Netsyms
/
Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #109 from mkoch227/remove-2-6-0-features

Browse Source 
Remove features that will be in HESK 2.6.0
merge-requests/2/head
Mike Koch 9 years ago
parent be48540bf1 333789961e
commit 704236ee31
24 changed files with 65 additions and 2129 deletions
Show Stats Download Patch File Download Diff File

4
.gitignore vendored
Unescape Escape View File

@ -11,6 +11,7 @@ docs/docs_style.css
docs/index.html
docs/quick-guide.html
docs/step-by-step-guide.html
download_attachment.php
file_limits.php
footer.txt
header.txt
@ -146,6 +147,7 @@ img/tag_off.png
img/unlock.png
img/vertical.jpg
img/view.png
inc/admin_functions.inc.php
inc/assignment_search.inc.php
inc/attachments.inc.php
inc/calendar/img/cal.gif
@ -178,8 +180,10 @@ inc/mail/sasl/ntlm_sasl_client.php
inc/mail/sasl/plain_sasl_client.php
inc/mail/sasl/sasl.php
inc/mail/smtp.php
inc/pipe_functions.inc.php
inc/posting_functions.inc.php
inc/prepare_ticket_export.inc.php
inc/prepare_ticket_search.inc.php
inc/print_group.inc.php
inc/recaptcha/LICENSE
inc/recaptcha/index.htm

88
admin/admin_settings.php
Unescape Escape View File

@ -484,7 +484,6 @@ if ( defined('HESK_DEMO') )
<li><a href="#mods-for-hesk-general" data-toggle="tab"><?php echo $hesklang['tab_1']; ?></a></li>
<li><a href="#statuses" data-toggle="tab"><?php echo $hesklang['statuses']; ?></a></li>
<li><a href="#colors" data-toggle="tab"><?php echo $hesklang['uiColors']; ?></a></li>
<li><a href="#ipEmailBans" data-toggle="tab"><?php echo $hesklang['ip_email_bans']; ?></a></li>
</ul>
</li>
</ul>
@ -1843,20 +1842,6 @@ if ( defined('HESK_DEMO') )
</div>
</div>
</div>
<div class="form-group">
<label for="maintenance-mode" class="col-sm-4 col-xs-12 control-label"><?php echo $hesklang['maintenanceMode']; ?>
<i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
title="<?php echo $hesklang['maintenanceMode']; ?>"
data-content="<?php echo $hesklang['maintenanceModeHelp']; ?>"></i>
</label>
<div class="col-sm-8 col-xs-12">
<div class="checkbox">
<label>
<input id="maintenance-mode" name="maintenance-mode" type="checkbox" <?php if ($modsForHesk_settings['maintenance_mode']) {echo 'checked';} ?>> <?php echo $hesklang['enable_maintenance']; ?>
</label>
</div>
</div>
</div>
<div class="form-group">
<label for="email-verification" class="col-sm-4 col-xs-12 control-label"><?php echo $hesklang['customer_email_verification']; ?>
<i class="fa fa-question-circle settingsquestionmark" data-toggle="htmlpopover"
@ -2213,77 +2198,6 @@ if ( defined('HESK_DEMO') )
</div>
</div>
</div>
</div>
<!-- Mods For Hesk: IP/Email Bans -->
<div class="tab-pane fade in" id="ipEmailBans">
<h6 style="font-weight: bold"><?php echo $hesklang['ip_bans']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<div class="table-responsive">
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['delete']; ?></th>
<th><?php echo $hesklang['from']; ?></th>
<th><?php echo $hesklang['ip_to']; ?></th>
</tr>
</thead>
<tbody>
<?php
$ipRs= hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_ips`');
while ($row = $ipRs->fetch_assoc()) {
echo '<tr id="trIp'.$row['ID'].'">';
echo '<td><input type="checkbox" name="ipDelete['.$row['ID'].']" onclick="toggleRow(\'trIp'.$row['ID'].'\')"></td>';
echo '<td><input type="text" name="ipFrom['.$row['ID'].']" placeholder="'.$hesklang['from'].'" class="form-control" value="'.long2ip($row['RangeStart']).'"></td>';
echo '<td><input type="text" name="ipTo['.$row['ID'].']" placeholder="'.$hesklang['ip_to'].'" class="form-control" value="'.long2ip($row['RangeEnd']).'"></td>';
echo '</tr>';
}
?>
<tr class="info">
<!-- Add new IP range -->
<td><b><?php echo $hesklang['addNew']; ?></b></td>
<td>
<input type="text" name="addIpFrom" placeholder="<?php echo $hesklang['from']; ?>" class="form-control">
</td>
<td>
<input type="text" name="addIpTo" placeholder="<?php echo $hesklang['ip_to']; ?>" class="form-control">
</td>
</tr>
</tbody>
</table>
</div>
<div class="blankSpace"></div>
<h6 style="font-weight: bold"><?php echo $hesklang['email_bans']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<div class="table-responsive">
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['delete']; ?></th>
<th><?php echo $hesklang['email']; ?></th>
</tr>
</thead>
<tbody>
<?php
$emailRs = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_emails`');
while ($row = $emailRs->fetch_assoc()) {
echo '<tr id="trEmail'.$row['ID'].'">';
echo '<td><input type="checkbox" name="emailDelete['.$row['ID'].']" onclick="toggleRow(\'trEmail'.$row['ID'].'\')"></td>';
echo '<td><input type="text" name="email['.$row['ID'].']" class="form-control" placeholder="'.$hesklang['email'].'" value="'.$row['Email'].'"></td>';
echo '</tr>';
}
?>
<!-- Add new email -->
<tr class="info">
<td><b><?php echo $hesklang['addNew']; ?></b></td>
<td>
<input type="text" name="addEmail" class="form-control" placeholder="<?php echo $hesklang['email']; ?>">
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="form-group">
<div class="col-sm-9 col-sm-offset-3">
@ -2298,7 +2212,7 @@ if ( defined('HESK_DEMO') )
{
echo '<input type="button" value="'.$hesklang['save_changes'].' ('.$hesklang['disabled'].')" class="btn btn-default" disabled="disabled" /><br /><font class="error">'.$hesklang['e_save_settings'].'</font>';
}
?>
?>
</div>
</div>
</div>

41
admin/admin_settings_save.php
Unescape Escape View File

@ -496,48 +496,11 @@ $stmt = hesk_dbConnect()->prepare($updateQuery);
$stmt->bind_param('i', $_POST['lockedTicketStatus']);
$stmt->execute();
//-- IP Bans
$ipBanSql = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_ips`');
while ($row = $ipBanSql->fetch_assoc()) {
if (isset($_POST['ipDelete'][$row['ID']])) {
hesk_dbQuery('DELETE FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` WHERE ID = '.hesk_dbEscape($row['ID']));
} else {
$ipAddressFrom = ip2long($_POST['ipFrom'][$row['ID']]);
$ipAddressTo = ip2long($_POST['ipTo'][$row['ID']]);
hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips`
SET `RangeStart` = \''.hesk_dbEscape($ipAddressFrom).'\',
`RangeEnd` = \''.hesk_dbEscape($ipAddressTo).'\'
WHERE ID = '.hesk_dbEscape($row['ID']));
}
}
if (!empty($_POST['addIpFrom']) && !empty($_POST['addIpTo'])) {
$ipAddressFrom = ip2long($_POST['addIpFrom']);
$ipAddressTo = ip2long($_POST['addIpTo']);
hesk_dbQuery('INSERT INTO `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` (`RangeStart`, `RangeEnd`)
VALUES (\''.hesk_dbEscape($ipAddressFrom).'\', \''.hesk_dbEscape($ipAddressTo).'\')');
}
//-- Email Bans
$emailBanSql = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails`');
while ($row = $emailBanSql->fetch_assoc()) {
if (isset($_POST['emailDelete'][$row['ID']])) {
hesk_dbQuery('DELETE FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` WHERE ID = '.hesk_dbEscape($row['ID']));
} else {
hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails`
SET Email = \''.hesk_dbEscape($_POST['email'][$row['ID']]).'\'
WHERE ID = '.hesk_dbEscape($row['ID']));
}
}
if (!empty($_POST['addEmail'])) {
hesk_dbQuery('INSERT INTO `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` (Email) VALUES (\''.hesk_dbEscape($_POST['addEmail']).'\')');
}
$set['hesk_version'] = $hesk_settings['hesk_version'];
// Save the modsForHesk_settings.inc.php file
$set['rtl'] = empty($_POST['rtl']) ? 0 : 1;
$set['show-icons'] = empty($_POST['show-icons']) ? 0 : 1;
$set['maintenance-mode'] = empty($_POST['maintenance-mode']) ? 0 : 1;
$set['custom-field-setting'] = empty($_POST['custom-field-setting']) ? 0 : 1;
$set['customer-email-verification-required'] = empty($_POST['email-verification']) ? 0 : 1;
@ -546,7 +509,6 @@ if ($set['customer-email-verification-required'])
//-- Don't allow multiple emails if verification is required
$set['multi_eml'] = 0;
}
$set['navbarBackgroundColor'] = hesk_input(hesk_POST('navbarBackgroundColor'));
$set['navbarBrandColor'] = hesk_input(hesk_POST('navbarBrandColor'));
$set['navbarBrandHoverColor'] = hesk_input(hesk_POST('navbarBrandHoverColor'));
@ -579,9 +541,6 @@ $modsForHesk_settings[\'rtl\'] = '.$set['rtl'].';
//-- Set this to 1 to show icons next to navigation menu items
$modsForHesk_settings[\'show_icons\'] = '.$set['show-icons'].';
//-- Set this to 1 to enable maintenance mode
$modsForHesk_settings[\'maintenance_mode\'] = '.$set['maintenance-mode'].';
//-- Set this to 1 to enable custom field names as keys
$modsForHesk_settings[\'custom_field_setting\'] = '.$set['custom-field-setting'].';

