commit
a821affe1f
@ -0,0 +1,214 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.5 from 28th August 2015
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
define('IN_SCRIPT', 1);
|
||||
define('HESK_PATH', '../');
|
||||
define('PAGE_TITLE', 'ADMIN_SETTINGS');
|
||||
|
||||
// Make sure the install folder is deleted
|
||||
if (is_dir(HESK_PATH . 'install')) {
|
||||
die('Please delete the <b>install</b> folder from your server for security reasons then refresh this page!');
|
||||
}
|
||||
|
||||
// Get all the required files and functions
|
||||
require(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require(HESK_PATH . 'inc/common.inc.php');
|
||||
require(HESK_PATH . 'inc/admin_functions.inc.php');
|
||||
hesk_load_database_functions();
|
||||
|
||||
hesk_session_start();
|
||||
hesk_dbConnect();
|
||||
hesk_isLoggedIn();
|
||||
|
||||
// Check permissions for this feature
|
||||
hesk_checkPermission('can_man_settings');
|
||||
|
||||
$modsForHesk_settings = mfh_getSettings();
|
||||
|
||||
define('EXTRA_JS', '<script src="'.HESK_PATH.'internal-api/js/api-settings.js"></script>');
|
||||
// Print header
|
||||
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
|
||||
|
||||
|
||||
// Print main manage users page
|
||||
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
||||
?>
|
||||
|
||||
<div class="row move-down-20">
|
||||
<div class="col-sm-4">
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">
|
||||
API Information
|
||||
</div>
|
||||
<table class="table table-striped table-fixed">
|
||||
<tr>
|
||||
<td class="text-right">
|
||||
API Version
|
||||
</td>
|
||||
<td class="pad-right-10 warning">
|
||||
<?php echo $hesklang['beta_text']; ?>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="text-right">
|
||||
External API
|
||||
</td>
|
||||
<td class="pad-right-10 success" id="public-api-sidebar">
|
||||
<?php
|
||||
$enabled = $modsForHesk_settings['public_api'] == '1' ? '' : 'hide';
|
||||
$disabled = $modsForHesk_settings['public_api'] == '1' ? 'hide' : '';
|
||||
?>
|
||||
<span id="public-api-sidebar-disabled" class="<?php echo $disabled; ?>">Disabled</span>
|
||||
<span id="public-api-sidebar-enabled" class="<?php echo $enabled; ?>">Enabled</span>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-sm-8">
|
||||
<h3>API Settings</h3>
|
||||
<div class="footerWithBorder blankSpace"></div>
|
||||
<ul class="nav nav-tabs">
|
||||
<li class="active"><a href="#general" data-toggle="tab"><?php echo $hesklang['tab_1']; ?></a></li>
|
||||
<li><a href="#user-security" data-toggle="tab">User Security</a></li>
|
||||
<li><a href="#" target="_blank">API Documentation <i class="fa fa-external-link"></i></a></li>
|
||||
</ul>
|
||||
<div class="tab-content summaryList tabPadding">
|
||||
<div class="tab-pane fade in active" id="general">
|
||||
<form class="form-horizontal">
|
||||
<div class="form-group">
|
||||
<label for="public-api" class="col-sm-3 control-label">
|
||||
Public API
|
||||
<i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
|
||||
title="Public API"
|
||||
data-content="Enable or Disable the Public REST API."></i>
|
||||
</label>
|
||||
<div class="col-sm-9">
|
||||
<span class="btn-group" data-toggle="buttons">
|
||||
<?php
|
||||
$on = $modsForHesk_settings['public_api'] == '1' ? 'active' : '';
|
||||
$off = $modsForHesk_settings['public_api'] == '1' ? '' : 'active';
|
||||
?>
|
||||
<label id="enable-api-button" class="btn btn-success <?php echo $on; ?>">
|
||||
<input type="radio" name="public-api" value="1" checked> <i class="fa fa-check-circle"></i> Enable
|
||||
</label>
|
||||
<label id="disable-api-button" class="btn btn-danger <?php echo $off; ?>">
|
||||
<input type="radio" name="public-api" value="0"> <i class="fa fa-times-circle"></i> Disable
|
||||
</label>
|
||||
</span>
|
||||
<span>
|
||||
<i id="public-api-success" class="fa fa-check-circle fa-2x green hide media-middle"
|
||||
data-toggle="tooltip" title="Changes saved!"></i>
|
||||
<i id="public-api-failure" class="fa fa-times-circle fa-2x red hide media-middle"
|
||||
data-toggle="tooltip" title="Saving changes failed. Check the logs for more information."></i>
|
||||
<i id="public-api-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
|
||||
data-toggle="tooltip" title="Saving..."></i>
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
<div class="tab-pane fade in" id="user-security">
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">
|
||||
User Security
|
||||
</div>
|
||||
<?php
|
||||
$users = [];
|
||||
$userRs = hesk_dbQuery("SELECT `id`, `user`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1'");
|
||||
while ($row = hesk_dbFetchAssoc($userRs)) {
|
||||
$row['number_of_tokens'] = 0;
|
||||
$users[$row['id']] = $row;
|
||||
}
|
||||
$tokensRs = hesk_dbQuery("SELECT `user_id`, 1 FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens`");
|
||||
while ($row = hesk_dbFetchAssoc($tokensRs)) {
|
||||
$users[$row['user_id']]['number_of_tokens']++;
|
||||
}
|
||||
?>
|
||||
<table class="table table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Username</th>
|
||||
<th>Name</th>
|
||||
<th>Number of Tokens</th>
|
||||
<th>Actions</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
foreach ($users as $row):
|
||||
?>
|
||||
<tr>
|
||||
<td><?php echo $row['user']; ?></td>
|
||||
<td><?php echo $row['name']; ?></td>
|
||||
<td id="token-<?php echo $row['id']; ?>-count"><?php echo $row['number_of_tokens']; ?></td>
|
||||
<td>
|
||||
<span class="btn-group">
|
||||
<button class="btn btn-default btn-xs" onclick="generateToken(<?php echo $row['id']; ?>)">
|
||||
<i class="fa fa-plus-circle"></i> Generate New Token
|
||||
</button>
|
||||
<button class="btn btn-danger btn-xs" onclick="clearTokens(<?php echo $row['id']; ?>)">
|
||||
<i class="fa fa-undo"></i> Reset Tokens
|
||||
</button>
|
||||
</span>
|
||||
<span>
|
||||
<i id="token-<?php echo $row['id']; ?>-success" class="fa fa-check-circle fa-2x green hide media-middle"
|
||||
data-toggle="tooltip" title="Changes saved!"></i>
|
||||
<i id="token-<?php echo $row['id']; ?>-failure" class="fa fa-times-circle fa-2x red hide media-middle"
|
||||
data-toggle="tooltip" title="Saving changes failed. Check the logs for more information."></i>
|
||||
<i id="token-<?php echo $row['id']; ?>-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
|
||||
data-toggle="tooltip" title="Saving..."></i>
|
||||
</span>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="token-<?php echo $row['id']; ?>-created" class="success hide">
|
||||
<td colspan="4">
|
||||
Generated Token: <code class="token"></code>
|
||||
<p><b>NOTE:</b> Please record this token, as this is the only time you will be able to view it!</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="token-<?php echo $row['id']; ?>-reset" class="success hide">
|
||||
<td colspan="4">
|
||||
<p>All tokens for this user have been removed!</p>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
endforeach;
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
require_once(HESK_PATH . 'inc/footer.inc.php');
|
||||
exit();
|
@ -0,0 +1,65 @@
|
||||
<?php
|
||||
define('IN_SCRIPT', 1);
|
||||
define('HESK_PATH', '../../../');
|
||||
define('API_PATH', '../../');
|
||||
require_once(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require_once(HESK_PATH . 'inc/common.inc.php');
|
||||
require_once(API_PATH . 'core/output.php');
|
||||
require_once(API_PATH . 'core/headers.php');
|
||||
require_once(API_PATH . 'dao/canned_dao.php');
|
||||
require_once(API_PATH . 'businesslogic/security_retriever.php');
|
||||
|
||||
hesk_load_api_database_functions();
|
||||
hesk_dbConnect();
|
||||
|
||||
// Routing
|
||||
$request_method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
/**
|
||||
* @api {get} /admin/canned Retrieve a canned response
|
||||
* @apiVersion 0.0.0
|
||||
* @apiName GetCanned
|
||||
* @apiGroup Canned Response
|
||||
* @apiPermission protected
|
||||
*
|
||||
* @apiParam {Number} [id] The ID of the canned response. Omit for all canned responses.
|
||||
*
|
||||
* @apiSuccess {Number} id ID of the canned response
|
||||
* @apiSuccess {String} title The title of the canned response.
|
||||
* @apiSuccess {String} message The contents of the canned response, including HTML markup.
|
||||
* @apiSuccess {Integer} replyOrder The position of the canned response in the list of canned responses (in multiples of 10).
|
||||
*
|
||||
* @apiSuccessExample {json} Success-Response:
|
||||
* HTTP/1.1 200 OK
|
||||
* {
|
||||
* "id": 2,
|
||||
* "title": "html",
|
||||
* "message": "<p><strong>My<em> canned response </em></strong></p>\r\n<p>%%HESK_ID%%</p>",
|
||||
* "replyOrder": 10
|
||||
* }
|
||||
*
|
||||
* @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
|
||||
* @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
|
||||
*/
|
||||
if ($request_method == 'GET') {
|
||||
$token = get_header('X-Auth-Token');
|
||||
|
||||
try {
|
||||
get_user_for_token($token, $hesk_settings);
|
||||
} catch (AccessException $e) {
|
||||
return http_response_code($e->getCode());
|
||||
}
|
||||
|
||||
if (isset($_GET['id'])) {
|
||||
$results = get_canned_response($hesk_settings, $_GET['id']);
|
||||
} else {
|
||||
$results = get_canned_response($hesk_settings);
|
||||
}
|
||||
|
||||
if ($results == NULL) {
|
||||
return http_response_code(404);
|
||||
}
|
||||
return output($results);
|
||||
}
|
||||
|
||||
return http_response_code(405);
|
@ -0,0 +1,65 @@
|
||||
<?php
|
||||
define('IN_SCRIPT', 1);
|
||||
define('HESK_PATH', '../../../');
|
||||
define('API_PATH', '../../');
|
||||
require_once(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require_once(HESK_PATH . 'inc/common.inc.php');
|
||||
require_once(API_PATH . 'core/headers.php');
|
||||
require_once(API_PATH . 'core/output.php');
|
||||
require_once(API_PATH . 'dao/ticket_template_dao.php');
|
||||
require_once(API_PATH . 'businesslogic/security_retriever.php');
|
||||
|
||||
hesk_load_api_database_functions();
|
||||
hesk_dbConnect();
|
||||
|
||||
// Routing
|
||||
$request_method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
/**
|
||||
* @api {get} /admin/ticket-template Retrieve a ticket templates
|
||||
* @apiVersion 0.0.0
|
||||
* @apiName GetTicketTemplate
|
||||
* @apiGroup Ticket Template
|
||||
* @apiPermission protected
|
||||
*
|
||||
* @apiParam {Number} [id] The ID of the ticket template. Omit for all templates.
|
||||
*
|
||||
* @apiSuccess {Number} id ID of the template
|
||||
* @apiSuccess {String} title The title of the template.
|
||||
* @apiSuccess {String} message The contents of the template, including HTML markup.
|
||||
* @apiSuccess {Integer} displayOrder The position of the template in the list of templates (in multiples of 10).
