Merge pull request #109 from mkoch227/remove-2-6-0-features
Remove features that will be in HESK 2.6.0merge-requests/2/head
commit
704236ee31
@ -1,174 +0,0 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.5.3 from 16th March 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
define('IN_SCRIPT',1);
|
||||
define('HESK_PATH','./');
|
||||
|
||||
// Get all the required files and functions
|
||||
require(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require(HESK_PATH . 'inc/common.inc.php');
|
||||
hesk_load_database_functions();
|
||||
|
||||
hesk_session_start();
|
||||
|
||||
// Knowledgebase attachments
|
||||
if ( isset($_GET['kb_att']) )
|
||||
{
|
||||
// Attachment ID
|
||||
$att_id = intval( hesk_GET('kb_att') ) or hesk_error($hesklang['id_not_valid']);
|
||||
|
||||
// Connect to database
|
||||
hesk_dbConnect();
|
||||
|
||||
// Get attachment info
|
||||
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
|
||||
if (hesk_dbNumRows($res) != 1)
|
||||
{
|
||||
hesk_error($hesklang['id_not_valid'].' (att_id)');
|
||||
}
|
||||
$file = hesk_dbFetchAssoc($res);
|
||||
|
||||
// Is this person allowed access to this attachment?
|
||||
$res = hesk_dbQuery("SELECT `t1`.`type` as `cat_type`, `t2`.`type` as `art_type`
|
||||
FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t2`
|
||||
JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t1`
|
||||
ON `t2`.`catid` = `t1`.`id`
|
||||
WHERE (`t2`.`attachments` LIKE '{$att_id}#%' OR `t2`.`attachments` LIKE '%,{$att_id}#%' )
|
||||
LIMIT 1");
|
||||
|
||||
// If no attachment found, throw an error
|
||||
if (hesk_dbNumRows($res) != 1)
|
||||
{
|
||||
hesk_error($hesklang['id_not_valid'].' (no_art)');
|
||||
}
|
||||
$row = hesk_dbFetchAssoc($res);
|
||||
|
||||
// Private or draft article or category?
|
||||
if ($row['cat_type'] || $row['art_type'])
|
||||
{
|
||||
if ( empty($_SESSION['id']) )
|
||||
{
|
||||
// This is a staff-only attachment
|
||||
hesk_error($hesklang['attpri']);
|
||||
}
|
||||
elseif ($row['art_type'] == 2)
|
||||
{
|
||||
// Need permission to manage KB to access draft attachments
|
||||
require(HESK_PATH . 'inc/admin_functions.inc.php');
|
||||
hesk_checkPermission('can_man_kb');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Ticket attachments
|
||||
else
|
||||
{
|
||||
// Attachmend ID and ticket tracking ID
|
||||
$att_id = intval( hesk_GET('att_id', 0) ) or die($hesklang['id_not_valid']);
|
||||
|
||||
$type = '';
|
||||
if (isset($_GET['track'])) {
|
||||
$tic_id = hesk_cleanID() or die("$hesklang[int_error]: $hesklang[no_trackID]");
|
||||
$type = 'ticket';
|
||||
} elseif (isset($_GET['note'])) {
|
||||
$tic_id = intval($_GET['note']) || die ("$hesklang[int_error]: $hesklang[no_noteID]");
|
||||
$type = 'note';
|
||||
}
|
||||
|
||||
// Connect to database
|
||||
hesk_dbConnect();
|
||||
|
||||
// Get attachment info
|
||||
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
|
||||
if (hesk_dbNumRows($res) != 1)
|
||||
{
|
||||
hesk_error($hesklang['id_not_valid'].' (att_id)');
|
||||
}
|
||||
$file = hesk_dbFetchAssoc($res);
|
||||
|
||||
// Is ticket/note ID valid for this attachment?
|
||||
if ($type == 'ticket' && $file['ticket_id'] != $tic_id)
|
||||
{
|
||||
hesk_error($hesklang['trackID_not_found']);
|
||||
} elseif ($type == 'note' && $file['note_id'] != $tic_id)
|
||||
{
|
||||
hesk_error($hesklang['note_id_not_found']);
|
||||
}
|
||||
|
||||
// Verify email address match if needed
|
||||
if ( empty($_SESSION['id']) )
|
||||
{
|
||||
hesk_verifyEmailMatch($tic_id);
|
||||
}
|
||||
}
|
||||
|
||||
// Path of the file on the server
|
||||
$realpath = $hesk_settings['attach_dir'] . '/' . $file['saved_name'];
|
||||
|
||||
// Perhaps the file has been deleted?
|
||||
if ( ! file_exists($realpath))
|
||||
{
|
||||
hesk_error($hesklang['attdel']);
|
||||
}
|
||||
|
||||
// Send the file as an attachment to prevent malicious code from executing
|
||||
header("Pragma: "); # To fix a bug in IE when running https
|
||||
header("Cache-Control: "); # To fix a bug in IE when running https
|
||||
header('Content-Description: File Transfer');
|
||||
header('Content-Type: application/octet-stream');
|
||||
header('Content-Length: ' . $file['size']);
|
||||
header('Content-Disposition: attachment; filename=' . $file['real_name']);
|
||||
|
||||
// For larger files use chunks, smaller ones can be read all at once
|
||||
$chunksize = 1048576; // = 1024 * 1024 (1 Mb)
|
||||
if ($file['size'] > $chunksize)
|
||||
{
|
||||
$handle = fopen($realpath, 'rb');
|
||||
$buffer = '';
|
||||
while ( ! feof($handle))
|
||||
{
|
||||
set_time_limit(300);
|
||||
$buffer = fread($handle, $chunksize);
|
||||
echo $buffer;
|
||||
flush();
|
||||
}
|
||||
fclose($handle);
|
||||
}
|
||||
else
|
||||
{
|
||||
readfile($realpath);
|
||||
}
|
||||
|
||||
exit();
|
||||
?>
|
@ -1,694 +0,0 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.5.4 from 4th August 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
/* Check if this is a valid include */
|
||||
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
|
||||
|
||||
/*** FUNCTIONS ***/
|
||||
|
||||
|
||||
function hesk_getHHMMSS($in)
|
||||
{
|
||||
$in = hesk_getTime($in);
|
||||
return explode(':', $in);
|
||||
} // END hesk_getHHMMSS();
|
||||
|
||||
|
||||
function hesk_getTime($in)
|
||||
{
|
||||
$in = trim($in);
|
||||
|
||||
/* If everything is OK this simple check should return true */
|
||||
if ( preg_match('/^([0-9]{2,3}):([0-5][0-9]):([0-5][0-9])$/', $in) )
|
||||
{
|
||||
return $in;
|
||||
}
|
||||
|
||||
/* No joy, let's try to figure out the correct values to use... */
|
||||
$h = 0;
|
||||
$m = 0;
|
||||
$s = 0;
|
||||
|
||||
/* How many parts do we have? */
|
||||
$parts = substr_count($in, ':');
|
||||
|
||||
switch ($parts)
|
||||
{
|
||||
/* Only two parts, let's assume minutes and seconds */