173
admin/admin_ticket.php
Unescape Escape View File

@ -39,7 +39,6 @@ define('HESK_PATH','../');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/posting_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -239,31 +238,7 @@ if (isset($_POST['notemsg']) && hesk_token_check('POST'))
{
/* Add note to database */
$msg = nl2br(hesk_makeURL($msg));
hesk_dbInsertID();
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`) VALUES ('".intval($ticket['id'])."','".intval($_SESSION['id'])."',NOW(),'".hesk_dbEscape($msg)."')");
$noteId = hesk_dbInsertID();
/* Upload attachments to database */
if ($hesk_settings['attachments']['use'])
{
require(HESK_PATH . 'inc/attachments.inc.php');
$attachments = array();
for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
{
$att = hesk_uploadFile($i);
if ($att !== false && !empty($att))
{
$attachments[$i] = $att;
}
}
}
if ($hesk_settings['attachments']['use'] && !empty($attachments))
{
foreach ($attachments as $myatt)
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`note_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($noteId)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')");
}
}
/* Notify assigned staff that a note has been added if needed */
@ -427,63 +402,6 @@ if (isset($_GET['delatt']) && hesk_token_check())
hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
}
/* Delete note attachment option */
if (isset($_GET['delete-note-att']) && hesk_token_check()) {
if ( ! $can_delete || ! $can_edit)
{
hesk_process_messages($hesklang['no_permission'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
}
$att_id = intval( hesk_GET('delete-note-att') ) or hesk_error($hesklang['inv_att_id']);
$reply = intval( hesk_GET('reply', 0) );
if ($reply < 1)
{
$reply = 0;
}
/* Get attachment info */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
hesk_process_messages($hesklang['id_not_valid'].' (att_id)','admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
}
$att = hesk_dbFetchAssoc($res);
/* Is note ID valid for this attachment? */
if (!isset($_GET['note_id']) || $att['note_id'] != $_GET['note_id'])
{
hesk_process_messages($hesklang['trackID_not_found'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
}
/* Delete file from server */
hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$att['saved_name']);
/* Delete attachment from database */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."'");
hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
}
if (isset($_POST['note_message'])) {
$n = $_POST['note_id'];
if ($can_del_notes)
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes`
SET `edit_date` = NOW(), `message` = '".hesk_dbEscape($_POST['note_message'])."', `number_of_edits` = `number_of_edits` + 1
WHERE `id`='".intval($n)."' LIMIT 1");
}
else
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes`
SET `edit_date` = NOW(), `message` = '".hesk_dbEscape($_POST['note_message'])."', `number_of_edits` = `number_of_edits` + 1
WHERE `id`='".intval($n)."' AND `who`='".intval($_SESSION['id'])."' LIMIT 1");
}
hesk_process_messages($hesklang['note_edit_successful'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
}
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
@ -897,48 +815,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
{
?>
<div class="row">
<div class="col-md-12 alert-warning" style="padding-top: 5px;">
<?php if ($can_del_notes || $note['who'] == $_SESSION['id']) { ?>
<div class="btn-group btn-group-sm float-right-sm" role="group" style="padding-top: 5px; padding-bottom: 5px;">
<a class="btn btn-danger"
href="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;delnote=<?php echo $note['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['delnote']).'?'; ?>');">
<i class="fa fa-times"></i> <?php echo $hesklang['delete']; ?>
</a>&nbsp;
<a class="btn btn-warning"
href="javascript:void(0)" onclick="toggleNote(<?php echo $note['id']; ?>, true)">
<i class="fa fa-pencil"></i> <?php echo $hesklang['edit']; ?>
</a>
</div>
<?php }?>
<div class="col-md-12 alert-warning">
<?php if ($can_del_notes || $note['who'] == $_SESSION['id']) { ?><p><a href="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;delnote=<?php echo $note['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['delnote']).'?'; ?>');"><i class="fa fa-times"></i> Delete Note</a></p><?php }?>
<p><i><?php echo $hesklang['noteby']; ?> <b><?php echo ($note['name'] ? $note['name'] : $hesklang['e_udel']); ?></b></i> - <?php echo hesk_date($note['dt']); ?></p>
<div class="row" style="margin-top: 23px;">
<div class="col-md-7">
<p id="note-<?php echo $note['id']; ?>-p"><?php echo $note['message']; ?></p>
<form style="display: none" id="note-<?php echo $note['id']; ?>-form" role="form" method="post"
action="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;token=<?php hesk_token_echo(); ?>">
<textarea style="margin-bottom: 5px;" class="form-control" id="note-<?php echo $note['id']; ?>-textarea" name="note_message"><?php echo $note['message']; ?></textarea>
<input type="hidden" name="note_id" value="<?php echo $note['id']; ?>">
<button style="margin-bottom: 5px;" class="btn btn-success btn-sm" type="submit"><i class="fa fa-check"></i> <?php echo $hesklang['save']; ?></button>
<a style="margin-bottom: 5px;" class="btn btn-danger btn-sm" href="javascript:void(0)" onclick="toggleNote(<?php echo $note['id']; ?>, false)">
<i class="fa fa-times"></i> <?php echo $hesklang['cancel']; ?>
</a>
</form>
</div>
<div class="col-md-4">
<?php
$noteAttachmentRS = hesk_dbQuery("SELECT `att_id`, `real_name`, `note_id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `note_id` = ".intval($note['id']));
while ($noteAttachment = hesk_dbFetchAssoc($noteAttachmentRS)) {
echo '<a href="admin_ticket.php?delete-note-att='.$noteAttachment['att_id'].'&amp;note_id='.$noteAttachment['note_id'].'&amp;track='.$trackingID.'&amp;'.$tmp.'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['pda']).'\');"><i class="fa fa-times" style="color: #FF0000"></i></a>
<a href="../download_attachment.php?att_id='.$noteAttachment['att_id'].'&amp;note='.$noteAttachment['note_id'].'"><i class="fa fa-paperclip"></i></a>
<a href="../download_attachment.php?att_id='.$noteAttachment['att_id'].'&amp;note='.$noteAttachment['note_id'].'">'.$noteAttachment['real_name'].'</a><br />';
} ?>
</div>
</div>
<?php if ($note['number_of_edits'] > 0) { ?>
<p><i><?php echo sprintf($hesklang['note_last_edit'], hesk_date($note['edit_date'])); echo ' | '.sprintf($hesklang['total_number_of_edits'], $note['number_of_edits']); ?></i></p>
<?php } ?>
<p><?php echo $note['message']; ?></p>
</div>
</div>
<?php
@ -946,6 +826,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row">
<div class="col-md-12">
<b><i><?php echo $hesklang['notes']; ?>: </i></b>
<?php
if ($can_reply)
{
@ -956,35 +837,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div id="notesform" style="display:none">
<form method="post" action="admin_ticket.php" style="margin:0px; padding:0px;" enctype="multipart/form-data">
<div class="row" style="margin-bottom: 10px;">
<div class="col-md-7">
<h5><?php echo $hesklang['message']; ?></h5>
<div class="footerWithBorder" style="margin-bottom: 10px;"></div>
<textarea class="form-control" name="notemsg" rows="6" cols="60"></textarea>
</div>
<div class="col-md-5">
<h5><?php echo $hesklang['attachments']; ?></h5>
<div class="footerWithBorder" style="margin-bottom: 10px;"></div>
<span style="display: none" id="number-of-file-dialogs">2</span>
<div id="files-for-notes">
<?php for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
{
echo '<input type="file" name="attachment['.$i.']" size="50" /><br />';
}
echo '<a href="Javascript:void(0)" onclick="Javascript:hesk_window(\'../file_limits.php\',250,500);return false;">' . $hesklang['ful'] . '</a>';
?>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['s']; ?>" /><input type="hidden" name="track" value="<?php echo $trackingID; ?>" />
<i><?php echo $hesklang['nhid']; ?></i>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
</div>
</div>
<form method="post" action="admin_ticket.php" style="margin:0px; padding:0px;">
<textarea class="form-control" name="notemsg" rows="6" cols="60"></textarea><br />
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['s']; ?>" /><input type="hidden" name="track" value="<?php echo $trackingID; ?>" />
<i><?php echo $hesklang['nhid']; ?></i>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
</form>
</div>
</div>
@ -1020,7 +877,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<div class="col-md-3 col-xs-12">
<div class="ticketName"><?php echo $ticket['name']; ?></div>
<div class="ticketEmail"><?php echo $ticket['email']; ?></div>
<div class="ticketEmail"><?php echo $hesklang['ip']; ?>: <?php echo '<a href="http://whois.domaintools.com/'.$ticket['ip'].'">'.$ticket['ip'].'</a>'; ?></div>
<div class="ticketEmail"><?php echo $hesklang['ip']; ?>: <?php echo $ticket['ip']; ?></div>
</div>
<div class="col-md-9 col-xs-12 pushMarginLeft">
<div class="ticketMessageTop withBorder">
@ -1543,12 +1400,10 @@ function hesk_printReplyForm() {
</select></div><br />
<label><input type="checkbox" name="signature" value="1" checked="checked" /> <?php echo $hesklang['attach_sign']; ?></label>
(<a href="profile.php"><?php echo $hesklang['profile_settings']; ?></a>)<br />
<?php if (empty($ticket['email'])) { ?>
<label><input type="checkbox" name="no_notify" value="1" checked="checked" disabled> <?php echo $hesklang['dsen']; ?></label><br/><br/>
<input type="hidden" name="no_notify" value="1">
<?php } else { ?>
<label><input type="checkbox" name="no_notify" value="1" <?php if (!$_SESSION['default_notify_customer_email']) { echo 'checked'; } ?>> <?php echo $hesklang['dsen']; ?></label><br/><br/>
<?php } ?>
<label><input type="checkbox" name="no_notify" value="1" <?php if (empty($ticket['email'])) { echo 'checked="checked" disabled'; } ?>> <?php echo $hesklang['dsen']; ?></label><br/><br/>
<?php if (empty($ticket['email'])) {
echo '<input type="hidden" name="no_notify" value="1">';
} ?>
<input type="hidden" name="orig_id" value="<?php echo $ticket['id']; ?>" />
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['submit_reply']; ?>" />