|
||||
*
|
||||
* @apiSuccessExample {json} Success-Response:
|
||||
* HTTP/1.1 200 OK
|
||||
* {
|
||||
* "id": 2,
|
||||
* "title": "html",
|
||||
* "message": "<p><strong>My<em> ticket template </em></strong></p>",
|
||||
* "displayOrder": 10
|
||||
* }
|
||||
*
|
||||
* @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
|
||||
* @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
|
||||
*/
|
||||
if ($request_method == 'GET') {
|
||||
$token = get_header('X-Auth-Token');
|
||||
|
||||
try {
|
||||
get_user_for_token($token, $hesk_settings);
|
||||
} catch (AccessException $e) {
|
||||
return http_response_code($e->getCode());
|
||||
}
|
||||
|
||||
if (isset($_GET['id'])) {
|
||||
$results = get_ticket_template($hesk_settings, $_GET['id']);
|
||||
} else {
|
||||
$results = get_ticket_template($hesk_settings);
|
||||
}
|
||||
|
||||
if ($results == NULL) {
|
||||
return http_response_code(404);
|
||||
}
|
||||
return output($results);
|
||||
}
|
||||
|
||||
return http_response_code(405);
|
@ -0,0 +1,132 @@
|
||||
<?php
|
||||
define('IN_SCRIPT', 1);
|
||||
define('HESK_PATH', '../../../');
|
||||
define('API_PATH', '../../');
|
||||
require_once(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require_once(HESK_PATH . 'inc/common.inc.php');
|
||||
require_once(API_PATH . 'core/headers.php');
|
||||
require_once(API_PATH . 'core/output.php');
|
||||
require_once(API_PATH . 'businesslogic/ticket_retriever.php');
|
||||
require_once(API_PATH . 'businesslogic/security_retriever.php');
|
||||
|
||||
hesk_load_api_database_functions();
|
||||
hesk_dbConnect();
|
||||
|
||||
// Routing
|
||||
$request_method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
/**
|
||||
* @api {get} /admin/ticket Retrieve a ticket (staff-side)
|
||||
* @apiVersion 0.0.0
|
||||
* @apiName GetTicketStaff
|
||||
* @apiGroup Ticket
|
||||
* @apiPermission protected
|
||||
*
|
||||
* @apiParam {Number} [id] The ID of the ticket. Omit for all tickets.
|
||||
*
|
||||
* @apiSuccess {Number} id ID of the ticket
|
||||
* @apiSuccess {String} trackingId The tracking id of the ticket
|
||||
* @apiSuccess {String} name The name of the contact
|
||||
* @apiSuccess {String} email The email address of the ticket (empty string if no email)
|
||||
* @apiSuccess {Integer} category The ID of the category the ticket is in
|
||||
* @apiSuccess {Integer} priority The ID of the priority the ticket is in
|
||||
* @apiSuccess {String} subject The subject of the ticket
|
||||
* @apiSuccess {String} message The original message of the ticket
|
||||
* @apiSuccess {String} dateCreated The date and time the ticket was submitted, in `YYYY-MM-DD hh:mm:ss`
|
||||
* @apiSuccess {Integer} articles The knowledgebase article IDs suggested when the user created the ticket
|
||||
* @apiSuccess {String} ip The IP address of the submitter
|
||||
* @apiSuccess {String} language The language the ticket was submitted in
|
||||
* @apiSuccess {Integer} status The ID of the status the ticket is set to
|
||||
* @apiSuccess {Integer} owner The user ID of the ticket owner
|
||||
* @apiSuccess {String} timeWorked The total time worked on the ticket, in `hh:mm:ss`
|
||||
* @apiSuccess {Boolean} archive `true` if the ticket is tagged<br>`false` otherwise
|
||||
* @apiSuccess {Boolean} locked `true` if the ticket is locked<br>`false` otherwise
|
||||
* @apiSuccess {Binary[]} attachments Array of attachments, in base-64 encoded binary
|
||||
* @apiSuccess {Integer[]} merged Array of merged ticket IDs
|
||||
* @apiSuccess {String} legacyAuditTrail HTML markup of the entire "Audit Trail" section
|
||||
* @apiSuccess {String} custom1-20 Custom fields 1-20's values.
|
||||
* @apiSuccess {Integer} linkedTo The ID of the ticket linked to this ticket
|
||||
* @apiSuccess {String} latitude The latitudinal coordinate of the user's location, or one of the corresponding error codes.
|
||||
* @apiSuccess {String} longitude The longitudinal coordinate of the user's location, or one of the corresponding error codes.
|
||||
* @apiSuccess {Boolean} html `true` if the ticket was created with HTML encoding<br>`false` otherwise
|
||||
* @apiSuccess {String} userAgent The user agent of the user who submitted the ticket
|
||||
* @apiSuccess {Integer} screenResolutionWidth The width of the screen resolution of the user who submitted the ticket
|
||||
* @apiSuccess {Integer} screenResolutionHeight The height of the screen resolution of the user who submitted the ticket
|
||||
*
|
||||
* @apiSuccessExample {json} Success-Response:
|
||||
* HTTP/1.1 200 OK
|
||||
* {
|
||||
* "id": 22,
|
||||
* "trackingId": "EVL-RRL-DUBG",
|
||||
* "name": "Test",
|
||||
* "email": "",
|
||||
* "category": 1,
|
||||
* "priority": 3,
|
||||
* "subject": "test",
|
||||
* "message": "test",
|
||||
* "dateCreated": "2014-12-28 00:57:26",
|
||||
* "articles": null,
|
||||
* "ip": "127.0.0.1",
|
||||
* "language": null,
|
||||
* "status": 3,
|
||||
* "owner": 1,
|
||||
* "timeWorked": "00:05:07",
|
||||
* "archive": true,
|
||||
* "locked": true,
|
||||
* "attachments": "",
|
||||
* "merged": "",
|
||||
* "legacyAuditTrail": "<li class=\"smaller\">2014-12-28 06:57:28 | ticket created by Your name (username)</li><li class=\"smaller\">2014-12-31 21:00:59 | closed by Your name (username)</li><li class=\"smaller\">2014-12-31 21:01:05 | status changed to Waiting reply by Your name (username)</li><li class=\"smaller\">2014-12-31 21:01:58 | closed by Your name (username)</li><li class=\"smaller\">2015-01-17 16:21:18 | closed by Your name (username)</li>",
|
||||
* "custom1": "1420671600",
|
||||
* "custom2": "",
|
||||
* "custom3": "",
|
||||
* "custom4": "",
|
||||
* "custom5": "",
|
||||
* "custom6": "",
|
||||
* "custom7": "",
|
||||
* "custom8": "",
|
||||
* "custom9": "",
|
||||
* "custom10": "",
|
||||
* "custom11": "",
|
||||
* "custom12": "",
|
||||
* "custom13": "",
|
||||
* "custom14": "",
|
||||
* "custom15": "",
|
||||
* "custom16": "",
|
||||
* "custom17": "",
|
||||
* "custom18": "",
|
||||
* "custom19": "",
|
||||
* "custom20": "",
|
||||
* "parent": 139,
|
||||
* "latitude": "E-0",
|
||||
* "longitude": "E-0",
|
||||
* "html": false,
|
||||
* "userAgent": null,
|
||||
* "screenResolutionWidth": null,
|
||||
* "screenResolutionHeight": null
|
||||
* }
|
||||
*
|
||||
* @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
|
||||
* @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
|
||||
*/
|
||||
if ($request_method == 'GET') {
|
||||
$token = get_header('X-Auth-Token');
|
||||
|
||||
try {
|
||||
get_user_for_token($token, $hesk_settings);
|
||||
} catch (AccessException $e) {
|
||||
return http_response_code($e->getCode());
|
||||
}
|
||||
|
||||
if (isset($_GET['id'])) {
|
||||
$results = get_ticket_for_staff($hesk_settings, $_GET['id']);
|
||||
} else {
|
||||
$results = get_ticket_for_staff($hesk_settings);
|
||||
}
|
||||
|
||||
if ($results == NULL) {
|
||||
return http_response_code(404);
|
||||
}
|
||||
return output($results);
|
||||
}
|
||||
|
||||
return http_response_code(405);
|
@ -0,0 +1,121 @@
|
||||
<?php
|
||||
define('IN_SCRIPT', 1);
|
||||
define('HESK_PATH', '../../../');
|
||||
define('API_PATH', '../../');
|
||||
require_once(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require_once(HESK_PATH . 'inc/common.inc.php');
|
||||
require_once(API_PATH . 'core/headers.php');
|
||||
require_once(API_PATH . 'core/output.php');
|
||||
require_once(API_PATH . 'businesslogic/user_retriever.php');
|
||||
require_once(API_PATH . 'businesslogic/security_retriever.php');
|
||||
|
||||
hesk_load_api_database_functions();
|
||||
hesk_dbConnect();
|
||||
|
||||
// Routing
|
||||
$request_method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
/**
|
||||
* @api {get} /admin/user Retrieve a helpdesk user
|
||||
* @apiVersion 0.0.0
|
||||
* @apiName GetUser
|
||||
* @apiGroup User
|
||||
* @apiPermission protected
|
||||
*
|
||||
* @apiParam {Number} [id] The ID of the user. Omit for all users.
