Merge pull request #115 from mkoch227/update-to-hesk-2-6-0
Update to HESK 2.6.0merge-requests/2/head
commit
a26b25e36c
@ -0,0 +1,338 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.0 beta 1 from 30th December 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
define('IN_SCRIPT',1);
|
||||
define('HESK_PATH','../');
|
||||
|
||||
/* Get all the required files and functions */
|
||||
require(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require(HESK_PATH . 'inc/common.inc.php');
|
||||
require(HESK_PATH . 'inc/admin_functions.inc.php');
|
||||
hesk_load_database_functions();
|
||||
|
||||
hesk_session_start();
|
||||
hesk_dbConnect();
|
||||
hesk_isLoggedIn();
|
||||
|
||||
/* Check permissions for this feature */
|
||||
hesk_checkPermission('can_ban_emails');
|
||||
$can_unban = hesk_checkPermission('can_unban_emails', 0);
|
||||
|
||||
// Define required constants
|
||||
define('LOAD_TABS',1);
|
||||
|
||||
// What should we do?
|
||||
if ( $action = hesk_REQUEST('a') )
|
||||
{
|
||||
if ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'banned_emails.php', 'NOTICE');}
|
||||
elseif ($action == 'ban') {ban_email();}
|
||||
elseif ($action == 'unban' && $can_unban) {unban_email();}
|
||||
}
|
||||
|
||||
/* Print header */
|
||||
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
|
||||
|
||||
/* Print main manage users page */
|
||||
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
||||
?>
|
||||
|
||||
<div class="row" style="padding: 20px">
|
||||
<ul class="nav nav-tabs" role="tablist">
|
||||
<li role="presentation" class="active">
|
||||
<a href="#"><?php echo $hesklang['banemail']; ?> <i class="fa fa-question-circle settingsquestionmark" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banemail_intro']); ?>')"></i></a>
|
||||
</li>
|
||||
<?php
|
||||
// Show a link to banned_ips.php if user has permission to do so
|
||||
if ( hesk_checkPermission('can_ban_ips',0) )
|
||||
{
|
||||
echo '
|
||||
<li role="presentation">
|
||||
<a title="' . $hesklang['banip'] . '" href="banned_ips.php">'.$hesklang['banip'].'</a>
|
||||
</li>';
|
||||
}
|
||||
// Show a link to status_message.php if user has permission to do so
|
||||
if ( hesk_checkPermission('can_service_msg',0) )
|
||||
{
|
||||
echo '
|
||||
<li role="presentation">
|
||||
<a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
|
||||
</li>';
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
<div class="tab-content summaryList tabPadding">
|
||||
<script language="javascript" type="text/javascript"><!--
|
||||
function confirm_delete()
|
||||
{
|
||||
if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {return true;}
|
||||
else {return false;}
|
||||
}
|
||||
//-->
|
||||
</script>
|
||||
<div class="row">
|
||||
<div class="col-md-8">
|
||||
<br><br>
|
||||
<?php
|
||||
/* This will handle error, success and notice messages */
|
||||
hesk_handle_messages();
|
||||
?>
|
||||
<form action="banned_emails.php" method="post" name="form1" role="form" class="form-horizontal">
|
||||
<div class="form-group">
|
||||
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['bananemail']; ?></label>
|
||||
<div class="col-sm-9">
|
||||
<input type="text" class="form-control" name="email" size="30" maxlength="255" placeholder="<?php echo $hesklang['email']; ?>">
|
||||
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
|
||||
<input type="hidden" name="a" value="ban" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="col-sm-9 col-sm-offset-3">
|
||||
<input type="submit" value="<?php echo $hesklang['savebanemail']; ?>" class="btn btn-default">
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
<div class="col-md-4">
|
||||
<h6 style="font-weight: bold"><?php echo $hesklang['banex']; ?></h6>
|
||||
<div class="footerWithBorder blankSpace"></div>
|
||||
<b>john@email.com</b><br />
|
||||
<b>@domain.com</b>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<?php
|
||||
|
||||
// Get banned emails from database
|
||||
$res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'banned_emails` ORDER BY `email` ASC');
|
||||
$num = hesk_dbNumRows($res);
|
||||
|
||||
echo '<h4>'.$hesklang['eperm'].'</h4>';
|
||||
if ($num < 1)
|
||||
{
|
||||
echo '<p>'.$hesklang['no_banemails'].'</p>';
|
||||
}
|
||||
else
|
||||
{
|
||||
// List of staff
|
||||
if ( ! isset($admins) )
|
||||
{
|
||||
$admins = array();
|
||||
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users`");
|
||||
while ($row=hesk_dbFetchAssoc($res2))
|
||||
{
|
||||
$admins[$row['id']]=$row['name'];
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
<table class="table table-hover">
|
||||
<thead>
|
||||
<tr>
|
||||
<th><?php echo $hesklang['email']; ?></th>
|
||||
<th><?php echo $hesklang['banby']; ?></th>
|
||||
<th><?php echo $hesklang['date']; ?></th>
|
||||
<?php
|
||||
if ($can_unban)
|
||||
{
|
||||
?>
|
||||
<th><?php echo $hesklang['opt']; ?></th>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
while ($ban=hesk_dbFetchAssoc($res))
|
||||
{
|
||||
$color = '';
|
||||
if (isset($_SESSION['ban_email']['id']) && $ban['id'] == $_SESSION['ban_email']['id'])
|
||||
{
|
||||
$color = 'success';
|
||||
unset($_SESSION['ban_email']['id']);
|
||||
}
|
||||
|
||||
echo '
|
||||
<tr>
|
||||
<td class="'.$color.'" style="text-align:left">'.$ban['email'].'</td>
|
||||
<td class="'.$color.'" style="text-align:left">'.(isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']).'</td>
|
||||
<td class="'.$color.'" style="text-align:left">'.$ban['dt'].'</td>
|
||||
';
|
||||
|
||||
if ($can_unban)
|
||||
{
|
||||
echo '
|
||||
<td class="'.$color.'" style="text-align:left;">
|
||||
<a href="banned_emails.php?a=unban&id='.$ban['id'].'&token='.hesk_token_echo(0).'" onclick="return confirm_delete();"
|
||||
data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['delban'].'">
|
||||
<i class="fa fa-times" style="color: red; font-size: 16px;"></i>
|
||||
</a>
|
||||
</td>
|
||||
';
|
||||
}
|
||||
|
||||
echo '</tr>';
|
||||
} // End while
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
<div align="center">
|
||||
<table border="0" cellspacing="1" cellpadding="3" class="white" width="100%">
|
||||
<?php
|
||||
|
||||
|
||||
|
||||
?>
|
||||
</table>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
require_once(HESK_PATH . 'inc/footer.inc.php');
|
||||
exit();
|
||||
|
||||
|
||||
/*** START FUNCTIONS ***/
|
||||
|
||||
function ban_email()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
// A security check
|
||||
hesk_token_check();
|
||||
|
||||
// Get the email
|
||||
$email = strtolower( hesk_input( hesk_REQUEST('email') ) );
|
||||
|
||||
// Nothing entered?
|
||||
if ( ! strlen($email) )
|
||||
{
|
||||
hesk_process_messages($hesklang['enterbanemail'],'banned_emails.php');
|
||||
}
|
||||
|
||||
// Only allow one email to be entered
|
||||
$email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email;
|
||||
$email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email;
|
||||
|
||||
// Validate email address
|
||||
$hesk_settings['multi_eml'] = 0;
|
||||
|
||||
if ( ! hesk_validateEmail($email, '', 0) && ! verify_email_domain($email) )
|
||||
{
|
||||
hesk_process_messages($hesklang['validbanemail'],'banned_emails.php');
|
||||
}
|
||||
|
||||
// Redirect either to banned emails or ticket page from now on
|
||||
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_emails.php';
|
||||
|
||||
// Prevent duplicate rows
|
||||
if ( $_SESSION['ban_email']['id'] = hesk_isBannedEmail($email) )
|
||||
{
|
||||
hesk_process_messages( sprintf($hesklang['emailbanexists'], $email) ,$redirect_to,'NOTICE');
|
||||
}
|
||||
|
||||
// Insert the email address into database
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_emails` (`email`,`banned_by`) VALUES ('".hesk_dbEscape($email)."','".intval($_SESSION['id'])."')");
|
||||
|
||||
// Remember email that got banned
|
||||
$_SESSION['ban_email']['id'] = hesk_dbInsertID();
|
||||
|
||||
// Show success
|
||||
hesk_process_messages( sprintf($hesklang['email_banned'], $email) ,$redirect_to,'SUCCESS');
|
||||
|
||||
} // End ban_email()
|
||||
|
||||
|
||||
function unban_email()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
// A security check
|
||||
hesk_token_check();
|
||||
|
||||
// Delete from bans
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_emails` WHERE `id`=" . intval( hesk_GET('id') ) . " LIMIT 1");
|
||||
|
||||
// Redirect either to banned emails or ticket page from now on
|
||||
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_emails.php';
|
||||
|
||||
// Show success
|
||||
hesk_process_messages($hesklang['email_unbanned'],$redirect_to,'SUCCESS');
|
||||
|
||||
} // End unban_email()
|
||||
|
||||
|
||||
function verify_email_domain($domain)
|
||||
{
|
||||
// Does it start with an @?
|
||||
$atIndex = strrpos($domain, "@");
|
||||
if ($atIndex !== 0)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// Get the domain and domain length
|
||||
$domain = substr($domain, 1);
|
||||
$domainLen = strlen($domain);
|
||||
|
||||
// Check domain part length
|
||||
if ($domainLen < 1 || $domainLen > 254)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check domain part characters
|
||||
if ( ! preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain) )
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// Domain part mustn't have two consecutive dots
|
||||
if ( strpos($domain, '..') !== false )
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// All OK
|
||||
return true;
|
||||
|
||||
} // END verify_email_domain()
|
||||
|
||||
?>
|
@ -0,0 +1,449 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.0 beta 1 from 30th December 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
define('IN_SCRIPT',1);
|
||||
define('HESK_PATH','../');
|
||||
|
||||
/* Get all the required files and functions */
|
||||
require(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require(HESK_PATH . 'inc/common.inc.php');
|
||||
require(HESK_PATH . 'inc/admin_functions.inc.php');
|
||||
hesk_load_database_functions();
|
||||
|
||||
hesk_session_start();
|
||||
hesk_dbConnect();
|
||||
hesk_isLoggedIn();
|
||||
|
||||
/* Check permissions for this feature */
|
||||
hesk_checkPermission('can_ban_ips');
|
||||
$can_unban = hesk_checkPermission('can_unban_ips', 0);
|
||||
|
||||
// Define required constants
|
||||
define('LOAD_TABS',1);
|
||||
|
||||
// What should we do?
|
||||
if ( $action = hesk_REQUEST('a') )
|
||||
{
|
||||
if ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'banned_ips.php', 'NOTICE');}
|
||||
elseif ($action == 'ban') {ban_ip();}
|
||||
elseif ($action == 'unban' && $can_unban) {unban_ip();}
|
||||
elseif ($action == 'unbantemp' && $can_unban) {unban_temp_ip();}
|
||||
}
|
||||
|
||||
/* Print header */
|
||||
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
|
||||
|
||||
/* Print main manage users page */
|
||||
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
||||
?>
|
||||
|
||||
<div class="row" style="padding: 20px">
|
||||
<ul class="nav nav-tabs" role="tablist">
|
||||
<?php
|
||||
// Show a link to banned_emails.php if user has permission to do so
|
||||
if ( hesk_checkPermission('can_ban_emails',0) )
|
||||
{
|
||||
echo '
|
||||
<li role="presentation">
|
||||
<a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a>
|
||||
</li>';
|
||||
}
|
||||
?>
|
||||
<li role="presentation" class="active">
|
||||
<a href="#"><?php echo $hesklang['banip']; ?> <i class="fa fa-question-circle settingsquestionmark" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banip_intro']); ?>')"></i></a>
|
||||
</li>
|
||||
<?php
|
||||
// Show a link to status_message.php if user has permission to do so
|
||||
if ( hesk_checkPermission('can_service_msg',0) )
|
||||
{
|
||||
echo '
|
||||
<li role="presentation">
|
||||
<a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
|
||||
</li>';
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
<div class="tab-content summaryList tabPadding">
|
||||
<script language="javascript" type="text/javascript"><!--
|
||||
function confirm_delete()
|
||||
{
|
||||
if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {return true;}
|
||||
else {return false;}
|
||||
}
|
||||
//-->
|
||||
</script>
|
||||
<div class="row">
|
||||
<div class="col-md-8">
|
||||
<?php
|
||||
/* This will handle error, success and notice messages */
|
||||
hesk_handle_messages();
|
||||
?>
|
||||
<form action="banned_ips.php" method="post" name="form1" role="form" class="form-horizontal">
|
||||
<div class="form-group">
|
||||
<label for="ip" class="col-sm-3 control-label"><?php echo $hesklang['bananip']; ?></label>
|
||||
<div class="col-sm-9">
|
||||
<input type="text" name="ip" size="30" maxlength="255" class="form-control" placeholder="<?php echo $hesklang['iprange']; ?>">
|
||||
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
|
||||
<input type="hidden" name="a" value="ban" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="col-sm-9 col-sm-offset-3">
|
||||
<input type="submit" value="<?php echo $hesklang['savebanip']; ?>" class="btn btn-default">
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
<div class="col-md-4">
|
||||
<h6 style="font-weight: bold"><?php echo $hesklang['banex']; ?></h6>
|
||||
<div class="footerWithBorder blankSpace"></div>
|
||||
<b>123.0.0.0</b><br />
|
||||
<b>123.0.0.1 - 123.0.0.53</b><br />
|
||||
<b>123.0.0.0/24</b><br />
|
||||
<b>123.0.*.*</b>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<?php
|
||||
|
||||
// Get login failures
|
||||
$res = hesk_dbQuery("SELECT `ip`, TIMESTAMPDIFF(MINUTE, NOW(), DATE_ADD(`last_attempt`, INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE) ) AS `minutes` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `number` >= ".intval($hesk_settings['attempt_limit'])." AND `last_attempt` > (NOW() - INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE)");
|
||||
$num = hesk_dbNumRows($res);
|
||||
|
||||
echo '<h4>'.$hesklang['iptemp'].'</h4>';
|
||||
|
||||
if ($num > 0)
|
||||
{
|
||||
?>
|
||||
<table class="table table-hover">
|
||||
<thead>
|
||||
<tr>
|
||||
<th><?php echo $hesklang['ip']; ?></th>
|
||||
<th><?php echo $hesklang['m2e']; ?></th>
|
||||
<?php
|
||||
if ($can_unban)
|
||||
{
|
||||
?>
|
||||
<th><?php echo $hesklang['opt']; ?></th>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
while ($ban=hesk_dbFetchAssoc($res))
|
||||
{
|
||||
echo '
|
||||
<tr>
|
||||
<td>'.$ban['ip'].'</td>
|
||||
<td>'.$ban['minutes'].'</td>
|
||||
';
|
||||
|
||||
if ($can_unban)
|
||||
{
|
||||
echo '
|
||||
<td>
|
||||
<a href="banned_ips.php?a=ban&ip='.urlencode($ban['ip']).'&token='.hesk_token_echo(0).'"
|
||||
data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['ippermban'].'">
|
||||
<i class="fa fa-ban" style="color: red; font-size: 16px"></i></a>
|
||||
<a href="banned_ips.php?a=unbantemp&ip='.urlencode($ban['ip']).'&token='.hesk_token_echo(0).'"
