Netsyms
/
Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #115 from mkoch227/update-to-hesk-2-6-0

Browse Source 
Update to HESK 2.6.0
merge-requests/2/head
Mike Koch 9 years ago
parent 704236ee31 5d35171332
commit a26b25e36c
60 changed files with 7414 additions and 1123 deletions
Show Stats Download Patch File Download Diff File

9
.gitignore vendored
Unescape Escape View File

@ -15,7 +15,6 @@ download_attachment.php
file_limits.php
footer.txt
header.txt
hesk_javascript_v25.js
hesk_settings.inc.php
img/add_article.png
img/add_category.png
@ -147,7 +146,6 @@ img/tag_off.png
img/unlock.png
img/vertical.jpg
img/view.png
inc/admin_functions.inc.php
inc/assignment_search.inc.php
inc/attachments.inc.php
inc/calendar/img/cal.gif
@ -268,3 +266,10 @@ robots.txt
.idea/
attachments/__latest.txt
attachments
img/ban.png
img/banned.png
img/ico_tools.png
inc/recaptcha/recaptchalib_v2.php
ip_whois.php
language/en/emails/reset_password.txt
language/en/help_files/ticket_list.html

2
admin/admin_main.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************

155
admin/admin_reply_ticket.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -83,10 +83,54 @@ $hesk_error_buffer = array();
// Get the message
$message = hesk_input(hesk_POST('message'));
// Submit as customer?
$submit_as_customer = isset($_POST['submit_as_customer']) ? true : false;
if (strlen($message))
{
// Attach signature to the message?
if ( ! empty($_POST['signature']))
// Save message for later and ignore the rest?
if ( isset($_POST['save_reply']) )
{
// Delete any existing drafts from this owner for this ticket
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])." LIMIT 1");
// Save the message draft
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` (`owner`, `ticket`, `message`) VALUES (".intval($_SESSION['id']).", ".intval($ticket['id']).", '".hesk_dbEscape($message)."')");
/* Set reply submitted message */
$_SESSION['HESK_SUCCESS'] = TRUE;
$_SESSION['HESK_MESSAGE'] = $hesklang['reply_saved'];
/* What to do after reply? */
if ($_SESSION['afterreply'] == 1)
{
header('Location: admin_main.php');
}
elseif ($_SESSION['afterreply'] == 2)
{
/* Get the next open ticket that needs a reply */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('0','".intval($_SESSION['id'])."') AND " . hesk_myCategories() . " AND `status` IN ('0','1') ORDER BY `owner` DESC, `priority` ASC LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
$row = hesk_dbFetchAssoc($res);
$_SESSION['HESK_MESSAGE'] .= '<br /><br />'.$hesklang['rssn'];
header('Location: admin_ticket.php?track='.$row['trackid'].'&Refresh='.rand(10000,99999));
}
else
{
header('Location: admin_main.php');
}
}
else
{
header('Location: admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
}
exit();
}
// Attach signature to the message?
if ( ! $submit_as_customer && ! empty($_POST['signature']))
{
$message .= "\n\n" . addslashes($_SESSION['signature']) . "\n";
}
@ -153,8 +197,15 @@ if ($hesk_settings['attachments']['use'] && !empty($attachments))
}
}
/* Add reply */
$result = hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($_SESSION['name']))."','".hesk_dbEscape($message)."',NOW(),'".hesk_dbEscape($myattachments)."','".intval($_SESSION['id'])."')");
// Add reply
if ($submit_as_customer)
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($ticket['name']))."','".hesk_dbEscape($message."<br /><br /><i>{$hesklang['creb']} {$_SESSION['name']}</i>")."',NOW(),'".hesk_dbEscape($myattachments)."')");
}
else
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($_SESSION['name']))."','".hesk_dbEscape($message)."',NOW(),'".hesk_dbEscape($myattachments)."','".intval($_SESSION['id'])."')");
}
/* Track ticket status changes for history */
$revision = '';
@ -189,15 +240,61 @@ $defaultStatusReplyStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClos
$staffClosedCheckboxStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsStaffClosedOption` = 1 LIMIT 1"));
$lockedTicketStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `LockedTicketStatus` = 1 LIMIT 1"));
$new_status = empty($_POST['close']) ? $defaultStatusReplyStatus['ID'] : $staffClosedCheckboxStatus['ID'];
/* --> If a ticket is locked keep it closed */
// Get new ticket status
$sql_status = '';
// -> If locked, keep it resolved
if ($ticket['locked'])
{
$new_status = $lockedTicketStatus['ID'];
}
elseif (isset($_POST['submit_as_status']))
{
$new_status = $_POST['submit_as_status'];
if ($ticket['status'] != $new_status)
{
// Does this status close the ticket?
$newStatusRs = hesk_dbQuery('SELECT `IsClosed`, `ShortNameContentKey` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `ID` = '.hesk_dbEscape($new_status));
$newStatus = hesk_dbFetchAssoc($newStatusRs);
if ($newStatus['IsClosed'])
{
$revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
$sql_status = " , `closedat`=NOW(), `closedby`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
// Lock the ticket if customers are not allowed to reopen tickets
if ($hesk_settings['custopen'] != 1)
{
$sql_status .= " , `locked`='1' ";
}
} else
{
// Ticket isn't being closed, just add the history to the sql query
$revision = sprintf($hesklang['thist9'],hesk_date(),$hesklang[$newStatus['ShortNameContentKey']],$_SESSION['name'].' ('.$_SESSION['user'].')');
$sql_status = " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
}
}
}
// -> Submit as Customer reply
elseif ($submit_as_customer)
{
//Get the status ID for customer replies
$customerReplyStatusRs = hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsCustomerReplyStatus` = 1 LIMIT 1');
$customerReplyStatus = hesk_dbFetchAssoc($customerReplyStatusRs);
$new_status = $customerReplyStatus['ID'];
}
// -> Default: submit as "Replied by staff"
else
{
//Get the status ID for staff replies
$staffReplyStatusRs = hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsDefaultStaffReplyStatus` = 1 LIMIT 1');
$staffReplyStatus = hesk_dbFetchAssoc($staffReplyStatusRs);
$new_status = $staffReplyStatus['ID'];
}
$sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$new_status}',";
$sql.= $submit_as_customer ? "`lastreplier`='0', `replierid`='0' " : "`lastreplier`='1', `replierid`='".intval($_SESSION['id'])."' ";
$sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$new_status}', `lastreplier`='1', `replierid`='".intval($_SESSION['id'])."' ";
/* Update time_worked or force update lastchange */
if ($time_worked == '00:00:00')
@ -216,19 +313,19 @@ if ( ! empty($_POST['assign_self']) && hesk_checkPermission('can_assign_self',0)
}
$sql .= " $priority_sql ";
$sql .= " $sql_status ";
$isNewStatusClosed = empty($_POST['close']) ? $defaultStatusReplyStatus['IsClosed'] : $staffClosedCheckboxStatus['IsClosed'];
if ($isNewStatusClosed)
if ( ! $ticket['firstreplyby'] )
{
$revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
$sql .= " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
if ($hesk_settings['custopen'] != 1)
{
$sql .= " , `locked`='1' ";
}
$sql .= " , `firstreply`=NOW(), `firstreplyby`=".intval($_SESSION['id'])." ";
}
// Keep track of replies to this ticket for easier reporting
$sql .= " , `replies`=`replies`+1 ";
$sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 ";
// End and execute the query
$sql .= " WHERE `id`='{$replyto}' LIMIT 1";
hesk_dbQuery($sql);
unset($sql);
@ -247,12 +344,13 @@ $info = array(
'trackid' => $ticket['trackid'],
'status' => $new_status,
'name' => $ticket['name'],
'lastreplier' => $_SESSION['name'],
'lastreplier' => ($submit_as_customer ? $ticket['name'] : $_SESSION['name']),
'subject' => $ticket['subject'],
'message' => stripslashes($message),
'attachments' => $myattachments,
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'id' => $ticket['id'],
);
// 2. Add custom fields to the array
@ -264,19 +362,26 @@ foreach ($hesk_settings['custom_fields'] as $k => $v)
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
// Notify the customer
if ( ! isset($_POST['no_notify']) || intval( hesk_POST('no_notify') ) != 1)
// Notify the assigned staff?
if ($submit_as_customer)
{
if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'])
{
hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
}
}
// Notify customer?
elseif ( ! isset($_POST['no_notify']) || intval( hesk_POST('no_notify') ) != 1)
{
hesk_notifyCustomer('new_reply_by_staff');
}
// Delete any existing drafts from this owner for this ticket
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])." LIMIT 1");
/* Set reply submitted message */
$_SESSION['HESK_SUCCESS'] = TRUE;
$_SESSION['HESK_MESSAGE'] = $hesklang['reply_submitted'];
if (!empty($_POST['close']))
{
$_SESSION['HESK_MESSAGE'] .= '<br /><br />'.$hesklang['ticket_marked'].' <span class="resolved">'.$hesklang['closed'].'</span>';
}
/* What to do after reply? */
if ($_SESSION['afterreply'] == 1)

265
admin/admin_settings.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -395,44 +395,6 @@ if ( defined('HESK_DEMO') )
}
};
function setCookie(name, value, expires, path, domain, secure)
{
document.cookie= name + "=" + escape(value) +
((expires) ? "; expires=" + expires.toGMTString() : "") +
((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "") +
((secure) ? "; secure" : "");
}
function getCookie(name)
{
var dc = document.cookie;
var prefix = name + "=";
var begin = dc.indexOf("; " + prefix);
if (begin == -1) {
begin = dc.indexOf(prefix);
if (begin != 0) return null;
} else {
begin += 2;
}
var end = document.cookie.indexOf(";", begin);
if (end == -1) {
end = dc.length;
}
return unescape(dc.substring(begin + prefix.length, end));
}
function deleteCookie(name, path, domain)
{
if (getCookie(name)) {
document.cookie = name + "=" +
((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "") +
"; expires=Thu, 01-Jan-70 00:00:01 GMT";
}
}
var server_time = "<?php echo $server_time; ?>";
var today = new Date();
today.setHours(server_time.substr(0,server_time.indexOf(":")));
@ -475,6 +437,7 @@ if ( defined('HESK_DEMO') )
<li><a href="#knowledgebase" data-toggle="tab"><?php echo $hesklang['tab_3']; ?></a></li>
<li><a href="#customFields" data-toggle="tab"><?php echo $hesklang['tab_4']; ?></a></li>
<li><a href="#email" data-toggle="tab"><?php echo $hesklang['tab_6']; ?></a></li>
<li><a href="#ticket-list" data-toggle="tab"><?php echo $hesklang['tab_7']; ?></a></li>
<li><a href="#misc" data-toggle="tab"><?php echo $hesklang['tab_5']; ?></a></li>
<li class="dropdown">
<a href="#" id="modsForHeskDropdown" class="dropdown-toggle" data-toggle="dropdown">
@ -732,6 +695,18 @@ if ( defined('HESK_DEMO') )
?>
</div>
</div>
<div class="form-group">
<label for="s_custclose" class="col-sm-6 control-label"><?php echo $hesklang['ccct']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#67','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-6 form-inline">
<?php
$on = $hesk_settings['custclose'] ? 'checked="checked"' : '';
$off = $hesk_settings['custclose'] ? '' : 'checked="checked"';
echo '
<div class="radio"><label><input type="radio" name="s_custclose" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_custclose" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
?>
</div>
</div>
<div class="form-group">
<label for="s_custopen" class="col-sm-6 control-label"><?php echo $hesklang['s_ucrt']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#16','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-6 form-inline">
@ -757,27 +732,39 @@ if ( defined('HESK_DEMO') )
</div>
</div>
<div class="form-group">
<label for="s_list_users" class="col-sm-6 control-label"><?php echo $hesklang['lu']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#14','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<label for="s_time_worked" class="col-sm-6 control-label"><?php echo $hesklang['ts']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#66','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-6 form-inline">
<?php
$on = $hesk_settings['list_users'] ? 'checked="checked"' : '';
$off = $hesk_settings['list_users'] ? '' : 'checked="checked"';
$on = $hesk_settings['time_worked'] ? 'checked="checked"' : '';
$off = $hesk_settings['time_worked'] ? '' : 'checked="checked"';
echo '
<div class="radio"><label><input type="radio" name="s_list_users" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_list_users" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
<div class="radio"><label><input type="radio" name="s_time_worked" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_time_worked" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
?>
</div>
</div>
<div class="form-group">
<label for="s_short_link" class="col-sm-6 control-label"><?php echo $hesklang['shu']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#63','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<label for="s_spam_notice" class="col-sm-6 control-label"><?php echo $hesklang['spamn']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#68','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-6 form-inline">
<?php
$on = $hesk_settings['short_link'] ? 'checked="checked"' : '';
$off = $hesk_settings['short_link'] ? '' : 'checked="checked"';
$on = $hesk_settings['spam_notice'] ? 'checked="checked"' : '';
$off = $hesk_settings['spam_notice'] ? '' : 'checked="checked"';
echo '
<div class="radio"><label><input type="radio" name="s_short_link" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_short_link" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
?>
<div class="radio"><label><input type="radio" name="s_spam_notice" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_spam_notice" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
?>
</div>
</div>
<div class="form-group">
<label for="s_list_users" class="col-sm-6 control-label"><?php echo $hesklang['lu']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#14','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-6 form-inline">
<?php
$on = $hesk_settings['list_users'] ? 'checked="checked"' : '';
$off = $hesk_settings['list_users'] ? '' : 'checked="checked"';
echo '
<div class="radio"><label><input type="radio" name="s_list_users" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_list_users" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
?>
</div>
</div>
</div>
@ -831,6 +818,29 @@ if ( defined('HESK_DEMO') )
?>
</div>
</div>
<div class="form-group">
<label for="s_short_link" class="col-sm-6 control-label"><?php echo $hesklang['shu']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#63','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-6 form-inline">
<?php
$on = $hesk_settings['short_link'] ? 'checked="checked"' : '';
$off = $hesk_settings['short_link'] ? '' : 'checked="checked"';
echo '
<div class="radio"><label><input type="radio" name="s_short_link" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_short_link" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
?>
</div>
</div>
<div class="form-group">
<label class="col-sm-6 control-label"><?php echo $hesklang['select']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#65','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-6">
<div class="checkbox">
<label><input type="checkbox" name="s_select_cat" value="1" <?php if ($hesk_settings['select_cat']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['category']; ?></label>
</div>
<div class="checkbox">
<label><input type="checkbox" name="s_select_pri" value="1" <?php if ($hesk_settings['select_pri']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['priority']; ?></label>
</div>
</div>
</div>
</div>
</div>
@ -862,13 +872,18 @@ if ( defined('HESK_DEMO') )
<?php
$on = '';
$on2 = '';
$off = '';
$div = 'block';
if ($hesk_settings['recaptcha_use'])
if ($hesk_settings['recaptcha_use'] == 1)
{
$on = 'checked="checked"';
}
elseif ($hesk_settings['recaptcha_use'] == 2)
{
$on2 = 'checked="checked"';
}
else
{
$off = 'checked="checked"';
@ -877,6 +892,7 @@ if ( defined('HESK_DEMO') )
?>
<div class="radio"><label><input type="radio" name="s_recaptcha_use" value="0" onclick="javascript:hesk_toggleLayer('recaptcha','none')" <?php echo $off; ?> /> <?php echo $hesklang['sis']; ?></label></div><br/>
<div class="radio"><label><input type="radio" name="s_recaptcha_use" value="2" onclick="javascript:hesk_toggleLayer('recaptcha','block')" <?php echo $on2; ?> /> <?php echo $hesklang['sir2']; ?></label> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#64','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></div> <br />
<div class="radio"><label><input type="radio" name="s_recaptcha_use" value="1" onclick="javascript:hesk_toggleLayer('recaptcha','block')" <?php echo $on; ?> /> <?php echo $hesklang['sir']; ?></label> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#64','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></div> <br />
<div id="recaptcha" style="display: <?php echo $div; ?>;">
@ -884,24 +900,13 @@ if ( defined('HESK_DEMO') )
&nbsp;<br />
<label for="s_recaptcha_public_key" class="control-label"><?php echo $hesklang['rcpb']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#64','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<input type="text" class="form-control" placeholder="<?php echo $hesklang['rcpb']; ?>" name="s_recaptcha_public_key" size="40" maxlength="255" value="<?php echo $hesk_settings['recaptcha_public_key']; ?>" /><br />
<input type="text" class="form-control" placeholder="<?php echo $hesklang['rcpb']; ?>" name="s_recaptcha_public_key" size="50" maxlength="255" value="<?php echo $hesk_settings['recaptcha_public_key']; ?>" /><br />
&nbsp;<br />
<label for="s_recaptcha_private_key" class="control-label"><?php echo $hesklang['rcpv']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#64','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<input type="text" class="form-control" placeholder="<?php echo $hesklang['rcpv']; ?>" name="s_recaptcha_private_key" size="40" maxlength="255" value="<?php echo $hesk_settings['recaptcha_private_key']; ?>" /><br />
<input type="text" class="form-control" placeholder="<?php echo $hesklang['rcpv']; ?>" name="s_recaptcha_private_key" size="50" maxlength="255" value="<?php echo $hesk_settings['recaptcha_private_key']; ?>" /><br />
&nbsp;<br />
<label for="s_recaptcha_ssl" class="control-label"><?php echo $hesklang['rcsl']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#64','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<?php
$on = $hesk_settings['recaptcha_ssl'] ? 'checked="checked"' : '';
$off = $hesk_settings['recaptcha_ssl'] ? '' : 'checked="checked"';
echo '
<div class="radio"><label><input type="radio" name="s_recaptcha_ssl" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_recaptcha_ssl" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
?>
</div>
</div>
</div>
</div>
@ -958,6 +963,14 @@ if ( defined('HESK_DEMO') )
<input type="text" class="form-control" placeholder="<?php echo $hesklang['banmin']; ?>" name="s_attempt_banmin" size="5" maxlength="3" value="<?php echo $hesk_settings['attempt_banmin']; ?>" />
</div>
</div>
<div class="form-group">
<label for="s_reset_pass" class="col-sm-3 control-label"><?php echo $hesklang['passr']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#69','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-9">
<div class="checkbox">
<label><input type="checkbox" name="s_reset_pass" value="1" <?php if ($hesk_settings['reset_pass']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['passa']; ?></label>
</div>
</div>
</div>
<div class="form-group">
<label for="s_email_view_ticket" class="col-sm-3 control-label"><?php echo $hesklang['viewvtic']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#46','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-9">
@ -1059,18 +1072,19 @@ if ( defined('HESK_DEMO') )
</div>
<div class="tab-pane fade in" id="knowledgebase">
<h6 style="font-weight: bold"><?php echo $hesklang['kb_text']; ?></h6>
<h6 style="font-weight: bold"><?php echo $hesklang['kb_set']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<div class="form-group">
<label for="s_kb_enable" class="col-sm-3 control-label"><?php echo $hesklang['s_ekb']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>knowledgebase.html#22','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-9 form-inline">
<?php
$on = $hesk_settings['kb_enable'] ? 'checked="checked"' : '';
$on = $hesk_settings['kb_enable'] == 1 ? 'checked="checked"' : '';
$off = $hesk_settings['kb_enable'] ? '' : 'checked="checked"';
$only = $hesk_settings['kb_enable'] == 2 ? 'checked="checked"' : '';
echo '
<div class="radio"><label><input type="radio" name="s_kb_enable" value="0" '.$off.' /> '.$hesklang['disable'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_kb_enable" value="1" '.$on.' /> '.$hesklang['enable'].'</label></div>';
<div class="radio"><label><input type="radio" name="s_kb_enable" value="1" '.$on.' /> '.$hesklang['enable'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_kb_enable" value="2" '.$only.' /> '.$hesklang['ekb_o'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_kb_enable" value="0" '.$off.' /> '.$hesklang['ekb_n'].'</label></div>';
?>
</div>
</div>
@ -1081,8 +1095,8 @@ if ( defined('HESK_DEMO') )
$on = $hesk_settings['kb_wysiwyg'] ? 'checked="checked"' : '';
$off = $hesk_settings['kb_wysiwyg'] ? '' : 'checked="checked"';
echo '
<div class="radio"><label><input type="radio" name="s_kb_wysiwyg" value="0" '.$off.' /> '.$hesklang['disable'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_kb_wysiwyg" value="1" '.$on.' /> '.$hesklang['enable'].'</label></div>';
<div class="radio"><label><input type="radio" name="s_kb_wysiwyg" value="0" '.$off.' /> '.$hesklang['no'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_kb_wysiwyg" value="1" '.$on.' /> '.$hesklang['yes'].'</label></div>';
?>
</div>
</div>
@ -1208,6 +1222,15 @@ if ( defined('HESK_DEMO') )
<p class="form-control-static"><?php echo $hesklang['s_onkb']; ?></p>
</div>
</div>
<div class="form-group">
<label for="s_kb_related" class="col-sm-3 control-label"><?php echo $hesklang['s_relart']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>knowledgebase.html#60','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-3">
<input type="text" class="form-control" placeholder="<?php echo $hesklang['s_relart']; ?>" name="s_kb_related" size="5" maxlength="2" value="<?php echo $hesk_settings['kb_related']; ?>" />
</div>
<div class="col-sm-6" style="padding-left:0px">
<p class="form-control-static"><?php echo $hesklang['s_onin']; ?></p>
</div>
</div>
</div>
<!-- Custom Fields Tab -->
@ -1466,8 +1489,8 @@ if ( defined('HESK_DEMO') )
}
echo '
<div class="radio"><label><input type="radio" name="s_pop3" value="0" onclick="hesk_attach_disable(new Array(\'p1\',\'p2\',\'p3\',\'p4\',\'p5\',\'p6\',\'p7\',\'p8\'))" onchange="hesk_toggleLayerDisplay(\'pop3_settings\');" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_pop3" value="1" onclick="hesk_attach_enable(new Array(\'p1\',\'p2\',\'p3\',\'p4\',\'p5\',\'p6\',\'p7\',\'p8\'))" onchange="hesk_toggleLayerDisplay(\'pop3_settings\');" '.$on.' /> '.$hesklang['on'].'</label></div>';
<div class="radio"><label><input type="radio" name="s_pop3" value="0" onclick="hesk_attach_disable(new Array(\'p0\',\'p1\',\'p2\',\'p3\',\'p4\',\'p5\',\'p6\',\'p7\',\'p8\'))" onchange="hesk_toggleLayerDisplay(\'pop3_settings\');" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
<div class="radio"><label><input type="radio" name="s_pop3" value="1" onclick="hesk_attach_enable(new Array(\'p0\',\'p1\',\'p2\',\'p3\',\'p4\',\'p5\',\'p6\',\'p7\',\'p8\'))" onchange="hesk_toggleLayerDisplay(\'pop3_settings\');" '.$on.' /> '.$hesklang['on'].'</label></div>';
?>
<input type="hidden" name="tmp_pop3_host_name" value="<?php echo $hesk_settings['pop3_host_name']; ?>" />
<input type="hidden" name="tmp_pop3_host_port" value="<?php echo $hesk_settings['pop3_host_port']; ?>" />
@ -1478,6 +1501,12 @@ if ( defined('HESK_DEMO') )
</div>
</div>
<div id="pop3_settings" style="display:<?php echo $onload_div; ?>">
<div class="form-group">
<label for="s_pop3_job_wait" class="col-sm-3 control-label"><?php echo $hesklang['pjt']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#59','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-9">
<input type="text" class="form-control" placeholder="<?php echo $hesklang['pjt']; ?>" id="p0" name="s_pop3_job_wait" size="40" maxlength="255" value="<?php echo $hesk_settings['pop3_job_wait']; ?>" <?php echo $onload_status; ?> /> <?php echo $hesklang['pjt2']; ?>
</div>
</div>
<div class="form-group">
<label for="s_pop3_host_name" class="col-sm-3 control-label"><?php echo $hesklang['pop3h']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#59','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-9">
@ -1612,7 +1641,7 @@ if ( defined('HESK_DEMO') )
</div>
</div>
<h6 syle="font-weight: bold"><?php echo $hesklang['suge']; ?></h6>
<h6 style="font-weight: bold"><?php echo $hesklang['suge']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<div class="form-group">
@ -1655,6 +1684,36 @@ if ( defined('HESK_DEMO') )
</tr>
</table>
</div>
<h6 style="font-weight: bold"><?php echo $hesklang['custnot']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#65','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></h6>
<div class="footerWithBorder blankSpace"></div>
<div class="form-group">
<label for="s_notify_new" class="col-sm-3 control-label"><?php echo $hesklang['notnew']; ?></label>
<div class="col-sm-9">
<div class="checkbox">
<label><input type="checkbox" name="s_notify_new" value="1" onchange="hesk_toggleLayerDisplay('skip_notify');" <?php if ($hesk_settings['notify_new']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['enable']; ?></label>
</div>
</div>
</div>
<div id="skip_notify" style="display:<?php echo $hesk_settings['notify_new'] ? 'block' : 'none'; ?>">
<div class="form-group">
<div class="col-sm-9 col-sm-offset-3">
<div class="checkbox">
<label><input type="checkbox" name="s_notify_new" value="1" <?php if ($hesk_settings['notify_skip_spam']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['enn']; ?></label>
</div>
<textarea name="s_notify_spam_tags" rows="5" cols="40" class="form-control" /><?php echo hesk_htmlspecialchars( implode("\n", $hesk_settings['notify_spam_tags']) ); ?></textarea>
</div>
</div>
</div>
<div class="form-group">
<label for="s_notify_closed" class="col-sm-3 control-label"><?php echo $hesklang['notclo']; ?></label>
<div class="col-sm-9">
<div class="checkbox">
<label><input type="checkbox" name="s_notify_closed" value="1" <?php if ($hesk_settings['notify_closed']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['enable']; ?></label>
</div>
</div>
</div>
<h6 style="font-weight: bold"><?php echo $hesklang['other']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
@ -1666,6 +1725,14 @@ if ( defined('HESK_DEMO') )
</div>
</div>
</div>
<div class="form-group">
<label for="s_eml_req_msg" class="col-sm-3 control-label"><?php echo $hesklang['emlreqmsg']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#66','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-9">
<div class="checkbox">
<label><input type="checkbox" name="s_eml_req_msg" value="1" <?php if ($hesk_settings['eml_req_msg']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['emlreqmsg2']; ?></label>
</div>
</div>
</div>
<div class="form-group">
<label for="s_save_embedded" class="col-sm-3 control-label"><?php echo $hesklang['embed']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#64','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-9">
@ -1717,6 +1784,39 @@ if ( defined('HESK_DEMO') )
</div>
</div>
<!-- Ticket List Tab -->
<div class="tab-pane fade in" id="ticket-list">
<div class="form-group">
<label for="s_open_only" class="col-sm-3 control-label"><?php echo $hesklang['fitl']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>ticket_list.html#1','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-9">
<?php
// List available fields
foreach ($hesk_settings['possible_ticket_list'] as $key => $title)
{
echo '
<div class="checkbox">
<label><input type="checkbox" name="s_tl_'.$key.'" value="1" '.( in_array($key, $hesk_settings['ticket_list']) ? 'checked="checked"' : '' ).'/> '.$title.'</label>
</div>
';
}
?>
</div>
</div>
<div class="blankSpace"></div>
<div class="form-group">
<label for="s_open_only" class="col-sm-3 control-label"><?php echo $hesklang['lcf']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>ticket_list.html#2','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-9 form-inline">
<?php
echo '
<div class="radio"><label><input type="radio" name="s_updatedformat" value="2" '.($hesk_settings['updatedformat'] == 2 ? 'checked="checked"' : '').' /> '.$hesklang['lcf2'].'</label></div><br>
<div class="radio"><label><input type="radio" name="s_updatedformat" value="1" '.($hesk_settings['updatedformat'] == 1 ? 'checked="checked"' : '').' /> '.$hesklang['lcf1'].'</label></div><br>
<div class="radio"><label><input type="radio" name="s_updatedformat" value="0" '.($hesk_settings['updatedformat'] == 0 ? 'checked="checked"' : '').' /> '.$hesklang['lcf0'].'</label></div>';
?>
</div>
</div>
</div>
<!-- Miscellaneous Tab -->
<div class="tab-pane fade in" id="misc">
<h6 style="font-weight: bold"><?php echo $hesklang['dat']; ?></h6>
@ -1772,6 +1872,21 @@ if ( defined('HESK_DEMO') )
<h6 style="font-weight: bold"><?php echo $hesklang['other']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<div class="form-group">
<label for="s_ip_whois" class="col-sm-3 control-label"><?php echo $hesklang['ip_whois']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>misc.html#61','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-9">
<input type="text" class="form-control" name="s_ip_whois" size="40" maxlength="255" value="<?php echo $hesk_settings['ip_whois']; ?>" />
</div>
</div>
<br>
<div class="form-group">
<label for="s_maintenance_mode" class="col-sm-3 control-label"><?php echo $hesklang['mms']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>misc.html#62','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-9">
<div class="checkbox">
<label><input type="checkbox" name="s_maintenance_mode" value="1" <?php if ($hesk_settings['maintenance_mode']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['mmd']; ?></label>
</div>
</div>
</div>
<div class="form-group">
<label for="s_alink" class="col-sm-3 control-label"><?php echo $hesklang['al']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>misc.html#21','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
<div class="col-sm-9">
@ -2367,7 +2482,7 @@ function hesk_testLanguage($return_options = 0)
}
/* Check if language file is for current version */
if (strpos($tmp,'$hesklang[\'recaptcha_error\']') === false)
if (strpos($tmp,'$hesklang[\'ms01\']') === false)
{
$err .= " |----> WRONG VERSION (not ".$hesk_settings['hesk_version'].")\n";
}

129
admin/admin_settings_save.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -158,13 +158,18 @@ $set['reply_top'] = empty($_POST['s_reply_top']) ? 0 : 1;
/* --> Features */
$set['autologin'] = empty($_POST['s_autologin']) ? 0 : 1;
$set['autoassign'] = empty($_POST['s_autoassign']) ? 0 : 1;
$set['custclose'] = empty($_POST['s_custclose']) ? 0 : 1;
$set['custopen'] = empty($_POST['s_custopen']) ? 0 : 1;
$set['rating'] = empty($_POST['s_rating']) ? 0 : 1;
$set['cust_urgency'] = empty($_POST['s_cust_urgency']) ? 0 : 1;
$set['sequential'] = empty($_POST['s_sequential']) ? 0 : 1;
$set['time_worked'] = empty($_POST['s_time_worked']) ? 0 : 1;
$set['spam_notice'] = empty($_POST['s_spam_notice']) ? 0 : 1;
$set['list_users'] = empty($_POST['s_list_users']) ? 0 : 1;
$set['debug_mode'] = empty($_POST['s_debug_mode']) ? 0 : 1;
$set['short_link'] = empty($_POST['s_short_link']) ? 0 : 1;
$set['select_cat'] = empty($_POST['s_select_cat']) ? 0 : 1;
$set['select_pri'] = empty($_POST['s_select_pri']) ? 0 : 1;
/* --> SPAM prevention */
$set['secimg_use'] = empty($_POST['s_secimg_use']) ? 0 : ( hesk_POST('s_secimg_use') == 2 ? 2 : 1);
@ -173,8 +178,7 @@ for ($i=1;$i<=10;$i++)
{
$set['secimg_sum'] .= substr('AEUYBDGHJLMNPQRSTVWXZ123456789', rand(0,29), 1);
}
$set['recaptcha_use'] = empty($_POST['s_recaptcha_use']) ? 0 : 1;
$set['recaptcha_ssl'] = empty($_POST['s_recaptcha_ssl']) ? 0 : 1;
$set['recaptcha_use'] = hesk_checkMinMax( intval( hesk_POST('s_recaptcha_use') ) , 0, 2, 0);
$set['recaptcha_public_key'] = hesk_input( hesk_POST('s_recaptcha_public_key') );
$set['recaptcha_private_key'] = hesk_input( hesk_POST('s_recaptcha_private_key') );
$set['question_use'] = empty($_POST['s_question_use']) ? 0 : 1;
@ -188,6 +192,7 @@ if ($set['attempt_limit'] > 0)
$set['attempt_limit']++;
}
$set['attempt_banmin'] = hesk_checkMinMax( intval( hesk_POST('s_attempt_banmin') ) , 5, 99999, 60);
$set['reset_pass'] = empty($_POST['s_reset_pass']) ? 0 : 1;
$set['email_view_ticket'] = empty($_POST['s_email_view_ticket']) ? 0 : 1;
/* --> Attachments */
@ -233,7 +238,7 @@ else
/*** KNOWLEDGEBASE ***/
/* --> Knowledgebase settings */
$set['kb_enable'] = empty($_POST['s_kb_enable']) ? 0 : 1;
$set['kb_enable'] = hesk_checkMinMax( intval( hesk_POST('s_kb_enable') ) , 0, 2, 1);
$set['kb_wysiwyg'] = empty($_POST['s_kb_wysiwyg']) ? 0 : 1;
$set['kb_search'] = empty($_POST['s_kb_search']) ? 0 : ( hesk_POST('s_kb_search') == 2 ? 2 : 1);
$set['kb_recommendanswers'] = empty($_POST['s_kb_recommendanswers']) ? 0 : 1;
@ -248,6 +253,7 @@ $set['kb_popart'] = intval( hesk_POST('s_kb_popart') ); // Popular articles on
$set['kb_latest'] = intval( hesk_POST('s_kb_latest') ); // Popular articles on main category page
$set['kb_index_popart'] = intval( hesk_POST('s_kb_index_popart') );
$set['kb_index_latest'] = intval( hesk_POST('s_kb_index_latest') );
$set['kb_related'] = intval( hesk_POST('s_kb_related') );
/*** EMAIL ***/
@ -258,7 +264,7 @@ $set['smtp'] = empty($_POST['s_smtp']) ? 0 : 1;
if ($set['smtp'])
{
// Test SMTP connection
$smtp_OK = hesk_testSMTP();
$smtp_OK = hesk_testSMTP(true);
// If SMTP not working, disable it
if ( ! $smtp_OK)
@ -268,7 +274,7 @@ if ($set['smtp'])
}
else
{
$set['smtp_host_name'] = hesk_input( hesk_POST('tmp_smtp_host_name', 'localhost') );
$set['smtp_host_name'] = hesk_input( hesk_POST('tmp_smtp_host_name', 'mail.domain.com') );
$set['smtp_host_port'] = intval( hesk_POST('tmp_smtp_host_port', 25) );
$set['smtp_timeout'] = intval( hesk_POST('tmp_smtp_timeout', 10) );
$set['smtp_ssl'] = empty($_POST['tmp_smtp_ssl']) ? 0 : 1;
@ -285,8 +291,11 @@ $pop3_OK = true;
$set['pop3'] = empty($_POST['s_pop3']) ? 0 : 1;
if ($set['pop3'])
{
// Get POP3 fetching timeout
$set['pop3_job_wait'] = hesk_checkMinMax( intval( hesk_POST('s_pop3_job_wait') ) , 1, 1440, 15);
// Test POP3 connection
$pop3_OK = hesk_testPOP3();
$pop3_OK = hesk_testPOP3(true);
// If POP3 not working, disable it
if ( ! $pop3_OK)
@ -296,6 +305,7 @@ if ($set['pop3'])
}
else
{
$set['pop3_job_wait'] = intval( hesk_POST('s_pop3_job_wait', 15) );
$set['pop3_host_name'] = hesk_input( hesk_POST('tmp_pop3_host_name', 'mail.domain.com') );
$set['pop3_host_port'] = intval( hesk_POST('tmp_pop3_host_port', 110) );
$set['pop3_tls'] = empty($_POST['tmp_pop3_tls']) ? 0 : 1;
@ -351,13 +361,78 @@ if ( ! $set['detect_typos'] || count($set['email_providers']) < 1 )
$set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", $set['email_providers']) . "'" : '';
/* --> Notify customer when */
$set['notify_new'] = empty($_POST['s_notify_new']) ? 0 : 1;
$set['notify_closed'] = empty($_POST['s_notify_closed']) ? 0 : 1;
// SPAM tags
$set['notify_skip_spam'] = empty($_POST['s_notify_skip_spam']) ? 0 : 1;
$set['notify_spam_tags'] = array();
if ( ! empty($_POST['s_notify_spam_tags']) && ! is_array($_POST['s_notify_spam_tags']) )
{
$lines = preg_split('/$\R?^/m', $_POST['s_notify_spam_tags']);
foreach ($lines as $tag)
{
// Remove dangerous tags just as an extra precaution
$tag = str_replace( array('<?php', '<?', '<%', '<script'), '', $tag);
// Remove excess spaces
$tag = trim($tag);
// Remove anything not utf-8
$tag = hesk_clean_utf8($tag);
// Limit tag length
if ( strlen($tag) < 1 || strlen($tag) > 50)
{
continue;
}
// Escape single quotes and backslashes
$set['notify_spam_tags'][] = str_replace( array("\\", "'"), array("\\\\", "\\'"), $tag); // '
}
}
if ( count($set['notify_spam_tags']) < 1 )
{
$set['notify_skip_spam'] = 0;
$set['notify_spam_tags'] = array('Spam?}','***SPAM***','[SPAM]','SPAM-LOW:','SPAM-MED:');
}
$set['notify_spam_tags'] = count($set['notify_spam_tags']) ? "'" . implode("','", $set['notify_spam_tags']) . "'" : '';
/* --> Other */
$set['strip_quoted'] = empty($_POST['s_strip_quoted']) ? 0 : 1;
$set['eml_req_msg'] = empty($_POST['s_eml_req_msg']) ? 0 : 1;
$set['save_embedded'] = empty($_POST['s_save_embedded']) ? 0 : 1;
$set['multi_eml'] = empty($_POST['s_multi_eml']) ? 0 : 1;
$set['confirm_email'] = empty($_POST['s_confirm_email']) ? 0 : 1;
$set['open_only'] = empty($_POST['s_open_only']) ? 0 : 1;
/*** TICKET LIST ***/
$set['ticket_list'] = array();
foreach ($hesk_settings['possible_ticket_list'] as $key => $title)
{
if ( hesk_POST('s_tl_'.$key, 0) == 1)
{
$set['ticket_list'][] = $key;
}
}
// We need at least one of these: id, trackid, subject
if ( ! in_array('id', $set['ticket_list']) && ! in_array('trackid', $set['ticket_list']) && ! in_array('subject', $set['ticket_list']) )
{
$set['ticket_list'][] = 'trackid';
}
$set['ticket_list'] = count($set['ticket_list']) ? "'" . implode("','", $set['ticket_list']) . "'" : 'trackid';
/* --> Other */
$set['updatedformat'] = hesk_checkMinMax( intval( hesk_POST('s_updatedformat') ) , 0, 2, 2);
/*** MISC ***/
@ -368,6 +443,19 @@ $set['daylight'] = empty($_POST['s_daylight']) ? 0 : 1;
$set['timeformat'] = hesk_input( hesk_POST('s_timeformat') ) or $set['timeformat'] = 'Y-m-d H:i:s';
/* --> Other */
$set['ip_whois'] = hesk_input( hesk_POST('s_ip_whois', 'http://whois.domaintools.com/{IP}') );
// If no {IP} tag append it to the end
if ( strlen($set['ip_whois']) == 0 )
{
$set['ip_whois'] = 'http://whois.domaintools.com/{IP}';
}
elseif ( strpos($set['ip_whois'], '{IP}') === false )
{
$set['ip_whois'] .= '{IP}';
}
$set['maintenance_mode']= empty($_POST['s_maintenance_mode']) ? 0 : 1;
$set['alink'] = empty($_POST['s_alink']) ? 0 : 1;
$set['submit_notice'] = empty($_POST['s_submit_notice']) ? 0 : 1;
$set['online'] = empty($_POST['s_online']) ? 0 : 1;
@ -599,19 +687,23 @@ $hesk_settings[\'reply_top\']=' . $set['reply_top'] . ';
// --> Features
$hesk_settings[\'autologin\']=' . $set['autologin'] . ';
$hesk_settings[\'autoassign\']=' . $set['autoassign'] . ';
$hesk_settings[\'custclose\']=' . $set['custclose'] . ';
$hesk_settings[\'custopen\']=' . $set['custopen'] . ';
$hesk_settings[\'rating\']=' . $set['rating'] . ';
$hesk_settings[\'cust_urgency\']=' . $set['cust_urgency'] . ';
$hesk_settings[\'sequential\']=' . $set['sequential'] . ';
$hesk_settings[\'time_worked\']=' . $set['time_worked'] . ';
$hesk_settings[\'spam_notice\']=' . $set['spam_notice'] . ';
$hesk_settings[\'list_users\']=' . $set['list_users'] . ';
$hesk_settings[\'debug_mode\']=' . $set['debug_mode'] . ';
$hesk_settings[\'short_link\']=' . $set['short_link'] . ';
$hesk_settings[\'select_cat\']=' . $set['select_cat'] . ';
$hesk_settings[\'select_pri\']=' . $set['select_pri'] . ';
// --> SPAM Prevention
$hesk_settings[\'secimg_use\']=' . $set['secimg_use'] . ';
$hesk_settings[\'secimg_sum\']=\'' . $set['secimg_sum'] . '\';
$hesk_settings[\'recaptcha_use\']=' . $set['recaptcha_use'] . ';
$hesk_settings[\'recaptcha_ssl\']=' . $set['recaptcha_ssl'] . ';
$hesk_settings[\'recaptcha_public_key\']=\'' . $set['recaptcha_public_key'] . '\';
$hesk_settings[\'recaptcha_private_key\']=\'' . $set['recaptcha_private_key'] . '\';
$hesk_settings[\'question_use\']=' . $set['question_use'] . ';
@ -621,6 +713,7 @@ $hesk_settings[\'question_ans\']=\'' . $set['question_ans'] . '\';
// --> Security
$hesk_settings[\'attempt_limit\']=' . $set['attempt_limit'] . ';
$hesk_settings[\'attempt_banmin\']=' . $set['attempt_banmin'] . ';
$hesk_settings[\'reset_pass\']=' . $set['reset_pass'] . ';
$hesk_settings[\'email_view_ticket\']=' . $set['email_view_ticket'] . ';
// --> Attachments
@ -650,6 +743,7 @@ $hesk_settings[\'kb_popart\']=' . $set['kb_popart'] . ';
$hesk_settings[\'kb_latest\']=' . $set['kb_latest'] . ';
$hesk_settings[\'kb_index_popart\']=' . $set['kb_index_popart'] . ';
$hesk_settings[\'kb_index_latest\']=' . $set['kb_index_latest'] . ';
$hesk_settings[\'kb_related\']=' . $set['kb_related'] . ';
// ==> EMAIL
@ -669,6 +763,7 @@ $hesk_settings[\'email_piping\']=' . $set['email_piping'] . ';
// --> POP3 Fetching
$hesk_settings[\'pop3\']=' . $set['pop3'] . ';
$hesk_settings[\'pop3_job_wait\']=' . $set['pop3_job_wait'] . ';
$hesk_settings[\'pop3_host_name\']=\'' . $set['pop3_host_name'] . '\';
$hesk_settings[\'pop3_host_port\']=' . $set['pop3_host_port'] . ';
$hesk_settings[\'pop3_tls\']=' . $set['pop3_tls'] . ';
@ -684,13 +779,27 @@ $hesk_settings[\'loop_time\']=' . $set['loop_time'] . ';
$hesk_settings[\'detect_typos\']=' . $set['detect_typos'] . ';
$hesk_settings[\'email_providers\']=array(' . $set['email_providers'] . ');
// --> Notify customer when
$hesk_settings[\'notify_new\']=' . $set['notify_new'] . ';
$hesk_settings[\'notify_skip_spam\']=' . $set['notify_skip_spam'] . ';
$hesk_settings[\'notify_spam_tags\']=array(' . $set['notify_spam_tags'] . ');
$hesk_settings[\'notify_closed\']=' . $set['notify_closed'] . ';
// --> Other
$hesk_settings[\'strip_quoted\']=' . $set['strip_quoted'] . ';
$hesk_settings[\'eml_req_msg\']=' . $set['eml_req_msg'] . ';
$hesk_settings[\'save_embedded\']=' . $set['save_embedded'] . ';
$hesk_settings[\'multi_eml\']=' . $set['multi_eml'] . ';
$hesk_settings[\'confirm_email\']=' . $set['confirm_email'] . ';
$hesk_settings[\'open_only\']=' . $set['open_only'] . ';
// ==> TICKET LIST
$hesk_settings[\'ticket_list\']=array(' . $set['ticket_list'] . ');
// --> Other
$hesk_settings[\'updatedformat\']=\'' . $set['updatedformat'] . '\';
// ==> MISC
@ -701,6 +810,8 @@ $hesk_settings[\'daylight\']=' . $set['daylight'] . ';
$hesk_settings[\'timeformat\']=\'' . $set['timeformat'] . '\';
// --> Other
$hesk_settings[\'ip_whois\']=\'' . $set['ip_whois'] . '\';
$hesk_settings[\'maintenance_mode\']=' . $set['maintenance_mode'] . ';
$hesk_settings[\'alink\']=' . $set['alink'] . ';
$hesk_settings[\'submit_notice\']=' . $set['submit_notice'] . ';
$hesk_settings[\'online\']=' . $set['online'] . ';
@ -835,7 +946,7 @@ function hesk_getLanguagesArray($returnArray=0)
{
$add = 0;
}
elseif ( ! preg_match('/\$hesklang\[\'recaptcha_error\'\]/', $tmp) )
elseif ( ! preg_match('/\$hesklang\[\'ms01\'\]/', $tmp) )
{
$add = 0;
}

21
admin/admin_submit_ticket.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -65,11 +65,21 @@ $hesk_error_buffer = array();
$tmpvar['name'] = hesk_input( hesk_POST('name') ) or $hesk_error_buffer['name']=$hesklang['enter_your_name'];
$tmpvar['email'] = hesk_POST('email');
$tmpvar['category'] = intval( hesk_POST('category') ) or $hesk_error_buffer['category']=$hesklang['sel_app_cat'];
$tmpvar['priority'] = intval( hesk_POST('priority') );
$tmpvar['priority'] = hesk_POST('priority');
$tmpvar['priority'] = strlen($tmpvar['priority']) ? intval($tmpvar['priority']) : -1;
if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3)
{
$hesk_error_buffer['priority']=$hesklang['sel_app_priority'];
// If we are showing "Click to select" priority needs to be selected
if ($hesk_settings['select_pri'])
{
$tmpvar['priority'] = -1;
$hesk_error_buffer['priority'] = $hesklang['select_priority'];
}
else
{
$tmpvar['priority'] = 3;
}
}
$tmpvar['subject'] = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer['subject']=$hesklang['enter_ticket_subject'];
@ -121,6 +131,7 @@ $tmpvar['trackid'] = hesk_createID();
// Log who submitted ticket
$tmpvar['history'] = sprintf($hesklang['thist7'], hesk_date(), $_SESSION['name'].' ('.$_SESSION['user'].')');
$tmpvar['openedby'] = $_SESSION['id'];
// Owner
$tmpvar['owner'] = 0;
@ -214,7 +225,7 @@ if (count($hesk_error_buffer)!=0)
$_SESSION['as_name'] = hesk_POST('name');
$_SESSION['as_email'] = hesk_POST('email');
$_SESSION['as_category'] = hesk_POST('category');
$_SESSION['as_priority'] = hesk_POST('priority');
$_SESSION['as_priority'] = $tmpvar['priority'];
$_SESSION['as_subject'] = hesk_POST('subject');
$_SESSION['as_message'] = hesk_POST('message');
$_SESSION['as_owner'] = $tmpvar['owner'];
@ -225,7 +236,7 @@ if (count($hesk_error_buffer)!=0)
{
if ($v['use'])
{
$_SESSION["as_$k"] = hesk_POST($k);
$_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
}
}