|
||||
*
|
||||
* @apiSuccess {Number} id ID of the user
|
||||
* @apiSuccess {String} username The user's username
|
||||
* @apiSuccess {Boolean} admin `true` if the user is under a permission template that is market as an administrative group<br>`false` otherwise
|
||||
* @apiSuccess {String} name The user's name
|
||||
* @apiSuccess {String} email The user's email address
|
||||
* @apiSuccess {String} signature The user's signature, in plaintext
|
||||
* @apiSuccess {Unknown} language ??? (Unknown)
|
||||
* @apiSuccess {String[]} categories Ticket categories the user has access to. If the user is an admin, this list has one element: ""
|
||||
* @apiSuccess {Integer} afterReply Action to perform after replying to a ticket:<br>
|
||||
* `0` - Show the ticket I just replied to<br>
|
||||
* `1` - Return to the main administration page<br>
|
||||
* `2` - Open next ticket that needs my reply
|
||||
* @apiSuccess {Boolean} autoStart Automatically start timer when the user opens a ticket
|
||||
* @apiSuccess {Boolean} notifyCustomerNew Select notify customer option in the new ticket form
|
||||
* @apiSuccess {Boolean} notifyCustomerReply Select notify customer option in the ticket reply form
|
||||
* @apiSuccess {Boolean} showSuggested Show what knowledgebase articles were suggested to customers
|
||||
* @apiSuccess {Boolean} notifyNewUnassigned Notify the user when a new ticket is submitted with owner: Unassigned
|
||||
* @apiSuccess {Boolean} notifyNewMy Notify the user when a new ticket is submitted and is assigned to the user
|
||||
* @apiSuccess {Boolean} notifyAssigned Notify the user when a ticket is assigned to the user
|
||||
* @apiSuccess {Boolean} notifyReplyUnassigned Notify the user when the client responds to a ticket with owner: Unassigned
|
||||
* @apiSuccess {Boolean} notifyReplyMy Notify the user when the client responds to a ticket assigned to the user
|
||||
* @apiSuccess {Boolean} notifyPm Notify the user when a private message is sent to the user
|
||||
* @apiSuccess {Boolean} notifyNoteUnassigned Notify the user when someone adds a note to a ticket not assigned to the user
|
||||
* @apiSuccess {Unknown} defaultList ??? (Currently unknown)
|
||||
* @apiSuccess {Boolean} autoassign Tickets are auto-assigned to this user
|
||||
* @apiSuccess {String[]} heskPrivileges Helpdesk features the user has access to. If the user is an admin, this list has one element: ""
|
||||
* @apiSuccess {Integer} ratingNeg Total number of negative feedback to "Was this reply helpful?" on replies by this user
|
||||
* @apiSuccess {Integer} ratingPos Total number of positive feedback to "Was this reply helpful?" on replies by this user
|
||||
* @apiSuccess {String} rating The overall rating of the user, as a floating point decimal
|
||||
* @apiSuccess {Integer} autorefresh The ticket table autorefresh time for the user, in milliseconds
|
||||
* @apiSuccess {Boolean} active `true` if the user is active<br>`false` otherwise
|
||||
*
|
||||
* @apiSuccessExample {json} Success-Response:
|
||||
* HTTP/1.1 200 OK
|
||||
* {
|
||||
* "id": 1,
|
||||
* "username": "mkoch",
|
||||
* "admin": true,
|
||||
* "name": "Your name",
|
||||
* "email": "mkoch227@gmail.com",
|
||||
* "signature": "Sincerely,\r\n\r\nYour name\r\nYour website\r\nhttp://www.yourwebsite.com\r\n& < > ^ &",
|
||||
* "language": null,
|
||||
* "categories": [
|
||||
* ""
|
||||
* ],
|
||||
* "afterReply": 0,
|
||||
* "autoStart": true,
|
||||
* "notifyCustomerNew": true,
|
||||
* "notifyCustomerReply": true,
|
||||
* "showSuggested": true,
|
||||
* "notifyNewUnassigned": true,
|
||||
* "notifyNewMy": true,
|
||||
* "notifyReplyUnassigned": true,
|
||||
* "notifyReplyMy": true,
|
||||
* "notifyAssigned": true,
|
||||
* "notifyPm": false,
|
||||
* "notifyNote": true,
|
||||
* "notifyNoteUnassigned": false,
|
||||
* "defaultList": "",
|
||||
* "autoassign": true,
|
||||
* "heskPrivileges": [
|
||||
* ""
|
||||
* ],
|
||||
* "ratingNeg": 0,
|
||||
* "ratingPos": 0,
|
||||
* "rating": "0",
|
||||
* "autorefresh": 0,
|
||||
* "active": true
|
||||
* }
|
||||
*
|
||||
* @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
|
||||
* @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
|
||||
*/
|
||||
if ($request_method == 'GET') {
|
||||
$token = get_header('X-Auth-Token');
|
||||
|
||||
try {
|
||||
get_user_for_token($token, $hesk_settings);
|
||||
} catch (AccessException $e) {
|
||||
return http_response_code($e->getCode());
|
||||
}
|
||||
|
||||
if (isset($_GET['id'])) {
|
||||
$results = retrieve_user($hesk_settings, $_GET['id']);
|
||||
} else {
|
||||
$results = retrieve_user($hesk_settings);
|
||||
}
|
||||
|
||||
if ($results == NULL) {
|
||||
return http_response_code(404);
|
||||
}
|
||||
return output($results);
|
||||
}
|
||||
|
||||
return http_response_code(405);
|
@ -0,0 +1,9 @@
|
||||
<?php
|
||||
require_once(API_PATH . 'dao/security_dao.php');
|
||||
|
||||
function get_user_for_token($token, $hesk_settings) {
|
||||
|
||||
$hash = hash('sha512', $token);
|
||||
|
||||
return get_user_for_token_hash($hash, $hesk_settings);
|
||||
}
|
@ -0,0 +1,88 @@
|
||||
<?php
|
||||
require_once(API_PATH . 'dao/ticket_dao.php');
|
||||
|
||||
function get_ticket_for_staff($hesk_settings, $id = NULL) {
|
||||
$tickets = get_ticket_for_id($hesk_settings, $id);
|
||||
|
||||
if ($id === NULL) {
|
||||
$original_tickets = $tickets;
|
||||
$tickets = [];
|
||||
foreach ($original_tickets as $ticket) {
|
||||
$ticket = remove_common_properties($ticket);
|
||||
$ticket = convert_to_camel_case($ticket);
|
||||
$tickets[] = $ticket;
|
||||
}
|
||||
} else {
|
||||
$tickets = remove_common_properties($tickets);
|
||||
$tickets = convert_to_camel_case($tickets);
|
||||
}
|
||||
|
||||
|
||||
return $tickets;
|
||||
}
|
||||
|
||||
function remove_common_properties($ticket) {
|
||||
unset($ticket['lastchange']);
|
||||
unset($ticket['firstreply']);
|
||||
unset($ticket['closedat']);
|
||||
unset($ticket['openedby']);
|
||||
unset($ticket['firstreplyby']);
|
||||
unset($ticket['closedby']);
|
||||
unset($ticket['replies']);
|
||||
unset($ticket['staffreplies']);
|
||||
unset($ticket['lastreplier']);
|
||||
unset($ticket['replierid']);
|
||||
|
||||
return $ticket;
|
||||
}
|
||||
|
||||
function convert_to_camel_case($ticket) {
|
||||
if (isset($ticket['articles'])) {
|
||||
$ticket['suggestedArticles'] = $ticket['articles'];
|
||||
unset($ticket['articles']);
|
||||
$ticket['legacyAuditTrail'] = $ticket['history'];
|
||||
unset($ticket['history']);
|
||||
$ticket['linkedTo'] = $ticket['parent'];
|
||||
unset($ticket['parent']);
|
||||
$ticket['timeWorked'] = $ticket['time_worked'];
|
||||
unset($ticket['time_worked']);
|
||||
$ticket['userAgent'] = $ticket['user_agent'];
|
||||
unset($ticket['user_agent']);
|
||||
$ticket['screenResolutionWidth'] = $ticket['screen_resolution_width'];
|
||||
unset($ticket['screen_resolution_width']);
|
||||
$ticket['screenResolutionHeight'] = $ticket['screen_resolution_height'];
|
||||
unset($ticket['screen_resolution_height']);
|
||||
}
|
||||
$ticket['trackingId'] = $ticket['trackid'];
|
||||
unset($ticket['trackid']);
|
||||
$ticket['dateCreated'] = $ticket['dt'];
|
||||
unset($ticket['dt']);
|
||||
|
||||
return $ticket;
|
||||
}
|
||||
|
||||
function get_ticket($hesk_settings, $id) {
|
||||
$ticket = get_ticket_for_id($hesk_settings, $id);
|
||||
$ticket = remove_common_properties($ticket);
|
||||
$ticket = remove_staff_specific_properties($ticket);
|
||||
$ticket = convert_to_camel_case($ticket);
|
||||
|
||||
return $ticket;
|
||||
}
|
||||
|
||||
function remove_staff_specific_properties($ticket) {
|
||||
unset($ticket['articles']);
|
||||
unset($ticket['ip']);
|
||||
unset($ticket['language']);
|
||||
unset($ticket['owner']);
|
||||
unset($ticket['time_worked']);
|
||||
unset($ticket['history']);
|
||||
unset($ticket['latitude']);
|
||||
unset($ticket['longitude']);
|
||||
unset($ticket['user_agent']);
|
||||
unset($ticket['screen_resolution_width']);
|
||||
unset($ticket['screen_resolution_height']);
|
||||
unset($ticket['parent']);
|
||||
|
||||
return $ticket;
|
||||
}
|
@ -0,0 +1,73 @@
|
||||
<?php
|
||||
require_once(API_PATH . 'dao/user_dao.php');
|
||||
|
||||
function retrieve_user($hesk_settings, $id = NULL) {
|
||||
$users = get_user($hesk_settings, $id);
|
||||
|
||||
if ($id === NULL) {
|
||||
$original_users = $users;
|
||||
$users = [];
|
||||
foreach ($original_users as $user) {
|
||||
$user = remove_unneeded_properties($user);
|
||||
$user = convert_to_camel_case($user);
|
||||
$users[] = $user;
|
||||
}
|
||||
} else {
|
||||
$users = remove_unneeded_properties($users);
|
||||
$users = convert_to_camel_case($users);
|
||||
}
|
||||
|
||||
return $users;
|
||||
}
|
||||
|
||||
function remove_unneeded_properties($user) {
|
||||
unset($user['pass']);
|
||||
unset($user['permission_template']);
|
||||
unset($user['language']);
|
||||
unset($user['replies']);
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
function convert_to_camel_case($user) {
|
||||
$user['username'] = $user['user'];
|
||||
unset($user['user']);
|
||||
$user['admin'] = $user['isadmin'];
|
||||
unset($user['isadmin']);
|
||||
$user['afterReply'] = $user['afterreply'];
|
||||
unset($user['afterreply']);
|
||||
$user['autoStart'] = $user['autostart'];
|
||||
unset($user['autostart']);
|
||||
$user['notifyCustomerNew'] = $user['notify_customer_new'];
|
||||
unset($user['notify_customer_new']);
|
||||
$user['notifyCustomerReply'] = $user['notify_customer_reply'];
|
||||
unset($user['notify_customer_reply']);
|
||||
$user['showSuggested'] = $user['show_suggested'];
|
||||
unset($user['show_suggested']);
|
||||
$user['notifyNewUnassigned'] = $user['notify_new_unassigned'];
|
||||
unset($user['notify_new_unassigned']);
|
||||
$user['notifyNewMy'] = $user['notify_new_my'];
|
||||
unset($user['notify_new_my']);
|
||||
$user['notifyReplyUnassigned'] = $user['notify_reply_unassigned'];
|
||||
unset($user['notify_reply_unassigned']);
|
||||
$user['notifyReplyMy'] = $user['notify_reply_my'];
|
||||
unset($user['notify_reply_my']);
|
||||
$user['notifyAssigned'] = $user['notify_assigned'];
|
||||
unset($user['notify_assigned']);
|
||||
$user['notifyPm'] = $user['notify_pm'];
|
||||
unset($user['notify_pm']);
|
||||
$user['notifyNote'] = $user['notify_note'];
|
||||
unset($user['notify_note']);
|
||||
$user['notifyNoteUnassigned'] = $user['notify_note_unassigned'];
|
||||
unset($user['notify_note_unassigned']);
|
||||
$user['defaultList'] = $user['default_list'];
|
||||
unset($user['default_list']);
|
||||
$user['ratingNeg'] = $user['ratingneg'];
|
||||
unset($user['ratingneg']);
|
||||
$user['ratingPos'] = $user['ratingpos'];
|
||||
unset($user['ratingpos']);
|
||||
$user['heskPrivileges'] = $user['heskprivileges'];
|
||||
unset($user['heskprivileges']);
|
||||
|
||||
return $user;
|
||||
}
|
@ -0,0 +1,58 @@
|
||||
<?php
|
||||
define('IN_SCRIPT', 1);
|
||||
define('HESK_PATH', '../../');
|
||||
define('API_PATH', '../');
|
||||
require_once(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require_once(HESK_PATH . 'inc/common.inc.php');
|
||||
require_once(API_PATH . 'core/output.php');
|
||||
require_once(API_PATH . 'dao/category_dao.php');
|
||||
|
||||
hesk_load_api_database_functions();
|
||||
hesk_dbConnect();
|
||||
|
||||
// Routing
|
||||
$request_method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
/**
|
||||
* @api {get} /category Retrieve a ticket category
|
||||
* @apiVersion 0.0.0
|
||||
* @apiName GetCategory
|
||||
* @apiGroup Category
|
||||
* @apiPermission public
|
||||
*
|
||||
* @apiParam {Number} [id] The ID of the category. Omit for all categories.
|
||||
*
|
||||
* @apiSuccess {Number} id ID of the category
|
||||
* @apiSuccess {String} name The name of the category
|
||||
* @apiSuccess {Integer} displayOrder The order of the category (in multiples of 10)
|
||||
* @apiSuccess {Boolean} autoassign `true` if tickets set to this category are automatically assigned.<br>`false` otherwise
|
||||
* @apiSuccess {Integer} type `0` - Public<br>`1` - Private
|
||||
* @apiSuccess {Integer} priority Default priority of tickets created in this category
|
||||
* @apiSuccess {Integer} manager User ID of the category manager, or `null` if there is no manager.