|
||||
data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['delban'].'" onclick="return confirm_delete();">
|
||||
<i class="fa fa-times" style="color: red; font-size: 16px"></i></a>
|
||||
</td>
|
||||
';
|
||||
}
|
||||
|
||||
echo '</tr>';
|
||||
} // End while
|
||||
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
<?php
|
||||
} else
|
||||
{
|
||||
echo '<p>'.$hesklang['no_banips'].'</p>';
|
||||
}
|
||||
|
||||
// Get banned ips from database
|
||||
$res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'banned_ips` ORDER BY `ip_from` ASC');
|
||||
$num = hesk_dbNumRows($res);
|
||||
|
||||
echo '<br><h4>'.$hesklang['ipperm'].'</h4>';
|
||||
|
||||
if ($num < 1)
|
||||
{
|
||||
echo '<p>'.$hesklang['no_banips'].'</p>';
|
||||
}
|
||||
else
|
||||
{
|
||||
// List of staff
|
||||
if ( ! isset($admins) )
|
||||
{
|
||||
$admins = array();
|
||||
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users`");
|
||||
while ($row=hesk_dbFetchAssoc($res2))
|
||||
{
|
||||
$admins[$row['id']]=$row['name'];
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
<table class="table table-hover">
|
||||
<thead>
|
||||
<tr>
|
||||
<th><?php echo $hesklang['ip']; ?></th>
|
||||
<th><?php echo $hesklang['iprange']; ?></th>
|
||||
<th><?php echo $hesklang['banby']; ?></th>
|
||||
<th><?php echo $hesklang['date']; ?></th>
|
||||
<?php
|
||||
if ($can_unban)
|
||||
{
|
||||
?>
|
||||
<th><?php echo $hesklang['opt']; ?></th>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
while ($ban=hesk_dbFetchAssoc($res))
|
||||
{
|
||||
$color = '';
|
||||
if (isset($_SESSION['ban_ip']['id']) && $ban['id'] == $_SESSION['ban_ip']['id'])
|
||||
{
|
||||
$color = 'success';
|
||||
unset($_SESSION['ban_ip']['id']);
|
||||
}
|
||||
|
||||
echo '
|
||||
<tr>
|
||||
<td class="'.$color.'">'.$ban['ip_display'].'</td>
|
||||
<td class="'.$color.'">'.( ($ban['ip_to'] == $ban['ip_from']) ? long2ip($ban['ip_to']) : long2ip($ban['ip_from']).' - '.long2ip($ban['ip_to']) ).'</td>
|
||||
<td class="'.$color.'">'.(isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']).'</td>
|
||||
<td class="'.$color.'">'.$ban['dt'].'</td>
|
||||
';
|
||||
|
||||
if ($can_unban)
|
||||
{
|
||||
echo '
|
||||
<td class="'.$color.'" style="text-align:left;">
|
||||
<a href="banned_ips.php?a=unban&id='.$ban['id'].'&token='.hesk_token_echo(0).'" onclick="return confirm_delete();"
|
||||
data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['delban'].'">
|
||||
<i class="fa fa-times" style="color: red; font-size: 16px"></i></a>
|
||||
</td>
|
||||
';
|
||||
}
|
||||
|
||||
echo '</tr>';
|
||||
} // End while
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
<?php
|
||||
}
|
||||
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
require_once(HESK_PATH . 'inc/footer.inc.php');
|
||||
exit();
|
||||
|
||||
|
||||
/*** START FUNCTIONS ***/
|
||||
|
||||
function ban_ip()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
// A security check
|
||||
hesk_token_check();
|
||||
|
||||
// Get the ip
|
||||
$ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip') );
|
||||
$ip_display = str_replace('-', ' - ', $ip);
|
||||
|
||||
// Nothing entered?
|
||||
if ( ! strlen($ip) )
|
||||
{
|
||||
hesk_process_messages($hesklang['enterbanip'],'banned_ips.php');
|
||||
}
|
||||
|
||||
// Convert asterisk to ranges
|
||||
if ( strpos($ip, '*') !== false )
|
||||
{
|
||||
$ip = str_replace('*', '0', $ip) . '-' . str_replace('*', '255', $ip);
|
||||
}
|
||||
|
||||
$ip_regex = '(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])';
|
||||
|
||||
// Is this a single IP address?
|
||||
if ( preg_match('/^'.$ip_regex.'$/', $ip) )
|
||||
{
|
||||
$ip_from = ip2long($ip);
|
||||
$ip_to = $ip_from;
|
||||
}
|
||||
// Is this an IP range?
|
||||
elseif ( preg_match('/^'.$ip_regex.'\-'.$ip_regex.'$/', $ip) )
|
||||
{
|
||||
list($ip_from, $ip_to) = explode('-', $ip);
|
||||
$ip_from = ip2long($ip_from);
|
||||
$ip_to = ip2long($ip_to);
|
||||
}
|
||||
// Is this an IP with CIDR?
|
||||
elseif ( preg_match('/^'.$ip_regex.'\/([0-9]{1,2})$/', $ip, $matches) && $matches[4] >= 0 && $matches[4] <= 32)
|
||||
{
|
||||
list($ip_from, $ip_to) = hesk_cidr_to_range($ip);
|
||||
}
|
||||
// Not a valid input
|
||||
else
|
||||
{
|
||||
hesk_process_messages($hesklang['validbanip'],'banned_ips.php');
|
||||
}
|
||||
|
||||
// Make sure we have valid ranges
|
||||
if ($ip_from < 0)
|
||||
{
|
||||
$ip_from += 4294967296;
|
||||
}
|
||||
elseif ($ip_from > 4294967296)
|
||||
{
|
||||
$ip_from = 4294967296;
|
||||
}
|
||||
if ($ip_to < 0)
|
||||
{
|
||||
$ip_to += 4294967296;
|
||||
}
|
||||
elseif ($ip_to > 4294967296)
|
||||
{
|
||||
$ip_to = 4294967296;
|
||||
}
|
||||
|
||||
// Make sure $ip_to is not lower that $ip_from
|
||||
if ($ip_to < $ip_from)
|
||||
{
|
||||
$tmp = $ip_to;
|
||||
$ip_to = $ip_from;
|
||||
$ip_from = $tmp;
|
||||
}
|
||||
|
||||
// Is this IP address already banned?
|
||||
$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE {$ip_from} BETWEEN `ip_from` AND `ip_to` AND {$ip_to} BETWEEN `ip_from` AND `ip_to` LIMIT 1");
|
||||
if ( hesk_dbNumRows($res) == 1 )
|
||||
{
|
||||
$_SESSION['ban_ip']['id'] = hesk_dbResult($res);
|
||||
$hesklang['ipbanexists'] = ($ip_to == $ip_from) ? sprintf($hesklang['ipbanexists'], long2ip($ip_to) ) : sprintf($hesklang['iprbanexists'], long2ip($ip_from).' - '.long2ip($ip_to) );
|
||||
hesk_process_messages($hesklang['ipbanexists'],'banned_ips.php','NOTICE');
|
||||
}
|
||||
|
||||
// Delete any duplicate banned IP or ranges that are within the new banned range
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE `ip_from` >= {$ip_from} AND `ip_to` <= {$ip_to}");
|
||||
|
||||
// Delete temporary bans from logins table
|
||||
if ($ip_to == $ip_from)
|
||||
{
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape($ip_display)."' LIMIT 1");
|
||||
}
|
||||
|
||||
// Redirect either to banned ips or ticket page from now on
|
||||
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_ips.php';
|
||||
|
||||
// Insert the ip address into database
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` (`ip_from`,`ip_to`,`ip_display`,`banned_by`) VALUES ({$ip_from}, {$ip_to},'".hesk_dbEscape($ip_display)."','".intval($_SESSION['id'])."')");
|
||||
|
||||
// Remember ip that got banned
|
||||
$_SESSION['ban_ip']['id'] = hesk_dbInsertID();
|
||||
|
||||
// Generate success message
|
||||
$hesklang['ip_banned'] = ($ip_to == $ip_from) ? sprintf($hesklang['ip_banned'], long2ip($ip_to) ) : sprintf($hesklang['ip_rbanned'], long2ip($ip_from).' - '.long2ip($ip_to) );
|
||||
|
||||
// Show success
|
||||
hesk_process_messages( sprintf($hesklang['ip_banned'], $ip) ,$redirect_to,'SUCCESS');
|
||||
|
||||
} // End ban_ip()
|
||||
|
||||
|
||||
function unban_temp_ip()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
// A security check
|
||||
hesk_token_check();
|
||||
|
||||
// Get the ip
|
||||
$ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip') );
|
||||
|
||||
// Delete from bans
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1");
|
||||
|
||||
// Show success
|
||||
hesk_process_messages($hesklang['ip_tempun'],'banned_ips.php','SUCCESS');
|
||||
|
||||
} // End unban_temp_ip()
|
||||
|
||||
|
||||
function unban_ip()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
// A security check
|
||||
hesk_token_check();
|
||||
|
||||
// Delete from bans
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE `id`=" . intval( hesk_GET('id') ) . " LIMIT 1");
|
||||
|
||||
// Redirect either to banned ips or ticket page from now on
|
||||
$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_ips.php';
|
||||
|
||||
// Show success
|
||||
hesk_process_messages($hesklang['ip_unbanned'],$redirect_to,'SUCCESS');
|
||||
|
||||
} // End unban_ip()
|
||||
|
||||
|
||||
function hesk_cidr_to_range($cidr)
|
||||
{
|
||||
$range = array();
|
||||
$cidr = explode('/', $cidr);
|
||||
$range[0] = (ip2long($cidr[0])) & ((-1 << (32 - (int)$cidr[1])));
|
||||
$range[1] = (ip2long($cidr[0])) + pow(2, (32 - (int)$cidr[1])) - 1;
|
||||
return $range;
|
||||
} // END hesk_cidr_to_range()
|
||||
|
||||
?>
|
@ -0,0 +1,144 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.0 beta 1 from 30th December 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
define('IN_SCRIPT',1);
|
||||
define('HESK_PATH','../');
|
||||
|
||||
/* Get all the required files and functions */
|
||||
require(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require(HESK_PATH . 'inc/common.inc.php');
|
||||
require(HESK_PATH . 'inc/admin_functions.inc.php');
|
||||
hesk_load_database_functions();
|
||||
|
||||
hesk_session_start();
|
||||
hesk_dbConnect();
|
||||
hesk_isLoggedIn();
|
||||
|
||||
/* Check permissions for this feature */
|
||||
hesk_checkPermission('can_view_tickets');
|
||||
|
||||
// Ticket ID
|
||||
$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
|
||||
|
||||
// Note ID
|
||||
$noteID = intval( hesk_REQUEST('note') ) or die($hesklang['int_error'].': '.$hesklang['mis_note']);
|
||||
|
||||
// Get ticket info
|
||||
$result = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
|
||||
if (hesk_dbNumRows($result) != 1)
|
||||
{
|
||||
hesk_error($hesklang['ticket_not_found']);
|
||||
}
|
||||
$ticket = hesk_dbFetchAssoc($result);
|
||||
|
||||
// Get note info
|
||||
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`={$noteID}");
|
||||
if (hesk_dbNumRows($result) != 1)
|
||||
{
|
||||
hesk_error($hesklang['no_note']);
|
||||
}
|
||||
$note = hesk_dbFetchAssoc($result);
|
||||
|
||||
// Make sure the note matches the ticket and the user has permission to edit it
|
||||
if ($note['ticket'] != $ticket['id'] || ( ! hesk_checkPermission('can_del_notes',0) && $note['who'] != $_SESSION['id']) )
|
||||
{
|
||||
hesk_error($hesklang['perm_deny']);
|
||||
}
|
||||
|
||||
// Save changes?
|
||||
if (isset($_POST['save']))
|
||||
{
|
||||
// A security check
|
||||
hesk_token_check('POST');
|
||||
|
||||
// Get message
|
||||
$tmpvar['message'] = nl2br( hesk_makeURL( hesk_input( hesk_POST('message') ) ) );
|
||||
|
||||
// If we have message or attachments do the update
|
||||
if ( strlen($tmpvar['message']) || strlen($note['attachments']) )
|
||||
{
|
||||
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` SET `message`='".hesk_dbEscape($tmpvar['message'])."' WHERE `id`={$noteID}");
|
||||
hesk_process_messages($hesklang['ednote2'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
|
||||
}
|
||||
// If not, delete the note
|
||||
else
|
||||
{
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`={$noteID}");
|
||||
header('Location: admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
$note['message'] = hesk_msgToPlain($note['message'],0,0);
|
||||
|
||||
/* Print header */
|
||||
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
|
||||
|
||||
/* Print admin navigation */
|
||||
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
||||
?>
|
||||
<ol class="breadcrumb">
|
||||
<li><a href="admin_ticket.php?track=<?php echo $trackingID; ?>&Refresh=<?php echo mt_rand(10000,99999); ?>"><?php echo $hesklang['ticket'].' '.$trackingID; ?></a></li>
|
||||
<li class="active"><?php echo $hesklang['ednote']; ?></li>
|
||||
</ol>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-md-8 col-md-offset-2">
|
||||
<h3><?php echo $hesklang['ednote']; ?></h3>
|
||||
<div class="footerWithBorder blankSpace"></div>
|
||||
|
||||
<form method="post" action="edit_note.php" name="form1" class="form-horizontal" role="form">
|
||||
<div class="form-group">
|
||||
<label for="message" class="col-md-2 control-label"><?php echo $hesklang['message']; ?></label>
|
||||
<div class="col-md-10">
|
||||
<textarea name="message" class="form-control" rows="12" cols="60"><?php echo $note['message']; ?></textarea>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="col-md-10 col-md-offset-2">
|
||||
<input type="hidden" name="save" value="1" /><input type="hidden" name="track" value="<?php echo $trackingID; ?>" />
|
||||
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
|
||||
<input type="hidden" name="note" value="<?php echo $noteID; ?>" />
|
||||
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-primary">
|
||||
<a href="javascript:history.go(-1)" class="btn btn-default"><?php echo $hesklang['back']; ?></a>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
require_once(HESK_PATH . 'inc/footer.inc.php');
|
||||
exit();
|
||||
?>
|
@ -0,0 +1,417 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.0 beta 1 from 30th December 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
define('IN_SCRIPT',1);
|
||||
define('HESK_PATH','../');
|
||||
|
||||
/* Get all the required files and functions */
|
||||
require(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require(HESK_PATH . 'inc/common.inc.php');
|
||||
require(HESK_PATH . 'inc/admin_functions.inc.php');
|
||||
hesk_load_database_functions();
|
||||
|
||||
hesk_session_start();
|
||||
hesk_dbConnect();
|
||||
hesk_isLoggedIn();
|
||||
|
||||
/* Check permissions for this feature */
|
||||
hesk_checkPermission('can_man_ticket_tpl');
|
||||
|
||||
// Define required constants
|
||||
define('LOAD_TABS',1);
|
||||
|
||||
/* What should we do? */
|
||||
if ( $action = hesk_REQUEST('a') )
|
||||
{
|
||||
if ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'manage_ticket_templates.php', 'NOTICE');}
|
||||
elseif ($action == 'new') {new_saved();}
|
||||
elseif ($action == 'edit') {edit_saved();}
|
||||
elseif ($action == 'remove') {remove();}
|
||||
elseif ($action == 'order') {order_saved();}
|
||||
}
|
||||
|
||||
/* Print header */
|
||||
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
|
||||
|
||||
/* Print main manage users page */
|
||||
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
||||
?>
|
||||
|
||||
<div class="row">
|
||||
|
||||
</div>
|
||||
|
||||
<script language="javascript" type="text/javascript"><!--
|
||||
function confirm_delete()
|
||||
{
|
||||
if (confirm('<?php echo hesk_makeJsString($hesklang['delete_tpl']); ?>')) {return true;}
|
||||
else {return false;}
|
||||
}
|
||||
//-->
|
||||
</script>
|
||||
|
||||
<?php
|
||||
// Get canned responses from database
|
||||
$result = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` ASC');
|
||||
$options='';
|
||||
$javascript_messages='';
|
||||
$javascript_titles='';
|
||||
|
||||
$i=1;
|
||||
$j=0;
|
||||
$num = hesk_dbNumRows($result);
|
||||
?>
|
||||
<div class="row" style="margin-top: 20px;">
|
||||
<div class="col-md-4">
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">
|
||||
<?php echo $hesklang['saved_ticket_tpl']; ?>
|
||||
</div>
|
||||
<div class="panel-body">
|
||||
<?php if ($num < 1) {
|
||||
echo '<p>'.$hesklang['no_ticket_tpl'].'</p>';
|
||||
} else {
|
||||
?>
|
||||
<table class="table table-hover">
|
||||
<thead>
|
||||
<tr>
|
||||
<th><?php echo $hesklang['ticket_tpl_title']; ?></th>
|
||||
<th><?php echo $hesklang['opt']; ?></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
|
||||
while ($mysaved=hesk_dbFetchAssoc($result))
|
||||
{
|
||||
$j++;
|
||||
$color = '';
|
||||
if (isset($_SESSION['canned']['selcat2']) && $mysaved['id'] == $_SESSION['canned']['selcat2'])
|
||||
{
|
||||
$color = 'success';
|
||||
unset($_SESSION['canned']['selcat2']);
|
||||
}
|
||||
|
||||
$options .= '<option class="form-control" value="'.$mysaved['id'].'"';
|
||||
$options .= (isset($_SESSION['canned']['id']) && $_SESSION['canned']['id'] == $mysaved['id']) ? ' selected="selected" ' : '';
|
||||
$options .= '>'.$mysaved['title'].'</option>';
|
||||
|
||||
|
||||
$javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved['message']) )."';\n";
|
||||
$javascript_titles.='myTitle['.$mysaved['id'].']=\''.addslashes($mysaved['title'])."';\n";
|
||||
|
||||
echo '
|
||||
<tr>
|
||||
<td>'.$mysaved['title'].'</td>
|
||||
<td style="text-align:left;">
|
||||
';
|
||||
|
||||
if ($num > 1)
|
||||
{
|
||||
if ($j == 1)
|
||||
{
|
||||
echo'<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
|
||||
<a href="manage_ticket_templates.php?a=order&replyid='.$mysaved['id'].'&move=15&token='.hesk_token_echo(0).'">
|
||||
<i class="fa fa-arrow-down" style="font-size:16px;color:green;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['move_dn'].'"></i></a>';
|
||||
}
|
||||
elseif ($j == $num)
|
||||
{
|
||||
echo'<a href="manage_ticket_templates.php?a=order&replyid='.$mysaved['id'].'&move=-15&token='.hesk_token_echo(0).'"><i class="fa fa-arrow-up" style="font-size:16px;color:green;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['move_up'].'"></i></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
|
||||
}
|
||||
else
|
||||
{
|
||||
echo'
|
||||
<a href="manage_ticket_templates.php?a=order&replyid='.$mysaved['id'].'&move=-15&token='.hesk_token_echo(0).'"><i class="fa fa-arrow-up" style="font-size:16px;color:green;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['move_up'].'"></i></a>
|
||||
<a href="manage_ticket_templates.php?a=order&replyid='.$mysaved['id'].'&move=15&token='.hesk_token_echo(0).'"><i class="fa fa-arrow-down" style="font-size:16px;color:green;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['move_dn'].'"></i></a>
|
||||
';
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
echo '';
|
||||
}
|
||||
|
||||
echo '
|
||||
<a href="manage_ticket_templates.php?a=remove&id='.$mysaved['id'].'&token='.hesk_token_echo(0).'" onclick="return confirm_delete();"><i class="fa fa-times" style="font-size:16px;color:red;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['delete'].'"></i></a></td>
|
||||
</tr>
|
||||
';
|
||||
} // End while
|
||||
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-8">
|
||||
<?php
|
||||
/* This will handle error, success and notice messages */
|
||||
hesk_handle_messages();
|
||||
?>
|
||||