|
||||
case 1:
|
||||
list($m, $s) = explode(':', $in);
|
||||
break;
|
||||
|
||||
/* Three parts, so explode to hours, minutes and seconds */
|
||||
case 2:
|
||||
list($h, $m, $s) = explode(':', $in);
|
||||
break;
|
||||
|
||||
/* Something other was entered, let's assume just minutes */
|
||||
default:
|
||||
$m = $in;
|
||||
}
|
||||
|
||||
/* Make sure all inputs are integers */
|
||||
$h = intval($h);
|
||||
$m = intval($m);
|
||||
$s = intval($s);
|
||||
|
||||
/* Convert seconds to minutes if 60 or more seconds */
|
||||
if ($s > 59)
|
||||
{
|
||||
$m = floor($s / 60) + $m;
|
||||
$s = intval($s % 60);
|
||||
}
|
||||
|
||||
/* Convert minutes to hours if 60 or more minutes */
|
||||
if ($m > 59)
|
||||
{
|
||||
$h = floor($m / 60) + $h;
|
||||
$m = intval($m % 60);
|
||||
}
|
||||
|
||||
/* MySQL accepts max time value of 838:59:59 */
|
||||
if ($h > 838)
|
||||
{
|
||||
return '838:59:59';
|
||||
}
|
||||
|
||||
/* That's it, let's send out formatted time string */
|
||||
return str_pad($h, 2, "0", STR_PAD_LEFT) . ':' . str_pad($m, 2, "0", STR_PAD_LEFT) . ':' . str_pad($s, 2, "0", STR_PAD_LEFT);
|
||||
|
||||
} // END hesk_getTime();
|
||||
|
||||
|
||||
function hesk_mergeTickets($merge_these, $merge_into)
|
||||
{
|
||||
global $hesk_settings, $hesklang, $hesk_db_link;
|
||||
|
||||
/* Target ticket must not be in the "merge these" list */
|
||||
if ( in_array($merge_into, $merge_these) )
|
||||
{
|
||||
$merge_these = array_diff($merge_these, array( $merge_into ) );
|
||||
}
|
||||
|
||||
/* At least 1 ticket needs to be merged with target ticket */
|
||||
if ( count($merge_these) < 1 )
|
||||
{
|
||||
$_SESSION['error'] = $hesklang['merr1'];
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Make sure target ticket exists */
|
||||
$res = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($merge_into)."' LIMIT 1");
|
||||
if (hesk_dbNumRows($res) != 1)
|
||||
{
|
||||
$_SESSION['error'] = $hesklang['merr2'];
|
||||
return false;
|
||||
}
|
||||
$ticket = hesk_dbFetchAssoc($res);
|
||||
|
||||
/* Make sure user has access to ticket category */
|
||||
if ( ! hesk_okCategory($ticket['category'], 0) )
|
||||
{
|
||||
$_SESSION['error'] = $hesklang['merr3'];
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Set some variables for later */
|
||||
$merge['attachments'] = '';
|
||||
$merge['replies'] = array();
|
||||
$merge['notes'] = array();
|
||||
$sec_worked = 0;
|
||||
$history = '';
|
||||
$merged = '';
|
||||
|
||||
/* Get messages, replies, notes and attachments of tickets that will be merged */
|
||||
foreach ($merge_these as $this_id)
|
||||
{
|
||||
/* Validate ID */
|
||||
if ( is_array($this_id) )
|
||||
{
|
||||
continue;
|
||||
}
|
||||
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
|
||||
|
||||
/* Get required ticket information */
|
||||
$res = hesk_dbQuery("SELECT `id`,`trackid`,`category`,`name`,`message`,`dt`,`time_worked`,`attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1");
|
||||
if (hesk_dbNumRows($res) != 1)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
$row = hesk_dbFetchAssoc($res);
|
||||
|
||||
/* Has this user access to the ticket category? */
|
||||
if ( ! hesk_okCategory($row['category'], 0) )
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Insert ticket message as a new reply to target ticket */
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($row['name'])."','".hesk_dbEscape($row['message'])."','".hesk_dbEscape($row['dt'])."','".hesk_dbEscape($row['attachments'])."')");
|
||||
|
||||
/* Update attachments */
|
||||
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` SET `ticket_id`='".hesk_dbEscape($ticket['trackid'])."' WHERE `ticket_id`='".hesk_dbEscape($row['trackid'])."'");
|
||||
|
||||
/* Get old ticket replies and insert them as new replies */
|
||||
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($row['id'])."'");
|
||||
while ( $reply = hesk_dbFetchAssoc($res) )
|
||||
{
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`,`rating`,`read`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($reply['name'])."','".hesk_dbEscape($reply['message'])."','".hesk_dbEscape($reply['dt'])."','".hesk_dbEscape($reply['attachments'])."','".intval($reply['staffid'])."','".intval($reply['rating'])."','".intval($reply['read'])."')");
|
||||
}
|
||||
|
||||
/* Delete replies to the old ticket */
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($row['id'])."'");
|
||||
|
||||
/* Get old ticket notes and insert them as new notes */
|
||||
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($row['id'])."'");
|
||||
while ( $note = hesk_dbFetchAssoc($res) )
|
||||
{
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`) VALUES ('".intval($ticket['id'])."','".intval($note['who'])."','".hesk_dbEscape($note['dt'])."','".hesk_dbEscape($note['message'])."')");
|
||||
}
|
||||
|
||||
/* Delete replies to the old ticket */
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($row['id'])."'");
|
||||
|
||||
/* Delete old ticket */
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($row['id'])."'");
|
||||
|
||||
/* Log that ticket has been merged */
|
||||
$history .= sprintf($hesklang['thist13'],hesk_date(),$row['trackid'],$_SESSION['name'].' ('.$_SESSION['user'].')');
|
||||
|
||||
/* Add old ticket ID to target ticket "merged" field */
|
||||
$merged .= '#' . $row['trackid'];
|
||||
|
||||
/* Convert old ticket "time worked" to seconds and add to $sec_worked variable */
|
||||
list ($hr, $min, $sec) = explode(':', $row['time_worked']);
|
||||
$sec_worked += (((int)$hr) * 3600) + (((int)$min) * 60) + ((int)$sec);
|
||||
}
|
||||
|
||||
/* Convert seconds to HHH:MM:SS */
|
||||
$sec_worked = hesk_getTime('0:'.$sec_worked);
|
||||
|
||||
/* Update history (log) and merged IDs of target ticket */
|
||||