|
||||
*
|
||||
* @apiSuccessExample {json} Success-Response:
|
||||
* HTTP/1.1 200 OK
|
||||
* {
|
||||
* "id": 1,
|
||||
* "name": "General",
|
||||
* "displayOrder": 10,
|
||||
* "autoassign": true,
|
||||
* "type": 0,
|
||||
* "priority": 2,
|
||||
* "manager": null
|
||||
* }
|
||||
*/
|
||||
if ($request_method == 'GET') {
|
||||
if (isset($_GET['id'])) {
|
||||
$results = get_category($hesk_settings, $_GET['id']);
|
||||
} else {
|
||||
$results = get_category($hesk_settings);
|
||||
}
|
||||
|
||||
if ($results == NULL) {
|
||||
return http_response_code(404);
|
||||
}
|
||||
return output($results);
|
||||
}
|
||||
|
||||
return http_response_code(405);
|
@ -0,0 +1,18 @@
|
||||
<?php
|
||||
/**
|
||||
* @apiDefine public Public
|
||||
* A public API can be utilized by anyone, without the use of an `X-Auth-Token`.
|
||||
*
|
||||
*/
|
||||
/**
|
||||
* @apiDefine protected Protected
|
||||
* A protected API can only be utilized by those with a valid `X-Auth-Token`.
|
||||
*/
|
||||
/**
|
||||
* @apiDefine invalidXAuthToken 401 Unauthorized
|
||||
* The `X-Auth-Token` provided is invalid.
|
||||
*/
|
||||
/**
|
||||
* @apiDefine noTokenProvided 400 Bad Request
|
||||
* No `X-Auth-Token` was provided.
|
||||
*/
|
@ -0,0 +1,250 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.1 from 26th February 2015
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
/* Check if this is a valid include */
|
||||
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
|
||||
|
||||
|
||||
function hesk_dbSetNames()
|
||||
{
|
||||
global $hesk_settings, $hesk_db_link;
|
||||
|
||||
if ($hesk_settings['db_vrsn'])
|
||||
{
|
||||
mysql_set_charset('utf8', $hesk_db_link);
|
||||
}
|
||||
else
|
||||
{
|
||||
hesk_dbQuery("SET NAMES 'utf8'");
|
||||
}
|
||||
|
||||
} // END hesk_dbSetNames()
|
||||
|
||||
|
||||
function hesk_dbFormatEmail($email, $field = 'email')
|
||||
{
|
||||
global $hesk_settings;
|
||||
|
||||
$email = hesk_dbLike($email);
|
||||
|
||||
if ($hesk_settings['multi_eml'])
|
||||
{
|
||||
return " (`".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email).",%' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email).",%') ";
|
||||
}
|
||||
else
|
||||
{
|
||||
return " `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' ";
|
||||
}
|
||||
|
||||
} // END hesk_dbFormatEmail()
|
||||
|
||||
|
||||
function hesk_dbTime()
|
||||
{
|
||||
$res = hesk_dbQuery("SELECT NOW()");
|
||||
return strtotime(hesk_dbResult($res,0,0));
|
||||
} // END hesk_dbTime()
|
||||
|
||||
|
||||
function hesk_dbEscape($in)
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
$in = mysql_real_escape_string(stripslashes($in), $hesk_db_link);
|
||||
$in = str_replace('`','`',$in);
|
||||
|
||||
return $in;
|
||||
} // END hesk_dbEscape()
|
||||
|
||||
|
||||
function hesk_dbLike($in)
|
||||
{
|
||||
return str_replace( array('_', '%'), array('\\\\_', '\\\\%'), $in);
|
||||
} // END hesk_dbLike()
|
||||
|
||||
|
||||
function hesk_dbConnect()
|
||||
{
|
||||
global $hesk_settings;
|
||||
global $hesk_db_link;
|
||||
global $hesklang;
|
||||
|
||||
// Is mysql supported?
|
||||
if ( ! function_exists('mysql_connect') )
|
||||
{
|
||||
die($hesklang['emp']);
|
||||
}
|
||||
|
||||
// Connect to the database
|
||||
$hesk_db_link = @mysql_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass']);
|
||||
|
||||
// Errors?
|
||||
if ( ! $hesk_db_link)
|
||||
{
|
||||
if ($hesk_settings['debug_mode'])
|
||||
{
|
||||
$message = $hesklang['mysql_said'] . ': ' . mysql_error();
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
print_error($hesklang['cant_connect_db'], $message);
|
||||
return http_response_code(500);
|
||||
}
|
||||
|
||||
if ( ! @mysql_select_db($hesk_settings['db_name'], $hesk_db_link))
|
||||
{
|
||||
if ($hesk_settings['debug_mode'])
|
||||
{
|
||||
$message = $hesklang['mysql_said'] . ': ' . mysql_error();
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
print_error($hesklang['cant_connect_db'], $message);
|
||||
die();
|
||||
}
|
||||
|
||||
// Check MySQL/PHP version and set encoding to utf8
|
||||
hesk_dbSetNames();
|
||||
|
||||
return $hesk_db_link;
|
||||
|
||||
} // END hesk_dbConnect()
|
||||
|
||||
|
||||
function hesk_dbClose()
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
return @mysql_close($hesk_db_link);
|
||||
|
||||
} // END hesk_dbClose()
|
||||
|
||||
|
||||
function hesk_dbQuery($query)
|
||||
{
|
||||
global $hesk_last_query;
|
||||
global $hesk_db_link;
|
||||
global $hesklang, $hesk_settings;
|
||||
|
||||
if ( ! $hesk_db_link && ! hesk_dbConnect())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$hesk_last_query = $query;
|
||||
|
||||
if ($res = @mysql_query($query, $hesk_db_link))
|
||||
{
|
||||
return $res;
|
||||
}
|
||||
elseif ($hesk_settings['debug_mode'])
|
||||
{
|
||||
$message = $hesklang['mysql_said'] . mysql_error();
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
print_error($hesklang['cant_sql'], $message);
|
||||
die();
|
||||
|
||||
} // END hesk_dbQuery()
|
||||
|
||||
|
||||
function hesk_dbFetchAssoc($res)
|
||||
{
|
||||
|
||||
return @mysql_fetch_assoc($res);
|
||||
|
||||
} // END hesk_FetchAssoc()
|
||||
|
||||
|
||||
function hesk_dbFetchRow($res)
|
||||
{
|
||||
|
||||
return @mysql_fetch_row($res);
|
||||
|
||||
} // END hesk_FetchRow()
|
||||
|
||||
|
||||
function hesk_dbResult($res, $row = 0, $column = 0)
|
||||
{
|
||||
|
||||
return @mysql_result($res, $row, $column);
|
||||
|
||||
} // END hesk_dbResult()
|
||||
|
||||
|
||||
function hesk_dbInsertID()
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
if ($lastid = @mysql_insert_id($hesk_db_link))
|
||||
{
|
||||
return $lastid;
|
||||
}
|
||||
|
||||
} // END hesk_dbInsertID()
|
||||
|
||||
|
||||
function hesk_dbFreeResult($res)
|
||||
{
|
||||
|
||||
return mysql_free_result($res);
|
||||
|
||||
} // END hesk_dbFreeResult()
|
||||
|
||||
|
||||
function hesk_dbNumRows($res)
|
||||
{
|
||||
|
||||
return @mysql_num_rows($res);
|
||||
|
||||
} // END hesk_dbNumRows()
|
||||
|
||||
|
||||
function hesk_dbAffectedRows()
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
return @mysql_affected_rows($hesk_db_link);
|
||||
|
||||
} // END hesk_dbAffectedRows()
|
@ -0,0 +1,255 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.1 from 26th February 2015
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
/* Check if this is a valid include */
|
||||
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
|
||||
|
||||
|
||||
function hesk_dbSetNames()
|
||||
{
|
||||
global $hesk_settings, $hesk_db_link;
|
||||
|
||||
if ($hesk_settings['db_vrsn'])
|
||||
{
|
||||
mysqli_set_charset($hesk_db_link, 'utf8');
|
||||
}
|
||||
else
|
||||
{
|
||||
hesk_dbQuery("SET NAMES 'utf8'");
|
||||
}
|
||||
|
||||
} // END hesk_dbSetNames()
|
||||
|
||||
|
||||
function hesk_dbFormatEmail($email, $field = 'email')
|
||||
{
|
||||
global $hesk_settings;
|
||||
|
||||
$email = hesk_dbLike($email);
|
||||
|
||||
if ($hesk_settings['multi_eml'])
|
||||
{
|
||||
return " (`".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email).",%' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email).",%') ";
|
||||
}
|
||||
else
|
||||
{
|
||||
return " `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' ";
|
||||
}
|
||||
|
||||
} // END hesk_dbFormatEmail()
|
||||
|
||||
|
||||
function hesk_dbTime()
|
||||
{
|
||||
$res = hesk_dbQuery("SELECT NOW()");
|
||||
return strtotime(hesk_dbResult($res,0,0));
|
||||
} // END hesk_dbTime()
|
||||
|
||||
|
||||
function hesk_dbEscape($in)
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
$in = mysqli_real_escape_string($hesk_db_link, stripslashes($in));
|
||||
$in = str_replace('`','`',$in);
|
||||
|
||||
return $in;
|
||||
} // END hesk_dbEscape()
|
||||
|
||||
|
||||
function hesk_dbLike($in)
|
||||
{
|
||||
return str_replace( array('_', '%'), array('\\\\_', '\\\\%'), $in);
|
||||
} // END hesk_dbLike()
|
||||
|
||||
|
||||
function hesk_dbConnect()
|
||||
{
|
||||
global $hesk_settings;
|
||||
global $hesk_db_link;
|
||||
global $hesklang;
|
||||
|
||||
// Is mysqli supported?
|
||||
if ( ! function_exists('mysqli_connect') )
|
||||
{
|
||||
die($hesklang['emp']);
|
||||
}
|
||||
|
||||
// Do we need a special port? Check and connect to the database
|
||||
if ( strpos($hesk_settings['db_host'], ':') )
|
||||
{
|
||||
list($hesk_settings['db_host'], $hesk_settings['db_port']) = explode(':', $hesk_settings['db_host']);
|
||||
$hesk_db_link = @mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name'], intval($hesk_settings['db_port']) );
|
||||
}
|
||||
else
|
||||
{
|
||||
$hesk_db_link = @mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name']);
|
||||
}
|
||||
|
||||
// Errors?