<form class="form-horizontal" action="manage_ticket_templates.php" method="post" name="form1" role="form">
|
||||
<h3><?php echo $hesklang['new_ticket_tpl']; ?> <a href="javascript:void(0)" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['ticket_tpl_intro']); ?>')"><i class="fa fa-question-circle settingsquestionmark"></i></a></h3>
|
||||
<div class="footerWithBorder blankSpace"></div>
|
||||
<?php
|
||||
if ($num > 0)
|
||||
{
|
||||
?>
|
||||
<div class="form-group">
|
||||
<div class="col-sm-12">
|
||||
<div class="radio">
|
||||
<label>
|
||||
<input type="radio" name="a" value="new" <?php echo (!isset($_SESSION['canned']['what']) || $_SESSION['canned']['what'] != 'EDIT') ? 'checked=' : ''; ?>>
|
||||
<?php echo $hesklang['ticket_tpl_add']; ?>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-sm-6">
|
||||
<div class="radio">
|
||||
<label>
|
||||
<input type="radio" name="a" value="edit" <?php echo (isset($_SESSION['canned']['what']) && $_SESSION['canned']['what'] == 'EDIT') ? 'checked' : ''; ?>>
|
||||
<?php echo $hesklang['ticket_tpl_edit']; ?>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-sm-6">
|
||||
<select class="form-control" name="saved_replies" onchange="setMessage(this.value)"><option value="0"> - <?php echo $hesklang['select_empty']; ?> - </option><?php echo $options; ?></select>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
else
|
||||
{
|
||||
echo '<p><input type="hidden" name="a" value="new" /> ' . $hesklang['ticket_tpl_add'] . '</label></p>';
|
||||
}
|
||||
?>
|
||||
<div class="form-group">
|
||||
<label for="name" class="col-sm-2 control-label"><?php echo $hesklang['ticket_tpl_title']; ?></label>
|
||||
<div class="col-sm-10">
|
||||
<span id="HeskTitle">
|
||||
<input class="form-control" type="text" name="name" size="40" maxlength="50" placeholder="<?php echo $hesklang['ticket_tpl_title']; ?>"
|
||||
<?php if (isset($_SESSION['canned']['name'])) {echo ' value="'.stripslashes($_SESSION['canned']['name']).'" ';} ?>>
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="msg" class="col-sm-2 control-label"><?php echo $hesklang['message']; ?></label>
|
||||
<div class="col-sm-10">
|
||||
<span id="HeskMsg">
|
||||
<textarea class="form-control" placeholder="<?php echo $hesklang['message']; ?>" name="msg" rows="15" cols="70"><?php
|
||||
if (isset($_SESSION['canned']['msg']))
|
||||
{
|
||||
echo stripslashes($_SESSION['canned']['msg']);
|
||||
}
|
||||
?></textarea>
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="col-sm-10 col-sm-offset-2">
|
||||
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
|
||||
<input type="submit" value="<?php echo $hesklang['save_ticket_tpl']; ?>" class="btn btn-default">
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script language="javascript" type="text/javascript"><!--
|
||||
var myMsgTxt = new Array();
|
||||
myMsgTxt[0]='';
|
||||
var myTitle = new Array();
|
||||
myTitle[0]='';
|
||||
|
||||
<?php
|
||||
echo $javascript_titles;
|
||||
echo $javascript_messages;
|
||||
?>
|
||||
|
||||
function setMessage(msgid) {
|
||||
if (document.getElementById) {
|
||||
document.getElementById('HeskMsg').innerHTML='<textarea class="form-control" name="msg" rows="15" cols="70">'+myMsgTxt[msgid]+'</textarea>';
|
||||
document.getElementById('HeskTitle').innerHTML='<input class="form-control" type="text" name="name" size="40" maxlength="50" value="'+myTitle[msgid]+'">';
|
||||
} else {
|
||||
document.form1.msg.value=myMsgTxt[msgid];
|
||||
document.form1.name.value=myTitle[msgid];
|
||||
}
|
||||
|
||||
if (msgid==0) {
|
||||
document.form1.a[0].checked=true;
|
||||
} else {
|
||||
document.form1.a[1].checked=true;
|
||||
}
|
||||
}
|
||||
//-->
|
||||
</script>
|
||||
|
||||
<?php
|
||||
require_once(HESK_PATH . 'inc/footer.inc.php');
|
||||
exit();
|
||||
|
||||
|
||||
/*** START FUNCTIONS ***/
|
||||
|
||||
function edit_saved()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
/* A security check */
|
||||
hesk_token_check('POST');
|
||||
|
||||
$hesk_error_buffer = '';
|
||||
|
||||
$id = intval( hesk_POST('saved_replies') ) or $hesk_error_buffer .= '<li>' . $hesklang['sel_ticket_tpl'] . '</li>';
|
||||
$savename = hesk_input( hesk_POST('name') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_title'] . '</li>';
|
||||
$msg = hesk_input( hesk_POST('msg') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_msg'] . '</li>';
|
||||
|
||||
// Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
|
||||
$msg = preg_replace('/\R/u', "\r\n", $msg);
|
||||
|
||||
$_SESSION['canned']['what'] = 'EDIT';
|
||||
$_SESSION['canned']['id'] = $id;
|
||||
$_SESSION['canned']['name'] = $savename;
|
||||
$_SESSION['canned']['msg'] = $msg;
|
||||
|
||||
/* Any errors? */
|
||||
if (strlen($hesk_error_buffer))
|
||||
{
|
||||
$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
|
||||
hesk_process_messages($hesk_error_buffer,'manage_ticket_templates.php?saved_replies='.$id);
|
||||
}
|
||||
|
||||
$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `title`='".hesk_dbEscape($savename)."',`message`='".hesk_dbEscape($msg)."' WHERE `id`='".intval($id)."' LIMIT 1");
|
||||
|
||||
unset($_SESSION['canned']['what']);
|
||||
unset($_SESSION['canned']['id']);
|
||||
unset($_SESSION['canned']['name']);
|
||||
unset($_SESSION['canned']['msg']);
|
||||
|
||||
hesk_process_messages($hesklang['ticket_tpl_saved'],'manage_ticket_templates.php?saved_replies='.$id,'SUCCESS');
|
||||
} // End edit_saved()
|
||||
|
||||
|
||||
function new_saved()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
/* A security check */
|
||||
hesk_token_check('POST');
|
||||
|
||||
$hesk_error_buffer = '';
|
||||
$savename = hesk_input( hesk_POST('name') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_title'] . '</li>';
|
||||
$msg = hesk_input( hesk_POST('msg') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_msg'] . '</li>';
|
||||
|
||||
// Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
|
||||
$msg = preg_replace('/\R/u', "\r\n", $msg);
|
||||
|
||||
$_SESSION['canned']['what'] = 'NEW';
|
||||
$_SESSION['canned']['name'] = $savename;
|
||||
$_SESSION['canned']['msg'] = $msg;
|
||||
|
||||
/* Any errors? */
|
||||
if (strlen($hesk_error_buffer))
|
||||
{
|
||||
$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
|
||||
hesk_process_messages($hesk_error_buffer,'manage_ticket_templates.php');
|
||||
}
|
||||
|
||||
/* Get the latest tpl_order */
|
||||
$result = hesk_dbQuery('SELECT `tpl_order` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` DESC LIMIT 1');
|
||||
$row = hesk_dbFetchRow($result);
|
||||
$my_order = $row[0]+10;
|
||||
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` (`title`,`message`,`tpl_order`) VALUES ('".hesk_dbEscape($savename)."','".hesk_dbEscape($msg)."','".intval($my_order)."')");
|
||||
|
||||
unset($_SESSION['canned']['what']);
|
||||
unset($_SESSION['canned']['name']);
|
||||
unset($_SESSION['canned']['msg']);
|
||||
|
||||
hesk_process_messages($hesklang['ticket_tpl_saved'],'manage_ticket_templates.php','SUCCESS');
|
||||
} // End new_saved()
|
||||
|
||||
|
||||
function remove()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
/* A security check */
|
||||
hesk_token_check();
|
||||
|
||||
$mysaved = intval( hesk_GET('id') ) or hesk_error($hesklang['id_not_valid']);
|
||||
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` WHERE `id`='".intval($mysaved)."' LIMIT 1");
|
||||
if (hesk_dbAffectedRows() != 1)
|
||||
{
|
||||
hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
|
||||
}
|
||||
|
||||
hesk_process_messages($hesklang['ticket_tpl_removed'],'manage_ticket_templates.php','SUCCESS');
|
||||
} // End remove()
|
||||
|
||||
|
||||
function order_saved()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
/* A security check */
|
||||
hesk_token_check();
|
||||
|
||||
$tplid = intval( hesk_GET('replyid') ) or hesk_error($hesklang['ticket_tpl_id']);
|
||||
$_SESSION['canned']['selcat2'] = $tplid;
|
||||
|
||||
$tpl_move = intval( hesk_GET('move') );
|
||||
|
||||
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `tpl_order`=`tpl_order`+".intval($tpl_move)." WHERE `id`='".intval($tplid)."' LIMIT 1");
|
||||
if (hesk_dbAffectedRows() != 1) {hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");}
|
||||
|
||||
/* Update all category fields with new order */
|
||||
$result = hesk_dbQuery('SELECT `id` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` ASC');
|
||||
|
||||
$i = 10;
|
||||
while ($mytpl=hesk_dbFetchAssoc($result))
|
||||
{
|
||||
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `tpl_order`=".intval($i)." WHERE `id`='".intval($mytpl['id'])."' LIMIT 1");
|
||||
$i += 10;
|
||||
}
|
||||
|
||||
header('Location: manage_ticket_templates.php');
|
||||
exit();
|
||||
} // End order_saved()
|
||||
|
||||
?>
|
@ -0,0 +1,361 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.0 beta 1 from 30th December 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
define('IN_SCRIPT',1);
|
||||
define('HESK_PATH','../');
|
||||
|
||||
/* Get all the required files and functions */
|
||||
require(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require(HESK_PATH . 'inc/common.inc.php');
|
||||
|
||||
// Is the password reset function enabled?
|
||||
if ( ! $hesk_settings['reset_pass'])
|
||||
{
|
||||
die($hesklang['attempt']);
|
||||
}
|
||||
|
||||
// Allow additional 5 attempts in case the user is already blocked
|
||||
$hesk_settings['attempt_limit'] += 5;
|
||||
|
||||
// Start session
|
||||
hesk_session_start();
|
||||
|
||||
if (!isset($_SESSION['a_iserror']))
|
||||
{
|
||||
$_SESSION['a_iserror'] = array();
|
||||
}
|
||||
|
||||
$hesk_error_buffer = array();
|
||||
|
||||
// If this is a POST method, check input
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST')
|
||||
{
|
||||
// Verify security image
|
||||
if ($hesk_settings['secimg_use'])
|
||||
{
|
||||
// Using ReCaptcha?
|
||||
if ($hesk_settings['recaptcha_use'] == 1)
|
||||
{
|
||||
require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
|
||||
|
||||
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'],
|
||||
$_SERVER['REMOTE_ADDR'],
|
||||
hesk_POST('recaptcha_challenge_field', ''),
|
||||
hesk_POST('recaptcha_response_field', '')
|
||||
);
|
||||
|
||||
if ($resp->is_valid)
|
||||
{
|
||||
//$_SESSION['img_a_verified']=true;
|
||||
}
|
||||
else
|
||||
{
|
||||
$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
|
||||
}
|
||||
}
|
||||
// Using ReCaptcha API v2?
|
||||
elseif ($hesk_settings['recaptcha_use'] == 2)
|
||||
{
|
||||
require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php');
|
||||
|
||||
$resp = null;
|
||||
$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
|
||||
|
||||
// Was there a reCAPTCHA response?
|
||||
if ( isset($_POST["g-recaptcha-response"]) )
|
||||
{
|
||||
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response") );
|
||||
}
|
||||
|
||||
if ($resp != null && $resp->success)
|
||||
{
|
||||
//$_SESSION['img_a_verified']=true;
|
||||
}
|
||||
else
|
||||
{
|
||||
$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
|
||||
}
|
||||
}
|
||||
// Using PHP generated image
|
||||
else
|
||||
{
|
||||
$mysecnum = intval( hesk_POST('mysecnum', 0) );
|
||||
|
||||
if ( empty($mysecnum) )
|
||||
{
|
||||
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
|
||||
}
|
||||
else
|
||||
{
|
||||
require(HESK_PATH . 'inc/secimg.inc.php');
|
||||
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
|
||||
if ( isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum']) )
|
||||
{
|
||||
//$_SESSION['img_a_verified'] = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Connect to database and check for brute force attempts
|
||||
hesk_load_database_functions();
|
||||
hesk_dbConnect();
|
||||
hesk_limitBfAttempts();
|
||||
|
||||
// Get email
|
||||
$email = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
|
||||
|
||||
// Any errors?
|
||||
if (count($hesk_error_buffer)!=0)
|
||||
{
|
||||
$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
|
||||
|
||||
$tmp = '';
|
||||
foreach ($hesk_error_buffer as $error)
|
||||
{
|
||||
$tmp .= "<li>$error</li>\n";
|
||||
}
|
||||
$hesk_error_buffer = $tmp;
|
||||
|
||||
$hesk_error_buffer = $hesklang['pcer'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
|
||||
hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
|
||||
}
|
||||
else
|
||||
{
|
||||
// Get user data from the database
|
||||
$res = hesk_dbQuery("SELECT `id`, `name`, `pass` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` LIKE '".hesk_dbEscape($email)."' LIMIT 1");
|
||||
if (hesk_dbNumRows($res) != 1)
|
||||
{
|
||||
hesk_process_messages($hesklang['noace'],'NOREDIRECT');
|
||||
}
|
||||
else
|
||||
{
|
||||
$row = hesk_dbFetchAssoc($res);
|
||||
$hash = sha1(microtime() . $_SERVER['REMOTE_ADDR'] . mt_rand() . $row['id'] . $row['name'] . $row['pass']);
|
||||
|
||||
// Insert the verification hash into the database
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` (`user`, `hash`, `ip`) VALUES (".intval($row['id']).", '{$hash}', '".hesk_dbEscape($_SERVER['REMOTE_ADDR'])."') ");
|
||||
|
||||
// Prepare and send email
|
||||
require(HESK_PATH . 'inc/email_functions.inc.php');
|
||||
|
||||
// Get the email message
|
||||
$msg = hesk_getEmailMessage('reset_password',array(),1,0,1);
|
||||
|
||||
// Replace message special tags
|
||||
$msg = str_replace('%%NAME%%', hesk_msgToPlain($row['name'],1,1), $msg);
|
||||
$msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
|
||||
$msg = str_replace('%%SITE_TITLE%%', $hesk_settings['site_title'], $msg);
|
||||
$msg = str_replace('%%PASSWORD_RESET%%', $hesk_settings['hesk_url'].'/'.$hesk_settings['admin_dir'].'/password.php?h='.$hash, $msg);
|
||||
|
||||
// Send email
|
||||
hesk_mail($email, $hesklang['reset_password'], $msg);
|
||||
|
||||
// Show success
|
||||
hesk_process_messages($hesklang['pemls'],'NOREDIRECT','SUCCESS');
|
||||
}
|
||||
}
|
||||
}
|
||||
// If the "h" parameter is set verify it and reset the password
|
||||
elseif ( isset($_GET['h']) )
|
||||
{
|
||||
// Get the hash
|
||||
$hash = preg_replace('/[^a-zA-Z0-9]/', '', $_GET['h']);
|
||||
|
||||
// Connect to database
|
||||
hesk_load_database_functions();
|
||||
hesk_dbConnect();
|
||||
|
||||
// Expire verification hashes older than 2 hours
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `dt` < (NOW() - INTERVAL 2 HOUR)");
|
||||
|
||||
// Verify the hash exists
|
||||
$res = hesk_dbQuery("SELECT `user`, `ip` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `hash` = '{$hash}' LIMIT 1");
|
||||
if (hesk_dbNumRows($res) != 1)
|
||||
{
|
||||
// Not a valid hash
|
||||
hesk_limitBfAttempts();
|
||||
hesk_process_messages($hesklang['ehash'],'NOREDIRECT');
|
||||
}
|
||||
else
|
||||
{
|
||||
// Get info from database
|
||||
$row = hesk_dbFetchAssoc($res);
|
||||
|
||||
// Only allow resetting password from the same IP address that submitted password reset request
|
||||
if ($row['ip'] != $_SERVER['REMOTE_ADDR'])
|
||||
{
|
||||
hesk_limitBfAttempts();
|
||||
hesk_process_messages($hesklang['ehaip'],'NOREDIRECT');
|
||||
}
|
||||
else
|
||||
{
|
||||
// Expire all verification hashes for this user
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `user`=".intval($row['user']));
|
||||
|
||||
// Get user details
|
||||
$res = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `id`=".intval($row['user'])." LIMIT 1");
|
||||
$row = hesk_dbFetchAssoc($res);
|
||||
foreach ($row as $k=>$v)
|
||||
{
|
||||
$_SESSION[$k]=$v;
|
||||
}
|
||||
unset($_SESSION['pass']);
|
||||
|
||||
// Clean brute force attempts
|
||||
hesk_cleanBfAttempts();
|
||||
|
||||
// Regenerate session ID (security)
|
||||
hesk_session_regenerate_id();
|
||||
|
||||
// Get allowed categories
|
||||
if (empty($_SESSION['isadmin']))
|
||||
{
|
||||
$_SESSION['categories']=explode(',',$_SESSION['categories']);
|
||||
}
|
||||
|
||||
// Redirect to the profile page
|
||||
hesk_process_messages($hesklang['resim'],'profile.php','NOTICE');
|
||||
exit();
|
||||
|
||||
} // End IP matches
|
||||
}
|
||||
}
|
||||
|
||||
// Tell header to load reCaptcha API if needed
|
||||
if ($hesk_settings['recaptcha_use'] == 2)
|
||||
{
|
||||
define('RECAPTCHA',1);
|
||||
}
|
||||
|
||||
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['passr'];
|
||||
require_once(HESK_PATH . 'inc/header.inc.php');
|
||||
?>
|
||||
<ol class="breadcrumb">
|
||||
<li><a href="<?php echo $hesk_settings['site_url']; ?>"><?php echo $hesk_settings['site_title']; ?></a></li>
|
||||
<li><a href="index.php"><?php echo $hesklang['admin_login']; ?></a></li>
|
||||
<li class="active"><?php echo $hesklang['passr']; ?></li>
|
||||
</ol>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-md-10 col-md-offset-1">
|
||||
<form action="password.php" method="post" name="form1" class="form-signin form-horizontal" role="form">
|
||||
<?php
|
||||
/* This will handle error, success and notice messages */
|
||||
hesk_handle_messages();
|
||||
?>
|
||||
<h2><span <?php echo $iconDisplay; ?>><span class="mega-octicon octicon-sign-in"></span> </span><?php echo $hesklang['passr']; ?></h2>
|
||||
<div class="footerWithBorder blankSpace"></div>
|
||||
<div class="form-group <?php echo in_array('email',$_SESSION['a_iserror']) ? 'has-error' : ''; ?>">
|
||||
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?></label>
|
||||
<div class="col-sm-9">
|
||||
<input type="text" name="email" size="35" value="<?php if (isset($email)) {echo stripslashes(hesk_input($email));} ?>" class="form-control" placeholder="<?php echo $hesklang['email']; ?>">
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
if ($hesk_settings['secimg_use'])
|
||||
{
|
||||
?>
|
||||
<div class="form-group">
|
||||
<div class="col-sm-11 col-sm-offset-1">
|
||||
<?php
|
||||
// Should we use Recaptcha?
