*
* @apiSuccess {Number} id ID of the ticket
* @apiSuccess {String} trackingId The tracking id of the ticket
* @apiSuccess {String} name The name of the contact
* @apiSuccess {String} email The email address of the ticket (empty string if no email)
* @apiSuccess {Integer} category The ID of the category the ticket is in
* @apiSuccess {Integer} priority The ID of the priority the ticket is in
* @apiSuccess {String} subject The subject of the ticket
* @apiSuccess {String} message The original message of the ticket
* @apiSuccess {String} dateCreated The date and time the ticket was submitted, in `YYYY-MM-DD hh:mm:ss`
* @apiSuccess {Integer} articles The knowledgebase article IDs suggested when the user created the ticket
* @apiSuccess {String} ip The IP address of the submitter
* @apiSuccess {String} language The language the ticket was submitted in
* @apiSuccess {Integer} status The ID of the status the ticket is set to
* @apiSuccess {Integer} owner The user ID of the ticket owner
* @apiSuccess {String} timeWorked The total time worked on the ticket, in `hh:mm:ss`
* @apiSuccess {Boolean} archive `true` if the ticket is tagged<br>`false` otherwise
* @apiSuccess {Boolean} locked `true` if the ticket is locked<br>`false` otherwise
* @apiSuccess {Binary[]} attachments Array of attachments, in base-64 encoded binary
* @apiSuccess {Integer[]} merged Array of merged ticket IDs
* @apiSuccess {String} legacyAuditTrail HTML markup of the entire "Audit Trail" section
* @apiSuccess {String} custom1-20 Custom fields 1-20's values.
* @apiSuccess {Integer} linkedTo The ID of the ticket linked to this ticket
* @apiSuccess {String} latitude The latitudinal coordinate of the user's location, or one of the corresponding error codes.
* @apiSuccess {String} longitude The longitudinal coordinate of the user's location, or one of the corresponding error codes.
* @apiSuccess {Boolean} html `true` if the ticket was created with HTML encoding<br>`false` otherwise
* @apiSuccess {String} userAgent The user agent of the user who submitted the ticket
* @apiSuccess {Integer} screenResolutionWidth The width of the screen resolution of the user who submitted the ticket
* @apiSuccess {Integer} screenResolutionHeight The height of the screen resolution of the user who submitted the ticket
*
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200 OK
* {
* "id": 22,
* "trackingId": "EVL-RRL-DUBG",
* "name": "Test",
* "email": "",
* "category": 1,
* "priority": 3,
* "subject": "test",
* "message": "test",
* "dateCreated": "2014-12-28 00:57:26",
* "articles": null,
* "ip": "127.0.0.1",
* "language": null,
* "status": 3,
* "owner": 1,
* "timeWorked": "00:05:07",
* "archive": true,
* "locked": true,
* "attachments": "",
* "merged": "",
* "legacyAuditTrail": "<li class=\"smaller\">2014-12-28 06:57:28 | ticket created by Your name (username)</li><li class=\"smaller\">2014-12-31 21:00:59 | closed by Your name (username)</li><li class=\"smaller\">2014-12-31 21:01:05 | status changed to Waiting reply by Your name (username)</li><li class=\"smaller\">2014-12-31 21:01:58 | closed by Your name (username)</li><li class=\"smaller\">2015-01-17 16:21:18 | closed by Your name (username)</li>",
* "custom1": "1420671600",
* "custom2": "",
* "custom3": "",
* "custom4": "",
* "custom5": "",
* "custom6": "",
* "custom7": "",
* "custom8": "",
* "custom9": "",
* "custom10": "",
* "custom11": "",
* "custom12": "",
* "custom13": "",
* "custom14": "",
* "custom15": "",
* "custom16": "",
* "custom17": "",
* "custom18": "",
* "custom19": "",
* "custom20": "",
* "parent": 139,
* "latitude": "E-0",
* "longitude": "E-0",
* "html": false,
* "userAgent": null,
* "screenResolutionWidth": null,
* "screenResolutionHeight": null
* }
*
* @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
* @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
*/
if ($request_method == 'GET') {
$token = get_header('X-Auth-Token');
try {
get_user_for_token($token, $hesk_settings);
} catch (AccessException $e) {
return http_response_code($e->getCode());
}
if (isset($_GET['id'])) {
$results = get_ticket_for_staff($hesk_settings, $_GET['id']);
} else {
$results = get_ticket_for_staff($hesk_settings);
}
if ($results == NULL) {
return http_response_code(404);
}
return output($results);
}
return http_response_code(405);

@ -0,0 +1,121 @@
<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', '../../../');
define('API_PATH', '../../');
require_once(HESK_PATH . 'hesk_settings.inc.php');
require_once(HESK_PATH . 'inc/common.inc.php');
require_once(API_PATH . 'core/headers.php');
require_once(API_PATH . 'core/output.php');
require_once(API_PATH . 'businesslogic/user_retriever.php');
require_once(API_PATH . 'businesslogic/security_retriever.php');
hesk_load_api_database_functions();
hesk_dbConnect();
// Routing
$request_method = $_SERVER['REQUEST_METHOD'];
/**
* @api {get} /admin/user Retrieve a helpdesk user
* @apiVersion 0.0.0
* @apiName GetUser
* @apiGroup User
* @apiPermission protected
*
* @apiParam {Number} [id] The ID of the user. Omit for all users.
*
* @apiSuccess {Number} id ID of the user
* @apiSuccess {String} username The user's username
* @apiSuccess {Boolean} admin `true` if the user is under a permission template that is market as an administrative group<br>`false` otherwise
* @apiSuccess {String} name The user's name
* @apiSuccess {String} email The user's email address
* @apiSuccess {String} signature The user's signature, in plaintext
* @apiSuccess {Unknown} language ??? (Unknown)
* @apiSuccess {String[]} categories Ticket categories the user has access to. If the user is an admin, this list has one element: ""
* @apiSuccess {Integer} afterReply Action to perform after replying to a ticket:<br>
* `0` - Show the ticket I just replied to<br>
* `1` - Return to the main administration page<br>
* `2` - Open next ticket that needs my reply
* @apiSuccess {Boolean} autoStart Automatically start timer when the user opens a ticket
* @apiSuccess {Boolean} notifyCustomerNew Select notify customer option in the new ticket form
* @apiSuccess {Boolean} notifyCustomerReply Select notify customer option in the ticket reply form
* @apiSuccess {Boolean} showSuggested Show what knowledgebase articles were suggested to customers
* @apiSuccess {Boolean} notifyNewUnassigned Notify the user when a new ticket is submitted with owner: Unassigned
* @apiSuccess {Boolean} notifyNewMy Notify the user when a new ticket is submitted and is assigned to the user
* @apiSuccess {Boolean} notifyAssigned Notify the user when a ticket is assigned to the user
* @apiSuccess {Boolean} notifyReplyUnassigned Notify the user when the client responds to a ticket with owner: Unassigned
* @apiSuccess {Boolean} notifyReplyMy Notify the user when the client responds to a ticket assigned to the user
* @apiSuccess {Boolean} notifyPm Notify the user when a private message is sent to the user
* @apiSuccess {Boolean} notifyNoteUnassigned Notify the user when someone adds a note to a ticket not assigned to the user
* @apiSuccess {Unknown} defaultList ??? (Currently unknown)
* @apiSuccess {Boolean} autoassign Tickets are auto-assigned to this user
* @apiSuccess {String[]} heskPrivileges Helpdesk features the user has access to. If the user is an admin, this list has one element: ""
* @apiSuccess {Integer} ratingNeg Total number of negative feedback to "Was this reply helpful?" on replies by this user
* @apiSuccess {Integer} ratingPos Total number of positive feedback to "Was this reply helpful?" on replies by this user
* @apiSuccess {String} rating The overall rating of the user, as a floating point decimal
* @apiSuccess {Integer} autorefresh The ticket table autorefresh time for the user, in milliseconds
* @apiSuccess {Boolean} active `true` if the user is active<br>`false` otherwise
*
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200 OK
* {
* "id": 1,
* "username": "mkoch",
* "admin": true,
* "name": "Your name",
* "email": "mkoch227@gmail.com",
* "signature": "Sincerely,\r\n\r\nYour name\r\nYour website\r\nhttp://www.yourwebsite.com\r\n& < > ^ &",
* "language": null,
* "categories": [
* ""
* ],
* "afterReply": 0,
* "autoStart": true,
* "notifyCustomerNew": true,
* "notifyCustomerReply": true,
* "showSuggested": true,
* "notifyNewUnassigned": true,
* "notifyNewMy": true,
* "notifyReplyUnassigned": true,
* "notifyReplyMy": true,
* "notifyAssigned": true,
* "notifyPm": false,
* "notifyNote": true,
* "notifyNoteUnassigned": false,
* "defaultList": "",
* "autoassign": true,
* "heskPrivileges": [
* ""
* ],
* "ratingNeg": 0,
* "ratingPos": 0,
* "rating": "0",
* "autorefresh": 0,
* "active": true
* }
*
* @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
* @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
*/
if ($request_method == 'GET') {
$token = get_header('X-Auth-Token');
try {
get_user_for_token($token, $hesk_settings);
} catch (AccessException $e) {
return http_response_code($e->getCode());
}
if (isset($_GET['id'])) {
$results = retrieve_user($hesk_settings, $_GET['id']);
} else {
$results = retrieve_user($hesk_settings);
}
if ($results == NULL) {
return http_response_code(404);
}
return output($results);
}
return http_response_code(405);