|
||||
if ( ! $hesk_db_link)
|
||||
{
|
||||
if ($hesk_settings['debug_mode'])
|
||||
{
|
||||
$message = $hesklang['mysql_said'] . ': (' . mysqli_connect_errno() . ') ' . mysqli_connect_error();
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
print_error($hesklang['cant_connect_db'], $message);
|
||||
http_response_code(500);
|
||||
}
|
||||
|
||||
// Check MySQL/PHP version and set encoding to utf8
|
||||
hesk_dbSetNames();
|
||||
|
||||
return $hesk_db_link;
|
||||
|
||||
} // END hesk_dbConnect()
|
||||
|
||||
|
||||
function hesk_dbClose()
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
return @mysqli_close($hesk_db_link);
|
||||
|
||||
} // END hesk_dbClose()
|
||||
|
||||
|
||||
function hesk_dbQuery($query)
|
||||
{
|
||||
global $hesk_last_query;
|
||||
global $hesk_db_link;
|
||||
global $hesklang, $hesk_settings;
|
||||
|
||||
if ( ! $hesk_db_link && ! hesk_dbConnect())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$hesk_last_query = $query;
|
||||
|
||||
#echo "<p>EXPLAIN $query</p>\n";
|
||||
|
||||
if ($res = @mysqli_query($hesk_db_link, $query))
|
||||
{
|
||||
return $res;
|
||||
}
|
||||
elseif ($hesk_settings['debug_mode'])
|
||||
{
|
||||
$message = $hesklang['mysql_said'] . ': ' . mysqli_error($hesk_db_link);
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
print_error($hesklang['cant_sql'], $message);
|
||||
die(http_response_code(500));
|
||||
} // END hesk_dbQuery()
|
||||
|
||||
|
||||
function hesk_dbFetchAssoc($res)
|
||||
{
|
||||
|
||||
return @mysqli_fetch_assoc($res);
|
||||
|
||||
} // END hesk_FetchAssoc()
|
||||
|
||||
|
||||
function hesk_dbFetchRow($res)
|
||||
{
|
||||
|
||||
return @mysqli_fetch_row($res);
|
||||
|
||||
} // END hesk_FetchRow()
|
||||
|
||||
|
||||
function hesk_dbResult($res, $row = 0, $column = 0)
|
||||
{
|
||||
$i=0;
|
||||
$res->data_seek(0);
|
||||
|
||||
while ($tmp = @mysqli_fetch_array($res, MYSQLI_NUM))
|
||||
{
|
||||
if ($i==$row)
|
||||
{
|
||||
return $tmp[$column];
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
|
||||
return '';
|
||||
|
||||
} // END hesk_dbResult()
|
||||
|
||||
|
||||
function hesk_dbInsertID()
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
if ($lastid = @mysqli_insert_id($hesk_db_link))
|
||||
{
|
||||
return $lastid;
|
||||
}
|
||||
|
||||
} // END hesk_dbInsertID()
|
||||
|
||||
|
||||
function hesk_dbFreeResult($res)
|
||||
{
|
||||
|
||||
return @mysqli_free_result($res);
|
||||
|
||||
} // END hesk_dbFreeResult()
|
||||
|
||||
|
||||
function hesk_dbNumRows($res)
|
||||
{
|
||||
|
||||
return @mysqli_num_rows($res);
|
||||
|
||||
} // END hesk_dbNumRows()
|
||||
|
||||
|
||||
function hesk_dbAffectedRows()
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
return @mysqli_affected_rows($hesk_db_link);
|
||||
|
||||
} // END hesk_dbAffectedRows()
|
@ -0,0 +1,9 @@
|
||||
<?php
|
||||
|
||||
function get_header($key) {
|
||||
$headers = getallheaders();
|
||||
|
||||
return isset($headers[$key])
|
||||
? $headers[$key]
|
||||
: NULL;
|
||||
}
|
@ -0,0 +1,11 @@
|
||||
<?php
|
||||
|
||||
function print_error($title, $message) {
|
||||
$error = array();
|
||||
$error['type'] = 'ERROR';
|
||||
$error['title'] = $title;
|
||||
$error['message'] = $message;
|
||||
|
||||
print json_encode($error);
|
||||
return;
|
||||
}
|
@ -0,0 +1,7 @@
|
||||
<?php
|
||||
|
||||
function output($data, $status_code = 200) {
|
||||
header('Content-Type: application/json');
|
||||
print json_encode($data);
|
||||
return http_response_code($status_code);
|
||||
}
|
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
function get_canned_response($hesk_settings, $id = NULL) {
|
||||
$sql = "SELECT `id`, `message`, `title`, `reply_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` ";
|
||||
if ($id != NULL) {
|
||||
$sql .= "WHERE `id` = ".intval($id);
|
||||
}
|
||||
|
||||
$response = hesk_dbQuery($sql);
|
||||
|
||||
if (hesk_dbNumRows($response) == 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
$results = [];
|
||||
while ($row = hesk_dbFetchAssoc($response)) {
|
||||
$row['id'] = intval($row['id']);
|
||||
|
||||
$row['replyOrder'] = intval($row['reply_order']);
|
||||
unset($row['reply_order']);
|
||||
|
||||
$row['title'] = hesk_html_entity_decode($row['title']);
|
||||
$row['message'] = hesk_html_entity_decode($row['message']);
|
||||
$results[] = $row;
|
||||
}
|
||||
|
||||
return $id == NULL ? $results : $results[0];
|
||||
}
|
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
function get_category($hesk_settings, $id = NULL) {
|
||||
$sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ";
|
||||
if ($id != NULL) {
|
||||
$sql .= "WHERE `id` = ".intval($id);
|
||||
}
|
||||
|
||||
$response = hesk_dbQuery($sql);
|
||||
|
||||
if (hesk_dbNumRows($response) == 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
$results = [];
|
||||
while ($row = hesk_dbFetchAssoc($response)) {
|
||||
$row['id'] = intval($row['id']);
|
||||
$row['displayOrder'] = intval($row['cat_order']);
|
||||
unset($row['cat_order']);
|
||||
$row['autoassign'] = $row['autoassign'] == 1;
|
||||
$row['type'] = intval($row['type']);
|
||||
$row['priority'] = intval($row['priority']);
|
||||
$row['manager'] = intval($row['manager']) == 0 ? NULL : intval($row['manager']);
|
||||
$results[] = $row;
|
||||
}
|
||||
|
||||
return $id == NULL ? $results : $results[0];
|
||||
}
|
@ -0,0 +1,23 @@
|
||||
<?php
|
||||
define('NULL_OR_EMPTY_STRING', 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e');
|
||||
require_once(API_PATH . 'exception/AccessException.php');
|
||||
|
||||
function get_user_for_token_hash($hash, $hesk_settings) {
|
||||
if ($hash == NULL_OR_EMPTY_STRING) {
|
||||
throw new AccessException(400);
|
||||
}
|
||||
|
||||
$user_id_sql = "SELECT `user_id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens`
|
||||
WHERE `token` = '" . hesk_dbEscape($hash) . "'";
|
||||
|
||||
$user_id_rs = hesk_dbQuery($user_id_sql);
|
||||
if (hesk_dbNumRows($user_id_rs) == 0) {
|
||||
throw new AccessException(401);
|
||||
}
|
||||
$user_id = hesk_dbFetchAssoc($user_id_rs);
|
||||
|
||||
$user_sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = ".intval($user_id['user_id']);
|
||||
$user_rs = hesk_dbQuery($user_sql);
|
||||
|
||||
return hesk_dbFetchAssoc($user_rs);
|
||||
}
|
@ -0,0 +1,52 @@
|
||||
<?php
|
||||
|
||||
function get_status($hesk_settings, $id = NULL) {
|
||||
$sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` ";
|
||||
if ($id != NULL) {
|
||||
$sql .= "WHERE `ID` = ".intval($id);
|
||||
}
|
||||
|
||||
$response = hesk_dbQuery($sql);
|
||||
|
||||
if (hesk_dbNumRows($response) == 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
$results = [];
|
||||
while ($row = hesk_dbFetchAssoc($response)) {
|
||||
$row['id'] = intval($row['ID']);
|
||||
unset($row['ID']);
|
||||
$row['sort'] = intval($row['sort']);
|
||||
foreach ($row as $key => $value) {
|
||||
if ($key != 'id') {
|
||||
$lowercase_key = lcfirst($key);
|
||||
$row[$lowercase_key] = $row[$key];
|
||||
unset($row[$key]);
|
||||
}
|
||||
if ($key == 'id' || $lowercase_key == 'closable'
|
||||
|| $lowercase_key == 'key' || $lowercase_key == 'sort'
|
||||
|| $lowercase_key == 'textColor') {
|
||||
continue;
|
||||
}
|
||||
$row[$lowercase_key] = $row[$lowercase_key] == true;
|
||||
}
|
||||
|
||||
$language_sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "text_to_status_xref` "
|
||||
. "WHERE `status_id` = ".intval($row['id']);
|
||||
|
||||
$language_rs = hesk_dbQuery($language_sql);
|
||||
if (hesk_dbNumRows($language_rs) > 0) {
|
||||
$row['key'] = NULL;
|
||||
$row['keys'] = [];
|
||||
}
|
||||
while ($language_row = hesk_dbFetchAssoc($language_rs)) {
|
||||
unset($language_row['id']);
|
||||
unset($language_row['status_id']);
|
||||
$row['keys'][] = $language_row;
|
||||
}
|
||||
|
||||
$results[] = $row;
|
||||
}
|
||||
|
||||
return $id == NULL ? $results : $results[0];
|
||||
}
|
@ -0,0 +1,45 @@
|
||||
<?php
|
||||
|
||||
function get_ticket_for_id($hesk_settings, $id = NULL) {
|
||||
$sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` ";
|
||||
if ($id != NULL) {
|
||||
$sql .= "WHERE `id` = ".intval($id);
|
||||
}
|
||||
|
||||
$response = hesk_dbQuery($sql);
|
||||
|
||||
if (hesk_dbNumRows($response) == 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
$results = build_results($response);
|
||||
|
||||
return $id == NULL ? $results : $results[0];
|
||||
}
|
||||
|
||||
function build_results($response) {
|
||||
$results = [];
|
||||
while ($row = hesk_dbFetchAssoc($response)) {
|
||||
$row['id'] = intval($row['id']);
|
||||
$row['category'] = intval($row['category']);
|
||||
$row['priority'] = intval($row['priority']);
|
||||
$row['status'] = intval($row['status']);
|
||||
$row['replierid'] = intval($row['replierid']);
|
||||
$row['archive'] = $row['archive'] == true;
|
||||
$row['locked'] = $row['locked'] == true;
|
||||
$row['html'] = $row['html'] == true;
|
||||
$row['screen_resolution_height'] = convert_to_int($row['screen_resolution_height']);
|
||||
$row['screen_resolution_width'] = convert_to_int($row['screen_resolution_width']);
|
||||
$row['owner'] = convert_to_int($row['owner']);
|
||||
$row['parent'] = convert_to_int($row['parent']);
|
||||
|
||||
|
||||
$results[] = $row;
|
||||
}
|
||||
|
||||
return $results;
|
||||
}
|
||||
|
||||
function convert_to_int($item) {
|
||||
return $item != NULL ? intval($item) : NULL;
|
||||
}
|
@ -0,0 +1,26 @@
|
||||
<?php
|
||||
|
||||
function get_ticket_template($hesk_settings, $id = NULL) {
|
||||
$sql = "SELECT `id`, `message`, `title`, `tpl_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` ";
|
||||
if ($id != NULL) {
|
||||
$sql .= "WHERE `id` = ".intval($id);
|
||||
}
|
||||
|
||||
$response = hesk_dbQuery($sql);
|
||||
|
||||
if (hesk_dbNumRows($response) == 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
$results = [];
|
||||
while ($row = hesk_dbFetchAssoc($response)) {
|
||||
$row['id'] = intval($row['id']);
|
||||
$row['displayOrder'] = intval($row['tpl_order']);
|
||||
unset($row['tpl_order']);
|
||||
$row['title'] = hesk_html_entity_decode($row['title']);
|
||||
$row['message'] = hesk_html_entity_decode($row['message']);
|
||||
$results[] = $row;
|
||||
}
|
||||
|
||||
return $id == NULL ? $results : $results[0];
|
||||
}
|
@ -0,0 +1,54 @@
|
||||
<?php
|
||||
|
||||
function get_user($hesk_settings, $id = NULL) {
|
||||
$sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` ";
|
||||
|
||||
if ($id != NULL) {
|
||||
$sql .= "WHERE `id` = " . intval($id);
|
||||
}
|
||||
|
||||
$response = hesk_dbQuery($sql);
|
||||
|
||||
if (hesk_dbNumRows($response) == 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
$results = [];
|
||||
while ($row = hesk_dbFetchAssoc($response)) {
|
||||
$row['id'] = intval($row['id']);
|
||||
$row['isadmin'] = get_boolean($row['isadmin']);
|
||||
$row['signature'] = hesk_html_entity_decode($row['signature']);
|
||||
$row['afterreply'] = intval($row['afterreply']);
|
||||
$row['autostart'] = get_boolean($row['autostart']);
|
||||
$row['notify_customer_new'] = get_boolean($row['notify_customer_new']);
|
||||
$row['notify_customer_reply'] = get_boolean($row['notify_customer_reply']);
|
||||
$row['show_suggested'] = get_boolean($row['show_suggested']);
|
||||
$row['notify_new_unassigned'] = get_boolean($row['notify_new_unassigned']);
|
||||
$row['notify_new_my'] = get_boolean($row['notify_new_my']);
|
||||
$row['notify_reply_unassigned'] = get_boolean($row['notify_reply_unassigned']);
|
||||
$row['notify_reply_my'] = get_boolean($row['notify_reply_my']);
|
||||
$row['notify_assigned'] = get_boolean($row['notify_assigned']);
|
||||
$row['notify_pm'] = get_boolean($row['notify_pm']);
|
||||
$row['notify_note'] = get_boolean($row['notify_note']);
|
||||
$row['notify_note_unassigned'] = get_boolean($row['notify_note_unassigned']);
|
||||
$row['autoassign'] = get_boolean($row['autoassign']);
|
||||
$row['ratingneg'] = intval($row['ratingneg']);
|
||||
$row['ratingpos'] = intval($row['ratingpos']);
|
||||
$row['autorefresh'] = intval($row['autorefresh']);
|
||||
$row['active'] = get_boolean($row['active']);
|
||||
|
||||
|
||||
// TODO: Remove this once GitHub #346 is complete
|
||||
$row['categories'] = explode(',', $row['categories']);
|
||||
$row['heskprivileges'] = explode(',', $row['heskprivileges']);
|
||||
|
||||
|
||||
$results[] = $row;
|
||||
}
|
||||
|
||||
return $id == NULL ? $results : $results[0];
|
||||
}
|
||||
|
||||
function get_boolean($value, $truthy_value = true) {
|
||||
return $value == $truthy_value;
|
||||
}
|
@ -0,0 +1,11 @@
|
||||
<?php
|
||||
class AccessException extends Exception {
|
||||
public function __construct($code)
|
||||
{
|
||||
$message = '';
|
||||
if ($code == 401) {
|
||||
$message = 'The X-Auth-Token is invalid';
|
||||
}
|
||||
parent::__construct($message, $code);
|
||||
}
|
||||
}
|
@ -0,0 +1,46 @@
|
||||
<?php
|
||||
define('IN_SCRIPT', 1);
|
||||
define('HESK_PATH', '../../');
|
||||
define('API_PATH', '../');
|
||||
require_once(API_PATH . 'core/output.php');
|
||||
|
||||
// Routing
|
||||
$request_method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
/**
|
||||
* @api {get} /priority Retrieve a ticket priority
|
||||
* @apiVersion 0.0.0
|
||||
* @apiName GetPriority
|
||||
* @apiGroup Priority
|
||||
* @apiPermission public
|
||||
*
|
||||
* @apiParam {Number} [id] The ID of the priority. Omit for all priorities.