|
||||
if ($hesk_settings['recaptcha_use'] == 1)
|
||||
{
|
||||
?>
|
||||
<script type="text/javascript">
|
||||
var RecaptchaOptions = {
|
||||
theme : '<?php echo ( isset($_SESSION['a_iserror']) && in_array('mysecnum',$_SESSION['a_iserror']) ) ? 'red' : 'white'; ?>',
|
||||
custom_translations : {
|
||||
visual_challenge : "<?php echo hesk_slashJS($hesklang['visual_challenge']); ?>",
|
||||
audio_challenge : "<?php echo hesk_slashJS($hesklang['audio_challenge']); ?>",
|
||||
refresh_btn : "<?php echo hesk_slashJS($hesklang['refresh_btn']); ?>",
|
||||
instructions_visual : "<?php echo hesk_slashJS($hesklang['instructions_visual']); ?>",
|
||||
instructions_context : "<?php echo hesk_slashJS($hesklang['instructions_context']); ?>",
|
||||
instructions_audio : "<?php echo hesk_slashJS($hesklang['instructions_audio']); ?>",
|
||||
help_btn : "<?php echo hesk_slashJS($hesklang['help_btn']); ?>",
|
||||
play_again : "<?php echo hesk_slashJS($hesklang['play_again']); ?>",
|
||||
cant_hear_this : "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?>",
|
||||
incorrect_try_again : "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?>",
|
||||
image_alt_text : "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>",
|
||||
},
|
||||
};
|
||||
</script>
|
||||
<?php
|
||||
require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
|
||||
echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
|
||||
}
|
||||
// Use reCaptcha API v2?
|
||||
elseif ($hesk_settings['recaptcha_use'] == 2)
|
||||
{
|
||||
?>
|
||||
<div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>"></div>
|
||||
<?php
|
||||
}
|
||||
// At least use some basic PHP generated image (better than nothing)
|
||||
else
|
||||
{
|
||||
$cls = in_array('mysecnum',$_SESSION['a_iserror']) ? ' class="isError" ' : '';
|
||||
|
||||
echo $hesklang['sec_enter'].'<br /> <br /><img src="'.HESK_PATH.'print_sec_img.php?'.rand(10000,99999).'" width="150" height="40" alt="'.$hesklang['sec_img'].'" title="'.$hesklang['sec_img'].'" border="1" name="secimg" style="vertical-align:text-bottom" /> '.
|
||||
'<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\''.HESK_PATH.'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="'.HESK_PATH.'img/reload.png" height="24" width="24" alt="'.$hesklang['reload'].'" title="'.$hesklang['reload'].'" border="0" style="vertical-align:text-bottom" /></a>'.
|
||||
'<br /> <br /><input type="text" name="mysecnum" size="20" maxlength="5" '.$cls.' />';
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
<div class="form-group">
|
||||
<div class="col-sm-10 col-sm-offset-1">
|
||||
<input type="submit" value="<?php echo $hesklang['passs']; ?>" class="btn btn-default">
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
// Clean session errors
|
||||
hesk_cleanSessionVars('a_iserror');
|
||||
hesk_cleanSessionVars('img_a_verified');
|
||||
|
||||
// Print footer
|
||||
require_once(HESK_PATH . 'inc/footer.inc.php');
|
||||
?>
|
@ -0,0 +1,653 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.0 beta 1 from 30th December 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
define('IN_SCRIPT',1);
|
||||
define('HESK_PATH','../');
|
||||
|
||||
/* Get all the required files and functions */
|
||||
require(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require(HESK_PATH . 'inc/common.inc.php');
|
||||
require(HESK_PATH . 'inc/admin_functions.inc.php');
|
||||
hesk_load_database_functions();
|
||||
|
||||
hesk_session_start();
|
||||
hesk_dbConnect();
|
||||
hesk_isLoggedIn();
|
||||
|
||||
/* Check permissions for this feature */
|
||||
hesk_checkPermission('can_service_msg');
|
||||
|
||||
// Define required constants
|
||||
define('LOAD_TABS',1);
|
||||
define('WYSIWYG',1);
|
||||
|
||||
// What should we do?
|
||||
if ( $action = hesk_REQUEST('a') )
|
||||
{
|
||||
if ($action == 'edit_sm') {edit_sm();}
|
||||
elseif ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'service_messages.php', 'NOTICE');}
|
||||
elseif ($action == 'new_sm') {new_sm();}
|
||||
elseif ($action == 'save_sm') {save_sm();}
|
||||
elseif ($action == 'order_sm') {order_sm();}
|
||||
elseif ($action == 'remove_sm') {remove_sm();}
|
||||
}
|
||||
|
||||
/* Print header */
|
||||
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
|
||||
|
||||
/* Print main manage users page */
|
||||
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
||||
?>
|
||||
|
||||
<div class="row" style="padding: 20px">
|
||||
<ul class="nav nav-tabs" role="tablist">
|
||||
<?php
|
||||
// Show a link to banned_emails.php if user has permission to do so
|
||||
if ( hesk_checkPermission('can_ban_emails',0) )
|
||||
{
|
||||
echo '
|
||||
<li role="presentation">
|
||||
<a title="' . $hesklang['banemail'] . '" href="banned_emails.php">'.$hesklang['banemail'].'</a>
|
||||
</li>';
|
||||
}
|
||||
if ( hesk_checkPermission('can_ban_ips',0) )
|
||||
{
|
||||
echo '
|
||||
<li role="presentation">
|
||||
<a title="' . $hesklang['banip'] . '" href="banned_ips.php">'.$hesklang['banip'].'</a>
|
||||
</li>';
|
||||
}
|
||||
?>
|
||||
<li role="presentation" class="active">
|
||||
<a href="#"><?php echo $hesklang['sm_title']; ?> <i class="fa fa-question-circle settingsquestionmark" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['sm_intro']); ?>')"></i></a>
|
||||
</li>
|
||||
</ul>
|
||||
<div class="tab-content summaryList tabPadding">
|
||||
<script language="javascript" type="text/javascript"><!--
|
||||
function confirm_delete()
|
||||
{
|
||||
if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {return true;}
|
||||
else {return false;}
|
||||
}
|
||||
//-->
|
||||
</script>
|
||||
<div class="row">
|
||||
<?php
|
||||
/* This will handle error, success and notice messages */
|
||||
hesk_handle_messages();
|
||||
|
||||
if ( isset($_SESSION['new_sm']) )
|
||||
{
|
||||
$_SESSION['new_sm'] = hesk_stripArray($_SESSION['new_sm']);
|
||||
}
|
||||
|
||||
if ( isset($_SESSION['preview_sm']) )
|
||||
{
|
||||
hesk_service_message($_SESSION['new_sm']);
|
||||
}
|
||||
|
||||
if ($hesk_settings['kb_wysiwyg'])
|
||||
{
|
||||
?>
|
||||
<script type="text/javascript">
|
||||
tinyMCE.init({
|
||||
mode : "exact",
|
||||
elements : "content",
|
||||
theme : "advanced",
|
||||
convert_urls : false,
|
||||
gecko_spellcheck: true,
|
||||
|
||||
theme_advanced_buttons1 : "cut,copy,paste,|,undo,redo,|,formatselect,fontselect,fontsizeselect,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull",
|
||||
theme_advanced_buttons2 : "sub,sup,|,charmap,|,bullist,numlist,|,outdent,indent,insertdate,inserttime,preview,|,forecolor,backcolor,|,hr,removeformat,visualaid,|,link,unlink,anchor,image,cleanup,code",
|
||||
theme_advanced_buttons3 : "",
|
||||
|
||||
theme_advanced_toolbar_location : "top",
|
||||
theme_advanced_toolbar_align : "left",
|
||||
theme_advanced_statusbar_location : "bottom",
|
||||
theme_advanced_resizing : true
|
||||
});
|
||||
</script>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">
|
||||
<h4><?php echo $hesklang['ex_sm']; ?></h4>
|
||||
</div>
|
||||
<div class="panel-body">
|
||||
<?php
|
||||
|
||||
// Get banned ips from database
|
||||
$res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'service_messages` ORDER BY `order` ASC');
|
||||
$num = hesk_dbNumRows($res);
|
||||
|
||||
if ($num < 1)
|
||||
{
|
||||
echo '<p>'.$hesklang['no_sm'].'</p>';
|
||||
}
|
||||
else
|
||||
{
|
||||
// List of staff
|
||||
if ( ! isset($admins) )
|
||||
{
|
||||
$admins = array();
|
||||
$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users`");
|
||||
while ($row=hesk_dbFetchAssoc($res2))
|
||||
{
|
||||
$admins[$row['id']]=$row['name'];
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
<table class="table table-hover">
|
||||
<thead>
|
||||
<tr>
|
||||
<th><?php echo $hesklang['sm_mtitle']; ?></th>
|
||||
<th><?php echo $hesklang['sm_author']; ?></th>
|
||||
<th><?php echo $hesklang['sm_type']; ?></th>
|
||||
<th> <?php echo $hesklang['opt']; ?> </th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
$j = 1;
|
||||
$k = 1;
|
||||
|
||||
while ($sm=hesk_dbFetchAssoc($res))
|
||||
{
|
||||
$faIcon = "";
|
||||
switch ($sm['style'])
|
||||
{
|
||||
case 1:
|
||||
$sm_style = "alert alert-success";
|
||||
$faIcon = "fa fa-check-circle";
|
||||
break;
|
||||
case 2:
|
||||
$sm_style = "alert alert-info";
|
||||
$faIcon = "fa fa-comment";
|
||||
break;
|
||||
case 3:
|
||||
$sm_style = "alert alert-warning";
|
||||
$faIcon = "fa fa-exclamation-triangle";
|
||||
break;
|
||||
case 4:
|
||||
$sm_style = "alert alert-danger";
|
||||
$faIcon = "fa fa-times-circle";
|
||||
break;
|
||||
default:
|
||||
$sm_style = "none";
|
||||
}
|
||||
|
||||
$type = $sm['type'] ? $hesklang['sm_draft']: $hesklang['sm_published'];
|
||||
|
||||
?>
|
||||
<tr>
|
||||
<td>
|
||||
<div class="<?php echo $sm_style; ?>">
|
||||
<i class="<?php echo $faIcon; ?>"></i>
|
||||
<b><?php echo $sm['title']; ?></b>
|
||||
</div>
|
||||
</td>
|
||||
<td><?php echo (isset($admins[$sm['author']]) ? $admins[$sm['author']] : $hesklang['e_udel']); ?></td>
|
||||
<td><?php echo $type; ?></td>
|
||||
<td>
|
||||
<?php
|
||||
if ($num > 1)
|
||||
{
|
||||
if ($k == 1)
|
||||
{
|
||||
?>
|
||||
<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
|
||||
<a href="service_messages.php?a=order_sm&id=<?php echo $sm['id']; ?>&move=15&token=<?php hesk_token_echo(); ?>">
|
||||
<i class="fa fa-arrow-down" style="font-size: 16px; color: green" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['move_dn']; ?>"></i></a>
|
||||
<?php
|
||||
}
|
||||
elseif ($k == $num)
|
||||
{
|
||||
?>
|
||||
<a href="service_messages.php?a=order_sm&id=<?php echo $sm['id']; ?>&move=-15&token=<?php hesk_token_echo(); ?>">
|
||||
<i class="fa fa-arrow-up" style="font-size: 16px; color: green" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['move_up']; ?>"></i></a>
|
||||
<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
|
||||
<?php
|
||||
}
|
||||
else
|
||||
{
|
||||
?>
|
||||
<a href="service_messages.php?a=order_sm&id=<?php echo $sm['id']; ?>&move=-15&token=<?php hesk_token_echo(); ?>">
|
||||
<i class="fa fa-arrow-up" style="font-size: 16px; color: green" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['move_up']; ?>"></i></a>
|
||||
<a href="service_messages.php?a=order_sm&id=<?php echo $sm['id']; ?>&move=15&token=<?php hesk_token_echo(); ?>">
|
||||
<i class="fa fa-arrow-down" style="font-size: 16px; color: green" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['move_dn']; ?>"></i></a>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
?>
|
||||
<a href="service_messages.php?a=edit_sm&id=<?php echo $sm['id']; ?>">
|
||||
<i class="fa fa-pencil" style="font-size: 16px;color:orange" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['edit']; ?>"></i></a>
|
||||
<a href="service_messages.php?a=remove_sm&id=<?php echo $sm['id']; ?>&token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_sm']); ?>');">
|
||||
<i class="fa fa-times" style="font-size: 16px;color:red" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['delete']; ?>"></i></a> </td>
|
||||
</tr>
|
||||
<?php
|
||||
$j++;
|
||||
$k++;
|
||||
} // End while
|
||||
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
<div align="center">
|
||||
<table border="0" cellspacing="1" cellpadding="3" class="white" width="100%">
|
||||
|
||||
|
||||
</table>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">
|
||||
<h4><a name="new_article"></a><?php echo $hesklang['new_sm']; ?></h4>
|
||||
</div>
|
||||
<div class="panel-body">
|
||||
<form action="service_messages.php" method="post" name="form1" role="form" class="form-horizontal">
|
||||
<div class="form-group">
|
||||
<label for="style" class="col-md-2 control-label"><?php echo $hesklang['sm_style']; ?></label>
|
||||
<div class="col-md-2">
|
||||
<div class="radio alert" style="box-shadow: none; padding: 5px; border-radius: 4px;">
|
||||
<label>
|
||||
<input type="radio" name="style" value="0"
|
||||
<?php if (!isset($_SESSION['new_sm']['style']) || (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 0) ) {echo 'checked';} ?>>
|
||||
<?php echo $hesklang['sm_none']; ?>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<div class="radio alert alert-success" style="padding: 5px;">
|
||||
<label style="margin-top: -5px">
|
||||
<input type="radio" name="style" value="1"
|
||||
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 1 ) {echo 'checked';} ?>>
|
||||
<?php echo $hesklang['sm_success']; ?>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<div class="radio alert alert-info" style="padding: 5px">
|
||||
<label style="margin-top: -5px">
|
||||
<input type="radio" name="style" value="2"
|
||||
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 2) {echo 'checked';} ?>>
|
||||
<?php echo $hesklang['sm_info']; ?>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<div class="radio alert alert-warning" style="padding: 5px">
|
||||
<label style="margin-top: -5px">
|
||||
<input type="radio" name="style" value="3"
|
||||
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 3) {echo 'checked';} ?>>
|
||||
<?php echo $hesklang['sm_notice']; ?>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<div class="radio alert alert-danger" style="padding: 5px">
|
||||
<label style="margin-top: -5px">
|
||||
<input type="radio" name="style" value="4"
|
||||
<?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 4) {echo 'checked';} ?> >
|
||||
<?php echo $hesklang['sm_error']; ?>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="type" class="col-md-2 control-label"><?php echo $hesklang['sm_type']; ?></label>
|
||||
<div class="col-md-2">
|
||||
<div class="radio" style="padding: 5px">
|
||||
<label>
|
||||
<input type="radio" name="type" value="0"
|
||||
<?php if (!isset($_SESSION['new_sm']['type']) || (isset($_SESSION['new_sm']['type']) && $_SESSION['new_sm']['type'] == 0) ) {echo 'checked';} ?> >
|
||||
<?php echo $hesklang['sm_published']; ?>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<div class="radio" style="padding: 5px">
|
||||
<label>
|
||||
<input type="radio" name="type" value="1"
|
||||
<?php if (isset($_SESSION['new_sm']['type']) && $_SESSION['new_sm']['type'] == 1) {echo 'checked';} ?> >
|
||||
<?php echo $hesklang['sm_draft']; ?>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="title" class="col-md-2 control-label"><?php echo $hesklang['sm_mtitle']; ?></label>
|
||||
<div class="col-md-10">
|
||||
<input class="form-control" placeholder="<?php echo $hesklang['sm_mtitle']; ?>"
|
||||
type="text" name="title" size="70" maxlength="255"
|
||||
<?php if (isset($_SESSION['new_sm']['title'])) {echo 'value="'.$_SESSION['new_sm']['title'].'"';} ?>>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="message" class="col-md-2 control-label"><?php echo $hesklang['sm_msg']; ?></label>
|
||||
<div class="col-md-10">
|
||||
<textarea placeholder="<?php echo $hesklang['sm_msg']; ?>" class="form-control" name="message" rows="25" cols="70" id="content">
|
||||
<?php if (isset($_SESSION['new_sm']['message'])) {echo $_SESSION['new_sm']['message'];} ?>
|
||||
</textarea>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<?php echo isset($_SESSION['edit_sm']) ? '<input type="hidden" name="a" value="save_sm" /><input type="hidden" name="id" value="'.intval($_SESSION['new_sm']['id']).'" />' : '<input type="hidden" name="a" value="new_sm" />'; ?>
|
||||
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
|
||||
<div class="col-md-10 col-md-offset-2">
|
||||
<div class="btn-group" role="group">
|
||||
<input type="submit" name="sm_save" value="<?php echo $hesklang['sm_save']; ?>" class="btn btn-default">
|
||||
<input type="submit" name="sm_preview" value="<?php echo $hesklang['sm_preview']; ?>" class="btn btn-default">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
|
||||
hesk_cleanSessionVars( array('new_sm', 'preview_sm', 'edit_sm') );
|
||||
|
||||
require_once(HESK_PATH . 'inc/footer.inc.php');
|
||||
exit();
|
||||
|
||||
|
||||
/*** START FUNCTIONS ***/
|
||||
|
||||
|
||||
function save_sm()
|
||||
{
|
||||
global $hesk_settings, $hesklang, $listBox;
|
||||
global $hesk_error_buffer;
|
||||
|
||||
// A security check
|
||||
# hesk_token_check('POST');
|
||||
|
||||
$hesk_error_buffer = array();
|
||||
|
||||
// Get service messageID
|
||||
$id = intval( hesk_POST('id') ) or hesk_error($hesklang['sm_e_id']);
|
||||
|
||||
$style = intval( hesk_POST('style', 0) );
|
||||
if ($style > 4 || $style < 0)
|
||||
{
|
||||
$style = 0;
|
||||
}
|
||||
|
||||
$type = empty($_POST['type']) ? 0 : 1;
|
||||
$title = hesk_input( hesk_POST('title') ) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
|
||||
$message = hesk_getHTML( hesk_POST('message') );
|
||||
|
||||
// Any errors?