24
admin/change_status.php
Unescape Escape View File

@ -74,13 +74,6 @@ if ( ! isset($status_options[$status]))
$locked = 0;
// Ticket info
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
$statusRow = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE ID = ".$status));
if ($statusRow['IsClosed']) // Closed
{
@ -91,14 +84,6 @@ if ($statusRow['IsClosed']) // Closed
{
$locked = 1;
}
// Notify customer
require(HESK_PATH . 'inc/email_functions.inc.php');
if (!empty($ticket['email']))
{
hesk_notifyCustomer('ticket_closed');
}
}
elseif ($statusRow['ID'] != 0) //Ticket is still open, but not new
{
@ -111,15 +96,6 @@ else // Ticket is marked as "NEW"
$revision = sprintf($hesklang['thist4'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
}
//-- Notify staff after ticket re-open?
$currentStatusRS = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `ID` = '.$ticket['status']);
$currentStatus = hesk_dbFetchAssoc($currentStatusRS);
if (intval($currentStatus['IsClosed']) == 1 && $statusRow['IsClosed'] == 0 && $ticket['owner'] != $_SESSION['id']) {
$ticket['name'] = $_SESSION['name'];
require(HESK_PATH . 'inc/email_functions.inc.php');
hesk_notifyAssignedStaff(false, 'ticket_reopen_assigned');
}
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$status}', `locked`='{$locked}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");

2
admin/delete_tickets.php
Unescape Escape View File

@ -248,8 +248,6 @@ else
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='".$closedStatus['ID']."', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($this_id)."' LIMIT 1");
$i++;
hesk_notifyCustomer('ticket_closed');
}
hesk_process_messages(sprintf($hesklang['num_tickets_closed'],$i),$referer,'SUCCESS');

1
admin/index.php
Unescape Escape View File

@ -34,7 +34,6 @@
define('IN_SCRIPT',1);
define('HESK_PATH','../');
define('ON_LOGIN_PAGE',1);
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');

12
admin/profile.php
Unescape Escape View File

@ -256,14 +256,6 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
</div>
</div>
<div class="form-group">
<label for="default_notify_customer_email" class="col-sm-3 control-label"><?php echo $hesklang['notify_customer_email']; ?>:</label>
<div class="col-sm-9">
<div class="checkbox">
<label><input type="checkbox" name="default_notify_customer_email" value="1" <?php if (empty($_SESSION['new']['default_notify_customer_email'])) {echo 'checked="checked"';}?>> <?php echo $hesklang['notify_customer_email_text']; ?></label>
</div>
</div>
</div>
<?php } ?>
<div class="form-group">
<label for="autoRefresh" class="col-sm-3 control-label"><?php echo $hesklang['ticket_auto_refresh']; ?></label>
@ -449,7 +441,6 @@ function update_profile() {
$_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$_SESSION['new']['notify_note_unassigned'] = empty($_POST['notify_note_unassigned']) ? 0 : 1;
$_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
$_SESSION['new']['default_notify_customer_email'] = empty($_POST['default_notify_customer_email']) ? 1 : 0;
/* Any errors? */
if (strlen($hesk_error_buffer))
@ -480,8 +471,7 @@ function update_profile() {
`notify_assigned`='".intval($_SESSION['new']['notify_assigned'])."' ,
`notify_pm`='".intval($_SESSION['new']['notify_pm'])."',
`notify_note`='".intval($_SESSION['new']['notify_note'])."',
`notify_note_unassigned`='".intval($_SESSION['new']['notify_note_unassigned'])."',
`default_notify_customer_email`='".intval($_SESSION['new']['default_notify_customer_email'])."'
`notify_note_unassigned`='".intval($_SESSION['new']['notify_note_unassigned'])."'
WHERE `id`='".intval($_SESSION['id'])."' LIMIT 1"
);

6
css/hesk_newStyle.php
Unescape Escape View File

@ -359,12 +359,6 @@ div.setupButtons {
width: 90%;
}
@media (min-width: 768px) {
.float-right-sm {
float: right;
}
}
.white-readonly {
cursor: text !important;
background-color: #fff !important;

6
css/hesk_newStyleRTL.php
Unescape Escape View File

@ -356,10 +356,4 @@ div.setupButtons {
margin-right: auto;
margin-left: auto;
width: 90%;
}
@media (min-width: 768px) {
.float-right-sm {
float: left;
}
}

174
download_attachment.php
Unescape Escape View File

@ -1,174 +0,0 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.3 from 16th March 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT',1);
define('HESK_PATH','./');
// Get all the required files and functions
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
hesk_load_database_functions();
hesk_session_start();
// Knowledgebase attachments
if ( isset($_GET['kb_att']) )
{
// Attachment ID
$att_id = intval( hesk_GET('kb_att') ) or hesk_error($hesklang['id_not_valid']);
// Connect to database
hesk_dbConnect();
// Get attachment info
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
hesk_error($hesklang['id_not_valid'].' (att_id)');
}
$file = hesk_dbFetchAssoc($res);
// Is this person allowed access to this attachment?
$res = hesk_dbQuery("SELECT `t1`.`type` as `cat_type`, `t2`.`type` as `art_type`
FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t2`
JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t1`
ON `t2`.`catid` = `t1`.`id`
WHERE (`t2`.`attachments` LIKE '{$att_id}#%' OR `t2`.`attachments` LIKE '%,{$att_id}#%' )
LIMIT 1");
// If no attachment found, throw an error
if (hesk_dbNumRows($res) != 1)
{
hesk_error($hesklang['id_not_valid'].' (no_art)');
}
$row = hesk_dbFetchAssoc($res);
// Private or draft article or category?
if ($row['cat_type'] || $row['art_type'])
{
if ( empty($_SESSION['id']) )
{
// This is a staff-only attachment
hesk_error($hesklang['attpri']);
}
elseif ($row['art_type'] == 2)
{
// Need permission to manage KB to access draft attachments
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_checkPermission('can_man_kb');
}
}
}
// Ticket attachments
else
{
// Attachmend ID and ticket tracking ID
$att_id = intval( hesk_GET('att_id', 0) ) or die($hesklang['id_not_valid']);
$type = '';
if (isset($_GET['track'])) {
$tic_id = hesk_cleanID() or die("$hesklang[int_error]: $hesklang[no_trackID]");
$type = 'ticket';
} elseif (isset($_GET['note'])) {
$tic_id = intval($_GET['note']) || die ("$hesklang[int_error]: $hesklang[no_noteID]");
$type = 'note';
}
// Connect to database
hesk_dbConnect();
// Get attachment info
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
hesk_error($hesklang['id_not_valid'].' (att_id)');
}
$file = hesk_dbFetchAssoc($res);
// Is ticket/note ID valid for this attachment?
if ($type == 'ticket' && $file['ticket_id'] != $tic_id)
{
hesk_error($hesklang['trackID_not_found']);
} elseif ($type == 'note' && $file['note_id'] != $tic_id)
{
hesk_error($hesklang['note_id_not_found']);
}
// Verify email address match if needed
if ( empty($_SESSION['id']) )
{
hesk_verifyEmailMatch($tic_id);
}
}
// Path of the file on the server
$realpath = $hesk_settings['attach_dir'] . '/' . $file['saved_name'];
// Perhaps the file has been deleted?
if ( ! file_exists($realpath))
{
hesk_error($hesklang['attdel']);
}
// Send the file as an attachment to prevent malicious code from executing
header("Pragma: "); # To fix a bug in IE when running https
header("Cache-Control: "); # To fix a bug in IE when running https
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Length: ' . $file['size']);
header('Content-Disposition: attachment; filename=' . $file['real_name']);
// For larger files use chunks, smaller ones can be read all at once
$chunksize = 1048576; // = 1024 * 1024 (1 Mb)
if ($file['size'] > $chunksize)
{
$handle = fopen($realpath, 'rb');
$buffer = '';
while ( ! feof($handle))
{
set_time_limit(300);
$buffer = fread($handle, $chunksize);
echo $buffer;
flush();
}
fclose($handle);
}
else
{
readfile($realpath);
}
exit();
?>