523
admin/admin_ticket.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -55,6 +55,10 @@ $can_archive = hesk_checkPermission('can_add_archive',0);
$can_assign_self = hesk_checkPermission('can_assign_self',0);
$can_view_unassigned = hesk_checkPermission('can_view_unassigned',0);
$can_change_cat = hesk_checkPermission('can_change_cat',0);
$can_ban_emails = hesk_checkPermission('can_ban_emails', 0);
$can_unban_emails = hesk_checkPermission('can_unban_emails', 0);
$can_ban_ips = hesk_checkPermission('can_ban_ips', 0);
$can_unban_ips = hesk_checkPermission('can_unban_ips', 0);
// Get ticket ID
$trackingID = hesk_cleanID() or print_form();
@ -118,12 +122,12 @@ else
}
/* Get category name and ID */
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1");
$result = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1");
/* If this category has been deleted use the default category with ID 1 */
if (hesk_dbNumRows($result) != 1)
{
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1");
$result = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1");
}
$category = hesk_dbFetchAssoc($result);
@ -141,17 +145,54 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check())
$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` DESC LIMIT 1");
$last_reply_id = hesk_dbResult($res,0,0);
/* Does this post have any attachments? */
$res = hesk_dbQuery("SELECT `attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `id`='".intval($n)."' AND `replyto`='".intval($ticket['id'])."' LIMIT 1");
$attachments = hesk_dbResult($res,0,0);
// Was this post submitted by staff and does it have any attachments?
$res = hesk_dbQuery("SELECT `dt`, `staffid`, `attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `id`='".intval($n)."' AND `replyto`='".intval($ticket['id'])."' LIMIT 1");
$reply = hesk_dbFetchAssoc($res);
// If the reply was by a staff member update the appropriate columns
if ( $reply['staffid'] )
{
// Is this the only staff reply? Delete "firstreply" and "firstreplyby" columns
if ($ticket['staffreplies'] <= 1)
{
$staffreplies_sql = ' , `firstreply`=NULL, `firstreplyby`=NULL, `staffreplies`=0 ';
}
// Are we deleting the first staff reply? Update "firstreply" and "firstreplyby" columns
elseif ($reply['dt'] == $ticket['firstreply'] && $reply['staffid'] == $ticket['firstreplyby'])
{
// Get the new first reply info
$res = hesk_dbQuery("SELECT `dt`, `staffid` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' AND `id`!='".intval($n)."' AND `staffid`!=0 ORDER BY `id` ASC LIMIT 1");
// Did we find the new first reply?
if ( hesk_dbNumRows($res) )
{
$firstreply = hesk_dbFetchAssoc($res);
$staffreplies_sql = " , `firstreply`='".hesk_dbEscape($firstreply['dt'])."', `firstreplyby`='".hesk_dbEscape($firstreply['staffid'])."', `staffreplies`=`staffreplies`-1 ";
}
// The count must have been wrong, update it
else
{
$staffreplies_sql = ' , `firstreply`=NULL, `firstreplyby`=NULL, `staffreplies`=0 ';
}
}
// OK, this is not the first and not the only staff reply, just reduce number
else
{
$staffreplies_sql = ' , `staffreplies`=`staffreplies`-1 ';
}
}
else
{
$staffreplies_sql = '';
}
/* Delete any attachments to this post */
if ( strlen($attachments) )
if ( strlen($reply['attachments']) )
{
$hesk_settings['server_path'] = dirname(dirname(__FILE__));
/* List of attachments */
$att=explode(',',substr($attachments, 0, -1));
$att=explode(',',substr($reply['attachments'], 0, -1));
foreach ($att as $myatt)
{
list($att_id, $att_name) = explode('#', $myatt);
@ -178,27 +219,68 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check())
}
else
{
$closed_sql = '';
$changeStatusRs = hesk_dbQuery('SELECT `id`, `LockedTicketStatus`, `IsCustomerReplyStatus`, `IsDefaultStaffReplyStatus`, `IsNewTicketStatus`
FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses`
WHERE `LockedTicketStatus` = 1
OR `IsCustomerReplyStatus` = 1
OR `IsDefaultStaffReplyStatus` = 1
OR `IsNewTicketStatus` = 1');
$lockedTicketStatus = '';
$customerReplyStatus = '';
$defaultStaffReplyStatus = '';
$newTicketStatus = '';
while ($row = hesk_dbFetchAssoc($changeStatusRs))
{
if ($row['LockedTicketStatus']) {
$lockedTicketStatus = $row['id'];
} elseif ($row['IsCustomerReplyStatus']) {
$customerReplyStatus = $row['id'];
} elseif ($row['IsDefaultStaffReplyStatus']) {
$defaultStaffReplyStatus = $row['id'];
} elseif ($row['IsNewTicketStatus']) {
$newTicketStatus = $row['id'];
}
}
/* Reply deleted. Need to update status and last replier? */
$res = hesk_dbQuery("SELECT `staffid` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` DESC LIMIT 1");
$res = hesk_dbQuery("SELECT `dt`, `staffid` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` DESC LIMIT 1");
if (hesk_dbNumRows($res))
{
$replier_id = hesk_dbResult($res,0,0);
$replier_id = hesk_dbResult($res,0,1);
$last_replier = $replier_id ? 1 : 0;
/* Change status? */
$status_sql = '';
if ($last_reply_id == $n)
{
$status = $ticket['locked'] ? 3 : ($last_replier ? 2 : 1);
$status = $ticket['locked'] ? $lockedTicketStatus : ($last_replier ? $defaultStaffReplyStatus : $customerReplyStatus);
$status_sql = " , `status`='".intval($status)."' ";
// Update closedat and closedby columns as required
if ($status == $lockedTicketStatus)
{
$closed_sql = " , `closedat`=NOW(), `closedby`=".intval($_SESSION['id'])." ";
}
}
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='".intval($replier_id)."' $status_sql WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='".intval($replier_id)."', `replies`=`replies`-1 $status_sql $closed_sql $staffreplies_sql WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
}
else
{
$status = $ticket['locked'] ? 3 : 0;
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='$status' WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
// Update status, closedat and closedby columns as required
if ($ticket['locked'])
{
$status = $lockedTicketStatus;
$closed_sql = " , `closedat`=NOW(), `closedby`=".intval($_SESSION['id'])." ";
}
else
{
$status = $newTicketStatus;
$closed_sql = " , `closedat`=NULL, `closedby`=NULL ";
}
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='$status', `replies`=0 $staffreplies_sql WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
}
hesk_process_messages($hesklang['repl'],$_SERVER['PHP_SELF'],'SUCCESS');
@ -216,15 +298,47 @@ if (isset($_GET['delnote']) && hesk_token_check())
$n = intval( hesk_GET('delnote') );
if ($n)
{
if ($can_del_notes)
{
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`='".intval($n)."' LIMIT 1");
}
else
// Get note info
$res = hesk_dbQuery("SELECT `who`, `attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`={$n}");
if ( hesk_dbNumRows($res) )
{
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`='".intval($n)."' AND `who`='".intval($_SESSION['id'])."' LIMIT 1");
$note = hesk_dbFetchAssoc($res);
// Permission to delete note?
if ($can_del_notes || $note['who'] == $_SESSION['id'])
{
// Delete note
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`='".intval($n)."' LIMIT 1");
// Delete attachments
if ( strlen($note['attachments']) )
{
$hesk_settings['server_path'] = dirname(dirname(__FILE__));
$attachments = array();
$att=explode(',',substr($note['attachments'], 0, -1));
foreach ($att as $myatt)
{
list($att_id, $att_name) = explode('#', $myatt);
$attachments[] = intval($att_id);
}
if ( count($attachments) )
{
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id` IN (".implode(',', $attachments).") ");
while ($file = hesk_dbFetchAssoc($res))
{
hesk_unlink($hesk_settings['server_path'].'/'.$hesk_settings['attach_dir'].'/'.$file['saved_name']);
}
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id` IN (".implode(',', $attachments).") ");
}
}
}
}
}
header('Location: admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
exit();
}
@ -232,14 +346,67 @@ if (isset($_GET['delnote']) && hesk_token_check())
/* Add a note action */
if (isset($_POST['notemsg']) && hesk_token_check('POST'))
{
// Error buffer
$hesk_error_buffer = array();
// Get message
$msg = hesk_input( hesk_POST('notemsg') );
if ($msg)
// Get attachments
if ($hesk_settings['attachments']['use'])
{
/* Add note to database */
$msg = nl2br(hesk_makeURL($msg));
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`) VALUES ('".intval($ticket['id'])."','".intval($_SESSION['id'])."',NOW(),'".hesk_dbEscape($msg)."')");
require(HESK_PATH . 'inc/posting_functions.inc.php');
require(HESK_PATH . 'inc/attachments.inc.php');
$attachments = array();
for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
{
$att = hesk_uploadFile($i);
if ($att !== false && !empty($att))
{
$attachments[$i] = $att;
}
}
}
$myattachments='';
// We need message and/or attachments to accept note
if ( count($attachments) || strlen($msg) || count($hesk_error_buffer) )
{
// Any errors?
if ( count($hesk_error_buffer) != 0 )
{
$_SESSION['note_message'] = hesk_POST('notemsg');
// Remove any successfully uploaded attachments
if ($hesk_settings['attachments']['use'])
{
hesk_removeAttachments($attachments);
}
$tmp = '';
foreach ($hesk_error_buffer as $error)
{
$tmp .= "<li>$error</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
hesk_process_messages($hesk_error_buffer,'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
}
// Process attachments
if ($hesk_settings['attachments']['use'] && ! empty($attachments) )
{
foreach ($attachments as $myatt)
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`,`type`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."', '1')");
$myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .',';
}
}
// Add note to database
$msg = nl2br(hesk_makeURL($msg));
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`,`attachments`) VALUES ('".intval($ticket['id'])."','".intval($_SESSION['id'])."',NOW(),'".hesk_dbEscape($msg)."','".hesk_dbEscape($myattachments)."')");
/* Notify assigned staff that a note has been added if needed */
$users = hesk_dbQuery("SELECT `email`, `notify_note` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE (`id`='".intval($ticket['owner'])."' OR (`isadmin` = '1' AND `notify_note_unassigned` = '1')) AND `id` <> '".intval($_SESSION['id'])."'");
@ -260,6 +427,8 @@ if (isset($_POST['notemsg']) && hesk_token_check('POST'))
'message' => stripslashes($msg),
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'attachments' => $myattachments,
'id' => $ticket['id'],
);
// 2. Add custom fields to the array
@ -289,7 +458,7 @@ if (isset($_POST['notemsg']) && hesk_token_check('POST'))
}
/* Update time worked */
if ( ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST'))
if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST'))
{
$h = intval( hesk_POST('h') );
$m = intval( hesk_POST('m') );
@ -367,7 +536,13 @@ if (isset($_GET['delatt']) && hesk_token_check())
$reply = 0;
}
/* Get attachment info */
$note = intval( hesk_GET('note', 0) );
if ($note < 1)
{
$note = 0;
}
/* Get attachment info */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
@ -394,6 +569,10 @@ if (isset($_GET['delatt']) && hesk_token_check())
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",','') WHERE `id`='".intval($reply)."' LIMIT 1");
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
}
elseif ($note)
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",','') WHERE `id`={$note} LIMIT 1");
}
else
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",',''), `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
@ -417,7 +596,7 @@ while ($row=hesk_dbFetchAssoc($result))
/* List of users */
$admins = array();
$result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `active` = '1' ORDER BY `id` ASC");
$result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `active` = '1' ORDER BY `name` ASC");
while ($row=hesk_dbFetchAssoc($result))
{
/* Is this an administrator? */
@ -442,9 +621,15 @@ while ($row=hesk_dbFetchAssoc($result))
}
/* Get replies */
$reply = '';
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` " . ($hesk_settings['new_top'] ? 'DESC' : 'ASC') );
$replies = hesk_dbNumRows($result);
if ($ticket['replies'])
{
$reply = '';
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` " . ($hesk_settings['new_top'] ? 'DESC' : 'ASC') );
}
else
{
$reply = false;
}
// Demo mode
if ( defined('HESK_DEMO') )
@ -475,7 +660,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</li>
<li class="list-group-item">
<strong><?php echo $hesklang['replies']; ?></strong><br/>
<?php echo $replies; ?>
<?php echo $ticket['replies']; ?>
</li>
<li class="list-group-item">
<strong><?php echo $hesklang['owner']; ?></strong><br/>
@ -496,6 +681,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<strong><?php echo $hesklang['last_replier']; ?></strong><br/>
<?php echo $ticket['repliername']; ?>
</li>
<?php
if ($hesk_settings['time_worked']) {
?>
<li class="list-group-item">
<strong><?php echo $hesklang['ts']; ?></strong><br/>
<?php
@ -543,6 +731,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
?>
</li>
<?php } // End if time_worked ?>
<li class="list-group-item">
<strong><?php echo $hesklang['parent']; ?></strong>
<p><?php
@ -816,9 +1005,66 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row">
<div class="col-md-12 alert-warning">
<?php if ($can_del_notes || $note['who'] == $_SESSION['id']) { ?><p><a href="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;delnote=<?php echo $note['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['delnote']).'?'; ?>');"><i class="fa fa-times"></i> Delete Note</a></p><?php }?>
<p><i><?php echo $hesklang['noteby']; ?> <b><?php echo ($note['name'] ? $note['name'] : $hesklang['e_udel']); ?></b></i> - <?php echo hesk_date($note['dt']); ?></p>
<p><?php echo $note['message']; ?></p>
<div class="row" style="padding-top: 10px; padding-bottom: 10px">
<div class="col-md-8">
<p><i><?php echo $hesklang['noteby']; ?> <b><?php echo ($note['name'] ? $note['name'] : $hesklang['e_udel']); ?></b></i> - <?php echo hesk_date($note['dt']); ?></p>
<?php
// Message
echo $note['message'];
// Attachments
if ( $hesk_settings['attachments']['use'] && strlen($note['attachments']) )
{
echo strlen($note['message']) ? '<br /><br />' : '';
$att = explode(',', substr($note['attachments'], 0, -1) );
$num = count($att);
foreach ($att as $myatt)
{
list($att_id, $att_name) = explode('#', $myatt);
// Can edit and delete note (attachments)?
if ($can_del_notes || $note['who'] == $_SESSION['id'])
{
// If this is the last attachment and no message, show "delete ticket" link
if ($num == 1 && strlen($note['message']) == 0)
{
echo '<a href="admin_ticket.php?delnote='.$note['id'].'&amp;track='.$trackingID.'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['pda']).'\');">
<i class="fa fa-times" style="font-size:16px;color:red;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['dela'].'"></i>
</a> ';
}
// Show "delete attachment" link
else
{
echo '<a href="admin_ticket.php?delatt='.$att_id.'&amp;note='.$note['id'].'&amp;track='.$trackingID.'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['pda']).'\');">
<i class="fa fa-times" style="font-size:16px;color:red;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['dela'].'"></i>
</a> ';
}
}
echo '
<a href="../download_attachment.php?att_id='.$att_id.'&amp;track='.$trackingID.'">
<i class="fa fa-paperclip" style="font-size:16px;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['dnl'].' '.$att_name.'"></i>
</a>
<a href="../download_attachment.php?att_id='.$att_id.'&amp;track='.$trackingID.'">'.$att_name.'</a><br />
';
}
}
?>
</div>
<div class="col-md-4 text-right">
<?php if ($can_del_notes || $note['who'] == $_SESSION['id']) { ?>
<div class="btn-group" role="group">
<a href="edit_note.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;note=<?php echo $note['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" class="btn btn-warning">
<i class="fa fa-pencil"></i>&nbsp;<?php echo $hesklang['ednote']; ?>
</a>
<a href="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;delnote=<?php echo $note['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" class="btn btn-danger">
<i class="fa fa-times"></i>&nbsp;<?php echo $hesklang['delnote']; ?>
</a>
</div>
<?php }?>
</div>
</div>
</div>
</div>
<?php
@ -836,9 +1082,21 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
?>
<div id="notesform" style="display:none">
<form method="post" action="admin_ticket.php" style="margin:0px; padding:0px;">
<textarea class="form-control" name="notemsg" rows="6" cols="60"></textarea><br />
<div id="notesform" style="display:<?php echo isset($_SESSION['note_message']) ? 'block' : 'none'; ?>">
<form method="post" action="admin_ticket.php" style="margin:0px; padding:0px;" enctype="multipart/form-data">
<textarea class="form-control" name="notemsg" rows="6" cols="60"><?php echo isset($_SESSION['note_message']) ? stripslashes(hesk_input($_SESSION['note_message'])) : ''; ?></textarea><br />
<?php
// attachments
if ($hesk_settings['attachments']['use'])
{
echo '<br />';
for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
{
echo '<input type="file" name="attachment['.$i.']" size="50" /><br />';
}
echo '<br />';
}
?>
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['s']; ?>" /><input type="hidden" name="track" value="<?php echo $trackingID; ?>" />
<i><?php echo $hesklang['nhid']; ?></i>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
@ -876,8 +1134,69 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<div class="row ticketMessageContainer">
<div class="col-md-3 col-xs-12">
<div class="ticketName"><?php echo $ticket['name']; ?></div>
<div class="ticketEmail"><?php echo $ticket['email']; ?></div>
<div class="ticketEmail"><?php echo $hesklang['ip']; ?>: <?php echo $ticket['ip']; ?></div>
<div class="ticketEmail">
<?php
if ($can_ban_emails && !empty($ticket['email']))
{
if ( $email_id = hesk_isBannedEmail($ticket['email']) )
{
if ($can_unban_emails)
{
echo '<a href="banned_emails.php?a=unban&amp;track='.$trackingID.'&amp;id='.intval($email_id).'&amp;token='.hesk_token_echo(0).'">
<i class="fa fa-ban" style="font-size:16px;color:red" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['eisban'].' '.$hesklang['click_unban'].'"></i>
</a> ';
}
else
{
echo '<i class="fa fa-ban" style="font-size:16px;color:red" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['eisban'].'"></i>';
}
}
else
{
echo '<a href="banned_emails.php?a=ban&amp;track='.$trackingID.'&amp;email='.urlencode($ticket['email']).'&amp;token='.hesk_token_echo(0).'">
<i class="fa fa-ban" style="font-size:16px;color:grey" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['savebanemail'].'"></i>
</a> ';
}
}
?><a href="mailto:<?php echo $ticket['email']; ?>"><?php echo $ticket['email']; ?></a>
</div>
<div class="ticketEmail"><?php echo $hesklang['ip']; ?>:
<?php
// Format IP for lookup
if ($ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown'])
{
echo $hesklang['unknown'];
}
else
{
if ($can_ban_ips)
{
if ( $ip_id = hesk_isBannedIP($ticket['ip']) )
{
if ($can_unban_ips)
{
echo '<a href="banned_ips.php?a=unban&amp;track='.$trackingID.'&amp;id='.intval($ip_id).'&amp;token='.hesk_token_echo(0).'">
<i class="fa fa-ban" style="font-size:16px;color:red" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['ipisban'].' '.$hesklang['click_unban'].'"></i>
</a> ';
}
else
{
echo '<i class="fa fa-ban" style="font-size:16px;color:red" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['ipisban'].'"></i>';
}
}
else
{
echo '<a href="banned_ips.php?a=ban&amp;track='.$trackingID.'&amp;ip='.urlencode($ticket['ip']).'&amp;token='.hesk_token_echo(0).'">
<i class="fa fa-ban" style="font-size:16px;color:grey" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['savebanip'].'"></i>
</a> ';
}
}
echo '<a href="../ip_whois.php?ip=' . urlencode($ticket['ip']) . '">' . $ticket['ip'] . '</a>';
}
?>
</div>
</div>
<div class="col-md-9 col-xs-12 pushMarginLeft">
<div class="ticketMessageTop withBorder">
@ -943,6 +1262,37 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
/* Attachments */
hesk_listAttachments($ticket['attachments'], $i);
// Show suggested KB articles
if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && strlen($ticket['articles']) )
{
$suggested = array();
$suggested_list = '';
// Get article info from the database
$articles = hesk_dbQuery("SELECT `id`,`subject` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id` IN (".preg_replace('/[^0-9\,]/', '', $ticket['articles']).")");
while ($article=hesk_dbFetchAssoc($articles))
{
$suggested[$article['id']] = '<a href="../knowledgebase.php?article='.$article['id'].'">'.$article['subject'].'</a><br />';
}
// Loop through the IDs to preserve the order they were suggested in
$articles = explode(',', $ticket['articles']);
foreach ($articles as $article)
{
if ( isset($suggested[$article]) )
{
$suggested_list .= $suggested[$article];
}
}
// Finally print suggested articles
if ( strlen($suggested_list) )
{
$suggested_list = '<hr /><i>'.$hesklang['taws'].'</i><br />' . $suggested_list . '&nbsp;';
echo $_SESSION['show_suggested'] ? $suggested_list : '<a href="Javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay(\'suggested_articles\')">'.$hesklang['sska'].'</a><span id="suggested_articles" style="display:none">'.$suggested_list.'</span>';
}
}
?>
</div>
</div>
@ -978,6 +1328,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
/* Clear unneeded session variables */
hesk_cleanSessionVars('ticket_message');
hesk_cleanSessionVars('time_worked');
hesk_cleanSessionVars('note_message');
require_once(HESK_PATH . 'inc/footer.inc.php');
@ -1009,7 +1360,7 @@ function hesk_listAttachments($attachments='', $reply=0, $white=1)
/* Can edit and delete tickets? */
if ($can_edit && $can_delete)
{
echo '<a href="admin_ticket.php?delatt='.$att_id.'&amp;reply='.$reply.'&amp;track='.$trackingID.'&amp;'.$tmp.'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['pda']).'\');"><i class="fa fa-times"></i></a> ';
echo '<a href="admin_ticket.php?delatt='.$att_id.'&amp;reply='.$reply.'&amp;track='.$trackingID.'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['pda']).'\');"><i class="fa fa-times"></i></a> ';
}
echo '
@ -1234,6 +1585,11 @@ function hesk_printTicketReplies() {
$i = $hesk_settings['new_top'] ? 0 : 1;
if ($reply === false)
{
return $i;
}
while ($reply = hesk_dbFetchAssoc($result))
{
$color = 'class="ticketMessageContainer"';
@ -1310,20 +1666,26 @@ function hesk_printReplyForm() {
hesk_show_notice($hesklang['tislock']);
}
?>
// Track time worked?
if ($hesk_settings['time_worked']) {
?>
<div class="form-group">
<label for="time_worked" class="col-sm-3 control-label"><?php echo $hesklang['ts']; ?>:</label>
<div class="col-sm-6">
<input type="text" class="form-control" name="time_worked" id="time_worked" size="10" value="<?php echo ( isset($_SESSION['time_worked']) ? hesk_getTime($_SESSION['time_worked']) : '00:00:00'); ?>" />
</div>
<div class="col-sm-3 text-right">
<input type="button" class="btn btn-success" onclick="ss()" id="startb" value="<?php echo $hesklang['start']; ?>" />
<input type="button" class="btn btn-danger" onclick="r()" value="<?php echo $hesklang['reset']; ?>" />
<div class="form-group">
<label for="time_worked" class="col-sm-3 control-label"><?php echo $hesklang['ts']; ?>:</label>
<div class="col-sm-6">
<input type="text" class="form-control" name="time_worked" id="time_worked" size="10"
value="<?php echo(isset($_SESSION['time_worked']) ? hesk_getTime($_SESSION['time_worked']) : '00:00:00'); ?>"/>
</div>
<div class="col-sm-3 text-right">
<input type="button" class="btn btn-success" onclick="ss()" id="startb"
value="<?php echo $hesklang['start']; ?>"/>
<input type="button" class="btn btn-danger" onclick="r()"
value="<?php echo $hesklang['reset']; ?>"/>
</div>
</div>
</div>
<?php
}
/* Do we have any canned responses? */
if (strlen($can_options))
{
@ -1345,7 +1707,25 @@ function hesk_printReplyForm() {
<div class="form-group">
<label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<span id="HeskMsg"><textarea class="form-control" name="message" id="message" rows="12" placeholder="<?php echo $hesklang['message']; ?>" cols="72"><?php if (isset($_SESSION['ticket_message'])) {echo stripslashes(hesk_input($_SESSION['ticket_message']));} ?></textarea></span>
<span id="HeskMsg">
<textarea class="form-control" name="message" id="message" rows="12" placeholder="<?php echo $hesklang['message']; ?>" cols="72"><?php
// Do we have any message stored in session?
if ( isset($_SESSION['ticket_message']) )
{
echo stripslashes( hesk_input( $_SESSION['ticket_message'] ) );
}
// Perhaps a message stored in reply drafts?
else
{
$res = hesk_dbQuery("SELECT `message` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])." LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
echo hesk_dbResult($res);
}
}
?></textarea></span>
</div>
</div>
<?php
@ -1389,10 +1769,6 @@ function hesk_printReplyForm() {
$staffClosedOptionStatus = array();
$staffClosedOptionStatus['ID'] = $statusRow['ID'];
if ($ticket['status'] != $staffClosedOptionStatus['ID'])
{
echo '<label><input type="checkbox" name="close" value="1" /> '.$hesklang['close_this_ticket'].'</label><br />';
}
?>
<div class="form-inline"><label><input type="checkbox" name="set_priority" value="1" /> <?php echo $hesklang['change_priority']; ?> </label>
<select class="form-control" name="priority">
@ -1400,13 +1776,44 @@ function hesk_printReplyForm() {
</select></div><br />
<label><input type="checkbox" name="signature" value="1" checked="checked" /> <?php echo $hesklang['attach_sign']; ?></label>
(<a href="profile.php"><?php echo $hesklang['profile_settings']; ?></a>)<br />
<label><input type="checkbox" name="no_notify" value="1" <?php if (empty($ticket['email'])) { echo 'checked="checked" disabled'; } ?>> <?php echo $hesklang['dsen']; ?></label><br/><br/>
<label><input type="checkbox" name="no_notify" value="1" <?php echo ($_SESSION['notify_customer_reply'] && !empty($ticket['email'])) ? '' : 'checked="checked" '; ?> <?php if (empty($ticket['email'])) { echo 'disabled'; } ?>> <?php echo $hesklang['dsen']; ?></label><br/><br/>
<?php if (empty($ticket['email'])) {
echo '<input type="hidden" name="no_notify" value="1">';
} ?>
<input type="hidden" name="orig_id" value="<?php echo $ticket['id']; ?>" />
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['submit_reply']; ?>" />
<div class="btn-group">
<input class="btn btn-primary" type="submit" value="<?php echo $hesklang['submit_reply']; ?>">
<button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-expanded="false">
<span class="caret"></span>
<span class="sr-only">Toggle Dropdown</span>
</button>
<ul class="dropdown-menu" role="menu">
<li><a>
<button class="dropdown-submit" type="submit" name="submit_as_customer">
<?php echo $hesklang['sasc']; ?>
</button>
</a></li>
<li class="divider"></li>
<?php
$allStatusesRs = hesk_dbQuery('SELECT `ID`, `ShortNameContentKey`, `TextColor` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses`');
$statuses = array();
while ($row = hesk_dbFetchAssoc($allStatusesRs)) {
array_push($statuses, $row);
}
foreach ($statuses as $status) {
echo '<li><a>
<button class="dropdown-submit" type="submit" name="submit_as_status" value="'.$status['ID'].'"">
'.$hesklang['submit_reply'].' '.$hesklang['and_change_status_to'].' <b>
<span style="color:'.$status['TextColor'].'">'.$hesklang[$status['ShortNameContentKey']].'</span></b>
</button>
</a></li>';
}
?>
</ul>
</div>
<input class="btn btn-default" type="submit" name="save_reply" value="<?php echo $hesklang['save_reply']; ?>"
</div>
</div>

338
admin/banned_emails.php
Unescape Escape View File

@ -0,0 +1,338 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT',1);
define('HESK_PATH','../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_ban_emails');
$can_unban = hesk_checkPermission('can_unban_emails', 0);
// Define required constants
define('LOAD_TABS',1);
// What should we do?
if ( $action = hesk_REQUEST('a') )
{
if ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'banned_emails.php', 'NOTICE');}
elseif ($action == 'ban') {ban_email();}
elseif ($action == 'unban' && $can_unban) {unban_email();}
}
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row" style="padding: 20px">
<ul class="nav nav-tabs" role="tablist">
<li role="presentation" class="active">
<a href="#"><?php echo $hesklang['banemail']; ?> <i class="fa fa-question-circle settingsquestionmark" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banemail_intro']); ?>')"></i></a>
</li>
<?php
// Show a link to banned_ips.php if user has permission to do so
if ( hesk_checkPermission('can_ban_ips',0) )
{
echo '
<li role="presentation">
<a title="' . $hesklang['banip'] . '" href="banned_ips.php">'.$hesklang['banip'].'</a>
</li>';
}
// Show a link to status_message.php if user has permission to do so
if ( hesk_checkPermission('can_service_msg',0) )
{
echo '
<li role="presentation">
<a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
</li>';
}
?>
</ul>
<div class="tab-content summaryList tabPadding">
<script language="javascript" type="text/javascript"><!--
function confirm_delete()
{
if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {return true;}
else {return false;}
}
//-->
</script>
<div class="row">
<div class="col-md-8">
<br><br>
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<form action="banned_emails.php" method="post" name="form1" role="form" class="form-horizontal">
<div class="form-group">
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['bananemail']; ?></label>
<div class="col-sm-9">
<input type="text" class="form-control" name="email" size="30" maxlength="255" placeholder="<?php echo $hesklang['email']; ?>">
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input type="hidden" name="a" value="ban" />
</div>
</div>
<div class="form-group">
<div class="col-sm-9 col-sm-offset-3">
<input type="submit" value="<?php echo $hesklang['savebanemail']; ?>" class="btn btn-default">
</div>
</div>
</form>
</div>
<div class="col-md-4">
<h6 style="font-weight: bold"><?php echo $hesklang['banex']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<b>john@email.com</b><br />
<b>@domain.com</b>
</div>
</div>
<div class="row">
<?php
// Get banned emails from database
$res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'banned_emails` ORDER BY `email` ASC');
$num = hesk_dbNumRows($res);
echo '<h4>'.$hesklang['eperm'].'</h4>';
if ($num < 1)
{
echo '<p>'.$hesklang['no_banemails'].'</p>';
}
else
{
// List of staff
if ( ! isset($admins) )
{
$admins = array();
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users`");
while ($row=hesk_dbFetchAssoc($res2))
{
$admins[$row['id']]=$row['name'];
}
}
?>
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['email']; ?></th>
<th><?php echo $hesklang['banby']; ?></th>
<th><?php echo $hesklang['date']; ?></th>
<?php
if ($can_unban)
{
?>
<th><?php echo $hesklang['opt']; ?></th>
<?php
}
?>
</tr>
</thead>
<tbody>
<?php
while ($ban=hesk_dbFetchAssoc($res))
{
$color = '';
if (isset($_SESSION['ban_email']['id']) && $ban['id'] == $_SESSION['ban_email']['id'])
{
$color = 'success';
unset($_SESSION['ban_email']['id']);
}
echo '
<tr>
<td class="'.$color.'" style="text-align:left">'.$ban['email'].'</td>
<td class="'.$color.'" style="text-align:left">'.(isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']).'</td>
<td class="'.$color.'" style="text-align:left">'.$ban['dt'].'</td>
';
if ($can_unban)
{
echo '
<td class="'.$color.'" style="text-align:left;">
<a href="banned_emails.php?a=unban&amp;id='.$ban['id'].'&amp;token='.hesk_token_echo(0).'" onclick="return confirm_delete();"
data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['delban'].'">
<i class="fa fa-times" style="color: red; font-size: 16px;"></i>
</a>
</td>
';
}
echo '</tr>';
} // End while
?>
</tbody>
</table>
<div align="center">
<table border="0" cellspacing="1" cellpadding="3" class="white" width="100%">
<?php
?>
</table>
</div>
<?php
}
?>
</div>
</div>
</div>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
/*** START FUNCTIONS ***/
function ban_email()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Get the email
$email = strtolower( hesk_input( hesk_REQUEST('email') ) );
// Nothing entered?
if ( ! strlen($email) )
{
hesk_process_messages($hesklang['enterbanemail'],'banned_emails.php');
}
// Only allow one email to be entered
$email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email;
$email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email;
// Validate email address
$hesk_settings['multi_eml'] = 0;
if ( ! hesk_validateEmail($email, '', 0) && ! verify_email_domain($email) )
{
hesk_process_messages($hesklang['validbanemail'],'banned_emails.php');
}
// Redirect either to banned emails or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_emails.php';
// Prevent duplicate rows
if ( $_SESSION['ban_email']['id'] = hesk_isBannedEmail($email) )
{
hesk_process_messages( sprintf($hesklang['emailbanexists'], $email) ,$redirect_to,'NOTICE');
}
// Insert the email address into database
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_emails` (`email`,`banned_by`) VALUES ('".hesk_dbEscape($email)."','".intval($_SESSION['id'])."')");
// Remember email that got banned
$_SESSION['ban_email']['id'] = hesk_dbInsertID();
// Show success
hesk_process_messages( sprintf($hesklang['email_banned'], $email) ,$redirect_to,'SUCCESS');
} // End ban_email()
function unban_email()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Delete from bans
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_emails` WHERE `id`=" . intval( hesk_GET('id') ) . " LIMIT 1");
// Redirect either to banned emails or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_emails.php';
// Show success
hesk_process_messages($hesklang['email_unbanned'],$redirect_to,'SUCCESS');
} // End unban_email()
function verify_email_domain($domain)
{
// Does it start with an @?
$atIndex = strrpos($domain, "@");
if ($atIndex !== 0)
{
return false;
}
// Get the domain and domain length
$domain = substr($domain, 1);
$domainLen = strlen($domain);
// Check domain part length
if ($domainLen < 1 || $domainLen > 254)
{
return false;
}
// Check domain part characters
if ( ! preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain) )
{
return false;
}
// Domain part mustn't have two consecutive dots
if ( strpos($domain, '..') !== false )
{
return false;
}
// All OK
return true;
} // END verify_email_domain()
?>

449
admin/banned_ips.php
Unescape Escape View File

@ -0,0 +1,449 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT',1);
define('HESK_PATH','../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_ban_ips');
$can_unban = hesk_checkPermission('can_unban_ips', 0);
// Define required constants
define('LOAD_TABS',1);
// What should we do?
if ( $action = hesk_REQUEST('a') )
{
if ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'banned_ips.php', 'NOTICE');}
elseif ($action == 'ban') {ban_ip();}
elseif ($action == 'unban' && $can_unban) {unban_ip();}
elseif ($action == 'unbantemp' && $can_unban) {unban_temp_ip();}
}
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row" style="padding: 20px">
<ul class="nav nav-tabs" role="tablist">
<?php
// Show a link to banned_emails.php if user has permission to do so
if ( hesk_checkPermission('can_ban_emails',0) )
{
echo '
<li role="presentation">
<a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a>
</li>';
}
?>
<li role="presentation" class="active">
<a href="#"><?php echo $hesklang['banip']; ?> <i class="fa fa-question-circle settingsquestionmark" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banip_intro']); ?>')"></i></a>
</li>
<?php
// Show a link to status_message.php if user has permission to do so
if ( hesk_checkPermission('can_service_msg',0) )
{
echo '
<li role="presentation">
<a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
</li>';
}
?>
</ul>
<div class="tab-content summaryList tabPadding">
<script language="javascript" type="text/javascript"><!--
function confirm_delete()
{
if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {return true;}
else {return false;}
}
//-->
</script>
<div class="row">
<div class="col-md-8">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<form action="banned_ips.php" method="post" name="form1" role="form" class="form-horizontal">
<div class="form-group">
<label for="ip" class="col-sm-3 control-label"><?php echo $hesklang['bananip']; ?></label>
<div class="col-sm-9">
<input type="text" name="ip" size="30" maxlength="255" class="form-control" placeholder="<?php echo $hesklang['iprange']; ?>">
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input type="hidden" name="a" value="ban" />
</div>
</div>
<div class="form-group">
<div class="col-sm-9 col-sm-offset-3">
<input type="submit" value="<?php echo $hesklang['savebanip']; ?>" class="btn btn-default">
</div>
</div>
</form>
</div>
<div class="col-md-4">
<h6 style="font-weight: bold"><?php echo $hesklang['banex']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<b>123.0.0.0</b><br />
<b>123.0.0.1 - 123.0.0.53</b><br />
<b>123.0.0.0/24</b><br />
<b>123.0.*.*</b>
</div>
</div>
<div class="row">
<?php
// Get login failures
$res = hesk_dbQuery("SELECT `ip`, TIMESTAMPDIFF(MINUTE, NOW(), DATE_ADD(`last_attempt`, INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE) ) AS `minutes` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `number` >= ".intval($hesk_settings['attempt_limit'])." AND `last_attempt` > (NOW() - INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE)");
$num = hesk_dbNumRows($res);
echo '<h4>'.$hesklang['iptemp'].'</h4>';
if ($num > 0)
{
?>
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['ip']; ?></th>
<th><?php echo $hesklang['m2e']; ?></th>
<?php
if ($can_unban)
{
?>
<th><?php echo $hesklang['opt']; ?></th>
<?php
}
?>
</tr>
</thead>
<tbody>
<?php
while ($ban=hesk_dbFetchAssoc($res))
{
echo '
<tr>
<td>'.$ban['ip'].'</td>
<td>'.$ban['minutes'].'</td>
';
if ($can_unban)
{
echo '
<td>
<a href="banned_ips.php?a=ban&amp;ip='.urlencode($ban['ip']).'&amp;token='.hesk_token_echo(0).'"
data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['ippermban'].'">
<i class="fa fa-ban" style="color: red; font-size: 16px"></i></a>
<a href="banned_ips.php?a=unbantemp&amp;ip='.urlencode($ban['ip']).'&amp;token='.hesk_token_echo(0).'"
data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['delban'].'" onclick="return confirm_delete();">
<i class="fa fa-times" style="color: red; font-size: 16px"></i></a>
</td>
';
}
echo '</tr>';
} // End while
?>
</tbody>
</table>
<?php
} else
{
echo '<p>'.$hesklang['no_banips'].'</p>';
}
// Get banned ips from database
$res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'banned_ips` ORDER BY `ip_from` ASC');
$num = hesk_dbNumRows($res);
echo '<br><h4>'.$hesklang['ipperm'].'</h4>';
if ($num < 1)
{
echo '<p>'.$hesklang['no_banips'].'</p>';
}
else
{
// List of staff
if ( ! isset($admins) )
{
$admins = array();
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users`");
while ($row=hesk_dbFetchAssoc($res2))
{
$admins[$row['id']]=$row['name'];
}
}
?>
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['ip']; ?></th>
<th><?php echo $hesklang['iprange']; ?></th>
<th><?php echo $hesklang['banby']; ?></th>
<th><?php echo $hesklang['date']; ?></th>
<?php
if ($can_unban)
{
?>
<th><?php echo $hesklang['opt']; ?></th>
<?php
}
?>
</tr>
</thead>
<tbody>
<?php
while ($ban=hesk_dbFetchAssoc($res))
{
$color = '';
if (isset($_SESSION['ban_ip']['id']) && $ban['id'] == $_SESSION['ban_ip']['id'])
{
$color = 'success';
unset($_SESSION['ban_ip']['id']);
}
echo '
<tr>
<td class="'.$color.'">'.$ban['ip_display'].'</td>
<td class="'.$color.'">'.( ($ban['ip_to'] == $ban['ip_from']) ? long2ip($ban['ip_to']) : long2ip($ban['ip_from']).' - '.long2ip($ban['ip_to']) ).'</td>
<td class="'.$color.'">'.(isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']).'</td>
<td class="'.$color.'">'.$ban['dt'].'</td>
';
if ($can_unban)
{
echo '
<td class="'.$color.'" style="text-align:left;">
<a href="banned_ips.php?a=unban&amp;id='.$ban['id'].'&amp;token='.hesk_token_echo(0).'" onclick="return confirm_delete();"
data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['delban'].'">
<i class="fa fa-times" style="color: red; font-size: 16px"></i></a>
</td>
';
}
echo '</tr>';
} // End while
?>
</tbody>
</table>
<?php
}
?>
</div>
</div>
</div>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
/*** START FUNCTIONS ***/
function ban_ip()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Get the ip
$ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip') );
$ip_display = str_replace('-', ' - ', $ip);
// Nothing entered?
if ( ! strlen($ip) )
{
hesk_process_messages($hesklang['enterbanip'],'banned_ips.php');
}
// Convert asterisk to ranges
if ( strpos($ip, '*') !== false )
{
$ip = str_replace('*', '0', $ip) . '-' . str_replace('*', '255', $ip);
}
$ip_regex = '(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])';
// Is this a single IP address?
if ( preg_match('/^'.$ip_regex.'$/', $ip) )
{
$ip_from = ip2long($ip);
$ip_to = $ip_from;
}
// Is this an IP range?
elseif ( preg_match('/^'.$ip_regex.'\-'.$ip_regex.'$/', $ip) )
{
list($ip_from, $ip_to) = explode('-', $ip);
$ip_from = ip2long($ip_from);
$ip_to = ip2long($ip_to);
}
// Is this an IP with CIDR?
elseif ( preg_match('/^'.$ip_regex.'\/([0-9]{1,2})$/', $ip, $matches) && $matches[4] >= 0 && $matches[4] <= 32)
{
list($ip_from, $ip_to) = hesk_cidr_to_range($ip);
}
// Not a valid input
else
{
hesk_process_messages($hesklang['validbanip'],'banned_ips.php');
}
// Make sure we have valid ranges
if ($ip_from < 0)
{
$ip_from += 4294967296;
}
elseif ($ip_from > 4294967296)
{
$ip_from = 4294967296;
}
if ($ip_to < 0)
{
$ip_to += 4294967296;
}
elseif ($ip_to > 4294967296)
{
$ip_to = 4294967296;
}
// Make sure $ip_to is not lower that $ip_from
if ($ip_to < $ip_from)
{
$tmp = $ip_to;
$ip_to = $ip_from;
$ip_from = $tmp;
}
// Is this IP address already banned?
$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE {$ip_from} BETWEEN `ip_from` AND `ip_to` AND {$ip_to} BETWEEN `ip_from` AND `ip_to` LIMIT 1");
if ( hesk_dbNumRows($res) == 1 )
{
$_SESSION['ban_ip']['id'] = hesk_dbResult($res);
$hesklang['ipbanexists'] = ($ip_to == $ip_from) ? sprintf($hesklang['ipbanexists'], long2ip($ip_to) ) : sprintf($hesklang['iprbanexists'], long2ip($ip_from).' - '.long2ip($ip_to) );
hesk_process_messages($hesklang['ipbanexists'],'banned_ips.php','NOTICE');
}
// Delete any duplicate banned IP or ranges that are within the new banned range
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE `ip_from` >= {$ip_from} AND `ip_to` <= {$ip_to}");
// Delete temporary bans from logins table
if ($ip_to == $ip_from)
{
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape($ip_display)."' LIMIT 1");
}
// Redirect either to banned ips or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_ips.php';
// Insert the ip address into database
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` (`ip_from`,`ip_to`,`ip_display`,`banned_by`) VALUES ({$ip_from}, {$ip_to},'".hesk_dbEscape($ip_display)."','".intval($_SESSION['id'])."')");
// Remember ip that got banned
$_SESSION['ban_ip']['id'] = hesk_dbInsertID();
// Generate success message
$hesklang['ip_banned'] = ($ip_to == $ip_from) ? sprintf($hesklang['ip_banned'], long2ip($ip_to) ) : sprintf($hesklang['ip_rbanned'], long2ip($ip_from).' - '.long2ip($ip_to) );
// Show success
hesk_process_messages( sprintf($hesklang['ip_banned'], $ip) ,$redirect_to,'SUCCESS');
} // End ban_ip()
function unban_temp_ip()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Get the ip
$ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip') );
// Delete from bans
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1");
// Show success
hesk_process_messages($hesklang['ip_tempun'],'banned_ips.php','SUCCESS');
} // End unban_temp_ip()
function unban_ip()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Delete from bans
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE `id`=" . intval( hesk_GET('id') ) . " LIMIT 1");
// Redirect either to banned ips or ticket page from now on
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_ips.php';
// Show success
hesk_process_messages($hesklang['ip_unbanned'],$redirect_to,'SUCCESS');
} // End unban_ip()
function hesk_cidr_to_range($cidr)
{
$range = array();
$cidr = explode('/', $cidr);
$range[0] = (ip2long($cidr[0])) & ((-1 << (32 - (int)$cidr[1])));
$range[1] = (ip2long($cidr[0])) + pow(2, (32 - (int)$cidr[1])) - 1;
return $range;
} // END hesk_cidr_to_range()
?>

31
admin/change_status.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -84,20 +84,47 @@ if ($statusRow['IsClosed']) // Closed
{
$locked = 1;
}
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed'])
{
// Get ticket info
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
// Notify customer
require(HESK_PATH . 'inc/email_functions.inc.php');
hesk_notifyCustomer('ticket_closed');
}
// Log who marked the ticket resolved
$closedby_sql = ' , `closedat`=NOW(), `closedby`='.intval($_SESSION['id']).' ';
}
elseif ($statusRow['ID'] != 0) //Ticket is still open, but not new
{
$action = sprintf($hesklang['tsst'],$status_options[$status]);
$revision = sprintf($hesklang['thist9'],hesk_date(),$status_options[$status],$_SESSION['name'].' ('.$_SESSION['user'].')');
// Ticket is not resolved
$closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
}
else // Ticket is marked as "NEW"
{
$action = $hesklang['ticket_been'] . ' ' . $hesklang['opened'];
$revision = sprintf($hesklang['thist4'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
// Ticket is not resolved
$closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
}
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$status}', `locked`='{$locked}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
if (hesk_dbAffectedRows() != 1)
{

73
admin/delete_tickets.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.3 from 16th March 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -114,8 +114,56 @@ elseif ( ! isset($_POST['a']) )
$i=0;
// Possible priorities
$priorities = array(
'critical' => array('value' => 0, 'text' => $hesklang['critical'], 'formatted' => '<font class="critical">'.$hesklang['critical'].'</font>'),
'high' => array('value' => 1, 'text' => $hesklang['high'], 'formatted' => '<font class="important">'.$hesklang['high'].'</font>'),
'medium' => array('value' => 2, 'text' => $hesklang['medium'], 'formatted' => '<font class="medium">'.$hesklang['medium'].'</font>'),
'low' => array('value' => 3, 'text' => $hesklang['low'], 'formatted' => $hesklang['low']),
);
// Change priority
if ( array_key_exists($_POST['a'], $priorities) )
{
// A security check
hesk_token_check('POST');
// Priority info
$priority = $priorities[$_POST['a']];
foreach ($_POST['id'] as $this_id)
{
if ( is_array($this_id) )
{
continue;
}
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
$result = hesk_dbQuery("SELECT `priority`, `category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`={$this_id} LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
continue;
}
$ticket = hesk_dbFetchAssoc($result);
if ($ticket['priority'] == $priority['value'])
{
continue;
}
hesk_okCategory($ticket['category']);
$revision = sprintf($hesklang['thist8'],hesk_date(),$priority['formatted'],$_SESSION['name'].' ('.$_SESSION['user'].')');
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`={$this_id} LIMIT 1");
$i++;
}
hesk_process_messages($hesklang['pri_set_to'].' '.$priority['formatted'],$referer,'SUCCESS');
}
/* DELETE */
if ($_POST['a']=='delete')
elseif ($_POST['a']=='delete')
{
/* Check permissions for this feature */
hesk_checkPermission('can_del_tickets');
@ -123,6 +171,14 @@ if ($_POST['a']=='delete')
/* A security check */
hesk_token_check('POST');
// Will we need ticket notifications?
if ($hesk_settings['notify_closed'])
{
require(HESK_PATH . 'inc/email_functions.inc.php');
}
$revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
foreach ($_POST['id'] as $this_id)
{
if ( is_array($this_id) )
@ -246,8 +302,16 @@ else
$closedStatusRS = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsStaffClosedOption` = 1");
$closedStatus = hesk_dbFetchAssoc($closedStatusRS);
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='".$closedStatus['ID']."', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($this_id)."' LIMIT 1");
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='".$closedStatus['ID']."', `closedat`=NOW(), `closedby`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($this_id)."' LIMIT 1");
$i++;
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed'])
{
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
hesk_notifyCustomer('ticket_closed');
}
}
hesk_process_messages(sprintf($hesklang['num_tickets_closed'],$i),$referer,'SUCCESS');
@ -285,6 +349,9 @@ function hesk_fullyDeleteTicket()
/* Delete ticket notes */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($ticket['id'])."'");
/* Delete ticket reply drafts */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `ticket`=".intval($ticket['id']));
return true;
}
?>

144
admin/edit_note.php
Unescape Escape View File

@ -0,0 +1,144 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT',1);
define('HESK_PATH','../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
// Ticket ID
$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
// Note ID
$noteID = intval( hesk_REQUEST('note') ) or die($hesklang['int_error'].': '.$hesklang['mis_note']);
// Get ticket info
$result = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
// Get note info
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`={$noteID}");
if (hesk_dbNumRows($result) != 1)
{
hesk_error($hesklang['no_note']);
}
$note = hesk_dbFetchAssoc($result);
// Make sure the note matches the ticket and the user has permission to edit it
if ($note['ticket'] != $ticket['id'] || ( ! hesk_checkPermission('can_del_notes',0) && $note['who'] != $_SESSION['id']) )
{
hesk_error($hesklang['perm_deny']);
}
// Save changes?
if (isset($_POST['save']))
{
// A security check
hesk_token_check('POST');
// Get message
$tmpvar['message'] = nl2br( hesk_makeURL( hesk_input( hesk_POST('message') ) ) );
// If we have message or attachments do the update
if ( strlen($tmpvar['message']) || strlen($note['attachments']) )
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` SET `message`='".hesk_dbEscape($tmpvar['message'])."' WHERE `id`={$noteID}");
hesk_process_messages($hesklang['ednote2'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
}
// If not, delete the note
else
{
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`={$noteID}");
header('Location: admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
exit();
}
}
$note['message'] = hesk_msgToPlain($note['message'],0,0);
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<ol class="breadcrumb">
<li><a href="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>"><?php echo $hesklang['ticket'].' '.$trackingID; ?></a></li>
<li class="active"><?php echo $hesklang['ednote']; ?></li>
</ol>
<div class="row">
<div class="col-md-8 col-md-offset-2">
<h3><?php echo $hesklang['ednote']; ?></h3>
<div class="footerWithBorder blankSpace"></div>
<form method="post" action="edit_note.php" name="form1" class="form-horizontal" role="form">
<div class="form-group">
<label for="message" class="col-md-2 control-label"><?php echo $hesklang['message']; ?></label>
<div class="col-md-10">
<textarea name="message" class="form-control" rows="12" cols="60"><?php echo $note['message']; ?></textarea>
</div>
</div>
<div class="form-group">
<div class="col-md-10 col-md-offset-2">
<input type="hidden" name="save" value="1" /><input type="hidden" name="track" value="<?php echo $trackingID; ?>" />
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input type="hidden" name="note" value="<?php echo $noteID; ?>" />
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-primary">
<a href="javascript:history.go(-1)" class="btn btn-default"><?php echo $hesklang['back']; ?></a>
</div>
</div>
</form>
</div>
</div>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
?>