|
||||
*
|
||||
* @apiSuccess {Number} id ID of the priority
|
||||
* @apiSuccess {String} key The language file key of the priority
|
||||
*
|
||||
* @apiSuccessExample {json} Success-Response:
|
||||
* HTTP/1.1 200 OK
|
||||
* {
|
||||
* "id": 0,
|
||||
* "key": "critical"
|
||||
* }
|
||||
*/
|
||||
if ($request_method == 'GET') {
|
||||
$results = [];
|
||||
$critical['id'] = 0;
|
||||
$critical['key'] = 'critical';
|
||||
$results[] = $critical;
|
||||
$high['id'] = 1;
|
||||
$high['key'] = 'high';
|
||||
$results[] = $high;
|
||||
$medium['id'] = 2;
|
||||
$medium['key'] = 'medium';
|
||||
$results[] = $medium;
|
||||
$low['id'] = 3;
|
||||
$low['key'] = 'low';
|
||||
$results[] = $low;
|
||||
return output($results);
|
||||
}
|
||||
|
||||
return http_response_code(405);
|
@ -0,0 +1,87 @@
|
||||
<?php
|
||||
define('IN_SCRIPT', 1);
|
||||
define('HESK_PATH', '../../');
|
||||
define('API_PATH', '../');
|
||||
require_once(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require_once(HESK_PATH . 'inc/common.inc.php');
|
||||
require_once(API_PATH . 'core/output.php');
|
||||
require_once(API_PATH . 'dao/status_dao.php');
|
||||
|
||||
hesk_load_api_database_functions();
|
||||
hesk_dbConnect();
|
||||
|
||||
// Routing
|
||||
$request_method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
/**
|
||||
* @api {get} /status Retrieve a ticket status
|
||||
* @apiVersion 0.0.0
|
||||
* @apiName GetStatus
|
||||
* @apiGroup Status
|
||||
* @apiPermission public
|
||||
*
|
||||
* @apiParam {Number} [id] The ID of the status. Omit for all statuses.
|
||||
*
|
||||
* @apiSuccess {Number} id ID of the status
|
||||
* @apiSuccess {String} textColor The text color used for the status on the web interface
|
||||
* @apiSuccess {Boolean} isNewTicketStatus This status is set when a new ticket is created
|
||||
* @apiSuccess {Boolean} isClosed This status closes a ticket
|
||||
* @apiSuccess {Boolean} isClosedByClient This status is set when a customer closes a ticket
|
||||
* @apiSuccess {Boolean} isCustomerReplyStatus This status is set when a customer responds to a ticket
|
||||
* @apiSuccess {Boolean} isStaffClosedOption This status is set when staff clicks the "close ticket" button
|
||||
* @apiSuccess {Boolean} isStaffReopenedStatus This status is set when staff clicks the "open ticket" button
|
||||
* @apiSuccess {Boolean} isDefaultStaffReplyStatus This status is used when staff responds to a ticket
|
||||
* @apiSuccess {Boolean} lockedTicketStatus This status is set when staff clicks the "lock ticket" button
|
||||
* @apiSuccess {Boolean} isAutocloseOption This status is set when a ticket is automatically closed
|
||||
* @apiSuccess {Boolean} closable Tickets can be closed by the following:<br>
|
||||
* `yes`: Both customers/staff,<br>
|
||||
* `conly`: Only customers,<br>
|
||||
* `sonly`: Only staff,<br>
|
||||
* `no`: No one
|
||||
* @apiSuccess {String} key The language key. This is deprecated and should not be used.
|
||||
* @apiSuccess {Object[]} keys The language strings for each language
|
||||
* @apiSuccess {String} keys.language The language for the status name
|
||||
* @apiSuccess {String} keys.text The translated string of the status
|
||||
*
|
||||
* @apiSuccessExample {json} Success-Response:
|
||||
* HTTP/1.1 200 OK
|
||||
* {
|
||||
* "id": 0,
|
||||
* "textColor": "#FF0000",
|
||||
* "isNewTicketStatus": true,
|
||||
* "isClosed": false,
|
||||
* "isClosedByClient": false,
|
||||
* "isCustomerReplyStatus": false,
|
||||
* "isStaffClosedOption": false,
|
||||
* "isStaffReopenedStatus": false,
|
||||
* "isDefaultStaffReplyStatus": false,
|
||||
* "lockedTicketStatus": false,
|
||||
* "isAutocloseOption": false,
|
||||
* "closable": "yes",
|
||||
* "key": null,
|
||||
* "keys": [
|
||||
* {
|
||||
* "language": "English",
|
||||
* "text": "New"
|
||||
* },
|
||||
* {
|
||||
* "language": "Español",
|
||||
* "text": "Nuevo"
|
||||
* }
|
||||
* ]
|
||||
* }
|
||||
*/
|
||||
if ($request_method == 'GET') {
|
||||
if (isset($_GET['id'])) {
|
||||
$results = get_status($hesk_settings, $_GET['id']);
|
||||
} else {
|
||||
$results = get_status($hesk_settings);
|
||||
}
|
||||
|
||||
if ($results == NULL) {
|
||||
return http_response_code(404);
|
||||
}
|
||||
return output($results);
|
||||
}
|
||||
|
||||
return http_response_code(405);
|
@ -0,0 +1,108 @@
|
||||
<?php
|
||||
define('IN_SCRIPT', 1);
|
||||
define('HESK_PATH', '../../');
|
||||
define('API_PATH', '../');
|
||||
require_once(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require_once(HESK_PATH . 'inc/common.inc.php');
|
||||
require_once(API_PATH . 'core/headers.php');
|
||||
require_once(API_PATH . 'core/output.php');
|
||||
require_once(API_PATH . 'businesslogic/ticket_retriever.php');
|
||||
require_once(API_PATH . 'businesslogic/security_retriever.php');
|
||||
|
||||
hesk_load_api_database_functions();
|
||||
hesk_dbConnect();
|
||||
|
||||
// Routing
|
||||
$request_method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
/**
|
||||
* @api {get} /ticket Retrieve a ticket (staff-side)
|
||||
* @apiVersion 0.0.0
|
||||
* @apiName GetTicket
|
||||
* @apiGroup Ticket
|
||||
* @apiPermission protected
|
||||
*
|
||||
* @apiParam {Number} [id] The ID of the ticket.
|
||||
*
|
||||
* @apiSuccess {Number} id ID of the ticket
|
||||
* @apiSuccess {String} trackid The tracking id of the ticket
|
||||
* @apiSuccess {String} name The name of the contact
|
||||
* @apiSuccess {String} email The email address of the ticket (empty string if no email)
|
||||
* @apiSuccess {Integer} category The ID of the category the ticket is in
|
||||
* @apiSuccess {Integer} priority The ID of the priority the ticket is in
|
||||
* @apiSuccess {String} subject The subject of the ticket
|
||||
* @apiSuccess {String} message The original message of the ticket
|
||||
* @apiSuccess {String} dt The date and time the ticket was submitted, in `YYYY-MM-DD hh:mm:ss`
|
||||
* @apiSuccess {Integer} status The ID of the status the ticket is set to
|
||||
* @apiSuccess {Boolean} archive `true` if the ticket is tagged<br>`false` otherwise
|
||||
* @apiSuccess {Boolean} locked `true` if the ticket is locked<br>`false` otherwise
|
||||
* @apiSuccess {Binary[]} attachments Array of attachments, in base-64 encoded binary
|
||||
* @apiSuccess {Integer[]} merged Array of merged ticket IDs
|
||||
* @apiSuccess {String} custom1-20 Custom fields 1-20's values.