@ -0,0 +1,9 @@
<?php
require_once(API_PATH . 'dao/security_dao.php');
function get_user_for_token($token, $hesk_settings) {
$hash = hash('sha512', $token);
return get_user_for_token_hash($hash, $hesk_settings);
}

@ -0,0 +1,88 @@
<?php
require_once(API_PATH . 'dao/ticket_dao.php');
function get_ticket_for_staff($hesk_settings, $id = NULL) {
$tickets = get_ticket_for_id($hesk_settings, $id);
if ($id === NULL) {
$original_tickets = $tickets;
$tickets = [];
foreach ($original_tickets as $ticket) {
$ticket = remove_common_properties($ticket);
$ticket = convert_to_camel_case($ticket);
$tickets[] = $ticket;
}
} else {
$tickets = remove_common_properties($tickets);
$tickets = convert_to_camel_case($tickets);
}
return $tickets;
}
function remove_common_properties($ticket) {
unset($ticket['lastchange']);
unset($ticket['firstreply']);
unset($ticket['closedat']);
unset($ticket['openedby']);
unset($ticket['firstreplyby']);
unset($ticket['closedby']);
unset($ticket['replies']);
unset($ticket['staffreplies']);
unset($ticket['lastreplier']);
unset($ticket['replierid']);
return $ticket;
}
function convert_to_camel_case($ticket) {
if (isset($ticket['articles'])) {
$ticket['suggestedArticles'] = $ticket['articles'];
unset($ticket['articles']);
$ticket['legacyAuditTrail'] = $ticket['history'];
unset($ticket['history']);
$ticket['linkedTo'] = $ticket['parent'];
unset($ticket['parent']);
$ticket['timeWorked'] = $ticket['time_worked'];
unset($ticket['time_worked']);
$ticket['userAgent'] = $ticket['user_agent'];
unset($ticket['user_agent']);
$ticket['screenResolutionWidth'] = $ticket['screen_resolution_width'];
unset($ticket['screen_resolution_width']);
$ticket['screenResolutionHeight'] = $ticket['screen_resolution_height'];
unset($ticket['screen_resolution_height']);
}
$ticket['trackingId'] = $ticket['trackid'];
unset($ticket['trackid']);
$ticket['dateCreated'] = $ticket['dt'];
unset($ticket['dt']);
return $ticket;
}
function get_ticket($hesk_settings, $id) {
$ticket = get_ticket_for_id($hesk_settings, $id);
$ticket = remove_common_properties($ticket);
$ticket = remove_staff_specific_properties($ticket);
$ticket = convert_to_camel_case($ticket);
return $ticket;
}
function remove_staff_specific_properties($ticket) {
unset($ticket['articles']);
unset($ticket['ip']);
unset($ticket['language']);
unset($ticket['owner']);
unset($ticket['time_worked']);
unset($ticket['history']);
unset($ticket['latitude']);
unset($ticket['longitude']);
unset($ticket['user_agent']);
unset($ticket['screen_resolution_width']);
unset($ticket['screen_resolution_height']);
unset($ticket['parent']);
return $ticket;
}

@ -0,0 +1,73 @@
<?php
require_once(API_PATH . 'dao/user_dao.php');
function retrieve_user($hesk_settings, $id = NULL) {
$users = get_user($hesk_settings, $id);
if ($id === NULL) {
$original_users = $users;
$users = [];
foreach ($original_users as $user) {
$user = remove_unneeded_properties($user);
$user = convert_to_camel_case($user);
$users[] = $user;
}
} else {
$users = remove_unneeded_properties($users);
$users = convert_to_camel_case($users);
}
return $users;
}
function remove_unneeded_properties($user) {
unset($user['pass']);
unset($user['permission_template']);
unset($user['language']);
unset($user['replies']);
return $user;
}
function convert_to_camel_case($user) {
$user['username'] = $user['user'];
unset($user['user']);
$user['admin'] = $user['isadmin'];
unset($user['isadmin']);
$user['afterReply'] = $user['afterreply'];
unset($user['afterreply']);
$user['autoStart'] = $user['autostart'];
unset($user['autostart']);
$user['notifyCustomerNew'] = $user['notify_customer_new'];
unset($user['notify_customer_new']);
$user['notifyCustomerReply'] = $user['notify_customer_reply'];
unset($user['notify_customer_reply']);
$user['showSuggested'] = $user['show_suggested'];
unset($user['show_suggested']);
$user['notifyNewUnassigned'] = $user['notify_new_unassigned'];
unset($user['notify_new_unassigned']);
$user['notifyNewMy'] = $user['notify_new_my'];
unset($user['notify_new_my']);
$user['notifyReplyUnassigned'] = $user['notify_reply_unassigned'];
unset($user['notify_reply_unassigned']);
$user['notifyReplyMy'] = $user['notify_reply_my'];
unset($user['notify_reply_my']);
$user['notifyAssigned'] = $user['notify_assigned'];
unset($user['notify_assigned']);
$user['notifyPm'] = $user['notify_pm'];
unset($user['notify_pm']);
$user['notifyNote'] = $user['notify_note'];
unset($user['notify_note']);
$user['notifyNoteUnassigned'] = $user['notify_note_unassigned'];
unset($user['notify_note_unassigned']);
$user['defaultList'] = $user['default_list'];
unset($user['default_list']);
$user['ratingNeg'] = $user['ratingneg'];
unset($user['ratingneg']);
$user['ratingPos'] = $user['ratingpos'];
unset($user['ratingpos']);
$user['heskPrivileges'] = $user['heskprivileges'];
unset($user['heskprivileges']);
return $user;
}