694
inc/admin_functions.inc.php
Unescape Escape View File

@ -1,694 +0,0 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.4 from 4th August 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
/*** FUNCTIONS ***/
function hesk_getHHMMSS($in)
{
$in = hesk_getTime($in);
return explode(':', $in);
} // END hesk_getHHMMSS();
function hesk_getTime($in)
{
$in = trim($in);
/* If everything is OK this simple check should return true */
if ( preg_match('/^([0-9]{2,3}):([0-5][0-9]):([0-5][0-9])$/', $in) )
{
return $in;
}
/* No joy, let's try to figure out the correct values to use... */
$h = 0;
$m = 0;
$s = 0;
/* How many parts do we have? */
$parts = substr_count($in, ':');
switch ($parts)
{
/* Only two parts, let's assume minutes and seconds */
case 1:
list($m, $s) = explode(':', $in);
break;
/* Three parts, so explode to hours, minutes and seconds */
case 2:
list($h, $m, $s) = explode(':', $in);
break;
/* Something other was entered, let's assume just minutes */
default:
$m = $in;
}
/* Make sure all inputs are integers */
$h = intval($h);
$m = intval($m);
$s = intval($s);
/* Convert seconds to minutes if 60 or more seconds */
if ($s > 59)
{
$m = floor($s / 60) + $m;
$s = intval($s % 60);
}
/* Convert minutes to hours if 60 or more minutes */
if ($m > 59)
{
$h = floor($m / 60) + $h;
$m = intval($m % 60);
}
/* MySQL accepts max time value of 838:59:59 */
if ($h > 838)
{
return '838:59:59';
}
/* That's it, let's send out formatted time string */
return str_pad($h, 2, "0", STR_PAD_LEFT) . ':' . str_pad($m, 2, "0", STR_PAD_LEFT) . ':' . str_pad($s, 2, "0", STR_PAD_LEFT);
} // END hesk_getTime();
function hesk_mergeTickets($merge_these, $merge_into)
{
global $hesk_settings, $hesklang, $hesk_db_link;
/* Target ticket must not be in the "merge these" list */
if ( in_array($merge_into, $merge_these) )
{
$merge_these = array_diff($merge_these, array( $merge_into ) );
}
/* At least 1 ticket needs to be merged with target ticket */
if ( count($merge_these) < 1 )
{
$_SESSION['error'] = $hesklang['merr1'];
return false;
}
/* Make sure target ticket exists */
$res = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($merge_into)."' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
$_SESSION['error'] = $hesklang['merr2'];
return false;
}
$ticket = hesk_dbFetchAssoc($res);
/* Make sure user has access to ticket category */
if ( ! hesk_okCategory($ticket['category'], 0) )
{
$_SESSION['error'] = $hesklang['merr3'];
return false;
}
/* Set some variables for later */
$merge['attachments'] = '';
$merge['replies'] = array();
$merge['notes'] = array();
$sec_worked = 0;
$history = '';
$merged = '';
/* Get messages, replies, notes and attachments of tickets that will be merged */
foreach ($merge_these as $this_id)
{
/* Validate ID */
if ( is_array($this_id) )
{
continue;
}
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
/* Get required ticket information */
$res = hesk_dbQuery("SELECT `id`,`trackid`,`category`,`name`,`message`,`dt`,`time_worked`,`attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
continue;
}
$row = hesk_dbFetchAssoc($res);
/* Has this user access to the ticket category? */
if ( ! hesk_okCategory($row['category'], 0) )
{
continue;
}
/* Insert ticket message as a new reply to target ticket */
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($row['name'])."','".hesk_dbEscape($row['message'])."','".hesk_dbEscape($row['dt'])."','".hesk_dbEscape($row['attachments'])."')");
/* Update attachments */
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` SET `ticket_id`='".hesk_dbEscape($ticket['trackid'])."' WHERE `ticket_id`='".hesk_dbEscape($row['trackid'])."'");
/* Get old ticket replies and insert them as new replies */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($row['id'])."'");
while ( $reply = hesk_dbFetchAssoc($res) )
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`,`rating`,`read`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($reply['name'])."','".hesk_dbEscape($reply['message'])."','".hesk_dbEscape($reply['dt'])."','".hesk_dbEscape($reply['attachments'])."','".intval($reply['staffid'])."','".intval($reply['rating'])."','".intval($reply['read'])."')");
}
/* Delete replies to the old ticket */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($row['id'])."'");
/* Get old ticket notes and insert them as new notes */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($row['id'])."'");
while ( $note = hesk_dbFetchAssoc($res) )
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`) VALUES ('".intval($ticket['id'])."','".intval($note['who'])."','".hesk_dbEscape($note['dt'])."','".hesk_dbEscape($note['message'])."')");
}
/* Delete replies to the old ticket */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($row['id'])."'");
/* Delete old ticket */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($row['id'])."'");
/* Log that ticket has been merged */
$history .= sprintf($hesklang['thist13'],hesk_date(),$row['trackid'],$_SESSION['name'].' ('.$_SESSION['user'].')');
/* Add old ticket ID to target ticket "merged" field */
$merged .= '#' . $row['trackid'];
/* Convert old ticket "time worked" to seconds and add to $sec_worked variable */
list ($hr, $min, $sec) = explode(':', $row['time_worked']);
$sec_worked += (((int)$hr) * 3600) + (((int)$min) * 60) + ((int)$sec);
}
/* Convert seconds to HHH:MM:SS */
$sec_worked = hesk_getTime('0:'.$sec_worked);
/* Update history (log) and merged IDs of target ticket */
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `time_worked`=ADDTIME(`time_worked`, '".hesk_dbEscape($sec_worked)."'), `merged`=CONCAT(`merged`,'".hesk_dbEscape($merged . '#')."'), `history`=CONCAT(`history`,'".hesk_dbEscape($history)."') WHERE `id`='".intval($merge_into)."' LIMIT 1");
return true;
} // END hesk_mergeTickets()
function hesk_updateStaffDefaults()
{
global $hesk_settings, $hesklang;
// Demo mode
if ( defined('HESK_DEMO') )
{
return true;
}
// Remove the part that forces saving as default - we don't need it every time
$default_list = str_replace('&def=1','',$_SERVER['QUERY_STRING']);
// Update database
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `default_list`='".hesk_dbEscape($default_list)."' WHERE `id`='".intval($_SESSION['id'])."'");
// Update session values so the changes take effect immediately
$_SESSION['default_list'] = $default_list;
return true;
} // END hesk_updateStaffDefaults()
function hesk_makeJsString($in)
{
return addslashes(preg_replace("/\s+/",' ',$in));
} // END hesk_makeJsString()
function hesk_checkNewMail()
{
global $hesk_settings, $hesklang;
$res = hesk_dbQuery("SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `to`='".intval($_SESSION['id'])."' AND `read`='0' AND `deletedby`!='".intval($_SESSION['id'])."' ");
$num = hesk_dbResult($res,0,0);
return $num;
} // END hesk_checkNewMail()
function hesk_dateToString($dt, $returnName=1, $returnTime=0, $returnMonth=0, $from_database=false)
{
global $hesk_settings, $hesklang;
$dt = strtotime($dt);
// Adjust MySQL time if different from PHP time
if ($from_database)
{
if ( ! defined('MYSQL_TIME_DIFF') )
{
define('MYSQL_TIME_DIFF', time()-hesk_dbTime() );
}
if (MYSQL_TIME_DIFF != 0)
{
$dt += MYSQL_TIME_DIFF;
}
// Add HESK set time difference
$dt += 3600*$hesk_settings['diff_hours'] + 60*$hesk_settings['diff_minutes'];
// Daylight saving?
if ($hesk_settings['daylight'] && date('I', $dt))
{
$dt += 3600;
}
}
list($y,$m,$n,$d,$G,$i,$s) = explode('-', date('Y-n-j-w-G-i-s', $dt) );
$m = $hesklang['m'.$m];
$d = $hesklang['d'.$d];
if ($returnName)
{
return "$d, $m $n, $y";
}
if ($returnTime)
{
return "$d, $m $n, $y $G:$i:$s";
}
if ($returnMonth)
{
return "$m $y";
}
return "$m $n, $y";
} // End hesk_dateToString()
function hesk_getCategoriesArray($kb = 0) {
global $hesk_settings, $hesklang, $hesk_db_link;
$categories = array();
if ($kb)
{
$result = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` ORDER BY `cat_order` ASC');
}
else
{
$result = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` ORDER BY `cat_order` ASC');
}
while ($row=hesk_dbFetchAssoc($result))
{
$categories[$row['id']] = $row['name'];
}
return $categories;
} // END hesk_getCategoriesArray()
function hesk_getHTML($in)
{
global $hesk_settings, $hesklang;
$replace_from = array("\t","<?","?>","$","<%","%>");
$replace_to = array("","&lt;?","?&gt;","\$","&lt;%","%&gt;");
$in = trim($in);
$in = str_replace($replace_from,$replace_to,$in);
$in = preg_replace('/\<script(.*)\>(.*)\<\/script\>/Uis',"<script$1></script>",$in);
$in = preg_replace('/\<\!\-\-(.*)\-\-\>/Uis',"<!-- comments have been removed -->",$in);
if (HESK_SLASH === true)
{
$in = addslashes($in);
}
$in = str_replace('\"','"',$in);
return $in;
} // END hesk_getHTML()
function hesk_autoLogin($noredirect=0)
{
global $hesk_settings, $hesklang, $hesk_db_link;
if (!$hesk_settings['autologin'])
{
return false;
}
$user = hesk_htmlspecialchars( hesk_COOKIE('hesk_username') );
$hash = hesk_htmlspecialchars( hesk_COOKIE('hesk_p') );
define('HESK_USER', $user);
if (empty($user) || empty($hash))
{
return false;
}
/* Login cookies exist, now lets limit brute force attempts */
hesk_limitBfAttempts();
/* Check username */
$result = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `user` = '".hesk_dbEscape($user)."' LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login&notice=1');
exit();
}
$res=hesk_dbFetchAssoc($result);
foreach ($res as $k=>$v)
{
$_SESSION[$k]=$v;
}
/* Check password */
if ($hash != hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']) )
{
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login&notice=1');
exit();
}
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079')
{
hesk_process_messages($hesklang['chdp'],'NOREDIRECT','NOTICE');
}
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Get allowed categories */
if (empty($_SESSION['isadmin']))
{
$_SESSION['categories']=explode(',',$_SESSION['categories']);
}
/* Renew cookies */
setcookie('hesk_username', "$user", strtotime('+1 year'));
setcookie('hesk_p', "$hash", strtotime('+1 year'));
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose'])
{
$dt = date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400);
$waitingForCustomerRS = hesk_dbQuery("SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsDefaultStaffReplyStatus` = 1");
$waitingForCustomerStatus = hesk_dbFetchAssoc($waitingForCustomerRS);
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `status` = ".$waitingForCustomerStatus['ID']." AND `lastchange` <= '".hesk_dbEscape($dt)."' ");
if (hesk_dbNumRows($result) > 0)
{
require(HESK_PATH . 'inc/email_functions.inc.php');
global $ticket;
while ($ticket = hesk_dbFetchAssoc($result)) {
hesk_notifyCustomer('ticket_closed');
}
$revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']);
$closedStatusRS = hesk_dbQuery("SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsStaffClosedOption` = 1");
$closedStatus = hesk_dbFetchAssoc($closedStatusRS);
$sql = "UPDATE `".$hesk_settings['db_pfix']."tickets` SET `status`=".$closedStatus['ID'].", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `status` = ".$waitingForCustomerStatus['ID']." AND `lastchange` <= '".hesk_dbEscape($dt)."' ";
hesk_dbQuery($sql);
}
}
/* If session expired while a HESK page is open just continue using it, don't redirect */
if ($noredirect)
{
return true;
}
/* Redirect to the destination page */
if ( hesk_isREQUEST('goto') && $url=hesk_REQUEST('goto') )
{
$url = str_replace('&amp;','&',$url);
header('Location: '.$url);
}
else
{
header('Location: admin_main.php');
}
exit();
} // END hesk_autoLogin()
function hesk_isLoggedIn()
{
global $hesk_settings;
$referer = hesk_input($_SERVER['REQUEST_URI']);
$referer = str_replace('&amp;','&',$referer);
if (empty($_SESSION['id']))
{
if ($hesk_settings['autologin'] && hesk_autoLogin(1) )
{
// Users online
if ($hesk_settings['online'])
{
require(HESK_PATH . 'inc/users_online.inc.php');
hesk_initOnline($_SESSION['id']);
}
return true;
}
// Some pages cannot be redirected to
$modify_redirect = array(
'admin_reply_ticket.php' => 'admin_main.php',
'admin_settings_save.php' => 'admin_settings.php',
'delete_tickets.php' => 'admin_main.php',
'move_category.php' => 'admin_main.php',
'priority.php' => 'admin_main.php',
);
foreach ($modify_redirect as $from => $to)
{
if ( strpos($referer,$from) !== false )
{
$referer = $to;
}
}
$url = 'index.php?a=login&notice=1&goto='.urlencode($referer);
header('Location: '.$url);
exit();
}
else
{
hesk_session_regenerate_id();
// Need to update permissions?
if ( empty($_SESSION['isadmin']) )
{
$res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `".$hesk_settings['db_pfix']."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
$me = hesk_dbFetchAssoc($res);
foreach ($me as $k => $v)
{
$_SESSION[$k]=$v;
}
// Get allowed categories
if (empty($_SESSION['isadmin']) )
{
$_SESSION['categories']=explode(',',$_SESSION['categories']);
}
}
else
{
hesk_session_stop();
$url = 'index.php?a=login&notice=1&goto='.urlencode($referer);
header('Location: '.$url);
exit();
}
}
// Users online
if ($hesk_settings['online'])
{
require(HESK_PATH . 'inc/users_online.inc.php');
hesk_initOnline($_SESSION['id']);
}
return true;
}
} // END hesk_isLoggedIn()
function hesk_Pass2Hash($plaintext) {
$majorsalt = '';
$len = strlen($plaintext);
for ($i=0;$i<$len;$i++)
{
$majorsalt .= sha1(substr($plaintext,$i,1));
}
$corehash = sha1($majorsalt);
return $corehash;
} // END hesk_Pass2Hash()
function hesk_formatDate($dt)
{
$dt=hesk_date($dt);
$dt=str_replace(' ','<br />',$dt);
return $dt;
} // End hesk_formatDate()
function hesk_jsString($str)
{
$str = str_replace( array('\'','<br />') , array('\\\'','') ,$str);
$from = array("/\r\n|\n|\r/", '/\<a href="mailto\:([^"]*)"\>([^\<]*)\<\/a\>/i', '/\<a href="([^"]*)" target="_blank"\>([^\<]*)\<\/a\>/i');
$to = array("\\r\\n' + \r\n'", "$1", "$1");
return preg_replace($from,$to,$str);
} // END hesk_jsString()
function hesk_myCategories($what='category')
{
if ( ! empty($_SESSION['isadmin']) )
{
return '1';
}
else
{
return " `".hesk_dbEscape($what)."` IN ('" . implode("','", array_map('intval', $_SESSION['categories']) ) . "')";
}
} // END hesk_myCategories()
function hesk_okCategory($cat,$error=1,$user_isadmin=false,$user_cat=false)
{
global $hesklang;
/* Checking for current user or someone else? */
if ($user_isadmin === false)
{
$user_isadmin = $_SESSION['isadmin'];
}
if ($user_cat === false)
{
$user_cat = $_SESSION['categories'];
}
/* Is admin? */
if ($user_isadmin)
{
return true;
}
/* Staff with access? */
elseif (in_array($cat,$user_cat))
{
return true;
}
/* No access */
else
{
if ($error)
{
hesk_error($hesklang['not_authorized_tickets']);
}
else
{
return false;
}
}
} // END hesk_okCategory()
function hesk_checkPermission($feature,$showerror=1) {
global $hesklang;
/* Check if this is for managing settings */
if ($feature == 'can_manage_settings')
{
if ($_SESSION['can_manage_settings']) {
return true;
} else {
if ($showerror) {
hesk_error($hesklang['no_permission'].'<p>&nbsp;</p><p align="center"><a href="index.php">'.$hesklang['click_login'].'</a>');
} else {
return false;
}
}
}
/* Admins have full access to all features, besides possibly settings */
if ($_SESSION['isadmin'])
{
return true;
}
/* Check other staff for permissions */
if (strpos($_SESSION['heskprivileges'], $feature) === false)
{
if ($showerror)
{
hesk_error($hesklang['no_permission'].'<p>&nbsp;</p><p align="center"><a href="index.php">'.$hesklang['click_login'].'</a>');
}
else
{
return false;
}
}
else
{
return true;
}
} // END hesk_checkPermission()