|
||||
* @apiSuccess {Boolean} html `true` if the ticket was created with HTML encoding<br>`false` otherwise
|
||||
*
|
||||
* @apiSuccessExample {json} Success-Response:
|
||||
* HTTP/1.1 200 OK
|
||||
* {
|
||||
* "id": 22,
|
||||
* "trackingId": "EVL-RRL-DUBG",
|
||||
* "name": "Test",
|
||||
* "email": "",
|
||||
* "category": 1,
|
||||
* "priority": 3,
|
||||
* "subject": "test",
|
||||
* "message": "test",
|
||||
* "dateCreated": "2014-12-28 00:57:26",
|
||||
* "status": 3,
|
||||
* "archive": true,
|
||||
* "locked": true,
|
||||
* "attachments": "",
|
||||
* "merged": "",
|
||||
* "custom1": "1420671600",
|
||||
* "custom2": "",
|
||||
* "custom3": "",
|
||||
* "custom4": "",
|
||||
* "custom5": "",
|
||||
* "custom6": "",
|
||||
* "custom7": "",
|
||||
* "custom8": "",
|
||||
* "custom9": "",
|
||||
* "custom10": "",
|
||||
* "custom11": "",
|
||||
* "custom12": "",
|
||||
* "custom13": "",
|
||||
* "custom14": "",
|
||||
* "custom15": "",
|
||||
* "custom16": "",
|
||||
* "custom17": "",
|
||||
* "custom18": "",
|
||||
* "custom19": "",
|
||||
* "custom20": "",
|
||||
* "html": false,
|
||||
* }
|
||||
*
|
||||
* @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
|
||||
* @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
|
||||
*/
|
||||
if ($request_method == 'GET') {
|
||||
$token = get_header('X-Auth-Token');
|
||||
|
||||
try {
|
||||
get_user_for_token($token, $hesk_settings);
|
||||
} catch (AccessException $e) {
|
||||
return http_response_code($e->getCode());
|
||||
}
|
||||
|
||||
if (isset($_GET['id'])) {
|
||||
$results = get_ticket($hesk_settings, $_GET['id']);
|
||||
} else {
|
||||
return http_response_code(400);
|
||||
}
|
||||
|
||||
if ($results == NULL) {
|
||||
return http_response_code(404);
|
||||
}
|
||||
return output($results);
|
||||
}
|
||||
|
||||
return http_response_code(405);
|
@ -0,0 +1,6 @@
|
||||
{
|
||||
"name": "Mods for HESK API",
|
||||
"version": "0.0.0",
|
||||
"description": "Mods for HESK API",
|
||||
"title": "Mods for HESK API"
|
||||
}
|
@ -0,0 +1,44 @@
|
||||
<?php
|
||||
define('IN_SCRIPT', 1);
|
||||
define('HESK_PATH', '../../../');
|
||||
define('INTERNAL_API_PATH', '../../');
|
||||
require_once(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require_once(HESK_PATH . 'inc/common.inc.php');
|
||||
require_once(INTERNAL_API_PATH . 'core/output.php');
|
||||
require_once(INTERNAL_API_PATH . 'dao/api_authentication_dao.php');
|
||||
|
||||
hesk_load_internal_api_database_functions();
|
||||
hesk_dbConnect();
|
||||
|
||||
// Routing
|
||||
$request_method = $_SERVER['REQUEST_METHOD'];
|
||||
if ($request_method == 'POST') {
|
||||
$user_id = $_POST['userId'];
|
||||
$action = $_POST['action'];
|
||||
|
||||
if ($user_id == NULL || $action == NULL) {
|
||||
return http_response_code(400);
|
||||
}
|
||||
|
||||
if ($action == 'generate') {
|
||||
$token = '';
|
||||
$letter_array = ['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'];
|
||||
// Pick 32 random characters. That will be the hash
|
||||
for ($i = 0; $i < 32; $i++) {
|
||||
$letter = $letter_array[rand(0, 15)];
|
||||
$token .= $letter;
|
||||
}
|
||||
$hash = hash("sha512", $token);
|
||||
store_token($user_id, $hash, $hesk_settings);
|
||||
|
||||
output($token);
|
||||
return http_response_code(200);
|
||||
} elseif ($action == 'reset') {
|
||||
reset_tokens($user_id, $hesk_settings);
|
||||
return http_response_code(204);
|
||||
} else {
|
||||
return http_response_code(400);
|
||||
}
|
||||
}
|
||||
|
||||
return http_response_code(405);
|
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
define('IN_SCRIPT', 1);
|
||||
define('HESK_PATH', '../../../');
|
||||
define('INTERNAL_API_PATH', '../../');
|
||||
require_once(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require_once(HESK_PATH . 'inc/common.inc.php');
|
||||
require_once(INTERNAL_API_PATH . 'core/output.php');
|
||||
require_once(INTERNAL_API_PATH . 'dao/settings_dao.php');
|
||||
|
||||
hesk_load_internal_api_database_functions();
|
||||
hesk_dbConnect();
|
||||
|
||||
// Routing
|
||||
$request_method = $_SERVER['REQUEST_METHOD'];
|
||||
if ($request_method == 'POST') {
|
||||
$key = $_POST['key'];
|
||||
$value = $_POST['value'];
|
||||
|
||||
if ($key == NULL || $value == NULL) {
|
||||
return http_response_code(400);
|
||||
}
|
||||
|
||||
update_setting($key, $value, $hesk_settings);
|
||||
|
||||
return http_response_code(204);
|
||||
}
|
||||
|
||||
return http_response_code(405);
|
@ -0,0 +1,250 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.1 from 26th February 2015
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
/* Check if this is a valid include */
|
||||
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
|
||||
|
||||
|
||||
function hesk_dbSetNames()
|
||||
{
|
||||
global $hesk_settings, $hesk_db_link;
|
||||
|
||||
if ($hesk_settings['db_vrsn'])
|
||||
{
|
||||
mysql_set_charset('utf8', $hesk_db_link);
|
||||
}
|
||||
else
|
||||
{
|
||||
hesk_dbQuery("SET NAMES 'utf8'");
|
||||
}
|
||||
|
||||
} // END hesk_dbSetNames()
|
||||
|
||||
|
||||
function hesk_dbFormatEmail($email, $field = 'email')
|
||||
{
|
||||
global $hesk_settings;
|
||||
|
||||
$email = hesk_dbLike($email);
|
||||
|
||||
if ($hesk_settings['multi_eml'])
|
||||
{
|
||||
return " (`".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email).",%' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email).",%') ";
|
||||
}
|
||||
else
|
||||
{
|
||||
return " `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' ";
|
||||
}
|
||||
|
||||
} // END hesk_dbFormatEmail()
|
||||
|
||||
|
||||
function hesk_dbTime()
|
||||
{
|
||||
$res = hesk_dbQuery("SELECT NOW()");
|
||||
return strtotime(hesk_dbResult($res,0,0));
|
||||
} // END hesk_dbTime()
|
||||
|
||||
|
||||
function hesk_dbEscape($in)
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
$in = mysql_real_escape_string(stripslashes($in), $hesk_db_link);
|
||||
$in = str_replace('`','`',$in);
|
||||
|
||||
return $in;
|
||||
} // END hesk_dbEscape()
|
||||
|
||||
|
||||
function hesk_dbLike($in)
|
||||
{
|
||||
return str_replace( array('_', '%'), array('\\\\_', '\\\\%'), $in);
|
||||
} // END hesk_dbLike()
|
||||
|
||||
|
||||
function hesk_dbConnect()
|
||||
{
|
||||
global $hesk_settings;
|
||||
global $hesk_db_link;
|
||||
global $hesklang;
|
||||
|
||||
// Is mysql supported?
|
||||
if ( ! function_exists('mysql_connect') )
|
||||
{
|
||||
die($hesklang['emp']);
|
||||
}
|
||||
|
||||
// Connect to the database
|
||||
$hesk_db_link = @mysql_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass']);
|
||||
|
||||
// Errors?
|
||||
if ( ! $hesk_db_link)
|
||||
{
|
||||
if ($hesk_settings['debug_mode'])
|
||||
{
|
||||
$message = $hesklang['mysql_said'] . ': ' . mysql_error();
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
print_error($hesklang['cant_connect_db'], $message);
|
||||
return http_response_code(500);
|
||||
}
|
||||
|
||||
if ( ! @mysql_select_db($hesk_settings['db_name'], $hesk_db_link))
|
||||
{
|
||||
if ($hesk_settings['debug_mode'])
|
||||
{
|
||||
$message = $hesklang['mysql_said'] . ': ' . mysql_error();
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
print_error($hesklang['cant_connect_db'], $message);
|
||||
die();
|
||||
}
|
||||
|
||||
// Check MySQL/PHP version and set encoding to utf8
|
||||
hesk_dbSetNames();
|
||||
|
||||
return $hesk_db_link;
|
||||
|
||||
} // END hesk_dbConnect()
|
||||
|
||||
|
||||
function hesk_dbClose()
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
return @mysql_close($hesk_db_link);
|
||||
|
||||
} // END hesk_dbClose()
|
||||
|
||||
|
||||
function hesk_dbQuery($query)
|
||||
{
|
||||
global $hesk_last_query;
|
||||
global $hesk_db_link;
|
||||
global $hesklang, $hesk_settings;
|
||||
|
||||
if ( ! $hesk_db_link && ! hesk_dbConnect())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$hesk_last_query = $query;
|
||||
|
||||
if ($res = @mysql_query($query, $hesk_db_link))
|
||||
{
|
||||
return $res;
|
||||
}
|
||||
elseif ($hesk_settings['debug_mode'])
|
||||
{
|
||||
$message = $hesklang['mysql_said'] . mysql_error();
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
print_error($hesklang['cant_sql'], $message);
|
||||
die();
|
||||
|
||||
} // END hesk_dbQuery()
|
||||
|
||||
|
||||
function hesk_dbFetchAssoc($res)
|
||||
{
|
||||
|
||||
return @mysql_fetch_assoc($res);
|
||||
|
||||
} // END hesk_FetchAssoc()
|
||||
|
||||
|
||||
function hesk_dbFetchRow($res)
|
||||
{
|
||||
|
||||
return @mysql_fetch_row($res);
|
||||
|
||||
} // END hesk_FetchRow()
|
||||
|
||||
|
||||
function hesk_dbResult($res, $row = 0, $column = 0)
|
||||
{
|
||||
|
||||
return @mysql_result($res, $row, $column);
|
||||
|
||||
} // END hesk_dbResult()
|
||||
|
||||
|
||||
function hesk_dbInsertID()
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
if ($lastid = @mysql_insert_id($hesk_db_link))
|
||||
{
|
||||
return $lastid;
|
||||
}
|
||||
|
||||
} // END hesk_dbInsertID()
|
||||
|
||||
|
||||
function hesk_dbFreeResult($res)
|
||||
{
|
||||
|
||||
return mysql_free_result($res);
|
||||
|
||||
} // END hesk_dbFreeResult()
|
||||
|
||||
|
||||
function hesk_dbNumRows($res)
|
||||
{
|
||||
|
||||
return @mysql_num_rows($res);
|
||||
|
||||
} // END hesk_dbNumRows()
|
||||
|
||||
|
||||
function hesk_dbAffectedRows()
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
return @mysql_affected_rows($hesk_db_link);
|
||||
|
||||
} // END hesk_dbAffectedRows()
|
@ -0,0 +1,255 @@
|
||||
<?php
|
||||
/*******************************************************************************
|
||||
* Title: Help Desk Software HESK
|
||||
* Version: 2.6.1 from 26th February 2015
|
||||
* Author: Klemen Stirn
|
||||
* Website: http://www.hesk.com
|
||||
********************************************************************************
|
||||
* COPYRIGHT AND TRADEMARK NOTICE
|
||||
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
|
||||
* HESK is a registered trademark of Klemen Stirn.
|
||||
|
||||
* The HESK may be used and modified free of charge by anyone
|
||||
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
|
||||
* By using this code you agree to indemnify Klemen Stirn from any
|
||||
* liability that might arise from it's use.
|
||||
|
||||
* Selling the code for this program, in part or full, without prior
|
||||
* written consent is expressly forbidden.
|
||||
|
||||
* Using this code, in part or full, to create derivate work,
|
||||
* new scripts or products is expressly forbidden. Obtain permission
|
||||
* before redistributing this software over the Internet or in
|
||||
* any other medium. In all cases copyright and header must remain intact.
|
||||
* This Copyright is in full effect in any country that has International
|
||||
* Trade Agreements with the United States of America or
|
||||
* with the European Union.
|
||||
|
||||
* Removing any of the copyright notices without purchasing a license
|
||||
* is expressly forbidden. To remove HESK copyright notice you must purchase
|
||||
* a license for this script. For more information on how to obtain
|
||||
* a license please visit the page below:
|
||||
* https://www.hesk.com/buy.php
|
||||
*******************************************************************************/
|
||||
|
||||
/* Check if this is a valid include */
|
||||
if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
|
||||
|
||||
|
||||
function hesk_dbSetNames()
|
||||
{
|
||||
global $hesk_settings, $hesk_db_link;
|
||||
|
||||
if ($hesk_settings['db_vrsn'])
|
||||
{
|
||||
mysqli_set_charset($hesk_db_link, 'utf8');
|
||||
}
|
||||
else
|
||||
{
|
||||
hesk_dbQuery("SET NAMES 'utf8'");
|
||||
}
|
||||
|
||||
} // END hesk_dbSetNames()
|
||||
|
||||
|
||||
function hesk_dbFormatEmail($email, $field = 'email')
|
||||
{
|
||||
global $hesk_settings;
|
||||
|
||||
$email = hesk_dbLike($email);
|
||||
|
||||
if ($hesk_settings['multi_eml'])
|
||||
{
|
||||
return " (`".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email).",%' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email).",%') ";
|
||||
}
|
||||
else
|
||||
{
|
||||
return " `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' ";
|
||||
}
|
||||
|
||||
} // END hesk_dbFormatEmail()
|
||||
|
||||
|
||||
function hesk_dbTime()
|
||||
{
|
||||
$res = hesk_dbQuery("SELECT NOW()");
|
||||
return strtotime(hesk_dbResult($res,0,0));
|
||||
} // END hesk_dbTime()
|
||||
|
||||
|
||||
function hesk_dbEscape($in)
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
$in = mysqli_real_escape_string($hesk_db_link, stripslashes($in));
|
||||
$in = str_replace('`','`',$in);
|
||||
|
||||
return $in;
|
||||
} // END hesk_dbEscape()
|
||||
|
||||
|
||||
function hesk_dbLike($in)
|
||||
{
|
||||
return str_replace( array('_', '%'), array('\\\\_', '\\\\%'), $in);
|
||||
} // END hesk_dbLike()
|
||||
|
||||
|
||||
function hesk_dbConnect()
|
||||
{
|
||||
global $hesk_settings;
|
||||
global $hesk_db_link;
|
||||
global $hesklang;
|
||||
|
||||
// Is mysqli supported?