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `time_worked`=ADDTIME(`time_worked`, '".hesk_dbEscape($sec_worked)."'), `merged`=CONCAT(`merged`,'".hesk_dbEscape($merged . '#')."'), `history`=CONCAT(`history`,'".hesk_dbEscape($history)."') WHERE `id`='".intval($merge_into)."' LIMIT 1");
|
||||
|
||||
return true;
|
||||
|
||||
} // END hesk_mergeTickets()
|
||||
|
||||
|
||||
function hesk_updateStaffDefaults()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
// Demo mode
|
||||
if ( defined('HESK_DEMO') )
|
||||
{
|
||||
return true;
|
||||
}
|
||||
// Remove the part that forces saving as default - we don't need it every time
|
||||
$default_list = str_replace('&def=1','',$_SERVER['QUERY_STRING']);
|
||||
|
||||
// Update database
|
||||
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `default_list`='".hesk_dbEscape($default_list)."' WHERE `id`='".intval($_SESSION['id'])."'");
|
||||
|
||||
// Update session values so the changes take effect immediately
|
||||
$_SESSION['default_list'] = $default_list;
|
||||
|
||||
return true;
|
||||
|
||||
} // END hesk_updateStaffDefaults()
|
||||
|
||||
|
||||
function hesk_makeJsString($in)
|
||||
{
|
||||
return addslashes(preg_replace("/\s+/",' ',$in));
|
||||
} // END hesk_makeJsString()
|
||||
|
||||
|
||||
function hesk_checkNewMail()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
$res = hesk_dbQuery("SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `to`='".intval($_SESSION['id'])."' AND `read`='0' AND `deletedby`!='".intval($_SESSION['id'])."' ");
|
||||
$num = hesk_dbResult($res,0,0);
|
||||
|
||||
return $num;
|
||||
} // END hesk_checkNewMail()
|
||||
|
||||
|
||||
function hesk_dateToString($dt, $returnName=1, $returnTime=0, $returnMonth=0, $from_database=false)
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
$dt = strtotime($dt);
|
||||
|
||||
// Adjust MySQL time if different from PHP time
|
||||
if ($from_database)
|
||||
{
|
||||
if ( ! defined('MYSQL_TIME_DIFF') )
|
||||
{
|
||||
define('MYSQL_TIME_DIFF', time()-hesk_dbTime() );
|
||||
}
|
||||
|
||||
if (MYSQL_TIME_DIFF != 0)
|
||||
{
|
||||
$dt += MYSQL_TIME_DIFF;
|
||||
}
|
||||
|
||||
// Add HESK set time difference
|
||||
$dt += 3600*$hesk_settings['diff_hours'] + 60*$hesk_settings['diff_minutes'];
|
||||
|
||||
// Daylight saving?
|
||||
if ($hesk_settings['daylight'] && date('I', $dt))
|
||||
{
|
||||
$dt += 3600;
|
||||
}
|
||||
}
|
||||
|
||||
list($y,$m,$n,$d,$G,$i,$s) = explode('-', date('Y-n-j-w-G-i-s', $dt) );
|
||||
|
||||
$m = $hesklang['m'.$m];
|
||||
$d = $hesklang['d'.$d];
|
||||
|
||||
if ($returnName)
|
||||
{
|
||||
return "$d, $m $n, $y";
|
||||
}
|
||||
|
||||
if ($returnTime)
|
||||
{
|
||||
return "$d, $m $n, $y $G:$i:$s";
|
||||
}
|
||||
|
||||
if ($returnMonth)
|
||||
{
|
||||
return "$m $y";
|
||||
}
|
||||
|
||||
return "$m $n, $y";
|
||||
} // End hesk_dateToString()
|
||||
|
||||
|
||||
function hesk_getCategoriesArray($kb = 0) {
|
||||
global $hesk_settings, $hesklang, $hesk_db_link;
|
||||
|
||||
$categories = array();
|
||||
if ($kb)
|
||||
{
|
||||
$result = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` ORDER BY `cat_order` ASC');
|
||||
}
|
||||
else
|
||||
{
|
||||
$result = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` ORDER BY `cat_order` ASC');
|
||||
}
|
||||
|
||||
while ($row=hesk_dbFetchAssoc($result))
|
||||
{
|
||||
$categories[$row['id']] = $row['name'];
|
||||
}
|
||||
|
||||
return $categories;
|
||||
} // END hesk_getCategoriesArray()
|
||||
|
||||
|
||||
function hesk_getHTML($in)
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
$replace_from = array("\t","<?","?>","$","<%","%>");
|
||||
$replace_to = array("","<?","?>","\$","<%","%>");
|
||||
|
||||
$in = trim($in);
|
||||
$in = str_replace($replace_from,$replace_to,$in);
|
||||
$in = preg_replace('/\<script(.*)\>(.*)\<\/script\>/Uis',"<script$1></script>",$in);
|
||||
$in = preg_replace('/\<\!\-\-(.*)\-\-\>/Uis',"<!-- comments have been removed -->",$in);
|
||||
|
||||
if (HESK_SLASH === true)
|
||||
{
|
||||
$in = addslashes($in);
|
||||
}
|
||||
$in = str_replace('\"','"',$in);
|
||||
|
||||
return $in;
|
||||
} // END hesk_getHTML()
|
||||
|
||||
|
||||
function hesk_autoLogin($noredirect=0)
|
||||
{
|
||||
global $hesk_settings, $hesklang, $hesk_db_link;
|
||||
|
||||
if (!$hesk_settings['autologin'])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$user = hesk_htmlspecialchars( hesk_COOKIE('hesk_username') );
|
||||
$hash = hesk_htmlspecialchars( hesk_COOKIE('hesk_p') );
|
||||
define('HESK_USER', $user);
|
||||
|
||||
if (empty($user) || empty($hash))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Login cookies exist, now lets limit brute force attempts */
|
||||
hesk_limitBfAttempts();
|
||||
|
||||
/* Check username */
|
||||
$result = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `user` = '".hesk_dbEscape($user)."' LIMIT 1");
|
||||
if (hesk_dbNumRows($result) != 1)
|
||||
{
|
||||
setcookie('hesk_username', '');
|
||||
setcookie('hesk_p', '');
|
||||
header('Location: index.php?a=login¬ice=1');
|
||||
exit();
|
||||
}
|
||||
|
||||
$res=hesk_dbFetchAssoc($result);
|
||||
foreach ($res as $k=>$v)
|
||||
{
|
||||
$_SESSION[$k]=$v;
|
||||
}
|
||||
|
||||
/* Check password */
|
||||
if ($hash != hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']) )
|
||||
{
|
||||
setcookie('hesk_username', '');
|
||||
setcookie('hesk_p', '');
|
||||
header('Location: index.php?a=login¬ice=1');
|
||||
exit();
|
||||
}
|
||||
|
||||
/* Check if default password */
|
||||
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079')
|
||||
{
|
||||
hesk_process_messages($hesklang['chdp'],'NOREDIRECT','NOTICE');
|
||||
}
|
||||
|
||||
unset($_SESSION['pass']);
|
||||
|
||||
/* Login successful, clean brute force attempts */
|
||||
hesk_cleanBfAttempts();
|
||||
|
||||
/* Regenerate session ID (security) */
|
||||