11
admin/edit_post.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -241,7 +241,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<div class="form-group">
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>:</label>
<div class="col-sm-9">
<input class="form-control" type="text" name="email" size="40" maxlength="255" value="<?php echo $ticket['email'];?>" placeholder="<?php echo $hesklang['email']; ?>" />
<input class="form-control" type="text" name="email" size="40" maxlength="1000" value="<?php echo $ticket['email'];?>" placeholder="<?php echo $hesklang['email']; ?>" />
</div>
</div>
<?php
@ -300,6 +300,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<label for="'.$v['name'].'" class="col-sm-3 control-label">'.$v['name'].': </label>
<div class="col-sm-9"><select class="form-control" name="'.$k.'">';
// Show "Click to select"?
$v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
if ($num)
{
echo '<option value="">'.$hesklang['select'].'</option>';
}
$options = explode('#HESK#',$v['value']);
foreach ($options as $option)

7
admin/export.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -343,7 +343,7 @@ if (isset($_GET['w']))
// Get staff names
$admins = array();
$result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `id` ASC");
$result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC");
while ($row=hesk_dbFetchAssoc($result))
{
$admins[$row['id']]=$row['name'];
@ -528,6 +528,7 @@ if (isset($_GET['w']))
$ticket['message'] = hesk_msgToPlain($ticket['message'], 1);
$ticket['subject'] = hesk_msgToPlain($ticket['subject'], 1);
$ticket['owner'] = isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] : '';
$ticket['category'] = isset($my_cat[$ticket['category']]) ? $my_cat[$ticket['category']] : '';
// Format for export dates
$hesk_settings['timeformat'] = "Y-m-d\TH:i:s\.000";
@ -541,7 +542,7 @@ if (isset($_GET['w']))
<Cell ss:StyleID="s62"><Data ss:Type="DateTime">'.hesk_date($ticket['lastchange'], true).'</Data></Cell>
<Cell><Data ss:Type="String"><![CDATA['.hesk_msgToPlain($ticket['name'], 1).']]></Data></Cell>
<Cell><Data ss:Type="String"><![CDATA['.$ticket['email'].']]></Data></Cell>
<Cell><Data ss:Type="String"><![CDATA['.$my_cat[$ticket['category']].']]></Data></Cell>
<Cell><Data ss:Type="String"><![CDATA['.$ticket['category'].']]></Data></Cell>
<Cell><Data ss:Type="String"><![CDATA['.$ticket['priority'].']]></Data></Cell>
<Cell><Data ss:Type="String"><![CDATA['.$ticket['status'].']]></Data></Cell>
<Cell><Data ss:Type="String"><![CDATA['.$ticket['subject'].']]></Data></Cell>

53
admin/find_tickets.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -75,7 +75,42 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<?php
// This SQL code will be used to retrieve results
$sql_final = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
$sql_final = "SELECT
`id`,
`trackid`,
`name`,
`email`,
`category`,
`priority`,
`subject`,
LEFT(`message`, 400) AS `message`,
`dt`,
`lastchange`,
`firstreply`,
`closedat`,
`status`,
`openedby`,
`firstreplyby`,
`closedby`,
`replies`,
`staffreplies`,
`owner`,
`time_worked`,
`lastreplier`,
`replierid`,
`archive`,
`locked`
";
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
if ($v['use'])
{
$sql_final .= ", `".$k."`";
}
}
$sql_final.= " FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
// This code will be used to count number of results
$sql_count = "SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
@ -187,6 +222,18 @@ if ( ! $no_query)
}
}
// Owner
if ( $tmp = intval( hesk_GET('owner', 0) ) )
{
$sql .= " AND `owner`={$tmp} ";
$owner_input = $tmp;
$hesk_error_buffer = str_replace($hesklang['fsq'],'',$hesk_error_buffer);
}
else
{
$owner_input = 0;
}
/* Date */
/* -> Check for compatibility with old date format */
if (preg_match("/(\d{4})-(\d{2})-(\d{2})/", hesk_GET('dt'), $m))
@ -207,7 +254,7 @@ if (strlen($dt) == 8)
$hesk_error_buffer = str_replace($hesklang['fsq'],'',$hesk_error_buffer);
}
$sql .= " AND (`dt` LIKE '".hesk_dbEscape($date)."%' OR `lastchange` LIKE '".hesk_dbEscape($date)."%') ";
$sql .= " AND `dt` BETWEEN '{$date} 00:00:00' AND '{$date} 23:59:59' ";
}
else
{

105
admin/index.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -91,7 +91,7 @@ function do_login()
if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified']))
{
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use'])
if ($hesk_settings['recaptcha_use'] == 1)
{
require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
@ -110,6 +110,29 @@ function do_login()
$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
}
}
// Using ReCaptcha API v2?
elseif ($hesk_settings['recaptcha_use'] == 2)
{
require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php');
$resp = null;
$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
// Was there a reCAPTCHA response?
if ( isset($_POST["g-recaptcha-response"]) )
{
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response") );
}
if ($resp != null && $resp->success)
{
$_SESSION['img_a_verified']=true;
}
else
{
$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
}
}
// Using PHP generated image
else
{
@ -235,33 +258,39 @@ function do_login()
if ($hesk_settings['autoclose'])
{
$revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']);
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='3', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape( date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400) )."'");
}
/* Redirect to the destination page */
if ( hesk_isREQUEST('goto') )
{
$url = hesk_REQUEST('goto');
$url = str_replace('&amp;','&',$url);
/* goto parameter can be set to the local domain only */
$myurl = parse_url($hesk_settings['hesk_url']);
$goto = parse_url($url);
$dt = date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400);
if (isset($myurl['host']) && isset($goto['host']))
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed'])
{
if ( str_replace('www.','',strtolower($myurl['host'])) != str_replace('www.','',strtolower($goto['host'])) )
//TODO Change status ID to the ID which customer's replies update the status to.
// Get list of tickets
$result = hesk_dbQuery("SELECT * FROM `".$hesk_settings['db_pfix']."tickets` WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' ");
if (hesk_dbNumRows($result) > 0)
{
$url = 'admin_main.php';
global $ticket;
// Load required functions?
if ( ! function_exists('hesk_notifyCustomer') )
{
require(HESK_PATH . 'inc/email_functions.inc.php');
}
while ($ticket = hesk_dbFetchAssoc($result))
{
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
hesk_notifyCustomer('ticket_closed');
}
}
}
header('Location: '.$url);
}
else
{
header('Location: admin_main.php');
}
// Update ticket statuses and history in database
hesk_dbQuery("UPDATE `".$hesk_settings['db_pfix']."tickets` SET `status`='3', `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' ");
}
/* Redirect to the destination page */
header('Location: ' . hesk_verifyGoto() );
exit();
} // End do_login()
@ -269,6 +298,13 @@ function do_login()
function print_login()
{
global $hesk_settings, $hesklang;
// Tell header to load reCaptcha API if needed
if ($hesk_settings['recaptcha_use'] == 2)
{
define('RECAPTCHA',1);
}
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['admin_login'];
require_once(HESK_PATH . 'inc/header.inc.php');
@ -327,7 +363,7 @@ function print_login()
if ($hesk_settings['list_users'])
{
echo '<select class="form-control" name="user" '.$cls.'>';
$res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `user` ASC');
$res = hesk_dbQuery('SELECT `user` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `user` ASC');
while ($row=hesk_dbFetchAssoc($res))
{
$sel = (strtolower($savedUser) == strtolower($row['user'])) ? 'selected="selected"' : '';
@ -359,7 +395,7 @@ function print_login()
echo '<img src="'.HESK_PATH.'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> '.$hesklang['vrfy'];
}
// Not verified yet, should we use Recaptcha?
elseif ($hesk_settings['recaptcha_use'])
elseif ($hesk_settings['recaptcha_use'] == 1)
{
?>
<script type="text/javascript">
@ -376,13 +412,20 @@ function print_login()
play_again : "<?php echo hesk_slashJS($hesklang['play_again']); ?>",
cant_hear_this : "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?>",
incorrect_try_again : "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?>",
image_alt_text : "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>",
},
image_alt_text : "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>"
}
};
</script>
<?php
require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, $hesk_settings['recaptcha_ssl']);
echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
}
// Use reCaptcha API v2?
elseif ($hesk_settings['recaptcha_use'] == 2)
{
?>
<div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>"></div>
<?php
}
// At least use some basic PHP generated image (better than nothing)
else
@ -435,6 +478,12 @@ function print_login()
{
echo '<input type="hidden" name="goto" value="'.$url.'" />';
}
// Do we allow staff password reset?
if ($hesk_settings['reset_pass'])
{
echo '<br />&nbsp;<br /><a href="password.php" class="smaller">'.$hesklang['fpass'].'</a>';
}
?>
</div>
</div>

57
admin/knowledgebase_private.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -156,7 +156,7 @@ function hesk_kb_search($query)
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
hesk_kb_header($hesk_settings['kb_link']);
$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, t1.`content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit']));
$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, LEFT(`t1`.`content`, '.max(200, $hesk_settings['kb_substrart'] * 2).') AS `content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit']));
$num = hesk_dbNumRows($res);
?>
@ -236,7 +236,7 @@ function hesk_show_kb_article($artid)
hesk_kb_header($hesk_settings['kb_link'], $article['catid']);
// Update views by 1
hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`='".intval($artid)."' LIMIT 1");
hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
echo '<h3>'.$article['subject'].'</h3>
<div class="footerWithBorder blankSpace"></div>
@ -258,6 +258,51 @@ function hesk_show_kb_article($artid)
echo '</p>';
}
// TODO Check how this looks
// Related articles
if ($hesk_settings['kb_related'])
{
require(HESK_PATH . 'inc/mail/email_parser.php');
$query = hesk_dbEscape( $article['subject'] . ' ' . convert_html_to_text($article['content']) );
// Get relevant articles from the database
$res = hesk_dbQuery("SELECT `id`, `subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT ".intval($hesk_settings['kb_related']+1));
// Array with related articles
$related_articles = array();
while ($related = hesk_dbFetchAssoc($res))
{
// Get base match score from the first (this) article
if ( ! isset($base_score) )
{
$base_score = $related['score'];
continue;
}
// Stop when articles reach less than 10% of base score
if ($related['score'] / $base_score < 0.10)
{
break;
}
// This is a valid related article
$related_articles[$related['id']] = $related['subject'];
}
// Print related articles if we have any valid matches
if ( count($related_articles) )
{
echo '<fieldset><legend>'.$hesklang['relart'].'</legend>';
foreach ($related_articles as $id => $subject)
{
echo '<img src="'.HESK_PATH.'img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle;padding:2px;" /> <a href="knowledgebase_private.php?article='.$id.'">'.$subject.'</a><br />';
}
echo '</fieldset>';
}
}
if ($article['catid']==1)
{
@ -322,7 +367,7 @@ function hesk_show_kb_category($catid, $is_search = 0) {
}
}
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."' LIMIT 1");
$res = hesk_dbQuery("SELECT `name`,`parent` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."' LIMIT 1");
$thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']);
if ($thiscat['parent'])
@ -333,7 +378,7 @@ function hesk_show_kb_category($catid, $is_search = 0) {
<div class="footerWithBorder blankSpace"></div>';
}
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='".intval($catid)."' ORDER BY `parent` ASC, `cat_order` ASC");
$result = hesk_dbQuery("SELECT `id`,`name`,`articles`,`type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='".intval($catid)."' ORDER BY `parent` ASC, `cat_order` ASC");
if (hesk_dbNumRows($result) > 0)
{
?>
@ -442,7 +487,7 @@ function hesk_show_kb_category($catid, $is_search = 0) {
<td>
<?php
$res = hesk_dbQuery("SELECT `id`, `subject`, `content`, `rating`, `type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($catid)."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `art_order` ASC");
$res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, ".max(200, $hesk_settings['kb_substrart'] * 2).") AS `content`, `rating`, `type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($catid)."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `art_order` ASC");
if (hesk_dbNumRows($res) == 0)
{
echo '<p><i>'.$hesklang['noac'].'</i></p>';

31
admin/lock.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -56,18 +56,43 @@ hesk_token_check();
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
/* New archived status */
/* New locked status */
if (empty($_GET['locked']))
{
$status = 0;
$tmp = $hesklang['tunlock'];
$revision = sprintf($hesklang['thist6'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
$closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
}
else
{
$status = 1;
$tmp = $hesklang['tlock'];
$revision = sprintf($hesklang['thist5'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
$closedby_sql = ' , `closedat`=NOW(), `closedby`='.intval($_SESSION['id']).' ';
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed'])
{
// Get ticket info
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
//TODO Update this to look at any "closed" status; not just ID 3
// Notify customer, but only if ticket is not already closed
if ($ticket['status'] != 3)
{
require(HESK_PATH . 'inc/email_functions.inc.php');
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
hesk_notifyCustomer('ticket_closed');
}
}
}
/* Update database */
@ -75,7 +100,7 @@ $statusSql = 'SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'stat
$statusRow = hesk_dbQuery($statusSql)->fetch_assoc();
$statusId = $statusRow['ID'];
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$statusId}',`locked`='{$status}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$statusId}',`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
/* Back to ticket page and show a success message */
hesk_process_messages($tmp,'admin_ticket.php?track='.$trackingID.'&Refresh='.rand(10000,99999),'SUCCESS');

6
admin/mail.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -48,7 +48,7 @@ hesk_isLoggedIn();
/* List of staff */
$admins = array();
$res = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `id` ASC");
$res = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC");
while ($row=hesk_dbFetchAssoc($res))
{
$admins[$row['id']]=$row['name'];
@ -572,7 +572,7 @@ function mail_list_messages()
} // end PAGES > 1
// Get messages from the database
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `".hesk_dbEscape($hesk_settings['mailtmp']['this'])."`='".intval($_SESSION['id'])."' AND `deletedby`!='".intval($_SESSION['id'])."' ORDER BY `id` DESC LIMIT ".intval($limit_down)." , ".intval($maxresults)." ");
$res = hesk_dbQuery("SELECT `id`, `from`, `to`, `subject`, `dt`, `read` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `".hesk_dbEscape($hesk_settings['mailtmp']['this'])."`='".intval($_SESSION['id'])."' AND `deletedby`!='".intval($_SESSION['id'])."' ORDER BY `id` DESC LIMIT ".intval($limit_down)." , ".intval($maxresults)." ");
?>
<form action="mail.php<?php if ($hesk_settings['mailtmp']['folder'] == 'outbox') {echo '?folder=outbox';} ?>" name="form1" method="post">

6
admin/manage_canned.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -68,7 +68,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<script language="javascript" type="text/javascript"><!--
function confirm_delete()
{
if (confirm('<?php echo addslashes($hesklang['delete_saved']); ?>')) {return true;}
if (confirm('<?php echo hesk_makeJsString($hesklang['delete_saved']); ?>')) {return true;}
else {return false;}
}
@ -299,7 +299,7 @@ myField.value += myValue;
</div>
<div class="form-group" style="text-align: center">
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input type="submit" value="<?php echo $hesklang['save_reply']; ?>" class="btn btn-default" />
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default" />
</div>
</form>
</div>

126
admin/manage_categories.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -48,6 +48,14 @@ hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_man_cat');
// Possible priorities
$priorities = array(
3 => array('value' => 3, 'text' => $hesklang['low'], 'formatted' => $hesklang['low']),
2 => array('value' => 2, 'text' => $hesklang['medium'], 'formatted' => '<font class="medium">'.$hesklang['medium'].'</font>'),
1 => array('value' => 1, 'text' => $hesklang['high'], 'formatted' => '<font class="important">'.$hesklang['high'].'</font>'),
0 => array('value' => 0, 'text' => $hesklang['critical'], 'formatted' => '<font class="critical">'.$hesklang['critical'].'</font>'),
);
/* What should we do? */
if ( $action = hesk_REQUEST('a') )
{
@ -59,6 +67,7 @@ if ( $action = hesk_REQUEST('a') )
elseif ($action == 'order') {order_cat();}
elseif ($action == 'autoassign') {toggle_autoassign();}
elseif ($action == 'type') {toggle_type();}
elseif ($action == 'priority') {change_priority();}
}
/* Print header */
@ -71,7 +80,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<script language="Javascript" type="text/javascript"><!--
function confirm_delete()
{
if (confirm('<?php echo addslashes($hesklang['confirm_del_cat']); ?>')) {return true;}
if (confirm('<?php echo hesk_makeJsString($hesklang['confirm_del_cat']); ?>')) {return true;}
else {return false;}
}
//-->
@ -92,6 +101,7 @@ else {return false;}
<ul class="nav nav-tabs">
<li class="active"><a href="#addCat" data-toggle="tab"><?php echo $hesklang['add_cat']; ?></a></li>
<li><a href="#renameCat" data-toggle="tab"><?php echo $hesklang['ren_cat']; ?></a></li>
<li><a href="#changePriority" data-toggle="tab"><?php echo $hesklang['ch_cat_pri']; ?></a></li>
</ul>
<div class="tab-content summaryList tabPadding">
<div class="tab-pane fade in active" id="addCat">
@ -112,6 +122,27 @@ else {return false;}
/>
</div>
</div>
<div class="form-group">
<label for="priority" class="col-sm-4 control-label" style="font-size: .87em"><?php echo $hesklang['def_pri']; ?> <a href="#" onclick="alert('<?php echo hesk_makeJsString($hesklang['cat_pri']); ?>')"><i class="fa fa-question-circle settingsquestionmark"></i> </a> </label>
<div class="col-sm-8">
<select name="priority" class="form-control">
<?php
// Default priority: low
if ( ! isset($_SESSION['cat_priority']) )
{
$_SESSION['cat_priority'] = 3;
}
// List possible priorities
foreach ($priorities as $value => $info)
{
echo '<option value="'.$value.'"'.($_SESSION['cat_priority'] == $value ? ' selected="selected"' : '').'>'.$info['text'].'</option>';
}
?>
</select></p>
</div>
</div>
<div class="form-group">
<label for="options" class="col-sm-4 control-label"><?php echo $hesklang['opt']; ?>:</label>
<div class="col-sm-8">
@ -160,6 +191,45 @@ else {return false;}
</div>
</form>
</div>
<div class="tab-pane fade" id="changePriority">
<form action="manage_categories.php" method="post" role="form" class="form-horizontal">
<h4><?php echo $hesklang['ch_cat_pri']; ?></h4>
<div class="footerWithBorder blankSpace"></div>
<div class="form-group">
<label for="catid" class="col-sm-4 control-label"><?php echo $hesklang['category']; ?></label>
<div class="col-sm-8">
<select name="catid" class="form-control"><?php echo $options; ?></select>
</div>
</div>
<div class="form-group">
<label for="priority" class="col-sm-4 control-label"><?php echo $hesklang['priority']; ?></label>
<div class="col-sm-8">
<select name="priority" class="form-control">
<?php
// Default priority: low
if ( ! isset($_SESSION['cat_ch_priority']) )
{
$_SESSION['cat_ch_priority'] = 3;
}
// List possible priorities
foreach ($priorities as $value => $info)
{
echo '<option value="'.$value.'"'.($_SESSION['cat_ch_priority'] == $value ? ' selected="selected"' : '').'>'.$info['text'].'</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<div class="col-sm-8 col-sm-offset-4">
<input type="hidden" name="a" value="priority" />
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input type="submit" value="<?php echo $hesklang['ch_cat_pri']; ?>" class="btn btn-default">
</div>
</div>
</form>
</div>
</div>
<script>
@ -173,6 +243,11 @@ else {return false;}
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
if ($hesk_settings['cust_urgency'])
{
hesk_show_notice($hesklang['cat_pri_info'] . ' ' . $hesklang['cpri']);
}
?>
<h3><?php echo $hesklang['manage_cat']; ?> <a href="javascript:void(0)" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['cat_intro']); ?>')"><i class="fa fa-question-circle settingsquestionmark"></i></a></h3>
<div class="footerWithBorder blankSpace"></div>
@ -180,6 +255,7 @@ else {return false;}
<tr>
<th><?php echo $hesklang['id']; ?></th>
<th><?php echo $hesklang['cat_name']; ?></th>
<th><?php echo $hesklang['priority']; ?></th>
<th><?php echo $hesklang['not']; ?></th>
<th><?php echo $hesklang['graph']; ?></th>
<th><?php echo $hesklang['opt']; ?></th>
@ -271,10 +347,13 @@ else {return false;}
<tr>
<td>'.$mycat['id'].'</td>
<td>'.$mycat['name'].'</td>
<td>'.$all.'</td>
<td width="1" style="white-space: nowrap;">'.$priorities[$mycat['priority']]['formatted'].'</td>
<td><a href="show_tickets.php?category='.$mycat['id'].'&amp;s_all=1&amp;s_my=1&amp;s_ot=1&amp;s_un=1" alt="'.$hesklang['list_tickets_cat'].'" title="'.$hesklang['list_tickets_cat'].'">'.$all.'</a></td>
<td>
<div class="progress-container" style="width: 160px" title="'.sprintf($hesklang['perat'],$width_all.'%').'">
<div style="width: '.$width_all.'%;float:left;"></div>
<div class="progress" style="width: 160px; margin-bottom: 0" title="'.sprintf($hesklang['perat'],$width_all.'%').'">
<div class="progress-bar progress-bar-success" role="progressbar" aria-valuenow="40" aria-valuemin="0" aria-valuemax="100" style="width: '.$width_all.'%">
<span class="sr-only">40% Complete (success)</span>
</div>
</div>
</td>
<td>
@ -320,6 +399,33 @@ exit();
/*** START FUNCTIONS ***/
function change_priority()
{
global $hesk_settings, $hesklang, $priorities;
/* A security check */
hesk_token_check('POST');
$_SERVER['PHP_SELF'] = 'manage_categories.php?catid='.intval( hesk_POST('catid') );
$catid = hesk_isNumber( hesk_POST('catid'), $hesklang['choose_cat_ren'], $_SERVER['PHP_SELF']);
$_SESSION['selcat'] = $catid;
$_SESSION['selcat2'] = $catid;
$priority = intval( hesk_POST('priority', 3));
if ( ! array_key_exists($priority, $priorities) )
{
$priority = 3;
}
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` SET `priority`='{$priority}' WHERE `id`='".intval($catid)."' LIMIT 1");
hesk_cleanSessionVars('cat_ch_priority');
hesk_process_messages($hesklang['cat_pri_ch'].' '.$priorities[$priority]['formatted'],$_SERVER['PHP_SELF'],'SUCCESS');
} // END change_priority()
function generate_link_code() {
global $hesk_settings, $hesklang;
?>
@ -397,6 +503,13 @@ function new_cat()
$_SESSION['cat_autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
$_SESSION['cat_type'] = hesk_POST('type') == 'Y' ? 1 : 0;
// Default priority
$_SESSION['cat_priority'] = intval( hesk_POST('priority', 3) );
if ($_SESSION['cat_priority'] < 0 || $_SESSION['cat_priority'] > 3)
{
$_SESSION['cat_priority'] = 3;
}
/* Category name */
$catname = hesk_input( hesk_POST('name') , $hesklang['enter_cat_name'], 'manage_categories.php');
@ -413,11 +526,12 @@ function new_cat()
$row = hesk_dbFetchRow($res);
$my_order = $row[0]+10;
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` (`name`,`cat_order`,`autoassign`,`type`) VALUES ('".hesk_dbEscape($catname)."','".intval($my_order)."','".intval($_SESSION['cat_autoassign'])."','".intval($_SESSION['cat_type'])."')");
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` (`name`,`cat_order`,`autoassign`,`type`, `priority`) VALUES ('".hesk_dbEscape($catname)."','".intval($my_order)."','".intval($_SESSION['cat_autoassign'])."','".intval($_SESSION['cat_type'])."','{$_SESSION['cat_priority']}')");
hesk_cleanSessionVars('catname');
hesk_cleanSessionVars('cat_autoassign');
hesk_cleanSessionVars('cat_type');
hesk_cleanSessionVars('cat_priority');
$_SESSION['selcat2'] = hesk_dbInsertID();

35
admin/manage_knowledgebase.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -609,6 +609,12 @@ function list_draft() {
$color = $i ? 'admin_white' : 'admin_gray';
}
// Check for articles with no existing parent category
if ( ! isset($kb_cat[$article['catid']]) )
{
$article['catid'] = hesk_stray_article($article['id']);
}
$tmp = $i ? 'White' : 'Blue';
$style = 'class="option'.$tmp.'OFF" onmouseover="this.className=\'option'.$tmp.'ON\'" onmouseout="this.className=\'option'.$tmp.'OFF\'"';
$i = $i ? 0 : 1;
@ -737,6 +743,12 @@ function list_private() {
$color = $i ? 'admin_white' : 'admin_gray';
}
// Check for articles with no existing parent category
if ( ! isset($kb_cat[$article['catid']]) )
{
$article['catid'] = hesk_stray_article($article['id']);
}
$tmp = $i ? 'White' : 'Blue';
$style = 'class="option'.$tmp.'OFF" onmouseover="this.className=\'option'.$tmp.'ON\'" onmouseout="this.className=\'option'.$tmp.'OFF\'"';
$i = $i ? 0 : 1;
@ -1540,8 +1552,6 @@ function manage_category() {
</td>
</tr>
<tr>
<td>
<ol class="breadcrumb">
<li><a href="manage_knowledgebase.php"><?php echo $hesklang['kb']; ?></a></li>
@ -2355,4 +2365,23 @@ function delete_kb_attachments($attachments)
return true;
} // delete_kb_attachments()
function hesk_stray_article($id)
{
global $hesk_settings, $hesklang, $article;
// Set article to category ID 1
$article['catid'] = 1;
// Update database
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `catid`=1 WHERE `id`='".intval($id)."' LIMIT 1");
// Update count of articles in categories
update_count();
// Return new category ID
return 1;
} // END hesk_stray_article()
?>

417
admin/manage_ticket_templates.php
Unescape Escape View File

@ -0,0 +1,417 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT',1);
define('HESK_PATH','../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_man_ticket_tpl');
// Define required constants
define('LOAD_TABS',1);
/* What should we do? */
if ( $action = hesk_REQUEST('a') )
{
if ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'manage_ticket_templates.php', 'NOTICE');}
elseif ($action == 'new') {new_saved();}
elseif ($action == 'edit') {edit_saved();}
elseif ($action == 'remove') {remove();}
elseif ($action == 'order') {order_saved();}
}
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row">
</div>
<script language="javascript" type="text/javascript"><!--
function confirm_delete()
{
if (confirm('<?php echo hesk_makeJsString($hesklang['delete_tpl']); ?>')) {return true;}
else {return false;}
}
//-->
</script>
<?php
// Get canned responses from database
$result = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` ASC');
$options='';
$javascript_messages='';
$javascript_titles='';
$i=1;
$j=0;
$num = hesk_dbNumRows($result);
?>
<div class="row" style="margin-top: 20px;">
<div class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading">
<?php echo $hesklang['saved_ticket_tpl']; ?>
</div>
<div class="panel-body">
<?php if ($num < 1) {
echo '<p>'.$hesklang['no_ticket_tpl'].'</p>';
} else {
?>
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['ticket_tpl_title']; ?></th>
<th><?php echo $hesklang['opt']; ?></th>
</tr>
</thead>
<tbody>
<?php
while ($mysaved=hesk_dbFetchAssoc($result))
{
$j++;
$color = '';
if (isset($_SESSION['canned']['selcat2']) && $mysaved['id'] == $_SESSION['canned']['selcat2'])
{
$color = 'success';
unset($_SESSION['canned']['selcat2']);
}
$options .= '<option class="form-control" value="'.$mysaved['id'].'"';
$options .= (isset($_SESSION['canned']['id']) && $_SESSION['canned']['id'] == $mysaved['id']) ? ' selected="selected" ' : '';
$options .= '>'.$mysaved['title'].'</option>';
$javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved['message']) )."';\n";
$javascript_titles.='myTitle['.$mysaved['id'].']=\''.addslashes($mysaved['title'])."';\n";
echo '
<tr>
<td>'.$mysaved['title'].'</td>
<td style="text-align:left;">
';
if ($num > 1)
{
if ($j == 1)
{
echo'<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
<a href="manage_ticket_templates.php?a=order&amp;replyid='.$mysaved['id'].'&amp;move=15&amp;token='.hesk_token_echo(0).'">
<i class="fa fa-arrow-down" style="font-size:16px;color:green;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['move_dn'].'"></i></a>';
}
elseif ($j == $num)
{
echo'<a href="manage_ticket_templates.php?a=order&amp;replyid='.$mysaved['id'].'&amp;move=-15&amp;token='.hesk_token_echo(0).'"><i class="fa fa-arrow-up" style="font-size:16px;color:green;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['move_up'].'"></i></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
}
else
{
echo'
<a href="manage_ticket_templates.php?a=order&amp;replyid='.$mysaved['id'].'&amp;move=-15&amp;token='.hesk_token_echo(0).'"><i class="fa fa-arrow-up" style="font-size:16px;color:green;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['move_up'].'"></i></a>
<a href="manage_ticket_templates.php?a=order&amp;replyid='.$mysaved['id'].'&amp;move=15&amp;token='.hesk_token_echo(0).'"><i class="fa fa-arrow-down" style="font-size:16px;color:green;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['move_dn'].'"></i></a>
';
}
}
else
{
echo '';
}
echo '
<a href="manage_ticket_templates.php?a=remove&amp;id='.$mysaved['id'].'&amp;token='.hesk_token_echo(0).'" onclick="return confirm_delete();"><i class="fa fa-times" style="font-size:16px;color:red;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['delete'].'"></i></a></td>
</tr>
';
} // End while
?>
</tbody>
</table>
<?php
}
?>
</div>
</div>
</div>
<div class="col-md-8">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<form class="form-horizontal" action="manage_ticket_templates.php" method="post" name="form1" role="form">
<h3><?php echo $hesklang['new_ticket_tpl']; ?> <a href="javascript:void(0)" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['ticket_tpl_intro']); ?>')"><i class="fa fa-question-circle settingsquestionmark"></i></a></h3>
<div class="footerWithBorder blankSpace"></div>
<?php
if ($num > 0)
{
?>
<div class="form-group">
<div class="col-sm-12">
<div class="radio">
<label>
<input type="radio" name="a" value="new" <?php echo (!isset($_SESSION['canned']['what']) || $_SESSION['canned']['what'] != 'EDIT') ? 'checked=' : ''; ?>>
<?php echo $hesklang['ticket_tpl_add']; ?>
</label>
</div>
</div>
<div class="row">
<div class="col-sm-6">
<div class="radio">
<label>
<input type="radio" name="a" value="edit" <?php echo (isset($_SESSION['canned']['what']) && $_SESSION['canned']['what'] == 'EDIT') ? 'checked' : ''; ?>>
<?php echo $hesklang['ticket_tpl_edit']; ?>
</label>
</div>
</div>
<div class="col-sm-6">
<select class="form-control" name="saved_replies" onchange="setMessage(this.value)"><option value="0"> - <?php echo $hesklang['select_empty']; ?> - </option><?php echo $options; ?></select>
</div>
</div>
</div>
<?php
}
else
{
echo '<p><input type="hidden" name="a" value="new" /> ' . $hesklang['ticket_tpl_add'] . '</label></p>';
}
?>
<div class="form-group">
<label for="name" class="col-sm-2 control-label"><?php echo $hesklang['ticket_tpl_title']; ?></label>
<div class="col-sm-10">
<span id="HeskTitle">
<input class="form-control" type="text" name="name" size="40" maxlength="50" placeholder="<?php echo $hesklang['ticket_tpl_title']; ?>"
<?php if (isset($_SESSION['canned']['name'])) {echo ' value="'.stripslashes($_SESSION['canned']['name']).'" ';} ?>>
</span>
</div>
</div>
<div class="form-group">
<label for="msg" class="col-sm-2 control-label"><?php echo $hesklang['message']; ?></label>
<div class="col-sm-10">
<span id="HeskMsg">
<textarea class="form-control" placeholder="<?php echo $hesklang['message']; ?>" name="msg" rows="15" cols="70"><?php
if (isset($_SESSION['canned']['msg']))
{
echo stripslashes($_SESSION['canned']['msg']);
}
?></textarea>
</span>
</div>
</div>
<div class="form-group">
<div class="col-sm-10 col-sm-offset-2">
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input type="submit" value="<?php echo $hesklang['save_ticket_tpl']; ?>" class="btn btn-default">
</div>
</div>
</form>
</div>
</div>
<script language="javascript" type="text/javascript"><!--
var myMsgTxt = new Array();
myMsgTxt[0]='';
var myTitle = new Array();
myTitle[0]='';
<?php
echo $javascript_titles;
echo $javascript_messages;
?>
function setMessage(msgid) {
if (document.getElementById) {
document.getElementById('HeskMsg').innerHTML='<textarea class="form-control" name="msg" rows="15" cols="70">'+myMsgTxt[msgid]+'</textarea>';
document.getElementById('HeskTitle').innerHTML='<input class="form-control" type="text" name="name" size="40" maxlength="50" value="'+myTitle[msgid]+'">';
} else {
document.form1.msg.value=myMsgTxt[msgid];
document.form1.name.value=myTitle[msgid];
}
if (msgid==0) {
document.form1.a[0].checked=true;
} else {
document.form1.a[1].checked=true;
}
}
//-->
</script>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
/*** START FUNCTIONS ***/
function edit_saved()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check('POST');
$hesk_error_buffer = '';
$id = intval( hesk_POST('saved_replies') ) or $hesk_error_buffer .= '<li>' . $hesklang['sel_ticket_tpl'] . '</li>';
$savename = hesk_input( hesk_POST('name') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_title'] . '</li>';
$msg = hesk_input( hesk_POST('msg') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_msg'] . '</li>';
// Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
$msg = preg_replace('/\R/u', "\r\n", $msg);
$_SESSION['canned']['what'] = 'EDIT';
$_SESSION['canned']['id'] = $id;
$_SESSION['canned']['name'] = $savename;
$_SESSION['canned']['msg'] = $msg;
/* Any errors? */
if (strlen($hesk_error_buffer))
{
$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
hesk_process_messages($hesk_error_buffer,'manage_ticket_templates.php?saved_replies='.$id);
}
$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `title`='".hesk_dbEscape($savename)."',`message`='".hesk_dbEscape($msg)."' WHERE `id`='".intval($id)."' LIMIT 1");
unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['id']);
unset($_SESSION['canned']['name']);
unset($_SESSION['canned']['msg']);
hesk_process_messages($hesklang['ticket_tpl_saved'],'manage_ticket_templates.php?saved_replies='.$id,'SUCCESS');
} // End edit_saved()
function new_saved()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check('POST');
$hesk_error_buffer = '';
$savename = hesk_input( hesk_POST('name') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_title'] . '</li>';
$msg = hesk_input( hesk_POST('msg') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_msg'] . '</li>';
// Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
$msg = preg_replace('/\R/u', "\r\n", $msg);
$_SESSION['canned']['what'] = 'NEW';
$_SESSION['canned']['name'] = $savename;
$_SESSION['canned']['msg'] = $msg;
/* Any errors? */
if (strlen($hesk_error_buffer))
{
$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
hesk_process_messages($hesk_error_buffer,'manage_ticket_templates.php');
}
/* Get the latest tpl_order */
$result = hesk_dbQuery('SELECT `tpl_order` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` DESC LIMIT 1');
$row = hesk_dbFetchRow($result);
$my_order = $row[0]+10;
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` (`title`,`message`,`tpl_order`) VALUES ('".hesk_dbEscape($savename)."','".hesk_dbEscape($msg)."','".intval($my_order)."')");
unset($_SESSION['canned']['what']);
unset($_SESSION['canned']['name']);
unset($_SESSION['canned']['msg']);
hesk_process_messages($hesklang['ticket_tpl_saved'],'manage_ticket_templates.php','SUCCESS');
} // End new_saved()
function remove()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check();
$mysaved = intval( hesk_GET('id') ) or hesk_error($hesklang['id_not_valid']);
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` WHERE `id`='".intval($mysaved)."' LIMIT 1");
if (hesk_dbAffectedRows() != 1)
{
hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
}
hesk_process_messages($hesklang['ticket_tpl_removed'],'manage_ticket_templates.php','SUCCESS');
} // End remove()
function order_saved()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check();
$tplid = intval( hesk_GET('replyid') ) or hesk_error($hesklang['ticket_tpl_id']);
$_SESSION['canned']['selcat2'] = $tplid;
$tpl_move = intval( hesk_GET('move') );
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `tpl_order`=`tpl_order`+".intval($tpl_move)." WHERE `id`='".intval($tplid)."' LIMIT 1");
if (hesk_dbAffectedRows() != 1) {hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");}
/* Update all category fields with new order */
$result = hesk_dbQuery('SELECT `id` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` ASC');
$i = 10;
while ($mytpl=hesk_dbFetchAssoc($result))
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `tpl_order`=".intval($i)." WHERE `id`='".intval($mytpl['id'])."' LIMIT 1");
$i += 10;
}
header('Location: manage_ticket_templates.php');
exit();
} // End order_saved()
?>

463
admin/manage_users.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -39,6 +39,7 @@ define('HESK_PATH','../');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/profile_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -61,6 +62,7 @@ $hesk_settings['features'] = array(
'can_man_users', /* User can create and edit staff accounts */
'can_man_cat', /* User can manage categories/departments */
'can_man_canned', /* User can manage canned responses */
'can_man_ticket_tpl', /* User can manage ticket templates */
'can_add_archive', /* User can mark tickets as "Tagged" */
'can_assign_self', /* User can assign tickets to himself/herself */
'can_assign_others', /* User can assign tickets to other staff members */
@ -70,20 +72,51 @@ $hesk_settings['features'] = array(
'can_run_reports_full', /* User can run reports and see statistics (unrestricted) */
'can_export', /* User can export own tickets to Excel */
'can_view_online', /* User can view what staff members are currently online */
'can_ban_emails', /* User can ban email addresses */
'can_unban_emails', /* User can delete email address bans. Also enables "can_ban_emails" */
'can_ban_ips', /* User can ban IP addresses */
'can_unban_ips', /* User can delete IP bans. Also enables "can_ban_ips" */
'can_service_msg', /* User can manage service messages shown in customer interface */
);
/* Set default values */
$default_userdata = array(
// Profile info
'name' => '',
'email' => '',
'user' => '',
'cleanpass' => '',
'user' => '',
'autoassign' => 'Y',
// Signature
'signature' => '',
// Permissions
'isadmin' => 1,
'active' => 1,
'categories' => array('1'),
'features' => array('can_view_tickets','can_reply_tickets','can_change_cat','can_assign_self','can_view_unassigned','can_view_online'),
'signature' => '',
'cleanpass' => '',
// Preferences
'afterreply' => 0,
'autorefresh' => 0,
// Defaults
'autostart' => 1,
'notify_customer_new' => 1,
'notify_customer_reply' => 1,
'show_suggested' => 1,
// Notifications
'notify_new_unassigned' => 1,
'notify_new_my' => 1,
'notify_reply_unassigned' => 1,
'notify_reply_my' => 1,
'notify_assigned' => 1,
'notify_note' => 1,
'notify_pm' => 1,
'notify_note_unassigned' => 1,
);
/* A list of all categories */
@ -101,7 +134,10 @@ while ($row=hesk_dbFetchAssoc($res))
if ( ! $_SESSION['isadmin'])
{
/* Can't create admin users */
$_POST['isadmin'] = 0;
if ( isset($_POST['isadmin']) )
{
unset($_POST['isadmin']);
}
/* Can only add features he/she has access to */
$hesk_settings['features'] = array_intersect( explode(',', $_SESSION['heskprivileges']) , $hesk_settings['features']);
@ -166,149 +202,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div style="margin-top: 20px" class="row">
<div class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading"><?php echo $hesklang['add_user']; ?></div>
<div class="panel-body">
<h6><?php echo $hesklang['req_marked_with']; ?> <font class="important">*</font></h6>
<div class="footerWithBorder blankSpace"></div>
<form class="form-horizontal" name="form1" action="manage_users.php" method="post">
<div class="form-group">
<label for="name" class="col-sm-5 control-label"><?php echo $hesklang['real_name']; ?>: <font class="important">*</font></label>
<div class="col-sm-7">
<input type="text" class="form-control" name="name" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['name']; ?>" placeholder="<?php echo $hesklang['real_name']; ?>" />
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-5 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label>
<div class="col-sm-7">
<input type="text" class="form-control" name="email" size="40" maxlength="255" placeholder="<?php echo $hesklang['email']; ?>" value="<?php echo $_SESSION['userdata']['email']; ?>" />
</div>
</div>
<div class="form-group">
<label for="user" class="col-sm-5 control-label"><?php echo $hesklang['username']; ?>: <font class="important">*</font></label>
<div class="col-sm-7">
<input type="text" class="form-control" name="user" size="40" maxlength="20" value="<?php echo $_SESSION['userdata']['user']; ?>" placeholder="<?php echo $hesklang['username']; ?>" />
</div>
</div>
<div class="form-group">
<label for="pass" class="col-sm-5 control-label"><?php echo $hesklang['pass']; ?>: <font class="important">*</font></label>
<div class="col-sm-7">
<input type="password" class="form-control" name="newpass" autocomplete="off" size="40" placeholder="<?php echo $hesklang['pass']; ?>" value="<?php echo $_SESSION['userdata']['cleanpass']; ?>" onkeyup="javascript:hesk_checkPassword(this.value)" />
</div>
</div>
<div class="form-group">
<label for="confirmPass" class="col-sm-5 control-label" style="font-size: .9em"><?php echo $hesklang['confirm_pass']; ?>: <font class="important">*</font></label>
<div class="col-sm-7">
<input type="password" name="newpass2" class="form-control" autocomplete="off" placeholder="<?php echo $hesklang['confirm_pass']; ?>" size="40" value="<?php echo $_SESSION['userdata']['cleanpass']; ?>" />
</div>
</div>
<div class="form-group">
<label for="pwStrength" class="col-sm-5 control-label" style="font-size: .9em"><?php echo $hesklang['pwdst']; ?>:</label>
<div class="col-sm-7">
<div style="border: 1px solid gray; width: 100px;">
<div id="progressBar"
style="font-size: 1px; height: 22px; width: 0px; border: 1px solid white;">
</div>
</div>
</div>
</div>
<div class="form-group">
<label for="administrator" class="col-sm-5 control-label"><?php echo $hesklang['administrator']; ?>: <font class="important">*</font></label>
<div class="col-sm-7">
<?php
/* Only administrators can create new administrator accounts */
if ($_SESSION['isadmin'])
{
?>
<div class="radio"><label><input type="radio" name="isadmin" value="1" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if ($_SESSION['userdata']['isadmin']) echo 'checked="checked"'; ?> /> <?php echo $hesklang['yes'].' '.$hesklang['admin_can']; ?></label></div>
<div class="radio"><label><input type="radio" name="isadmin" value="0" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if (!$_SESSION['userdata']['isadmin']) echo 'checked="checked"'; ?> /> <?php echo $hesklang['no'].' '.$hesklang['staff_can']; ?></label></div>
<?php
}
else
{
echo $hesklang['no'].' '.$hesklang['staff_can'];
}
?>
</div>
</div>
<div id="options" style="display: <?php echo ($_SESSION['isadmin'] && $_SESSION['userdata']['isadmin']) ? 'none' : 'block'; ?>">
<div class="form-group">
<label for="categories" class="col-sm-5 control-label"><?php echo $hesklang['allowed_cat']; ?>: <font class="important">*</font></label>
<div class="col-sm-7">
<?php
foreach ($hesk_settings['categories'] as $catid => $catname)
{
echo '<div class="checkbox"><label><input type="checkbox" name="categories[]" value="' . $catid . '" ';
if ( in_array($catid,$_SESSION['userdata']['categories']) )
{
echo ' checked="checked" ';
}
echo ' />' . $catname . '</label></div> ';
}
?>
</div>
</div>
<div class="form-group">
<label for="permissions" class="col-sm-5 control-label"><?php echo $hesklang['allow_feat']; ?>: <font class="important">*</font></label>
<div class="col-sm-7">
<?php
foreach ($hesk_settings['features'] as $k)
{
echo '<div class="checkbox"><label><input type="checkbox" name="features[]" value="' . $k . '" ';
if (in_array($k,$_SESSION['userdata']['features']))
{
echo ' checked="checked" ';
}
echo ' />' . $hesklang[$k] . '</label></div> ';
}
?>
<div class="checkbox">
<label><input type="checkbox" name="can_change_notification_settings" checked> <?php echo $hesklang['can_change_notification_settings']; ?> </label>
</div>
</div>
</div>
</div>
<div class="form-group">
<label for="auto-assign" class="col-sm-5 control-label"><?php echo $hesklang['opt']; ?>:</label>
<div class="col-sm-7">
<?php
if ($hesk_settings['autoassign'])
{
?>
<div class="checkbox">
<label><input type="checkbox" name="autoassign" value="Y" <?php if ( ! isset($_SESSION['userdata']['autoassign']) || $_SESSION['userdata']['autoassign'] == 1 ) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['user_aa']; ?></label>
</div>
<?php } if ($_SESSION['can_manage_settings']) { ?>
<div class="checkbox">
<label><input type="checkbox" name="manage_settings"> <?php echo $hesklang['can_man_settings']; ?></label>
</div>
<?php } ?>
</div>
</div>
<div class="form-group">
<label for="signature" class="col-sm-5 control-label"><?php echo $hesklang['signature_max']; ?>:</label>
<div class="col-sm-7">
<textarea class="form-control" name="signature" rows="6" placeholder="<?php echo $hesklang['sig']; ?>" cols="40"><?php echo $_SESSION['userdata']['signature']; ?></textarea>
<?php echo $hesklang['sign_extra']; ?>
</div>
</div>
<div class="form-group">
<div class="col-sm-12 text-right">
<input type="hidden" name="a" value="new" />
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input type="submit" class="btn btn-default" value="<?php echo $hesklang['create_user']; ?>" />
<a class="btn btn-default" href="manage_users.php?a=reset_form"><?php echo $hesklang['refi']; ?></a>
</div>
</div>
</form>
</div>
</div>
</div>
<div class="col-md-8">
<div class="col-md-10 col-md-offset-1">
<script language="Javascript" type="text/javascript"><!--
function confirm_delete()
{
@ -345,7 +239,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</tr>
<!-- I can't get this block to tab over without breaking, so it will be awkwardly sticking out for now :( -->
<?php
$res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `id` ASC');
$res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `name` ASC');
$i=1;
$cannot_manage = array();
@ -470,7 +364,18 @@ EOC;
{
echo '&nbsp;&nbsp;&nbsp;<i style="color: green" class="fa fa-circle"></i> '.$hesklang['online'].' &nbsp;&nbsp;&nbsp; <i style="color: gray" class="fa fa-circle"></i> '.$hesklang['offline'];
}?>
</div>
</div>
</div>
<div class="row">
<div class="col-md-10 col-md-offset-1">
<h3><?php echo $hesklang['add_user']; ?></h3>
<h6><?php echo $hesklang['req_marked_with']; ?> <font class="important">*</font></h6>
<div class="footerWithBorder blankSpace"></div>
<form name="form1" method="post" action="manage_users.php" class="form-horizontal" role="form">
<?php hesk_profile_tab('userdata', false, 'create_user'); ?>
</form>
</div>
</div>
<script language="Javascript" type="text/javascript"><!--
@ -554,7 +459,7 @@ function edit_user()
if ( ! isset($_SESSION['save_userdata']))
{
$res = hesk_dbQuery("SELECT `user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`,`autoassign`,`heskprivileges` AS `features`, `can_manage_settings`, `active`, `can_change_notification_settings`
$res = hesk_dbQuery("SELECT *,`heskprivileges` AS `features`, `can_manage_settings`, `active`, `can_change_notification_settings`
FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($id)."' LIMIT 1");
$_SESSION['userdata'] = hesk_dbFetchAssoc($res);
@ -605,157 +510,7 @@ function edit_user()
<div class="footerWithBorder blankSpace"></div>
<form role="form" class="form-horizontal" name="form1" method="post" action="manage_users.php">
<!-- Contact info -->
<div class="form-group">
<label for="name" class="col-sm-3 control-label"><?php echo $hesklang['real_name']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<input class="form-control" placeholder="<?php echo $hesklang['real_name']; ?>" type="text" name="name" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['name']; ?>" />
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<input class="form-control" placeholder="<?php echo $hesklang['email']; ?>" type="text" name="email" size="40" maxlength="255" value="<?php echo $_SESSION['userdata']['email']; ?>" />
</div>
</div>
<div class="form-group">
<label for="user" class="col-sm-3 control-label"><?php echo $hesklang['username']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<input class="form-control" placeholder="<?php echo $hesklang['username']; ?>" type="text" name="user" size="40" maxlength="20" value="<?php echo $_SESSION['userdata']['user']; ?>" />
</div>
</div>
<div class="form-group">
<label for="newpass" class="col-sm-3 control-label"><?php echo $hesklang['pass']; ?>:</label>
<div class="col-sm-9">
<input type="password" class="form-control" placeholder="<?php echo $hesklang['pass']; ?>" name="newpass" autocomplete="off" size="40" value="<?php echo $_SESSION['userdata']['cleanpass']; ?>" onkeyup="javascript:hesk_checkPassword(this.value)" />
</div>
</div>
<div class="form-group">
<label for="newpass2" class="col-sm-3 control-label"><?php echo $hesklang['confirm_pass']; ?>:</label>
<div class="col-sm-9">
<input type="password" class="form-control" placeholder="<?php echo $hesklang['confirm_pass']; ?>" name="newpass2" autocomplete="off" size="40" value="<?php echo $_SESSION['userdata']['cleanpass']; ?>" />
</div>
</div>
<div class="form-group">
<label for="pwdst" class="col-sm-3 control-label"><?php echo $hesklang['pwdst']; ?>:</label>
<div class="col-sm-9">
<div style="border: 1px solid gray; width: 100px;">
<div id="progressBar"
style="font-size: 1px; height: 14px; width: 0px; border: 1px solid white;">
</div>
</div>
</div>
</div>
<div class="form-group">
<label for="isadmin" class="col-sm-3 control-label"><?php echo $hesklang['administrator']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<?php
/* Only administrators can create new administrator accounts */
if ($_SESSION['isadmin'])
{
?>
<div class="radio"><label><input type="radio" name="isadmin" value="1" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if ($_SESSION['userdata']['isadmin']) echo 'checked="checked"'; ?> /> <?php echo $hesklang['yes'].' '.$hesklang['admin_can']; ?></label></div>
<div class="radio"><label><input type="radio" name="isadmin" value="0" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if (!$_SESSION['userdata']['isadmin']) echo 'checked="checked"'; ?> /> <?php echo $hesklang['no'].' '.$hesklang['staff_can']; ?></label></div>
<?php
}
else
{
echo $hesklang['no'].' '.$hesklang['staff_can'];
}
?>
</div>
</div>
<div class="form-group" id="options" style="display: <?php echo ($_SESSION['isadmin'] && $_SESSION['userdata']['isadmin']) ? 'none' : ''; ?>">
<div class="row">
<label for="cats" class="control-label col-sm-3"><?php echo $hesklang['allowed_cat']; ?>: <font class="important">*</font></label>
<div class="col-sm-6">
<?php
foreach ($hesk_settings['categories'] as $catid => $catname)
{
echo '<div class="checkbox"><label><input type="checkbox" name="categories[]" value="' . $catid . '" ';
if ( in_array($catid,$_SESSION['userdata']['categories']) )
{
echo ' checked="checked" ';
}
echo ' />' . $catname . '</label></div> ';
}
?>
</div>
</div>
<div class="row">
<label for="feats" class="control-label col-sm-3"><?php echo $hesklang['allow_feat']; ?>: <font class="important">*</font></label>
<div class="col-sm-6">
<?php
foreach ($hesk_settings['features'] as $k)
{
echo '<div class="checkbox"><label><input type="checkbox" name="features[]" value="' . $k . '" ';
if (in_array($k,$_SESSION['userdata']['features']))
{
echo ' checked="checked" ';
}
echo ' />' . $hesklang[$k] . '</label></div> ';
}
$manageNotificationCheckboxState = '';
if (
isset($_SESSION['userdata']['can_change_notification_settings'])
&& $_SESSION['userdata']['can_change_notification_settings'] == 1)
{
$manageNotificationCheckboxState = 'checked';
}
?>
<div class="checkbox">
<label><input type="checkbox" name="can_change_notification_settings" <?php echo $manageNotificationCheckboxState; ?>>
<?php echo $hesklang['can_change_notification_settings']; ?>
</label>
</div>
</div>
</div>
</div>
<div class="form-group">
<label for="autoassign" class="col-sm-3 control-label"><?php echo $hesklang['opt']; ?>:</label>
<div class="col-sm-9">
<?php if ($hesk_settings['autoassign'])
{ ?>
<div class="checkbox">
<label><input type="checkbox" name="autoassign" value="Y" <?php if ( isset($_SESSION['userdata']['autoassign']) && $_SESSION['userdata']['autoassign'] == 1 ) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['user_aa']; ?></label>
</div>
<?php } if ($_GET['id'] != 1) { ?>
<div class="checkbox">
<?php if (isset($_SESSION['userdata']['can_manage_settings'])) { ?>
<label><input type="checkbox" name="manage_settings"
<?php if ($_SESSION['userdata']['can_manage_settings']) { echo 'checked="checked"';} ?>
<?php if (!$_SESSION['can_manage_settings']) { echo 'disabled'; } ?>> <?php echo $hesklang['can_man_settings']; ?></label>
<?php if (!$_SESSION['can_manage_settings'] && $_SESSION['userdata']['can_manage_settings']) {
echo '<input type="hidden" name="manage_settings" value="1">';
} ?>
<?php } ?>
</div>
<?php } else { ?>
<input type="hidden" name="manage_settings" value="1">
<?php } ?>
<div class="checkbox">
<label><input type="checkbox" name="active" <?php if ($_SESSION['userdata']['active']) { echo 'checked';} ?>> <?php echo $hesklang['active_user']; ?></label>
</div>
</div>
</div>
<div class="form-group">
<label for="signature" class="col-sm-3 control-label"><?php echo $hesklang['signature_max']; ?>:</label>
<div class="col-sm-9">
<textarea class="form-control" placeholder="<?php echo $hesklang['sig']; ?>" name="signature" rows="6" cols="40"><?php echo $_SESSION['userdata']['signature']; ?></textarea><br />
<?php echo $hesklang['sign_extra']; ?>
</div>
</div>
<!-- Submit -->
<div class="form-group" style="text-align: center">
<input type="hidden" name="a" value="save" />
<input type="hidden" name="userid" value="<?php echo $id; ?>" />
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['save_changes']; ?>" />
<a class="btn btn-default" href="manage_users.php"><?php echo $hesklang['dich']; ?></a>
</div>
<?php hesk_profile_tab('userdata',false,'edit_user'); ?>
</form>
<script language="Javascript" type="text/javascript"><!--
hesk_checkPassword(document.form1.newpass.value);
@ -779,18 +534,6 @@ function new_user()
$myuser = hesk_validateUserInfo();
/* Can view unassigned tickets? */
if ( in_array('can_view_unassigned', $myuser['features']) )
{
$sql_where = '';
$sql_what = '';
}
else
{
$sql_where = ' , `notify_new_unassigned`, `notify_reply_unassigned` ';
$sql_what = " , '0', '0' ";
}
/* Categories and Features will be stored as a string */
$myuser['categories'] = implode(',',$myuser['categories']);
$myuser['features'] = implode(',',$myuser['features']);
@ -810,7 +553,30 @@ function new_user()
}
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (
`user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`,`autoassign`,`heskprivileges`, `can_manage_settings`, `can_change_notification_settings` $sql_where) VALUES (
`user`,
`pass`,
`isadmin`,
`name`,
`email`,
`signature`,
`categories`,
`autoassign`,
`heskprivileges`,
`can_manage_settings`,
`can_change_notification_settings`,
`afterreply`,
`autostart`,
`notify_customer_new`,
`notify_customer_reply`,
`show_suggested`,
`notify_new_unassigned`,
`notify_new_my`,
`notify_reply_unassigned`,
`notify_reply_my`,
`notify_assigned`,
`notify_pm`,
`notify_note`,
`notify_note_unassigned`) VALUES (
'".hesk_dbEscape($myuser['user'])."',
'".hesk_dbEscape($myuser['pass'])."',
'".intval($myuser['isadmin'])."',
@ -821,8 +587,21 @@ function new_user()
'".intval($myuser['autoassign'])."',
'".hesk_dbEscape($myuser['features'])."',
'".hesk_dbEscape($myuser['can_manage_settings'])."',
'".hesk_dbEscape($myuser['can_change_notification_settings'])."'
$sql_what )" );
'".hesk_dbEscape($myuser['can_change_notification_settings'])."',
'".($myuser['afterreply'])."' ,
'".($myuser['autostart'])."' ,
'".($myuser['notify_customer_new'])."' ,
'".($myuser['notify_customer_reply'])."' ,
'".($myuser['show_suggested'])."' ,
'".($myuser['notify_new_unassigned'])."' ,
'".($myuser['notify_new_my'])."' ,
'".($myuser['notify_reply_unassigned'])."' ,
'".($myuser['notify_reply_my'])."' ,
'".($myuser['notify_assigned'])."' ,
'".($myuser['notify_pm'])."',
'".($myuser['notify_note'])."',
'".($myuser['notify_note_unassigned'])."'
)" );
$_SESSION['seluser'] = hesk_dbInsertID();
@ -854,16 +633,16 @@ function update_user()
$myuser['id'] = $tmp;
/* Only active users can be assigned tickets */
if ($myuser['active']) {
/* If can't view assigned changes this */
if (in_array('can_view_unassigned', $myuser['features'])) {
$sql_where = "";
} else {
$sql_where = " , `notify_new_unassigned`='0', `notify_reply_unassigned`='0' ";
}
} else {
if (!$myuser['active']) {
$myuser['autoassign'] = 0;
$sql_where = " , `notify_new_unassigned`='0', `notify_new_my`='0', `notify_reply_unassigned`='0', `notify_reply_my`='0', `notify_assigned`='0', `notify_pm`='0', `notify_note`='0' ";
$myuser['notify_new_unassigned'] = 0;
$myuser['notify_new_my'] = 0;
$myuser['notify_reply_unassigned'] = 0;
$myuser['notify_reply_my'] = 0;
$myuser['notify_assigned'] = 0;
$myuser['notify_pm'] = 0;
$myuser['notify_note'] = 0;
$myuser['notify_note_unassigned'] = 0;
}
/* Check for duplicate usernames */
@ -914,8 +693,20 @@ function update_user()
`autoassign`='".intval($myuser['autoassign'])."',
`heskprivileges`='".hesk_dbEscape($myuser['features'])."',
`can_manage_settings`='".hesk_dbEscape($myuser['can_manage_settings'])."',
`can_change_notification_settings`='".hesk_dbEscape($myuser['can_change_notification_settings'])."'
$sql_where
`can_change_notification_settings`='".hesk_dbEscape($myuser['can_change_notification_settings'])."',
`afterreply`='".($myuser['afterreply'])."' ,
`autostart`='".($myuser['autostart'])."' ,
`notify_customer_new`='".($myuser['notify_customer_new'])."' ,
`notify_customer_reply`='".($myuser['notify_customer_reply'])."' ,
`show_suggested`='".($myuser['show_suggested'])."' ,
`notify_new_unassigned`='".($myuser['notify_new_unassigned'])."' ,
`notify_new_my`='".($myuser['notify_new_my'])."' ,
`notify_reply_unassigned`='".($myuser['notify_reply_unassigned'])."' ,
`notify_reply_my`='".($myuser['notify_reply_my'])."' ,
`notify_assigned`='".($myuser['notify_assigned'])."' ,
`notify_pm`='".($myuser['notify_pm'])."',
`notify_note`='".($myuser['notify_note'])."',
`notify_note_unassigned`='".($myuser['notify_note_unassigned'])."'
WHERE `id`='".intval($myuser['id'])."' LIMIT 1");
unset($_SESSION['save_userdata']);
@ -1022,6 +813,22 @@ function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_user
}
}
// Defaults
$myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0;
$myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
$myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
$myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
/* Notifications */
$myuser['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) ? 0 : 1;
$myuser['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$myuser['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) ? 0 : 1;
$myuser['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$myuser['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$myuser['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$myuser['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
$myuser['notify_note_unassigned'] = empty($_POST['notify_note_unassigned']) ? 0 : 1;
/* Save entered info in session so we don't loose it in case of errors */
$_SESSION['userdata'] = $myuser;