6
inc/email_functions.inc.php
Unescape Escape View File

@ -241,9 +241,6 @@ function hesk_validEmails()
// --> New ticket submitted
'new_ticket' => $hesklang['ticket_received'],
// --> Ticket closed
'ticket_closed' => $hesklang['ticket_closed'],
// --> Verify email
'verify_email' => $hesklang['verify_email'],
@ -268,9 +265,6 @@ function hesk_validEmails()
// --> New note by someone to a ticket assigned to you
'new_note' => $hesklang['new_note'],
// --> Assigned ticket reopened
'ticket_reopen_assigned' => $hesklang['ticket_reopen_assigned'],
);
} // END hesk_validEmails()

4
inc/header.inc.php
Unescape Escape View File

@ -35,10 +35,6 @@
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
require(HESK_PATH . 'modsForHesk_settings.inc.php');
// Check to see if we're in maintenance mode before sending anything to the DOM
if ($modsForHesk_settings['maintenance_mode'] && !defined('ON_MAINTENANCE_PAGE') && !defined('ON_LOGIN_PAGE')) {
header('Location: '.HESK_PATH.'maintenance.php');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

505
inc/pipe_functions.inc.php
Unescape Escape View File

@ -1,505 +0,0 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
// Include all functions needed for email piping
hesk_load_database_functions();
require(HESK_PATH . 'inc/email_functions.inc.php');
require(HESK_PATH . 'inc/posting_functions.inc.php');
require(HESK_PATH . 'inc/mail/rfc822_addresses.php');
require(HESK_PATH . 'inc/mail/mime_parser.php');
require(HESK_PATH . 'inc/mail/email_parser.php');
/*** FUNCTIONS ***/
function hesk_email2ticket($results, $pop3 = 0)
{
global $hesk_settings, $hesklang, $hesk_db_link, $ticket;
// Process "From:" email
$tmpvar['email'] = hesk_validateEmail($results['from'][0]['address'],'ERR',0);
// "From:" email missing or invalid?
if ( ! $tmpvar['email'] )
{
return hesk_cleanExit();
}
// Make sure the email isn't banned. If it is, just exit.
$emailSql = 'SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` WHERE Email = \''.hesk_dbEscape($tmpvar['email']).'\'';
if ($emailSql->num_rows > 0) {
return hesk_cleanExit();
}
// Process "From:" name, convert to UTF-8, set to "[Customer]" if not set
$tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde'];
if ( ! empty($results['from'][0]['encoding']) )
{
$tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']);
}
$tmpvar['name'] = hesk_input($tmpvar['name'],'','',1,50) or $tmpvar['name'] = $hesklang['pde'];
// Process "To:" email (not yet implemented, for future use)
// $tmpvar['to_email'] = hesk_validateEmail($results['to'][0]['address'],'ERR',0);
// Process email subject, convert to UTF-8, set to "[Piped email]" if none set
$tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem'];
if ( ! empty($results['subject_encoding']) )
{
$tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']);
}
$tmpvar['subject'] = hesk_input($tmpvar['subject'],'','',1,70) or $tmpvar['subject'] = $hesklang['pem'];
// Process email message, convert to UTF-8
$tmpvar['message'] = isset($results['message']) ? $results['message'] : '';
if ( ! empty($results['encoding']) )
{
$tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']);
}
$tmpvar['message'] = hesk_input($tmpvar['message'],'','',1);
// Message missing? We require it!
if ( ! $tmpvar['message'])
{
return hesk_cleanExit();
}
// Strip quoted reply from email
$tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']);
// Convert URLs to links, change newlines to <br />
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
# For debugging purposes
# die( bin2hex($tmpvar['message']) );
# die($tmpvar['message']);
// Try to detect "delivery failed" and "noreply" emails - ignore if detected
if ( hesk_isReturnedEmail($tmpvar) )
{
return hesk_cleanExit();
}
// Check for email loops
if ( hesk_isEmailLoop($tmpvar['email'], md5($tmpvar['message']) ) )
{
return hesk_cleanExit();
}
// OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket
if ( preg_match('/\[#([A-Z0-9]{3}\-[A-Z0-9]{3}\-[A-Z0-9]{4})\]/', str_replace(' ', '', $tmpvar['subject']), $matches) )
{
// We found a possible tracking ID
$tmpvar['trackid'] = $matches[1];
// Does it match one in the database?
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($tmpvar['trackid'])."' LIMIT 1");
if (hesk_dbNumRows($res))
{
$ticket = hesk_dbFetchAssoc($res);
// Do email addresses match?
if ( strpos( strtolower($ticket['email']), strtolower($tmpvar['email']) ) === false )
{
$tmpvar['trackid'] = '';
}
// Is this ticket locked? Force create a new one if it is
if ($ticket['locked'])
{
$tmpvar['trackid'] = '';
}
}
else
{
$tmpvar['trackid'] = '';
}
}
// If tracking ID is empty, generate a new one
if ( empty($tmpvar['trackid']) )
{
$tmpvar['trackid'] = hesk_createID();
$is_reply = 0;
}
else
{
$is_reply = 1;
}
// Process attachments
$tmpvar['attachmment_notices'] = '';
$tmpvar['attachments'] = '';
$num = 0;
if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0]))
{
#print_r($results['attachments']);
foreach ($results['attachments'] as $k => $v)
{
// Clean attachment names
$myatt['real_name'] = hesk_cleanFileName($v['orig_name']);
// Check number of attachments, delete any over max number
if ($num >= $hesk_settings['attachments']['max_number'])
{
$tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n";
continue;
}
// Check file extension
$ext = strtolower(strrchr($myatt['real_name'], "."));
if (!in_array($ext,$hesk_settings['attachments']['allowed_types']))
{
$tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n";
continue;
}
// Check file size
$myatt['size'] = $v['size'];
if ($myatt['size'] > ($hesk_settings['attachments']['max_size']))
{
$tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n";
continue;
}
// Generate a random file name
$useChars='AEUYBDGHJLMNPQRSTVWXZ123456789';
$tmp = $useChars{mt_rand(0,29)};
for($j=1;$j<10;$j++)
{
$tmp .= $useChars{mt_rand(0,29)};
}
$myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext;
// Rename the temporary file
rename($v['stored_name'],HESK_PATH.$hesk_settings['attach_dir'].'/'.$myatt['saved_name']);
// Insert into database
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($tmpvar['trackid'])."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')");
$tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] .',';
$num++;
}
if (strlen($tmpvar['attachmment_notices']))
{
$tmpvar['message'] .= "<br /><br />" . hesk_input($hesklang['attrem'],'','',1) . "<br />" . nl2br(hesk_input($tmpvar['attachmment_notices'],'','',1));
}
}
// Delete the temporary files
deleteAll($results['tempdir']);
// If this is a reply add a new reply
if ($is_reply)
{
// Set last replier name to customer name
$ticket['lastreplier'] = ($tmpvar['name'] == $hesklang['pde']) ? $tmpvar['email'] : $tmpvar['name'];;
// If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff"
$ticket['status'] = $ticket['status'] ? 1 : 0;
// Update ticket as necessary
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`lastreplier`='0' WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
// Insert reply into database
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($ticket['lastreplier'])."','".hesk_dbEscape($tmpvar['message'])."',NOW(),'".hesk_dbEscape($tmpvar['attachments'])."')");
// --> Prepare reply message
// 1. Generate the array with ticket info that can be used in emails
$info = array(
'email' => $ticket['email'],
'category' => $ticket['category'],
'priority' => $ticket['priority'],
'owner' => $ticket['owner'],
'trackid' => $ticket['trackid'],
'status' => $ticket['status'],
'name' => $ticket['name'],
'lastreplier' => $ticket['lastreplier'],
'subject' => $ticket['subject'],
'message' => stripslashes($tmpvar['message']),
'attachments' => $tmpvar['attachments'],
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
);
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v)
{
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
// --> Process custom fields before sending
foreach ($hesk_settings['custom_fields'] as $k => $v)
{
$ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : '';
}
// --> If ticket is assigned just notify the owner
if ($ticket['owner'])
{
hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
}