@ -0,0 +1,58 @@
<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', '../../');
define('API_PATH', '../');
require_once(HESK_PATH . 'hesk_settings.inc.php');
require_once(HESK_PATH . 'inc/common.inc.php');
require_once(API_PATH . 'core/output.php');
require_once(API_PATH . 'dao/category_dao.php');
hesk_load_api_database_functions();
hesk_dbConnect();
// Routing
$request_method = $_SERVER['REQUEST_METHOD'];
/**
* @api {get} /category Retrieve a ticket category
* @apiVersion 0.0.0
* @apiName GetCategory
* @apiGroup Category
* @apiPermission public
*
* @apiParam {Number} [id] The ID of the category. Omit for all categories.
*
* @apiSuccess {Number} id ID of the category
* @apiSuccess {String} name The name of the category
* @apiSuccess {Integer} displayOrder The order of the category (in multiples of 10)
* @apiSuccess {Boolean} autoassign `true` if tickets set to this category are automatically assigned.<br>`false` otherwise
* @apiSuccess {Integer} type `0` - Public<br>`1` - Private
* @apiSuccess {Integer} priority Default priority of tickets created in this category
* @apiSuccess {Integer} manager User ID of the category manager, or `null` if there is no manager.
*
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200 OK
* {
* "id": 1,
* "name": "General",
* "displayOrder": 10,
* "autoassign": true,
* "type": 0,
* "priority": 2,
* "manager": null
* }
*/
if ($request_method == 'GET') {
if (isset($_GET['id'])) {
$results = get_category($hesk_settings, $_GET['id']);
} else {
$results = get_category($hesk_settings);
}
if ($results == NULL) {
return http_response_code(404);
}
return output($results);
}
return http_response_code(405);

@ -0,0 +1,18 @@
<?php
/**
* @apiDefine public Public
* A public API can be utilized by anyone, without the use of an `X-Auth-Token`.
*
*/
/**
* @apiDefine protected Protected
* A protected API can only be utilized by those with a valid `X-Auth-Token`.
*/
/**
* @apiDefine invalidXAuthToken 401 Unauthorized
* The `X-Auth-Token` provided is invalid.
*/
/**
* @apiDefine noTokenProvided 400 Bad Request
* No `X-Auth-Token` was provided.
*/

@ -0,0 +1,250 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.1 from 26th February 2015
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
function hesk_dbSetNames()
{
global $hesk_settings, $hesk_db_link;
if ($hesk_settings['db_vrsn'])
{
mysql_set_charset('utf8', $hesk_db_link);
}
else
{
hesk_dbQuery("SET NAMES 'utf8'");
}
} // END hesk_dbSetNames()
function hesk_dbFormatEmail($email, $field = 'email')
{
global $hesk_settings;
$email = hesk_dbLike($email);
if ($hesk_settings['multi_eml'])
{
return " (`".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email).",%' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email).",%') ";
}
else
{
return " `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' ";
}
} // END hesk_dbFormatEmail()
function hesk_dbTime()
{
$res = hesk_dbQuery("SELECT NOW()");
return strtotime(hesk_dbResult($res,0,0));
} // END hesk_dbTime()
function hesk_dbEscape($in)
{
global $hesk_db_link;
$in = mysql_real_escape_string(stripslashes($in), $hesk_db_link);
$in = str_replace('`','&#96;',$in);
return $in;
} // END hesk_dbEscape()
function hesk_dbLike($in)
{
return str_replace( array('_', '%'), array('\\\\_', '\\\\%'), $in);
} // END hesk_dbLike()
function hesk_dbConnect()
{
global $hesk_settings;
global $hesk_db_link;
global $hesklang;
// Is mysql supported?
if ( ! function_exists('mysql_connect') )
{
die($hesklang['emp']);
}
// Connect to the database
$hesk_db_link = @mysql_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass']);
// Errors?
if ( ! $hesk_db_link)
{
if ($hesk_settings['debug_mode'])
{
$message = $hesklang['mysql_said'] . ': ' . mysql_error();
}
else
{
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
}
header('Content-Type: application/json');
print_error($hesklang['cant_connect_db'], $message);
return http_response_code(500);
}
if ( ! @mysql_select_db($hesk_settings['db_name'], $hesk_db_link))
{
if ($hesk_settings['debug_mode'])
{
$message = $hesklang['mysql_said'] . ': ' . mysql_error();
}
else
{
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
}
header('Content-Type: application/json');
print_error($hesklang['cant_connect_db'], $message);
die();
}
// Check MySQL/PHP version and set encoding to utf8
hesk_dbSetNames();
return $hesk_db_link;
} // END hesk_dbConnect()
function hesk_dbClose()
{
global $hesk_db_link;
return @mysql_close($hesk_db_link);
} // END hesk_dbClose()
function hesk_dbQuery($query)
{
global $hesk_last_query;
global $hesk_db_link;
global $hesklang, $hesk_settings;
if ( ! $hesk_db_link && ! hesk_dbConnect())
{
return false;
}
$hesk_last_query = $query;
if ($res = @mysql_query($query, $hesk_db_link))
{
return $res;
}
elseif ($hesk_settings['debug_mode'])
{
$message = $hesklang['mysql_said'] . mysql_error();
}
else
{
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
}
header('Content-Type: application/json');
print_error($hesklang['cant_sql'], $message);
die();
} // END hesk_dbQuery()
function hesk_dbFetchAssoc($res)
{
return @mysql_fetch_assoc($res);
} // END hesk_FetchAssoc()
function hesk_dbFetchRow($res)
{
return @mysql_fetch_row($res);
} // END hesk_FetchRow()
function hesk_dbResult($res, $row = 0, $column = 0)
{
return @mysql_result($res, $row, $column);
} // END hesk_dbResult()
function hesk_dbInsertID()
{
global $hesk_db_link;
if ($lastid = @mysql_insert_id($hesk_db_link))
{
return $lastid;
}
} // END hesk_dbInsertID()
function hesk_dbFreeResult($res)
{
return mysql_free_result($res);
} // END hesk_dbFreeResult()
function hesk_dbNumRows($res)
{
return @mysql_num_rows($res);
} // END hesk_dbNumRows()
function hesk_dbAffectedRows()
{
global $hesk_db_link;
return @mysql_affected_rows($hesk_db_link);
} // END hesk_dbAffectedRows()