231
admin/new_ticket.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -48,6 +48,57 @@ hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
// Pre-populate fields
// Customer name
if ( isset($_REQUEST['name']) )
{
$_SESSION['as_name'] = $_REQUEST['name'];
}
// Customer email address
if ( isset($_REQUEST['email']) )
{
$_SESSION['as_email'] = $_REQUEST['email'];
$_SESSION['as_email2'] = $_REQUEST['email'];
}
// Category ID
if ( isset($_REQUEST['catid']) )
{
$_SESSION['as_category'] = intval($_REQUEST['catid']);
}
if ( isset($_REQUEST['category']) )
{
$_SESSION['as_category'] = intval($_REQUEST['category']);
}
// Priority
if ( isset($_REQUEST['priority']) )
{
$_SESSION['as_priority'] = intval($_REQUEST['priority']);
}
// Subject
if ( isset($_REQUEST['subject']) )
{
$_SESSION['as_subject'] = $_REQUEST['subject'];
}
// Message
if ( isset($_REQUEST['message']) )
{
$_SESSION['as_message'] = $_REQUEST['message'];
}
// Custom fields
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
if ($v['use'] && isset($_REQUEST[$k]) )
{
$_SESSION['as_'.$k] = $_REQUEST[$k];
}
}
/* Varibles for coloring the fields in case of errors */
if (!isset($_SESSION['iserror']))
{
@ -61,7 +112,7 @@ if (!isset($_SESSION['isnotice']))
/* List of users */
$admins = array();
$result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `active` = '1' ORDER BY `id` ASC");
$result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `active` = '1' ORDER BY `name` ASC");
while ($row=hesk_dbFetchAssoc($result))
{
/* Is this an administrator? */
@ -125,7 +176,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<div class="form-group">
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>: </label>
<div class="col-sm-9">
<input type="text" class="form-control" name="email" size="40" maxlength="255"
<input type="text" class="form-control" name="email" size="40" maxlength="1000"
value="<?php if (isset($_SESSION['as_email'])) {echo stripslashes(hesk_input($_SESSION['as_email']));}
else if (isset($_GET['email'])) {echo hesk_GET('email');} ?>" <?php if($hesk_settings['detect_typos']) { echo ' onblur="Javascript:hesk_suggestEmail(1)"'; } ?>
placeholder="<?php echo $hesklang['email']; ?>">
@ -140,11 +191,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<div class="col-sm-9">
<select name="category" class="form-control">
<?php
if (!empty($_GET['catid']))
// Show the "Click to select"?
if ($hesk_settings['select_cat'])
{
$_SESSION['as_category'] = intval( hesk_GET('catid') );
echo '<option value="">'.$hesklang['select'].'</option>';
}
// List categories
$result = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` ORDER BY `cat_order` ASC');
while ($row=hesk_dbFetchAssoc($result))
{
@ -160,6 +213,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<label for="priority" class="col-sm-3 control-label"><?php echo $hesklang['priority']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<select name="priority" class="form-control">
<?php
// Show the "Click to select"?
if ($hesk_settings['select_pri'])
{
echo '<option value="">'.$hesklang['select'].'</option>';
}
?>
<option value="3" <?php
if((isset($_SESSION['as_priority']) && $_SESSION['as_priority']==3)
|| (isset($_GET['priority']) && $_GET['priority']==3)) {echo 'selected="selected"';} ?>><?php echo $hesklang['low']; ?></option>
@ -259,12 +319,19 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
echo '<div class="form-group"><label for="'.$v['name'].'" class="col-sm-3 control-label">'.$v['name'].': '.$v['req'].'</label>
<div class="col-sm-9"><select class="form-control" id="'.$v['name'].'" name="'.$k.'" '.$cls.'>';
// Show "Click to select"?
$v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
if ($num)
{
echo '<option value="">'.$hesklang['select'].'</option>';
}
$options = explode('#HESK#',$v['value']);
foreach ($options as $option)
{
if (strlen($k_value) == 0 || $k_value == $option)
if ($k_value == $option)
{
$k_value = $option;
$selected = 'selected="selected"';
@ -291,7 +358,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
foreach ($options as $option)
{
if (strlen($k_value) == 0 || $k_value == $option)
if (strlen($k_value == $option))
{
$k_value = $option;
$selected = 'selected="selected"';
@ -386,15 +453,142 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<!-- End custom before -->
<!-- Ticket Info -->
<?php
// Lets handle ticket templates
$can_options = '';
// Get ticket templates from the database
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` ORDER BY `tpl_order` ASC");
// If we have any templates print them out
if ( hesk_dbNumRows($res) )
{
?>
<script language="javascript" type="text/javascript"><!--
// -->
var myMsgTxt = new Array();
var mySubjectTxt = new Array();
myMsgTxt[0]='';
mySubjectTxt[0]='';
<?php
while ($mysaved = hesk_dbFetchRow($res))
{
$can_options .= '<option value="' . $mysaved[0] . '">' . $mysaved[1]. "</option>\n";
echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved[2]))."';\n";
echo 'mySubjectTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved[1]))."';\n";
}
?>
function setMessage(msgid)
{
var myMsg=myMsgTxt[msgid];
var mySubject=mySubjectTxt[msgid];
if (myMsg == '')
{
if (document.form1.mode[1].checked)
{
document.getElementById('message').value = '';
document.getElementById('subject').value = '';
}
return true;
}
if (document.getElementById)
{
if (document.getElementById('moderep').checked)
{
document.getElementById('HeskMsg').innerHTML='<textarea name="message" id="message" rows="12" cols="60">'+myMsg+'</textarea>';
document.getElementById('HeskSub').innerHTML='<input type="text" name="subject" id="subject" size="40" maxlength="40" value="'+mySubject+'" />';
}
else
{
var oldMsg = document.getElementById('message').value;
document.getElementById('HeskMsg').innerHTML='<textarea name="message" id="message" rows="12" cols="60">'+oldMsg+myMsg+'</textarea>';
if (document.getElementById('subject').value == '')
{
document.getElementById('HeskSub').innerHTML='<input type="text" name="subject" id="subject" size="40" maxlength="40" value="'+mySubject+'" />';
}
}
}
else
{
if (document.form1.mode[0].checked)
{
document.form1.message.value=myMsg;
document.form1.subject.value=mySubject;
}
else
{
var oldMsg = document.form1.message.value;
document.form1.message.value=oldMsg+myMsg;
if (document.form1.subject.value == '')
{
document.form1.subject.value=mySubject;
}
}
}
}
//-->
</script>
<?php
} // END fetchrows
// Print templates
if ( strlen($can_options) )
{
?>
<tr>
<td style="text-align:right" width="150" valign="top">&nbsp;</td>
<td width="80%">
<div align="center">
<table class="white" style="width:100%">
<tr>
<td class="admin_gray" colspan="2"><b>&raquo;<?php echo $hesklang['ticket_tpl']; ?></b> <?php echo hesk_checkPermission('can_man_ticket_tpl', 0) ? '(<a href="manage_ticket_templates.php">' . $hesklang['ticket_tpl_man'] . '</a>)' : ''; ?></td>
</tr>
<tr>
<td class="admin_gray">
<label><input type="radio" name="mode" id="modeadd" value="1" checked="checked" /> <?php echo $hesklang['madd']; ?></label><br />
<label><input type="radio" name="mode" id="moderep" value="0" /> <?php echo $hesklang['mrep']; ?></label>
</td>
<td class="admin_gray">
<?php echo $hesklang['select_ticket_tpl']; ?>:<br />
<select name="saved_replies" onchange="setMessage(this.value)">
<option value="0"> - <?php echo $hesklang['select_empty']; ?> - </option>
<?php echo $can_options; ?>
</select>
</td>
</tr>
</table>
</div>
</td>
</tr>
<?php
} // END printing templates
elseif ( hesk_checkPermission('can_man_ticket_tpl', 0) )
{
?>
<tr>
<td style="text-align:right" width="150">&nbsp;</td>
<td width="80%"><a href="manage_ticket_templates.php"><?php echo $hesklang['ticket_tpl_man']; ?></a></td>
</tr>
<?php
}
?>
<?php if (in_array('subject',$_SESSION['iserror'])) {echo '<div class="form-group has-error">';} else {echo '<div class="form-group">';} ?>
<label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<input class="form-control" type="text" name="subject" size="40" maxlength="40" value="<?php if (isset($_SESSION['as_subject']) || isset($_GET['subject'])) {echo stripslashes(hesk_input($_SESSION['as_subject']));} ?>" placeholder="<?php echo $hesklang['subject']; ?>" />
<span id="HeskSub"><input class="form-control" type="text" name="subject" id="subject" size="40" maxlength="40" value="<?php if (isset($_SESSION['as_subject']) || isset($_GET['subject'])) {echo stripslashes(hesk_input($_SESSION['as_subject']));} ?>" placeholder="<?php echo $hesklang['subject']; ?>" /></span>
</div>
</div>
<?php if (in_array('message',$_SESSION['iserror'])) {echo '<div class="form-group has-error">';} else {echo '<div class="form-group">';} ?>
<div class="col-sm-12">
<textarea class="form-control" name="message" rows="12" cols="60" placeholder="<?php echo $hesklang['message']; ?>" ><?php if (isset($_SESSION['as_message'])) {echo stripslashes(hesk_input($_SESSION['as_message']));} ?></textarea>
<span id="HeskSub">
<textarea class="form-control" name="message" id="message" rows="12" cols="60" placeholder="<?php echo $hesklang['message']; ?>" ><?php if (isset($_SESSION['as_message'])) {echo stripslashes(hesk_input($_SESSION['as_message']));} ?></textarea>
</span>
</div>
</div>
<hr/>
@ -472,12 +666,19 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
echo '<div class="form-group"><label for="'.$v['name'].'" class="col-sm-3 control-label">'.$v['name'].': '.$v['req'].'</label>
<div class="col-sm-9"><select class="form-control" id="'.$v['name'].'" name="'.$k.'" '.$cls.'>';
// Show "Click to select"?
$v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
if ($num)
{
echo '<option value="">'.$hesklang['select'].'</option>';
}
$options = explode('#HESK#',$v['value']);
foreach ($options as $option)
{
if (strlen($k_value) == 0 || $k_value == $option)
if ($k_value == $option)
{
$k_value = $option;
$selected = 'selected="selected"';
@ -561,7 +762,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
foreach ($options as $option)
{
if (strlen($k_value) == 0 || $k_value == $option)
if ($k_value == $option)
{
$k_value = $option;
$selected = 'selected="selected"';
@ -620,10 +821,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
?>
<!-- Admin options -->
<?php
if ( ! isset($_SESSION['as_notify']) )
{
$_SESSION['as_notify'] = $_SESSION['notify_customer_new'] ? 1 : 0;
}
?>
<div class="form-group">
<label class="col-sm-3 control-label"><?php echo $hesklang['addop']; ?>:</label>
<div class="col-sm-9">
<label><input type="checkbox" name="notify" value="1" <?php echo (!isset($_SESSION['as_notify']) || !empty($_SESSION['as_notify'])) ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['seno']; ?></label><br />
<label><input type="checkbox" name="notify" value="1" <?php echo empty($_SESSION['as_notify']) ? '' : 'checked="checked"'; ?> /> <?php echo $hesklang['seno']; ?></label><br />
<label><input type="checkbox" name="show" value="1" <?php echo (!isset($_SESSION['as_show']) || !empty($_SESSION['as_show'])) ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['otas']; ?></label><br />
<hr />
</div>

10
admin/options.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.3 from 16th March 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -190,6 +190,8 @@ switch ($type)
';
break;
case 'select':
$query = str_replace('{HESK_SELECT}', '', $query, $show_select);
$options=str_replace('#HESK#',"\n",$query);
echo '
<script language="javascript">
@ -217,12 +219,18 @@ switch ($type)
}
text = unescape(text.replace(re_nlchar,\'#HESK#\'));
if (document.getElementById(\'show_select\').checked)
{
text = "{HESK_SELECT}" + text;
}
window.opener.document.getElementById(\'s_'.$id.'_val\').value = text;
window.close();
}
</script>
<p>'.$hesklang['opt3'].'</p>
<p><label><input type="checkbox" name="show_select" id="show_select" value="1" ' . ($show_select ? 'checked="checked"' : '') . ' /> ' . $hesklang['show_select'] . '</label></p>
<textarea name="o1" id="o1" rows="6" cols="40">'.$options.'</textarea>
<p><input type="button" value=" '.$hesklang['ok'].' " onclick="Javascript:hesk_saveOptions()" /></p>
';

361
admin/password.php
Unescape Escape View File

@ -0,0 +1,361 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT',1);
define('HESK_PATH','../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
// Is the password reset function enabled?
if ( ! $hesk_settings['reset_pass'])
{
die($hesklang['attempt']);
}
// Allow additional 5 attempts in case the user is already blocked
$hesk_settings['attempt_limit'] += 5;
// Start session
hesk_session_start();
if (!isset($_SESSION['a_iserror']))
{
$_SESSION['a_iserror'] = array();
}
$hesk_error_buffer = array();
// If this is a POST method, check input
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
// Verify security image
if ($hesk_settings['secimg_use'])
{
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use'] == 1)
{
require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'],
$_SERVER['REMOTE_ADDR'],
hesk_POST('recaptcha_challenge_field', ''),
hesk_POST('recaptcha_response_field', '')
);
if ($resp->is_valid)
{
//$_SESSION['img_a_verified']=true;
}
else
{
$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
}
}
// Using ReCaptcha API v2?
elseif ($hesk_settings['recaptcha_use'] == 2)
{
require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php');
$resp = null;
$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
// Was there a reCAPTCHA response?
if ( isset($_POST["g-recaptcha-response"]) )
{
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response") );
}
if ($resp != null && $resp->success)
{
//$_SESSION['img_a_verified']=true;
}
else
{
$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
}
}
// Using PHP generated image
else
{
$mysecnum = intval( hesk_POST('mysecnum', 0) );
if ( empty($mysecnum) )
{
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
}
else
{
require(HESK_PATH . 'inc/secimg.inc.php');
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if ( isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum']) )
{
//$_SESSION['img_a_verified'] = true;
}
else
{
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
// Connect to database and check for brute force attempts
hesk_load_database_functions();
hesk_dbConnect();
hesk_limitBfAttempts();
// Get email
$email = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
// Any errors?
if (count($hesk_error_buffer)!=0)
{
$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
$tmp = '';
foreach ($hesk_error_buffer as $error)
{
$tmp .= "<li>$error</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
}
else
{
// Get user data from the database
$res = hesk_dbQuery("SELECT `id`, `name`, `pass` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` LIKE '".hesk_dbEscape($email)."' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
hesk_process_messages($hesklang['noace'],'NOREDIRECT');
}
else
{
$row = hesk_dbFetchAssoc($res);
$hash = sha1(microtime() . $_SERVER['REMOTE_ADDR'] . mt_rand() . $row['id'] . $row['name'] . $row['pass']);
// Insert the verification hash into the database
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` (`user`, `hash`, `ip`) VALUES (".intval($row['id']).", '{$hash}', '".hesk_dbEscape($_SERVER['REMOTE_ADDR'])."') ");
// Prepare and send email
require(HESK_PATH . 'inc/email_functions.inc.php');
// Get the email message
$msg = hesk_getEmailMessage('reset_password',array(),1,0,1);
// Replace message special tags
$msg = str_replace('%%NAME%%', hesk_msgToPlain($row['name'],1,1), $msg);
$msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
$msg = str_replace('%%SITE_TITLE%%', $hesk_settings['site_title'], $msg);
$msg = str_replace('%%PASSWORD_RESET%%', $hesk_settings['hesk_url'].'/'.$hesk_settings['admin_dir'].'/password.php?h='.$hash, $msg);
// Send email
hesk_mail($email, $hesklang['reset_password'], $msg);
// Show success
hesk_process_messages($hesklang['pemls'],'NOREDIRECT','SUCCESS');
}
}
}
// If the "h" parameter is set verify it and reset the password
elseif ( isset($_GET['h']) )
{
// Get the hash
$hash = preg_replace('/[^a-zA-Z0-9]/', '', $_GET['h']);
// Connect to database
hesk_load_database_functions();
hesk_dbConnect();
// Expire verification hashes older than 2 hours
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `dt` < (NOW() - INTERVAL 2 HOUR)");
// Verify the hash exists
$res = hesk_dbQuery("SELECT `user`, `ip` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `hash` = '{$hash}' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
// Not a valid hash
hesk_limitBfAttempts();
hesk_process_messages($hesklang['ehash'],'NOREDIRECT');
}
else
{
// Get info from database
$row = hesk_dbFetchAssoc($res);
// Only allow resetting password from the same IP address that submitted password reset request
if ($row['ip'] != $_SERVER['REMOTE_ADDR'])
{
hesk_limitBfAttempts();
hesk_process_messages($hesklang['ehaip'],'NOREDIRECT');
}
else
{
// Expire all verification hashes for this user
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `user`=".intval($row['user']));
// Get user details
$res = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `id`=".intval($row['user'])." LIMIT 1");
$row = hesk_dbFetchAssoc($res);
foreach ($row as $k=>$v)
{
$_SESSION[$k]=$v;
}
unset($_SESSION['pass']);
// Clean brute force attempts
hesk_cleanBfAttempts();
// Regenerate session ID (security)
hesk_session_regenerate_id();
// Get allowed categories
if (empty($_SESSION['isadmin']))
{
$_SESSION['categories']=explode(',',$_SESSION['categories']);
}
// Redirect to the profile page
hesk_process_messages($hesklang['resim'],'profile.php','NOTICE');
exit();
} // End IP matches
}
}
// Tell header to load reCaptcha API if needed
if ($hesk_settings['recaptcha_use'] == 2)
{
define('RECAPTCHA',1);
}
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['passr'];
require_once(HESK_PATH . 'inc/header.inc.php');
?>
<ol class="breadcrumb">
<li><a href="<?php echo $hesk_settings['site_url']; ?>"><?php echo $hesk_settings['site_title']; ?></a></li>
<li><a href="index.php"><?php echo $hesklang['admin_login']; ?></a></li>
<li class="active"><?php echo $hesklang['passr']; ?></li>
</ol>
<div class="row">
<div class="col-md-10 col-md-offset-1">
<form action="password.php" method="post" name="form1" class="form-signin form-horizontal" role="form">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
<h2><span <?php echo $iconDisplay; ?>><span class="mega-octicon octicon-sign-in"></span>&nbsp;</span><?php echo $hesklang['passr']; ?></h2>
<div class="footerWithBorder blankSpace"></div>
<div class="form-group <?php echo in_array('email',$_SESSION['a_iserror']) ? 'has-error' : ''; ?>">
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?></label>
<div class="col-sm-9">
<input type="text" name="email" size="35" value="<?php if (isset($email)) {echo stripslashes(hesk_input($email));} ?>" class="form-control" placeholder="<?php echo $hesklang['email']; ?>">
</div>
</div>
<?php
if ($hesk_settings['secimg_use'])
{
?>
<div class="form-group">
<div class="col-sm-11 col-sm-offset-1">
<?php
// Should we use Recaptcha?
if ($hesk_settings['recaptcha_use'] == 1)
{
?>
<script type="text/javascript">
var RecaptchaOptions = {
theme : '<?php echo ( isset($_SESSION['a_iserror']) && in_array('mysecnum',$_SESSION['a_iserror']) ) ? 'red' : 'white'; ?>',
custom_translations : {
visual_challenge : "<?php echo hesk_slashJS($hesklang['visual_challenge']); ?>",
audio_challenge : "<?php echo hesk_slashJS($hesklang['audio_challenge']); ?>",
refresh_btn : "<?php echo hesk_slashJS($hesklang['refresh_btn']); ?>",
instructions_visual : "<?php echo hesk_slashJS($hesklang['instructions_visual']); ?>",
instructions_context : "<?php echo hesk_slashJS($hesklang['instructions_context']); ?>",
instructions_audio : "<?php echo hesk_slashJS($hesklang['instructions_audio']); ?>",
help_btn : "<?php echo hesk_slashJS($hesklang['help_btn']); ?>",
play_again : "<?php echo hesk_slashJS($hesklang['play_again']); ?>",
cant_hear_this : "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?>",
incorrect_try_again : "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?>",
image_alt_text : "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>",
},
};
</script>
<?php
require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
}
// Use reCaptcha API v2?
elseif ($hesk_settings['recaptcha_use'] == 2)
{
?>
<div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>"></div>
<?php
}
// At least use some basic PHP generated image (better than nothing)
else
{
$cls = in_array('mysecnum',$_SESSION['a_iserror']) ? ' class="isError" ' : '';
echo $hesklang['sec_enter'].'<br />&nbsp;<br /><img src="'.HESK_PATH.'print_sec_img.php?'.rand(10000,99999).'" width="150" height="40" alt="'.$hesklang['sec_img'].'" title="'.$hesklang['sec_img'].'" border="1" name="secimg" style="vertical-align:text-bottom" /> '.
'<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\''.HESK_PATH.'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="'.HESK_PATH.'img/reload.png" height="24" width="24" alt="'.$hesklang['reload'].'" title="'.$hesklang['reload'].'" border="0" style="vertical-align:text-bottom" /></a>'.
'<br />&nbsp;<br /><input type="text" name="mysecnum" size="20" maxlength="5" '.$cls.' />';
}
?>
</div>
</div>
<?php
}
?>
<div class="form-group">
<div class="col-sm-10 col-sm-offset-1">
<input type="submit" value="<?php echo $hesklang['passs']; ?>" class="btn btn-default">
</div>
</div>
</form>
</div>
</div>
<?php
// Clean session errors
hesk_cleanSessionVars('a_iserror');
hesk_cleanSessionVars('img_a_verified');
// Print footer
require_once(HESK_PATH . 'inc/footer.inc.php');
?>

176
admin/profile.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -39,6 +39,7 @@ define('HESK_PATH','../');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/profile_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
@ -167,178 +168,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<form role="form" class="form-horizontal" method="post" action="profile.php" name="form1">
<h4><?php echo $hesklang['pinfo']; ?></h4>
<div class="footerWithBorder blankSpace"></div>
<!-- Contact info -->
<div class="form-group">
<label for="name" class="col-sm-3 control-label"><?php echo $hesklang['name']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<input class="form-control" type="text" name="name" size="30" maxlength="50" value="<?php echo $_SESSION['new']['name']; ?>" placeholder="<?php echo $hesklang['name']; ?>" />
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<input type="text" class="form-control" name="email" size="30" maxlength="255" value="<?php echo $_SESSION['new']['email']; ?>" placeholder="<?php echo $hesklang['email']; ?>"/>
</div>
</div>
<?php
// Let admins change their username
if ($_SESSION['isadmin'])
{
?>
<div class="form-group">
<label for="user" class="col-sm-3 control-label"><?php echo $hesklang['username']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<input type="text" class="form-control" name="user" size="30" maxlength="50" value="<?php echo $_SESSION['new']['user']; ?>" autocomplete="off" placeholder="<?php echo $hesklang['username']; ?>" />
</div>
</div>
<?php
}
?>
<div class="form-group">
<label for="newpass" class="col-sm-3 control-label"><?php echo $hesklang['new_pass']; ?>:</label>
<div class="col-sm-9">
<input type="password" class="form-control" name="newpass" size="30" onkeyup="javascript:hesk_checkPassword(this.value)" autocomplete="off" placeholder="<?php echo $hesklang['new_pass']; ?>" />
</div>
</div>
<div class="form-group">
<label for="newpass2" class="col-sm-3 control-label"><?php echo $hesklang['confirm_pass']; ?>:</label>
<div class="col-sm-9">
<input type="password" class="form-control" name="newpass2" size="30" autocomplete="off" placeholder="<?php echo $hesklang['confirm_pass']; ?>" />
</div>
</div>
<div class="form-group">
<label for="pwdStrength" class="col-sm-3 control-label"><?php echo $hesklang['pwdst']; ?>:</label>
<div class="col-sm-9">
<div style="border: 1px solid gray; width: 100px;">
<div id="progressBar"
style="font-size: 1px; height: 14px; width: 0px; border: 1px solid white;">
</div>
</div>
</div>
</div>
<h4><?php echo $hesklang['sig']; ?></h4>
<div class="footerWithBorder blankSpace"></div>
<!-- Signature -->
<div class="form-group">
<label for="signature" class="col-sm-3 control-label"><?php echo $hesklang['signature_max']; ?>:</label>
<div class="col-sm-9">
<textarea class="form-control" name="signature" rows="6" cols="40" placholder="<?php echo $hesklang['sig']; ?>"><?php echo $_SESSION['new']['signature']; ?></textarea><br />
<?php echo $hesklang['sign_extra']; ?>
</div>
</div>
<h4><?php echo $hesklang['pref']; ?></h4>
<?php
if ($can_reply_tickets)
{
?>
<div class="footerWithBorder blankSpace"></div>
<div class="form-group">
<label for="afterreply" class="col-sm-3 control-label"><?php echo $hesklang['aftrep']; ?>:</label>
<div class="col-sm-9">
<div class="radio">
<label><input type="radio" name="afterreply" value="0" <?php if (!$_SESSION['new']['afterreply']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['showtic']; ?></label>
</div>
<div class="radio">
<label><input type="radio" name="afterreply" value="1" <?php if ($_SESSION['new']['afterreply'] == 1) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['gomain']; ?></label>
</div>
<div class="radio">
<label><input type="radio" name="afterreply" value="2" <?php if ($_SESSION['new']['afterreply'] == 2) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['shownext']; ?></label>
</div>
</div>
</div>
<div class="form-group">
<label for="autostart" class="col-sm-3 control-label"><?php echo $hesklang['ts']; ?>:</label>
<div class="col-sm-9">
<div class="checkbox">
<label><input type="checkbox" name="autostart" value="1" <?php if (!empty($_SESSION['new']['autostart'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['autoss']; ?></label>
</div>
</div>
</div>
<?php } ?>
<div class="form-group">
<label for="autoRefresh" class="col-sm-3 control-label"><?php echo $hesklang['ticket_auto_refresh']; ?></label>
<div class="col-sm-9">
<input type="text" class="form-control" id="autorefresh" name="autorefresh" value="<?php echo $_SESSION['new']['autorefresh']; ?>">
<span class="help-block"><?php echo $hesklang['autorefresh_restrictions']; ?></span>
</div>
</div>
<h4><?php echo $hesklang['notn']; ?></h4>
<h6><?php echo $hesklang['nomw']; ?></h6>
<div class="footerWithBorder blankSpace"></div>
<?php $disabledText = isset($_SESSION['new']['can_change_notification_settings']) && $_SESSION['new']['can_change_notification_settings'] ? '' : 'disabled';
if ($disabledText == 'disabled') { ?>
<div class="alert alert-info"><?php echo $hesklang['notifications_disabled_info']; ?></div>
<?php }
?>
<div class="form-group">
<?php
if ($can_view_tickets)
{
if ($can_view_unassigned)
{
?>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_new_unassigned" value="1" <?php if (!empty($_SESSION['new']['notify_new_unassigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['nwts']; ?> <?php echo $hesklang['unas']; ?></label></div></div>
<?php
if ($disabledText == 'disabled')
{ ?>
<input type="hidden" name="notify_new_unassigned" value="<?php echo !empty($_SESSION['new']['notify_new_unassigned']) ? '1' : '0'; ?>">
<?php }
}
else
{
?>
<input type="hidden" name="notify_new_unassigned" value="0" />
<?php
}
?>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_new_my" value="1" <?php if (!empty($_SESSION['new']['notify_new_my'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['nwts']; ?> <?php echo $hesklang['s_my']; ?></label></div></div>
<?php
if ($disabledText == 'disabled')
{ ?>
<input type="hidden" name="notify_new_my" value="<?php echo !empty($_SESSION['new']['notify_new_my']) ? '1' : '0'; ?>">
<?php }
if ($can_view_unassigned)
{
?>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_reply_unassigned" value="1" <?php if (!empty($_SESSION['new']['notify_reply_unassigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ncrt']; ?> <?php echo $hesklang['unas']; ?></label></div></div>
<?php
if ($disabledText == 'disabled')
{ ?>
<input type="hidden" name="notify_reply_unassigned" value="<?php echo !empty($_SESSION['new']['notify_reply_unassigned']) ? '1' : '0'; ?>">
<?php }
}
else
{
?>
<input type="hidden" name="notify_reply_unassigned" value="0" />
<?php
}
?>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_reply_my" value="1" <?php if (!empty($_SESSION['new']['notify_reply_my'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ncrt']; ?> <?php echo $hesklang['s_my']; ?></label></div></div>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_assigned" value="1" <?php if (!empty($_SESSION['new']['notify_assigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ntam']; ?></label></div></div>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_note" value="1" <?php if (!empty($_SESSION['new']['notify_note'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ntnote']; ?></label></div></div>
<?php
if ($disabledText == 'disabled')
{ ?>
<input type="hidden" name="notify_reply_my" value="<?php echo !empty($_SESSION['new']['notify_reply_my']) ? '1' : '0'; ?>">
<input type="hidden" name="notify_assigned" value="<?php echo !empty($_SESSION['new']['notify_assigned']) ? '1' : '0'; ?>">
<input type="hidden" name="notify_note" value="<?php echo !empty($_SESSION['new']['notify_note']) ? '1' : '0'; ?>">
<?php }
if ($_SESSION['isadmin']) { ?>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_note_unassigned" value="1" <?php if (!empty($_SESSION['new']['notify_note_unassigned'])) {echo 'checked="checked"';}?>> <?php echo $hesklang['notify_note_unassigned']; ?></label></div> </div>
<?php
}
}
?>
</div>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<div style="text-align: center"><input type="submit" class="btn btn-default" value="<?php echo $hesklang['update_profile']; ?>" /></div>
<?php hesk_profile_tab('new'); ?>
</form>
</div>
</div>