// --> No owner assigned, find and notify appropriate staff
else
{
hesk_notifyStaff('new_reply_by_customer',"`notify_reply_unassigned`='1'");
}
return $ticket['trackid'];
} // END REPLY
// Not a reply, but a new ticket. Add it to the database
$tmpvar['category'] = 1;
$tmpvar['priority'] = 3;
$_SERVER['REMOTE_ADDR'] = $hesklang['unknown'];
// Auto assign tickets if aplicable
$tmpvar['owner'] = 0;
$tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date());
$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
#print_r($autoassign_owner);
if ($autoassign_owner)
{
$tmpvar['owner'] = $autoassign_owner['id'];
$tmpvar['history'] .= sprintf($hesklang['thist10'],hesk_date(),$autoassign_owner['name'].' ('.$autoassign_owner['user'].')');
}
// Custom fields will be empty as there is no reliable way of detecting them
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
$tmpvar[$k] = '';
}
// Insert ticket to database
$ticket = hesk_newTicket($tmpvar);
// Notify the customer
hesk_notifyCustomer();
// Need to notify staff?
// --> From autoassign?
if ($tmpvar['owner'] && $autoassign_owner['notify_assigned'])
{
hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
}
// --> No autoassign, find and notify appropriate staff
elseif ( ! $tmpvar['owner'] )
{
hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' ");
}
return $ticket['trackid'];
} // END hesk_email2ticket()
function hesk_encodeUTF8($in, $encoding)
{
$encoding = strtoupper($encoding);
switch($encoding)
{
case 'UTF-8':
return $in;
break;
case 'ISO-8859-1':
return utf8_encode($in);
break;
default:
return iconv($encoding, 'UTF-8', $in);
break;
}
} // END hesk_encodeUTF8()
function hesk_stripQuotedText($message)
{
global $hesk_settings, $hesklang;
// Stripping quoted text disabled?
if ( ! $hesk_settings['strip_quoted'])
{
return $message;
}
// Loop through available languages and ty to find the tag
foreach ($hesk_settings['languages'] as $language => $settings)
{
if ( ($found = strpos($message, $settings['hr']) ) !== false )
{
// "Reply above this line" tag found, strip quoted reply
$message = substr($message, 0, $found);
$message .= "\n" . $hesklang['qrr'];
// Set language to the detected language
hesk_setLanguage($language);
break;
}
}
return $message;
} // END hesk_stripQuotedText()
function hesk_isReturnedEmail($tmpvar)
{
// Check noreply email addresses
if ( preg_match('/not?[\-_]reply@/i', $tmpvar['email']) )
{
return true;
}
// Check mailer daemon email addresses
if ( preg_match('/mail(er)?[\-_]daemon@/i', $tmpvar['email']) )
{
return true;
}
// Check autoreply subjects
if ( preg_match('/^[\[\(]?Auto(mat(ic|ed))?[ \-]?reply/i', $tmpvar['subject']) )
{
return true;
}
// Check out of office subjects
if ( preg_match('/^Out of Office/i', $tmpvar['subject']) )
{
return true;
}
// Check delivery failed email subjects
if (
preg_match('/DELIVERY FAILURE/i', $tmpvar['subject']) ||
preg_match('/Undelivered Mail Returned to Sender/i', $tmpvar['subject']) ||
preg_match('/Delivery Status Notification \(Failure\)/i', $tmpvar['subject']) ||
preg_match('/Returned mail\: see transcript for details/i', $tmpvar['subject'])
)
{
return true;
}
// Check Mail Delivery sender name
if ( preg_match('/Mail[ \-_]?Delivery/i', $tmpvar['name']) )
{
return true;
}
// Check Delivery failed message
if ( preg_match('/postmaster@/i', $tmpvar['email']) && preg_match('/Delivery has failed to these recipients/i', $tmpvar['message']) )
{
return true;
}
// No pattern detected, seems like this is not a returned email
return false;
} // END hesk_isReturnedEmail()
function hesk_isEmailLoop($email, $message_hash)
{
global $hesk_settings, $hesklang, $hesk_db_link;
// If $hesk_settings['loop_hits'] is set to 0 this function is disabled
if ( ! $hesk_settings['loop_hits'])
{
return false;
}
// Escape wildcards in email
$email_like = hesk_dbEscape(hesk_dbLike($email));
// Delete expired DB entries
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` WHERE `dt` < (NOW() - INTERVAL ".intval($hesk_settings['loop_time'])." SECOND) ");
// Check current entry
$res = hesk_dbQuery("SELECT `hits`, `message_hash` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` WHERE `email` LIKE '{$email_like}' LIMIT 1");
// Any active entry*
if (hesk_dbNumRows($res))
{
list($num, $md5) = hesk_dbFetchRow($res);
$num++;
// Number of emails in a time period reached?
if ($num >= $hesk_settings['loop_hits'])
{
return true;
}
// Message exactly the same as in previous email?
if ($message_hash == $md5)
{
return true;
}
// Update DB entry
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '".hesk_dbEscape($message_hash)."' WHERE `email` LIKE '{$email_like}' LIMIT 1");
}
else
{
// First instance, insert a new database row
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` (`email`, `message_hash`) VALUES ('".hesk_dbEscape($email)."', '".hesk_dbEscape($message_hash)."')");
}
// No loop rule trigered
return false;
} // END hesk_isEmailLoop()
function hesk_cleanExit()
{
global $results;
// Delete the temporary files
deleteAll($results['tempdir']);
// Return NULL
return NULL;
} // END hesk_cleanExit()

177
inc/prepare_ticket_search.inc.php
Unescape Escape View File

@ -1,177 +0,0 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
$tmp = intval( hesk_GET('limit') );
$maxresults = ($tmp > 0) ? $tmp : $hesk_settings['max_listings'];
$tmp = intval( hesk_GET('page', 1) );
$page = ($tmp > 1) ? $tmp : 1;
/* Acceptable $sort values and default asc(1)/desc(0) setting */
$sort_possible = array(
'trackid' => 1,
'lastchange' => 0,
'name' => 1,
'subject' => 1,
'status' => 1,
'lastreplier' => 1,
'priority' => 1,
'category' => 1,
'dt' => 0,
'id' => 1,
'owner' => 1,
'custom1' => 1,
'custom2' => 1,
'custom3' => 1,
'custom4' => 1,
'custom5' => 1,
'custom6' => 1,
'custom7' => 1,
'custom8' => 1,
'custom9' => 1,
'custom10' => 1,
'custom11' => 1,
'custom12' => 1,
'custom13' => 1,
'custom14' => 1,
'custom15' => 1,
'custom16' => 1,
'custom17' => 1,
'custom18' => 1,
'custom19' => 1,
'custom20' => 1
);
/* These values should have collate appended in SQL */
$sort_collation = array(
'name',
'subject',
);
/* Acceptable $group values and default asc(1)/desc(0) setting */
$group_possible = array(
'owner' => 1,
'priority' => 1,
'category' => 1,
);
/* Start the order by part of the SQL query */
$sql .= " ORDER BY ";
/* Group tickets? Default: no */
if (isset($_GET['g']) && ! is_array($_GET['g']) && isset($group_possible[$_GET['g']]))
{
$group = hesk_input($_GET['g']);
if ($group == 'priority' && isset($_GET['sort']) && ! is_array($_GET['sort']) && $_GET['sort'] == 'priority')
{
// No need to group by priority if we are already sorting by priority
}
elseif ($group == 'owner')
{
// If group by owner place own tickets on top
$sql .= " CASE WHEN `owner` = '".intval($_SESSION['id'])."' THEN 1 ELSE 0 END DESC, `owner` ASC, ";
}
else
{
$sql .= ' `'.hesk_dbEscape($group).'` ';
$sql .= $group_possible[$group] ? 'ASC, ' : 'DESC, ';
}
}
else
{
$group = '';
}
/* Show critical tickets always on top? Default: yes */
$cot = (isset($_GET['cot']) && intval($_GET['cot']) == 1) ? 1 : 0;
if (!$cot)
{
$sql .= " CASE WHEN `priority` = '0' THEN 1 ELSE 0 END DESC , ";
}
/* Sort by which field? */
if (isset($_GET['sort']) && ! is_array($_GET['sort']) && isset($sort_possible[$_GET['sort']]))
{
$sort = hesk_input($_GET['sort']);
$sql .= $sort == 'lastreplier' ? " CASE WHEN `lastreplier` = '0' THEN 0 ELSE 1 END DESC, COALESCE(`replierid`, NULLIF(`lastreplier`, '0'), `name`) " : ' `'.hesk_dbEscape($sort).'` ';
// Need to set MySQL collation?
if ( in_array($_GET['sort'], $sort_collation) )
{
$sql .= " COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ";
}
}
else
{
/* Default sorting by ticket status */
$sql .= ' `status` ';
$sort = 'status';
}
/* Ascending or Descending? */
if (isset($_GET['asc']) && intval($_GET['asc'])==0)
{
$sql .= ' DESC ';
$asc = 0;
$asc_rev = 1;
$sort_possible[$sort] = 1;
}
else
{
$sql .= ' ASC ';
$asc = 1;
$asc_rev = 0;
if (!isset($_GET['asc']))
{
$is_default = 1;
}
$sort_possible[$sort] = 0;
}
/* In the end same results should always be sorted by priority */
if ($sort != 'priority')
{
$sql .= ' , `priority` ASC ';
}
# Uncomment for debugging purposes
# echo "SQL: $sql<br>";