@ -0,0 +1,255 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.1 from 26th February 2015
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
function hesk_dbSetNames()
{
global $hesk_settings, $hesk_db_link;
if ($hesk_settings['db_vrsn'])
{
mysqli_set_charset($hesk_db_link, 'utf8');
}
else
{
hesk_dbQuery("SET NAMES 'utf8'");
}
} // END hesk_dbSetNames()
function hesk_dbFormatEmail($email, $field = 'email')
{
global $hesk_settings;
$email = hesk_dbLike($email);
if ($hesk_settings['multi_eml'])
{
return " (`".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email).",%' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email).",%') ";
}
else
{
return " `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' ";
}
} // END hesk_dbFormatEmail()
function hesk_dbTime()
{
$res = hesk_dbQuery("SELECT NOW()");
return strtotime(hesk_dbResult($res,0,0));
} // END hesk_dbTime()
function hesk_dbEscape($in)
{
global $hesk_db_link;
$in = mysqli_real_escape_string($hesk_db_link, stripslashes($in));
$in = str_replace('`','&#96;',$in);
return $in;
} // END hesk_dbEscape()
function hesk_dbLike($in)
{
return str_replace( array('_', '%'), array('\\\\_', '\\\\%'), $in);
} // END hesk_dbLike()
function hesk_dbConnect()
{
global $hesk_settings;
global $hesk_db_link;
global $hesklang;
// Is mysqli supported?
if ( ! function_exists('mysqli_connect') )
{
die($hesklang['emp']);
}
// Do we need a special port? Check and connect to the database
if ( strpos($hesk_settings['db_host'], ':') )
{
list($hesk_settings['db_host'], $hesk_settings['db_port']) = explode(':', $hesk_settings['db_host']);
$hesk_db_link = @mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name'], intval($hesk_settings['db_port']) );
}
else
{
$hesk_db_link = @mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name']);
}
// Errors?
if ( ! $hesk_db_link)
{
if ($hesk_settings['debug_mode'])
{
$message = $hesklang['mysql_said'] . ': (' . mysqli_connect_errno() . ') ' . mysqli_connect_error();
}
else
{
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
}
header('Content-Type: application/json');
print_error($hesklang['cant_connect_db'], $message);
http_response_code(500);
}
// Check MySQL/PHP version and set encoding to utf8
hesk_dbSetNames();
return $hesk_db_link;
} // END hesk_dbConnect()
function hesk_dbClose()
{
global $hesk_db_link;
return @mysqli_close($hesk_db_link);
} // END hesk_dbClose()
function hesk_dbQuery($query)
{
global $hesk_last_query;
global $hesk_db_link;
global $hesklang, $hesk_settings;
if ( ! $hesk_db_link && ! hesk_dbConnect())
{
return false;
}
$hesk_last_query = $query;
#echo "<p>EXPLAIN $query</p>\n";
if ($res = @mysqli_query($hesk_db_link, $query))
{
return $res;
}
elseif ($hesk_settings['debug_mode'])
{
$message = $hesklang['mysql_said'] . ': ' . mysqli_error($hesk_db_link);
}
else
{
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
}
header('Content-Type: application/json');
print_error($hesklang['cant_sql'], $message);
die(http_response_code(500));
} // END hesk_dbQuery()
function hesk_dbFetchAssoc($res)
{
return @mysqli_fetch_assoc($res);
} // END hesk_FetchAssoc()
function hesk_dbFetchRow($res)
{
return @mysqli_fetch_row($res);
} // END hesk_FetchRow()
function hesk_dbResult($res, $row = 0, $column = 0)
{
$i=0;
$res->data_seek(0);
while ($tmp = @mysqli_fetch_array($res, MYSQLI_NUM))
{
if ($i==$row)
{
return $tmp[$column];
}
$i++;
}
return '';
} // END hesk_dbResult()
function hesk_dbInsertID()
{
global $hesk_db_link;
if ($lastid = @mysqli_insert_id($hesk_db_link))
{
return $lastid;
}
} // END hesk_dbInsertID()
function hesk_dbFreeResult($res)
{
return @mysqli_free_result($res);
} // END hesk_dbFreeResult()
function hesk_dbNumRows($res)
{
return @mysqli_num_rows($res);
} // END hesk_dbNumRows()
function hesk_dbAffectedRows()
{
global $hesk_db_link;
return @mysqli_affected_rows($hesk_db_link);
} // END hesk_dbAffectedRows()

@ -0,0 +1,9 @@
<?php
function get_header($key) {
$headers = getallheaders();
return isset($headers[$key])
? $headers[$key]
: NULL;
}

@ -0,0 +1,11 @@
<?php
function print_error($title, $message) {
$error = array();
$error['type'] = 'ERROR';
$error['title'] = $title;
$error['message'] = $message;
print json_encode($error);
return;
}

@ -0,0 +1,7 @@
<?php
function output($data, $status_code = 200) {
header('Content-Type: application/json');
print json_encode($data);
return http_response_code($status_code);
}

@ -0,0 +1,28 @@
<?php
function get_canned_response($hesk_settings, $id = NULL) {
$sql = "SELECT `id`, `message`, `title`, `reply_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` ";
if ($id != NULL) {
$sql .= "WHERE `id` = ".intval($id);
}
$response = hesk_dbQuery($sql);
if (hesk_dbNumRows($response) == 0) {
return NULL;
}
$results = [];
while ($row = hesk_dbFetchAssoc($response)) {
$row['id'] = intval($row['id']);
$row['replyOrder'] = intval($row['reply_order']);
unset($row['reply_order']);
$row['title'] = hesk_html_entity_decode($row['title']);
$row['message'] = hesk_html_entity_decode($row['message']);
$results[] = $row;
}
return $id == NULL ? $results : $results[0];
}

@ -0,0 +1,28 @@
<?php
function get_category($hesk_settings, $id = NULL) {
$sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ";
if ($id != NULL) {
$sql .= "WHERE `id` = ".intval($id);
}
$response = hesk_dbQuery($sql);
if (hesk_dbNumRows($response) == 0) {
return NULL;
}
$results = [];
while ($row = hesk_dbFetchAssoc($response)) {
$row['id'] = intval($row['id']);
$row['displayOrder'] = intval($row['cat_order']);
unset($row['cat_order']);
$row['autoassign'] = $row['autoassign'] == 1;
$row['type'] = intval($row['type']);
$row['priority'] = intval($row['priority']);
$row['manager'] = intval($row['manager']) == 0 ? NULL : intval($row['manager']);
$results[] = $row;
}
return $id == NULL ? $results : $results[0];
}

@ -0,0 +1,23 @@
<?php
define('NULL_OR_EMPTY_STRING', 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e');
require_once(API_PATH . 'exception/AccessException.php');
function get_user_for_token_hash($hash, $hesk_settings) {
if ($hash == NULL_OR_EMPTY_STRING) {
throw new AccessException(400);
}
$user_id_sql = "SELECT `user_id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens`
WHERE `token` = '" . hesk_dbEscape($hash) . "'";
$user_id_rs = hesk_dbQuery($user_id_sql);
if (hesk_dbNumRows($user_id_rs) == 0) {
throw new AccessException(401);
}
$user_id = hesk_dbFetchAssoc($user_id_rs);
$user_sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = ".intval($user_id['user_id']);
$user_rs = hesk_dbQuery($user_sql);
return hesk_dbFetchAssoc($user_rs);
}

@ -0,0 +1,52 @@
<?php
function get_status($hesk_settings, $id = NULL) {
$sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` ";
if ($id != NULL) {
$sql .= "WHERE `ID` = ".intval($id);
}
$response = hesk_dbQuery($sql);
if (hesk_dbNumRows($response) == 0) {
return NULL;
}
$results = [];
while ($row = hesk_dbFetchAssoc($response)) {
$row['id'] = intval($row['ID']);
unset($row['ID']);
$row['sort'] = intval($row['sort']);
foreach ($row as $key => $value) {
if ($key != 'id') {
$lowercase_key = lcfirst($key);
$row[$lowercase_key] = $row[$key];
unset($row[$key]);
}
if ($key == 'id' || $lowercase_key == 'closable'
|| $lowercase_key == 'key' || $lowercase_key == 'sort'
|| $lowercase_key == 'textColor') {
continue;
}
$row[$lowercase_key] = $row[$lowercase_key] == true;
}
$language_sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "text_to_status_xref` "
. "WHERE `status_id` = ".intval($row['id']);
$language_rs = hesk_dbQuery($language_sql);
if (hesk_dbNumRows($language_rs) > 0) {
$row['key'] = NULL;
$row['keys'] = [];
}
while ($language_row = hesk_dbFetchAssoc($language_rs)) {
unset($language_row['id']);
unset($language_row['status_id']);
$row['keys'][] = $language_row;
}
$results[] = $row;
}
return $id == NULL ? $results : $results[0];
}