198
admin/reports.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -221,6 +221,9 @@ if (isset($selected['type'][$type]))
$selected['type'][$type] = 'selected="selected"';
}
// Setup date SQL so we don't have to call functions several times
$hesk_settings['dt_sql'] = " `dt` BETWEEN '" . hesk_dbEscape($date_from) . " 00:00:00' AND '" . hesk_dbEscape($date_to) . " 23:59:59' ";
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
@ -371,24 +374,22 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
/* SQL query for category stats */
$res = hesk_dbQuery("
SELECT DISTINCT `t1`.`category`, `t2`.`num_tickets`, `t2`.`seconds_worked` AS `seconds_worked`, IFNULL(`t3`.`all_replies`,0) AS `all_replies`, IFNULL(`t4`.`staff_replies`,0) AS `staff_replies` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` AS `t1`
LEFT JOIN (SELECT COUNT(*) AS `num_tickets`, SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`, `category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` AS `t1` WHERE DATE(`t1`.`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' " . ( $can_run_reports_full ? "" : " AND `t1`.`owner` = '" . intval($_SESSION['id']) . "'" ) . " GROUP BY `category`) AS `t2` ON `t1`.`category`=`t2`.`category`
LEFT JOIN (SELECT COUNT(*) AS `all_replies`, `t1`.`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` AS `t1`, `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` AS `t5` WHERE `t1`.`id`=`t5`.`replyto` AND DATE(`t5`.`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' " . ( $can_run_reports_full ? "" : " AND `t1`.`owner` = '" . intval($_SESSION['id']) . "'" ) . " GROUP BY `t1`.`category`) AS `t3` ON `t1`.`category`=`t3`.`category`
LEFT JOIN (SELECT COUNT(*) AS `staff_replies`, `t1`.`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` AS `t1`, `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` AS `t5` WHERE `t1`.`id`=`t5`.`replyto` AND " . ( $can_run_reports_full ? "`t5`.`staffid` > 0" : "`t5`.`staffid` = '" . intval($_SESSION['id']) . "'" ) . " AND DATE(`t5`.`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `t1`.`category`) AS `t4` ON `t1`.`category`=`t4`.`category`
WHERE DATE(`t1`.`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "'" .
( $can_run_reports_full ? "" : " AND `t1`.`owner` = '" . intval($_SESSION['id']) . "'" )
);
$res = hesk_dbQuery("SELECT `category`, COUNT(*) AS `num_tickets`, ".($hesk_settings['time_worked'] ? "SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`," : '')." SUM(`replies`) AS `all_replies`, SUM(staffreplies) AS `staff_replies` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE {$hesk_settings['dt_sql']} " . ( $can_run_reports_full ? "" : " AND `t1`.`owner` = '" . intval($_SESSION['id']) . "'" ) . " GROUP BY `category`");
/* Update ticket values */
while ($row = hesk_dbFetchAssoc($res))
{
if ( ! $hesk_settings['time_worked'])
{
$row['seconds_worked'] = 0;
}
if (isset($cat[$row['category']]))
{
$tickets[$row['category']]['num_tickets'] += $row['num_tickets'];
$tickets[$row['category']]['all_replies'] += $row['all_replies'];
$tickets[$row['category']]['staff_replies'] += $row['staff_replies'];
$tickets[$row['category']]['worked'] = hesk_SecondsToHHMMSS($row['seconds_worked']);
$tickets[$row['category']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0;
}
else
{
@ -414,7 +415,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
// Get number of resolved tickets
$res = hesk_dbQuery("SELECT COUNT(*) AS `num_tickets` , `category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) " . ( $can_run_reports_full ? "" : " AND `owner` = '" . intval($_SESSION['id']) . "'" ) . " AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `category`");
$res = hesk_dbQuery("SELECT COUNT(*) AS `num_tickets` , `category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) " . ( $can_run_reports_full ? "" : " AND `owner` = '" . intval($_SESSION['id']) . "'" ) . " AND {$hesk_settings['dt_sql']} GROUP BY `category`");
// Update number of open and resolved tickets
while ($row = hesk_dbFetchAssoc($res))
@ -433,10 +434,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
// Convert total seconds worked to HH:MM:SS
$totals['worked'] = hesk_SecondsToHHMMSS($totals['worked']);
$totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;
if ( isset($tickets[9999]) )
{
$tickets[9999]['worked'] = hesk_SecondsToHHMMSS($tickets[9999]['worked']);
$tickets[9999]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($tickets[9999]['worked']) : 0;
}
?>
@ -445,10 +446,15 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<th><?php echo $hesklang['category']; ?></th>
<th><?php echo $hesklang['tickets']; ?></th>
<th><?php echo $hesklang['topen']; ?></th>
<th><?php echo $hesklang['closed']; ?></th>
<th><?php echo $hesklang['closed_title']; ?></th>
<th><?php echo $hesklang['replies'] . ' (' . $hesklang['all'] .')'; ?></th>
<th><?php echo $hesklang['replies'] . ' (' . $hesklang['staff'] .')'; ?></th>
<th><?php echo $hesklang['ts']; ?></th>
<?php
if ($hesk_settings['time_worked'])
{
echo '<th>'.$hesklang['ts'].'</th>';
}
?>
</tr>
<?php
@ -463,7 +469,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td><b><?php echo $totals['resolved']; ?></b></td>
<td><b><?php echo $totals['all_replies']; ?></b></td>
<td><b><?php echo $totals['staff_replies']; ?></b></td>
<td><b><?php echo $totals['worked']; ?></b></td>
<?php
if ($hesk_settings['time_worked'])
{
echo '<td>'.$totals['worked'].'</td>';
}
?>
</tr>
<?php
}
@ -480,7 +491,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td><?php echo $d['resolved']; ?></td>
<td><?php echo $d['all_replies']; ?></td>
<td><?php echo $d['staff_replies']; ?></td>
<td><?php echo $d['worked']; ?></td>
<?php
if ($hesk_settings['time_worked'])
{
echo '<td>'.$d['worked'].'</td>';
}
?>
</tr>
<?php
}
@ -492,7 +508,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td><b><?php echo $totals['resolved']; ?></b></td>
<td><b><?php echo $totals['all_replies']; ?></b></td>
<td><b><?php echo $totals['staff_replies']; ?></b></td>
<td><b><?php echo $totals['worked']; ?></b></td>
<?php
if ($hesk_settings['time_worked'])
{
echo '<td>'.$totals['worked'].'</td>';
}
?>
</tr>
</table>
<?php
@ -514,7 +535,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
if ($_SESSION['isadmin'] || hesk_checkPermission('can_run_reports_full', 0) )
{
// -> get list of users
$res = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `id` ASC");
$res = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC");
// -> populate $admins and $tickets arrays
while ($row=hesk_dbFetchAssoc($res))
@ -531,19 +552,24 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
// -> get list of tickets
$res = hesk_dbQuery("SELECT `owner`, COUNT(*) AS `cnt`, SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('" . implode("','", array_keys($admins) ) . "') AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `owner`");
$res = hesk_dbQuery("SELECT `owner`, COUNT(*) AS `cnt`".($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '')." FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('" . implode("','", array_keys($admins) ) . "') AND {$hesk_settings['dt_sql']} GROUP BY `owner`");
// -> update ticket list values
while ($row = hesk_dbFetchAssoc($res))
{
if ( ! $hesk_settings['time_worked'])
{
$row['seconds_worked'] = 0;
}
$tickets[$row['owner']]['asstickets'] += $row['cnt'];
$totals['asstickets'] += $row['cnt'];
$tickets[$row['owner']]['worked'] = hesk_SecondsToHHMMSS($row['seconds_worked']);
$tickets[$row['owner']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0;
$totals['worked'] += $row['seconds_worked'];
}
// -> get list of resolved tickets
$res = hesk_dbQuery("SELECT `owner`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('" . implode("','", array_keys($admins) ) . "') AND `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `owner`");
$res = hesk_dbQuery("SELECT `owner`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('" . implode("','", array_keys($admins) ) . "') AND `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) AND {$hesk_settings['dt_sql']} GROUP BY `owner`");
// -> update resolved ticket list values
while ($row = hesk_dbFetchAssoc($res))
@ -553,7 +579,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
// -> get number of replies
$res = hesk_dbQuery("SELECT `staffid`, COUNT(*) AS `cnt`, COUNT(DISTINCT `replyto`) AS `tcnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `staffid` IN ('" . implode("','", array_keys($admins) ) . "') AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `staffid`");
$res = hesk_dbQuery("SELECT `staffid`, COUNT(*) AS `cnt`, COUNT(DISTINCT `replyto`) AS `tcnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `staffid` IN ('" . implode("','", array_keys($admins) ) . "') AND {$hesk_settings['dt_sql']} GROUP BY `staffid`");
// -> update number of replies values
while ($row = hesk_dbFetchAssoc($res))
@ -571,17 +597,17 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
$admins[$_SESSION['id']] = $_SESSION['name'];
// -> get list of tickets
$res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`, SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` = '" . intval($_SESSION['id']) . "' AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "'");
$res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`".($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '')." FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` = '" . intval($_SESSION['id']) . "' AND {$hesk_settings['dt_sql']}");
$row = hesk_dbFetchAssoc($res);
// -> update ticket values
$tickets[$_SESSION['id']]['asstickets'] = $row['cnt'];
$totals['asstickets'] = $row['cnt'];
$tickets[$_SESSION['id']]['worked'] = hesk_SecondsToHHMMSS($row['seconds_worked']);
$tickets[$_SESSION['id']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0;
$totals['worked'] += $row['seconds_worked'];
// -> get list of resolved tickets
$res = hesk_dbQuery("SELECT COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` = '" . intval($_SESSION['id']) . "' AND `status`='3' AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "'");
$res = hesk_dbQuery("SELECT COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` = '" . intval($_SESSION['id']) . "' AND `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) AND {$hesk_settings['dt_sql']}");
$row = hesk_dbFetchAssoc($res);
// -> update resolved ticket values
@ -589,7 +615,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
$totals['resolved'] = $row['cnt'];
// -> get number of replies
$res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`, COUNT(DISTINCT `replyto`) AS `tcnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `staffid` = '" . intval($_SESSION['id']) . "' AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "'");
$res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`, COUNT(DISTINCT `replyto`) AS `tcnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `staffid` = '" . intval($_SESSION['id']) . "' AND {$hesk_settings['dt_sql']}");
$row = hesk_dbFetchAssoc($res);
$tickets[$_SESSION['id']]['tickets'] = $row['tcnt'];
@ -601,7 +627,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
// Convert total seconds worked to HH:MM:SS
$totals['worked'] = hesk_SecondsToHHMMSS($totals['worked']);
$totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;
?>
<table class="table table-striped table-condensed">
@ -609,10 +635,15 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<th><?php echo $hesklang['user']; ?></th>
<th><?php echo $hesklang['ticass']; ?></th>
<th><?php echo $hesklang['topen']; ?></th>
<th><?php echo $hesklang['closed']; ?></th>
<th><?php echo $hesklang['closed_title']; ?></th>
<th><?php echo $hesklang['ticall']; ?></th>
<th><?php echo $hesklang['replies']; ?></th>
<th><?php echo $hesklang['ts']; ?></th>
<?php
if ($hesk_settings['time_worked'])
{
echo '<th>'.$hesklang['ts'].'</th>';
}
?>
</tr>
<?php
@ -627,7 +658,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td><b><?php echo $totals['resolved']; ?></b></td>
<td><b><?php echo $totals['tickets']; ?></b></td>
<td><b><?php echo $totals['replies']; ?></b></td>
<td><b><?php echo $totals['worked']; ?></b></td>
<?php
if ($hesk_settings['time_worked'])
{
echo '<td><b>'.$totals['worked'].'</b></td>';
}
?>
</tr>
<?php
}
@ -643,7 +679,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td><?php echo $d['resolved']; ?></td>
<td><?php echo $d['tickets']; ?></td>
<td><?php echo $d['replies']; ?></td>
<td><?php echo $d['worked']; ?></td>
<?php
if ($hesk_settings['time_worked'])
{
echo '<td>'.$d['worked'].'</td>';
}
?>
</tr>
<?php
}
@ -655,7 +696,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td><b><?php echo $totals['resolved']; ?></b></td>
<td><b><?php echo $totals['tickets']; ?></b></td>
<td><b><?php echo $totals['replies']; ?></b></td>
<td><b><?php echo $totals['worked']; ?></b></td>
<?php
if ($hesk_settings['time_worked'])
{
echo '<td><b>'.$totals['worked'].'</b></td>';
}
?>
</tr>
</table>
<?php
@ -681,20 +727,25 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
// SQL query for all
$res = hesk_dbQuery("SELECT YEAR(`dt`) AS `myyear`, MONTH(`dt`) AS `mymonth`, COUNT(*) AS `cnt`, SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `myyear`,`mymonth`");
$res = hesk_dbQuery("SELECT YEAR(`dt`) AS `myyear`, MONTH(`dt`) AS `mymonth`, COUNT(*) AS `cnt`".($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '')." FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND {$hesk_settings['dt_sql']} GROUP BY `myyear`,`mymonth`");
// Update ticket values
while ($row = hesk_dbFetchAssoc($res))
{
if ( ! $hesk_settings['time_worked'])
{
$row['seconds_worked'] = 0;
}
$row['mymonth'] = sprintf('%02d',$row['mymonth']);
$tickets[$row['myyear'].'-'.$row['mymonth'].'-01']['all'] += $row['cnt'];
$tickets[$row['myyear'].'-'.$row['mymonth'].'-01']['worked'] = hesk_SecondsToHHMMSS($row['seconds_worked']);
$tickets[$row['myyear'].'-'.$row['mymonth'].'-01']['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0;
$totals['all'] += $row['cnt'];
$totals['worked'] += $row['seconds_worked'];
}
// SQL query for resolved
$res = hesk_dbQuery("SELECT YEAR(`dt`) AS `myyear`, MONTH(`dt`) AS `mymonth`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND `status` = '3' AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `myyear`,`mymonth`");
$res = hesk_dbQuery("SELECT YEAR(`dt`) AS `myyear`, MONTH(`dt`) AS `mymonth`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) AND {$hesk_settings['dt_sql']} GROUP BY `myyear`,`mymonth`");
// Update ticket values
while ($row = hesk_dbFetchAssoc($res))
@ -705,7 +756,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
// Convert total seconds worked to HH:MM:SS
$totals['worked'] = hesk_SecondsToHHMMSS($totals['worked']);
$totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;
?>
<table class="table table-striped table-condensed">
@ -713,8 +764,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<th><?php echo $hesklang['month']; ?></th>
<th><?php echo $hesklang['atik']; ?></th>
<th><?php echo $hesklang['topen']; ?></th>
<th><?php echo $hesklang['closed']; ?></th>
<th><?php echo $hesklang['ts']; ?></th>
<th><?php echo $hesklang['closed_title']; ?></th>
<?php
if ($hesk_settings['time_worked'])
{
echo '<th>'.$hesklang['ts'].'</th>';
}
?>
</tr>
<?php
@ -727,7 +783,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<th><b><?php echo $totals['all']; ?></b></th>
<th><b><?php echo $totals['all']-$totals['resolved']; ?></b></th>
<th><b><?php echo $totals['resolved']; ?></b></th>
<th><b><?php echo $totals['worked']; ?></b></th>
<?php
if ($hesk_settings['time_worked'])
{
echo '<th><b>'.$totals['worked'].'</b></th>';
}
?>
</tr>
<?php
}
@ -741,7 +802,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td><?php echo $d['all']; ?></td>
<td><?php echo $d['all']-$d['resolved']; ?></td>
<td><?php echo $d['resolved']; ?></td>
<td><?php echo $d['worked']; ?></td>
<?php
if ($hesk_settings['time_worked'])
{
echo '<td>'.$d['worked'].'</td>';
}
?>
</tr>
<?php
}
@ -751,7 +817,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td><b><?php echo $totals['all']; ?></b></td>
<td><b><?php echo $totals['all']-$totals['resolved']; ?></b></td>
<td><b><?php echo $totals['resolved']; ?></b></td>
<td><b><?php echo $totals['worked']; ?></b></td>
<?php
if ($hesk_settings['time_worked'])
{
echo '<td><b>'.$d['worked'].'</b></td>';
}
?>
</tr>
</table>
@ -778,19 +849,24 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
// SQL query for all
$res = hesk_dbQuery("SELECT DATE(`dt`) AS `mydt`, COUNT(*) AS `cnt`, SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `mydt`");
$res = hesk_dbQuery("SELECT DATE(`dt`) AS `mydt`, COUNT(*) AS `cnt`".($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '')." FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND {$hesk_settings['dt_sql']} GROUP BY `mydt`");
// Update ticket values
while ($row = hesk_dbFetchAssoc($res))
{
if ( ! $hesk_settings['time_worked'])
{
$row['seconds_worked'] = 0;
}
$tickets[$row['mydt']]['all'] += $row['cnt'];
$tickets[$row['mydt']]['worked'] = hesk_SecondsToHHMMSS($row['seconds_worked']);
$tickets[$row['mydt']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0;
$totals['all'] += $row['cnt'];
$totals['worked'] += $row['seconds_worked'];
}
// SQL query for resolved
$res = hesk_dbQuery("SELECT DATE(`dt`) AS `mydt`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `mydt`");
$res = hesk_dbQuery("SELECT DATE(`dt`) AS `mydt`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) AND {$hesk_settings['dt_sql']} GROUP BY `mydt`");
// Update ticket values
while ($row = hesk_dbFetchAssoc($res))
@ -800,7 +876,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
}
// Convert total seconds worked to HH:MM:SS
$totals['worked'] = hesk_SecondsToHHMMSS($totals['worked']);
$totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;
?>
<table class="table table-striped table-condensed">
@ -808,8 +884,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<th><?php echo $hesklang['date']; ?></th>
<th><?php echo $hesklang['atik']; ?></th>
<th><?php echo $hesklang['topen']; ?></th>
<th><?php echo $hesklang['closed']; ?></th>
<th><?php echo $hesklang['ts']; ?></th>
<th><?php echo $hesklang['closed_title']; ?></th>
<?php
if ($hesk_settings['time_worked'])
{
echo '<th>'.$hesklang['ts'].'</th>';
}
?>
</tr>
<?php
@ -822,7 +903,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td><b><?php echo $totals['all']; ?></b></td>
<td><b><?php echo $totals['all']-$totals['resolved']; ?></b></td>
<td><b><?php echo $totals['resolved']; ?></b></td>
<td><b><?php echo $totals['worked']; ?></b></td>
<?php
if ($hesk_settings['time_worked'])
{
echo '<td><b>'.$totals['worked'].'</b></td>';
}
?>
</tr>
<?php
}
@ -836,7 +922,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td><?php echo $d['all']; ?></td>
<td><?php echo $d['all']-$d['resolved']; ?></td>
<td><?php echo $d['resolved']; ?></td>
<td><?php echo $d['worked']; ?></td>
<?php
if ($hesk_settings['time_worked'])
{
echo '<td>'.$d['worked'].'</td>';
}
?>
</tr>
<?php
}
@ -846,7 +937,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<td><b><?php echo $totals['all']; ?></b></td>
<td><b><?php echo $totals['all']-$totals['resolved']; ?></b></td>
<td><b><?php echo $totals['resolved']; ?></b></td>
<td><b><?php echo $totals['worked']; ?></b></td>
<?php
if ($hesk_settings['time_worked'])
{
echo '<td>'.$totals['worked'].'</td>';
}
?>
</tr>
</table>
<?php

653
admin/service_messages.php
Unescape Escape View File

@ -0,0 +1,653 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT',1);
define('HESK_PATH','../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_service_msg');
// Define required constants
define('LOAD_TABS',1);
define('WYSIWYG',1);
// What should we do?
if ( $action = hesk_REQUEST('a') )
{
if ($action == 'edit_sm') {edit_sm();}
elseif ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'service_messages.php', 'NOTICE');}
elseif ($action == 'new_sm') {new_sm();}
elseif ($action == 'save_sm') {save_sm();}
elseif ($action == 'order_sm') {order_sm();}
elseif ($action == 'remove_sm') {remove_sm();}
}
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<div class="row" style="padding: 20px">
<ul class="nav nav-tabs" role="tablist">
<?php
// Show a link to banned_emails.php if user has permission to do so
if ( hesk_checkPermission('can_ban_emails',0) )
{
echo '
<li role="presentation">
<a title="' . $hesklang['banemail'] . '" href="banned_emails.php">'.$hesklang['banemail'].'</a>
</li>';
}
if ( hesk_checkPermission('can_ban_ips',0) )
{
echo '
<li role="presentation">
<a title="' . $hesklang['banip'] . '" href="banned_ips.php">'.$hesklang['banip'].'</a>
</li>';
}
?>
<li role="presentation" class="active">
<a href="#"><?php echo $hesklang['sm_title']; ?> <i class="fa fa-question-circle settingsquestionmark" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['sm_intro']); ?>')"></i></a>
</li>
</ul>
<div class="tab-content summaryList tabPadding">
<script language="javascript" type="text/javascript"><!--
function confirm_delete()
{
if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {return true;}
else {return false;}
}
//-->
</script>
<div class="row">
<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
if ( isset($_SESSION['new_sm']) )
{
$_SESSION['new_sm'] = hesk_stripArray($_SESSION['new_sm']);
}
if ( isset($_SESSION['preview_sm']) )
{
hesk_service_message($_SESSION['new_sm']);
}
if ($hesk_settings['kb_wysiwyg'])
{
?>
<script type="text/javascript">
tinyMCE.init({
mode : "exact",
elements : "content",
theme : "advanced",
convert_urls : false,
gecko_spellcheck: true,
theme_advanced_buttons1 : "cut,copy,paste,|,undo,redo,|,formatselect,fontselect,fontsizeselect,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull",
theme_advanced_buttons2 : "sub,sup,|,charmap,|,bullist,numlist,|,outdent,indent,insertdate,inserttime,preview,|,forecolor,backcolor,|,hr,removeformat,visualaid,|,link,unlink,anchor,image,cleanup,code",
theme_advanced_buttons3 : "",
theme_advanced_toolbar_location : "top",
theme_advanced_toolbar_align : "left",
theme_advanced_statusbar_location : "bottom",
theme_advanced_resizing : true
});
</script>
<?php
}
?>
<div class="panel panel-default">
<div class="panel-heading">
<h4><?php echo $hesklang['ex_sm']; ?></h4>
</div>
<div class="panel-body">
<?php
// Get banned ips from database
$res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'service_messages` ORDER BY `order` ASC');
$num = hesk_dbNumRows($res);
if ($num < 1)
{
echo '<p>'.$hesklang['no_sm'].'</p>';
}
else
{
// List of staff
if ( ! isset($admins) )
{
$admins = array();
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users`");
while ($row=hesk_dbFetchAssoc($res2))
{
$admins[$row['id']]=$row['name'];
}
}
?>
<table class="table table-hover">
<thead>
<tr>
<th><?php echo $hesklang['sm_mtitle']; ?></th>
<th><?php echo $hesklang['sm_author']; ?></th>
<th><?php echo $hesklang['sm_type']; ?></th>
<th>&nbsp;<?php echo $hesklang['opt']; ?>&nbsp;</th>
</tr>
</thead>
<tbody>
<?php
$j = 1;
$k = 1;
while ($sm=hesk_dbFetchAssoc($res))
{
$faIcon = "";
switch ($sm['style'])
{
case 1:
$sm_style = "alert alert-success";
$faIcon = "fa fa-check-circle";
break;
case 2:
$sm_style = "alert alert-info";
$faIcon = "fa fa-comment";
break;
case 3:
$sm_style = "alert alert-warning";
$faIcon = "fa fa-exclamation-triangle";
break;
case 4:
$sm_style = "alert alert-danger";
$faIcon = "fa fa-times-circle";
break;
default:
$sm_style = "none";
}
$type = $sm['type'] ? $hesklang['sm_draft']: $hesklang['sm_published'];
?>
<tr>
<td>
<div class="<?php echo $sm_style; ?>">
<i class="<?php echo $faIcon; ?>"></i>
<b><?php echo $sm['title']; ?></b>
</div>
</td>
<td><?php echo (isset($admins[$sm['author']]) ? $admins[$sm['author']] : $hesklang['e_udel']); ?></td>
<td><?php echo $type; ?></td>
<td>
<?php
if ($num > 1)
{
if ($k == 1)
{
?>
<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
<a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>">
<i class="fa fa-arrow-down" style="font-size: 16px; color: green" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['move_dn']; ?>"></i></a>
<?php
}
elseif ($k == $num)
{
?>
<a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>">
<i class="fa fa-arrow-up" style="font-size: 16px; color: green" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['move_up']; ?>"></i></a>
<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
<?php
}
else
{
?>
<a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>">
<i class="fa fa-arrow-up" style="font-size: 16px; color: green" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['move_up']; ?>"></i></a>
<a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>">
<i class="fa fa-arrow-down" style="font-size: 16px; color: green" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['move_dn']; ?>"></i></a>
<?php
}
}
?>
<a href="service_messages.php?a=edit_sm&amp;id=<?php echo $sm['id']; ?>">
<i class="fa fa-pencil" style="font-size: 16px;color:orange" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['edit']; ?>"></i></a>
<a href="service_messages.php?a=remove_sm&amp;id=<?php echo $sm['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_sm']); ?>');">
<i class="fa fa-times" style="font-size: 16px;color:red" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['delete']; ?>"></i></a>&nbsp;</td>
</tr>
<?php
$j++;
$k++;
} // End while
?>
</tbody>
</table>
<div align="center">
<table border="0" cellspacing="1" cellpadding="3" class="white" width="100%">
</table>
</div>
<?php
}
?>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h4><a name="new_article"></a><?php echo $hesklang['new_sm']; ?></h4>
</div>
<div class="panel-body">
<form action="service_messages.php" method="post" name="form1" role="form" class="form-horizontal">
<div class="form-group">
<label for="style" class="col-md-2 control-label"><?php echo $hesklang['sm_style']; ?></label>
<div class="col-md-2">
<div class="radio alert" style="box-shadow: none; padding: 5px; border-radius: 4px;">
<label>
<input type="radio" name="style" value="0"
<?php if (!isset($_SESSION['new_sm']['style']) || (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 0) ) {echo 'checked';} ?>>
<?php echo $hesklang['sm_none']; ?>
</label>
</div>
</div>
<div class="col-md-2">
<div class="radio alert alert-success" style="padding: 5px;">
<label style="margin-top: -5px">
<input type="radio" name="style" value="1"
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 1 ) {echo 'checked';} ?>>
<?php echo $hesklang['sm_success']; ?>
</label>
</div>
</div>
<div class="col-md-2">
<div class="radio alert alert-info" style="padding: 5px">
<label style="margin-top: -5px">
<input type="radio" name="style" value="2"
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 2) {echo 'checked';} ?>>
<?php echo $hesklang['sm_info']; ?>
</label>
</div>
</div>
<div class="col-md-2">
<div class="radio alert alert-warning" style="padding: 5px">
<label style="margin-top: -5px">
<input type="radio" name="style" value="3"
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 3) {echo 'checked';} ?>>
<?php echo $hesklang['sm_notice']; ?>
</label>
</div>
</div>
<div class="col-md-2">
<div class="radio alert alert-danger" style="padding: 5px">
<label style="margin-top: -5px">
<input type="radio" name="style" value="4"
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 4) {echo 'checked';} ?> >
<?php echo $hesklang['sm_error']; ?>
</label>
</div>
</div>
</div>
<div class="form-group">
<label for="type" class="col-md-2 control-label"><?php echo $hesklang['sm_type']; ?></label>
<div class="col-md-2">
<div class="radio" style="padding: 5px">
<label>
<input type="radio" name="type" value="0"
<?php if (!isset($_SESSION['new_sm']['type']) || (isset($_SESSION['new_sm']['type']) && $_SESSION['new_sm']['type'] == 0) ) {echo 'checked';} ?> >
<?php echo $hesklang['sm_published']; ?>
</label>
</div>
</div>
<div class="col-md-2">
<div class="radio" style="padding: 5px">
<label>
<input type="radio" name="type" value="1"
<?php if (isset($_SESSION['new_sm']['type']) && $_SESSION['new_sm']['type'] == 1) {echo 'checked';} ?> >
<?php echo $hesklang['sm_draft']; ?>
</label>
</div>
</div>
</div>
<div class="form-group">
<label for="title" class="col-md-2 control-label"><?php echo $hesklang['sm_mtitle']; ?></label>
<div class="col-md-10">
<input class="form-control" placeholder="<?php echo $hesklang['sm_mtitle']; ?>"
type="text" name="title" size="70" maxlength="255"
<?php if (isset($_SESSION['new_sm']['title'])) {echo 'value="'.$_SESSION['new_sm']['title'].'"';} ?>>
</div>
</div>
<div class="form-group">
<label for="message" class="col-md-2 control-label"><?php echo $hesklang['sm_msg']; ?></label>
<div class="col-md-10">
<textarea placeholder="<?php echo $hesklang['sm_msg']; ?>" class="form-control" name="message" rows="25" cols="70" id="content">
<?php if (isset($_SESSION['new_sm']['message'])) {echo $_SESSION['new_sm']['message'];} ?>
</textarea>
</div>
</div>
<div class="form-group">
<?php echo isset($_SESSION['edit_sm']) ? '<input type="hidden" name="a" value="save_sm" /><input type="hidden" name="id" value="'.intval($_SESSION['new_sm']['id']).'" />' : '<input type="hidden" name="a" value="new_sm" />'; ?>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<div class="col-md-10 col-md-offset-2">
<div class="btn-group" role="group">
<input type="submit" name="sm_save" value="<?php echo $hesklang['sm_save']; ?>" class="btn btn-default">
<input type="submit" name="sm_preview" value="<?php echo $hesklang['sm_preview']; ?>" class="btn btn-default">
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<?php
hesk_cleanSessionVars( array('new_sm', 'preview_sm', 'edit_sm') );
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
/*** START FUNCTIONS ***/
function save_sm()
{
global $hesk_settings, $hesklang, $listBox;
global $hesk_error_buffer;
// A security check
# hesk_token_check('POST');
$hesk_error_buffer = array();
// Get service messageID
$id = intval( hesk_POST('id') ) or hesk_error($hesklang['sm_e_id']);
$style = intval( hesk_POST('style', 0) );
if ($style > 4 || $style < 0)
{
$style = 0;
}
$type = empty($_POST['type']) ? 0 : 1;
$title = hesk_input( hesk_POST('title') ) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
$message = hesk_getHTML( hesk_POST('message') );
// Any errors?
if (count($hesk_error_buffer))
{
$_SESSION['edit_sm'] = true;
$hesklang['new_sm'] = $hesklang['edit_sm'];
$_SESSION['new_sm'] = array(
'id' => $id,
'style' => $style,
'type' => $type,
'title' => $title,
'message' => hesk_input( hesk_POST('message') ),
);
$tmp = '';
foreach ($hesk_error_buffer as $error)
{
$tmp .= "<li>$error</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
hesk_process_messages($hesk_error_buffer,'service_messages.php');
}
// Just preview the message?
if ( isset($_POST['sm_preview']) )
{
$_SESSION['preview_sm'] = true;
$_SESSION['edit_sm'] = true;
$hesklang['new_sm'] = $hesklang['edit_sm'];
$_SESSION['new_sm'] = array(
'id' => $id,
'style' => $style,
'type' => $type,
'title' => $title,
'message' => $message,
);
header('Location: service_messages.php');
exit;
}
// Update the service message in the database
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` SET
`author` = '".intval($_SESSION['id'])."',
`title` = '".hesk_dbEscape($title)."',
`message` = '".hesk_dbEscape($message)."',
`style` = '{$style}',
`type` = '{$type}'
WHERE `id`={$id} LIMIT 1");
$_SESSION['smord'] = $id;
hesk_process_messages($hesklang['sm_mdf'],'service_messages.php','SUCCESS');
} // End save_sm()
function edit_sm()
{
global $hesk_settings, $hesklang;
// Get service messageID
$id = intval( hesk_GET('id') ) or hesk_error($hesklang['sm_e_id']);
// Get details from the database
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `id`={$id} LIMIT 1");
if ( hesk_dbNumRows($res) != 1 )
{
hesk_error($hesklang['sm_not_found']);
}
$sm = hesk_dbFetchAssoc($res);
$_SESSION['new_sm'] = $sm;
$_SESSION['edit_sm'] = true;
$hesklang['new_sm'] = $hesklang['edit_sm'];
} // End edit_sm()
function order_sm()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Get ID and move parameters
$id = intval( hesk_GET('id') ) or hesk_error($hesklang['sm_e_id']);
$move = intval( hesk_GET('move') );
$_SESSION['smord'] = $id;
// Update article details
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` SET `order`=`order`+".intval($move)." WHERE `id`={$id} LIMIT 1");
// Update order of all service messages
update_sm_order();
// Finish
header('Location: service_messages.php');
exit();
} // End order_sm()
function update_sm_order()
{
global $hesk_settings, $hesklang;
// Get list of current service messages
$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` ORDER BY `order` ASC");
// Update database
$i = 10;
while ( $sm = hesk_dbFetchAssoc($res) )
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` SET `order`=".intval($i)." WHERE `id`='".intval($sm['id'])."' LIMIT 1");
$i += 10;
}
return true;
} // END update_sm_order()
function remove_sm()
{
global $hesk_settings, $hesklang;
// A security check
hesk_token_check();
// Get ID
$id = intval( hesk_GET('id') ) or hesk_error($hesklang['sm_e_id']);
// Delete the service message
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `id`={$id} LIMIT 1");
// Were we successful?
if ( hesk_dbAffectedRows() == 1 )
{
hesk_process_messages($hesklang['sm_deleted'],'./service_messages.php','SUCCESS');
}
else
{
hesk_process_messages($hesklang['sm_not_found'],'./service_messages.php');
}
} // End remove_sm()
function new_sm()
{
global $hesk_settings, $hesklang, $listBox;
global $hesk_error_buffer;
// A security check
# hesk_token_check('POST');
$hesk_error_buffer = array();
$style = intval( hesk_POST('style', 0) );
if ($style > 4 || $style < 0)
{
$style = 0;
}
$type = empty($_POST['type']) ? 0 : 1;
$title = hesk_input( hesk_POST('title') ) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
$message = hesk_getHTML( hesk_POST('message') );
// Any errors?
if (count($hesk_error_buffer))
{
$_SESSION['new_sm'] = array(
'style' => $style,
'type' => $type,
'title' => $title,
'message' => hesk_input( hesk_POST('message') ),
);
$tmp = '';
foreach ($hesk_error_buffer as $error)
{
$tmp .= "<li>$error</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
hesk_process_messages($hesk_error_buffer,'service_messages.php');
}
// Just preview the message?
if ( isset($_POST['sm_preview']) )
{
$_SESSION['preview_sm'] = true;
$_SESSION['new_sm'] = array(
'style' => $style,
'type' => $type,
'title' => $title,
'message' => $message,
);
header('Location: service_messages.php');
exit;
}
// Get the latest service message order
$res = hesk_dbQuery("SELECT `order` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` ORDER BY `order` DESC LIMIT 1");
$row = hesk_dbFetchRow($res);
$my_order = intval($row[0]) + 10;
// Insert service message into database
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` (`author`,`title`,`message`,`style`,`type`,`order`) VALUES (
'".intval($_SESSION['id'])."',
'".hesk_dbEscape($title)."',
'".hesk_dbEscape($message)."',
'{$style}',
'{$type}',
'{$my_order}'
)");
$_SESSION['smord'] = hesk_dbInsertID();
hesk_process_messages($hesklang['sm_added'],'service_messages.php','SUCCESS');
} // End new_sm()
?>

21
change_status.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -38,8 +38,11 @@ define('HESK_PATH','./');
// Get all the required files and functions
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
hesk_load_database_functions();
// Are we in maintenance mode?
hesk_check_maintenance();
hesk_load_database_functions();
hesk_session_start();
// A security check
@ -58,6 +61,12 @@ hesk_dbConnect();
if ($status == 3) // Closed
{
// Is customer closing tickets enabled?
if ( ! $hesk_settings['custclose'])
{
hesk_error($hesklang['attempt']);
}
//-- They want to close the ticket, so get the status that is the default for client-side closes
$statusRow = hesk_dbFetchAssoc(hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsClosedByClient` = 1'));
@ -69,6 +78,9 @@ if ($status == 3) // Closed
{
$locked = 1;
}
// Mark that customer resolved the ticket
$closedby_sql = ' , `closedat`=NOW(), `closedby`=0 ';
}
elseif ($status == 2) // Opened
{
@ -83,6 +95,9 @@ elseif ($status == 2) // Opened
// We will ask the customer why is the ticket being reopened
$_SESSION['force_form_top'] = true;
// Ticket is not resolved
$closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
}
else
{
@ -96,7 +111,7 @@ hesk_dbConnect();
hesk_verifyEmailMatch($trackingID);
// Modify values in the database
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$status}', `locked`='{$locked}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' AND `locked` != '1' LIMIT 1");
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' AND `locked` != '1' LIMIT 1");
// Did we modify anything*
if (hesk_dbAffectedRows() != 1)

10
css/hesk_newStyle.php
Unescape Escape View File

@ -123,6 +123,7 @@
.settingsquestionmark {
color: <?php echo $questionMarkColor; ?>;
font-size: 14px;
cursor: pointer;
}
.h3questionmark {
color: <?php echo $questionMarkColor; ?>;
@ -363,3 +364,12 @@ div.setupButtons {
cursor: text !important;
background-color: #fff !important;
}
button.btn.dropdown-toggle {
height: 34px;
}
button.dropdown-submit {
background:none!important;
border:none;
}

12
css/hesk_newStyleRTL.php
Unescape Escape View File

@ -123,6 +123,7 @@
.settingsquestionmark {
color: <?php echo $questionMarkColor; ?>;
font-size: 14px;
cursor: pointer;
}
.settingsquestionmark:hover {
text-decoration: underline;
@ -356,4 +357,15 @@ div.setupButtons {
margin-right: auto;
margin-left: auto;
width: 90%;
}
.white-readonly {
cursor: text !important;
background-color: #fff !important;
}
button.btn.dropdown-toggle {
height: 34px;
}
button.dropdown-submit {
background:none!important;
border:none;
}

446
hesk_javascript.js
Unescape Escape View File

@ -0,0 +1,446 @@
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
function hesk_insertTag(tag) {
var text_to_insert = '%%'+tag+'%%';
hesk_insertAtCursor(document.form1.msg, text_to_insert);
document.form1.message.focus();
}
function hesk_insertAtCursor(myField, myValue) {
if (document.selection) {
myField.focus();
sel = document.selection.createRange();
sel.text = myValue;
}
else if (myField.selectionStart || myField.selectionStart == '0') {
var startPos = myField.selectionStart;
var endPos = myField.selectionEnd;
myField.value = myField.value.substring(0, startPos)
+ myValue
+ myField.value.substring(endPos, myField.value.length);
} else {
myField.value += myValue;
}
}
function hesk_changeAll(myID) {
var d = document.form1;
var setTo = myID.checked ? true : false;
for (var i = 0; i < d.elements.length; i++)
{
if(d.elements[i].type == 'checkbox' && d.elements[i].name != 'checkall')
{
d.elements[i].checked = setTo;
}
}
}
function hesk_attach_disable(ids) {
for($i=0;$i<ids.length;$i++) {
if (ids[$i]=='c11'||ids[$i]=='c21'||ids[$i]=='c31'||ids[$i]=='c41'||ids[$i]=='c51') {
document.getElementById(ids[$i]).checked=false;
}
document.getElementById(ids[$i]).disabled=true;
}
}
function hesk_attach_enable(ids) {
for($i=0;$i<ids.length;$i++) {
document.getElementById(ids[$i]).disabled=false;
}
}
function hesk_attach_toggle(control,ids) {
if (document.getElementById(control).checked) {
hesk_attach_enable(ids);
} else {
hesk_attach_disable(ids);
}
}
function hesk_window(PAGE,HGT,WDT)
{
var HeskWin = window.open(PAGE,"Hesk_window","height="+HGT+",width="+WDT+",menubar=0,location=0,toolbar=0,status=0,resizable=1,scrollbars=1");
HeskWin.focus();
}
function hesk_toggleLayerDisplay(nr) {
if (document.all)
document.all[nr].style.display = (document.all[nr].style.display == 'none') ? 'block' : 'none';
else if (document.getElementById)
document.getElementById(nr).style.display = (document.getElementById(nr).style.display == 'none') ? 'block' : 'none';
}
function hesk_confirmExecute(myText) {
if (confirm(myText))
{
return true;
}
return false;
}
function hesk_deleteIfSelected(myField,myText) {
if(document.getElementById(myField).checked)
{
return hesk_confirmExecute(myText);
}
}
function hesk_rate(url,element_id)
{
if (url.length==0)
{
return false;
}
var element = document.getElementById(element_id);
xmlHttp=GetXmlHttpObject();
if (xmlHttp==null)
{
alert ("Your browser does not support AJAX!");
return;
}
xmlHttp.open("GET",url,true);
xmlHttp.onreadystatechange = function()
{
if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
{
element.innerHTML = xmlHttp.responseText;
}
}
xmlHttp.send(null);
}
function stateChanged()
{
if (xmlHttp.readyState==4)
{
document.getElementById("rating").innerHTML=xmlHttp.responseText;
}
}
function GetXmlHttpObject()
{
var xmlHttp=null;
try
{
// Firefox, Opera 8.0+, Safari
xmlHttp=new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer
try
{
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
}
}
return xmlHttp;
}
var heskKBquery = '';
var heskKBfailed = false;
function hesk_suggestKB()
{
var d = document.form1;
var s = d.subject.value;
var m = d.message.value;
var element = document.getElementById('kb_suggestions');
if (s != '' && m != '' && (heskKBquery != s + " " + m || heskKBfailed == true) )
{
element.style.display = 'block';
var params = "p=1&" + "q=" + encodeURIComponent( s + " " + m );
heskKBquery = s + " " + m;
xmlHttp=GetXmlHttpObject();
if (xmlHttp==null)
{
return;
}
xmlHttp.open('POST','suggest_articles.php',true);
xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlHttp.onreadystatechange = function()
{
if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
{
element.innerHTML = xmlHttp.responseText;
heskKBfailed = false;
}
else
{
heskKBfailed = true;
}
}
xmlHttp.send(params);
}
setTimeout('hesk_suggestKB();', 2000);
}
function hesk_suggestKBsearch(isAdmin)
{
var d = document.searchform;
var s = d.search.value;
var element = document.getElementById('kb_suggestions');
if (isAdmin)
{
var path = 'admin_suggest_articles.php';
}
else
{
var path = 'suggest_articles.php';
}
if (s != '' && (heskKBquery != s || heskKBfailed == true) )
{
element.style.display = 'block';
var params = "q=" + encodeURIComponent( s );
heskKBquery = s;
xmlHttp=GetXmlHttpObject();
if (xmlHttp==null)
{
return;
}
xmlHttp.open('POST', path, true);
xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlHttp.onreadystatechange = function()
{
if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
{
element.innerHTML = unescape(xmlHttp.responseText);
heskKBfailed = false;
}
else
{
heskKBfailed = true;
}
}
xmlHttp.send(params);
}
setTimeout('hesk_suggestKBsearch('+isAdmin+');', 2000);
}
function hesk_suggestEmail(isAdmin)
{
var email = document.form1.email.value;
var element = document.getElementById('email_suggestions');
if (isAdmin)
{
var path = '../suggest_email.php';
}
else
{
var path = 'suggest_email.php';
}
if (email != '')
{
var params = "e=" + encodeURIComponent( email );
xmlHttp=GetXmlHttpObject();
if (xmlHttp==null)
{
return;
}
xmlHttp.open('POST', path, true);
xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlHttp.onreadystatechange = function()
{
if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
{
element.innerHTML = unescape(xmlHttp.responseText);
element.style.display = 'block';
}
}
xmlHttp.send(params);
}
}
function hesk_btn(Elem, myClass)
{
Elem.className = myClass;
}
function hesk_checkPassword(password)
{
var numbers = "0123456789";
var lowercase = "abcdefghijklmnopqrstuvwxyz";
var uppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
var punctuation = "!.@$L#*()%~<>{}[]";
var combinations = 0;
if (hesk_contains(password, numbers) > 0) {
combinations += 10;
}
if (hesk_contains(password, lowercase) > 0) {
combinations += 26;
}
if (hesk_contains(password, uppercase) > 0) {
combinations += 26;
}
if (hesk_contains(password, punctuation) > 0) {
combinations += punctuation.length;
}
var totalCombinations = Math.pow(combinations, password.length);
var timeInSeconds = (totalCombinations / 200) / 2;
var timeInDays = timeInSeconds / 86400
var lifetime = 3650;
var percentage = timeInDays / lifetime;
var friendlyPercentage = hesk_cap(Math.round(percentage * 100), 98);
if (friendlyPercentage < (password.length * 5)) {
friendlyPercentage += password.length * 5;
}
var friendlyPercentage = hesk_cap(friendlyPercentage, 98);
var progressBar = document.getElementById("progressBar");
progressBar.style.width = friendlyPercentage + "%";
if (percentage > 1) {
// strong password
progressBar.classList.remove('progress-bar-danger');
progressBar.classList.remove('progress-bar-warning');
progressBar.classList.add('progress-bar-success');
return;
}
if (percentage > 0.5) {
// reasonable password
progressBar.classList.remove('progress-bar-danger');
progressBar.classList.remove('progress-bar-success');
progressBar.classList.add('progress-bar-warning');
return;
}
if (percentage > 0.10 || percentage <= 0.10) {
// weak password
progressBar.classList.remove('progress-bar-warning');
progressBar.classList.remove('progress-bar-success');
progressBar.classList.add('progress-bar-danger');
return;
}
}
function hesk_cap(number, max) {
if (number > max) {
return max;
} else {
return number;
}
}
function hesk_contains(password, validChars) {
count = 0;
for (i = 0; i < password.length; i++) {
var char = password.charAt(i);
if (validChars.indexOf(char) > -1) {
count++;
}
}
return count;
}
function setCookie(name, value, expires, path, domain, secure)
{
document.cookie= name + "=" + escape(value) +
((expires) ? "; expires=" + expires.toGMTString() : "") +
((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "") +
((secure) ? "; secure" : "");
}
function getCookie(name)
{
var dc = document.cookie;
var prefix = name + "=";
var begin = dc.indexOf("; " + prefix);
if (begin == -1) {
begin = dc.indexOf(prefix);
if (begin != 0) return null;
} else {
begin += 2;
}
var end = document.cookie.indexOf(";", begin);
if (end == -1) {
end = dc.length;
}
return unescape(dc.substring(begin + prefix.length, end));
}
function deleteCookie(name, path, domain)
{
if (getCookie(name)) {
document.cookie = name + "=" +
((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "") +
"; expires=Thu, 01-Jan-70 00:00:01 GMT";
}
}

25
hesk_style_v25.css → hesk_style.css
Unescape Escape View File

@ -14,7 +14,7 @@ table.enclosing {
color : #4a5571;
font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
font-size: 12px;
width: 770px;
width: 960px;
}
@ -216,7 +216,7 @@ fieldset {
background-color:white;
position:relative;
display:block;
padding: 0px 10px 10px 10px;
padding: 15px 10px 10px 10px;
margin:20px 0px 20px 0px;
}
@ -232,10 +232,8 @@ legend {
background-position: left top;
display:block;
width: auto;
padding:4px 5px;
margin:0px 0px 10px 0px;
padding:5px 5px;
position:relative;
top: -12px;
width:130px;
}
@ -551,10 +549,25 @@ td.admin_critical {
font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
font-size: 11px;
border: 1px solid #ff66ff;
border-top: 2px dashed #ff66ff;
padding: 1px;
}
/* New styles in HESK version 2.6 */
div.info {
border: 1px solid #9acfea;
background: #d9edf7;
color: #363636;
padding: 10px;
vertical-align: middle;
}
div.none {
color: #363636;
padding: 10px;
vertical-align: middle;
}
.isError {
color: black;
background-color: #fff9f7;

25
hesk_style_v25RTL.css → hesk_style_RTL.css
Unescape Escape View File

@ -14,7 +14,7 @@ table.enclosing {
color : #4a5571;
font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
font-size: 12px;
width: 770px;
width: 960px;
}
@ -216,7 +216,7 @@ fieldset {
background-color:white;
position:relative;
display:block;
padding: 0px 10px 10px 10px;
padding: 15px 10px 10px 10px;
margin:20px 0px 20px 0px;
}
@ -232,10 +232,8 @@ legend {
background-position: right top;
display:block;
width: auto;
padding:4px 5px;
margin:0px 0px 10px 0px;
padding:5px 5px;
position:relative;
top: -12px;
width:130px;
}
@ -551,7 +549,6 @@ td.admin_critical {
font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
font-size: 11px;
border: 1px solid #ff66ff;
border-top: 2px dashed #ff66ff;
padding: 1px;
}
@ -691,6 +688,22 @@ td.admin_yellow {
padding: 1px;
}
/* New styles in HESK version 2.6 */
div.info {
border: 1px solid #9acfea;
background: #d9edf7;
color: #363636;
padding: 10px;
vertical-align: middle;
}
div.none {
color: #363636;
padding: 10px;
vertical-align: middle;
}
/* New styles in HESK version 2.5 */
.kb_published {

738
inc/admin_functions.inc.php
Unescape Escape View File

@ -0,0 +1,738 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
// Possible fields to be displayed in ticket list
$hesk_settings['possible_ticket_list'] = array(
'id' => $hesklang['id'],
'trackid' => $hesklang['trackID'],
'dt' => $hesklang['submitted'],
'lastchange' => $hesklang['last_update'],
'category' => $hesklang['category'],
'name' => $hesklang['name'],
'email' => $hesklang['email'],
'subject' => $hesklang['subject'],
'status' => $hesklang['status'],
'owner' => $hesklang['owner'],
'replies' => $hesklang['replies'],
'staffreplies' => $hesklang['replies'] . ' (' . $hesklang['staff'] .')',
'lastreplier' => $hesklang['last_replier'],
'time_worked' => $hesklang['ts'],
);
// Also possible to display all custom fields
for ($i=1;$i<=20;$i++)
{
if ($hesk_settings['custom_fields']['custom'.$i]['use'])
{
$hesk_settings['possible_ticket_list']['custom'.$i] = $hesk_settings['custom_fields']['custom'.$i]['name'];
}
}
/*** FUNCTIONS ***/
function hesk_show_column($column)
{
global $hesk_settings;
return in_array($column, $hesk_settings['ticket_list']) ? true : false;
} // END hesk_show_column()
function hesk_getHHMMSS($in)
{
$in = hesk_getTime($in);
return explode(':', $in);
} // END hesk_getHHMMSS();
function hesk_getTime($in)
{
$in = trim($in);
/* If everything is OK this simple check should return true */
if ( preg_match('/^([0-9]{2,3}):([0-5][0-9]):([0-5][0-9])$/', $in) )
{
return $in;
}
/* No joy, let's try to figure out the correct values to use... */
$h = 0;
$m = 0;
$s = 0;
/* How many parts do we have? */
$parts = substr_count($in, ':');
switch ($parts)
{
/* Only two parts, let's assume minutes and seconds */
case 1:
list($m, $s) = explode(':', $in);
break;
/* Three parts, so explode to hours, minutes and seconds */
case 2:
list($h, $m, $s) = explode(':', $in);
break;
/* Something other was entered, let's assume just minutes */
default:
$m = $in;
}
/* Make sure all inputs are integers */
$h = intval($h);
$m = intval($m);
$s = intval($s);
/* Convert seconds to minutes if 60 or more seconds */
if ($s > 59)
{
$m = floor($s / 60) + $m;
$s = intval($s % 60);
}
/* Convert minutes to hours if 60 or more minutes */
if ($m > 59)
{
$h = floor($m / 60) + $h;
$m = intval($m % 60);
}
/* MySQL accepts max time value of 838:59:59 */
if ($h > 838)
{
return '838:59:59';
}
/* That's it, let's send out formatted time string */
return str_pad($h, 2, "0", STR_PAD_LEFT) . ':' . str_pad($m, 2, "0", STR_PAD_LEFT) . ':' . str_pad($s, 2, "0", STR_PAD_LEFT);
} // END hesk_getTime();
function hesk_mergeTickets($merge_these, $merge_into)
{
global $hesk_settings, $hesklang, $hesk_db_link;
/* Target ticket must not be in the "merge these" list */
if ( in_array($merge_into, $merge_these) )
{
$merge_these = array_diff($merge_these, array( $merge_into ) );
}
/* At least 1 ticket needs to be merged with target ticket */
if ( count($merge_these) < 1 )
{
$_SESSION['error'] = $hesklang['merr1'];
return false;
}
/* Make sure target ticket exists */
$res = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($merge_into)."' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
$_SESSION['error'] = $hesklang['merr2'];
return false;
}
$ticket = hesk_dbFetchAssoc($res);
/* Make sure user has access to ticket category */
if ( ! hesk_okCategory($ticket['category'], 0) )
{
$_SESSION['error'] = $hesklang['merr3'];
return false;
}
/* Set some variables for later */
$merge['attachments'] = '';
$merge['replies'] = array();
$merge['notes'] = array();
$sec_worked = 0;
$history = '';
$merged = '';
/* Get messages, replies, notes and attachments of tickets that will be merged */
foreach ($merge_these as $this_id)
{
/* Validate ID */
if ( is_array($this_id) )
{
continue;
}
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
/* Get required ticket information */
$res = hesk_dbQuery("SELECT `id`,`trackid`,`category`,`name`,`message`,`dt`,`time_worked`,`attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
continue;
}
$row = hesk_dbFetchAssoc($res);
/* Has this user access to the ticket category? */
if ( ! hesk_okCategory($row['category'], 0) )
{
continue;
}
/* Insert ticket message as a new reply to target ticket */
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($row['name'])."','".hesk_dbEscape($row['message'])."','".hesk_dbEscape($row['dt'])."','".hesk_dbEscape($row['attachments'])."')");
/* Update attachments */
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` SET `ticket_id`='".hesk_dbEscape($ticket['trackid'])."' WHERE `ticket_id`='".hesk_dbEscape($row['trackid'])."'");
/* Get old ticket replies and insert them as new replies */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($row['id'])."' ORDER BY `id` ASC");
while ( $reply = hesk_dbFetchAssoc($res) )
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`,`rating`,`read`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($reply['name'])."','".hesk_dbEscape($reply['message'])."','".hesk_dbEscape($reply['dt'])."','".hesk_dbEscape($reply['attachments'])."','".intval($reply['staffid'])."','".intval($reply['rating'])."','".intval($reply['read'])."')");
}
/* Delete replies to the old ticket */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($row['id'])."'");
/* Get old ticket notes and insert them as new notes */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($row['id'])."' ORDER BY `id` ASC");
while ( $note = hesk_dbFetchAssoc($res) )
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`,`attachments`) VALUES ('".intval($ticket['id'])."','".intval($note['who'])."','".hesk_dbEscape($note['dt'])."','".hesk_dbEscape($note['message'])."','".hesk_dbEscape($note['attachments'])."')");
}
/* Delete replies to the old ticket */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($row['id'])."'");
/* Delete old ticket */
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($row['id'])."'");
/* Log that ticket has been merged */
$history .= sprintf($hesklang['thist13'],hesk_date(),$row['trackid'],$_SESSION['name'].' ('.$_SESSION['user'].')');
/* Add old ticket ID to target ticket "merged" field */
$merged .= '#' . $row['trackid'];
/* Convert old ticket "time worked" to seconds and add to $sec_worked variable */
list ($hr, $min, $sec) = explode(':', $row['time_worked']);
$sec_worked += (((int)$hr) * 3600) + (((int)$min) * 60) + ((int)$sec);
}
/* Convert seconds to HHH:MM:SS */
$sec_worked = hesk_getTime('0:'.$sec_worked);
// Get number of replies
$total = 0;
$staffreplies = 0;
$res = hesk_dbQuery("SELECT COUNT(*) as `cnt`, `staffid` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`=".intval($ticket['id'])." GROUP BY CASE WHEN `staffid` = 0 THEN 0 ELSE 1 END ASC");
while ( $row = hesk_dbFetchAssoc($res) )
{
$total += $row['cnt'];
$staffreplies += ($row['staffid'] ? $row['cnt'] : 0);
}
$replies_sql = " `replies`={$total}, `staffreplies`={$staffreplies} , ";
// Get first staff reply
if ($staffreplies)
{
$res = hesk_dbQuery("SELECT `dt`, `staffid` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`=".intval($ticket['id'])." AND `staffid`>0 ORDER BY `dt` ASC LIMIT 1");
$reply = hesk_dbFetchAssoc($res);
$replies_sql = " `firstreply`='".hesk_dbEscape($reply['dt'])."', `firstreplyby`=".intval($reply['staffid'])." , ";
}
/* Update history (log) and merged IDs of target ticket */
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET $replies_sql `time_worked`=ADDTIME(`time_worked`, '".hesk_dbEscape($sec_worked)."'), `merged`=CONCAT(`merged`,'".hesk_dbEscape($merged . '#')."'), `history`=CONCAT(`history`,'".hesk_dbEscape($history)."') WHERE `id`='".intval($merge_into)."' LIMIT 1");
return true;
} // END hesk_mergeTickets()
function hesk_updateStaffDefaults()
{
global $hesk_settings, $hesklang;
// Demo mode
if ( defined('HESK_DEMO') )
{
return true;
}
// Remove the part that forces saving as default - we don't need it every time
$default_list = str_replace('&def=1','',$_SERVER['QUERY_STRING']);
// Update database
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `default_list`='".hesk_dbEscape($default_list)."' WHERE `id`='".intval($_SESSION['id'])."'");
// Update session values so the changes take effect immediately
$_SESSION['default_list'] = $default_list;
return true;
} // END hesk_updateStaffDefaults()
function hesk_makeJsString($in)
{
return addslashes(preg_replace("/\s+/",' ',$in));
} // END hesk_makeJsString()
function hesk_checkNewMail()
{
global $hesk_settings, $hesklang;
$res = hesk_dbQuery("SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `to`='".intval($_SESSION['id'])."' AND `read`='0' AND `deletedby`!='".intval($_SESSION['id'])."' ");
$num = hesk_dbResult($res,0,0);
return $num;
} // END hesk_checkNewMail()
function hesk_getCategoriesArray($kb = 0) {
global $hesk_settings, $hesklang, $hesk_db_link;
$categories = array();
if ($kb)
{
$result = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` ORDER BY `cat_order` ASC');
}
else
{
$result = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` ORDER BY `cat_order` ASC');
}
while ($row=hesk_dbFetchAssoc($result))
{
$categories[$row['id']] = $row['name'];
}
return $categories;
} // END hesk_getCategoriesArray()
function hesk_getHTML($in)
{
global $hesk_settings, $hesklang;
$replace_from = array("\t","<?","?>","$","<%","%>");
$replace_to = array("","&lt;?","?&gt;","\$","&lt;%","%&gt;");
$in = trim($in);
$in = str_replace($replace_from,$replace_to,$in);
$in = preg_replace('/\<script(.*)\>(.*)\<\/script\>/Uis',"<script$1></script>",$in);
$in = preg_replace('/\<\!\-\-(.*)\-\-\>/Uis',"<!-- comments have been removed -->",$in);
if (HESK_SLASH === true)
{
$in = addslashes($in);
}
$in = str_replace('\"','"',$in);
return $in;
} // END hesk_getHTML()
function hesk_autoLogin($noredirect=0)
{
global $hesk_settings, $hesklang, $hesk_db_link;
if (!$hesk_settings['autologin'])
{
return false;
}
$user = hesk_htmlspecialchars( hesk_COOKIE('hesk_username') );
$hash = hesk_htmlspecialchars( hesk_COOKIE('hesk_p') );
define('HESK_USER', $user);
if (empty($user) || empty($hash))
{
return false;
}
/* Login cookies exist, now lets limit brute force attempts */
hesk_limitBfAttempts();
/* Check username */
$result = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `user` = '".hesk_dbEscape($user)."' LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login&notice=1');
exit();
}
$res=hesk_dbFetchAssoc($result);
foreach ($res as $k=>$v)
{
$_SESSION[$k]=$v;
}
/* Check password */
if ($hash != hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']) )
{
setcookie('hesk_username', '');
setcookie('hesk_p', '');
header('Location: index.php?a=login&notice=1');
exit();
}
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079')
{
hesk_process_messages($hesklang['chdp'],'NOREDIRECT','NOTICE');
}
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Get allowed categories */
if (empty($_SESSION['isadmin']))
{
$_SESSION['categories']=explode(',',$_SESSION['categories']);
}
/* Renew cookies */
setcookie('hesk_username', "$user", strtotime('+1 year'));
setcookie('hesk_p', "$hash", strtotime('+1 year'));
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose'])
{
$revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']);
$dt = date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400);
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed'])
{
// Get list of tickets
$result = hesk_dbQuery("SELECT * FROM `".$hesk_settings['db_pfix']."tickets` WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' ");
if (hesk_dbNumRows($result) > 0)
{
global $ticket;
// Load required functions?
if ( ! function_exists('hesk_notifyCustomer') )
{
require(HESK_PATH . 'inc/email_functions.inc.php');
}
while ($ticket = hesk_dbFetchAssoc($result))
{
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
hesk_notifyCustomer('ticket_closed');
}
}
}
// Update ticket statuses and history in database
hesk_dbQuery("UPDATE `".$hesk_settings['db_pfix']."tickets` SET `status`='3', `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' ");
}
/* If session expired while a HESK page is open just continue using it, don't redirect */
if ($noredirect)
{
return true;
}
/* Redirect to the destination page */
header('Location: ' . hesk_verifyGoto() );
exit();
} // END hesk_autoLogin()
function hesk_isLoggedIn()
{
global $hesk_settings;
$referer = hesk_input($_SERVER['REQUEST_URI']);
$referer = str_replace('&amp;','&',$referer);
if (empty($_SESSION['id']))
{
if ($hesk_settings['autologin'] && hesk_autoLogin(1) )
{
// Users online
if ($hesk_settings['online'])
{
require(HESK_PATH . 'inc/users_online.inc.php');
hesk_initOnline($_SESSION['id']);
}
return true;
}
$url = 'index.php?a=login&notice=1&goto='.urlencode($referer);
header('Location: '.$url);
exit();
}
else
{
hesk_session_regenerate_id();
// Need to update permissions?
if ( empty($_SESSION['isadmin']) )
{
$res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `".$hesk_settings['db_pfix']."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
$me = hesk_dbFetchAssoc($res);
foreach ($me as $k => $v)
{
$_SESSION[$k]=$v;
}
// Get allowed categories
if (empty($_SESSION['isadmin']) )
{
$_SESSION['categories']=explode(',',$_SESSION['categories']);
}
}
else
{
hesk_session_stop();
$url = 'index.php?a=login&notice=1&goto='.urlencode($referer);
header('Location: '.$url);
exit();
}
}
// Users online
if ($hesk_settings['online'])
{
require(HESK_PATH . 'inc/users_online.inc.php');
hesk_initOnline($_SESSION['id']);
}
return true;
}
} // END hesk_isLoggedIn()
function hesk_verifyGoto()
{
// Default redirect URL
$url_default = 'admin_main.php';
// If no "goto" parameter is set, redirect to the default page
if ( ! hesk_isREQUEST('goto') )
{
return $url_default;
}
// Get the "goto" parameter
$url = hesk_REQUEST('goto');
// Fix encoded "&"
$url = str_replace('&amp;', '&', $url);
// Parse the URL for verification
$url_parts = parse_url($url);
// The "path" part is required
if ( ! isset($url_parts['path']) )
{
return $url_default;
}
// Extract the file name from path
$url = basename($url_parts['path']);
// Allowed files for redirect
$OK_urls = array(
'admin_main.php' => '',
'admin_settings.php' => '',
'admin_settings_save.php' => 'admin_settings.php',
'admin_ticket.php' => '',
'archive.php' => '',
'assign_owner.php' => '',
'change_status.php' => '',
'edit_post.php' => '',
'export.php' => '',
'find_tickets.php' => '',
'generate_spam_question.php' => '',
'knowledgebase_private.php' => '',
'lock.php' => '',
'mail.php' => '',
'manage_canned.php' => '',
'manage_categories.php' => '',
'manage_knowledgebase.php' => '',
'manage_users.php' => '',
'new_ticket.php' => '',
'profile.php' => '',
'reports.php' => '',
'show_tickets.php' => '',
);
// URL must match one of the allowed ones
if ( ! isset($OK_urls[$url]) )
{
return $url_default;
}
// Modify redirect?
if ( strlen($OK_urls[$url]) )
{
$url = $OK_urls[$url];
}
// All OK, return the URL with query if set
return isset($url_parts['query']) ? $url.'?'.$url_parts['query'] : $url;
} // END hesk_verifyGoto()
function hesk_Pass2Hash($plaintext) {
$majorsalt = '';
$len = strlen($plaintext);
for ($i=0;$i<$len;$i++)
{
$majorsalt .= sha1(substr($plaintext,$i,1));
}
$corehash = sha1($majorsalt);
return $corehash;
} // END hesk_Pass2Hash()
function hesk_formatDate($dt, $from_database=true)
{
$dt=hesk_date($dt, $from_database);
$dt=str_replace(' ','<br />',$dt);
return $dt;
} // End hesk_formatDate()
function hesk_jsString($str)
{
$str = str_replace( array('\'','<br />') , array('\\\'','') ,$str);
$from = array("/\r\n|\n|\r/", '/\<a href="mailto\:([^"]*)"\>([^\<]*)\<\/a\>/i', '/\<a href="([^"]*)" target="_blank"\>([^\<]*)\<\/a\>/i');
$to = array("\\r\\n' + \r\n'", "$1", "$1");
return preg_replace($from,$to,$str);
} // END hesk_jsString()
function hesk_myCategories($what='category')
{
if ( ! empty($_SESSION['isadmin']) )
{
return '1';
}
else
{
return " `".hesk_dbEscape($what)."` IN ('" . implode("','", array_map('intval', $_SESSION['categories']) ) . "')";
}
} // END hesk_myCategories()
function hesk_okCategory($cat,$error=1,$user_isadmin=false,$user_cat=false)
{
global $hesklang;
/* Checking for current user or someone else? */
if ($user_isadmin === false)
{
$user_isadmin = $_SESSION['isadmin'];
}
if ($user_cat === false)
{
$user_cat = $_SESSION['categories'];
}
/* Is admin? */
if ($user_isadmin)
{
return true;
}
/* Staff with access? */
elseif (in_array($cat,$user_cat))
{
return true;
}
/* No access */
else
{
if ($error)
{
hesk_error($hesklang['not_authorized_tickets']);
}
else
{
return false;
}
}
} // END hesk_okCategory()
function hesk_checkPermission($feature,$showerror=1) {
global $hesklang;
/* Admins have full access to all features */
if ($_SESSION['isadmin'])
{
return true;
}
/* Check other staff for permissions */
if (strpos($_SESSION['heskprivileges'], $feature) === false)
{
if ($showerror)
{
hesk_error($hesklang['no_permission'].'<p>&nbsp;</p><p align="center"><a href="index.php">'.$hesklang['click_login'].'</a>');
}
else
{
return false;
}
}
else
{
return true;
}
} // END hesk_checkPermission()