145
inc/ticket_list.inc.php
Unescape Escape View File

@ -324,32 +324,18 @@ if ($total > 0)
$ticket['archive'] = !($ticket['archive']) ? $hesklang['no'] : $hesklang['yes'];
$ticket['message'] = $first_line . substr(strip_tags($ticket['message']),0,200).'...';
$ownerColumn = $ticket['owner'] != 0 ? $admins[$ticket['owner']] : '('.$hesklang['unas'].')';
$customFieldsHtml = '';
for ($i = 1; $i <= 20; $i++) {
if ($hesk_settings['custom_fields']['custom'.$i]['use']) {
$display = 'display: none';
if ((isset($_GET['sort']) && $_GET['sort'] == 'custom'.$i) || (isset($_GET['what']) && $_GET['what'] == 'custom'.$i)) {
$display = '';
}
$customFieldsHtml .= '<td style="'.$display.'" class="column_columnCustom'.$i.'">'.$ticket['custom'.$i].'</td>';
}
}
echo <<<EOC
<tr class="$color" id="$ticket[id]" title="$ticket[message]">
<td><input type="checkbox" id="check$ticket[id]" name="id[]" value="$ticket[id]" />&nbsp;</td>
<td class="column_trackID"><a href="admin_ticket.php?track=$ticket[trackid]&amp;Refresh=$random">$ticket[trackid]</a></td>
<td class="column_last_update">$ticket[lastchange]</td>
<td class="column_name">$ticket[name]</td>
<td class="column_subject">$tagged$owner<a href="admin_ticket.php?track=$ticket[trackid]&amp;Refresh=$random">$ticket[subject]</a></td>
<td class="column_status">$ticket[status]&nbsp;</td>
<td class="column_lastreplier">$ticket[repliername]</td>
<td class="column_priority">$ticket[priority]</td>
<td class="column_owner" style="display: none">$ownerColumn</td>
$customFieldsHtml
<td><a href="admin_ticket.php?track=$ticket[trackid]&amp;Refresh=$random">$ticket[trackid]</a></td>
<td>$ticket[lastchange]</td>
<td>$ticket[name]</td>
<td>$tagged$owner<a href="admin_ticket.php?track=$ticket[trackid]&amp;Refresh=$random">$ticket[subject]</a></td>
<td>$ticket[status]&nbsp;</td>
<td>$ticket[repliername]</td>
<td>$ticket[priority]&nbsp;</td>
</tr>
EOC;
@ -359,98 +345,8 @@ EOC;
</div>
&nbsp;<br />
<?php
$columnOneCheckboxes = array();
$columnTwoCheckboxes = array();
$columnThreeCheckboxes = array();
$currentColumn = 3;
for ($i = 1; $i <= 20; $i++) {
if ($hesk_settings['custom_fields']['custom'.$i]['use']) {
if ($currentColumn == 1) {
array_push($columnOneCheckboxes, $i);
$currentColumn = 2;
} elseif ($currentColumn == 2) {
array_push($columnTwoCheckboxes, $i);
$currentColumn = 3;
} else {
array_push($columnThreeCheckboxes, $i);
$currentColumn = 1;
}
}
}
?>
<table border="0" width="100%">
<tr>
<td width="50%" style="vertical-align:top">
<h6 id="showFiltersText" style="font-weight: bold"><a href="javascript:void(0)" onclick="toggleFilterCheckboxes(true)"><?php echo $hesklang['show_filters']; ?></a></h6>
<h6 id="hideFiltersText" style="font-weight: bold; display: none"><a href="javascript:void(0)" onclick="toggleFilterCheckboxes(false)"><?php echo $hesklang['hide_filters']; ?></a></h6>
<div id="filterCheckboxes" style="display: none" class="row">
<div class="col-md-4 col-sm-12">
<div class="checkbox">
<input type="checkbox" onclick="toggleColumn('column_trackID')" checked> <?php echo $hesklang['trackID']; ?>
</div><br>
<div class="checkbox">
<input type="checkbox" onclick="toggleColumn('column_subject')" checked> <?php echo $hesklang['subject']; ?>
</div><br>
<div class="checkbox">
<input type="checkbox" onclick="toggleColumn('column_priority')" checked> <?php echo $hesklang['priority']; ?>
</div>
<?php
foreach ($columnOneCheckboxes as $i) {
$checked = '';
if ((isset($_GET['sort']) && $_GET['sort'] == 'custom'.$i) || (isset($_GET['what']) && $_GET['what'] == 'custom'.$i)) {
$checked = 'checked';
}
echo '<br><div class="checkbox">
<input type="checkbox" onclick="toggleColumn(\'column_columnCustom'.$i.'\')" '.$checked.'>
'.$hesk_settings['custom_fields']['custom'.$i]['name'].'</div>';
}
?>
</div>
<div class="col-md-4 col-sm-12">
<div class="checkbox">
<input type="checkbox" onclick="toggleColumn('column_last_update')" checked> <?php echo $hesklang['last_update']; ?>
</div><br>
<div class="checkbox">
<input type="checkbox" onclick="toggleColumn('column_status')" checked> <?php echo $hesklang['status']; ?>
</div><br>
<div class="checkbox">
<input type="checkbox" onclick="toggleColumn('column_owner')"> <?php echo $hesklang['owner']; ?>
</div>
<?php
foreach ($columnTwoCheckboxes as $i) {
$checked = '';
if ((isset($_GET['sort']) && $_GET['sort'] == 'custom'.$i) || (isset($_GET['what']) && $_GET['what'] == 'custom'.$i)) {
$checked = 'checked';
}
echo '<br><div class="checkbox">
<input type="checkbox" onclick="toggleColumn(\'column_columnCustom'.$i.'\')" '.$checked.'>
'.$hesk_settings['custom_fields']['custom'.$i]['name'].'</div>';
}
?>
</div>
<div class="col-md-4 col-sm-12">
<div class="checkbox">
<input type="checkbox" onclick="toggleColumn('column_name')" checked> <?php echo $hesklang['name']; ?>
</div><br>
<div class="checkbox">
<input type="checkbox" onclick="toggleColumn('column_lastreplier')" checked> <?php echo $hesklang['last_replier']; ?>
</div>
<?php
foreach ($columnThreeCheckboxes as $i) {
$checked = '';
if ((isset($_GET['sort']) && $_GET['sort'] == 'custom'.$i) || (isset($_GET['what']) && $_GET['what'] == 'custom'.$i)) {
$checked = 'checked';
}
echo '<br><div class="checkbox">
<input type="checkbox" onclick="toggleColumn(\'column_columnCustom'.$i.'\')" '.$checked.'>
'.$hesk_settings['custom_fields']['custom'.$i]['name'].'</div>';
}
?>
</div>
</div>
</td>
<td width="50%" class="text-right" style="vertical-align:top">
<select class="form-control" name="a">
<option value="close" selected="selected"><?php echo $hesklang['close_selected']; ?></option>
@ -532,26 +428,13 @@ function hesk_print_list_head()
<thead>
<tr>
<th><input type="checkbox" id="checkall" name="checkall" value="2" onclick="hesk_changeAll(this)" /></th>
<th class="column_trackID"><a href="<?php echo $href . '?' . $query . $sort_possible['trackid'] . '&amp;sort='; ?>trackid"><?php echo $hesklang['trackID']; ?></a></th>
<th class="column_last_update"><a href="<?php echo $href . '?' . $query . $sort_possible['lastchange'] . '&amp;sort='; ?>lastchange"><?php echo $hesklang['last_update']; ?></a></th>
<th class="column_name"><a href="<?php echo $href . '?' . $query . $sort_possible['name'] . '&amp;sort='; ?>name"><?php echo $hesklang['name']; ?></a></th>
<th class="column_subject"><a href="<?php echo $href . '?' . $query . $sort_possible['subject'] . '&amp;sort='; ?>subject"><?php echo $hesklang['subject']; ?></a></th>
<th class="column_status"><a href="<?php echo $href . '?' . $query . $sort_possible['status'] . '&amp;sort='; ?>status"><?php echo $hesklang['status']; ?></a></th>
<th class="column_lastreplier"><a href="<?php echo $href . '?' . $query . $sort_possible['lastreplier'] . '&amp;sort='; ?>lastreplier"><?php echo $hesklang['last_replier']; ?></a></th>
<th class="column_priority"><a href="<?php echo $href . '?' . $query . $sort_possible['priority'] . '&amp;sort='; ?>priority"><i class="fa fa-sort-<?php echo (($sort_possible['priority']) ? 'asc' : 'desc'); ?>"></i></a></th>
<!-- All other fields, hidden by default. -->
<th class="column_owner" style="display: none"><a href="<?php echo $href . '?' . $query . $sort_possible['priority'] . '&amp;sort='; ?>owner"><?php echo $hesklang['owner']; ?></a></th>
<?php
for ($i = 1; $i <= 20; $i++) {
if ($hesk_settings['custom_fields']['custom'.$i]['use']) {
$display = 'display: none';
if ((isset($_GET['sort']) && $_GET['sort'] == 'custom'.$i) || (isset($_GET['what']) && $_GET['what'] == 'custom'.$i)) {
$display = '';
}
echo '<th style="'.$display.'" class="column_columnCustom'.$i.'"><a href="'.$href . '?' . $query . $sort_possible['priority'] . '&amp;sort=custom'.$i.'">'.$hesk_settings['custom_fields']['custom'.$i]['name'].'</a></th>';
}
}
?>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['trackid'] . '&amp;sort='; ?>trackid"><?php echo $hesklang['trackID']; ?></a></th>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['lastchange'] . '&amp;sort='; ?>lastchange"><?php echo $hesklang['last_update']; ?></a></th>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['name'] . '&amp;sort='; ?>name"><?php echo $hesklang['name']; ?></a></th>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['subject'] . '&amp;sort='; ?>subject"><?php echo $hesklang['subject']; ?></a></th>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['status'] . '&amp;sort='; ?>status"><?php echo $hesklang['status']; ?></a></th>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['lastreplier'] . '&amp;sort='; ?>lastreplier"><?php echo $hesklang['last_replier']; ?></a></th>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['priority'] . '&amp;sort='; ?>priority"><i class="fa fa-sort-<?php echo (($sort_possible['priority']) ? 'asc' : 'desc'); ?>"></i></a></th>
</tr>
</thead>
<?php