@ -0,0 +1,45 @@
<?php
function get_ticket_for_id($hesk_settings, $id = NULL) {
$sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ";
if ($id != NULL) {
$sql .= "WHERE `id` = ".intval($id);
}
$response = hesk_dbQuery($sql);
if (hesk_dbNumRows($response) == 0) {
return NULL;
}
$results = build_results($response);
return $id == NULL ? $results : $results[0];
}
function build_results($response) {
$results = [];
while ($row = hesk_dbFetchAssoc($response)) {
$row['id'] = intval($row['id']);
$row['category'] = intval($row['category']);
$row['priority'] = intval($row['priority']);
$row['status'] = intval($row['status']);
$row['replierid'] = intval($row['replierid']);
$row['archive'] = $row['archive'] == true;
$row['locked'] = $row['locked'] == true;
$row['html'] = $row['html'] == true;
$row['screen_resolution_height'] = convert_to_int($row['screen_resolution_height']);
$row['screen_resolution_width'] = convert_to_int($row['screen_resolution_width']);
$row['owner'] = convert_to_int($row['owner']);
$row['parent'] = convert_to_int($row['parent']);
$results[] = $row;
}
return $results;
}
function convert_to_int($item) {
return $item != NULL ? intval($item) : NULL;
}

@ -0,0 +1,26 @@
<?php
function get_ticket_template($hesk_settings, $id = NULL) {
$sql = "SELECT `id`, `message`, `title`, `tpl_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` ";
if ($id != NULL) {
$sql .= "WHERE `id` = ".intval($id);
}
$response = hesk_dbQuery($sql);
if (hesk_dbNumRows($response) == 0) {
return NULL;
}
$results = [];
while ($row = hesk_dbFetchAssoc($response)) {
$row['id'] = intval($row['id']);
$row['displayOrder'] = intval($row['tpl_order']);
unset($row['tpl_order']);
$row['title'] = hesk_html_entity_decode($row['title']);
$row['message'] = hesk_html_entity_decode($row['message']);
$results[] = $row;
}
return $id == NULL ? $results : $results[0];
}

@ -0,0 +1,54 @@
<?php
function get_user($hesk_settings, $id = NULL) {
$sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ";
if ($id != NULL) {
$sql .= "WHERE `id` = " . intval($id);
}
$response = hesk_dbQuery($sql);
if (hesk_dbNumRows($response) == 0) {
return NULL;
}
$results = [];
while ($row = hesk_dbFetchAssoc($response)) {
$row['id'] = intval($row['id']);
$row['isadmin'] = get_boolean($row['isadmin']);
$row['signature'] = hesk_html_entity_decode($row['signature']);
$row['afterreply'] = intval($row['afterreply']);
$row['autostart'] = get_boolean($row['autostart']);
$row['notify_customer_new'] = get_boolean($row['notify_customer_new']);
$row['notify_customer_reply'] = get_boolean($row['notify_customer_reply']);
$row['show_suggested'] = get_boolean($row['show_suggested']);
$row['notify_new_unassigned'] = get_boolean($row['notify_new_unassigned']);
$row['notify_new_my'] = get_boolean($row['notify_new_my']);
$row['notify_reply_unassigned'] = get_boolean($row['notify_reply_unassigned']);
$row['notify_reply_my'] = get_boolean($row['notify_reply_my']);
$row['notify_assigned'] = get_boolean($row['notify_assigned']);
$row['notify_pm'] = get_boolean($row['notify_pm']);
$row['notify_note'] = get_boolean($row['notify_note']);
$row['notify_note_unassigned'] = get_boolean($row['notify_note_unassigned']);
$row['autoassign'] = get_boolean($row['autoassign']);
$row['ratingneg'] = intval($row['ratingneg']);
$row['ratingpos'] = intval($row['ratingpos']);
$row['autorefresh'] = intval($row['autorefresh']);
$row['active'] = get_boolean($row['active']);
// TODO: Remove this once GitHub #346 is complete
$row['categories'] = explode(',', $row['categories']);
$row['heskprivileges'] = explode(',', $row['heskprivileges']);
$results[] = $row;
}
return $id == NULL ? $results : $results[0];
}
function get_boolean($value, $truthy_value = true) {
return $value == $truthy_value;
}

@ -0,0 +1,11 @@
<?php
class AccessException extends Exception {
public function __construct($code)
{
$message = '';
if ($code == 401) {
$message = 'The X-Auth-Token is invalid';
}
parent::__construct($message, $code);
}
}

@ -0,0 +1,46 @@
<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', '../../');
define('API_PATH', '../');
require_once(API_PATH . 'core/output.php');
// Routing
$request_method = $_SERVER['REQUEST_METHOD'];
/**
* @api {get} /priority Retrieve a ticket priority
* @apiVersion 0.0.0
* @apiName GetPriority
* @apiGroup Priority
* @apiPermission public
*
* @apiParam {Number} [id] The ID of the priority. Omit for all priorities.
*
* @apiSuccess {Number} id ID of the priority
* @apiSuccess {String} key The language file key of the priority
*
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200 OK
* {
* "id": 0,
* "key": "critical"
* }
*/
if ($request_method == 'GET') {
$results = [];
$critical['id'] = 0;
$critical['key'] = 'critical';
$results[] = $critical;
$high['id'] = 1;
$high['key'] = 'high';
$results[] = $high;
$medium['id'] = 2;
$medium['key'] = 'medium';
$results[] = $medium;
$low['id'] = 3;
$low['key'] = 'low';
$results[] = $low;
return output($results);
}
return http_response_code(405);

@ -0,0 +1,87 @@
<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', '../../');
define('API_PATH', '../');
require_once(HESK_PATH . 'hesk_settings.inc.php');
require_once(HESK_PATH . 'inc/common.inc.php');
require_once(API_PATH . 'core/output.php');
require_once(API_PATH . 'dao/status_dao.php');
hesk_load_api_database_functions();
hesk_dbConnect();
// Routing
$request_method = $_SERVER['REQUEST_METHOD'];
/**
* @api {get} /status Retrieve a ticket status
* @apiVersion 0.0.0
* @apiName GetStatus
* @apiGroup Status
* @apiPermission public
*
* @apiParam {Number} [id] The ID of the status. Omit for all statuses.
*
* @apiSuccess {Number} id ID of the status
* @apiSuccess {String} textColor The text color used for the status on the web interface
* @apiSuccess {Boolean} isNewTicketStatus This status is set when a new ticket is created
* @apiSuccess {Boolean} isClosed This status closes a ticket
* @apiSuccess {Boolean} isClosedByClient This status is set when a customer closes a ticket
* @apiSuccess {Boolean} isCustomerReplyStatus This status is set when a customer responds to a ticket
* @apiSuccess {Boolean} isStaffClosedOption This status is set when staff clicks the "close ticket" button
* @apiSuccess {Boolean} isStaffReopenedStatus This status is set when staff clicks the "open ticket" button
* @apiSuccess {Boolean} isDefaultStaffReplyStatus This status is used when staff responds to a ticket
* @apiSuccess {Boolean} lockedTicketStatus This status is set when staff clicks the "lock ticket" button
* @apiSuccess {Boolean} isAutocloseOption This status is set when a ticket is automatically closed
* @apiSuccess {Boolean} closable Tickets can be closed by the following:<br>
* `yes`: Both customers/staff,<br>
* `conly`: Only customers,<br>
* `sonly`: Only staff,<br>
* `no`: No one
* @apiSuccess {String} key The language key. This is deprecated and should not be used.
* @apiSuccess {Object[]} keys The language strings for each language
* @apiSuccess {String} keys.language The language for the status name
* @apiSuccess {String} keys.text The translated string of the status
*
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200 OK
* {
* "id": 0,
* "textColor": "#FF0000",
* "isNewTicketStatus": true,
* "isClosed": false,
* "isClosedByClient": false,
* "isCustomerReplyStatus": false,
* "isStaffClosedOption": false,
* "isStaffReopenedStatus": false,
* "isDefaultStaffReplyStatus": false,
* "lockedTicketStatus": false,
* "isAutocloseOption": false,
* "closable": "yes",
* "key": null,
* "keys": [
* {
* "language": "English",
* "text": "New"
* },
* {
* "language": "Español",
* "text": "Nuevo"
* }
* ]
* }
*/
if ($request_method == 'GET') {
if (isset($_GET['id'])) {
$results = get_status($hesk_settings, $_GET['id']);
} else {
$results = get_status($hesk_settings);
}
if ($results == NULL) {
return http_response_code(404);
}
return output($results);
}
return http_response_code(405);