222
inc/common.inc.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -63,6 +63,66 @@ hesk_getLanguage();
/*** FUNCTIONS ***/
function hesk_service_message($sm)
{
$faIcon = "";
switch ($sm['style'])
{
case 1:
$style = "alert alert-success";
$faIcon = "fa fa-check-circle";
break;
case 2:
$style = "alert alert-info";
$faIcon = "fa fa-comment";
break;
case 3:
$style = "alert alert-warning";
$faIcon = "fa fa-exclamation-triangle";
break;
case 4:
$style = "alert alert-danger";
$faIcon = "fa fa-times-circle";
break;
default:
$style = "none";
}
?>
<div class="<?php echo $style; ?>">
<?php echo $style == 'none' ? '' : '<i class="'.$faIcon.'"></i> '; ?>
<b><?php echo $sm['title']; ?></b><?php echo $sm['message']; ?>
</div>
<br />
<?php
} // END hesk_service_message()
function hesk_isBannedIP($ip)
{
global $hesk_settings, $hesklang, $hesk_db_link;
$ip = ip2long($ip) or $ip = 0;
$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE {$ip} BETWEEN `ip_from` AND `ip_to` LIMIT 1");
return ( hesk_dbNumRows($res) == 1 ) ? hesk_dbResult($res) : false;
} // END hesk_isBannedIP()
function hesk_isBannedEmail($email)
{
global $hesk_settings, $hesklang, $hesk_db_link;
$email = strtolower($email);
$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_emails` WHERE `email` IN ('".hesk_dbEscape($email)."', '".hesk_dbEscape( substr($email, strrpos($email, "@") ) )."') LIMIT 1");
return ( hesk_dbNumRows($res) == 1 ) ? hesk_dbResult($res) : false;
} // END hesk_isBannedEmail()
function hesk_clean_utf8($in)
{
@ -127,6 +187,11 @@ function hesk_POST($in, $default = '')
return isset($_POST[$in]) && ! is_array($_POST[$in]) ? $_POST[$in] : $default;
} // END hesk_POST()
function hesk_POST_array($in, $default = array() )
{
return isset($_POST[$in]) && is_array($_POST[$in]) ? $_POST[$in] : $default;
} // END hesk_POST_array()
function hesk_REQUEST($in, $default = false)
{
@ -559,7 +624,13 @@ function hesk_limitBfAttempts($showError=1)
{
global $hesk_settings, $hesklang;
/* If this feature is disabled or already called, return false */
// Check if this IP is banned permanently
if ( hesk_isBannedIP($_SERVER['REMOTE_ADDR']) )
{
hesk_error($hesklang['baned_ip'], 0);
}
/* If this feature is disabled or already called, return false */
if ( ! $hesk_settings['attempt_limit'] || defined('HESK_BF_LIMIT') )
{
return false;
@ -571,7 +642,7 @@ function hesk_limitBfAttempts($showError=1)
$ip = $_SERVER['REMOTE_ADDR'];
/* Get number of failed attempts from the database */
$res = hesk_dbQuery("SELECT `number`, (CASE WHEN `last_attempt` IS NOT NULL AND DATE_ADD( last_attempt, INTERVAL " . hesk_dbEscape($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW( ) THEN 1 ELSE 0 END) AS `banned` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape($ip)."' LIMIT 1");
$res = hesk_dbQuery("SELECT `number`, (CASE WHEN `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE ) > NOW() THEN 1 ELSE 0 END) AS `banned` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape($ip)."' LIMIT 1");
/* Not in the database yet? Add first one and return false */
if (hesk_dbNumRows($res) != 1)
@ -702,6 +773,9 @@ function hesk_process_messages($message,$redirect_to,$type='ERROR')
case 'NOTICE':
$_SESSION['HESK_NOTICE'] = TRUE;
break;
case 'INFO':
$_SESSION['HESK_INFO'] = TRUE;
break;
default:
$_SESSION['HESK_ERROR'] = TRUE;
}
@ -741,6 +815,10 @@ function hesk_handle_messages()
{
hesk_show_notice($_SESSION['HESK_MESSAGE']);
}
elseif ( isset($_SESSION['HESK_INFO']) )
{
hesk_show_info($_SESSION['HESK_MESSAGE']);
}
hesk_cleanSessionVars('HESK_MESSAGE');
}
@ -749,6 +827,7 @@ function hesk_handle_messages()
hesk_cleanSessionVars('HESK_ERROR');
hesk_cleanSessionVars('HESK_SUCCESS');
hesk_cleanSessionVars('HESK_NOTICE');
hesk_cleanSessionVars('HESK_INFO');
// Secondary message
if ( isset($_SESSION['HESK_2ND_NOTICE']) && isset($_SESSION['HESK_2ND_MESSAGE']) )
@ -762,39 +841,54 @@ function hesk_handle_messages()
} // END hesk_handle_messages()
function hesk_show_error($message,$title='') {
function hesk_show_error($message,$title='',$append_colon=true) {
global $hesk_settings, $hesklang;
$title = $title ? $title : $hesklang['error'];
$title = $append_colon ? $title . ':' : $title;
?>
<div align="left" class="alert alert-danger">
<b><?php echo $title; ?>:</b> <?php echo $message; ?>
<b><?php echo $title; ?></b> <?php echo $message; ?>
</div>
<?php
} // END hesk_show_error()
function hesk_show_success($message,$title='') {
function hesk_show_success($message,$title='',$append_colon=true) {
global $hesk_settings, $hesklang;
$title = $title ? $title : $hesklang['success'];
$title = $append_colon ? $title . ':' : $title;
?>
<div align="left" class="alert alert-success">
<b><?php echo $title; ?>:</b> <?php echo $message; ?>
<b><?php echo $title; ?></b> <?php echo $message; ?>
</div>
<?php
} // END hesk_show_success()
function hesk_show_notice($message,$title='') {
function hesk_show_notice($message,$title='',$append_colon=true) {
global $hesk_settings, $hesklang;
$title = $title ? $title : $hesklang['note'];
$title = $append_colon ? $title . ':' : $title;
?>
<div class="alert alert-warning">
<b><?php echo $title; ?>:</b> <?php echo $message; ?>
<b><?php echo $title; ?></b> <?php echo $message; ?>
</div>
<br />
<?php
} // END hesk_show_notice()
function hesk_show_info($message,$title='',$append_colon=true)
{
global $hesk_settings, $hesklang;
$title = $title ? $title : $hesklang['info'];
$title = $append_colon ? $title . ':' : $title;
?>
<div class="info">
<img src="<?php echo HESK_PATH; ?>img/info.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" />
<b><?php echo $title; ?></b> <?php echo $message; ?>
</div>
<br />
<?php
} // END hesk_show_info()
function hesk_token_echo($do_echo = 1)
{
@ -1080,7 +1174,7 @@ function hesk_returnLanguage()
} // END hesk_returnLanguage()
function hesk_date($dt='', $from_database=false)
function hesk_date($dt='', $from_database=false, $is_str=true, $return_str=true)
{
global $hesk_settings;
@ -1088,7 +1182,7 @@ function hesk_date($dt='', $from_database=false)
{
$dt = time();
}
else
elseif ($is_str)
{
$dt = strtotime($dt);
}
@ -1117,7 +1211,7 @@ function hesk_date($dt='', $from_database=false)
}
// Return formatted date
return date($hesk_settings['timeformat'], $dt);
return $return_str ? date($hesk_settings['timeformat'], $dt) : $dt;
} // End hesk_date()
@ -1634,6 +1728,56 @@ function hesk_slashArray($a)
return ($a);
} // END hesk_slashArray()
function hesk_check_kb_only($redirect = true)
{
global $hesk_settings;
if ($hesk_settings['kb_enable'] != 2)
{
return false;
}
elseif ($redirect)
{
header('Location:knowledgebase.php');
exit;
}
else
{
return true;
}
} // END hesk_check_kb_only()
function hesk_check_maintenance($dodie = true)
{
global $hesk_settings, $hesklang;
// No maintenance mode - return true
if ( ! $hesk_settings['maintenance_mode'] && ! is_dir(HESK_PATH . 'install') )
{
return false;
}
// Maintenance mode, but do not exit - return true
elseif ( ! $dodie)
{
return true;
}
// Maintenance mode - show notice and exit
require_once(HESK_PATH . 'inc/header.inc.php');
?>
<div class="alert alert-warning" style="margin: 20px">
<i class="fa fa-exclamation-triangle"></i>
<b><?php echo $hesklang['mm1']; ?></b><br /><br />
<?php echo $hesklang['mm2']; ?><br /><br />
<?php echo $hesklang['mm3']; ?>
</div>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
} // END hesk_check_maintenance()
function hesk_error($error,$showback=1) {
global $hesk_settings, $hesklang;
@ -1709,3 +1853,55 @@ function hesk_round_to_half($num)
return $half;
}
} // END hesk_round_to_half()
function hesk_dateToString($dt, $returnName=1, $returnTime=0, $returnMonth=0, $from_database=false)
{
global $hesk_settings, $hesklang;
$dt = strtotime($dt);
// Adjust MySQL time if different from PHP time
if ($from_database)
{
if ( ! defined('MYSQL_TIME_DIFF') )
{
define('MYSQL_TIME_DIFF', time()-hesk_dbTime() );
}
if (MYSQL_TIME_DIFF != 0)
{
$dt += MYSQL_TIME_DIFF;
}
// Add HESK set time difference
$dt += 3600*$hesk_settings['diff_hours'] + 60*$hesk_settings['diff_minutes'];
// Daylight saving?
if ($hesk_settings['daylight'] && date('I', $dt))
{
$dt += 3600;
}
}
list($y,$m,$n,$d,$G,$i,$s) = explode('-', date('Y-n-j-w-G-i-s', $dt) );
$m = $hesklang['m'.$m];
$d = $hesklang['d'.$d];
if ($returnName)
{
return "$d, $m $n, $y";
}
if ($returnTime)
{
return "$d, $m $n, $y $G:$i:$s";
}
if ($returnMonth)
{
return "$m $y";
}
return "$m $n, $y";
} // End hesk_dateToString()

9
inc/email_functions.inc.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.3 from 16th March 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -244,6 +244,9 @@ function hesk_validEmails()
// --> Verify email
'verify_email' => $hesklang['verify_email'],
// --> Ticket closed
'ticket_closed' => $hesklang['ticket_closed'],
/*** Emails sent to STAFF ***/
@ -265,6 +268,9 @@ function hesk_validEmails()
// --> New note by someone to a ticket assigned to you
'new_note' => $hesklang['new_note'],
// --> Staff password reset email
'reset_password' => $hesklang['reset_password'],
);
} // END hesk_validEmails()
@ -585,6 +591,7 @@ function hesk_getEmailMessage($eml_file, $ticket, $is_admin=0, $is_ticket=1, $ju
$msg = str_replace('%%EMAIL%%', $ticket['email'] ,$msg);
$msg = str_replace('%%CREATED%%', $ticket['dt'] ,$msg);
$msg = str_replace('%%UPDATED%%', $ticket['lastchange'] ,$msg);
$msg = str_replace('%%ID%%', $ticket['id'] ,$msg);
/* All custom fields */
foreach ($hesk_settings['custom_fields'] as $k=>$v)

15
inc/header.inc.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -37,15 +37,16 @@ if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
require(HESK_PATH . 'modsForHesk_settings.inc.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php echo (isset($hesk_settings['tmp_title']) ? $hesk_settings['tmp_title'] : $hesk_settings['hesk_title']); ?></title>
<meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>" />
<meta name="viewport" content="width=device-width, user-scalable=no">
<meta name="theme-color" content="<?php echo $modsForHesk_settings['navbarBackgroundColor']; ?>">
<?php if ($modsForHesk_settings['rtl']) { ?>
<link href="<?php echo HESK_PATH; ?>hesk_style_v25RTL.css" type="text/css" rel="stylesheet" />
<?php } else { ?>
<link href="<?php echo HESK_PATH; ?>hesk_style_v25.css" type="text/css" rel="stylesheet" />
<link href="<?php echo HESK_PATH; ?>hesk_style.css" type="text/css" rel="stylesheet" />
<?php } ?>
<link href="<?php echo HESK_PATH; ?>css/datepicker.css" type="text/css" rel="stylesheet" />
<link href="<?php echo HESK_PATH; ?>css/bootstrap.css" type="text/css" rel="stylesheet" />
@ -59,7 +60,7 @@ require(HESK_PATH . 'modsForHesk_settings.inc.php');
<link href="//netdna.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.css" rel="stylesheet">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/octicons.css" type="text/css">
<script src="<?php echo HESK_PATH; ?>js/jquery-1.10.2.min.js"></script>
<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>hesk_javascript_v25.js"></script>
<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>hesk_javascript.js"></script>
<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap.min.js"></script>
<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/modsForHesk-javascript.js"></script>
<script language="JavaScript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap-datepicker.js"></script>
@ -127,6 +128,12 @@ require(HESK_PATH . 'modsForHesk_settings.inc.php');
$onload .= "ss();";
}
}
// Use ReCaptcha API v2?
if (defined('RECAPTCHA'))
{
echo '<script src="https://www.google.com/recaptcha/api.js?hl='.$hesklang['RECAPTCHA'].'" async defer></script>';
}
?>
</head>

7
inc/headerAdmin.inc.php
Unescape Escape View File

@ -42,10 +42,11 @@ require(HESK_PATH . 'modsForHesk_settings.inc.php');
<title><?php echo (isset($hesk_settings['tmp_title']) ? $hesk_settings['tmp_title'] : $hesk_settings['hesk_title']); ?></title>
<meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>" />
<meta name="viewport" content="width=device-width, user-scalable=no">
<meta name="theme-color" content="<?php echo $modsForHesk_settings['navbarBackgroundColor']; ?>">
<?php if ($modsForHesk_settings['rtl']) { ?>
<link href="<?php echo HESK_PATH; ?>hesk_style_v25RTL.css" type="text/css" rel="stylesheet" />
<link href="<?php echo HESK_PATH; ?>hesk_style_RTL.css" type="text/css" rel="stylesheet" />
<?php } else { ?>
<link href="<?php echo HESK_PATH; ?>hesk_style_v25.css" type="text/css" rel="stylesheet" />
<link href="<?php echo HESK_PATH; ?>hesk_style.css" type="text/css" rel="stylesheet" />
<?php } ?>
<link href="<?php echo HESK_PATH; ?>css/datepicker.css" type="text/css" rel="stylesheet" />
<link href="<?php echo HESK_PATH; ?>css/bootstrap.css" type="text/css" rel="stylesheet" />
@ -59,7 +60,7 @@ require(HESK_PATH . 'modsForHesk_settings.inc.php');
<link href="//netdna.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.css" rel="stylesheet">
<link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/octicons.css" type="text/css">
<script src="<?php echo HESK_PATH; ?>js/jquery-1.10.2.min.js"></script>
<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>hesk_javascript_v25.js"></script>
<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>hesk_javascript.js"></script>
<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/modsForHesk-javascript.js"></script>
<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap.min.js"></script>
<script language="JavaScript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap-datepicker.js"></script>

6
inc/knowledgebase_functions.inc.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -99,7 +99,7 @@ function hesk_kbTopArticles($how_many, $index = 1)
<?php
/* Get list of articles from the database */
$res = hesk_dbQuery("SELECT `t1`.* FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
$res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`subject`,`t1`.`views` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`
WHERE `t1`.`type`='0' AND `t2`.`type`='0'
ORDER BY `t1`.`sticky` DESC, `t1`.`views` DESC, `t1`.`art_order` ASC LIMIT ".intval($how_many));
@ -116,7 +116,7 @@ function hesk_kbTopArticles($how_many, $index = 1)
<?php
/* Get list of articles from the database */
$res = hesk_dbQuery("SELECT `t1`.* FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
$res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`subject`,`t1`.`dt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`
WHERE `t1`.`type`='0' AND `t2`.`type`='0'
ORDER BY `t1`.`sticky` DESC, `t1`.`views` DESC, `t1`.`art_order` ASC LIMIT ".intval($how_many));

49
inc/print_tickets.inc.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -36,7 +36,42 @@
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
// This SQL code will be used to retrieve results
$sql_final = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
$sql_final = "SELECT
`id`,
`trackid`,
`name`,
`email`,
`category`,
`priority`,
`subject`,
LEFT(`message`, 400) AS `message`,
`dt`,
`lastchange`,
`firstreply`,
`closedat`,
`status`,
`openedby`,
`firstreplyby`,
`closedby`,
`replies`,
`staffreplies`,
`owner`,
`time_worked`,
`lastreplier`,
`replierid`,
`archive`,
`locked`
";
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
if ($v['use'])
{
$sql_final .= ", `".$k."`";
}
}
$sql_final.= " FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
// This code will be used to count number of results
$sql_count = "SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
@ -87,11 +122,15 @@ while ($row = $results->fetch_assoc())
}
$status = $possible_status;
foreach ($status as $k => $v)
// Process statuses unless overridden with "s_all" variable
if ( ! hesk_GET('s_all') )
{
if (empty($_GET['s'.$k]))
foreach ($status as $k => $v)
{
unset($status[$k]);
if (empty($_GET['s' . $k]))
{
unset($status[$k]);
}
}
}

382
inc/profile_functions.inc.php
Unescape Escape View File

@ -0,0 +1,382 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
function hesk_profile_tab($session_array='new',$is_profile_page=true,$action='profile_page')
{
global $hesk_settings, $hesklang, $can_reply_tickets, $can_view_tickets, $can_view_unassigned;
?>
<div role="tabpanel">
<!-- Nav tabs -->
<ul class="nav nav-tabs" role="tablist">
<li role="presentation" class="active"><a href="#profile-info" aria-controls="profile-info" role="tab" data-toggle="tab"><?php echo $hesklang['pinfo']; ?></a></li>
<?php
if (!$is_profile_page)
{
?>
<li role="presentation"><a href="#permissions" aria-controls="permissions" role="tab" data-toggle="tab"><?php echo $hesklang['permissions']; ?></a></li>
<?php
}
?>
<li role="presentation"><a href="#signature" aria-controls="signature" role="tab" data-toggle="tab"><?php echo $hesklang['sig']; ?></a></li>
<li role="presentation"><a href="#preferences" aria-controls="preferences" role="tab" data-toggle="tab"><?php echo $hesklang['pref']; ?></a></li>
<li role="presentation"><a href="#notifications" aria-controls="notifications" role="tab" data-toggle="tab"><?php echo $hesklang['notn']; ?></a></li>
</ul>
<!-- Tab panes -->
<div class="tab-content summaryList tabPadding">
<div role="tabpanel" class="tab-pane fade in active" id="profile-info">
<div class="form-group">
<label for="name" class="col-md-3 control-label"><?php echo $hesklang['real_name']; ?>: <font class="important">*</font></label>
<div class="col-md-9">
<input type="text" class="form-control" name="name" size="40" maxlength="50" value="<?php echo $_SESSION[$session_array]['name']; ?>" placeholder="<?php echo $hesklang['real_name']; ?>" />
</div>
</div>
<div class="form-group">
<label for="email" class="col-md-3 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label>
<div class="col-md-9">
<input type="text" class="form-control" name="email" size="40" maxlength="255" placeholder="<?php echo $hesklang['email']; ?>" value="<?php echo $_SESSION[$session_array]['email']; ?>" />
</div>
</div>
<?php
if ( ! $is_profile_page || $_SESSION['isadmin']) {
?>
<div class="form-group">
<label for="user" class="col-md-3 control-label"><?php echo $hesklang['username']; ?>: <font
class="important">*</font></label>
<div class="col-md-9">
<input type="text" class="form-control" name="user" size="40" maxlength="20"
value="<?php echo $_SESSION[$session_array]['user']; ?>"
placeholder="<?php echo $hesklang['username']; ?>"/>
</div>
</div>
<?php
}
$passwordRequiredSpan = $action == 'create_user' ? '' : 'display:none';
?>
<div class="form-group">
<label for="pass" class="col-md-3 control-label"><?php echo $is_profile_page ? $hesklang['new_pass'] : $hesklang['pass']; ?>: <span class="important" style="<?php echo $passwordRequiredSpan; ?>">*</span></label>
<div class="col-md-9">
<input type="password" class="form-control" name="newpass" autocomplete="off" size="40" placeholder="<?php echo $hesklang['pass']; ?>" value="<?php echo $_SESSION[$session_array]['cleanpass']; ?>" onkeyup="javascript:hesk_checkPassword(this.value)" />
</div>
</div>
<div class="form-group">
<label for="confirmPass" class="col-md-3 control-label"><?php echo $hesklang['confirm_pass']; ?>: <span class="important" style="<?php echo $passwordRequiredSpan; ?>">*</span></label>
<div class="col-md-9">
<input type="password" name="newpass2" class="form-control" autocomplete="off" placeholder="<?php echo $hesklang['confirm_pass']; ?>" size="40" value="<?php echo $_SESSION[$session_array]['cleanpass']; ?>" />
</div>
</div>
<div class="form-group">
<label for="pwStrength" class="col-md-3 control-label"><?php echo $hesklang['pwdst']; ?>:</label>
<div class="col-md-9">
<div class="progress">
<div id="progressBar" class="progress-bar progress-bar-danger" role="progressbar" aria-valuemin="0" aria-valuemax="100" style="width: 0%">
</div>
</div>
</div>
</div>
<?php
if ( ! $is_profile_page && $hesk_settings['autoassign']) {
?>
<div class="blankSpace"></div>
<div class="form-group">
<div class="col-md-9 col-md-offset-3">
<?php
if ($hesk_settings['autoassign']) {
?>
<div class="checkbox">
<label><input type="checkbox" name="autoassign"
value="Y" <?php if (!isset($_SESSION[$session_array]['autoassign']) || $_SESSION[$session_array]['autoassign'] == 1) {
echo 'checked="checked"';
} ?> /> <?php echo $hesklang['user_aa']; ?></label>
</div>
<?php }
if ($_SESSION['can_manage_settings']) { ?>
<div class="checkbox">
<label><input type="checkbox"
name="manage_settings" <?php if (!isset($_SESSION[$session_array]['autoassign']) || $_SESSION[$session_array]['can_manage_settings'] == 1) {
echo 'checked="checked"';
} ?>> <?php echo $hesklang['can_man_settings']; ?>
</label>
</div>
<?php } ?>
</div>
</div>
<?php
}
?>
</div>
<?php
if (!$is_profile_page) {
?>
<div role="tabpanel" class="tab-pane fade" id="permissions">
<div class="form-group">
<label for="administrator" class="col-md-3 control-label"><?php echo $hesklang['administrator']; ?>: <font class="important">*</font></label>
<div class="col-md-9">
<?php
/* Only administrators can create new administrator accounts */
if ($_SESSION['isadmin'])
{
?>
<div class="radio"><label><input type="radio" name="isadmin" value="1" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if ($_SESSION[$session_array]['isadmin']) echo 'checked="checked"'; ?> /> <b><?php echo $hesklang['administrator'].'</b> '.$hesklang['admin_can']; ?></label></div>
<div class="radio"><label><input type="radio" name="isadmin" value="0" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if (!$_SESSION[$session_array]['isadmin']) echo 'checked="checked"'; ?> /> <b><?php echo $hesklang['astaff'].'</b> '.$hesklang['staff_can']; ?></label></div>
<?php
}
else
{
echo '<b>'.$hesklang['astaff'].'</b> '.$hesklang['staff_can'];
}
?>
</div>
</div>
<div id="options" style="display: <?php echo ($_SESSION['isadmin'] && $_SESSION[$session_array]['isadmin']) ? 'none' : 'block'; ?>">
<div class="form-group">
<label for="categories" class="col-md-3 control-label"><?php echo $hesklang['allowed_cat']; ?>: <font class="important">*</font></label>
<div class="col-md-9">
<?php
foreach ($hesk_settings['categories'] as $catid => $catname)
{
echo '<div class="checkbox"><label><input type="checkbox" name="categories[]" value="' . $catid . '" ';
if ( in_array($catid,$_SESSION[$session_array]['categories']) )
{
echo ' checked="checked" ';
}
echo ' />' . $catname . '</label></div> ';
}
?>
</div>
</div>
<div class="form-group">
<label for="permissions" class="col-md-3 control-label"><?php echo $hesklang['allow_feat']; ?>: <font class="important">*</font></label>
<div class="col-md-9">
<?php
foreach ($hesk_settings['features'] as $k)
{
echo '<div class="checkbox"><label><input type="checkbox" name="features[]" value="' . $k . '" ';
if (in_array($k,$_SESSION[$session_array]['features']))
{
echo ' checked="checked" ';
}
echo ' />' . $hesklang[$k] . '</label></div> ';
}
?>
<div class="checkbox">
<label><input type="checkbox" name="can_change_notification_settings" checked> <?php echo $hesklang['can_change_notification_settings']; ?> </label>
</div>
</div>
</div>
</div>
</div>
<?php
}
?>
<div role="tabpanel" class="tab-pane fade" id="signature">
<div class="form-group">
<label for="signature" class="col-md-3 control-label"><?php echo $hesklang['signature_max']; ?>:</label>
<div class="col-md-9">
<textarea class="form-control" name="signature" rows="6" placeholder="<?php echo $hesklang['sig']; ?>" cols="40"><?php echo $_SESSION[$session_array]['signature']; ?></textarea>
<?php echo $hesklang['sign_extra']; ?>
</div>
</div>
</div>
<div role="tabpanel" class="tab-pane fade" id="preferences">
<?php
if ( ! $is_profile_page || $can_reply_tickets )
{
?>
<div class="form-group">
<label for="afterreply" class="col-sm-3 control-label"><?php echo $hesklang['aftrep']; ?>:</label>
<div class="col-sm-9">
<div class="radio">
<label><input type="radio" name="afterreply" value="0" <?php if (!$_SESSION[$session_array]['afterreply']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['showtic']; ?></label>
</div>
<div class="radio">
<label><input type="radio" name="afterreply" value="1" <?php if ($_SESSION[$session_array]['afterreply'] == 1) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['gomain']; ?></label>
</div>
<div class="radio">
<label><input type="radio" name="afterreply" value="2" <?php if ($_SESSION[$session_array]['afterreply'] == 2) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['shownext']; ?></label>
</div>
</div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label"><?php echo $hesklang['defaults']; ?>:</label>
<div class="col-sm-9">
<?php
if ($hesk_settings['time_worked'])
{
?>
<div class="checkbox">
<label><input type="checkbox" name="autostart" value="1" <?php if (!empty($_SESSION[$session_array]['autostart'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['autoss']; ?></label>
</div>
<?php
}
?>
<div class="checkbox">
<label><input type="checkbox" name="notify_customer_new" value="1" <?php if (!empty($_SESSION[$session_array]['notify_customer_new'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['pncn']; ?></label><br />
</div>
<div class="checkbox">
<label><input type="checkbox" name="notify_customer_reply" value="1" <?php if (!empty($_SESSION[$session_array]['notify_customer_reply'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['pncr']; ?></label><br />
</div>
<div class="checkbox">
<label><input type="checkbox" name="show_suggested" value="1" <?php if (!empty($_SESSION[$session_array]['show_suggested'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['pssy']; ?></label><br />
</div>
</div>
</div>
<?php }?>
<div class="form-group">
<label for="autoRefresh" class="col-sm-3 control-label"><?php echo $hesklang['ticket_auto_refresh']; ?></label>
<div class="col-sm-9">
<input type="text" class="form-control" id="autorefresh" name="autorefresh" value="<?php echo $_SESSION[$session_array]['autorefresh']; ?>">
<span class="help-block"><?php echo $hesklang['autorefresh_restrictions']; ?></span>
</div>
</div>
</div>
<div role="tabpanel" class="tab-pane fade" id="notifications">
<?php $disabledText = isset($_SESSION[$session_array]['can_change_notification_settings']) && $_SESSION[$session_array]['can_change_notification_settings'] ? '' : 'disabled';
if (!$is_profile_page) {
$disabledText = '';
}
if ($disabledText == 'disabled') { ?>
<div class="alert alert-info"><?php echo $hesklang['notifications_disabled_info']; ?></div>
<?php }
?>
<div class="form-group">
<?php
if (! $is_profile_page || $can_view_tickets)
{
if (! $is_profile_page || $can_view_unassigned)
{
?>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_new_unassigned" value="1" <?php if (!empty($_SESSION[$session_array]['notify_new_unassigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['nwts']; ?> <?php echo $hesklang['unas']; ?></label></div></div>
<?php
if ($disabledText == 'disabled')
{ ?>
<input type="hidden" name="notify_new_unassigned" value="<?php echo !empty($_SESSION[$session_array]['notify_new_unassigned']) ? '1' : '0'; ?>">
<?php }
}
else
{
?>
<input type="hidden" name="notify_new_unassigned" value="0" />
<?php
}
?>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_new_my" value="1" <?php if (!empty($_SESSION[$session_array]['notify_new_my'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['nwts']; ?> <?php echo $hesklang['s_my']; ?></label></div></div>
<?php
if ($disabledText == 'disabled')
{ ?>
<input type="hidden" name="notify_new_my" value="<?php echo !empty($_SESSION[$session_array]['notify_new_my']) ? '1' : '0'; ?>">
<?php }
if ( ! $is_profile_page || $can_view_unassigned)
{
?>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_reply_unassigned" value="1" <?php if (!empty($_SESSION[$session_array]['notify_reply_unassigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ncrt']; ?> <?php echo $hesklang['unas']; ?></label></div></div>
<?php
if ($disabledText == 'disabled')
{ ?>
<input type="hidden" name="notify_reply_unassigned" value="<?php echo !empty($_SESSION[$session_array]['notify_reply_unassigned']) ? '1' : '0'; ?>">
<?php }
}
else
{
?>
<input type="hidden" name="notify_reply_unassigned" value="0" />
<?php
}
?>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_reply_my" value="1" <?php if (!empty($_SESSION[$session_array]['notify_reply_my'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ncrt']; ?> <?php echo $hesklang['s_my']; ?></label></div></div>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_assigned" value="1" <?php if (!empty($_SESSION[$session_array]['notify_assigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ntam']; ?></label></div></div>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_note" value="1" <?php if (!empty($_SESSION[$session_array]['notify_note'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ntnote']; ?></label></div></div>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_pm" value="1" <?php if (!empty($_SESSION[$session_array]['notify_pm'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['npms']; ?></label></div></div>
<?php
if ($disabledText == 'disabled')
{ ?>
<input type="hidden" name="notify_reply_my" value="<?php echo !empty($_SESSION[$session_array]['notify_reply_my']) ? '1' : '0'; ?>">
<input type="hidden" name="notify_assigned" value="<?php echo !empty($_SESSION[$session_array]['notify_assigned']) ? '1' : '0'; ?>">
<input type="hidden" name="notify_note" value="<?php echo !empty($_SESSION[$session_array]['notify_note']) ? '1' : '0'; ?>">
<input type="hidden" name="notify_pm" value="<?php echo !empty($_SESSION[$session_array]['notify_pm']) ? '1' : '0'; ?>">
<?php }
if ($_SESSION['isadmin']) { ?>
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_note_unassigned" value="1" <?php if (!empty($_SESSION[$session_array]['notify_note_unassigned'])) {echo 'checked="checked"';}?>> <?php echo $hesklang['notify_note_unassigned']; ?></label></div> </div>
<?php
}
}
?>
</div>
</div>
<div class="form-group">
<div class="col-md-9 col-md-offset-3">
<?php
if ($action == 'profile_page')
{ ?>
<input type="submit" class="btn btn-default" value="<?php echo $hesklang['update_profile']; ?>" />
<?php
} elseif ($action == 'create_user')
{ ?>
<input type="hidden" name="a" value="new" />
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input type="submit" value="<?php echo $hesklang['create_user']; ?>" class="btn btn-default">
<a href="manage_users.php?a=reset_form" class="btn btn-danger"><?php echo $hesklang['refi']; ?></a></p>
<?php
} elseif ($action == 'edit_user')
{ ?>
<input type="hidden" name="a" value="save" />
<input type="hidden" name="userid" value="<?php echo intval( hesk_GET('id') ); ?>" />
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['save_changes']; ?>" />
<a class="btn btn-danger" href="manage_users.php"><?php echo $hesklang['dich']; ?></a>
<?php
}
?>
</div>
</div>
</div>
</div>
<script language="Javascript" type="text/javascript"><!--
hesk_checkPassword(document.form1.newpass.value);
//-->
</script>
<?php
} // END hesk_profile_tab()

68
inc/show_admin_nav.inc.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -37,7 +37,23 @@ if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
$num_mail = hesk_checkNewMail();
?>
<?php
// Show a notice if we are in maintenance mode
if ( hesk_check_maintenance(false) )
{
echo '<div style="margin-bottom: -20px">';
hesk_show_notice($hesklang['mma2'], $hesklang['mma1'], false);
echo '</div>';
}
// Show a notice if we are in "Knowledgebase only" mode
if ( hesk_check_kb_only(false) )
{
echo '<div style="margin-bottom: -20px">';
hesk_show_notice($hesklang['kbo2'], $hesklang['kbo1'], false);
echo '</div>';
}
?>
<div class="enclosing">
<nav class="navbar navbar-default navbar-static-top" role="navigation">
<div class="navbar-header">
@ -52,14 +68,48 @@ $num_mail = hesk_checkNewMail();
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li><a href="admin_main.php"><i class="fa fa-home" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['main_page']; ?></a></li>
<?php if (hesk_checkPermission('can_man_users',0)){echo '<li><a href="manage_users.php"><i class="fa fa-users" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_users'].'</a></li>';}
if (hesk_checkPermission('can_man_cat',0)) {echo '<li><a href="manage_categories.php"><i class="fa fa-pie-chart" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_cat'].'</a></li>';}
if (hesk_checkPermission('can_man_canned',0)) {echo '<li><a href="manage_canned.php"><i class="fa fa-file-text-o" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_can'].'</a></li>';}
if (hesk_checkPermission('can_man_kb',0)) {echo '<li><a href="manage_knowledgebase.php"><i class="fa fa-book" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_kb'].'</a></li>';}
else {echo '<li><a href="knowledgebase_private.php"><i class="fa fa-book" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_kb'].'</a></li>';}
if (hesk_checkPermission('can_run_reports',0)) {echo '<li><a href="reports.php"><i class="fa fa-line-chart" '.$iconDisplay.'></i>&nbsp;'.$hesklang['reports'].'</a></li>';}
elseif (hesk_checkPermission('can_export',0)) {echo '<li><a href="export.php"><i class="fa fa-line-chart" '.$iconDisplay.'></i>&nbsp;'.$hesklang['reports'].'</a></li>';}
if (hesk_checkPermission('can_manage_settings',0)) {echo '<li><a href="admin_settings.php"><i class="fa fa-cog" '.$iconDisplay.'></i>&nbsp;'.$hesklang['settings'].'</a></li>';} ?>
<?php if (hesk_checkPermission('can_man_users',0)) {
echo '<li><a href="manage_users.php"><i class="fa fa-users" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_users'].'</a></li>';
}
if (hesk_checkPermission('can_man_cat',0)) {
echo '<li><a href="manage_categories.php"><i class="fa fa-pie-chart" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_cat'].'</a></li>';
}
if (hesk_checkPermission('can_man_canned', 0) && hesk_checkPermission('can_man_ticket_tpl',0)) {
echo '<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">
<i class="fa fa-file-text-o" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_can'].'<span class="caret"></span>
</a>
<ul class="dropdown-menu" role="menu">
<li><a href="manage_canned.php">'.$hesklang['can_man_canned'].'</a></li>
<li><a href="manage_ticket_templates.php">'.$hesklang['ticket_tpl_man'].'</a></li>
</ul>
</li>';
} elseif (hesk_checkPermission('can_man_canned',0)) {
echo '<li><a href="manage_canned.php"><i class="fa fa-file-text-o" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_can'].'</a></li>';
} elseif (hesk_checkPermission('can_man_ticket_tpl',0)) {
echo '<li><a href="manage_ticket_templates.php"><i class="fa fa-file-text-o" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_can'].'</a></li>';
}
if (hesk_checkPermission('can_man_kb',0)) {
echo '<li><a href="manage_knowledgebase.php"><i class="fa fa-book" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_kb'].'</a></li>';
} else {
echo '<li><a href="knowledgebase_private.php"><i class="fa fa-book" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_kb'].'</a></li>';
}
if (hesk_checkPermission('can_run_reports',0)) {
echo '<li><a href="reports.php"><i class="fa fa-line-chart" '.$iconDisplay.'></i>&nbsp;'.$hesklang['reports'].'</a></li>';
} elseif (hesk_checkPermission('can_export',0)) {
echo '<li><a href="export.php"><i class="fa fa-line-chart" '.$iconDisplay.'></i>&nbsp;'.$hesklang['reports'].'</a></li>';
}
if (hesk_checkPermission('can_ban_emails',0)) {
echo '<li><a href="banned_emails.php"><i class="fa fa-wrench" '.$iconDisplay.'></i>&nbsp;'.$hesklang['tools'].'</a> </li>';
} elseif (hesk_checkPermission('can_ban_ips',0)) {
echo '<li><a href="banned_ips.php"><i class="fa fa-wrench" '.$iconDisplay.'></i>&nbsp;'.$hesklang['tools'].'</a> </li>';
} elseif (hesk_checkPermission('can_service_msg',0)) {
echo '<li><a href="service_messages.php"><i class="fa fa-wrench" '.$iconDisplay.'></i>&nbsp;'.$hesklang['tools'].'</a> </li>';
}
if (hesk_checkPermission('can_manage_settings',0)) {
echo '<li><a href="admin_settings.php"><i class="fa fa-cog" '.$iconDisplay.'></i>&nbsp;'.$hesklang['settings'].'</a></li>';
}
?>
<li><a href="profile.php"><i class="fa fa-user" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['menu_profile']; ?></a></li>
<li><a href="mail.php"><i class="fa fa-envelope-o" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['menu_msg']; ?>
<?php if ($num_mail != 0)