|
||||
if ( ! function_exists('mysqli_connect') )
|
||||
{
|
||||
die($hesklang['emp']);
|
||||
}
|
||||
|
||||
// Do we need a special port? Check and connect to the database
|
||||
if ( strpos($hesk_settings['db_host'], ':') )
|
||||
{
|
||||
list($hesk_settings['db_host'], $hesk_settings['db_port']) = explode(':', $hesk_settings['db_host']);
|
||||
$hesk_db_link = @mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name'], intval($hesk_settings['db_port']) );
|
||||
}
|
||||
else
|
||||
{
|
||||
$hesk_db_link = @mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name']);
|
||||
}
|
||||
|
||||
// Errors?
|
||||
if ( ! $hesk_db_link)
|
||||
{
|
||||
if ($hesk_settings['debug_mode'])
|
||||
{
|
||||
$message = $hesklang['mysql_said'] . ': (' . mysqli_connect_errno() . ') ' . mysqli_connect_error();
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
print_error($hesklang['cant_connect_db'], $message);
|
||||
http_response_code(500);
|
||||
}
|
||||
|
||||
// Check MySQL/PHP version and set encoding to utf8
|
||||
hesk_dbSetNames();
|
||||
|
||||
return $hesk_db_link;
|
||||
|
||||
} // END hesk_dbConnect()
|
||||
|
||||
|
||||
function hesk_dbClose()
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
return @mysqli_close($hesk_db_link);
|
||||
|
||||
} // END hesk_dbClose()
|
||||
|
||||
|
||||
function hesk_dbQuery($query)
|
||||
{
|
||||
global $hesk_last_query;
|
||||
global $hesk_db_link;
|
||||
global $hesklang, $hesk_settings;
|
||||
|
||||
if ( ! $hesk_db_link && ! hesk_dbConnect())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$hesk_last_query = $query;
|
||||
|
||||
#echo "<p>EXPLAIN $query</p>\n";
|
||||
|
||||
if ($res = @mysqli_query($hesk_db_link, $query))
|
||||
{
|
||||
return $res;
|
||||
}
|
||||
elseif ($hesk_settings['debug_mode'])
|
||||
{
|
||||
$message = $hesklang['mysql_said'] . ': ' . mysqli_error($hesk_db_link);
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
print_error($hesklang['cant_sql'], $message);
|
||||
die(http_response_code(500));
|
||||
} // END hesk_dbQuery()
|
||||
|
||||
|
||||
function hesk_dbFetchAssoc($res)
|
||||
{
|
||||
|
||||
return @mysqli_fetch_assoc($res);
|
||||
|
||||
} // END hesk_FetchAssoc()
|
||||
|
||||
|
||||
function hesk_dbFetchRow($res)
|
||||
{
|
||||
|
||||
return @mysqli_fetch_row($res);
|
||||
|
||||
} // END hesk_FetchRow()
|
||||
|
||||
|
||||
function hesk_dbResult($res, $row = 0, $column = 0)
|
||||
{
|
||||
$i=0;
|
||||
$res->data_seek(0);
|
||||
|
||||
while ($tmp = @mysqli_fetch_array($res, MYSQLI_NUM))
|
||||
{
|
||||
if ($i==$row)
|
||||
{
|
||||
return $tmp[$column];
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
|
||||
return '';
|
||||
|
||||
} // END hesk_dbResult()
|
||||
|
||||
|
||||
function hesk_dbInsertID()
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
if ($lastid = @mysqli_insert_id($hesk_db_link))
|
||||
{
|
||||
return $lastid;
|
||||
}
|
||||
|
||||
} // END hesk_dbInsertID()
|
||||
|
||||
|
||||
function hesk_dbFreeResult($res)
|
||||
{
|
||||
|
||||
return @mysqli_free_result($res);
|
||||
|
||||
} // END hesk_dbFreeResult()
|
||||
|
||||
|
||||
function hesk_dbNumRows($res)
|
||||
{
|
||||
|
||||
return @mysqli_num_rows($res);
|
||||
|
||||
} // END hesk_dbNumRows()
|
||||
|
||||
|
||||
function hesk_dbAffectedRows()
|
||||
{
|
||||
global $hesk_db_link;
|
||||
|
||||
return @mysqli_affected_rows($hesk_db_link);
|
||||
|
||||
} // END hesk_dbAffectedRows()
|
@ -0,0 +1,11 @@
|
||||
<?php
|
||||
|
||||
function print_error($title, $message) {
|
||||
$error = array();
|
||||
$error['type'] = 'ERROR';
|
||||
$error['title'] = $title;
|
||||
$error['message'] = $message;
|
||||
|
||||
print json_encode($error);
|
||||
return;
|
||||
}
|
@ -0,0 +1,7 @@
|
||||
<?php
|
||||
|
||||
function output($data, $status_code = 200) {
|
||||
header('Content-Type: application/json');
|
||||
print json_encode($data);
|
||||
return http_response_code($status_code);
|
||||
}
|
@ -0,0 +1,12 @@
|
||||
<?php
|
||||
|
||||
function store_token($user_id, $token_hash, $hesk_settings) {
|
||||
$sql = "INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens` (`user_id`, `token`)
|
||||
VALUES (" . intval($user_id) . ", '" . hesk_dbEscape($token_hash) . "')";
|
||||
hesk_dbQuery($sql);
|
||||
}
|
||||
|
||||
function reset_tokens($user_id, $hesk_settings) {
|
||||
$sql = "DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens` WHERE `user_id` = ".intval($user_id);
|
||||
hesk_dbQuery($sql);
|
||||
}
|
@ -0,0 +1,8 @@
|
||||
<?php
|
||||
|
||||
function update_setting($key, $value, $hesk_settings) {
|
||||
$sql = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET
|
||||
`Value` = '" . hesk_dbEscape($value) . "' WHERE `Key` = '" . hesk_dbEscape($key) . "'";
|
||||
|
||||
hesk_dbQuery($sql);
|
||||
}
|
@ -0,0 +1,120 @@
|
||||
$(document).ready(function() {
|
||||
$('#enable-api-button').click(function() {
|
||||
updatePublicApi('1', '#enable-api-button');
|
||||
});
|
||||
$('#disable-api-button').click(function() {
|
||||
updatePublicApi('0', '#disable-api-button');
|
||||
});
|
||||
});
|
||||
|
||||
function updatePublicApi(enable) {
|
||||
var endpoint = getHelpdeskUrl();
|
||||
endpoint += '/internal-api/admin/api-settings/';
|
||||
var data = {
|
||||
key: 'public_api',
|
||||
value: enable
|
||||
};
|
||||
$('#enable-api-button').addClass('disabled');
|
||||
$('#disable-api-button').addClass('disabled');
|
||||
markSaving('public-api');
|
||||
$.ajax({
|
||||
url: endpoint,
|
||||
data: data,
|
||||
method: 'POST',
|
||||
success: function() {
|
||||
$('#enable-api-button').removeClass('disabled');
|
||||
$('#disable-api-button').removeClass('disabled');
|
||||
markSuccess('public-api');
|
||||
|
||||
if (enable == '1') {
|
||||
$('#public-api-sidebar').addClass('success')
|
||||
.removeClass('danger');
|
||||
$('#public-api-sidebar-enabled').removeClass('hide');
|
||||
$('#public-api-sidebar-disabled').addClass('hide');
|
||||
} else {
|
||||
$('#public-api-sidebar').addClass('danger')
|
||||
.removeClass('success');
|
||||
$('#public-api-sidebar-disabled').removeClass('hide');
|
||||
$('#public-api-sidebar-enabled').addClass('hide');
|
||||
}
|
||||
},
|
||||
error: function(data) {
|
||||
console.error(data);
|
||||
$('#enable-api-button').removeClass('disabled');
|
||||
$('#disable-api-button').removeClass('disabled');
|
||||
markFailure('public-api');
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
function markSuccess(id) {
|
||||
$('#' + id + '-saving').addClass('hide');
|
||||
$('#' + id + '-failure').addClass('hide');
|
||||
$('#' + id + '-success').removeClass('hide');
|
||||
}
|
||||
|
||||
function markSaving(id) {
|
||||
$('#' + id + '-saving').removeClass('hide');
|
||||
$('#' + id + '-failure').addClass('hide');
|
||||
$('#' + id + '-success').addClass('hide');
|
||||
}
|
||||
|
||||
function markFailure(id) {
|
||||
$('#' + id + '-saving').addClass('hide');
|
||||
$('#' + id + '-failure').removeClass('hide');
|
||||
$('#' + id + '-success').addClass('hide');
|
||||
}
|
||||
|
||||
function generateToken(userId) {
|
||||
var endpoint = getHelpdeskUrl();
|
||||
endpoint += '/internal-api/admin/api-authentication/';
|
||||
markSaving('token-' + userId);
|
||||
$('#token-' + userId + '-reset').addClass('hide');
|
||||
$('#token-' + userId + '-created').addClass('hide');
|
||||
var data = {
|
||||
userId: userId,
|
||||
action: 'generate'
|
||||
};
|
||||
$.ajax({
|
||||
url: endpoint,
|
||||
data: data,
|
||||
method: 'POST',
|
||||
success: function (data) {
|
||||
$('#token-' + userId + '-created > td > .token').text(data);
|
||||
$('#token-' + userId + '-created').removeClass('hide');
|
||||
markSuccess('token-' + userId);
|
||||
var oldNumberOfTokens = parseInt($('#token-' + userId + '-count').text());
|
||||
$('#token-' + userId + '-count').text(++oldNumberOfTokens);
|
||||
},
|
||||
error: function (data) {
|
||||
console.error(data);
|
||||
markFailure('token-' + userId);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
function clearTokens(userId) {
|
||||
var endpoint = getHelpdeskUrl();
|
||||
endpoint += '/internal-api/admin/api-authentication/';
|
||||
markSaving('token-' + userId);
|
||||
$('#token-' + userId + '-reset').addClass('hide');
|
||||
$('#token-' + userId + '-created').addClass('hide');
|
||||
var data = {
|
||||
userId: userId,
|
||||
action: 'reset'
|
||||
};
|
||||
$.ajax({
|
||||
url: endpoint,
|
||||
data: data,
|
||||
method: 'POST',
|
||||
success: function() {
|
||||
$('#token-' + userId + '-reset').removeClass('hide');
|
||||
$('#token-' + userId + '-count').text('0');
|
||||
markSuccess('token-' + userId);
|
||||
},
|
||||
error: function(data) {
|
||||
console.error(data);
|
||||
markFailure('token-' + userId);
|
||||
}
|
||||
});
|
||||
}
|
@ -0,0 +1,9 @@
|
||||
<?php
|
||||
define('IN_SCRIPT', 1);
|
||||
require_once('../../hesk_settings.inc.php');
|
||||
header('Content-Type: application/javascript');
|
||||
echo "
|
||||
function getHelpdeskUrl() {
|
||||
return '".$hesk_settings['hesk_url']."';
|
||||
}
|
||||
";
|
Loading…
Reference in New Issue