@ -0,0 +1,108 @@
<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', '../../');
define('API_PATH', '../');
require_once(HESK_PATH . 'hesk_settings.inc.php');
require_once(HESK_PATH . 'inc/common.inc.php');
require_once(API_PATH . 'core/headers.php');
require_once(API_PATH . 'core/output.php');
require_once(API_PATH . 'businesslogic/ticket_retriever.php');
require_once(API_PATH . 'businesslogic/security_retriever.php');
hesk_load_api_database_functions();
hesk_dbConnect();
// Routing
$request_method = $_SERVER['REQUEST_METHOD'];
/**
* @api {get} /ticket Retrieve a ticket (staff-side)
* @apiVersion 0.0.0
* @apiName GetTicket
* @apiGroup Ticket
* @apiPermission protected
*
* @apiParam {Number} [id] The ID of the ticket.
*
* @apiSuccess {Number} id ID of the ticket
* @apiSuccess {String} trackid The tracking id of the ticket
* @apiSuccess {String} name The name of the contact
* @apiSuccess {String} email The email address of the ticket (empty string if no email)
* @apiSuccess {Integer} category The ID of the category the ticket is in
* @apiSuccess {Integer} priority The ID of the priority the ticket is in
* @apiSuccess {String} subject The subject of the ticket
* @apiSuccess {String} message The original message of the ticket
* @apiSuccess {String} dt The date and time the ticket was submitted, in `YYYY-MM-DD hh:mm:ss`
* @apiSuccess {Integer} status The ID of the status the ticket is set to
* @apiSuccess {Boolean} archive `true` if the ticket is tagged<br>`false` otherwise
* @apiSuccess {Boolean} locked `true` if the ticket is locked<br>`false` otherwise
* @apiSuccess {Binary[]} attachments Array of attachments, in base-64 encoded binary
* @apiSuccess {Integer[]} merged Array of merged ticket IDs
* @apiSuccess {String} custom1-20 Custom fields 1-20's values.
* @apiSuccess {Boolean} html `true` if the ticket was created with HTML encoding<br>`false` otherwise
*
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200 OK
* {
* "id": 22,
* "trackingId": "EVL-RRL-DUBG",
* "name": "Test",
* "email": "",
* "category": 1,
* "priority": 3,
* "subject": "test",
* "message": "test",
* "dateCreated": "2014-12-28 00:57:26",
* "status": 3,
* "archive": true,
* "locked": true,
* "attachments": "",
* "merged": "",
* "custom1": "1420671600",
* "custom2": "",
* "custom3": "",
* "custom4": "",
* "custom5": "",
* "custom6": "",
* "custom7": "",
* "custom8": "",
* "custom9": "",
* "custom10": "",
* "custom11": "",
* "custom12": "",
* "custom13": "",
* "custom14": "",
* "custom15": "",
* "custom16": "",
* "custom17": "",
* "custom18": "",
* "custom19": "",
* "custom20": "",
* "html": false,
* }
*
* @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
* @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
*/
if ($request_method == 'GET') {
$token = get_header('X-Auth-Token');
try {
get_user_for_token($token, $hesk_settings);
} catch (AccessException $e) {
return http_response_code($e->getCode());
}
if (isset($_GET['id'])) {
$results = get_ticket($hesk_settings, $_GET['id']);
} else {
return http_response_code(400);
}
if ($results == NULL) {
return http_response_code(404);
}
return output($results);
}
return http_response_code(405);

@ -0,0 +1,6 @@
{
"name": "Mods for HESK API",
"version": "0.0.0",
"description": "Mods for HESK API",
"title": "Mods for HESK API"
}

@ -197,10 +197,6 @@ div.setupButtons {
padding: 10px 0;
}
.hide {
display: none;
}
.font-size-90 {
font-size: .9em !important;
}

@ -154,6 +154,31 @@ function hesk_load_database_functions()
} // END hesk_load_database_functions()
function hesk_load_api_database_functions()
{
require(HESK_PATH . 'api/core/json_error.php');
// Preferrably use the MySQLi functions
if (function_exists('mysqli_connect')) {
require(HESK_PATH . 'api/core/database_mysqli.inc.php');
} // Default to MySQL
else {
require(HESK_PATH . 'api/core/database.inc.php');
}
} // END hesk_load_database_functions()
function hesk_load_internal_api_database_functions()
{
require(HESK_PATH . 'internal-api/core/json_error.php');
// Preferrably use the MySQLi functions
if (function_exists('mysqli_connect')) {
require(HESK_PATH . 'internal-api/core/database_mysqli.inc.php');
} // Default to MySQL
else {
require(HESK_PATH . 'internal-api/core/database.inc.php');
}
} // END hesk_load_database_functions()
function hesk_unlink($file, $older_than = 0)
{
return (is_file($file) && (!$older_than || (time() - filectime($file)) > $older_than) && @unlink($file)) ? true : false;

@ -89,6 +89,12 @@ $modsForHesk_settings = mfh_getSettings();
<script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/leaflet/0.7.3/leaflet.js"></script>
<script type="text/javascript" src="<?php echo HESK_PATH; ?>js/platform.js"></script>
<script type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap-validator.min.js"></script>
<script type="text/javascript" src="<?php echo HESK_PATH; ?>internal-api/js/core.php"></script>
<?php
if (defined('EXTRA_JS')) {
echo EXTRA_JS;
}
?>
<style>
.navbar-default {
background-color: <?php echo $modsForHesk_settings['navbarBackgroundColor']; ?>;

@ -695,18 +695,23 @@ function execute252Scripts()
executeQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET `Value` = '2.5.2' WHERE `Key` = 'modsForHeskVersion'");
}
// BEGIN Version 2.6.0
// Version 2.6.0
function execute260Scripts()
{
global $hesk_settings;
hesk_dbConnect();
executeQuery("CREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logging` (
executeQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` (`Key`, `Value`) VALUES ('public_api', '1')");
executeQuery("CREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logging` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
`username` VARCHAR(200),
`message` MEDIUMTEXT NOT NULL,
`severity` INT NOT NULL,
`location` MEDIUMTEXT,
`timestamp` TIMESTAMP NOT NULL) ENGINE = MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci");
executeQuery("CREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
`username` VARCHAR(200),
`message` MEDIUMTEXT NOT NULL,
`severity` INT NOT NULL,
`location` MEDIUMTEXT,
`timestamp` TIMESTAMP NOT NULL) ENGINE = MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci");
`user_id` INT NOT NULL,
`token` VARCHAR(500) NOT NULL) ENGINE = MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci");
executeQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET `Value` = '2.6.0' WHERE `Key` = 'modsForHeskVersion'");
}