167
inc/show_search_form.inc.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -60,6 +60,11 @@ if ( ! isset($what) )
$what = 'trackid';
}
if ( ! isset($owner_input) )
{
$owner_input = 0;
}
if ( ! isset($date_input) )
{
$date_input = '';
@ -91,6 +96,17 @@ else
}
}
/* List of staff */
if ($can_view_ass_others && ! isset($admins) )
{
$admins = array();
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC");
while ($row=hesk_dbFetchAssoc($res2))
{
$admins[$row['id']]=$row['name'];
}
}
$more = empty($_GET['more']) ? 0 : 1;
$more2 = empty($_GET['more2']) ? 0 : 1;
@ -145,10 +161,10 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
</table>
<div id="topSubmit" style="display:<?php echo $more ? 'none' : 'block' ; ?>">
&nbsp;<br />
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['show_tickets']; ?>" />
<a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow');Javascript:hesk_toggleLayerDisplay('topSubmit');document.showt.more.value='1';"><?php echo $hesklang['mopt']; ?></a>
<br />&nbsp;<br />
<div class="btn-group">
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['show_tickets']; ?>" />
<a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow');Javascript:hesk_toggleLayerDisplay('topSubmit');document.showt.more.value='1';"><?php echo $hesklang['mopt']; ?></a>
</div>
</div>
<div id="divShow" style="display:<?php echo $more ? 'block' : 'none' ; ?>">
@ -214,24 +230,54 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
<td class="borderTop alignTop"><b><?php echo $hesklang['sort_by']; ?></b>: &nbsp; </td>
<td class="borderTop">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td width="33%"><label><input type="radio" name="sort" value="priority" <?php if ($sort == 'priority') {echo 'checked="checked"';} ?> /> <?php echo $hesklang['priority']; ?></label></td>
<td width="33%"><label><input type="radio" name="sort" value="lastchange" <?php if ($sort == 'lastchange') {echo 'checked="checked"';} ?> /> <?php echo $hesklang['last_update']; ?></label></td>
<td width="34%"><label><input type="radio" name="sort" value="name" <?php if ($sort == 'name') {echo 'checked="checked"';} ?> /> <?php echo $hesklang['name']; ?></label></td>
</tr>
<tr>
<td width="33%"><label><input type="radio" name="sort" value="subject" <?php if ($sort == 'subject') {echo 'checked="checked"';} ?> /> <?php echo $hesklang['subject']; ?></label></td>
<td width="33%"><label><input type="radio" name="sort" value="status" <?php if ($sort == 'status') {echo 'checked="checked"';} ?> /> <?php echo $hesklang['status']; ?></label></td>
<td width="34%">&nbsp;</td>
</tr>
<?php
array_unshift($hesk_settings['ticket_list'], 'priority');
$hesk_settings['possible_ticket_list']['priority'] = $hesklang['priority'];
$column = 1;
foreach ($hesk_settings['ticket_list'] as $key)
{
if ($column == 1)
{
echo '<tr><td width="34%">';
}
else
{
echo '<td width="33%">';
}
echo '<label><input type="radio" name="sort" value="'.$key.'" '.($sort == $key ? 'checked="checked"' : '').' /> '.$hesk_settings['possible_ticket_list'][$key].'</label></td>';
if ($column == 3)
{
echo '</tr>';
$column = 1;
}
else
{
$column++;
}
}
// End table if needed
if ($column == 3)
{
echo '<td width="33%">&nbsp;</td></tr>';
}
elseif ($column == 2)
{
echo '<td width="33%">&nbsp;</td><td width="33%">&nbsp;</td></tr>';
}
?>
</table>
</td>
</tr>
<tr>
<td class="borderTop alignTop"><b><?php echo $hesklang['gb']; ?></b>: &nbsp; </td>
<td class="borderTop">
<td class="alignTop"><b><?php echo $hesklang['gb']; ?></b>: &nbsp; </td>
<td>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td width="33%"><label><input type="radio" name="g" value="" <?php if ( ! $group) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['dg']; ?></label></td>
@ -261,8 +307,8 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
</tr>
<tr>
<td class="borderTop alignMiddle"><b><?php echo $hesklang['category']; ?></b>: &nbsp; </td>
<td class="borderTop alignMiddle">
<td class="alignMiddle"><b><?php echo $hesklang['category']; ?></b>: &nbsp; </td>
<td class="alignMiddle">
<div class="col-md-4" style="padding-left: 0px"><select class="form-control" name="category">
<option value="0" ><?php echo $hesklang['any_cat']; ?></option>
<?php echo $category_options; ?>
@ -271,20 +317,20 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
</tr>
<tr>
<td class="borderTop"><b><?php echo $hesklang['display']; ?></b>: &nbsp; </td>
<td class="borderTop"><div class="col-md-2" style="padding-left: 0px; padding-right:0px"><input type="text" class="form-control" name="limit" value="<?php echo $maxresults; ?>" size="4" /></div><div class="col-md-3" style="line-height: 40px"><?php echo $hesklang['tickets_page']; ?></div></td>
<td><b><?php echo $hesklang['display']; ?></b>: &nbsp; </td>
<td><div class="col-md-2" style="padding-left: 0px; padding-right:0px"><input type="text" class="form-control" name="limit" value="<?php echo $maxresults; ?>" size="4" /></div><div class="col-md-3" style="line-height: 40px"><?php echo $hesklang['tickets_page']; ?></div></td>
</tr>
<tr>
<td class="borderTop alignMiddle"><b><?php echo $hesklang['order']; ?></b>: &nbsp; </td>
<td class="borderTop alignMiddle">
<td class="alignMiddle"><b><?php echo $hesklang['order']; ?></b>: &nbsp; </td>
<td class="alignMiddle">
<label><input type="radio" name="asc" value="1" <?php if ($asc) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['ascending']; ?></label>
|
<label><input type="radio" name="asc" value="0" <?php if (!$asc) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['descending']; ?></label></td>
</tr>
<tr>
<td class="borderTop alignTop"><b><?php echo $hesklang['opt']; ?></b>: &nbsp; </td>
<td class="borderTop">
<td class="alignTop"><b><?php echo $hesklang['opt']; ?></b>: &nbsp; </td>
<td>
<label><input type="checkbox" name="cot" value="1" <?php if ($cot) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['cot']; ?></label><br />
<label><input type="checkbox" name="def" value="1" /> <?php echo $hesklang['def']; ?></label> (<a href="admin_main.php?reset=1&amp;token=<?php echo hesk_token_echo(0); ?>"><?php echo $hesklang['redv']; ?></a>)
@ -293,9 +339,11 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
</table>
<p><input class="btn btn-default" type="submit" value="<?php echo $hesklang['show_tickets']; ?>" />
<input type="hidden" name="more" value="<?php echo $more ? 1 : 0 ; ?>" /><a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow');Javascript:hesk_toggleLayerDisplay('topSubmit');document.showt.more.value='0';"><?php echo $hesklang['lopt']; ?></a></p>
<div class="btn-group">
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['show_tickets']; ?>" />
<a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow');Javascript:hesk_toggleLayerDisplay('topSubmit');document.showt.more.value='0';"><?php echo $hesklang['lopt']; ?></a>
</div>
<input type="hidden" name="more" value="<?php echo $more ? 1 : 0 ; ?>" />
</div>
</form>
@ -323,26 +371,26 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
<table class="table" style="width: auto" border="0" cellpadding="3" cellspacing="0">
<tr>
<td class="text-left" style="border-top: 0px">
<td class="text-left" style="border-top: 0px;padding-right:0">
<b style="color: #000"><?php echo $hesklang['s_for']; ?></b><br />
<input class="form-control" type="text" name="q" size="30" <?php if (isset($q)) {echo 'value="'.$q.'"';} ?> />
<input class="form-control" style="border-bottom-right-radius: 0;border-top-right-radius: 0; border-right: 0" type="text" name="q" size="30" <?php if (isset($q)) {echo 'value="'.$q.'"';} ?> />
</td>
<td class="text-left" style="border-top: 0px">
<td class="text-left" style="border-top: 0px;padding-left:0">
<b style="color: #000"><?php echo $hesklang['s_in']; ?></b><br />
<select class="form-control" name="what">
<option value="trackid" <?php if ($what=='trackid') {echo 'selected="selected"';} ?> ><?php echo $hesklang['trackID']; ?></option>
<select class="form-control btn btn-default" name="what" style="border-bottom-left-radius: 0; border-top-left-radius: 0">
<option style="background: #ffffff" value="trackid" <?php if ($what=='trackid') {echo 'selected="selected"';} ?> ><?php echo $hesklang['trackID']; ?></option>
<?php
if ($hesk_settings['sequential'])
{
?>
<option value="seqid" <?php if ($what=='seqid') {echo 'selected="selected"';} ?> ><?php echo $hesklang['seqid']; ?></option>
<option style="background: #ffffff" value="seqid" <?php if ($what=='seqid') {echo 'selected="selected"';} ?> ><?php echo $hesklang['seqid']; ?></option>
<?php
}
?>
<option value="name" <?php if ($what=='name') {echo 'selected="selected"';} ?> ><?php echo $hesklang['name']; ?></option>
<option value="email" <?php if ($what=='email') {echo 'selected="selected"';} ?> ><?php echo $hesklang['email']; ?></option>
<option value="subject" <?php if ($what=='subject') {echo 'selected="selected"';} ?> ><?php echo $hesklang['subject']; ?></option>
<option value="message" <?php if ($what=='message') {echo 'selected="selected"';} ?> ><?php echo $hesklang['message']; ?></option>
<option style="background: #ffffff" value="name" <?php if ($what=='name') {echo 'selected="selected"';} ?> ><?php echo $hesklang['name']; ?></option>
<option style="background: #ffffff" value="email" <?php if ($what=='email') {echo 'selected="selected"';} ?> ><?php echo $hesklang['email']; ?></option>
<option style="background: #ffffff" value="subject" <?php if ($what=='subject') {echo 'selected="selected"';} ?> ><?php echo $hesklang['subject']; ?></option>
<option style="background: #ffffff" value="message" <?php if ($what=='message') {echo 'selected="selected"';} ?> ><?php echo $hesklang['message']; ?></option>
<?php
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
@ -355,21 +403,21 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
}
$v['name'] = (strlen($v['name']) > 30) ? substr($v['name'],0,30) . '...' : $v['name'];
echo '<option value="'.$k.'" '.$selected.'>'.$v['name'].'</option>';
echo '<option style="background: #ffffff" value="'.$k.'" '.$selected.'>'.$v['name'].'</option>';
}
}
?>
<option value="notes" <?php if ($what=='notes') {echo 'selected="selected"';} ?> ><?php echo $hesklang['notes']; ?></option>
<option style="background: #ffffff" value="notes" <?php if ($what=='notes') {echo 'selected="selected"';} ?> ><?php echo $hesklang['notes']; ?></option>
</select>
</td>
</tr>
</table>
<div id="topSubmit2" style="display:<?php echo $more2 ? 'none' : 'block' ; ?>">
&nbsp;<br />
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['find_ticket']; ?>" />
<a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow2');Javascript:hesk_toggleLayerDisplay('topSubmit2');document.findby.more2.value='1';"><?php echo $hesklang['mopt']; ?></a>
<br />&nbsp;<br />
<div class="btn-group">
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['find_ticket']; ?>" />
<a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow2');Javascript:hesk_toggleLayerDisplay('topSubmit2');document.findby.more2.value='1';"><?php echo $hesklang['mopt']; ?></a>
</div>
</div>
<div id="divShow2" style="display:<?php echo $more2 ? 'block' : 'none' ; ?>">
@ -386,6 +434,27 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
</select>
</td>
</tr>
<?php
if ($can_view_ass_others)
{
?>
<tr>
<td class="alignMiddle"><b><?php echo $hesklang['owner']; ?></b>: &nbsp; </td>
<td class="alignMiddle">
<select class="form-control" name="owner">
<option value="0" ><?php echo $hesklang['anyown']; ?></option>
<?php
foreach ($admins as $id => $name)
{
echo '<option value="'.$id.'" '.($owner_input == $id ? 'selected="selected"' : '').'>'.$name.'</option>';
}
?>
</select>
</td>
</tr>
<?php
}
?>
<tr>
<td class="alignMiddle"><b><?php echo $hesklang['date']; ?></b>: &nbsp; </td>
<td class="alignMiddle">
@ -422,12 +491,12 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
<td><div class="col-md-2 text-right" style="padding-left: 0px; padding-right: 0px;"><input class="form-control" type="text" name="limit" value="<?php echo $maxresults; ?>" size="4" /></div><div class="col-md-10" style="line-height: 40px"><?php echo $hesklang['results_page']; ?></div></td>
</tr>
</table>
<p><input class="btn btn-default" type="submit" value="<?php echo $hesklang['find_ticket']; ?>" />
<input type="hidden" name="more2" value="<?php echo $more2 ? 1 : 0 ; ?>" /><a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow2');Javascript:hesk_toggleLayerDisplay('topSubmit2');document.findby.more2.value='0';"><?php echo $hesklang['lopt']; ?></a></p>
<div class="btn-group">
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['find_ticket']; ?>" />
<a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow2');Javascript:hesk_toggleLayerDisplay('topSubmit2');document.findby.more2.value='0';"><?php echo $hesklang['lopt']; ?></a>
</div>
<input type="hidden" name="more2" value="<?php echo $more2 ? 1 : 0 ; ?>" />
</div>
</form>
</td>
</tr>

242
inc/ticket_list.inc.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -39,7 +39,7 @@ if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
if (!isset($admins))
{
$admins = array();
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `id` ASC");
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC");
while ($row=hesk_dbFetchAssoc($res2))
{
$admins[$row['id']]=$row['name'];
@ -260,6 +260,7 @@ if ($total > 0)
while ($ticket=hesk_dbFetchAssoc($result))
{
// Are we grouping tickets?
if ($group)
{
require(HESK_PATH . 'inc/print_group.inc.php');
@ -284,15 +285,7 @@ if ($total > 0)
$first_line = $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . " \n\n";
}
$tagged = '';
if ($ticket['archive'])
{
$tagged = '<i class="fa fa-tag" data-toggle="tooltip" data-placement="top" title="'.$hesklang['archived2'].'"></i> ';
}
$statusName = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ShortNameContentKey`, `TextColor` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE ID = ".$ticket['status']));
$ticket['status']='<span style="color: '.$statusName['TextColor'].'">'.$hesklang[$statusName['ShortNameContentKey']].'</span>';
// Prepare ticket priority
switch ($ticket['priority'])
{
case 0:
@ -310,35 +303,151 @@ if ($total > 0)
$ticket['priority']='<span style="color: blue; font-size:1.3em" class="glyphicon glyphicon-flag" data-toggle="tooltip" data-placement="top" title="'.$hesklang['low'].'"></span>';
}
$ticket['lastchange']=hesk_time_since(strtotime($ticket['lastchange']));
// Set message (needed for row title)
$ticket['message'] = $first_line . substr(strip_tags($ticket['message']),0,200).'...';
// Start ticket row
echo '
<tr title="'.$ticket['message'].'">
<td class="'.$color.'" style="text-align:left; white-space:nowrap;"><input type="checkbox" name="id[]" value="'.$ticket['id'].'" />&nbsp;</td>
';
if ($ticket['lastreplier'])
// Print sequential ID and link it to the ticket page
if ( hesk_show_column('id') )
{
echo '<td class="'.$color.'" style="text-align:left; white-space:nowrap;"><a href="admin_ticket.php?track='.$ticket['trackid'].'&amp;Refresh='.$random.'">'.$ticket['id'].'</a></td>';
}
// Print tracking ID and link it to the ticket page
if ( hesk_show_column('trackid') )
{
echo '<td class="'.$color.'" style="text-align:left; white-space:nowrap;"><a href="admin_ticket.php?track='.$ticket['trackid'].'&amp;Refresh='.$random.'">'.$ticket['trackid'].'</a></td>';
}
// Print date submitted
if ( hesk_show_column('dt') )
{
switch ($hesk_settings['updatedformat'])
{
case 1:
$ticket['dt'] = hesk_formatDate($ticket['dt']);
break;
case 2:
$ticket['dt'] = hesk_time_lastchange($ticket['dt']);
break;
default:
$ticket['dt'] = hesk_time_since( strtotime($ticket['dt']) );
}
echo '<td class="'.$color.'">'.$ticket['dt'].'</td>';
}
// Print last modified
if ( hesk_show_column('lastchange') )
{
$ticket['repliername'] = isset($admins[$ticket['replierid']]) ? $admins[$ticket['replierid']] : $hesklang['staff'];
switch ($hesk_settings['updatedformat'])
{
case 1:
$ticket['lastchange'] = hesk_formatDate($ticket['lastchange']);
break;
case 2:
$ticket['lastchange'] = hesk_time_lastchange($ticket['lastchange']);
break;
default:
$ticket['lastchange'] = hesk_time_since( strtotime($ticket['lastchange']) );
}
echo '<td class="'.$color.'">'.$ticket['lastchange'].'</td>';
}
else
// Print ticket category
if ( hesk_show_column('category') )
{
$ticket['repliername'] = $ticket['name'];
$ticket['category'] = isset($hesk_settings['categories'][$ticket['category']]) ? $hesk_settings['categories'][$ticket['category']] : $hesklang['catd'];
echo '<td class="'.$color.'">'.$ticket['category'].'</td>';
}
$ticket['archive'] = !($ticket['archive']) ? $hesklang['no'] : $hesklang['yes'];
// Print customer name
if ( hesk_show_column('name') )
{
echo '<td class="'.$color.'">'.$ticket['name'].'</td>';
}
// Print customer email
if ( hesk_show_column('email') )
{
echo '<td class="'.$color.'"><a href="mailto:'.$ticket['email'].'">'.$hesklang['clickemail'].'</a></td>';
}
// Print subject and link to the ticket page
if ( hesk_show_column('subject') )
{
echo '<td class="'.$color.'">'.($ticket['archive'] ? '<i class="fa fa-tag" style="font-size: 14px;color:#000" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['archived'].'"></i> ' : '').$owner.'<a href="admin_ticket.php?track='.$ticket['trackid'].'&amp;Refresh='.$random.'">'.$ticket['subject'].'</a></td>';
}
// Print ticket status
if ( hesk_show_column('status') )
{
$statusName = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ShortNameContentKey`, `TextColor` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE ID = ".$ticket['status']));
$ticket['status']='<span style="color: '.$statusName['TextColor'].'">'.$hesklang[$statusName['ShortNameContentKey']].'</span>';
echo '<td class="'.$color.'">'.$ticket['status'].'&nbsp;</td>';
}
// Print ticket owner
if ( hesk_show_column('owner') )
{
if ($ticket['owner'])
{
$ticket['owner'] = isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] : $hesklang['unas'];
}
else
{
$ticket['owner'] = $hesklang['unas'];
}
echo '<td class="'.$color.'">'.$ticket['owner'].'</td>';
}
// Print number of all replies
if ( hesk_show_column('replies') )
{
echo '<td class="'.$color.'">'.$ticket['replies'].'</td>';
}
$ticket['message'] = $first_line . substr(strip_tags($ticket['message']),0,200).'...';
// Print number of staff replies
if ( hesk_show_column('staffreplies') )
{
echo '<td class="'.$color.'">'.$ticket['staffreplies'].'</td>';
}
echo <<<EOC
<tr class="$color" id="$ticket[id]" title="$ticket[message]">
<td><input type="checkbox" id="check$ticket[id]" name="id[]" value="$ticket[id]" />&nbsp;</td>
<td><a href="admin_ticket.php?track=$ticket[trackid]&amp;Refresh=$random">$ticket[trackid]</a></td>
<td>$ticket[lastchange]</td>
<td>$ticket[name]</td>
<td>$tagged$owner<a href="admin_ticket.php?track=$ticket[trackid]&amp;Refresh=$random">$ticket[subject]</a></td>
<td>$ticket[status]&nbsp;</td>
<td>$ticket[repliername]</td>
<td>$ticket[priority]&nbsp;</td>
</tr>
// Print last replier
if ( hesk_show_column('lastreplier') )
{
if ($ticket['lastreplier'])
{
$ticket['repliername'] = isset($admins[$ticket['replierid']]) ? $admins[$ticket['replierid']] : $hesklang['staff'];
}
else
{
$ticket['repliername'] = $ticket['name'];
}
echo '<td class="'.$color.'">'.$ticket['repliername'].'</td>';
}
EOC;
// Print time worked
if ( hesk_show_column('time_worked') )
{
echo '<td class="'.$color.'">'.$ticket['time_worked'].'</td>';
}
// Print custom fields
foreach ($hesk_settings['custom_fields'] as $key => $value)
{
if ($value['use'] && hesk_show_column($key) )
echo '<td class="'.$color.'">'.$ticket[$key].'</td>';
}
// End ticket row
echo '
<td class="'.$color.'" style="text-align:center; white-space:nowrap;">'.$ticket['priority'].'&nbsp;</td>
</tr>';
} // End while
?>
</table>
@ -349,7 +458,11 @@ EOC;
<tr>
<td width="50%" class="text-right" style="vertical-align:top">
<select class="form-control" name="a">
<option value="close" selected="selected"><?php echo $hesklang['close_selected']; ?></option>
<option value="low" selected="selected"><?php echo $hesklang['set_pri_to'].' '.$hesklang['low']; ?></option>
<option value="medium"><?php echo $hesklang['set_pri_to'].' '.$hesklang['medium']; ?></option>
<option value="high"><?php echo $hesklang['set_pri_to'].' '.$hesklang['high']; ?></option>
<option value="critical"><?php echo $hesklang['set_pri_to'].' '.$hesklang['critical']; ?></option>
<option value="close"><?php echo $hesklang['close_selected']; ?></option>
<?php
if ( hesk_checkPermission('can_add_archive', 0) )
{
@ -406,11 +519,11 @@ else
if (isset($is_search) || $href == 'find_tickets.php')
{
hesk_show_notice($hesklang['no_tickets_crit'].'<span style="float: right"><a href="new_ticket.php">'.$hesklang['nti'].'</a></span>');
hesk_show_notice($hesklang['no_tickets_crit']);
}
else
{
hesk_show_notice($hesklang['no_tickets_open'].'<span style="float: right"><a href="new_ticket.php">'.$hesklang['nti'].'</a></span>');
hesk_show_notice($hesklang['no_tickets_open']);
}
echo '</div></div>';
@ -421,19 +534,19 @@ echo '</div>
function hesk_print_list_head()
{
global $href, $query, $sort_possible, $hesklang, $hesk_settings;
global $hesk_settings, $href, $query, $sort_possible, $hesklang;
?>
<div class="table-responsive">
<table id="ticket-table" class="table table-hover">
<thead>
<tr>
<th><input type="checkbox" id="checkall" name="checkall" value="2" onclick="hesk_changeAll(this)" /></th>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['trackid'] . '&amp;sort='; ?>trackid"><?php echo $hesklang['trackID']; ?></a></th>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['lastchange'] . '&amp;sort='; ?>lastchange"><?php echo $hesklang['last_update']; ?></a></th>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['name'] . '&amp;sort='; ?>name"><?php echo $hesklang['name']; ?></a></th>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['subject'] . '&amp;sort='; ?>subject"><?php echo $hesklang['subject']; ?></a></th>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['status'] . '&amp;sort='; ?>status"><?php echo $hesklang['status']; ?></a></th>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['lastreplier'] . '&amp;sort='; ?>lastreplier"><?php echo $hesklang['last_replier']; ?></a></th>
<?php
foreach ($hesk_settings['ticket_list'] as $field)
{
echo '<th><a href="' . $href . '?' . $query . $sort_possible[$field] . '&amp;sort=' . $field . '">' . $hesk_settings['possible_ticket_list'][$field] . '</a></th>';
}
?>
<th><a href="<?php echo $href . '?' . $query . $sort_possible['priority'] . '&amp;sort='; ?>priority"><i class="fa fa-sort-<?php echo (($sort_possible['priority']) ? 'asc' : 'desc'); ?>"></i></a></th>
</tr>
</thead>
@ -492,3 +605,50 @@ function hesk_time_since($original)
}
return $print;
} // END hesk_time_since()
function hesk_time_lastchange($original)
{
global $hesk_settings, $hesklang;
// Save time format setting so we can restore it later
$copy = $hesk_settings['timeformat'];
// We need this time format for this function
$hesk_settings['timeformat'] = 'Y-m-d H:i:s';
// Get HESK time-adjusted start of today if not already
if ( ! defined('HESK_TIME_TODAY') )
{
// Adjust for HESK time and define constants for alter use
define('HESK_TIME_TODAY', date('Y-m-d 00:00:00', hesk_date(NULL, false, false, false) ) );
define('HESK_TIME_YESTERDAY', date('Y-m-d 00:00:00', strtotime(HESK_TIME_TODAY)-86400) ) ;
}
// Adjust HESK time difference and get day name
$ticket_time = hesk_date($original, true);
if ($ticket_time >= HESK_TIME_TODAY)
{
// For today show HH:MM
$day = substr($ticket_time, 11, 5);
}
elseif ($ticket_time >= HESK_TIME_YESTERDAY)
{
// For yesterday show word "Yesterday"
$day = $hesklang['r2'];
}
else
{
// For other days show DD MMM YY
list($y, $m, $d) = explode('-', substr($ticket_time, 0, 10) );
$day = '<span style="white-space: nowrap;">' . $d . ' ' . $hesklang['ms'.$m] . ' ' . substr($y, 2) . '</span>';
}
// Restore original time format setting
$hesk_settings['timeformat'] = $copy;
// Return value to display
return $day;
} // END hesk_time_lastchange()

166
index.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -39,6 +39,12 @@ define('HESK_PATH','./');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
// Are we in maintenance mode?
hesk_check_maintenance();
// Are we in "Knowledgebase only" mode?
hesk_check_kb_only();
// What should we do?
$action = hesk_REQUEST('a');
@ -71,7 +77,59 @@ function print_add_ticket()
// Auto-focus first empty or error field
define('AUTOFOCUS', true);
// Varibles for coloring the fields in case of errors
// Pre-populate fields
// Customer name
if ( isset($_REQUEST['name']) )
{
$_SESSION['c_name'] = $_REQUEST['name'];
}
// Customer email address
if ( isset($_REQUEST['email']) )
{
$_SESSION['c_email'] = $_REQUEST['email'];
$_SESSION['c_email2'] = $_REQUEST['email'];
}
// Category ID
if ( isset($_REQUEST['catid']) )
{
$_SESSION['c_category'] = intval($_REQUEST['catid']);
}
if ( isset($_REQUEST['category']) )
{
$_SESSION['c_category'] = intval($_REQUEST['category']);
}
// Priority
if ( isset($_REQUEST['priority']) )
{
$_SESSION['c_priority'] = intval($_REQUEST['priority']);
}
// Subject
if ( isset($_REQUEST['subject']) )
{
$_SESSION['c_subject'] = $_REQUEST['subject'];
}
// Message
if ( isset($_REQUEST['message']) )
{
$_SESSION['c_message'] = $_REQUEST['message'];
}
// Custom fields
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
if ($v['use'] && isset($_REQUEST[$k]) )
{
$_SESSION['c_'.$k] = $_REQUEST[$k];
}
}
// Variables for coloring the fields in case of errors
if ( ! isset($_SESSION['iserror']))
{
$_SESSION['iserror'] = array();
@ -82,13 +140,19 @@ function print_add_ticket()
$_SESSION['isnotice'] = array();
}
if ( ! isset($_SESSION['c_category']))
if ( ! isset($_SESSION['c_category']) && ! $hesk_settings['select_cat'])
{
$_SESSION['c_category'] = 0;
}
hesk_cleanSessionVars('already_submitted');
// Tell header to load reCaptcha API if needed
if ($hesk_settings['recaptcha_use'] == 2)
{
define('RECAPTCHA',1);
}
// Print header
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['submit_ticket'];
require_once(HESK_PATH . 'inc/header.inc.php');
@ -135,7 +199,7 @@ function print_add_ticket()
<div class="form-group">
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<input type="text" class="form-control" id="email" name="email" size="40" maxlength="255" value="<?php if (isset($_SESSION['c_email'])) {echo stripslashes(hesk_input($_SESSION['c_email']));} ?>" <?php if (in_array('email',$_SESSION['iserror'])) {echo ' class="isError" ';} elseif (in_array('email',$_SESSION['isnotice'])) {echo ' class="isNotice" ';} ?> <?php if($hesk_settings['detect_typos']) { echo ' onblur="Javascript:hesk_suggestEmail(0)"'; } ?> placeholder="<?php echo $hesklang['email']; ?>" />
<input type="text" class="form-control" id="email" name="email" size="40" maxlength="1000" value="<?php if (isset($_SESSION['c_email'])) {echo stripslashes(hesk_input($_SESSION['c_email']));} ?>" <?php if (in_array('email',$_SESSION['iserror'])) {echo ' class="isError" ';} elseif (in_array('email',$_SESSION['isnotice'])) {echo ' class="isNotice" ';} ?> <?php if($hesk_settings['detect_typos']) { echo ' onblur="Javascript:hesk_suggestEmail(0)"'; } ?> placeholder="<?php echo $hesklang['email']; ?>" />
</div>
</div>
<?php
@ -145,7 +209,7 @@ function print_add_ticket()
<div class="form-group">
<label for="email2" class="col-sm-3 control-label"><?php echo $hesklang['confemail']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<input type="text" id="email2" class="form-control" name="email2" size="40" maxlength="255" value="<?php if (isset($_SESSION['c_email2'])) {echo stripslashes(hesk_input($_SESSION['c_email2']));} ?>" <?php if (in_array('email2',$_SESSION['iserror'])) {echo ' class="isError" ';} ?> placeholder="<?php echo $hesklang['confemail']; ?>" />
<input type="text" id="email2" class="form-control" name="email2" size="40" maxlength="1000" value="<?php if (isset($_SESSION['c_email2'])) {echo stripslashes(hesk_input($_SESSION['c_email2']));} ?>" <?php if (in_array('email2',$_SESSION['iserror'])) {echo ' class="isError" ';} ?> placeholder="<?php echo $hesklang['confemail']; ?>" />
</div>
</div>
<?php
@ -174,12 +238,6 @@ function print_add_ticket()
}
else
{
// Is the category ID preselected?
if ( ! empty($_GET['catid']) )
{
$_SESSION['c_category'] = intval( hesk_GET('catid') );
}
// List available categories
$is_table = 1;
?>
@ -187,6 +245,12 @@ function print_add_ticket()
<label for="category" class="col-sm-3 control-label"><?php echo $hesklang['category']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<select name="category" id="category" class="form-control" <?php if (in_array('category',$_SESSION['iserror'])) {echo ' class="isError" ';} ?> ><?php
// Show the "Click to select"?
if ($hesk_settings['select_cat'])
{
echo '<option value="">'.$hesklang['select'].'</option>';
}
// List categories
while ($row = hesk_dbFetchAssoc($res))
{
echo '<option value="' . $row['id'] . '"' . (($_SESSION['c_category'] == $row['id']) ? ' selected="selected"' : '') . '>' . $row['name'] . '</option>';
@ -205,6 +269,13 @@ function print_add_ticket()
<label for="priority" class="col-sm-3 control-label"><?php echo $hesklang['priority']; ?>: <font class="important">*</font></label>
<div class="col-sm-9">
<select id="priority" class="form-control" name="priority" <?php if (in_array('priority',$_SESSION['iserror'])) {echo ' class="isError" ';} ?> >
<?php
// Show the "Click to select"?
if ($hesk_settings['select_pri'])
{
echo '<option value="">'.$hesklang['select'].'</option>';
}
?>
<option value="3" <?php if(isset($_SESSION['c_priority']) && $_SESSION['c_priority']==3) {echo 'selected="selected"';} ?>><?php echo $hesklang['low']; ?></option>
<option value="2" <?php if(isset($_SESSION['c_priority']) && $_SESSION['c_priority']==2) {echo 'selected="selected"';} ?>><?php echo $hesklang['medium']; ?></option>
<option value="1" <?php if(isset($_SESSION['c_priority']) && $_SESSION['c_priority']==1) {echo 'selected="selected"';} ?>><?php echo $hesklang['high']; ?></option>
@ -288,12 +359,19 @@ function print_add_ticket()
echo '<div class="form-group"><label for="'.$v['name'].'" class="col-sm-3 control-label">'.$v['name'].': '.$v['req'].'</label>
<div class="col-sm-9"><select class="form-control" id="'.$v['name'].'" name="'.$k.'" '.$cls.'>';
$options = explode('#HESK#',$v['value']);
// Show "Click to select"?
$v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
if ($num)
{
echo '<option value="">'.$hesklang['select'].'</option>';
}
$options = explode('#HESK#',$v['value']);
foreach ($options as $option)
{
if (strlen($k_value) == 0 || $k_value == $option)
if ($k_value == $option)
{
$k_value = $option;
$selected = 'selected="selected"';
@ -358,7 +436,7 @@ function print_add_ticket()
foreach ($options as $option)
{
if (strlen($k_value) == 0 || $k_value == $option)
if ($k_value == $option)
{
$k_value = $option;
$selected = 'selected="selected"';
@ -528,12 +606,20 @@ function print_add_ticket()
echo '<div class="form-group"><label for="'.$v['name'].'" class="col-sm-3 control-label">'.$v['name'].': '.$v['req'].'</label>
<div class="col-sm-9"><select class="form-control" id="'.$v['name'].'" name="'.$k.'" '.$cls.'>';
$options = explode('#HESK#',$v['value']);
// Show "Click to select"?
$v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
if ($num)
{
echo '<option value="">'.$hesklang['select'].'</option>';
}
$options = explode('#HESK#',$v['value']);
foreach ($options as $option)
{
if (strlen($k_value) == 0 || $k_value == $option)
if ($k_value == $option)
{
$k_value = $option;
$selected = 'selected="selected"';
@ -598,7 +684,7 @@ function print_add_ticket()
foreach ($options as $option)
{
if (strlen($k_value) == 0 || $k_value == $option)
if ($k_value == $option)
{
$k_value = $option;
$selected = 'selected="selected"';
@ -715,7 +801,7 @@ function print_add_ticket()
echo '<img src="'.HESK_PATH.'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> '.$hesklang['vrfy'];
}
// Not verified yet, should we use Recaptcha?
elseif ($hesk_settings['recaptcha_use'])
elseif ($hesk_settings['recaptcha_use'] == 1)
{
?>
<script type="text/javascript">
@ -738,7 +824,14 @@ function print_add_ticket()
</script>
<?php
require(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, $hesk_settings['recaptcha_ssl']);
echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
}
// Use reCaptcha API v2?
elseif ($hesk_settings['recaptcha_use'] == 2)
{
?>
<div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>"></div>
<?php
}
// At least use some basic PHP generated image (better than nothing)
else
@ -794,6 +887,13 @@ function print_add_ticket()
<?php
} // End ELSE submit_notice
?>
<!-- Do not delete or modify the code below, it is used to detect simple SPAM bots -->
<input type="hidden" name="hx" value="3" /><input type="hidden" name="hy" value="" />
<!-- >
<input type="text" name="phone" value="3" />
< -->
</form>
</div>
<!-- END FORM -->
@ -814,10 +914,12 @@ function print_start()
if ($hesk_settings['kb_enable'])
{
require(HESK_PATH . 'inc/knowledgebase_functions.inc.php');
hesk_load_database_functions();
hesk_dbConnect();
}
// Connect to database
hesk_load_database_functions();
hesk_dbConnect();
/* Print header */
require_once(HESK_PATH . 'inc/header.inc.php');
@ -827,6 +929,23 @@ function print_start()
<li><a href="<?php echo $hesk_settings['site_url']; ?>"><?php echo $hesk_settings['site_title']; ?></a></li>
<li class="active"><?php echo $hesk_settings['hesk_title']; ?></li>
</ol>
<?php
// Service messages
$res = hesk_dbQuery('SELECT `title`, `message`, `style` FROM `'.hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `type`='0' ORDER BY `order` ASC");
if (hesk_dbNumRows($res) > 0)
{
?>
<div class="row">
<div class="col-md-12">
<?php
while ($sm=hesk_dbFetchAssoc($res))
{
hesk_service_message($sm);
}
?>
</div>
</div>
<?php } ?>
<div class="row">
<div class="col-md-4">
<div class="panel panel-default">
@ -939,6 +1058,11 @@ function forgot_tid()
$email = hesk_validateEmail( hesk_POST('email'), 'ERR' ,0) or hesk_process_messages($hesklang['enter_valid_email'],'ticket.php?remind=1');
if ( isset($_POST['open_only']) )
{
$hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0;
}
/* Prepare ticket statuses */
$my_status = array(
0 => $hesklang['open'],

2
install/index.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************

310
install/install.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -93,6 +93,8 @@ if ($_SESSION['step'] == 3 && isset($_POST['dbtest']))
// Generate HESK table names
$hesk_tables = array(
$hesk_settings['db_pfix'].'attachments',
$hesk_settings['db_pfix'].'banned_emails',
$hesk_settings['db_pfix'].'banned_ips',
$hesk_settings['db_pfix'].'categories',
$hesk_settings['db_pfix'].'kb_articles',
$hesk_settings['db_pfix'].'kb_attachments',
@ -103,8 +105,12 @@ if ($_SESSION['step'] == 3 && isset($_POST['dbtest']))
$hesk_settings['db_pfix'].'online',
$hesk_settings['db_pfix'].'pipe_loops',
$hesk_settings['db_pfix'].'replies',
$hesk_settings['db_pfix'].'reply_drafts',
$hesk_settings['db_pfix'].'reset_password',
$hesk_settings['db_pfix'].'service_messages',
$hesk_settings['db_pfix'].'std_replies',
$hesk_settings['db_pfix'].'tickets',
$hesk_settings['db_pfix'].'ticket_templates',
$hesk_settings['db_pfix'].'users',
);
@ -204,30 +210,57 @@ function hesk_iTables()
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (
`att_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`ticket_id` varchar(13) NOT NULL DEFAULT '',
`saved_name` varchar(255) NOT NULL DEFAULT '',
`real_name` varchar(255) NOT NULL DEFAULT '',
`ticket_id` varchar(13) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`saved_name` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`real_name` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`size` int(10) unsigned NOT NULL DEFAULT '0',
`type` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
PRIMARY KEY (`att_id`),
KEY `ticket_id` (`ticket_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
");
// -> Banned emails
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_emails` (
`id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`email` varchar(255) NOT NULL,
`banned_by` smallint(5) unsigned NOT NULL,
`dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
KEY `email` (`email`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8
");
// -> Banned IPs
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` (
`id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`ip_from` int(10) unsigned NOT NULL DEFAULT '0',
`ip_to` int(10) unsigned NOT NULL DEFAULT '0',
`ip_display` varchar(100) NOT NULL,
`banned_by` smallint(5) unsigned NOT NULL,
`dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8
");
// -> Categories
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` (
`id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(60) NOT NULL DEFAULT '',
`name` varchar(60) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`cat_order` smallint(5) unsigned NOT NULL DEFAULT '0',
`autoassign` enum('0','1') NOT NULL DEFAULT '1',
`type` enum('0','1') NOT NULL DEFAULT '0',
`autoassign` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`type` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`priority` enum('0','1','2','3') COLLATE utf8_unicode_ci NOT NULL DEFAULT '3',
PRIMARY KEY (`id`),
KEY `type` (`type`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
");
// ---> Insert default category
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` (`id`, `name`, `cat_order`, `autoassign`, `type`) VALUES (1, 'General', 10, '1', '0')");
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` (`id`, `name`, `cat_order`) VALUES (1, 'General', 10)");
// -> KB Articles
hesk_dbQuery("
@ -236,22 +269,22 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` (
`catid` smallint(5) unsigned NOT NULL,
`dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`author` smallint(5) unsigned NOT NULL,
`subject` varchar(255) NOT NULL,
`content` mediumtext NOT NULL,
`keywords` mediumtext NOT NULL,
`subject` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`content` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`keywords` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`rating` float NOT NULL DEFAULT '0',
`votes` mediumint(8) unsigned NOT NULL DEFAULT '0',
`views` mediumint(8) unsigned NOT NULL DEFAULT '0',
`type` enum('0','1','2') NOT NULL DEFAULT '0',
`html` enum('0','1') NOT NULL DEFAULT '0',
`sticky` enum('0','1') NOT NULL DEFAULT '0',
`type` enum('0','1','2') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`html` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`sticky` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`art_order` smallint(5) unsigned NOT NULL DEFAULT '0',
`history` mediumtext NOT NULL,
`attachments` mediumtext NOT NULL,
`history` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`attachments` mediumtext COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`id`),
KEY `catid` (`catid`),
KEY `type` (`type`),
KEY `sticky` (`sticky`),
KEY `type` (`type`),
FULLTEXT KEY `subject` (`subject`,`content`,`keywords`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
");
@ -260,8 +293,8 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` (
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` (
`att_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`saved_name` varchar(255) NOT NULL DEFAULT '',
`real_name` varchar(255) NOT NULL DEFAULT '',
`saved_name` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`real_name` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`size` int(10) unsigned NOT NULL DEFAULT '0',
PRIMARY KEY (`att_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
@ -271,13 +304,13 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` (
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` (
`id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(255) NOT NULL,
`name` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`parent` smallint(5) unsigned NOT NULL,
`articles` smallint(5) unsigned NOT NULL DEFAULT '0',
`articles_private` smallint(5) unsigned NOT NULL DEFAULT '0',
`articles_draft` smallint(5) unsigned NOT NULL DEFAULT '0',
`cat_order` smallint(5) unsigned NOT NULL,
`type` enum('0','1') NOT NULL,
`type` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
KEY `type` (`type`),
KEY `parent` (`parent`)
@ -285,12 +318,12 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` (
");
// ---> Insert default KB category
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` (`id`, `name`, `parent`, `articles`, `cat_order`, `type`) VALUES (1, 'Knowledgebase', 0, 0, 10, '0')");
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` (`id`, `name`, `parent`, `cat_order`, `type`) VALUES (1, 'Knowledgebase', 0, 10, '0')");
// -> Login attempts
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` (
`ip` varchar(46) NOT NULL,
`ip` varchar(45) COLLATE utf8_unicode_ci NOT NULL,
`number` tinyint(3) unsigned NOT NULL DEFAULT '1',
`last_attempt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
UNIQUE KEY `ip` (`ip`)
@ -303,14 +336,14 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`from` smallint(5) unsigned NOT NULL,
`to` smallint(5) unsigned NOT NULL,
`subject` varchar(255) NOT NULL,
`message` mediumtext NOT NULL,
`dt` datetime NOT NULL,
`read` enum('0','1') NOT NULL DEFAULT '0',
`subject` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`read` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`deletedby` smallint(5) unsigned NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
KEY `to` (`to`,`read`,`deletedby`),
KEY `from` (`from`)
KEY `from` (`from`),
KEY `to` (`to`,`read`,`deletedby`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
");
@ -318,7 +351,7 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` (
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` (`id`, `from`, `to`, `subject`, `message`, `dt`, `read`, `deletedby`) VALUES (1, 9999, 1, 'Rate this script', '<div style=\"text-align:justify;padding:3px\">\r\n\r\n<p style=\"color:green;font-weight:bold\">Enjoy using HESK? Please let others know!</p>\r\n\r\n<p>You are invited to rate HESK or even write a short review here:<br />&nbsp;<br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://www.hotscripts.com/Detailed/46973.html\" target=\"_blank\">Rate this script @ Hot Scripts</a><br />&nbsp;<br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://php.resourceindex.com/detail/04946.html\" target=\"_blank\">Rate this script @ The PHP Resource Index</a></p>\r\n\r\n<p>Thank you,<br />&nbsp;<br />Klemen,<br />\r\n<a href=\"http://www.hesk.com/\" target=\"_blank\">www.hesk.com</a>\r\n\r\n<p>&nbsp;</p>', NOW(), '0', 9999)");
// ---> Insert welcome email
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` (`id`, `from`, `to`, `subject`, `message`, `dt`, `read`, `deletedby`) VALUES (2, 9999, 1, 'Welcome to HESK!', '<div style=\"text-align:justify;padding:3px\">\r\n\r\n<p style=\"color:green;font-weight:bold\">Congratulations for installing HESK, a lightweight and easy-to-use ticket support system!</p>\r\n\r\n<p>I am sure you are eager to use your <b>HESK&trade;</b> helpdesk to improve your customer support and reduce your workload, so check the rest of this message for some quick &quot;Getting Started&quot; tips.</p>\r\n\r\n<p>Once you have learned the power of <b>HESK&trade;</b>, please consider supporting its future enhancement by purchasing an <a href=\"https://www.hesk.com/buy.php\" target=\"_blank\">inexpensive license</a>. Having a site license will remove the &quot;Powered by Help Desk Software HESK&quot; links from the bottom of your screens to make it look even more professional.</p>\r\n\r\n<p>Enjoy using HESK&trade; - and I value receiving your constructive feedback and feature suggestions.</p>\r\n\r\n<p>Klemen Stirn,<br />\r\nHESK owner and author<br />\r\n<a href=\"http://www.hesk.com/\" target=\"_blank\">www.hesk.com</a>\r\n\r\n<p>&nbsp;</p>\r\n\r\n<p style=\"text-align:center;font-weight:bold\">*** Quick &quot;Getting Started&quot; Tips ***</p>\r\n\r\n<ul style=\"padding-left:20px;padding-right:10px\">\r\n<li>Click the profile link to set your Profile name, e-mail, signature, and *CHANGE YOUR PASSWORD*.<br />&nbsp;</li>\r\n<li>Click the settings link in the top menu to get to the Settings page. Take some time and get familiar with all the available settings. Most should be self-explanatory; for additional information about each setting, click the [?] link for help about the current setting.<br />&nbsp;</li>\r\n<li>Create new staff accounts on the Users page. The default user (Administrator) cannot be deleted, but you can change the password on the Profile page.<br />&nbsp;</li>\r\n<li>Add new categories (departments) on the Categories page. The default category cannot be deleted, but it can be renamed.<br />&nbsp;</li>\r\n<li>Use the integrated Knowledgebase - it is one of the most powerful support tools as it gives self-help resources to your customers. A comprehensive and well-written knowledgebase can drastically reduce the number of support tickets you receive and save a lot of your time in the long run. Arrange answers to frequently asked questions and articles into categories.<br />&nbsp;</li>\r\n<li>Create canned responses on the Canned Responses page. These are pre-written replies to common support questions. However, you should also contribute by adding answers to other typical questions in the Knowledgebase.<br />&nbsp;</li>\r\n<li>Subscribe to the <a href=\"http://www.hesk.com/newsletter.php\" target=\"_blank\">HESK Newsletter</a> to be notified of updates and new versions.<br />&nbsp;</li>\r\n<li><a href=\"https://www.hesk.com/buy.php\" target=\"_blank\">Buy a license</a> to remove the &quot;<span class=\"smaller\">Powered by Help Desk Software HESK</span>&quot; links from the bottom of your help desk.<br />&nbsp;</li></ul>\r\n\r\n</div>', NOW(), '0', 9999)");
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` (`id`, `from`, `to`, `subject`, `message`, `dt`, `read`, `deletedby`) VALUES (2, 9999, 1, 'Welcome to HESK! Here are some quick tips...', '<p style=\"color:green;font-weight:bold\">HESK quick &quot;Getting Started&quot; tips:<br />&nbsp;</p>\r\n\r\n<ol style=\"padding-left:20px;padding-right:10px;text-align:justify\">\r\n<li>Click the Profile link to set your name, email, signature and password.<br />&nbsp;</li>\r\n<li>Click the Settings link in the top menu to get to the Settings page. For additional information about each setting, click the [?] link.<br />&nbsp;</li>\r\n<li>Add new categories (departments) on the Categories page. The default category cannot be deleted, but it can be renamed.<br />&nbsp;</li>\r\n<li>Create new staff accounts on the Users page. You can give them unlimited (Administrator) or restricted (Staff) access.<br />&nbsp;</li>\r\n<li>Use the integrated Knowledgebase. A comprehensive and well-written knowledgebase can drastically reduce the number of support tickets you receive and save a lot of your time in the long run.<br />&nbsp;</li>\r\n<li>You can create response and new ticket templates on the Canned page.<br />&nbsp;</li>\r\n<li>Subscribe to the <a href=\"http://www.hesk.com/newsletter.php\" target=\"_blank\">HESK Newsletter</a> to be notified of updates and new versions.<br />&nbsp;</li>\r\n<li>You should follow HESK on Twitter <a href=\"https://twitter.com/HESKdotCOM\" target=\"_blank\">here</a>.<br />&nbsp;</li>\r\n<li>To remove the &quot;<span class=\"smaller\">Powered by Help Desk Software HESK</span>&quot; links from the bottom of your help desk <a href=\"https://www.hesk.com/buy.php\" target=\"_blank\">buy a license here</a>.<br />&nbsp;</li></ol>\r\n\r\n<p>Enjoy using HESK and please feel free to share your constructive feedback and feature suggestions.</p>\r\n\r\n<p>Klemen Stirn<br />\r\nHESK owner and author<br />\r\n<a href=\"http://www.hesk.com/\" target=\"_blank\">www.hesk.com</a>', NOW(), '0', 9999)");
// -> Notes
hesk_dbQuery("
@ -326,8 +359,9 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`ticket` mediumint(8) unsigned NOT NULL,
`who` smallint(5) unsigned NOT NULL,
`dt` datetime NOT NULL,
`message` mediumtext NOT NULL,
`dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`attachments` mediumtext COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`id`),
KEY `ticketid` (`ticket`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
@ -347,9 +381,9 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."online` (
// -> Pipe loops
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` (
`email` varchar(255) NOT NULL,
`email` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`hits` smallint(1) unsigned NOT NULL DEFAULT '0',
`message_hash` char(32) NOT NULL,
`message_hash` char(32) COLLATE utf8_unicode_ci NOT NULL,
`dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
KEY `email` (`email`,`hits`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
@ -360,24 +394,67 @@ hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`replyto` mediumint(8) unsigned NOT NULL DEFAULT '0',
`name` varchar(50) NOT NULL DEFAULT '',
`message` mediumtext NOT NULL,
`dt` datetime DEFAULT NULL,
`attachments` mediumtext,
`name` varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`attachments` mediumtext COLLATE utf8_unicode_ci,
`staffid` smallint(5) unsigned NOT NULL DEFAULT '0',
`rating` enum('0','1','5') NOT NULL DEFAULT '0',
`read` enum('0','1') NOT NULL DEFAULT '0',
`rating` enum('1','5') COLLATE utf8_unicode_ci DEFAULT NULL,
`read` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
KEY `replyto` (`replyto`)
KEY `replyto` (`replyto`),
KEY `dt` (`dt`),
KEY `staffid` (`staffid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
");
// -> Reply drafts
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` (
`owner` smallint(5) unsigned NOT NULL,
`ticket` mediumint(8) unsigned NOT NULL,
`message` mediumtext CHARACTER SET utf8 NOT NULL,
`dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
KEY `owner` (`owner`),
KEY `ticket` (`ticket`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
");
// -> Reset password
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`user` smallint(5) unsigned NOT NULL,
`hash` char(40) NOT NULL,
`ip` varchar(45) NOT NULL,
`dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
KEY `user` (`user`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
");
// -> Service messages
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` (
`id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`author` smallint(5) unsigned NOT NULL,
`title` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`style` enum('0','1','2','3','4') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`type` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`order` smallint(5) unsigned NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
KEY `type` (`type`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
");
// -> Canned Responses
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` (
`id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`title` varchar(100) NOT NULL DEFAULT '',
`message` mediumtext NOT NULL,
`title` varchar(100) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`reply_order` smallint(5) unsigned NOT NULL DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
@ -387,80 +464,104 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` (
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` (
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`trackid` varchar(13) NOT NULL,
`name` varchar(50) NOT NULL DEFAULT '',
`email` varchar(255) NOT NULL DEFAULT '',
`trackid` varchar(13) COLLATE utf8_unicode_ci NOT NULL,
`name` varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`email` varchar(1000) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`category` smallint(5) unsigned NOT NULL DEFAULT '1',
`priority` enum('0','1','2','3') NOT NULL DEFAULT '3',
`subject` varchar(70) NOT NULL DEFAULT '',
`message` mediumtext NOT NULL,
`dt` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`priority` enum('0','1','2','3') COLLATE utf8_unicode_ci NOT NULL DEFAULT '3',
`subject` varchar(70) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`dt` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00',
`lastchange` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`ip` varchar(46) NOT NULL DEFAULT '',
`language` varchar(50) DEFAULT NULL,
`status` enum('0','1','2','3','4','5') NOT NULL DEFAULT '0',
`firstreply` timestamp NULL DEFAULT NULL,
`closedat` timestamp NULL DEFAULT NULL,
`articles` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
`ip` varchar(45) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`language` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,
`status` enum('0','1','2','3','4','5') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`openedby` smallint(5) unsigned DEFAULT '0',
`firstreplyby` smallint(5) unsigned DEFAULT NULL,
`closedby` smallint(5) unsigned DEFAULT NULL,
`replies` smallint(5) unsigned NOT NULL DEFAULT '0',
`staffreplies` smallint(5) unsigned NOT NULL DEFAULT '0',
`owner` smallint(5) unsigned NOT NULL DEFAULT '0',
`time_worked` time NOT NULL DEFAULT '00:00:00',
`lastreplier` enum('0','1') NOT NULL DEFAULT '0',
`lastreplier` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`replierid` smallint(5) unsigned DEFAULT NULL,
`archive` enum('0','1') NOT NULL DEFAULT '0',
`locked` enum('0','1') NOT NULL DEFAULT '0',
`attachments` mediumtext NOT NULL,
`merged` mediumtext NOT NULL,
`history` mediumtext NOT NULL,
`custom1` mediumtext NOT NULL,
`custom2` mediumtext NOT NULL,
`custom3` mediumtext NOT NULL,
`custom4` mediumtext NOT NULL,
`custom5` mediumtext NOT NULL,
`custom6` mediumtext NOT NULL,
`custom7` mediumtext NOT NULL,
`custom8` mediumtext NOT NULL,
`custom9` mediumtext NOT NULL,
`custom10` mediumtext NOT NULL,
`custom11` mediumtext NOT NULL,
`custom12` mediumtext NOT NULL,
`custom13` mediumtext NOT NULL,
`custom14` mediumtext NOT NULL,
`custom15` mediumtext NOT NULL,
`custom16` mediumtext NOT NULL,
`custom17` mediumtext NOT NULL,
`custom18` mediumtext NOT NULL,
`custom19` mediumtext NOT NULL,
`custom20` mediumtext NOT NULL,
`archive` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`locked` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`attachments` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`merged` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`history` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom1` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom2` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom3` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom4` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom5` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom6` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom7` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom8` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom9` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom10` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom11` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom12` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom13` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom14` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom15` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom16` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom17` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom18` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom19` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`custom20` mediumtext COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`id`),
KEY `trackid` (`trackid`),
KEY `archive` (`archive`),
KEY `categories` (`category`),
KEY `statuses` (`status`),
KEY `owner` (`owner`)
KEY `owner` (`owner`),
KEY `openedby` (`openedby`,`firstreplyby`,`closedby`),
KEY `dt` (`dt`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
");
// -> Ticket templates
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` (
`id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`title` varchar(100) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
`tpl_order` smallint(5) unsigned NOT NULL DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
");
// -> Users
hesk_dbQuery("
CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (
`id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`user` varchar(20) NOT NULL DEFAULT '',
`pass` char(40) NOT NULL,
`isadmin` enum('0','1') NOT NULL DEFAULT '0',
`name` varchar(50) NOT NULL DEFAULT '',
`email` varchar(255) NOT NULL DEFAULT '',
`signature` varchar(255) NOT NULL DEFAULT '',
`language` varchar(50) DEFAULT NULL,
`categories` varchar(255) NOT NULL DEFAULT '',
`afterreply` enum('0','1','2') NOT NULL DEFAULT '0',
`autostart` enum('0','1') NOT NULL DEFAULT '1',
`notify_new_unassigned` enum('0','1') NOT NULL DEFAULT '1',
`notify_new_my` enum('0','1') NOT NULL DEFAULT '1',
`notify_reply_unassigned` enum('0','1') NOT NULL DEFAULT '1',
`notify_reply_my` enum('0','1') NOT NULL DEFAULT '1',
`notify_assigned` enum('0','1') NOT NULL DEFAULT '1',
`notify_pm` enum('0','1') NOT NULL DEFAULT '1',
`notify_note` enum('0','1') NOT NULL DEFAULT '1',
`default_list` varchar(255) NOT NULL DEFAULT '',
`autoassign` enum('0','1') NOT NULL DEFAULT '1',
`heskprivileges` mediumtext NOT NULL,
`user` varchar(20) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`pass` char(40) COLLATE utf8_unicode_ci NOT NULL,
`isadmin` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`name` varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`email` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`signature` varchar(1000) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`language` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,
`categories` varchar(500) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`afterreply` enum('0','1','2') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
`autostart` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`notify_customer_new` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`notify_customer_reply` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`show_suggested` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`notify_new_unassigned` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`notify_new_my` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`notify_reply_unassigned` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`notify_reply_my` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`notify_assigned` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`notify_pm` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`notify_note` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`default_list` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`autoassign` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
`heskprivileges` varchar(1000) COLLATE utf8_unicode_ci DEFAULT NULL,
`ratingneg` mediumint(8) unsigned NOT NULL DEFAULT '0',
`ratingpos` mediumint(8) unsigned NOT NULL DEFAULT '0',
`rating` float NOT NULL DEFAULT '0',
@ -470,7 +571,7 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
");
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (`id`, `user`, `pass`, `isadmin`, `name`, `email`, `signature`, `heskprivileges`) VALUES (1, '".hesk_dbEscape($_SESSION['admin_user'])."', '".hesk_dbEscape($_SESSION['admin_hash'])."', '1', 'Your name', 'you@me.com', 'Sincerely,\r\n\r\nYour name\r\nYour website\r\nhttp://www.yourwebsite.com', '')");
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (`id`, `user`, `pass`, `isadmin`, `name`, `email`, `heskprivileges`) VALUES (1, '".hesk_dbEscape($_SESSION['admin_user'])."', '".hesk_dbEscape($_SESSION['admin_hash'])."', '1', 'Your name', 'you@me.com', '')");
return true;
@ -512,11 +613,10 @@ function hesk_iSaveSettings()
}
$set['debug_mode'] = 0;
$set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", $set['email_providers']) . "'" : '';
$set['notify_spam_tags'] = count($set['notify_spam_tags']) ? "'" . implode("','", $set['notify_spam_tags']) . "'" : '';
// Check if PHP version is 5.2.3+ and MySQL is 5.0.7+
$res = hesk_dbQuery('SELECT VERSION() AS version');
$set['db_vrsn'] = (version_compare(PHP_VERSION, '5.2.3') >= 0 && version_compare( hesk_dbResult($res) , '5.0.7') >= 0) ? 1 : 0;
// Check if PHP version is 5.2.3+
$set['db_vrsn'] = (version_compare(PHP_VERSION, '5.2.3') >= 0) ? 1 : 0;
hesk_iSaveSettingsFile($set);