hesk_session_regenerate_id();
|
||||
|
||||
/* Get allowed categories */
|
||||
if (empty($_SESSION['isadmin']))
|
||||
{
|
||||
$_SESSION['categories']=explode(',',$_SESSION['categories']);
|
||||
}
|
||||
|
||||
/* Renew cookies */
|
||||
setcookie('hesk_username', "$user", strtotime('+1 year'));
|
||||
setcookie('hesk_p', "$hash", strtotime('+1 year'));
|
||||
|
||||
/* Close any old tickets here so Cron jobs aren't necessary */
|
||||
if ($hesk_settings['autoclose'])
|
||||
{
|
||||
$dt = date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400);
|
||||
|
||||
$waitingForCustomerRS = hesk_dbQuery("SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsDefaultStaffReplyStatus` = 1");
|
||||
$waitingForCustomerStatus = hesk_dbFetchAssoc($waitingForCustomerRS);
|
||||
|
||||
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `status` = ".$waitingForCustomerStatus['ID']." AND `lastchange` <= '".hesk_dbEscape($dt)."' ");
|
||||
if (hesk_dbNumRows($result) > 0)
|
||||
{
|
||||
require(HESK_PATH . 'inc/email_functions.inc.php');
|
||||
global $ticket;
|
||||
while ($ticket = hesk_dbFetchAssoc($result)) {
|
||||
hesk_notifyCustomer('ticket_closed');
|
||||
}
|
||||
|
||||
$revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']);
|
||||
|
||||
$closedStatusRS = hesk_dbQuery("SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsStaffClosedOption` = 1");
|
||||
$closedStatus = hesk_dbFetchAssoc($closedStatusRS);
|
||||
|
||||
$sql = "UPDATE `".$hesk_settings['db_pfix']."tickets` SET `status`=".$closedStatus['ID'].", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `status` = ".$waitingForCustomerStatus['ID']." AND `lastchange` <= '".hesk_dbEscape($dt)."' ";
|
||||
hesk_dbQuery($sql);
|
||||
}
|
||||
}
|
||||
|
||||
/* If session expired while a HESK page is open just continue using it, don't redirect */
|
||||
if ($noredirect)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Redirect to the destination page */
|
||||
if ( hesk_isREQUEST('goto') && $url=hesk_REQUEST('goto') )
|
||||
{
|
||||
$url = str_replace('&','&',$url);
|
||||
header('Location: '.$url);
|
||||
}
|
||||
else
|
||||
{
|
||||
header('Location: admin_main.php');
|
||||
}
|
||||
exit();
|
||||
} // END hesk_autoLogin()
|
||||
|
||||
|
||||
function hesk_isLoggedIn()
|
||||
{
|
||||
global $hesk_settings;
|
||||
|
||||
$referer = hesk_input($_SERVER['REQUEST_URI']);
|
||||
$referer = str_replace('&','&',$referer);
|
||||
|
||||
if (empty($_SESSION['id']))
|
||||
{
|
||||
if ($hesk_settings['autologin'] && hesk_autoLogin(1) )
|
||||
{
|
||||
// Users online
|
||||
if ($hesk_settings['online'])
|
||||
{
|
||||
require(HESK_PATH . 'inc/users_online.inc.php');
|
||||
hesk_initOnline($_SESSION['id']);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
// Some pages cannot be redirected to
|
||||
$modify_redirect = array(
|
||||
'admin_reply_ticket.php' => 'admin_main.php',
|
||||
'admin_settings_save.php' => 'admin_settings.php',
|
||||
'delete_tickets.php' => 'admin_main.php',
|
||||
'move_category.php' => 'admin_main.php',
|
||||
'priority.php' => 'admin_main.php',
|
||||
);
|
||||
|
||||
foreach ($modify_redirect as $from => $to)
|
||||
{
|
||||
if ( strpos($referer,$from) !== false )
|
||||
{
|
||||
$referer = $to;
|
||||
}
|
||||
}
|
||||
|
||||
$url = 'index.php?a=login¬ice=1&goto='.urlencode($referer);
|
||||
header('Location: '.$url);
|
||||
exit();
|
||||
}
|
||||
else
|
||||
{
|
||||
hesk_session_regenerate_id();
|
||||
|
||||
// Need to update permissions?
|
||||
if ( empty($_SESSION['isadmin']) )
|
||||
{
|
||||
$res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `".$hesk_settings['db_pfix']."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1");
|
||||
if (hesk_dbNumRows($res) == 1)
|
||||
{
|
||||
$me = hesk_dbFetchAssoc($res);
|
||||
foreach ($me as $k => $v)
|
||||
{
|
||||
$_SESSION[$k]=$v;
|
||||
}
|
||||
|
||||
// Get allowed categories
|
||||
if (empty($_SESSION['isadmin']) )
|
||||
{
|
||||
$_SESSION['categories']=explode(',',$_SESSION['categories']);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
hesk_session_stop();
|
||||
$url = 'index.php?a=login¬ice=1&goto='.urlencode($referer);
|
||||
header('Location: '.$url);
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
// Users online
|
||||
if ($hesk_settings['online'])
|
||||
{
|
||||
require(HESK_PATH . 'inc/users_online.inc.php');
|
||||
hesk_initOnline($_SESSION['id']);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
} // END hesk_isLoggedIn()
|
||||
|
||||
|
||||
function hesk_Pass2Hash($plaintext) {
|
||||
$majorsalt = '';
|
||||
$len = strlen($plaintext);
|
||||
for ($i=0;$i<$len;$i++)
|
||||
{
|
||||
$majorsalt .= sha1(substr($plaintext,$i,1));
|
||||
}
|
||||
$corehash = sha1($majorsalt);
|
||||
return $corehash;
|
||||
} // END hesk_Pass2Hash()
|
||||
|
||||
|
||||
function hesk_formatDate($dt)
|
||||
{
|
||||
$dt=hesk_date($dt);
|
||||
$dt=str_replace(' ','<br />',$dt);
|
||||
return $dt;
|
||||
} // End hesk_formatDate()
|
||||
|
||||
|
||||
function hesk_jsString($str)
|
||||
{
|
||||
$str = str_replace( array('\'','<br />') , array('\\\'','') ,$str);
|
||||
$from = array("/\r\n|\n|\r/", '/\<a href="mailto\:([^"]*)"\>([^\<]*)\<\/a\>/i', '/\<a href="([^"]*)" target="_blank"\>([^\<]*)\<\/a\>/i');
|
||||
$to = array("\\r\\n' + \r\n'", "$1", "$1");
|
||||
return preg_replace($from,$to,$str);
|
||||
} // END hesk_jsString()
|
||||
|
||||
|
||||
function hesk_myCategories($what='category')
|
||||
{
|
||||
if ( ! empty($_SESSION['isadmin']) )
|
||||
{
|
||||
return '1';
|
||||
}
|
||||
else
|
||||
{
|
||||
return " `".hesk_dbEscape($what)."` IN ('" . implode("','", array_map('intval', $_SESSION['categories']) ) . "')";
|
||||
}
|
||||
} // END hesk_myCategories()
|
||||
|
||||
|
||||
function hesk_okCategory($cat,$error=1,$user_isadmin=false,$user_cat=false)
|
||||
{
|
||||
global $hesklang;