@ -0,0 +1,44 @@
<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', '../../../');
define('INTERNAL_API_PATH', '../../');
require_once(HESK_PATH . 'hesk_settings.inc.php');
require_once(HESK_PATH . 'inc/common.inc.php');
require_once(INTERNAL_API_PATH . 'core/output.php');
require_once(INTERNAL_API_PATH . 'dao/api_authentication_dao.php');
hesk_load_internal_api_database_functions();
hesk_dbConnect();
// Routing
$request_method = $_SERVER['REQUEST_METHOD'];
if ($request_method == 'POST') {
$user_id = $_POST['userId'];
$action = $_POST['action'];
if ($user_id == NULL || $action == NULL) {
return http_response_code(400);
}
if ($action == 'generate') {
$token = '';
$letter_array = ['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'];
// Pick 32 random characters. That will be the hash
for ($i = 0; $i < 32; $i++) {
$letter = $letter_array[rand(0, 15)];
$token .= $letter;
}
$hash = hash("sha512", $token);
store_token($user_id, $hash, $hesk_settings);
output($token);
return http_response_code(200);
} elseif ($action == 'reset') {
reset_tokens($user_id, $hesk_settings);
return http_response_code(204);
} else {
return http_response_code(400);
}
}
return http_response_code(405);

@ -0,0 +1,28 @@
<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', '../../../');
define('INTERNAL_API_PATH', '../../');
require_once(HESK_PATH . 'hesk_settings.inc.php');
require_once(HESK_PATH . 'inc/common.inc.php');
require_once(INTERNAL_API_PATH . 'core/output.php');
require_once(INTERNAL_API_PATH . 'dao/settings_dao.php');
hesk_load_internal_api_database_functions();
hesk_dbConnect();
// Routing
$request_method = $_SERVER['REQUEST_METHOD'];
if ($request_method == 'POST') {
$key = $_POST['key'];
$value = $_POST['value'];
if ($key == NULL || $value == NULL) {
return http_response_code(400);
}
update_setting($key, $value, $hesk_settings);
return http_response_code(204);
}
return http_response_code(405);

@ -0,0 +1,250 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.1 from 26th February 2015
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
function hesk_dbSetNames()
{
global $hesk_settings, $hesk_db_link;
if ($hesk_settings['db_vrsn'])
{
mysql_set_charset('utf8', $hesk_db_link);
}
else
{
hesk_dbQuery("SET NAMES 'utf8'");
}
} // END hesk_dbSetNames()
function hesk_dbFormatEmail($email, $field = 'email')
{
global $hesk_settings;
$email = hesk_dbLike($email);
if ($hesk_settings['multi_eml'])
{
return " (`".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email).",%' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email).",%') ";
}
else
{
return " `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' ";
}
} // END hesk_dbFormatEmail()
function hesk_dbTime()
{
$res = hesk_dbQuery("SELECT NOW()");
return strtotime(hesk_dbResult($res,0,0));
} // END hesk_dbTime()
function hesk_dbEscape($in)
{
global $hesk_db_link;
$in = mysql_real_escape_string(stripslashes($in), $hesk_db_link);
$in = str_replace('`','&#96;',$in);
return $in;
} // END hesk_dbEscape()
function hesk_dbLike($in)
{
return str_replace( array('_', '%'), array('\\\\_', '\\\\%'), $in);
} // END hesk_dbLike()
function hesk_dbConnect()
{
global $hesk_settings;
global $hesk_db_link;
global $hesklang;
// Is mysql supported?
if ( ! function_exists('mysql_connect') )
{
die($hesklang['emp']);
}
// Connect to the database
$hesk_db_link = @mysql_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass']);
// Errors?
if ( ! $hesk_db_link)
{
if ($hesk_settings['debug_mode'])
{
$message = $hesklang['mysql_said'] . ': ' . mysql_error();
}
else
{
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
}
header('Content-Type: application/json');
print_error($hesklang['cant_connect_db'], $message);
return http_response_code(500);
}
if ( ! @mysql_select_db($hesk_settings['db_name'], $hesk_db_link))
{
if ($hesk_settings['debug_mode'])
{
$message = $hesklang['mysql_said'] . ': ' . mysql_error();
}
else
{
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
}
header('Content-Type: application/json');
print_error($hesklang['cant_connect_db'], $message);
die();
}
// Check MySQL/PHP version and set encoding to utf8
hesk_dbSetNames();
return $hesk_db_link;
} // END hesk_dbConnect()
function hesk_dbClose()
{
global $hesk_db_link;
return @mysql_close($hesk_db_link);
} // END hesk_dbClose()
function hesk_dbQuery($query)
{
global $hesk_last_query;
global $hesk_db_link;
global $hesklang, $hesk_settings;
if ( ! $hesk_db_link && ! hesk_dbConnect())
{
return false;
}
$hesk_last_query = $query;
if ($res = @mysql_query($query, $hesk_db_link))
{
return $res;
}
elseif ($hesk_settings['debug_mode'])
{
$message = $hesklang['mysql_said'] . mysql_error();
}
else
{
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
}
header('Content-Type: application/json');
print_error($hesklang['cant_sql'], $message);
die();
} // END hesk_dbQuery()
function hesk_dbFetchAssoc($res)
{
return @mysql_fetch_assoc($res);
} // END hesk_FetchAssoc()
function hesk_dbFetchRow($res)
{
return @mysql_fetch_row($res);
} // END hesk_FetchRow()
function hesk_dbResult($res, $row = 0, $column = 0)
{
return @mysql_result($res, $row, $column);
} // END hesk_dbResult()
function hesk_dbInsertID()
{
global $hesk_db_link;
if ($lastid = @mysql_insert_id($hesk_db_link))
{
return $lastid;
}
} // END hesk_dbInsertID()
function hesk_dbFreeResult($res)
{
return mysql_free_result($res);
} // END hesk_dbFreeResult()
function hesk_dbNumRows($res)
{
return @mysql_num_rows($res);
} // END hesk_dbNumRows()
function hesk_dbAffectedRows()
{
global $hesk_db_link;
return @mysql_affected_rows($hesk_db_link);
} // END hesk_dbAffectedRows()