|
||||
if (count($hesk_error_buffer))
|
||||
{
|
||||
$_SESSION['edit_sm'] = true;
|
||||
$hesklang['new_sm'] = $hesklang['edit_sm'];
|
||||
|
||||
$_SESSION['new_sm'] = array(
|
||||
'id' => $id,
|
||||
'style' => $style,
|
||||
'type' => $type,
|
||||
'title' => $title,
|
||||
'message' => hesk_input( hesk_POST('message') ),
|
||||
);
|
||||
|
||||
$tmp = '';
|
||||
foreach ($hesk_error_buffer as $error)
|
||||
{
|
||||
$tmp .= "<li>$error</li>\n";
|
||||
}
|
||||
$hesk_error_buffer = $tmp;
|
||||
|
||||
$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
|
||||
hesk_process_messages($hesk_error_buffer,'service_messages.php');
|
||||
}
|
||||
|
||||
// Just preview the message?
|
||||
if ( isset($_POST['sm_preview']) )
|
||||
{
|
||||
$_SESSION['preview_sm'] = true;
|
||||
$_SESSION['edit_sm'] = true;
|
||||
$hesklang['new_sm'] = $hesklang['edit_sm'];
|
||||
|
||||
$_SESSION['new_sm'] = array(
|
||||
'id' => $id,
|
||||
'style' => $style,
|
||||
'type' => $type,
|
||||
'title' => $title,
|
||||
'message' => $message,
|
||||
);
|
||||
|
||||
header('Location: service_messages.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
// Update the service message in the database
|
||||
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` SET
|
||||
`author` = '".intval($_SESSION['id'])."',
|
||||
`title` = '".hesk_dbEscape($title)."',
|
||||
`message` = '".hesk_dbEscape($message)."',
|
||||
`style` = '{$style}',
|
||||
`type` = '{$type}'
|
||||
WHERE `id`={$id} LIMIT 1");
|
||||
|
||||
$_SESSION['smord'] = $id;
|
||||
hesk_process_messages($hesklang['sm_mdf'],'service_messages.php','SUCCESS');
|
||||
|
||||
} // End save_sm()
|
||||
|
||||
|
||||
function edit_sm()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
// Get service messageID
|
||||
$id = intval( hesk_GET('id') ) or hesk_error($hesklang['sm_e_id']);
|
||||
|
||||
// Get details from the database
|
||||
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `id`={$id} LIMIT 1");
|
||||
if ( hesk_dbNumRows($res) != 1 )
|
||||
{
|
||||
hesk_error($hesklang['sm_not_found']);
|
||||
}
|
||||
$sm = hesk_dbFetchAssoc($res);
|
||||
|
||||
$_SESSION['new_sm'] = $sm;
|
||||
$_SESSION['edit_sm'] = true;
|
||||
|
||||
$hesklang['new_sm'] = $hesklang['edit_sm'];
|
||||
|
||||
} // End edit_sm()
|
||||
|
||||
|
||||
function order_sm()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
// A security check
|
||||
hesk_token_check();
|
||||
|
||||
// Get ID and move parameters
|
||||
$id = intval( hesk_GET('id') ) or hesk_error($hesklang['sm_e_id']);
|
||||
$move = intval( hesk_GET('move') );
|
||||
$_SESSION['smord'] = $id;
|
||||
|
||||
// Update article details
|
||||
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` SET `order`=`order`+".intval($move)." WHERE `id`={$id} LIMIT 1");
|
||||
|
||||
// Update order of all service messages
|
||||
update_sm_order();
|
||||
|
||||
// Finish
|
||||
header('Location: service_messages.php');
|
||||
exit();
|
||||
|
||||
} // End order_sm()
|
||||
|
||||
|
||||
function update_sm_order()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
// Get list of current service messages
|
||||
$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` ORDER BY `order` ASC");
|
||||
|
||||
// Update database
|
||||
$i = 10;
|
||||
while ( $sm = hesk_dbFetchAssoc($res) )
|
||||
{
|
||||
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` SET `order`=".intval($i)." WHERE `id`='".intval($sm['id'])."' LIMIT 1");
|
||||
$i += 10;
|
||||
}
|
||||
|
||||
return true;
|
||||
|
||||
} // END update_sm_order()
|
||||
|
||||
|
||||
function remove_sm()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
// A security check
|
||||
hesk_token_check();
|
||||
|
||||
// Get ID
|
||||
$id = intval( hesk_GET('id') ) or hesk_error($hesklang['sm_e_id']);
|
||||
|
||||
// Delete the service message
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `id`={$id} LIMIT 1");
|
||||
|
||||
// Were we successful?
|
||||
if ( hesk_dbAffectedRows() == 1 )
|
||||
{
|
||||
hesk_process_messages($hesklang['sm_deleted'],'./service_messages.php','SUCCESS');
|
||||
}
|
||||
else
|
||||
{
|
||||
hesk_process_messages($hesklang['sm_not_found'],'./service_messages.php');
|
||||
}
|
||||
|
||||
} // End remove_sm()
|
||||
|
||||
|
||||
function new_sm()
|
||||
{
|
||||
global $hesk_settings, $hesklang, $listBox;
|
||||
global $hesk_error_buffer;
|
||||
|
||||
// A security check
|
||||
# hesk_token_check('POST');
|
||||
|
||||
$hesk_error_buffer = array();
|
||||
|
||||
$style = intval( hesk_POST('style', 0) );
|
||||
if ($style > 4 || $style < 0)
|
||||
{
|
||||
$style = 0;
|
||||
}
|
||||
|
||||
$type = empty($_POST['type']) ? 0 : 1;
|
||||
$title = hesk_input( hesk_POST('title') ) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
|
||||
$message = hesk_getHTML( hesk_POST('message') );
|
||||
|
||||
// Any errors?
|
||||
if (count($hesk_error_buffer))
|
||||
{
|
||||
$_SESSION['new_sm'] = array(
|
||||
'style' => $style,
|
||||
'type' => $type,
|
||||
'title' => $title,
|
||||
'message' => hesk_input( hesk_POST('message') ),
|
||||
);
|
||||
|
||||
$tmp = '';
|
||||
foreach ($hesk_error_buffer as $error)
|
||||
{
|
||||
$tmp .= "<li>$error</li>\n";
|
||||
}
|
||||
$hesk_error_buffer = $tmp;
|
||||
|
||||
$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
|
||||
hesk_process_messages($hesk_error_buffer,'service_messages.php');
|
||||
}
|
||||
|
||||
// Just preview the message?
|
||||
if ( isset($_POST['sm_preview']) )
|
||||
{
|
||||
$_SESSION['preview_sm'] = true;
|
||||
|
||||
$_SESSION['new_sm'] = array(
|
||||
'style' => $style,
|
||||
'type' => $type,
|
||||
'title' => $title,
|
||||
'message' => $message,
|
||||
);
|
||||
|
||||
header('Location: service_messages.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
// Get the latest service message order
|
||||
$res = hesk_dbQuery("SELECT `order` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` ORDER BY `order` DESC LIMIT 1");
|
||||
$row = hesk_dbFetchRow($res);
|
||||
$my_order = intval($row[0]) + 10;
|
||||
|
||||
// Insert service message into database
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` (`author`,`title`,`message`,`style`,`type`,`order`) VALUES (
|
||||
'".intval($_SESSION['id'])."',
|
||||
'".hesk_dbEscape($title)."',
|
||||
'".hesk_dbEscape($message)."',
|
||||
'{$style}',
|
||||
'{$type}',
|
||||
'{$my_order}'
|
||||
)");
|
||||
|
||||
$_SESSION['smord'] = hesk_dbInsertID();
|
||||
hesk_process_messages($hesklang['sm_added'],'service_messages.php','SUCCESS');
|
||||
|
||||
} // End new_sm()
|
||||
|
||||
?>
|
@ -0,0 +1,446 @@
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.0 beta 1 from 30th December 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
function hesk_insertTag(tag) {
|
||||
var text_to_insert = '%%'+tag+'%%';
|
||||
hesk_insertAtCursor(document.form1.msg, text_to_insert);
|
||||
document.form1.message.focus();
|
||||
}
|
||||
|
||||
function hesk_insertAtCursor(myField, myValue) {
|
||||
if (document.selection) {
|
||||
myField.focus();
|
||||
sel = document.selection.createRange();
|
||||
sel.text = myValue;
|
||||
}
|
||||
else if (myField.selectionStart || myField.selectionStart == '0') {
|
||||
var startPos = myField.selectionStart;
|
||||
var endPos = myField.selectionEnd;
|
||||
myField.value = myField.value.substring(0, startPos)
|
||||
+ myValue
|
||||
+ myField.value.substring(endPos, myField.value.length);
|
||||
} else {
|
||||
myField.value += myValue;
|
||||
}
|
||||
}
|
||||
|
||||
function hesk_changeAll(myID) {
|
||||
var d = document.form1;
|
||||
var setTo = myID.checked ? true : false;
|
||||
|
||||
for (var i = 0; i < d.elements.length; i++)
|
||||
{
|
||||
if(d.elements[i].type == 'checkbox' && d.elements[i].name != 'checkall')
|
||||
{
|
||||
d.elements[i].checked = setTo;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function hesk_attach_disable(ids) {
|
||||
for($i=0;$i<ids.length;$i++) {
|
||||
if (ids[$i]=='c11'||ids[$i]=='c21'||ids[$i]=='c31'||ids[$i]=='c41'||ids[$i]=='c51') {
|
||||
document.getElementById(ids[$i]).checked=false;
|
||||
}
|
||||
document.getElementById(ids[$i]).disabled=true;
|
||||
}
|
||||
}
|
||||
|
||||
function hesk_attach_enable(ids) {
|
||||
for($i=0;$i<ids.length;$i++) {
|
||||
document.getElementById(ids[$i]).disabled=false;
|
||||
}
|
||||
}
|
||||
|
||||
function hesk_attach_toggle(control,ids) {
|
||||
if (document.getElementById(control).checked) {
|
||||
hesk_attach_enable(ids);
|
||||
} else {
|
||||
hesk_attach_disable(ids);
|
||||
}
|
||||
}
|
||||
|
||||
function hesk_window(PAGE,HGT,WDT)
|
||||
{
|
||||
var HeskWin = window.open(PAGE,"Hesk_window","height="+HGT+",width="+WDT+",menubar=0,location=0,toolbar=0,status=0,resizable=1,scrollbars=1");
|
||||
HeskWin.focus();
|
||||
}
|
||||
|
||||
function hesk_toggleLayerDisplay(nr) {
|
||||
if (document.all)
|
||||
document.all[nr].style.display = (document.all[nr].style.display == 'none') ? 'block' : 'none';
|
||||
else if (document.getElementById)
|
||||
document.getElementById(nr).style.display = (document.getElementById(nr).style.display == 'none') ? 'block' : 'none';
|
||||
}
|
||||
|
||||
function hesk_confirmExecute(myText) {
|
||||
if (confirm(myText))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
function hesk_deleteIfSelected(myField,myText) {
|
||||
if(document.getElementById(myField).checked)
|
||||
{
|
||||
return hesk_confirmExecute(myText);
|
||||
}
|
||||
}
|
||||
|
||||
function hesk_rate(url,element_id)
|
||||
{
|
||||
if (url.length==0)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
var element = document.getElementById(element_id);
|
||||
|
||||
xmlHttp=GetXmlHttpObject();
|
||||
if (xmlHttp==null)
|
||||
{
|
||||
alert ("Your browser does not support AJAX!");
|
||||
return;
|
||||
}
|
||||
|
||||
xmlHttp.open("GET",url,true);
|
||||
|
||||
xmlHttp.onreadystatechange = function()
|
||||
{
|
||||
if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
|
||||
{
|
||||
element.innerHTML = xmlHttp.responseText;
|
||||
}
|
||||
}
|
||||
|
||||
xmlHttp.send(null);
|
||||
}
|
||||
|
||||
function stateChanged()
|
||||
{
|
||||
if (xmlHttp.readyState==4)
|
||||
{
|
||||
document.getElementById("rating").innerHTML=xmlHttp.responseText;
|
||||
}
|
||||
}
|
||||
|
||||
function GetXmlHttpObject()
|
||||
{
|
||||
var xmlHttp=null;
|
||||
try
|
||||
{
|
||||
// Firefox, Opera 8.0+, Safari
|
||||
xmlHttp=new XMLHttpRequest();
|
||||
}
|
||||
catch (e)
|
||||
{
|
||||
// Internet Explorer
|
||||
try
|
||||
{
|
||||
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
|
||||
}
|
||||
catch (e)
|
||||
{
|
||||
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
|
||||
}
|
||||
}
|
||||
return xmlHttp;
|
||||
}
|
||||
|
||||
var heskKBquery = '';
|
||||
var heskKBfailed = false;
|
||||
|
||||
function hesk_suggestKB()
|
||||
{
|
||||
var d = document.form1;
|
||||
var s = d.subject.value;
|
||||
var m = d.message.value;
|
||||
var element = document.getElementById('kb_suggestions');
|
||||
|
||||
if (s != '' && m != '' && (heskKBquery != s + " " + m || heskKBfailed == true) )
|
||||
{
|
||||
element.style.display = 'block';
|
||||
var params = "p=1&" + "q=" + encodeURIComponent( s + " " + m );
|
||||
heskKBquery = s + " " + m;
|
||||
|
||||
xmlHttp=GetXmlHttpObject();
|
||||
if (xmlHttp==null)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
xmlHttp.open('POST','suggest_articles.php',true);
|
||||
xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
|
||||
|
||||
xmlHttp.onreadystatechange = function()
|
||||
{
|
||||
if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
|
||||
{
|
||||
element.innerHTML = xmlHttp.responseText;
|
||||
heskKBfailed = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
heskKBfailed = true;
|
||||
}
|
||||
}
|
||||
|
||||
xmlHttp.send(params);
|
||||
}
|
||||
|
||||
setTimeout('hesk_suggestKB();', 2000);
|
||||
|
||||
}
|
||||
|
||||
function hesk_suggestKBsearch(isAdmin)
|
||||
{
|
||||
var d = document.searchform;
|
||||
var s = d.search.value;
|
||||
var element = document.getElementById('kb_suggestions');
|
||||
|
||||
if (isAdmin)
|
||||
{
|
||||
var path = 'admin_suggest_articles.php';
|
||||
}
|
||||
else
|
||||
{
|
||||
var path = 'suggest_articles.php';
|
||||
}
|
||||
|
||||
if (s != '' && (heskKBquery != s || heskKBfailed == true) )
|
||||
{
|
||||
element.style.display = 'block';
|
||||
var params = "q=" + encodeURIComponent( s );