13
install/updateTo1-7-0.php
Unescape Escape View File

@ -90,16 +90,11 @@ if (!file_put_contents(HESK_PATH.'modsForHesk_settings.inc.php', $file))
<code>//-- Set this to 1 to enable email verification for new customers
$modsForHesk_settings[\'customer_email_verification_required\'] = 0;</code>
<br><br>
<p>Now you can delete the <b>install</b> folder for security reasons, and then proceed back to the <a href="../">Help Desk</a></p>';
<p>After you have done this, <a href="updateTo2-0-0.php">click this link to continue installation</a></p>';
}
if ($updateSuccess) {
?>
<h1>Installation / Update complete!</h1>
<p>Please delete the <b>install</b> folder for security reasons, and then proceed back to the <a href="../">Help Desk</a></p>
<?php } ?>
header('Location: updateTo2-0-0.php');
} ?>

26
install/updateTo2-0-0.php
Unescape Escape View File

@ -0,0 +1,26 @@
<?php
define('IN_SCRIPT',1);
define('HESK_PATH','../');
require(HESK_PATH . 'install/install_functions.inc.php');
require(HESK_PATH . 'hesk_settings.inc.php');
$updateSuccess = true;
hesk_dbConnect();
hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` DROP COLUMN `note_id`");
hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` DROP COLUMN `edit_date`");
hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` DROP COLUMN `number_of_edits`");
hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` DROP COLUMN `default_notify_customer_email`");
//TODO Migrate Mods for HESK Banned IPs / Emails to HESK 2.6.0's tables. Luckily the table names are different, so there won't be a problem when HESK tries to install.
hesk_dbQuery("DROP TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."denied_ips`");
hesk_dbQuery("DROP TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."denied_emails`");
if ($updateSuccess) {
?>
<h1>Installation / Update complete!</h1>
<p>Please delete the <b>install</b> folder for security reasons, and then proceed back to the <a href="../">Help Desk</a></p>
<?php } ?>

31
js/modsForHesk-javascript.js
Unescape Escape View File

@ -47,26 +47,6 @@ function toggleRow(id) {
}
}
function toggleColumn(className) {
if ($('.' + className).css('display') == 'none') {
$('.' + className).show();
} else {
$('.' + className).hide();
}
}
function toggleFilterCheckboxes(show) {
if (show) {
$('#filterCheckboxes').show();
$('#showFiltersText').hide();
$('#hideFiltersText').show();
} else {
$('#filterCheckboxes').hide();
$('#showFiltersText').show();
$('#hideFiltersText').hide();
}
}
function toggleChildrenForm(show) {
if (show) {
$('#childrenForm').show();
@ -77,15 +57,4 @@ function toggleChildrenForm(show) {
}
}
function toggleNote(noteId, showForm) {
if (showForm) {
$('#note-' + noteId + '-p').hide();
$('#note-' + noteId + '-form').show();
} else {
$('#note-' + noteId + '-p').show();
$('#note-' + noteId + '-form').hide();
$('#note-' + noteId + '-textarea').val($('#note-' + noteId + '-p').text())
}
}
jQuery(document).ready(loadJquery);

20
language/en/text.php
Unescape Escape View File

@ -50,19 +50,11 @@ $hesklang['verify_your_email'] = 'Your ticket has been created; however your ema
$hesklang['installation_information'] = 'Installation Information';
// ADDED OR MODIFIED IN Mods For HESK 1.6.0
$hesklang['ticket_closed'] = '[#%%TRACK_ID%%] Ticket closed/resolved';
$hesklang['ticket_reopen'] = '[#%%TRACK_ID%%] Ticket reopened';
$hesklang['ticket_reopen_assigned'] = '[#%%TRACK_ID%%] Assigned ticket reopened';
$hesklang['create_based_on_contact'] = 'Create Ticket For Same Contact';
$hesklang['notify_note_unassigned'] = 'Someone adds a note to a ticket not assigned to me';
$hesklang['can_change_notification_settings'] = 'Can change notification settings';
$hesklang['note_edit_successful'] = 'Note edited';
$hesklang['note_last_edit'] = 'Note last edited on: %s'; // %s: timestamp of last edit
$hesklang['total_number_of_edits'] = 'Total number of edits: %s'; // %s: total number of edits
$hesklang['add_row'] = 'Add row';
$hesklang['addnote'] = 'Add note';
$hesklang['no_noteID'] = 'No Note ID';
$hesklang['note_id_not_found'] = 'Note ID not found';
$hesklang['mods_for_hesk'] = 'Mods for HESK';
$hesklang['err_modsForHesk_settings'] = 'Can\'t open file <b>modsForHesk_settings.inc.php</b> for writing. Please CHMOD this file to 666 (rw-rw-rw-)';
$hesklang['mods_for_hesk_version'] = 'Mods for HESK Version';
@ -80,8 +72,6 @@ $hesklang['user_deactivated'] = 'User has been deactivated';
$hesklang['active_user'] = 'Is active user';
$hesklang['self_deactivation'] = 'You cannot deactivate yourself!';
$hesklang['inactive_user'] = 'Your account is currently inactive. Contact an administrator for more information.';
$hesklang['notify_customer_email'] = 'Emails to customer on reply';
$hesklang['notify_customer_email_text'] = 'Don\'t send email notifications of replies to the customer by default';
$hesklang['cant_edit_admin'] = 'You cannot edit the God Admin (User ID = 1)';
$hesklang['notifications_disabled_info'] = 'Changing notifications settings has been disabled by your administrator.';
@ -115,12 +105,6 @@ $hesklang['showIcons'] = 'Show Icons';
$hesklang['showIconsHelp'] = 'Check this box to show icons next to navigation bar items';
$hesklang['maintenanceMode'] = 'Maintenance Mode';
$hesklang['maintenanceModeHelp'] = 'Check this box to put the Help Desk in maintenance mode. Staff can still log into the backend, but the front end will be inaccessible.';
$hesklang['ip_to'] = 'To';
$hesklang['ip_bans'] = 'IP Bans';
$hesklang['email_bans'] = 'Email Bans';
$hesklang['ip_email_bans'] = 'IP / Email Bans';
$hesklang['ip_banned'] = 'Your IP has been banned by the help desk. You will be unable to submit a ticket until your IP ban has been removed.';
$hesklang['email_banned'] = 'The email address you have entered has been banned by the help desk. You will be unable to submit a ticket until your email ban has been removed.';
$hesklang['none'] = 'None';
$hesklang['parent'] = 'Parent';
$hesklang['children'] = 'Children';
@ -134,10 +118,6 @@ $hesklang['relationship_deleted'] = 'Parent/Child relationship deleted.';
$hesklang['autorefresh'] = 'Autorefresh:';
$hesklang['autorefresh_restrictions'] = 'Enter value in milliseconds. Value must be greater than 1000 to use this feature. No fractional values.';
// ADDED OR MODIFIED IN Mods For HESK 1.3.0
$hesklang['show_filters'] = 'Show Column Filters';
$hesklang['hide_filters'] = 'Hide Column Filters';
// ADDED OR MODIFIED IN Mods For HESK 1.2.2
$hesklang['changeLanguage'] = 'Change language to';

24
maintenance.php
Unescape Escape View File

@ -1,24 +0,0 @@
<?php
define('IN_SCRIPT',1);
define('HESK_PATH','./');
define('ON_MAINTENANCE_PAGE', 1);
// Get all the required files and functions
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'modsForHesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require_once(HESK_PATH . 'inc/header.inc.php');
if (!$modsForHesk_settings['maintenance_mode']) {
//-- The user refreshed the maintenance page, but maintenance mode is off. Redirect them back to the index page.
header('Location: '.HESK_PATH);
}
?>
<div class="row">
<div class="col-md-6 col-md-offset-3" style="padding-top: 30px; text-align: center;">
<i class="fa fa-exclamation-triangle fa-5x" style="color: orange"></i><br>
<p>The helpdesk is currently undergoing maintenance. Please come back later.</p>
</div>
</div>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
?>

5
modsForHesk_settings.inc.php
Unescape Escape View File

@ -19,11 +19,8 @@ $modsForHesk_settings['rtl'] = 0;
//-- Set this to 1 to show icons next to navigation menu items
$modsForHesk_settings['show_icons'] = 0;
//-- Set this to 1 to enable maintenance mode
$modsForHesk_settings['maintenance_mode'] = 0;
//-- Set this to 1 to enable custom field names as keys
$modsForHesk_settings['custom_field_setting'] = 0;
//-- Set this to 1 to enable email verification for new customers
$modsForHesk_settings['customer_email_verification_required'] = 0;
$modsForHesk_settings['customer_email_verification_required'] = 0;$modsForHesk_settings['show_icons'] = 0;

13
submit_ticket.php
Unescape Escape View File

@ -79,19 +79,6 @@ hesk_dbConnect();
$hesk_error_buffer = array();
// Check to see if the user's IP address or email they submitted is banned.
$ipAddress = ip2long($_SERVER['REMOTE_ADDR']);
$ipSql = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` WHERE `RangeStart` <= \''.hesk_dbEscape($ipAddress)
.'\' AND `RangeEnd` >= \''.hesk_dbEscape($ipAddress).'\'');
if ($ipSql->num_rows > 0) {
$hesk_error_buffer['ip_ban'] = $hesklang['ip_banned'];
}
$emailSql = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` WHERE Email = \''.hesk_dbEscape(hesk_POST('email')).'\'');
if ($emailSql->num_rows > 0) {
$hesk_error_buffer['email_ban'] = $hesklang['email_banned'];
}
// Check anti-SPAM question
if ($hesk_settings['question_use'])
{

Write Preview
Loading…
Cancel
Save