|
||||
|
||||
/* Checking for current user or someone else? */
|
||||
if ($user_isadmin === false)
|
||||
{
|
||||
$user_isadmin = $_SESSION['isadmin'];
|
||||
}
|
||||
|
||||
if ($user_cat === false)
|
||||
{
|
||||
$user_cat = $_SESSION['categories'];
|
||||
}
|
||||
|
||||
/* Is admin? */
|
||||
if ($user_isadmin)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
/* Staff with access? */
|
||||
elseif (in_array($cat,$user_cat))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
/* No access */
|
||||
else
|
||||
{
|
||||
if ($error)
|
||||
{
|
||||
hesk_error($hesklang['not_authorized_tickets']);
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
} // END hesk_okCategory()
|
||||
|
||||
|
||||
function hesk_checkPermission($feature,$showerror=1) {
|
||||
global $hesklang;
|
||||
|
||||
|
||||
/* Check if this is for managing settings */
|
||||
if ($feature == 'can_manage_settings')
|
||||
{
|
||||
if ($_SESSION['can_manage_settings']) {
|
||||
return true;
|
||||
} else {
|
||||
if ($showerror) {
|
||||
hesk_error($hesklang['no_permission'].'<p> </p><p align="center"><a href="index.php">'.$hesklang['click_login'].'</a>');
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Admins have full access to all features, besides possibly settings */
|
||||
if ($_SESSION['isadmin'])
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Check other staff for permissions */
|
||||
if (strpos($_SESSION['heskprivileges'], $feature) === false)
|
||||
{
|
||||
if ($showerror)
|
||||
{
|
||||
hesk_error($hesklang['no_permission'].'<p> </p><p align="center"><a href="index.php">'.$hesklang['click_login'].'</a>');
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
} // END hesk_checkPermission()
|
@ -1,505 +0,0 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.5.5 from 5th August 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
/* Check if this is a valid include */
|
||||
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
|
||||
|
||||
// Include all functions needed for email piping
|
||||
hesk_load_database_functions();
|
||||
require(HESK_PATH . 'inc/email_functions.inc.php');
|
||||
require(HESK_PATH . 'inc/posting_functions.inc.php');
|
||||
require(HESK_PATH . 'inc/mail/rfc822_addresses.php');
|
||||
require(HESK_PATH . 'inc/mail/mime_parser.php');
|
||||
require(HESK_PATH . 'inc/mail/email_parser.php');
|
||||
|
||||
/*** FUNCTIONS ***/
|
||||
|
||||
function hesk_email2ticket($results, $pop3 = 0)
|
||||
{
|
||||
global $hesk_settings, $hesklang, $hesk_db_link, $ticket;
|
||||
|
||||
// Process "From:" email
|
||||
$tmpvar['email'] = hesk_validateEmail($results['from'][0]['address'],'ERR',0);
|
||||
|
||||
// "From:" email missing or invalid?
|
||||
if ( ! $tmpvar['email'] )
|
||||
{
|
||||
return hesk_cleanExit();
|
||||
}
|
||||
|
||||
// Make sure the email isn't banned. If it is, just exit.
|
||||
$emailSql = 'SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` WHERE Email = \''.hesk_dbEscape($tmpvar['email']).'\'';
|
||||
if ($emailSql->num_rows > 0) {
|
||||
return hesk_cleanExit();
|
||||
}
|
||||
|
||||
// Process "From:" name, convert to UTF-8, set to "[Customer]" if not set
|
||||
$tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde'];
|
||||
if ( ! empty($results['from'][0]['encoding']) )
|
||||
{
|
||||
$tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']);
|
||||
}
|
||||
$tmpvar['name'] = hesk_input($tmpvar['name'],'','',1,50) or $tmpvar['name'] = $hesklang['pde'];
|
||||
|
||||
// Process "To:" email (not yet implemented, for future use)
|
||||
// $tmpvar['to_email'] = hesk_validateEmail($results['to'][0]['address'],'ERR',0);
|
||||
|
||||
// Process email subject, convert to UTF-8, set to "[Piped email]" if none set
|
||||
$tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem'];
|
||||
if ( ! empty($results['subject_encoding']) )
|
||||
{
|
||||
$tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']);
|
||||
}
|
||||
$tmpvar['subject'] = hesk_input($tmpvar['subject'],'','',1,70) or $tmpvar['subject'] = $hesklang['pem'];
|
||||
|
||||
// Process email message, convert to UTF-8
|
||||
$tmpvar['message'] = isset($results['message']) ? $results['message'] : '';
|
||||
if ( ! empty($results['encoding']) )
|
||||
{
|
||||
$tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']);
|
||||
}
|
||||
$tmpvar['message'] = hesk_input($tmpvar['message'],'','',1);
|
||||
|
||||
// Message missing? We require it!
|
||||
if ( ! $tmpvar['message'])
|
||||
{
|
||||
return hesk_cleanExit();
|
||||
}
|
||||
|
||||
// Strip quoted reply from email
|
||||
$tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']);
|
||||
|
||||
// Convert URLs to links, change newlines to <br />
|
||||
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
|
||||
$tmpvar['message'] = nl2br($tmpvar['message']);
|
||||
|
||||
# For debugging purposes
|
||||
# die( bin2hex($tmpvar['message']) );
|
||||
# die($tmpvar['message']);
|
||||
|
||||
// Try to detect "delivery failed" and "noreply" emails - ignore if detected
|
||||
if ( hesk_isReturnedEmail($tmpvar) )
|
||||
{
|
||||
return hesk_cleanExit();
|
||||
}
|
||||
|
||||
// Check for email loops
|
||||
if ( hesk_isEmailLoop($tmpvar['email'], md5($tmpvar['message']) ) )
|
||||
{
|
||||
return hesk_cleanExit();
|
||||
}
|
||||
|
||||
// OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket
|
||||
if ( preg_match('/\[#([A-Z0-9]{3}\-[A-Z0-9]{3}\-[A-Z0-9]{4})\]/', str_replace(' ', '', $tmpvar['subject']), $matches) )
|
||||
{
|
||||
// We found a possible tracking ID
|
||||
$tmpvar['trackid'] = $matches[1];
|
||||
|
||||
// Does it match one in the database?
|
||||
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($tmpvar['trackid'])."' LIMIT 1");
|
||||
if (hesk_dbNumRows($res))
|
||||
{
|
||||
$ticket = hesk_dbFetchAssoc($res);
|
||||
|
||||
// Do email addresses match?