|
||||
heskKBquery = s;
|
||||
|
||||
xmlHttp=GetXmlHttpObject();
|
||||
if (xmlHttp==null)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
xmlHttp.open('POST', path, true);
|
||||
xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
|
||||
|
||||
xmlHttp.onreadystatechange = function()
|
||||
{
|
||||
if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
|
||||
{
|
||||
element.innerHTML = unescape(xmlHttp.responseText);
|
||||
heskKBfailed = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
heskKBfailed = true;
|
||||
}
|
||||
}
|
||||
|
||||
xmlHttp.send(params);
|
||||
}
|
||||
|
||||
setTimeout('hesk_suggestKBsearch('+isAdmin+');', 2000);
|
||||
}
|
||||
|
||||
function hesk_suggestEmail(isAdmin)
|
||||
{
|
||||
var email = document.form1.email.value;
|
||||
var element = document.getElementById('email_suggestions');
|
||||
|
||||
if (isAdmin)
|
||||
{
|
||||
var path = '../suggest_email.php';
|
||||
}
|
||||
else
|
||||
{
|
||||
var path = 'suggest_email.php';
|
||||
}
|
||||
|
||||
if (email != '')
|
||||
{
|
||||
var params = "e=" + encodeURIComponent( email );
|
||||
|
||||
xmlHttp=GetXmlHttpObject();
|
||||
if (xmlHttp==null)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
xmlHttp.open('POST', path, true);
|
||||
xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
|
||||
|
||||
xmlHttp.onreadystatechange = function()
|
||||
{
|
||||
if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
|
||||
{
|
||||
element.innerHTML = unescape(xmlHttp.responseText);
|
||||
element.style.display = 'block';
|
||||
}
|
||||
}
|
||||
|
||||
xmlHttp.send(params);
|
||||
}
|
||||
}
|
||||
|
||||
function hesk_btn(Elem, myClass)
|
||||
{
|
||||
Elem.className = myClass;
|
||||
}
|
||||
|
||||
function hesk_checkPassword(password)
|
||||
{
|
||||
|
||||
var numbers = "0123456789";
|
||||
var lowercase = "abcdefghijklmnopqrstuvwxyz";
|
||||
var uppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
||||
var punctuation = "!.@$L#*()%~<>{}[]";
|
||||
|
||||
var combinations = 0;
|
||||
|
||||
if (hesk_contains(password, numbers) > 0) {
|
||||
combinations += 10;
|
||||
}
|
||||
|
||||
if (hesk_contains(password, lowercase) > 0) {
|
||||
combinations += 26;
|
||||
}
|
||||
|
||||
if (hesk_contains(password, uppercase) > 0) {
|
||||
combinations += 26;
|
||||
}
|
||||
|
||||
if (hesk_contains(password, punctuation) > 0) {
|
||||
combinations += punctuation.length;
|
||||
}
|
||||
|
||||
var totalCombinations = Math.pow(combinations, password.length);
|
||||
var timeInSeconds = (totalCombinations / 200) / 2;
|
||||
var timeInDays = timeInSeconds / 86400
|
||||
var lifetime = 3650;
|
||||
var percentage = timeInDays / lifetime;
|
||||
|
||||
var friendlyPercentage = hesk_cap(Math.round(percentage * 100), 98);
|
||||
|
||||
if (friendlyPercentage < (password.length * 5)) {
|
||||
friendlyPercentage += password.length * 5;
|
||||
}
|
||||
|
||||
var friendlyPercentage = hesk_cap(friendlyPercentage, 98);
|
||||
|
||||
var progressBar = document.getElementById("progressBar");
|
||||
progressBar.style.width = friendlyPercentage + "%";
|
||||
|
||||
if (percentage > 1) {
|
||||
// strong password
|
||||
progressBar.classList.remove('progress-bar-danger');
|
||||
progressBar.classList.remove('progress-bar-warning');
|
||||
progressBar.classList.add('progress-bar-success');
|
||||
return;
|
||||
}
|
||||
|
||||
if (percentage > 0.5) {
|
||||
// reasonable password
|
||||
progressBar.classList.remove('progress-bar-danger');
|
||||
progressBar.classList.remove('progress-bar-success');
|
||||
progressBar.classList.add('progress-bar-warning');
|
||||
return;
|
||||
}
|
||||
|
||||
if (percentage > 0.10 || percentage <= 0.10) {
|
||||
// weak password
|
||||
progressBar.classList.remove('progress-bar-warning');
|
||||
progressBar.classList.remove('progress-bar-success');
|
||||
progressBar.classList.add('progress-bar-danger');
|
||||
return;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function hesk_cap(number, max) {
|
||||
if (number > max) {
|
||||
return max;
|
||||
} else {
|
||||
return number;
|
||||
}
|
||||
}
|
||||
|
||||
function hesk_contains(password, validChars) {
|
||||
|
||||
count = 0;
|
||||
|
||||
for (i = 0; i < password.length; i++) {
|
||||
var char = password.charAt(i);
|
||||
if (validChars.indexOf(char) > -1) {
|
||||
count++;
|
||||
}
|
||||
}
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
function setCookie(name, value, expires, path, domain, secure)
|
||||
{
|
||||
document.cookie= name + "=" + escape(value) +
|
||||
((expires) ? "; expires=" + expires.toGMTString() : "") +
|
||||
((path) ? "; path=" + path : "") +
|
||||
((domain) ? "; domain=" + domain : "") +
|
||||
((secure) ? "; secure" : "");
|
||||
}
|
||||
|
||||
function getCookie(name)
|
||||
{
|
||||
var dc = document.cookie;
|
||||
var prefix = name + "=";
|
||||
var begin = dc.indexOf("; " + prefix);
|
||||
if (begin == -1) {
|
||||
begin = dc.indexOf(prefix);
|
||||
if (begin != 0) return null;
|
||||
} else {
|
||||
begin += 2;
|
||||
}
|
||||
var end = document.cookie.indexOf(";", begin);
|
||||
if (end == -1) {
|
||||
end = dc.length;
|
||||
}
|
||||
return unescape(dc.substring(begin + prefix.length, end));
|
||||
}
|
||||
|
||||
function deleteCookie(name, path, domain)
|
||||
{
|
||||
if (getCookie(name)) {
|
||||
document.cookie = name + "=" +
|
||||
((path) ? "; path=" + path : "") +
|
||||
((domain) ? "; domain=" + domain : "") +
|
||||
"; expires=Thu, 01-Jan-70 00:00:01 GMT";
|
||||
}
|
||||
}
|
@ -0,0 +1,738 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.0 beta 1 from 30th December 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
/* Check if this is a valid include */
|
||||
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
|
||||
|
||||
// Possible fields to be displayed in ticket list
|
||||
$hesk_settings['possible_ticket_list'] = array(
|
||||
'id' => $hesklang['id'],
|
||||
'trackid' => $hesklang['trackID'],
|
||||
'dt' => $hesklang['submitted'],
|
||||
'lastchange' => $hesklang['last_update'],
|
||||
'category' => $hesklang['category'],
|
||||
'name' => $hesklang['name'],
|
||||
'email' => $hesklang['email'],
|
||||
'subject' => $hesklang['subject'],
|
||||
'status' => $hesklang['status'],
|
||||
'owner' => $hesklang['owner'],
|
||||
'replies' => $hesklang['replies'],
|
||||
'staffreplies' => $hesklang['replies'] . ' (' . $hesklang['staff'] .')',
|
||||
'lastreplier' => $hesklang['last_replier'],
|
||||
'time_worked' => $hesklang['ts'],
|
||||
);
|
||||
|
||||
// Also possible to display all custom fields
|
||||
for ($i=1;$i<=20;$i++)
|
||||
{
|
||||
if ($hesk_settings['custom_fields']['custom'.$i]['use'])
|
||||
{
|
||||
$hesk_settings['possible_ticket_list']['custom'.$i] = $hesk_settings['custom_fields']['custom'.$i]['name'];
|
||||
}
|
||||
}
|
||||
|
||||
/*** FUNCTIONS ***/
|
||||
|
||||
|
||||
function hesk_show_column($column)
|
||||
{
|
||||
global $hesk_settings;
|
||||
|
||||
return in_array($column, $hesk_settings['ticket_list']) ? true : false;
|
||||
|
||||
} // END hesk_show_column()
|
||||
|
||||
|
||||
function hesk_getHHMMSS($in)
|
||||
{
|
||||
$in = hesk_getTime($in);
|
||||
return explode(':', $in);
|
||||
} // END hesk_getHHMMSS();
|
||||
|
||||
|
||||
function hesk_getTime($in)
|
||||
{
|
||||
$in = trim($in);
|
||||
|
||||
/* If everything is OK this simple check should return true */
|
||||
if ( preg_match('/^([0-9]{2,3}):([0-5][0-9]):([0-5][0-9])$/', $in) )
|
||||
{
|
||||
return $in;
|
||||
}
|
||||
|
||||
/* No joy, let's try to figure out the correct values to use... */
|
||||
$h = 0;
|
||||
$m = 0;
|
||||
$s = 0;
|
||||
|
||||
/* How many parts do we have? */
|
||||
$parts = substr_count($in, ':');
|
||||
|
||||
switch ($parts)
|
||||
{
|
||||
/* Only two parts, let's assume minutes and seconds */
|
||||
case 1:
|
||||
list($m, $s) = explode(':', $in);
|
||||
break;
|
||||
|
||||
/* Three parts, so explode to hours, minutes and seconds */
|
||||
case 2:
|
||||
list($h, $m, $s) = explode(':', $in);
|
||||
break;
|
||||
|
||||
/* Something other was entered, let's assume just minutes */
|
||||
default:
|
||||
$m = $in;
|
||||
}
|
||||
|
||||
/* Make sure all inputs are integers */
|
||||
$h = intval($h);
|
||||
$m = intval($m);
|
||||
$s = intval($s);
|
||||
|
||||
/* Convert seconds to minutes if 60 or more seconds */
|
||||
if ($s > 59)
|
||||
{
|
||||
$m = floor($s / 60) + $m;
|
||||
$s = intval($s % 60);
|
||||
}
|
||||
|
||||
/* Convert minutes to hours if 60 or more minutes */
|
||||
if ($m > 59)
|
||||
{
|
||||
$h = floor($m / 60) + $h;
|
||||
$m = intval($m % 60);
|
||||
}
|
||||
|
||||
/* MySQL accepts max time value of 838:59:59 */
|
||||
if ($h > 838)
|
||||
{
|
||||
return '838:59:59';
|
||||
}
|
||||
|
||||
/* That's it, let's send out formatted time string */
|
||||
return str_pad($h, 2, "0", STR_PAD_LEFT) . ':' . str_pad($m, 2, "0", STR_PAD_LEFT) . ':' . str_pad($s, 2, "0", STR_PAD_LEFT);
|
||||
|
||||
} // END hesk_getTime();
|
||||
|
||||
|
||||
function hesk_mergeTickets($merge_these, $merge_into)
|
||||
{
|
||||
global $hesk_settings, $hesklang, $hesk_db_link;
|
||||
|
||||
/* Target ticket must not be in the "merge these" list */
|
||||
if ( in_array($merge_into, $merge_these) )
|
||||
{
|
||||
$merge_these = array_diff($merge_these, array( $merge_into ) );
|
||||
}
|
||||
|
||||
/* At least 1 ticket needs to be merged with target ticket */
|
||||
if ( count($merge_these) < 1 )
|
||||
{
|
||||
$_SESSION['error'] = $hesklang['merr1'];
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Make sure target ticket exists */
|
||||
$res = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($merge_into)."' LIMIT 1");
|
||||
if (hesk_dbNumRows($res) != 1)
|
||||
{
|
||||
$_SESSION['error'] = $hesklang['merr2'];
|
||||
return false;
|
||||
}
|
||||
$ticket = hesk_dbFetchAssoc($res);
|
||||
|
||||
/* Make sure user has access to ticket category */
|
||||
if ( ! hesk_okCategory($ticket['category'], 0) )
|
||||
{
|
||||
$_SESSION['error'] = $hesklang['merr3'];
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Set some variables for later */
|
||||
$merge['attachments'] = '';
|
||||
$merge['replies'] = array();
|
||||
$merge['notes'] = array();
|
||||
$sec_worked = 0;
|
||||
$history = '';
|
||||
$merged = '';
|
||||
|
||||
/* Get messages, replies, notes and attachments of tickets that will be merged */
|
||||
foreach ($merge_these as $this_id)
|
||||
{
|
||||
/* Validate ID */
|
||||
if ( is_array($this_id) )
|
||||
{
|
||||
continue;
|
||||
}
|
||||
$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
|
||||
|
||||
/* Get required ticket information */
|
||||
$res = hesk_dbQuery("SELECT `id`,`trackid`,`category`,`name`,`message`,`dt`,`time_worked`,`attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1");
|
||||
if (hesk_dbNumRows($res) != 1)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
$row = hesk_dbFetchAssoc($res);
|
||||
|
||||
/* Has this user access to the ticket category? */
|
||||
if ( ! hesk_okCategory($row['category'], 0) )
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Insert ticket message as a new reply to target ticket */
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($row['name'])."','".hesk_dbEscape($row['message'])."','".hesk_dbEscape($row['dt'])."','".hesk_dbEscape($row['attachments'])."')");
|
||||
|
||||
/* Update attachments */
|
||||
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` SET `ticket_id`='".hesk_dbEscape($ticket['trackid'])."' WHERE `ticket_id`='".hesk_dbEscape($row['trackid'])."'");
|
||||
|
||||
/* Get old ticket replies and insert them as new replies */
|
||||
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($row['id'])."' ORDER BY `id` ASC");
|
||||
while ( $reply = hesk_dbFetchAssoc($res) )
|
||||
{
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`,`rating`,`read`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($reply['name'])."','".hesk_dbEscape($reply['message'])."','".hesk_dbEscape($reply['dt'])."','".hesk_dbEscape($reply['attachments'])."','".intval($reply['staffid'])."','".intval($reply['rating'])."','".intval($reply['read'])."')");
|
||||
}
|
||||
|
||||
/* Delete replies to the old ticket */
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($row['id'])."'");
|
||||
|
||||
/* Get old ticket notes and insert them as new notes */
|
||||
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($row['id'])."' ORDER BY `id` ASC");