60
install/install_functions.inc.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -36,8 +36,10 @@
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
// We will be installing this HESK version:
define('HESK_NEW_VERSION','2.5.5');
define('HESK_NEW_VERSION','2.6.0 beta 1');
define('MODS_FOR_HESK_NEW_VERSION','1.7.0');
define('REQUIRE_PHP_VERSION','5.0.0');
define('REQUIRE_MYSQL_VERSION','5.0.7');
// Other required files and settings
define('INSTALL',1);
@ -134,6 +136,13 @@ function hesk_iTestDatabaseConnection()
hesk_iDatabase(1);
}
// Check MySQL version
define('MYSQL_VERSION', hesk_dbResult( hesk_dbQuery('SELECT VERSION() AS version') ) );
if ( version_compare(MYSQL_VERSION,REQUIRE_MYSQL_VERSION,'<') )
{
hesk_iDatabase(5);
}
return $hesk_db_link;
} // END hesk_iTestDatabaseConnection()
@ -187,19 +196,23 @@ $hesk_settings[\'reply_top\']=' . $set['reply_top'] . ';
// --> Features
$hesk_settings[\'autologin\']=' . $set['autologin'] . ';
$hesk_settings[\'autoassign\']=' . $set['autoassign'] . ';
$hesk_settings[\'custclose\']=' . $set['custclose'] . ';
$hesk_settings[\'custopen\']=' . $set['custopen'] . ';
$hesk_settings[\'rating\']=' . $set['rating'] . ';
$hesk_settings[\'cust_urgency\']=' . $set['cust_urgency'] . ';
$hesk_settings[\'sequential\']=' . $set['sequential'] . ';
$hesk_settings[\'time_worked\']=' . $set['time_worked'] . ';
$hesk_settings[\'spam_notice\']=' . $set['spam_notice'] . ';
$hesk_settings[\'list_users\']=' . $set['list_users'] . ';
$hesk_settings[\'debug_mode\']=' . $set['debug_mode'] . ';
$hesk_settings[\'short_link\']=' . $set['short_link'] . ';
$hesk_settings[\'select_cat\']=' . $set['select_cat'] . ';
$hesk_settings[\'select_pri\']=' . $set['select_pri'] . ';
// --> SPAM Prevention
$hesk_settings[\'secimg_use\']=' . $set['secimg_use'] . ';
$hesk_settings[\'secimg_sum\']=\'' . $set['secimg_sum'] . '\';
$hesk_settings[\'recaptcha_use\']=' . $set['recaptcha_use'] . ';
$hesk_settings[\'recaptcha_ssl\']=' . $set['recaptcha_ssl'] . ';
$hesk_settings[\'recaptcha_public_key\']=\'' . $set['recaptcha_public_key'] . '\';
$hesk_settings[\'recaptcha_private_key\']=\'' . $set['recaptcha_private_key'] . '\';
$hesk_settings[\'question_use\']=' . $set['question_use'] . ';
@ -209,6 +222,7 @@ $hesk_settings[\'question_ans\']=\'' . $set['question_ans'] . '\';
// --> Security
$hesk_settings[\'attempt_limit\']=' . $set['attempt_limit'] . ';
$hesk_settings[\'attempt_banmin\']=' . $set['attempt_banmin'] . ';
$hesk_settings[\'reset_pass\']=' . $set['reset_pass'] . ';
$hesk_settings[\'email_view_ticket\']=' . $set['email_view_ticket'] . ';
// --> Attachments
@ -238,6 +252,7 @@ $hesk_settings[\'kb_popart\']=' . $set['kb_popart'] . ';
$hesk_settings[\'kb_latest\']=' . $set['kb_latest'] . ';
$hesk_settings[\'kb_index_popart\']=' . $set['kb_index_popart'] . ';
$hesk_settings[\'kb_index_latest\']=' . $set['kb_index_latest'] . ';
$hesk_settings[\'kb_related\']=' . $set['kb_related'] . ';
// ==> EMAIL
@ -257,6 +272,7 @@ $hesk_settings[\'email_piping\']=' . $set['email_piping'] . ';
// --> POP3 Fetching
$hesk_settings[\'pop3\']=' . $set['pop3'] . ';
$hesk_settings[\'pop3_job_wait\']=' . $set['pop3_job_wait'] . ';
$hesk_settings[\'pop3_host_name\']=\'' . $set['pop3_host_name'] . '\';
$hesk_settings[\'pop3_host_port\']=' . $set['pop3_host_port'] . ';
$hesk_settings[\'pop3_tls\']=' . $set['pop3_tls'] . ';
@ -272,14 +288,29 @@ $hesk_settings[\'loop_time\']=' . $set['loop_time'] . ';
$hesk_settings[\'detect_typos\']=' . $set['detect_typos'] . ';
$hesk_settings[\'email_providers\']=array(' . $set['email_providers'] . ');
// --> Notify customer when
$hesk_settings[\'notify_new\']=' . $set['notify_new'] . ';
$hesk_settings[\'notify_skip_spam\']=' . $set['notify_skip_spam'] . ';
$hesk_settings[\'notify_spam_tags\']=array(' . $set['notify_spam_tags'] . ');
$hesk_settings[\'notify_closed\']=' . $set['notify_closed'] . ';
// --> Other
$hesk_settings[\'strip_quoted\']=' . $set['strip_quoted'] . ';
$hesk_settings[\'eml_req_msg\']=' . $set['eml_req_msg'] . ';
$hesk_settings[\'save_embedded\']=' . $set['save_embedded'] . ';
$hesk_settings[\'multi_eml\']=' . $set['multi_eml'] . ';
$hesk_settings[\'confirm_email\']=' . $set['confirm_email'] . ';
$hesk_settings[\'open_only\']=' . $set['open_only'] . ';
// ==> TICKET LIST
$hesk_settings[\'ticket_list\']=array(\'' . implode('\',\'',$set['ticket_list']) . '\');
// --> Other
$hesk_settings[\'updatedformat\']=\'' . $set['updatedformat'] . '\';
// ==> MISC
// --> Date & Time
@ -289,6 +320,8 @@ $hesk_settings[\'daylight\']=' . $set['daylight'] . ';
$hesk_settings[\'timeformat\']=\'' . $set['timeformat'] . '\';
// --> Other
$hesk_settings[\'ip_whois\']=\'' . $set['ip_whois'] . '\';
$hesk_settings[\'maintenance_mode\']=' . $set['maintenance_mode'] . ';
$hesk_settings[\'alink\']=' . $set['alink'] . ';
$hesk_settings[\'submit_notice\']=' . $set['submit_notice'] . ';
$hesk_settings[\'online\']=' . $set['online'] . ';
@ -388,6 +421,12 @@ function hesk_iDatabase($problem=0)
To install a new copy of HESK use the <a href="index.php">New install</a> option instead.';
echo '</div>';
}
elseif ($problem == 5)
{
hesk_show_error('MySQL version <b>'.REQUIRE_MYSQL_VERSION.'+</b> required, you are using: <b>' . MYSQL_VERSION . '</b><br /><br />
You are using and old and insecure MySQL version with known bugs, security issues and outdated functionality.<br /><br />
Ask your hosting company to update your MySQL version.');
}
?>
<div class="form-group">
@ -446,10 +485,10 @@ function hesk_iCheckSetup()
$correct_these = array();
// 1. PHP 5+ required
if ( function_exists('version_compare') && version_compare(PHP_VERSION,'5.0.0','<') )
if ( function_exists('version_compare') && version_compare(PHP_VERSION,REQUIRE_PHP_VERSION,'<') )
{
$correct_these[] = '
PHP version <b>5.0+</b> required, you are using: <b>' . PHP_VERSION . '</b><br /><br />
PHP version <b>'.REQUIRE_PHP_VERSION.'+</b> required, you are using: <b>' . PHP_VERSION . '</b><br /><br />
You are using and old and insecure PHP version with known bugs, security issues and outdated functionality.<br /><br />
Ask your hosting company to update your PHP version.
';
@ -548,16 +587,19 @@ function hesk_iCheckSetup()
'emails/','language/english.php',
// pre-2.3 files
'secimg.inc.php','hesk_style.css',
'secimg.inc.php',
// pre-2.4 files
'hesk_style_v23.css','hesk_javascript.js','help_files/','TreeMenu.js',
'hesk_style_v23.css','help_files/','TreeMenu.js',
// malicious files that were found on some websites illegally redistributing HESK
'inc/tiny_mce/utils/r00t10.php', 'language/en/help_files/r00t10.php',
// pre-2.5 files
'hesk_style_v24.css', 'hesk_javascript_v24.js',
// pre-2.6 files
'hesk_style_v25.css', 'hesk_javascript_v25.js',
);
sort($old_files);
@ -782,11 +824,11 @@ function hesk_iHeader()
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<link rel="stylesheet" href="../css/bootstrap.css">
<link rel="stylesheet" href="../css/bootstrap-theme.css">
<link href="../css/hesk_style_v25.css" type="text/css" rel="stylesheet" />
<link href="../hesk_style.css?<?php echo HESK_NEW_VERSION; ?>" type="text/css" rel="stylesheet" />
<link href="../css/hesk_newStyle.php" type="text/css" rel="stylesheet" />
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="../js/jquery-1.10.2.min.js"></script>
<script language="Javascript" type="text/javascript" src="../hesk_javascript_v25.js"></script>
<script language="Javascript" type="text/javascript" src="../hesk_javascript.js?<?php echo HESK_NEW_VERSION; ?>"></script>
<script language="Javascript" type="text/javascript" src="../js/bootstrap.min.js"></script>

78
knowledgebase.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -39,6 +39,11 @@ define('HESK_PATH','./');
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/knowledgebase_functions.inc.php');
// Are we in maintenance mode?
hesk_check_maintenance();
// Load Knowledgebase-related functions
hesk_load_database_functions();
/* Is Knowledgebase enabled? */
@ -182,7 +187,7 @@ function hesk_kb_search($query) {
require_once(HESK_PATH . 'inc/header.inc.php');
hesk_kb_header($hesk_settings['kb_link']);
$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, t1.`content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1
$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, LEFT(`t1`.`content`, '.max(200, $hesk_settings['kb_substrart'] * 2).') AS `content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1
LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS t2 ON t1.`catid` = t2.`id`
WHERE t1.`type`='0' AND t2.`type`='0' AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT " . intval($hesk_settings['kb_search_limit']));
$num = hesk_dbNumRows($res);
@ -269,7 +274,7 @@ function hesk_show_kb_article($artid)
// Update views by 1 - exclude known bots and reloads because of ratings
if ( ! isset($_GET['rated']) && ! hesk_detect_bots())
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`='".intval($artid)."' LIMIT 1");
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
}
echo '<h3 class="text-left">'.$article['subject'].'</h3>
@ -290,6 +295,7 @@ function hesk_show_kb_article($artid)
echo '</p>';
}
// Article rating
if ($hesk_settings['kb_rating'] && strpos( hesk_COOKIE('hesk_kb_rate'),'a'.$artid.'%')===false )
{
echo '
@ -300,6 +306,55 @@ function hesk_show_kb_article($artid)
';
}
// Related articles
if ($hesk_settings['kb_related'])
{
require(HESK_PATH . 'inc/mail/email_parser.php');
$query = hesk_dbEscape( $article['subject'] . ' ' . convert_html_to_text($article['content']) );
// Get relevant articles from the database
$res = hesk_dbQuery("SELECT t1.`id`, t1.`subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `".hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS t2 ON t1.`catid` = t2.`id` WHERE t1.`type`='0' AND t2.`type`='0' AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT ".intval($hesk_settings['kb_related']+1));
// Array with related articles
$related_articles = array();
while ($related = hesk_dbFetchAssoc($res))
{
// Get base match score from the first article
if ( ! isset($base_score) )
{
$base_score = $related['score'];
}
// Ignore this article
if ( $related['id'] == $artid )
{
continue;
}
// Stop when articles reach less than 10% of base score
if ($related['score'] / $base_score < 0.10)
{
break;
}
// This is a valid related article
$related_articles[$related['id']] = $related['subject'];
}
// Print related articles if we have any valid matches
if ( count($related_articles) )
{
echo '<fieldset><legend>'.$hesklang['relart'].'</legend>';
foreach ($related_articles as $id => $subject)
{
echo '<img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle;padding:2px;" /> <a href="knowledgebase.php?article='.$id.'">'.$subject.'</a><br />';
}
echo '</fieldset>';
}
}
if ($article['catid']==1)
{
$link = 'knowledgebase.php';
@ -361,7 +416,7 @@ function hesk_show_kb_article($artid)
function hesk_show_kb_category($catid, $is_search = 0) {
global $hesk_settings, $hesklang;
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='{$catid}' AND `type`='0' LIMIT 1");
$res = hesk_dbQuery("SELECT `name`,`parent` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='{$catid}' AND `type`='0' LIMIT 1");
$thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']);
if ($is_search == 0)
@ -372,6 +427,17 @@ function hesk_show_kb_category($catid, $is_search = 0) {
hesk_kb_header($hesk_settings['kb_link']);
}
// If we are in "Knowledgebase only" mode show system messages
if ($catid == 1 && hesk_check_kb_only(false) )
{
// Service messages
$res = hesk_dbQuery('SELECT `title`, `message`, `style` FROM `'.hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `type`='0' ORDER BY `order` ASC");
while ($sm=hesk_dbFetchAssoc($res))
{
hesk_service_message($sm);
}
}
if ($thiscat['parent'])
{
$link = ($thiscat['parent'] == 1) ? 'knowledgebase.php' : 'knowledgebase.php?category='.$thiscat['parent'];
@ -382,7 +448,7 @@ function hesk_show_kb_category($catid, $is_search = 0) {
';
}
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='{$catid}' AND `type`='0' ORDER BY `parent` ASC, `cat_order` ASC");
$result = hesk_dbQuery("SELECT `id`,`name`,`articles` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='{$catid}' AND `type`='0' ORDER BY `cat_order` ASC");
if (hesk_dbNumRows($result) > 0)
{
?>
@ -486,7 +552,7 @@ function hesk_show_kb_category($catid, $is_search = 0) {
<td>
<?php
$res = hesk_dbQuery("SELECT `id`, `subject`, `content`, `rating` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='{$catid}' AND `type`='0' ORDER BY `sticky` DESC, `art_order` ASC");
$res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, ".max(200, $hesk_settings['kb_substrart'] * 2).") AS `content`, `rating` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='{$catid}' AND `type`='0' ORDER BY `sticky` DESC, `art_order` ASC");
if (hesk_dbNumRows($res) == 0)
{
echo '<p><i>'.$hesklang['noac'].'</i></p>';

219
language/en/text.php
Unescape Escape View File

@ -2,11 +2,11 @@
/*
* Language file for Help Desk Software HESK (www.hesk.com)
* Language: ENGLISH
* Version: 2.5.5
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn (http://www.hesk.com)
*
* !!! This file must be saved in UTF-8 encoding without byte order mark (BOM) !!!
* Test chars: àáâãäåæ
* Test chars: àáâãäåæ
*/
// Change "English" to the name of your language
@ -21,6 +21,13 @@ $hesklang['_COLLATE']='utf8_unicode_ci';
// This is the email break line that will be used in email piping
$hesklang['EMAIL_HR']='------ Reply above this line ------';
// ADDED OR MODIFIED IN Mods For HESK 2.0.0
$hesklang['saved_ticket_tpl'] = 'Saved Templates';
$hesklang['new_ticket_tpl']='Add or Edit a Ticket Template';
$hesklang['and_change_status_to'] = 'and change status to'; // Used in combination with $hesklang['submit_reply'] (Reads as "Submit reply and change status to")
$hesklang['closed_title'] = 'Closed';
// ADDED OR MODIFIED IN Mods For HESK 1.7.0
$hesklang['date_custom_field'] = 'Date';
$hesklang['date_custom_field_text'] = 'No options for this custom field type.';
@ -182,6 +189,7 @@ $hesklang['category_moved'] = '[#%%TRACK_ID%%] Ticket moved: %%SUBJECT%%
$hesklang['new_note'] = '[#%%TRACK_ID%%] Note added to: %%SUBJECT%%';
$hesklang['new_pm'] = 'New private message: %%SUBJECT%%';
$hesklang['forgot_ticket_id'] = 'List of your support tickets';
$hesklang['ticket_closed'] = '[#%%TRACK_ID%%] Ticket closed/resolved'; // New in 2.6.0
// ERROR MESSAGES
$hesklang['cant_connect_db']='Can\'t connect to database!';
@ -224,7 +232,6 @@ $hesklang['enter_real_name']='Please enter user real name';
$hesklang['enter_valid_email']='Please enter a valid email address';
$hesklang['enter_username']='Please enter username (login)';
$hesklang['asign_one_cat']='Please assign user to at least one category!';
$hesklang['signature_long']='User signature is too long! Please limit the signature to 255 chars';
$hesklang['confirm_user_pass']='Please confirm password';
$hesklang['passwords_not_same']='The two passwords entered are not the same!';
$hesklang['cant_del_admin']='You cannot delete the default administrator!';
@ -335,7 +342,6 @@ $hesklang['edit']='Edit';
$hesklang['add_user']='Add new user';
$hesklang['req_marked_with']='Required fields are marked with';
$hesklang['real_name']='Real name';
$hesklang['signature_max']='Signature<br/> (max 255 chars)';
$hesklang['sign_extra']='HTML code is not allowed. Links will be clickable.';
$hesklang['create_user']='Create user';
$hesklang['editing_user']='Editing user';
@ -656,7 +662,6 @@ $hesklang['t_m']='minutes';
$hesklang['day']='Daylight saving';
$hesklang['tfor']='Time format';
$hesklang['prefix']='Table prefix';
$hesklang['s_ekb']='Knowledgebase (KB)';
$hesklang['s_kbs']='Enable KB search';
$hesklang['s_kbr']='Enable KB rating';
$hesklang['s_maxsr']='Max search results';
@ -1266,10 +1271,6 @@ $hesklang['n2ex']='No tickets found matching your criteria, nothing to export!';
$hesklang['sp']='SPAM Prevention'; // For settings page
$hesklang['sit']='-&gt; Image Type';
$hesklang['sis']='Simple image';
$hesklang['sir']='ReCaptcha';
$hesklang['rcpb']='Public key';
$hesklang['rcpv']='Private key';
$hesklang['rcsl']='Use SSL';
$hesklang['pop3keep']='Keep a copy';
$hesklang['err_dbconn']='Could not connect to MySQL database using provided information!';
$hesklang['s_inle']='Testing the language folder for valid languages. Only languages that pass all tests are properly installed.';
@ -1316,6 +1317,206 @@ $hesklang['incorrect_try_again']='Incorrect. Try again.';
$hesklang['image_alt_text']='reCAPTCHA challenge image';
$hesklang['recaptcha_error']='Incorrect SPAM Prevention answer, please try again.';
// Added or modified in version 2.6.0
$hesklang['ms01']='Jan';
$hesklang['ms02']='Feb';
$hesklang['ms03']='Mar';
$hesklang['ms04']='Apr';
$hesklang['ms05']='May';
$hesklang['ms06']='Jun';
$hesklang['ms07']='Jul';
$hesklang['ms08']='Aug';
$hesklang['ms09']='Sep';
$hesklang['ms10']='Oct';
$hesklang['ms11']='Nov';
$hesklang['ms12']='Dec';
$hesklang['lcf']='List date format';
$hesklang['lcf0']='Short descriptive';
$hesklang['lcf1']='Date and time';
$hesklang['lcf2']='HESK style';
$hesklang['ticket_tpl']='Ticket templates';
$hesklang['can_man_ticket_tpl']='Manage ticket templates'; // Permission title
$hesklang['ticket_tpl_man']='Manage ticket templates'; // Page/link title
$hesklang['ticket_tpl_intro']='Create and edit ticket templates that you can use to quickly submit new tickets from the admin interface.';
$hesklang['no_ticket_tpl']='No ticket templates';
$hesklang['ticket_tpl_title']='Title';
$hesklang['delete_tpl']='Are you sure you want to delete this template?';
$hesklang['ticket_tpl_add']='Create a new ticket template';
$hesklang['ticket_tpl_edit']='Edit selected ticket template';
$hesklang['save_ticket_tpl']='Save ticket template';
$hesklang['ticket_tpl_saved']='Your ticket template has been saved for future use';
$hesklang['ticket_tpl_removed']='Selected ticket template has been removed from the database';
$hesklang['ticket_tpl_not_found']='Ticket template not found';
$hesklang['sel_ticket_tpl']='Select the ticket template you would like to edit';
$hesklang['ent_ticket_tpl_title']='Please enter reply title';
$hesklang['ent_ticket_tpl_msg']='Please enter reply message';
$hesklang['ticket_tpl_id']='Missing ticket template ID';
$hesklang['select_ticket_tpl']='Select a ticket template';
$hesklang['list_tickets_cat']='List all tickets in this category';
$hesklang['def_msg']='[No message]';
$hesklang['emlreqmsg']='Require message';
$hesklang['emlreqmsg2']='Ignore piped/fetched emails with no message';
$hesklang['relart']='Related articles'; // Title of related articles box
$hesklang['s_relart']='Related articles'; // On settings page
$hesklang['tab_7']='Ticket list';
$hesklang['fitl']='Fields in ticket list';
$hesklang['submitted']='Submitted';
$hesklang['clickemail']='View';
$hesklang['set_pri_to']='Set priority to:'; // Action below the ticket list
$hesklang['pri_set_to']='Priority has been set to:';
$hesklang['cat_pri']='The category priority will be used when customers are not allowed to select priority and a ticket is submitted from the customer interface.';
$hesklang['cat_pri_info']='Your customers are allowed to select priority, so category priority will be ignored.<br /><br />To use category priority instead, turn OFF the following feature in HESK settings:';
$hesklang['def_pri']='Category priority:';
$hesklang['ch_cat_pri']='Set category priority';
$hesklang['cat_pri_ch']='Category priority has been set to:';
$hesklang['err_dbversion']='Too old MySQL version:'; // %s will be replaced with MySQL version
$hesklang['signature_max']='Signature (max 1000 chars)';
$hesklang['signature_long']='User signature is too long! Please limit the signature to 1000 chars';
$hesklang['ip_whois']='IP whois';
$hesklang['ednote']='Edit note message';
$hesklang['ednote2']='Note message saved';
$hesklang['perm_deny']='Permission denied';
$hesklang['mis_note']='Missing note ID';
$hesklang['no_note']='Note with this ID not found';
$hesklang['save_reply']='Save and continue later';
$hesklang['reply_saved']='Your reply message has been saved for later.';
$hesklang['submit_as']='Submit as:';
$hesklang['sasc']='Submit as Customer reply';
$hesklang['creb']='Customer reply entered by:';
$hesklang['show_select']='Show &quot;Click to select&quot; as default option';
// Settings
$hesklang['mms']='Maintenance mode';
$hesklang['mmd']='Enable maintenance mode';
// Customer notice
$hesklang['mm1']='Maintenance in progress';
$hesklang['mm2']='In order to perform scheduled maintenance, our help desk has shut down temporarily.';
$hesklang['mm3']='We apologize for the inconvenience and ask that you please try again later.';
// Staff notice
$hesklang['mma1']='Maintenance mode is active!';
$hesklang['mma2']='Customers are not able to use the help desk.';
$hesklang['tools']='Tools';
$hesklang['banemail']='Banned Emails';
$hesklang['banemail_intro']='Prevent certain email addresses from submitting tickets to your help desk.';
$hesklang['no_banemails']='<i>No emails are being banned.</i>';
$hesklang['eperm']='Permanent email bans:';
$hesklang['bananemail']='Email address to ban';
$hesklang['savebanemail']='Ban this email';
$hesklang['enterbanemail']='Enter the email address you wish to ban.';
$hesklang['validbanemail']='Enter a valid email address (<i>john.doe@domain.com</i>) or email domain (<i>@domain.com</i>)';
$hesklang['email_banned']='The email address <i>%s</i> was banned and HESK will no longer accept tickets from this address.'; // %s will be replaced with email
$hesklang['emailbanexists']='The email address <i>%s</i> is already banned.'; // %s will be replaced with email
$hesklang['email_unbanned']='Email ban deleted';
$hesklang['banby']='Banned by';
$hesklang['delban']='Delete ban';
$hesklang['delban_confirm']='Delete this ban?';
$hesklang['baned_e']='You have been banned from submiting new support tickets.';
$hesklang['baned_ip']='You have been banned from this help desk';
$hesklang['can_ban_emails']='Can ban emails';
$hesklang['can_unban_emails']='Can unban emails (enables Can ban emails)';
$hesklang['eisban']='This email address is banned.';
$hesklang['click_unban']='Click here to unban.';
$hesklang['banip']='Banned IPs';
$hesklang['banip_intro']='Visitors from banned IP addresses will not be able to view or submit tickets and login into the help desk.';
$hesklang['ipperm']='Permanent IP bans:';
$hesklang['iptemp']='Login failure bans:';
$hesklang['savebanip']='Ban this IP';
$hesklang['no_banips']='<i>No IPs are being banned.</i>';
$hesklang['bananip']='IP address to ban';
$hesklang['banex']='Examples:';
$hesklang['iprange']='IP range';
$hesklang['savebanip']='Ban this IP';
$hesklang['ippermban']='Ban this IP permanently';
$hesklang['enterbanip']='Enter the IP address or range you wish to ban.';
$hesklang['validbanip']='Enter a valid IP address or IP range';
$hesklang['ip_banned']='The IP address <i>%s</i> was banned and HESK will no longer accept tickets from this IP address.'; // %s will be replaced with ip
$hesklang['ip_rbanned']='The IP range <i>%s</i> was banned and HESK will no longer accept tickets from this IP range.'; // %s will be replaced with ip
$hesklang['ipbanexists']='The IP address <i>%s</i> is already banned.'; // %s will be replaced with ip
$hesklang['iprbanexists']='The IP range <i>%s</i> is already banned.'; // %s will be replaced with ip
$hesklang['ip_unbanned']='IP ban deleted';
$hesklang['ip_tempun']='Temporary IP ban deleted';
$hesklang['can_ban_ips']='Can ban ips';
$hesklang['can_unban_ips']='Can unban ips (enables Can ban ips)';
$hesklang['ipisban']='This IP address is banned.';
$hesklang['m2e']='Expires in (minutes)';
$hesklang['info']='Info';
$hesklang['sm_title']='Service messages';
$hesklang['sm_intro']='Display a service message in the customer area, for example to notify them about known issues and important news.';
$hesklang['can_service_msg']='Edit service messages';
$hesklang['new_sm']='New service message';
$hesklang['edit_sm']='Edit service message';
$hesklang['ex_sm']='Existing service messages';
$hesklang['sm_author']='Author';
$hesklang['sm_type']='Type';
$hesklang['sm_published']='Published';
$hesklang['sm_draft']='Draft';
$hesklang['sm_style']='Style';
$hesklang['sm_none']='None';
$hesklang['sm_success']='Success';
$hesklang['sm_info']='Info';
$hesklang['sm_notice']='Notice';
$hesklang['sm_error']='Error';
$hesklang['sm_save']='Save service message';
$hesklang['sm_preview']='Preview service message';
$hesklang['sm_mtitle']='Title';
$hesklang['sm_msg']='Message';
$hesklang['sm_e_title']='Enter service message title';
$hesklang['sm_e_msg']='Enter service message';
$hesklang['sm_e_id']='Missing message ID';
$hesklang['sm_added']='A new service message has been added';
$hesklang['sm_deleted']='Service message deleted';
$hesklang['sm_not_found']='This service message does not exist';
$hesklang['no_sm']='No service messages';
$hesklang['del_sm']='Delete this service message?';
$hesklang['sm_mdf']='Service message has been saved';
$hesklang['sska']='Show suggested articles';
$hesklang['taws']='These articles were suggested:';
$hesklang['defaults']='Defaults';
$hesklang['pncn']='Select notify customer option in the new ticket form';
$hesklang['pncr']='Select notify customer option in the ticket reply form';
$hesklang['pssy']='Show what knowledgebase articles were suggested to customers';
$hesklang['ccct']='Customer resolve';
$hesklang['custnot']='Notify customers when';
$hesklang['notnew']='A new support ticket is submitted';
$hesklang['notclo']='A support ticket is marked Resolved';
$hesklang['enn']='Except for Email piping/POP3 fetching if email subject contains:';
$hesklang['spamn']='SPAM notice';
$hesklang['spam_inbox']='<span style="color:red"><b>No confirmation email?</b><br />We sent a confirmation message to your email address. If you do not receive it within a few minutes, please check your Junk, Bulk or Spam folders. Mark the message as <b>Not SPAM</b> to avoid problems receiving our correspondence in the future.</span>';
$hesklang['s_ekb']='Enable Knowledgebase';
$hesklang['ekb_n']='<b>NO</b>, disable Knowledgebase';
$hesklang['ekb_y']='<b>YES</b>, enable Knowledgebase';
$hesklang['ekb_o']='<b>YES</b>, use HESK as a Knowledgebase only (<i>disable help desk</i>)';
$hesklang['kb_set']='Knowledgebase settings';
$hesklang['kbo1']='Knowledgebase-only mode';
$hesklang['kbo2']='<br /><br />Visitors cannot submit new support tickets and are taken directly to the knowledgebase.';
$hesklang['fpass']='Forgot your password?';
$hesklang['passr']='Password reset';
$hesklang['passa']='Allow users to reset a forgot password over email';
$hesklang['passe']='Enter your email address';
$hesklang['passs']='Send me password reset link';
$hesklang['noace']='No account with that email address was found';
$hesklang['pemls']='We sent you an email with instructions on how to reset your password';
$hesklang['reset_password']='Reset your help desk password'; // Email subject
$hesklang['ehash']='Invalid or expired password reset link';
$hesklang['ehaip']='Wrong IP address. Passwords may only be reset from the IP address that requested password reset.';
$hesklang['resim']='<b>Setup your new password in the form below!</b>';
$hesklang['permissions']='Permissions';
$hesklang['atype']='Account type';
$hesklang['astaff']='Staff';
$hesklang['oon1']='Send me only open tickets';
$hesklang['oon2']='Send me all my tickets';
$hesklang['anyown']='Any owner';
$hesklang['pfr']='Another POP3 fetching task is still in progress.';
$hesklang['pjt']='Task timeout';
$hesklang['pjt2']='minutes after start';
$hesklang['sir']='ReCaptcha V1 API (old)';
$hesklang['sir2']='ReCaptcha V2 API (recommended)';
$hesklang['rcpb']='Site key (Public key)';
$hesklang['rcpv']='Secret key (Private key)';
// Language for Google reCaptcha API version 2
// Supported language codes: https://developers.google.com/recaptcha/docs/language
// If your language is NOT in the supported langauges, leave 'en'
$hesklang['RECAPTCHA']='en';
// DO NOT CHANGE BELOW
if (!defined('IN_SCRIPT')) die('PHP syntax OK!');

2
modsForHesk_settings.inc.php
Unescape Escape View File

@ -23,4 +23,4 @@ $modsForHesk_settings['show_icons'] = 0;
$modsForHesk_settings['custom_field_setting'] = 0;
//-- Set this to 1 to enable email verification for new customers
$modsForHesk_settings['customer_email_verification_required'] = 0;$modsForHesk_settings['show_icons'] = 0;
$modsForHesk_settings['customer_email_verification_required'] = 0;

8
print.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -49,9 +49,13 @@ $trackingID = hesk_cleanID() or die("$hesklang[int_error]: $hesklang[no_trackID]
/* Connect to database */
hesk_dbConnect();
/* Verify email address match if needed */
// Perform additional checks for customers
if ( empty($_SESSION['id']) )
{
// Are we in maintenance mode?
hesk_check_maintenance();
// Verify email address match
hesk_verifyEmailMatch($trackingID);
}

9
reply_ticket.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -38,6 +38,10 @@ define('HESK_PATH','./');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
// Are we in maintenance mode?
hesk_check_maintenance();
hesk_load_database_functions();
require(HESK_PATH . 'inc/email_functions.inc.php');
require(HESK_PATH . 'inc/posting_functions.inc.php');
@ -169,7 +173,7 @@ $defaultNewTicketStatus = hesk_dbQuery($defaultNewTicketStatusQuery)->fetch_asso
$ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];
/* Update ticket as necessary */
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}',`lastreplier`='0' WHERE `id`='{$ticket['id']}' LIMIT 1");
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}' LIMIT 1");
// Insert reply into database
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ({$ticket['id']},'".hesk_dbEscape($ticket['name'])."','".hesk_dbEscape($message)."',NOW(),'".hesk_dbEscape($myattachments)."')");
@ -194,6 +198,7 @@ $info = array(
'attachments' => $myattachments,
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'id' => $ticket['id'],
);
// 2. Add custom fields to the array

104
submit_ticket.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -35,10 +35,24 @@
define('IN_SCRIPT',1);
define('HESK_PATH','./');
// Try to detect some simple SPAM bots
if ( ! isset($_POST['hx']) || $_POST['hx'] != 3 || ! isset($_POST['hy']) || $_POST['hy'] != '' || isset($_POST['phone']) )
{
header('HTTP/1.1 403 Forbidden');
exit();
}
// Get all the required files and functions
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'modsForHesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
// Are we in maintenance mode?
hesk_check_maintenance();
// Are we in "Knowledgebase only" mode?
hesk_check_kb_only();
hesk_load_database_functions();
require(HESK_PATH . 'inc/email_functions.inc.php');
require(HESK_PATH . 'inc/posting_functions.inc.php');
@ -102,7 +116,7 @@ if ($hesk_settings['question_use'])
if ($hesk_settings['secimg_use'] && ! isset($_SESSION['img_verified']))
{
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use'])
if ($hesk_settings['recaptcha_use'] == 1)
{
require(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
@ -119,7 +133,31 @@ if ($hesk_settings['secimg_use'] && ! isset($_SESSION['img_verified']))
{
$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
}
}
// Using ReCaptcha API v2?
elseif ($hesk_settings['recaptcha_use'] == 2)
{
require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php');
$resp = null;
$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
// Was there a reCAPTCHA response?
if ( isset($_POST["g-recaptcha-response"]) )
{
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response") );
}
if ($resp != null && $resp->success)
{
$_SESSION['img_verified']=true;
}
else
{
$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
}
}
// Using PHP generated image
else
{
@ -167,12 +205,39 @@ if ($hesk_settings['confirm_email'])
}
$tmpvar['category'] = intval( hesk_POST('category') ) or $hesk_error_buffer['category']=$hesklang['sel_app_cat'];
$tmpvar['priority'] = $hesk_settings['cust_urgency'] ? intval( hesk_POST('priority') ) : 3;
// Is priority a valid choice?
if ($tmpvar['priority'] < 1 || $tmpvar['priority'] > 3)
// Do we allow customer to select priority?
if ($hesk_settings['cust_urgency'])
{
$hesk_error_buffer['priority'] = $hesklang['sel_app_priority'];
$tmpvar['priority'] = intval( hesk_POST('priority') );
// We don't allow customers select "Critical". If priority is not valid set it to "low".
if ($tmpvar['priority'] < 1 || $tmpvar['priority'] > 3)
{
// If we are showing "Click to select" priority needs to be selected
if ($hesk_settings['select_pri'])
{
$tmpvar['priority'] = -1;
$hesk_error_buffer['priority'] = $hesklang['select_priority'];
}
else
{
$tmpvar['priority'] = 3;
}
}
}
// Priority will be selected based on the category selected
else
{
$res = hesk_dbQuery("SELECT `priority` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`=".intval($tmpvar['category']));
if ( hesk_dbNumRows($res) == 1 )
{
$tmpvar['priority'] = intval( hesk_dbResult($res) );
}
else
{
$tmpvar['priority'] = 3;
}
}
$tmpvar['subject'] = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer['subject']=$hesklang['enter_ticket_subject'];
@ -223,10 +288,13 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v)
}
$_POST[$k] = '';
}
$_SESSION["c_$k"]=hesk_POST_array($k);
}
elseif ($v['req'])
{
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
$_SESSION["c_$k"]=hesk_POST($k);
if (!strlen($tmpvar[$k]))
{
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
@ -247,7 +315,6 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v)
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
}
}
$_SESSION["c_$k"]=hesk_POST($k);
}
else
{
@ -255,6 +322,12 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v)
}
}
// Check bans
if ( ! isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR']) )
{
hesk_error($hesklang['baned_e']);
}
// Check maximum open tickets limit
$below_limit = true;
if ($hesk_settings['max_open'] && ! isset($hesk_error_buffer['email']) )
@ -326,6 +399,12 @@ if (count($hesk_error_buffer))
$tmpvar['message']=hesk_makeURL($tmpvar['message']);
$tmpvar['message']=nl2br($tmpvar['message']);
// Track suggested knowledgebase articles
if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && isset($_POST['suggested']) && is_array($_POST['suggested']) )
{
$tmpvar['articles'] = implode(',', array_unique( array_map('intval', $_POST['suggested']) ) );
}
// All good now, continue with ticket creation
$tmpvar['owner'] = 0;
$tmpvar['history'] = sprintf($hesklang['thist15'], hesk_date(), $tmpvar['name']);
@ -378,7 +457,10 @@ if ($createTicket)
$ticket = hesk_newTicket($tmpvar);
// Notify the customer
hesk_notifyCustomer();
if ($hesk_settings['notify_new'])
{
hesk_notifyCustomer();
}
// Need to notify staff?
// --> From autoassign?
@ -431,9 +513,9 @@ require_once(HESK_PATH . 'inc/header.inc.php');
hesk_show_success(
$hesklang['ticket_submitted'] . '<br /><br />' .
$hesklang['ticket_submitted_success'] . ': <b>' . $ticket['trackid'] . '</b><br /><br />
<a href="' . $hesk_settings['hesk_url'] . '/ticket.php?track=' . $ticket['trackid'] . '">' . $hesklang['view_your_ticket'] . '</a>'
$hesklang['ticket_submitted_success'] . ': <b>' . $ticket['trackid'] . '</b><br /><br /> ' .
($hesk_settings['notify_new'] && $hesk_settings['spam_notice'] ? $hesklang['spam_inbox'] . '<br /><br />' : '') .
'<a href="' . $hesk_settings['hesk_url'] . '/ticket.php?track=' . $ticket['trackid'] . '">' . $hesklang['view_your_ticket'] . '</a>'
);
} else
{

22
suggest_articles.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -49,7 +49,11 @@ $query = hesk_REQUEST('q') or die('');
hesk_dbConnect();
/* Get relevant articles from the database */
$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, t1.`content` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS t2 ON t1.`catid` = t2.`id` WHERE t1.`type`='0' AND t2.`type`='0' AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit']));
$res = hesk_dbQuery("SELECT t1.`id`, t1.`subject`, LEFT(t1.`content`, ".max(200, $hesk_settings['kb_substrart'] * 2).") AS `content`, MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') AS `score`
FROM `".hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1
LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS t2 ON t1.`catid` = t2.`id`
WHERE t1.`type`='0' AND t2.`type`='0' AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."')
LIMIT ".intval($hesk_settings['kb_search_limit']));
$num = hesk_dbNumRows($res);
/* Solve some spacing issues */
@ -69,9 +73,20 @@ if ( hesk_isREQUEST('p') )
}
else
{
$max_score = 0;
while ($article = hesk_dbFetchAssoc($res))
{
$txt = strip_tags($article['content']);
if ($article['score'] > $max_score)
{
$max_score = $article['score'];
}
if ($max_score && ($article['score'] / $max_score) < 0.25)
{
break;
}
$txt = strip_tags($article['content']);
if (strlen($txt) > $hesk_settings['kb_substrart'])
{
$txt = substr($txt, 0, $hesk_settings['kb_substrart']).'...';
@ -79,6 +94,7 @@ if ( hesk_isREQUEST('p') )
echo '
<a href="knowledgebase.php?article='.$article['id'].'&amp;suggest=1" target="_blank">'.$article['subject'].'</a>
<input type="hidden" name="suggested[]" value="'.$article['id'].'|'.stripslashes( hesk_input($article['subject']) ).'">
<br />'.$txt.'<br /><br />';
}
}

2
suggest_email.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************

26
ticket.php
Unescape Escape View File

@ -1,7 +1,7 @@
<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
@ -39,6 +39,10 @@ define('HESK_NO_ROBOTS',1);
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
// Are we in maintenance mode?
hesk_check_maintenance();
hesk_load_database_functions();
hesk_session_start();
@ -175,12 +179,12 @@ else
}
/* Get category name and ID */
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1");
$result = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1");
/* If this category has been deleted use the default category with ID 1 */
if (hesk_dbNumRows($result) != 1)
{
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1");
$result = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1");
}
$category = hesk_dbFetchAssoc($result);
@ -262,7 +266,7 @@ require_once(HESK_PATH . 'inc/header.inc.php');
<div class="col-md-2 col-md-offset-4 col-sm-12 close-ticket">
<p><?php $random=rand(10000,99999);
if ($ticket['isClosed'] == true && $ticket['locked'] != 1 && $hesk_settings['custopen']) {echo '<a href="change_status.php?track='.$trackingID.$hesk_settings['e_query'].'&amp;s=2&amp;Refresh='.$random.'&amp;token='.hesk_token_echo(0).'" title="'.$hesklang['open_action'].'">'.$hesklang['open_action'].'</a>';}
else {echo '<a href="change_status.php?track='.$trackingID.$hesk_settings['e_query'].'&amp;s=3&amp;Refresh='.$random.'&amp;token='.hesk_token_echo(0).'" title="'.$hesklang['close_action'].'">'.$hesklang['close_action'].'</a>';} ?></p>
elseif ($hesk_settings['custclose']) {echo '<a href="change_status.php?track='.$trackingID.$hesk_settings['e_query'].'&amp;s=3&amp;Refresh='.$random.'&amp;token='.hesk_token_echo(0).'" title="'.$hesklang['close_action'].'">'.$hesklang['close_action'].'</a>';} ?></p>
</div>
</div>
<div class="row medLowPriority">
@ -508,6 +512,20 @@ function print_form()
<input type="text" id="email" class="form-control" name="email" size="35" value="<?php echo $my_email; ?>" placeholder="<?php echo $hesklang['email']; ?>"/><input type="hidden" name="a" value="forgot_tid" />
</div>
</div>
<div class="form-group">
<div class="col-sm-12">
<div class="radio">
<label>
<input type="radio" name="open_only" value="1" <?php echo $hesk_settings['open_only'] ? 'checked="checked"' : ''; ?> /><?php echo $hesklang['oon1']; ?>
</label>
</div>
<div class="radio">
<label>
<input type="radio" name="open_only" value="0" <?php echo ! $hesk_settings['open_only'] ? 'checked="checked"' : ''; ?> /><?php echo $hesklang['oon2']; ?>
</label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-9">
<button type="submit" class="btn btn-default" value="<?php echo $hesklang['tid_send']; ?>"><?php echo $hesklang['tid_send']; ?></button>

Write Preview
Loading…
Cancel
Save