|
||||
if ( strpos( strtolower($ticket['email']), strtolower($tmpvar['email']) ) === false )
|
||||
{
|
||||
$tmpvar['trackid'] = '';
|
||||
}
|
||||
|
||||
// Is this ticket locked? Force create a new one if it is
|
||||
if ($ticket['locked'])
|
||||
{
|
||||
$tmpvar['trackid'] = '';
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$tmpvar['trackid'] = '';
|
||||
}
|
||||
}
|
||||
|
||||
// If tracking ID is empty, generate a new one
|
||||
if ( empty($tmpvar['trackid']) )
|
||||
{
|
||||
$tmpvar['trackid'] = hesk_createID();
|
||||
$is_reply = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
$is_reply = 1;
|
||||
}
|
||||
|
||||
// Process attachments
|
||||
$tmpvar['attachmment_notices'] = '';
|
||||
$tmpvar['attachments'] = '';
|
||||
$num = 0;
|
||||
if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0]))
|
||||
{
|
||||
#print_r($results['attachments']);
|
||||
|
||||
foreach ($results['attachments'] as $k => $v)
|
||||
{
|
||||
|
||||
// Clean attachment names
|
||||
$myatt['real_name'] = hesk_cleanFileName($v['orig_name']);
|
||||
|
||||
// Check number of attachments, delete any over max number
|
||||
if ($num >= $hesk_settings['attachments']['max_number'])
|
||||
{
|
||||
$tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n";
|
||||
continue;
|
||||
}
|
||||
|
||||
// Check file extension
|
||||
$ext = strtolower(strrchr($myatt['real_name'], "."));
|
||||
if (!in_array($ext,$hesk_settings['attachments']['allowed_types']))
|
||||
{
|
||||
$tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n";
|
||||
continue;
|
||||
}
|
||||
|
||||
// Check file size
|
||||
$myatt['size'] = $v['size'];
|
||||
if ($myatt['size'] > ($hesk_settings['attachments']['max_size']))
|
||||
{
|
||||
$tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n";
|
||||
continue;
|
||||
}
|
||||
|
||||
// Generate a random file name
|
||||
$useChars='AEUYBDGHJLMNPQRSTVWXZ123456789';
|
||||
$tmp = $useChars{mt_rand(0,29)};
|
||||
for($j=1;$j<10;$j++)
|
||||
{
|
||||
$tmp .= $useChars{mt_rand(0,29)};
|
||||
}
|
||||
$myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext;
|
||||
|
||||
// Rename the temporary file
|
||||
rename($v['stored_name'],HESK_PATH.$hesk_settings['attach_dir'].'/'.$myatt['saved_name']);
|
||||
|
||||
// Insert into database
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($tmpvar['trackid'])."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')");
|
||||
$tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] .',';
|
||||
|
||||
$num++;
|
||||
}
|
||||
|
||||
if (strlen($tmpvar['attachmment_notices']))
|
||||
{
|
||||
$tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'],'','',1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'],'','',1));
|
||||
}
|
||||
}
|
||||
|
||||
// Delete the temporary files
|
||||
deleteAll($results['tempdir']);
|
||||
|
||||
// If this is a reply add a new reply
|
||||
if ($is_reply)
|
||||
{
|
||||
// Set last replier name to customer name
|
||||
$ticket['lastreplier'] = ($tmpvar['name'] == $hesklang['pde']) ? $tmpvar['email'] : $tmpvar['name'];;
|
||||
|
||||
// If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff"
|
||||
$ticket['status'] = $ticket['status'] ? 1 : 0;
|
||||
|
||||
// Update ticket as necessary
|
||||
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`lastreplier`='0' WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
|
||||
|
||||
// Insert reply into database
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($ticket['lastreplier'])."','".hesk_dbEscape($tmpvar['message'])."',NOW(),'".hesk_dbEscape($tmpvar['attachments'])."')");
|
||||
|
||||
// --> Prepare reply message
|
||||
|
||||
// 1. Generate the array with ticket info that can be used in emails
|
||||
$info = array(
|
||||
'email' => $ticket['email'],
|
||||
'category' => $ticket['category'],
|
||||
'priority' => $ticket['priority'],
|
||||
'owner' => $ticket['owner'],
|
||||
'trackid' => $ticket['trackid'],
|
||||
'status' => $ticket['status'],
|
||||
'name' => $ticket['name'],
|
||||
'lastreplier' => $ticket['lastreplier'],
|
||||
'subject' => $ticket['subject'],
|
||||
'message' => stripslashes($tmpvar['message']),
|
||||
'attachments' => $tmpvar['attachments'],
|
||||
'dt' => hesk_date($ticket['dt'], true),
|
||||
'lastchange' => hesk_date($ticket['lastchange'], true),
|
||||
);
|
||||
|
||||
// 2. Add custom fields to the array
|
||||
foreach ($hesk_settings['custom_fields'] as $k => $v)
|
||||
{
|
||||
$info[$k] = $v['use'] ? $ticket[$k] : '';
|
||||
}
|
||||
|
||||
// 3. Make sure all values are properly formatted for email
|
||||
$ticket = hesk_ticketToPlain($info, 1, 0);
|
||||
|
||||
// --> Process custom fields before sending
|
||||
foreach ($hesk_settings['custom_fields'] as $k => $v)
|
||||
{
|
||||
$ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : '';
|
||||
}
|
||||
|
||||
// --> If ticket is assigned just notify the owner
|
||||
if ($ticket['owner'])
|
||||
{
|
||||
hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
|
||||
}
|
||||
// --> No owner assigned, find and notify appropriate staff
|
||||
else
|
||||
{
|
||||
hesk_notifyStaff('new_reply_by_customer',"`notify_reply_unassigned`='1'");
|
||||
}
|
||||
|
||||
return $ticket['trackid'];
|
||||
|
||||
} // END REPLY
|
||||
|
||||
// Not a reply, but a new ticket. Add it to the database
|
||||
$tmpvar['category'] = 1;
|
||||
$tmpvar['priority'] = 3;
|
||||
$_SERVER['REMOTE_ADDR'] = $hesklang['unknown'];
|
||||
|
||||
// Auto assign tickets if aplicable
|
||||
$tmpvar['owner'] = 0;
|
||||
$tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date());
|
||||
|
||||
$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
|
||||
|
||||
#print_r($autoassign_owner);
|
||||
|
||||
if ($autoassign_owner)
|
||||
{
|
||||
$tmpvar['owner'] = $autoassign_owner['id'];
|
||||
$tmpvar['history'] .= sprintf($hesklang['thist10'],hesk_date(),$autoassign_owner['name'].' ('.$autoassign_owner['user'].')');
|
||||
}
|
||||
|
||||
// Custom fields will be empty as there is no reliable way of detecting them
|
||||
foreach ($hesk_settings['custom_fields'] as $k=>$v)
|
||||
{
|
||||
$tmpvar[$k] = '';
|
||||
}
|
||||
|
||||
// Insert ticket to database
|
||||
$ticket = hesk_newTicket($tmpvar);
|
||||
|
||||
// Notify the customer
|
||||
hesk_notifyCustomer();
|
||||
|
||||
// Need to notify staff?