|
||||
while ( $note = hesk_dbFetchAssoc($res) )
|
||||
{
|
||||
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`,`attachments`) VALUES ('".intval($ticket['id'])."','".intval($note['who'])."','".hesk_dbEscape($note['dt'])."','".hesk_dbEscape($note['message'])."','".hesk_dbEscape($note['attachments'])."')");
|
||||
}
|
||||
|
||||
/* Delete replies to the old ticket */
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($row['id'])."'");
|
||||
|
||||
/* Delete old ticket */
|
||||
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($row['id'])."'");
|
||||
|
||||
/* Log that ticket has been merged */
|
||||
$history .= sprintf($hesklang['thist13'],hesk_date(),$row['trackid'],$_SESSION['name'].' ('.$_SESSION['user'].')');
|
||||
|
||||
/* Add old ticket ID to target ticket "merged" field */
|
||||
$merged .= '#' . $row['trackid'];
|
||||
|
||||
/* Convert old ticket "time worked" to seconds and add to $sec_worked variable */
|
||||
list ($hr, $min, $sec) = explode(':', $row['time_worked']);
|
||||
$sec_worked += (((int)$hr) * 3600) + (((int)$min) * 60) + ((int)$sec);
|
||||
}
|
||||
|
||||
/* Convert seconds to HHH:MM:SS */
|
||||
$sec_worked = hesk_getTime('0:'.$sec_worked);
|
||||
|
||||
// Get number of replies
|
||||
$total = 0;
|
||||
$staffreplies = 0;
|
||||
|
||||
$res = hesk_dbQuery("SELECT COUNT(*) as `cnt`, `staffid` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`=".intval($ticket['id'])." GROUP BY CASE WHEN `staffid` = 0 THEN 0 ELSE 1 END ASC");
|
||||
while ( $row = hesk_dbFetchAssoc($res) )
|
||||
{
|
||||
$total += $row['cnt'];
|
||||
$staffreplies += ($row['staffid'] ? $row['cnt'] : 0);
|
||||
}
|
||||
|
||||
$replies_sql = " `replies`={$total}, `staffreplies`={$staffreplies} , ";
|
||||
|
||||
// Get first staff reply
|
||||
if ($staffreplies)
|
||||
{
|
||||
$res = hesk_dbQuery("SELECT `dt`, `staffid` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`=".intval($ticket['id'])." AND `staffid`>0 ORDER BY `dt` ASC LIMIT 1");
|
||||
$reply = hesk_dbFetchAssoc($res);
|
||||
$replies_sql = " `firstreply`='".hesk_dbEscape($reply['dt'])."', `firstreplyby`=".intval($reply['staffid'])." , ";
|
||||
}
|
||||
|
||||
/* Update history (log) and merged IDs of target ticket */
|
||||
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET $replies_sql `time_worked`=ADDTIME(`time_worked`, '".hesk_dbEscape($sec_worked)."'), `merged`=CONCAT(`merged`,'".hesk_dbEscape($merged . '#')."'), `history`=CONCAT(`history`,'".hesk_dbEscape($history)."') WHERE `id`='".intval($merge_into)."' LIMIT 1");
|
||||
|
||||
return true;
|
||||
|
||||
} // END hesk_mergeTickets()
|
||||
|
||||
|
||||
function hesk_updateStaffDefaults()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
// Demo mode
|
||||
if ( defined('HESK_DEMO') )
|
||||
{
|
||||
return true;
|
||||
}
|
||||
// Remove the part that forces saving as default - we don't need it every time
|
||||
$default_list = str_replace('&def=1','',$_SERVER['QUERY_STRING']);
|
||||
|
||||
// Update database
|
||||
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `default_list`='".hesk_dbEscape($default_list)."' WHERE `id`='".intval($_SESSION['id'])."'");
|
||||
|
||||
// Update session values so the changes take effect immediately
|
||||
$_SESSION['default_list'] = $default_list;
|
||||
|
||||
return true;
|
||||
|
||||
} // END hesk_updateStaffDefaults()
|
||||
|
||||
|
||||
function hesk_makeJsString($in)
|
||||
{
|
||||
return addslashes(preg_replace("/\s+/",' ',$in));
|
||||
} // END hesk_makeJsString()
|
||||
|
||||
|
||||
function hesk_checkNewMail()
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
$res = hesk_dbQuery("SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `to`='".intval($_SESSION['id'])."' AND `read`='0' AND `deletedby`!='".intval($_SESSION['id'])."' ");
|
||||
$num = hesk_dbResult($res,0,0);
|
||||
|
||||
return $num;
|
||||
} // END hesk_checkNewMail()
|
||||
|
||||
|
||||
function hesk_getCategoriesArray($kb = 0) {
|
||||
global $hesk_settings, $hesklang, $hesk_db_link;
|
||||
|
||||
$categories = array();
|
||||
if ($kb)
|
||||
{
|
||||
$result = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` ORDER BY `cat_order` ASC');
|
||||
}
|
||||
else
|
||||
{
|
||||
$result = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` ORDER BY `cat_order` ASC');
|
||||
}
|
||||
|
||||
while ($row=hesk_dbFetchAssoc($result))
|
||||
{
|
||||
$categories[$row['id']] = $row['name'];
|
||||
}
|
||||
|
||||
return $categories;
|
||||
} // END hesk_getCategoriesArray()
|
||||
|
||||
|
||||
function hesk_getHTML($in)
|
||||
{
|
||||
global $hesk_settings, $hesklang;
|
||||
|
||||
$replace_from = array("\t","<?","?>","$","<%","%>");
|
||||
$replace_to = array("","<?","?>","\$","<%","%>");
|
||||
|
||||
$in = trim($in);
|
||||
$in = str_replace($replace_from,$replace_to,$in);
|
||||
$in = preg_replace('/\<script(.*)\>(.*)\<\/script\>/Uis',"<script$1></script>",$in);
|
||||
$in = preg_replace('/\<\!\-\-(.*)\-\-\>/Uis',"<!-- comments have been removed -->",$in);
|
||||
|
||||
if (HESK_SLASH === true)
|
||||
{
|
||||
$in = addslashes($in);
|
||||
}
|
||||
$in = str_replace('\"','"',$in);
|
||||
|
||||
return $in;
|
||||
} // END hesk_getHTML()
|
||||
|
||||
|
||||
function hesk_autoLogin($noredirect=0)
|
||||
{
|
||||
global $hesk_settings, $hesklang, $hesk_db_link;
|
||||
|
||||
if (!$hesk_settings['autologin'])
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$user = hesk_htmlspecialchars( hesk_COOKIE('hesk_username') );
|
||||
$hash = hesk_htmlspecialchars( hesk_COOKIE('hesk_p') );
|
||||
define('HESK_USER', $user);
|
||||
|
||||
if (empty($user) || empty($hash))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Login cookies exist, now lets limit brute force attempts */
|
||||
hesk_limitBfAttempts();
|
||||
|
||||
/* Check username */
|
||||
$result = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `user` = '".hesk_dbEscape($user)."' LIMIT 1");
|
||||
if (hesk_dbNumRows($result) != 1)
|
||||
{
|
||||
setcookie('hesk_username', '');
|
||||
setcookie('hesk_p', '');
|
||||
header('Location: index.php?a=login¬ice=1');
|
||||
exit();
|
||||
}
|
||||
|
||||
$res=hesk_dbFetchAssoc($result);
|
||||
foreach ($res as $k=>$v)
|
||||
{
|
||||
$_SESSION[$k]=$v;
|
||||
}
|
||||
|
||||
/* Check password */
|
||||
if ($hash != hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']) )
|
||||
{
|
||||
setcookie('hesk_username', '');
|
||||
setcookie('hesk_p', '');
|
||||
header('Location: index.php?a=login¬ice=1');
|
||||
exit();
|
||||
}
|
||||
|
||||
/* Check if default password */
|
||||
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079')
|
||||
{
|
||||
hesk_process_messages($hesklang['chdp'],'NOREDIRECT','NOTICE');
|
||||
}
|
||||
|
||||
unset($_SESSION['pass']);
|
||||
|
||||
/* Login successful, clean brute force attempts */
|
||||
hesk_cleanBfAttempts();
|
||||
|
||||
/* Regenerate session ID (security) */
|
||||
hesk_session_regenerate_id();
|
||||
|
||||
/* Get allowed categories */
|
||||
if (empty($_SESSION['isadmin']))
|
||||
{
|
||||
$_SESSION['categories']=explode(',',$_SESSION['categories']);
|
||||
}
|
||||
|
||||
/* Renew cookies */
|
||||
setcookie('hesk_username', "$user", strtotime('+1 year'));
|
||||
setcookie('hesk_p', "$hash", strtotime('+1 year'));
|
||||
|
||||
/* Close any old tickets here so Cron jobs aren't necessary */
|
||||
if ($hesk_settings['autoclose'])
|
||||
{
|
||||
$revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']);
|
||||
$dt = date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400);
|
||||
|
||||
// Notify customer of closed ticket?
|
||||
if ($hesk_settings['notify_closed'])
|
||||
{
|
||||
// Get list of tickets
|
||||
$result = hesk_dbQuery("SELECT * FROM `".$hesk_settings['db_pfix']."tickets` WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' ");
|
||||
if (hesk_dbNumRows($result) > 0)
|
||||
{
|
||||
global $ticket;
|
||||
|
||||
// Load required functions?
|
||||
if ( ! function_exists('hesk_notifyCustomer') )
|
||||
{
|
||||
require(HESK_PATH . 'inc/email_functions.inc.php');
|
||||
}
|
||||
|
||||
while ($ticket = hesk_dbFetchAssoc($result))
|
||||
{
|
||||
$ticket['dt'] = hesk_date($ticket['dt'], true);
|
||||
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
|
||||
hesk_notifyCustomer('ticket_closed');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Update ticket statuses and history in database
|
||||
hesk_dbQuery("UPDATE `".$hesk_settings['db_pfix']."tickets` SET `status`='3', `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' ");
|
||||
}
|
||||
|
||||
/* If session expired while a HESK page is open just continue using it, don't redirect */
|
||||
if ($noredirect)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Redirect to the destination page */
|
||||
header('Location: ' . hesk_verifyGoto() );
|
||||
exit();
|
||||
} // END hesk_autoLogin()
|
||||
|
||||
|
||||
function hesk_isLoggedIn()
|
||||
{
|
||||
global $hesk_settings;
|
||||
|
||||
$referer = hesk_input($_SERVER['REQUEST_URI']);
|
||||
$referer = str_replace('&','&',$referer);
|
||||
|
||||
if (empty($_SESSION['id']))
|
||||
{
|
||||
if ($hesk_settings['autologin'] && hesk_autoLogin(1) )
|
||||
{
|
||||
// Users online
|
||||
if ($hesk_settings['online'])
|
||||
{
|
||||
require(HESK_PATH . 'inc/users_online.inc.php');
|
||||
hesk_initOnline($_SESSION['id']);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
$url = 'index.php?a=login¬ice=1&goto='.urlencode($referer);
|
||||
header('Location: '.$url);
|
||||
exit();
|
||||
}
|
||||
else
|
||||
{
|
||||
hesk_session_regenerate_id();
|
||||
|
||||
// Need to update permissions?
|
||||
if ( empty($_SESSION['isadmin']) )
|
||||
{
|
||||
$res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `".$hesk_settings['db_pfix']."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1");
|
||||
if (hesk_dbNumRows($res) == 1)
|
||||
{
|
||||
$me = hesk_dbFetchAssoc($res);
|
||||
foreach ($me as $k => $v)
|
||||
{
|
||||
$_SESSION[$k]=$v;
|
||||
}
|
||||
|
||||
// Get allowed categories
|
||||
if (empty($_SESSION['isadmin']) )
|
||||
{
|
||||
$_SESSION['categories']=explode(',',$_SESSION['categories']);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
hesk_session_stop();
|
||||
$url = 'index.php?a=login¬ice=1&goto='.urlencode($referer);
|
||||
header('Location: '.$url);
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
// Users online
|
||||
if ($hesk_settings['online'])
|
||||
{
|
||||
require(HESK_PATH . 'inc/users_online.inc.php');
|
||||
hesk_initOnline($_SESSION['id']);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
} // END hesk_isLoggedIn()
|
||||
|
||||
|
||||
function hesk_verifyGoto()
|
||||
{
|
||||
// Default redirect URL
|
||||
$url_default = 'admin_main.php';
|
||||
|
||||
// If no "goto" parameter is set, redirect to the default page
|
||||
if ( ! hesk_isREQUEST('goto') )
|
||||
{
|
||||
return $url_default;
|
||||
}
|
||||
|
||||
// Get the "goto" parameter
|
||||
$url = hesk_REQUEST('goto');
|
||||
|
||||
// Fix encoded "&"
|
||||
$url = str_replace('&', '&', $url);
|
||||
|
||||
// Parse the URL for verification
|
||||
$url_parts = parse_url($url);
|
||||
|
||||
// The "path" part is required
|
||||
if ( ! isset($url_parts['path']) )
|
||||
{
|
||||
return $url_default;
|
||||
}
|
||||
|
||||
// Extract the file name from path
|
||||
$url = basename($url_parts['path']);
|
||||
|
||||
// Allowed files for redirect
|
||||
$OK_urls = array(
|
||||
'admin_main.php' => '',
|
||||
'admin_settings.php' => '',
|
||||
'admin_settings_save.php' => 'admin_settings.php',
|
||||
'admin_ticket.php' => '',
|
||||
'archive.php' => '',
|
||||
'assign_owner.php' => '',
|
||||
'change_status.php' => '',
|
||||
'edit_post.php' => '',
|
||||
'export.php' => '',
|
||||
'find_tickets.php' => '',
|
||||
'generate_spam_question.php' => '',
|
||||
'knowledgebase_private.php' => '',
|
||||
'lock.php' => '',
|
||||
'mail.php' => '',
|
||||
'manage_canned.php' => '',
|
||||
'manage_categories.php' => '',
|
||||
'manage_knowledgebase.php' => '',
|
||||
'manage_users.php' => '',
|
||||
'new_ticket.php' => '',
|
||||
'profile.php' => '',
|
||||
'reports.php' => '',
|
||||
'show_tickets.php' => '',
|
||||
);
|
||||
|
||||
// URL must match one of the allowed ones
|
||||
if ( ! isset($OK_urls[$url]) )
|
||||
{
|
||||
return $url_default;
|
||||
}
|
||||
|
||||
// Modify redirect?