@ -0,0 +1,255 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.1 from 26th February 2015
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
function hesk_dbSetNames()
{
global $hesk_settings, $hesk_db_link;
if ($hesk_settings['db_vrsn'])
{
mysqli_set_charset($hesk_db_link, 'utf8');
}
else
{
hesk_dbQuery("SET NAMES 'utf8'");
}
} // END hesk_dbSetNames()
function hesk_dbFormatEmail($email, $field = 'email')
{
global $hesk_settings;
$email = hesk_dbLike($email);
if ($hesk_settings['multi_eml'])
{
return " (`".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email).",%' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email).",%') ";
}
else
{
return " `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' ";
}
} // END hesk_dbFormatEmail()
function hesk_dbTime()
{
$res = hesk_dbQuery("SELECT NOW()");
return strtotime(hesk_dbResult($res,0,0));
} // END hesk_dbTime()
function hesk_dbEscape($in)
{
global $hesk_db_link;
$in = mysqli_real_escape_string($hesk_db_link, stripslashes($in));
$in = str_replace('`','&#96;',$in);
return $in;
} // END hesk_dbEscape()
function hesk_dbLike($in)
{
return str_replace( array('_', '%'), array('\\\\_', '\\\\%'), $in);
} // END hesk_dbLike()
function hesk_dbConnect()
{
global $hesk_settings;
global $hesk_db_link;
global $hesklang;
// Is mysqli supported?
if ( ! function_exists('mysqli_connect') )
{
die($hesklang['emp']);
}
// Do we need a special port? Check and connect to the database
if ( strpos($hesk_settings['db_host'], ':') )
{
list($hesk_settings['db_host'], $hesk_settings['db_port']) = explode(':', $hesk_settings['db_host']);
$hesk_db_link = @mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name'], intval($hesk_settings['db_port']) );
}
else
{
$hesk_db_link = @mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name']);
}
// Errors?
if ( ! $hesk_db_link)
{
if ($hesk_settings['debug_mode'])
{
$message = $hesklang['mysql_said'] . ': (' . mysqli_connect_errno() . ') ' . mysqli_connect_error();
}
else
{
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
}
header('Content-Type: application/json');
print_error($hesklang['cant_connect_db'], $message);
http_response_code(500);
}
// Check MySQL/PHP version and set encoding to utf8
hesk_dbSetNames();
return $hesk_db_link;
} // END hesk_dbConnect()
function hesk_dbClose()
{
global $hesk_db_link;
return @mysqli_close($hesk_db_link);
} // END hesk_dbClose()
function hesk_dbQuery($query)
{
global $hesk_last_query;
global $hesk_db_link;
global $hesklang, $hesk_settings;
if ( ! $hesk_db_link && ! hesk_dbConnect())
{
return false;
}
$hesk_last_query = $query;
#echo "<p>EXPLAIN $query</p>\n";
if ($res = @mysqli_query($hesk_db_link, $query))
{
return $res;
}
elseif ($hesk_settings['debug_mode'])
{
$message = $hesklang['mysql_said'] . ': ' . mysqli_error($hesk_db_link);
}
else
{
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
}
header('Content-Type: application/json');
print_error($hesklang['cant_sql'], $message);
die(http_response_code(500));
} // END hesk_dbQuery()
function hesk_dbFetchAssoc($res)
{
return @mysqli_fetch_assoc($res);
} // END hesk_FetchAssoc()
function hesk_dbFetchRow($res)
{
return @mysqli_fetch_row($res);
} // END hesk_FetchRow()
function hesk_dbResult($res, $row = 0, $column = 0)
{
$i=0;
$res->data_seek(0);
while ($tmp = @mysqli_fetch_array($res, MYSQLI_NUM))
{
if ($i==$row)
{
return $tmp[$column];
}
$i++;
}
return '';
} // END hesk_dbResult()
function hesk_dbInsertID()
{
global $hesk_db_link;
if ($lastid = @mysqli_insert_id($hesk_db_link))
{
return $lastid;
}
} // END hesk_dbInsertID()
function hesk_dbFreeResult($res)
{
return @mysqli_free_result($res);
} // END hesk_dbFreeResult()
function hesk_dbNumRows($res)
{
return @mysqli_num_rows($res);
} // END hesk_dbNumRows()
function hesk_dbAffectedRows()
{
global $hesk_db_link;
return @mysqli_affected_rows($hesk_db_link);
} // END hesk_dbAffectedRows()

@ -0,0 +1,11 @@
<?php
function print_error($title, $message) {
$error = array();
$error['type'] = 'ERROR';
$error['title'] = $title;
$error['message'] = $message;
print json_encode($error);
return;
}

@ -0,0 +1,7 @@
<?php
function output($data, $status_code = 200) {
header('Content-Type: application/json');
print json_encode($data);
return http_response_code($status_code);
}

@ -0,0 +1,12 @@
<?php
function store_token($user_id, $token_hash, $hesk_settings) {
$sql = "INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens` (`user_id`, `token`)
VALUES (" . intval($user_id) . ", '" . hesk_dbEscape($token_hash) . "')";
hesk_dbQuery($sql);
}
function reset_tokens($user_id, $hesk_settings) {
$sql = "DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens` WHERE `user_id` = ".intval($user_id);
hesk_dbQuery($sql);
}

@ -0,0 +1,8 @@
<?php
function update_setting($key, $value, $hesk_settings) {
$sql = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET
`Value` = '" . hesk_dbEscape($value) . "' WHERE `Key` = '" . hesk_dbEscape($key) . "'";
hesk_dbQuery($sql);
}

@ -0,0 +1,120 @@
$(document).ready(function() {
$('#enable-api-button').click(function() {
updatePublicApi('1', '#enable-api-button');
});
$('#disable-api-button').click(function() {
updatePublicApi('0', '#disable-api-button');
});
});
function updatePublicApi(enable) {
var endpoint = getHelpdeskUrl();
endpoint += '/internal-api/admin/api-settings/';
var data = {
key: 'public_api',
value: enable
};
$('#enable-api-button').addClass('disabled');
$('#disable-api-button').addClass('disabled');
markSaving('public-api');
$.ajax({
url: endpoint,
data: data,
method: 'POST',
success: function() {
$('#enable-api-button').removeClass('disabled');
$('#disable-api-button').removeClass('disabled');
markSuccess('public-api');
if (enable == '1') {
$('#public-api-sidebar').addClass('success')
.removeClass('danger');
$('#public-api-sidebar-enabled').removeClass('hide');
$('#public-api-sidebar-disabled').addClass('hide');
} else {
$('#public-api-sidebar').addClass('danger')
.removeClass('success');
$('#public-api-sidebar-disabled').removeClass('hide');
$('#public-api-sidebar-enabled').addClass('hide');
}
},
error: function(data) {
console.error(data);
$('#enable-api-button').removeClass('disabled');
$('#disable-api-button').removeClass('disabled');
markFailure('public-api');
}
});
}
function markSuccess(id) {
$('#' + id + '-saving').addClass('hide');
$('#' + id + '-failure').addClass('hide');
$('#' + id + '-success').removeClass('hide');
}
function markSaving(id) {
$('#' + id + '-saving').removeClass('hide');
$('#' + id + '-failure').addClass('hide');
$('#' + id + '-success').addClass('hide');
}
function markFailure(id) {
$('#' + id + '-saving').addClass('hide');
$('#' + id + '-failure').removeClass('hide');
$('#' + id + '-success').addClass('hide');
}
function generateToken(userId) {
var endpoint = getHelpdeskUrl();
endpoint += '/internal-api/admin/api-authentication/';
markSaving('token-' + userId);
$('#token-' + userId + '-reset').addClass('hide');
$('#token-' + userId + '-created').addClass('hide');
var data = {
userId: userId,
action: 'generate'
};
$.ajax({
url: endpoint,
data: data,
method: 'POST',
success: function (data) {
$('#token-' + userId + '-created > td > .token').text(data);
$('#token-' + userId + '-created').removeClass('hide');
markSuccess('token-' + userId);
var oldNumberOfTokens = parseInt($('#token-' + userId + '-count').text());
$('#token-' + userId + '-count').text(++oldNumberOfTokens);
},
error: function (data) {
console.error(data);
markFailure('token-' + userId);
}
});
}
function clearTokens(userId) {
var endpoint = getHelpdeskUrl();
endpoint += '/internal-api/admin/api-authentication/';
markSaving('token-' + userId);
$('#token-' + userId + '-reset').addClass('hide');
$('#token-' + userId + '-created').addClass('hide');
var data = {
userId: userId,
action: 'reset'
};
$.ajax({
url: endpoint,
data: data,
method: 'POST',
success: function() {
$('#token-' + userId + '-reset').removeClass('hide');
$('#token-' + userId + '-count').text('0');
markSuccess('token-' + userId);
},
error: function(data) {
console.error(data);
markFailure('token-' + userId);
}
});
}

@ -0,0 +1,9 @@
<?php
define('IN_SCRIPT', 1);
require_once('../../hesk_settings.inc.php');
header('Content-Type: application/javascript');
echo "
function getHelpdeskUrl() {
return '".$hesk_settings['hesk_url']."';
}
";
Loading…
Cancel
Save