|
||||
// --> From autoassign?
|
||||
if ($tmpvar['owner'] && $autoassign_owner['notify_assigned'])
|
||||
{
|
||||
hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
|
||||
}
|
||||
// --> No autoassign, find and notify appropriate staff
|
||||
elseif ( ! $tmpvar['owner'] )
|
||||
{
|
||||
hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' ");
|
||||
}
|
||||
|
||||
return $ticket['trackid'];
|
||||
} // END hesk_email2ticket()
|
||||
|
||||
|
||||
function hesk_encodeUTF8($in, $encoding)
|
||||
{
|
||||
$encoding = strtoupper($encoding);
|
||||
|
||||
switch($encoding)
|
||||
{
|
||||
case 'UTF-8':
|
||||
return $in;
|
||||
break;
|
||||
case 'ISO-8859-1':
|
||||
return utf8_encode($in);
|
||||
break;
|
||||
default:
|
||||
return iconv($encoding, 'UTF-8', $in);
|
||||
break;
|
||||
}
|
||||
} // END hesk_encodeUTF8()
|
||||
|
||||
|
||||
function hesk_stripQuotedText($message)
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
// Stripping quoted text disabled?
|
||||
if ( ! $hesk_settings['strip_quoted'])
|
||||
{
|
||||
return $message;
|
||||
}
|
||||
|
||||
// Loop through available languages and ty to find the tag
|
||||
foreach ($hesk_settings['languages'] as $language => $settings)
|
||||
{
|
||||
if ( ($found = strpos($message, $settings['hr']) ) !== false )
|
||||
{
|
||||
// "Reply above this line" tag found, strip quoted reply
|
||||
$message = substr($message, 0, $found);
|
||||
$message .= "\n" . $hesklang['qrr'];
|
||||
|
||||
// Set language to the detected language
|
||||
hesk_setLanguage($language);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return $message;
|
||||
} // END hesk_stripQuotedText()
|
||||
|
||||
|
||||
function hesk_isReturnedEmail($tmpvar)
|
||||
{
|
||||
// Check noreply email addresses
|
||||
if ( preg_match('/not?[\-_]reply@/i', $tmpvar['email']) )
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// Check mailer daemon email addresses
|
||||
if ( preg_match('/mail(er)?[\-_]daemon@/i', $tmpvar['email']) )
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// Check autoreply subjects
|
||||
if ( preg_match('/^[\[\(]?Auto(mat(ic|ed))?[ \-]?reply/i', $tmpvar['subject']) )
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// Check out of office subjects
|
||||
if ( preg_match('/^Out of Office/i', $tmpvar['subject']) )
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// Check delivery failed email subjects
|
||||
if (
|
||||
preg_match('/DELIVERY FAILURE/i', $tmpvar['subject']) ||
|
||||
preg_match('/Undelivered Mail Returned to Sender/i', $tmpvar['subject']) ||
|
||||
preg_match('/Delivery Status Notification \(Failure\)/i', $tmpvar['subject']) ||
|
||||
preg_match('/Returned mail\: see transcript for details/i', $tmpvar['subject'])
|
||||
)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// Check Mail Delivery sender name
|
||||
if ( preg_match('/Mail[ \-_]?Delivery/i', $tmpvar['name']) )
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// Check Delivery failed message
|
||||
if ( preg_match('/postmaster@/i', $tmpvar['email']) && preg_match('/Delivery has failed to these recipients/i', $tmpvar['message']) )
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// No pattern detected, seems like this is not a returned email
|
||||
return false;
|
||||
|
||||
} // END hesk_isReturnedEmail()
|
||||
|
||||
|
||||
function hesk_isEmailLoop($email, $message_hash)
|
||||
{
|
||||
global $hesk_settings, $hesklang, $hesk_db_link;
|
||||
|
||||
// If $hesk_settings['loop_hits'] is set to 0 this function is disabled
|
||||
if ( ! $hesk_settings['loop_hits'])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// Escape wildcards in email
|
||||
$email_like = hesk_dbEscape(hesk_dbLike($email));
|
||||
|
||||
// Delete expired DB entries
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` WHERE `dt` < (NOW() - INTERVAL ".intval($hesk_settings['loop_time'])." SECOND) ");
|
||||
|
||||
// Check current entry
|
||||
$res = hesk_dbQuery("SELECT `hits`, `message_hash` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` WHERE `email` LIKE '{$email_like}' LIMIT 1");
|
||||
|
||||
// Any active entry*
|
||||
if (hesk_dbNumRows($res))
|
||||
{
|
||||
list($num, $md5) = hesk_dbFetchRow($res);
|
||||
|
||||
$num++;
|
||||
|
||||
// Number of emails in a time period reached?
|
||||
if ($num >= $hesk_settings['loop_hits'])
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// Message exactly the same as in previous email?