|
||||
if ( strlen($OK_urls[$url]) )
|
||||
{
|
||||
$url = $OK_urls[$url];
|
||||
}
|
||||
|
||||
// All OK, return the URL with query if set
|
||||
return isset($url_parts['query']) ? $url.'?'.$url_parts['query'] : $url;
|
||||
|
||||
} // END hesk_verifyGoto()
|
||||
|
||||
|
||||
function hesk_Pass2Hash($plaintext) {
|
||||
$majorsalt = '';
|
||||
$len = strlen($plaintext);
|
||||
for ($i=0;$i<$len;$i++)
|
||||
{
|
||||
$majorsalt .= sha1(substr($plaintext,$i,1));
|
||||
}
|
||||
$corehash = sha1($majorsalt);
|
||||
return $corehash;
|
||||
} // END hesk_Pass2Hash()
|
||||
|
||||
|
||||
function hesk_formatDate($dt, $from_database=true)
|
||||
{
|
||||
$dt=hesk_date($dt, $from_database);
|
||||
$dt=str_replace(' ','<br />',$dt);
|
||||
return $dt;
|
||||
} // End hesk_formatDate()
|
||||
|
||||
|
||||
function hesk_jsString($str)
|
||||
{
|
||||
$str = str_replace( array('\'','<br />') , array('\\\'','') ,$str);
|
||||
$from = array("/\r\n|\n|\r/", '/\<a href="mailto\:([^"]*)"\>([^\<]*)\<\/a\>/i', '/\<a href="([^"]*)" target="_blank"\>([^\<]*)\<\/a\>/i');
|
||||
$to = array("\\r\\n' + \r\n'", "$1", "$1");
|
||||
return preg_replace($from,$to,$str);
|
||||
} // END hesk_jsString()
|
||||
|
||||
|
||||
function hesk_myCategories($what='category')
|
||||
{
|
||||
if ( ! empty($_SESSION['isadmin']) )
|
||||
{
|
||||
return '1';
|
||||
}
|
||||
else
|
||||
{
|
||||
return " `".hesk_dbEscape($what)."` IN ('" . implode("','", array_map('intval', $_SESSION['categories']) ) . "')";
|
||||
}
|
||||
} // END hesk_myCategories()
|
||||
|
||||
|
||||
function hesk_okCategory($cat,$error=1,$user_isadmin=false,$user_cat=false)
|
||||
{
|
||||
global $hesklang;
|
||||
|
||||
/* Checking for current user or someone else? */
|
||||
if ($user_isadmin === false)
|
||||
{
|
||||
$user_isadmin = $_SESSION['isadmin'];
|
||||
}
|
||||
|
||||
if ($user_cat === false)
|
||||
{
|
||||
$user_cat = $_SESSION['categories'];
|
||||
}
|
||||
|
||||
/* Is admin? */
|
||||
if ($user_isadmin)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
/* Staff with access? */
|
||||
elseif (in_array($cat,$user_cat))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
/* No access */
|
||||
else
|
||||
{
|
||||
if ($error)
|
||||
{
|
||||
hesk_error($hesklang['not_authorized_tickets']);
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
} // END hesk_okCategory()
|
||||
|
||||
|
||||
function hesk_checkPermission($feature,$showerror=1) {
|
||||
global $hesklang;
|
||||
|
||||
/* Admins have full access to all features */
|
||||
if ($_SESSION['isadmin'])
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Check other staff for permissions */
|
||||
if (strpos($_SESSION['heskprivileges'], $feature) === false)
|
||||
{
|
||||
if ($showerror)
|
||||
{
|
||||
hesk_error($hesklang['no_permission'].'<p> </p><p align="center"><a href="index.php">'.$hesklang['click_login'].'</a>');
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
} // END hesk_checkPermission()
|
@ -0,0 +1,382 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.0 beta 1 from 30th December 2014
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
/* Check if this is a valid include */
|
||||
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
|
||||
|
||||
|
||||
function hesk_profile_tab($session_array='new',$is_profile_page=true,$action='profile_page')
|
||||
{
|
||||
global $hesk_settings, $hesklang, $can_reply_tickets, $can_view_tickets, $can_view_unassigned;
|
||||
?>
|
||||
<div role="tabpanel">
|
||||
|
||||
<!-- Nav tabs -->
|
||||
<ul class="nav nav-tabs" role="tablist">
|
||||
<li role="presentation" class="active"><a href="#profile-info" aria-controls="profile-info" role="tab" data-toggle="tab"><?php echo $hesklang['pinfo']; ?></a></li>
|
||||
<?php
|
||||
if (!$is_profile_page)
|
||||
{
|
||||
?>
|
||||
<li role="presentation"><a href="#permissions" aria-controls="permissions" role="tab" data-toggle="tab"><?php echo $hesklang['permissions']; ?></a></li>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
<li role="presentation"><a href="#signature" aria-controls="signature" role="tab" data-toggle="tab"><?php echo $hesklang['sig']; ?></a></li>
|
||||
<li role="presentation"><a href="#preferences" aria-controls="preferences" role="tab" data-toggle="tab"><?php echo $hesklang['pref']; ?></a></li>
|
||||
<li role="presentation"><a href="#notifications" aria-controls="notifications" role="tab" data-toggle="tab"><?php echo $hesklang['notn']; ?></a></li>
|
||||
</ul>
|
||||
|
||||
<!-- Tab panes -->
|
||||
<div class="tab-content summaryList tabPadding">
|
||||
<div role="tabpanel" class="tab-pane fade in active" id="profile-info">
|
||||
<div class="form-group">
|
||||
<label for="name" class="col-md-3 control-label"><?php echo $hesklang['real_name']; ?>: <font class="important">*</font></label>
|
||||
<div class="col-md-9">
|
||||
<input type="text" class="form-control" name="name" size="40" maxlength="50" value="<?php echo $_SESSION[$session_array]['name']; ?>" placeholder="<?php echo $hesklang['real_name']; ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="email" class="col-md-3 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label>
|
||||
<div class="col-md-9">
|
||||
<input type="text" class="form-control" name="email" size="40" maxlength="255" placeholder="<?php echo $hesklang['email']; ?>" value="<?php echo $_SESSION[$session_array]['email']; ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
if ( ! $is_profile_page || $_SESSION['isadmin']) {
|
||||
?>
|
||||
<div class="form-group">
|
||||
<label for="user" class="col-md-3 control-label"><?php echo $hesklang['username']; ?>: <font
|
||||
class="important">*</font></label>
|
||||
<div class="col-md-9">
|
||||
<input type="text" class="form-control" name="user" size="40" maxlength="20"
|
||||
value="<?php echo $_SESSION[$session_array]['user']; ?>"
|
||||
placeholder="<?php echo $hesklang['username']; ?>"/>
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
$passwordRequiredSpan = $action == 'create_user' ? '' : 'display:none';
|
||||
?>
|
||||
<div class="form-group">
|
||||
<label for="pass" class="col-md-3 control-label"><?php echo $is_profile_page ? $hesklang['new_pass'] : $hesklang['pass']; ?>: <span class="important" style="<?php echo $passwordRequiredSpan; ?>">*</span></label>
|
||||
<div class="col-md-9">
|
||||
<input type="password" class="form-control" name="newpass" autocomplete="off" size="40" placeholder="<?php echo $hesklang['pass']; ?>" value="<?php echo $_SESSION[$session_array]['cleanpass']; ?>" onkeyup="javascript:hesk_checkPassword(this.value)" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="confirmPass" class="col-md-3 control-label"><?php echo $hesklang['confirm_pass']; ?>: <span class="important" style="<?php echo $passwordRequiredSpan; ?>">*</span></label>
|
||||
<div class="col-md-9">
|
||||
<input type="password" name="newpass2" class="form-control" autocomplete="off" placeholder="<?php echo $hesklang['confirm_pass']; ?>" size="40" value="<?php echo $_SESSION[$session_array]['cleanpass']; ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="pwStrength" class="col-md-3 control-label"><?php echo $hesklang['pwdst']; ?>:</label>
|
||||
<div class="col-md-9">
|
||||
<div class="progress">
|
||||
<div id="progressBar" class="progress-bar progress-bar-danger" role="progressbar" aria-valuemin="0" aria-valuemax="100" style="width: 0%">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
if ( ! $is_profile_page && $hesk_settings['autoassign']) {
|
||||
?>
|
||||
<div class="blankSpace"></div>
|
||||
<div class="form-group">
|
||||
<div class="col-md-9 col-md-offset-3">
|
||||
<?php
|
||||
if ($hesk_settings['autoassign']) {
|
||||
?>
|
||||
<div class="checkbox">
|
||||
<label><input type="checkbox" name="autoassign"
|
||||
value="Y" <?php if (!isset($_SESSION[$session_array]['autoassign']) || $_SESSION[$session_array]['autoassign'] == 1) {
|
||||
echo 'checked="checked"';
|
||||
} ?> /> <?php echo $hesklang['user_aa']; ?></label>
|
||||
</div>
|
||||
<?php }
|
||||
if ($_SESSION['can_manage_settings']) { ?>
|
||||
<div class="checkbox">
|
||||
<label><input type="checkbox"
|
||||
name="manage_settings" <?php if (!isset($_SESSION[$session_array]['autoassign']) || $_SESSION[$session_array]['can_manage_settings'] == 1) {
|
||||
echo 'checked="checked"';
|
||||
} ?>> <?php echo $hesklang['can_man_settings']; ?>
|
||||
</label>
|
||||
</div>
|
||||
<?php } ?>
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
<?php
|
||||
if (!$is_profile_page) {
|
||||
?>
|
||||
<div role="tabpanel" class="tab-pane fade" id="permissions">
|
||||
<div class="form-group">
|
||||
<label for="administrator" class="col-md-3 control-label"><?php echo $hesklang['administrator']; ?>: <font class="important">*</font></label>
|
||||
<div class="col-md-9">
|
||||
<?php
|
||||
/* Only administrators can create new administrator accounts */
|
||||
if ($_SESSION['isadmin'])
|
||||
{
|
||||
?>
|
||||
<div class="radio"><label><input type="radio" name="isadmin" value="1" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if ($_SESSION[$session_array]['isadmin']) echo 'checked="checked"'; ?> /> <b><?php echo $hesklang['administrator'].'</b> '.$hesklang['admin_can']; ?></label></div>
|
||||
<div class="radio"><label><input type="radio" name="isadmin" value="0" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if (!$_SESSION[$session_array]['isadmin']) echo 'checked="checked"'; ?> /> <b><?php echo $hesklang['astaff'].'</b> '.$hesklang['staff_can']; ?></label></div>
|
||||
<?php
|
||||
}
|
||||
else
|
||||
{
|
||||
echo '<b>'.$hesklang['astaff'].'</b> '.$hesklang['staff_can'];
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
<div id="options" style="display: <?php echo ($_SESSION['isadmin'] && $_SESSION[$session_array]['isadmin']) ? 'none' : 'block'; ?>">
|
||||
<div class="form-group">
|
||||
<label for="categories" class="col-md-3 control-label"><?php echo $hesklang['allowed_cat']; ?>: <font class="important">*</font></label>
|
||||
<div class="col-md-9">
|
||||
<?php
|
||||
foreach ($hesk_settings['categories'] as $catid => $catname)
|
||||
{
|
||||
echo '<div class="checkbox"><label><input type="checkbox" name="categories[]" value="' . $catid . '" ';
|
||||
if ( in_array($catid,$_SESSION[$session_array]['categories']) )
|
||||
{
|
||||
echo ' checked="checked" ';
|
||||
}
|
||||
echo ' />' . $catname . '</label></div> ';
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="permissions" class="col-md-3 control-label"><?php echo $hesklang['allow_feat']; ?>: <font class="important">*</font></label>
|
||||
<div class="col-md-9">
|
||||
<?php
|
||||
foreach ($hesk_settings['features'] as $k)
|
||||
{
|
||||
echo '<div class="checkbox"><label><input type="checkbox" name="features[]" value="' . $k . '" ';
|
||||
if (in_array($k,$_SESSION[$session_array]['features']))
|
||||
{
|
||||
echo ' checked="checked" ';
|
||||
}
|
||||
echo ' />' . $hesklang[$k] . '</label></div> ';
|
||||
}
|
||||
?>
|
||||
<div class="checkbox">
|
||||
<label><input type="checkbox" name="can_change_notification_settings" checked> <?php echo $hesklang['can_change_notification_settings']; ?> </label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
<div role="tabpanel" class="tab-pane fade" id="signature">
|
||||
<div class="form-group">
|
||||
<label for="signature" class="col-md-3 control-label"><?php echo $hesklang['signature_max']; ?>:</label>
|
||||
|
||||
<div class="col-md-9">
|
||||
<textarea class="form-control" name="signature" rows="6" placeholder="<?php echo $hesklang['sig']; ?>" cols="40"><?php echo $_SESSION[$session_array]['signature']; ?></textarea>
|
||||
<?php echo $hesklang['sign_extra']; ?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div role="tabpanel" class="tab-pane fade" id="preferences">
|
||||
<?php
|
||||
if ( ! $is_profile_page || $can_reply_tickets )
|
||||
{
|
||||
?>
|
||||
<div class="form-group">
|
||||
<label for="afterreply" class="col-sm-3 control-label"><?php echo $hesklang['aftrep']; ?>:</label>
|
||||
<div class="col-sm-9">
|
||||
<div class="radio">
|
||||
<label><input type="radio" name="afterreply" value="0" <?php if (!$_SESSION[$session_array]['afterreply']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['showtic']; ?></label>
|
||||
</div>
|
||||
<div class="radio">
|
||||
<label><input type="radio" name="afterreply" value="1" <?php if ($_SESSION[$session_array]['afterreply'] == 1) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['gomain']; ?></label>
|
||||
</div>
|
||||
<div class="radio">
|
||||
<label><input type="radio" name="afterreply" value="2" <?php if ($_SESSION[$session_array]['afterreply'] == 2) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['shownext']; ?></label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-3 control-label"><?php echo $hesklang['defaults']; ?>:</label>
|
||||
<div class="col-sm-9">
|
||||
<?php
|
||||
if ($hesk_settings['time_worked'])
|
||||
{
|
||||
?>
|
||||
<div class="checkbox">
|
||||
<label><input type="checkbox" name="autostart" value="1" <?php if (!empty($_SESSION[$session_array]['autostart'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['autoss']; ?></label>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
<div class="checkbox">
|
||||
<label><input type="checkbox" name="notify_customer_new" value="1" <?php if (!empty($_SESSION[$session_array]['notify_customer_new'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['pncn']; ?></label><br />
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label><input type="checkbox" name="notify_customer_reply" value="1" <?php if (!empty($_SESSION[$session_array]['notify_customer_reply'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['pncr']; ?></label><br />
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label><input type="checkbox" name="show_suggested" value="1" <?php if (!empty($_SESSION[$session_array]['show_suggested'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['pssy']; ?></label><br />
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<?php }?>
|
||||
<div class="form-group">
|
||||
<label for="autoRefresh" class="col-sm-3 control-label"><?php echo $hesklang['ticket_auto_refresh']; ?></label>
|
||||
<div class="col-sm-9">
|
||||
<input type="text" class="form-control" id="autorefresh" name="autorefresh" value="<?php echo $_SESSION[$session_array]['autorefresh']; ?>">
|
||||
<span class="help-block"><?php echo $hesklang['autorefresh_restrictions']; ?></span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div role="tabpanel" class="tab-pane fade" id="notifications">
|
||||
<?php $disabledText = isset($_SESSION[$session_array]['can_change_notification_settings']) && $_SESSION[$session_array]['can_change_notification_settings'] ? '' : 'disabled';
|
||||
if (!$is_profile_page) {
|
||||
$disabledText = '';
|
||||
}
|
||||
if ($disabledText == 'disabled') { ?>
|
||||
<div class="alert alert-info"><?php echo $hesklang['notifications_disabled_info']; ?></div>
|
||||
<?php }
|
||||
?>
|
||||
<div class="form-group">
|
||||
<?php
|
||||
if (! $is_profile_page || $can_view_tickets)
|
||||
{
|
||||
if (! $is_profile_page || $can_view_unassigned)
|
||||
{
|
||||
?>
|
||||
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_new_unassigned" value="1" <?php if (!empty($_SESSION[$session_array]['notify_new_unassigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['nwts']; ?> <?php echo $hesklang['unas']; ?></label></div></div>
|
||||
|
||||
<?php
|
||||
if ($disabledText == 'disabled')
|
||||
{ ?>
|
||||
<input type="hidden" name="notify_new_unassigned" value="<?php echo !empty($_SESSION[$session_array]['notify_new_unassigned']) ? '1' : '0'; ?>">
|
||||
<?php }
|
||||
}
|
||||
else
|
||||
{
|
||||
?>
|
||||
<input type="hidden" name="notify_new_unassigned" value="0" />
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_new_my" value="1" <?php if (!empty($_SESSION[$session_array]['notify_new_my'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['nwts']; ?> <?php echo $hesklang['s_my']; ?></label></div></div>
|
||||
<?php
|
||||
if ($disabledText == 'disabled')
|
||||
{ ?>
|
||||
<input type="hidden" name="notify_new_my" value="<?php echo !empty($_SESSION[$session_array]['notify_new_my']) ? '1' : '0'; ?>">
|
||||
<?php }
|
||||
|
||||
if ( ! $is_profile_page || $can_view_unassigned)
|
||||
{
|
||||
?>
|
||||
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_reply_unassigned" value="1" <?php if (!empty($_SESSION[$session_array]['notify_reply_unassigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ncrt']; ?> <?php echo $hesklang['unas']; ?></label></div></div>
|
||||
<?php
|
||||
if ($disabledText == 'disabled')
|
||||
{ ?>
|
||||
<input type="hidden" name="notify_reply_unassigned" value="<?php echo !empty($_SESSION[$session_array]['notify_reply_unassigned']) ? '1' : '0'; ?>">
|
||||
<?php }
|
||||
}
|
||||
else
|
||||
{
|
||||
?>
|
||||
<input type="hidden" name="notify_reply_unassigned" value="0" />
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_reply_my" value="1" <?php if (!empty($_SESSION[$session_array]['notify_reply_my'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ncrt']; ?> <?php echo $hesklang['s_my']; ?></label></div></div>
|
||||
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_assigned" value="1" <?php if (!empty($_SESSION[$session_array]['notify_assigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ntam']; ?></label></div></div>
|
||||
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_note" value="1" <?php if (!empty($_SESSION[$session_array]['notify_note'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ntnote']; ?></label></div></div>
|
||||
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_pm" value="1" <?php if (!empty($_SESSION[$session_array]['notify_pm'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['npms']; ?></label></div></div>
|
||||
<?php
|
||||
if ($disabledText == 'disabled')
|
||||
{ ?>
|
||||
<input type="hidden" name="notify_reply_my" value="<?php echo !empty($_SESSION[$session_array]['notify_reply_my']) ? '1' : '0'; ?>">
|
||||
<input type="hidden" name="notify_assigned" value="<?php echo !empty($_SESSION[$session_array]['notify_assigned']) ? '1' : '0'; ?>">
|
||||
<input type="hidden" name="notify_note" value="<?php echo !empty($_SESSION[$session_array]['notify_note']) ? '1' : '0'; ?>">
|
||||
<input type="hidden" name="notify_pm" value="<?php echo !empty($_SESSION[$session_array]['notify_pm']) ? '1' : '0'; ?>">
|
||||
<?php }
|
||||
|
||||
if ($_SESSION['isadmin']) { ?>
|
||||
<div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_note_unassigned" value="1" <?php if (!empty($_SESSION[$session_array]['notify_note_unassigned'])) {echo 'checked="checked"';}?>> <?php echo $hesklang['notify_note_unassigned']; ?></label></div> </div>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="col-md-9 col-md-offset-3">
|
||||
<?php
|
||||
if ($action == 'profile_page')
|
||||
{ ?>
|
||||
<input type="submit" class="btn btn-default" value="<?php echo $hesklang['update_profile']; ?>" />
|
||||
<?php
|
||||
} elseif ($action == 'create_user')
|
||||
{ ?>
|
||||
<input type="hidden" name="a" value="new" />
|
||||
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
|
||||
<input type="submit" value="<?php echo $hesklang['create_user']; ?>" class="btn btn-default">
|
||||
<a href="manage_users.php?a=reset_form" class="btn btn-danger"><?php echo $hesklang['refi']; ?></a></p>
|
||||
<?php
|
||||
} elseif ($action == 'edit_user')
|
||||
{ ?>
|
||||
<input type="hidden" name="a" value="save" />
|
||||
<input type="hidden" name="userid" value="<?php echo intval( hesk_GET('id') ); ?>" />
|
||||
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
|
||||
<input class="btn btn-default" type="submit" value="<?php echo $hesklang['save_changes']; ?>" />
|
||||
<a class="btn btn-danger" href="manage_users.php"><?php echo $hesklang['dich']; ?></a>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script language="Javascript" type="text/javascript"><!--
|
||||
hesk_checkPassword(document.form1.newpass.value);
|
||||
//-->
|
||||
</script>
|
||||
|
||||
<?php
|
||||
} // END hesk_profile_tab()
|
Loading…
Reference in New Issue