|
||||
if ($message_hash == $md5)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// Update DB entry
|
||||
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '".hesk_dbEscape($message_hash)."' WHERE `email` LIKE '{$email_like}' LIMIT 1");
|
||||
}
|
||||
else
|
||||
{
|
||||
// First instance, insert a new database row
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` (`email`, `message_hash`) VALUES ('".hesk_dbEscape($email)."', '".hesk_dbEscape($message_hash)."')");
|
||||
}
|
||||
|
||||
// No loop rule trigered
|
||||
return false;
|
||||
|
||||
} // END hesk_isEmailLoop()
|
||||
|
||||
|
||||
function hesk_cleanExit()
|
||||
{
|
||||
global $results;
|
||||
|
||||
// Delete the temporary files
|
||||
deleteAll($results['tempdir']);
|
||||
|
||||
// Return NULL
|
||||
return NULL;
|
||||
} // END hesk_cleanExit()
|
@ -1,177 +0,0 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.5.5 from 5th August 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
/* Check if this is a valid include */
|
||||
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
|
||||
|
||||
$tmp = intval( hesk_GET('limit') );
|
||||
$maxresults = ($tmp > 0) ? $tmp : $hesk_settings['max_listings'];
|
||||
|
||||
$tmp = intval( hesk_GET('page', 1) );
|
||||
$page = ($tmp > 1) ? $tmp : 1;
|
||||
|
||||
/* Acceptable $sort values and default asc(1)/desc(0) setting */
|
||||
$sort_possible = array(
|
||||
'trackid' => 1,
|
||||
'lastchange' => 0,
|
||||
'name' => 1,
|
||||
'subject' => 1,
|
||||
'status' => 1,
|
||||
'lastreplier' => 1,
|
||||
'priority' => 1,
|
||||
'category' => 1,
|
||||
'dt' => 0,
|
||||
'id' => 1,
|
||||
'owner' => 1,
|
||||
'custom1' => 1,
|
||||
'custom2' => 1,
|
||||
'custom3' => 1,
|
||||
'custom4' => 1,
|
||||
'custom5' => 1,
|
||||
'custom6' => 1,
|
||||
'custom7' => 1,
|
||||
'custom8' => 1,
|
||||
'custom9' => 1,
|
||||
'custom10' => 1,
|
||||
'custom11' => 1,
|
||||
'custom12' => 1,
|
||||
'custom13' => 1,
|
||||
'custom14' => 1,
|
||||
'custom15' => 1,
|
||||
'custom16' => 1,
|
||||
'custom17' => 1,
|
||||
'custom18' => 1,
|
||||
'custom19' => 1,
|
||||
'custom20' => 1
|
||||
);
|
||||
|
||||
/* These values should have collate appended in SQL */
|
||||
$sort_collation = array(
|
||||
'name',
|
||||
'subject',
|
||||
);
|
||||
|
||||
/* Acceptable $group values and default asc(1)/desc(0) setting */
|
||||
$group_possible = array(
|
||||
'owner' => 1,
|
||||
'priority' => 1,
|
||||
'category' => 1,
|
||||
);
|
||||
|
||||
/* Start the order by part of the SQL query */
|
||||
$sql .= " ORDER BY ";
|
||||
|
||||
/* Group tickets? Default: no */
|
||||
if (isset($_GET['g']) && ! is_array($_GET['g']) && isset($group_possible[$_GET['g']]))
|
||||
{
|
||||
$group = hesk_input($_GET['g']);
|
||||
|
||||
if ($group == 'priority' && isset($_GET['sort']) && ! is_array($_GET['sort']) && $_GET['sort'] == 'priority')
|
||||
{
|
||||
// No need to group by priority if we are already sorting by priority
|
||||
}
|
||||
elseif ($group == 'owner')
|
||||
{
|
||||
// If group by owner place own tickets on top
|
||||
$sql .= " CASE WHEN `owner` = '".intval($_SESSION['id'])."' THEN 1 ELSE 0 END DESC, `owner` ASC, ";
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql .= ' `'.hesk_dbEscape($group).'` ';
|
||||
$sql .= $group_possible[$group] ? 'ASC, ' : 'DESC, ';
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$group = '';
|
||||
}
|
||||
|
||||
|
||||
/* Show critical tickets always on top? Default: yes */
|
||||
$cot = (isset($_GET['cot']) && intval($_GET['cot']) == 1) ? 1 : 0;
|
||||
if (!$cot)
|
||||
{
|
||||
$sql .= " CASE WHEN `priority` = '0' THEN 1 ELSE 0 END DESC , ";
|
||||
}
|
||||
|
||||
/* Sort by which field? */
|
||||
if (isset($_GET['sort']) && ! is_array($_GET['sort']) && isset($sort_possible[$_GET['sort']]))
|
||||
{
|
||||
$sort = hesk_input($_GET['sort']);
|
||||
|
||||
$sql .= $sort == 'lastreplier' ? " CASE WHEN `lastreplier` = '0' THEN 0 ELSE 1 END DESC, COALESCE(`replierid`, NULLIF(`lastreplier`, '0'), `name`) " : ' `'.hesk_dbEscape($sort).'` ';
|
||||
|
||||
// Need to set MySQL collation?
|
||||
if ( in_array($_GET['sort'], $sort_collation) )
|
||||
{
|
||||
$sql .= " COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Default sorting by ticket status */
|
||||
$sql .= ' `status` ';
|
||||
$sort = 'status';
|
||||
}
|
||||
|
||||
/* Ascending or Descending? */
|
||||
if (isset($_GET['asc']) && intval($_GET['asc'])==0)
|
||||
{
|
||||
$sql .= ' DESC ';
|
||||
$asc = 0;
|
||||
$asc_rev = 1;
|
||||
|
||||
$sort_possible[$sort] = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql .= ' ASC ';
|
||||
$asc = 1;
|
||||
$asc_rev = 0;
|
||||
if (!isset($_GET['asc']))
|
||||
{
|
||||
$is_default = 1;
|
||||
}
|
||||
|
||||
$sort_possible[$sort] = 0;
|
||||
}
|
||||
|
||||
/* In the end same results should always be sorted by priority */
|
||||
if ($sort != 'priority')
|
||||
{
|
||||
$sql .= ' , `priority` ASC ';
|
||||
}
|
||||
|
||||
# Uncomment for debugging purposes
|
||||
# echo "SQL: $sql<br>";
|
@ -0,0 +1,26 @@
|
||||
<?php
|
||||
define('IN_SCRIPT',1);
|
||||
define('HESK_PATH','../');
|
||||
require(HESK_PATH . 'install/install_functions.inc.php');
|
||||
require(HESK_PATH . 'hesk_settings.inc.php');
|
||||
|
||||
$updateSuccess = true;
|
||||
|
||||
hesk_dbConnect();
|
||||
hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` DROP COLUMN `note_id`");
|
||||
hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` DROP COLUMN `edit_date`");
|
||||
hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` DROP COLUMN `number_of_edits`");
|
||||
hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` DROP COLUMN `default_notify_customer_email`");
|
||||
|
||||
//TODO Migrate Mods for HESK Banned IPs / Emails to HESK 2.6.0's tables. Luckily the table names are different, so there won't be a problem when HESK tries to install.
|
||||
|
||||
hesk_dbQuery("DROP TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."denied_ips`");
|
||||
hesk_dbQuery("DROP TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."denied_emails`");
|
||||
|
||||
if ($updateSuccess) {
|
||||
?>
|
||||
|
||||
<h1>Installation / Update complete!</h1>
|
||||
<p>Please delete the <b>install</b> folder for security reasons, and then proceed back to the <a href="../">Help Desk</a></p>
|
||||
|
||||
<?php } ?>
|
@ -1,24 +0,0 @@
|
||||
<?php
|
||||
define('IN_SCRIPT',1);
|
||||
define('HESK_PATH','./');
|
||||
define('ON_MAINTENANCE_PAGE', 1);
|
||||
|
||||
// Get all the required files and functions
|
||||
require(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require(HESK_PATH . 'modsForHesk_settings.inc.php');
|
||||
require(HESK_PATH . 'inc/common.inc.php');
|
||||
require_once(HESK_PATH . 'inc/header.inc.php');
|
||||
if (!$modsForHesk_settings['maintenance_mode']) {
|
||||
//-- The user refreshed the maintenance page, but maintenance mode is off. Redirect them back to the index page.
|
||||
header('Location: '.HESK_PATH);
|
||||
}
|
||||
?>
|
||||
<div class="row">
|
||||
<div class="col-md-6 col-md-offset-3" style="padding-top: 30px; text-align: center;">
|
||||
<i class="fa fa-exclamation-triangle fa-5x" style="color: orange"></i><br>
|
||||
<p>The helpdesk is currently undergoing maintenance. Please come back later.</p>
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
require_once(HESK_PATH . 'inc/footer.inc.php');
|
||||
?>
|
Loading…
Reference in New Issue