-
-
-
-
-
-
-
+
+
+
+
+
+ $v)
-{
- if ($v['use'])
- {
- $sql_final .= ", `".$k."`";
- }
-}
-
-$sql_final.= " FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
-
-// This code will be used to count number of results
-$sql_count = "SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
-
-// This is common SQL for both queries
-$sql = "";
-
-// Some default settings
-$archive = array(1=>0,2=>0);
-$s_my = array(1=>1,2=>1);
-$s_ot = array(1=>1,2=>1);
-$s_un = array(1=>1,2=>1);
-
-// --> TICKET CATEGORY
-$category = intval( hesk_GET('category', 0) );
-
-// Make sure user has access to this category
-if ($category && hesk_okCategory($category, 0) )
-{
- $sql .= " `category`='{$category}' ";
-}
-// No category selected, show only allowed categories
-else
-{
- $sql .= hesk_myCategories();
-}
-
-// Show only tagged tickets?
-if ( ! empty($_GET['archive']) )
-{
- $archive[2]=1;
- $sql .= " AND `archive`='1' ";
-}
-
-// Ticket owner preferences
-$fid = 2;
-require(HESK_PATH . 'inc/assignment_search.inc.php');
-
-$hesk_error_buffer = '';
-$no_query = 0;
-
-// Search query
-$q = stripslashes( hesk_input( hesk_GET('q', '') ) );
-
-// No query entered?
-if ( ! strlen($q) )
-{
- $hesk_error_buffer .= $hesklang['fsq'];
- $no_query = 1;
-}
-
-// What field are we searching in
-$what = hesk_GET('what', '') or $hesk_error_buffer .= '
' . $hesklang['wsel'];
-
-// Sequential ID supported?
-if ($what == 'seqid' && ! $hesk_settings['sequential'])
-{
- $what = 'trackid';
-}
-
-// Setup SQL based on searching preferences
-if ( ! $no_query)
-{
- $sql .= " AND ";
-
- switch ($what)
- {
- case 'trackid':
- $sql .= " ( `trackid` = '".hesk_dbEscape($q)."' OR `merged` LIKE '%#".hesk_dbEscape($q)."#%' ) ";
- break;
- case 'name':
- $sql .= "`name` LIKE '%".hesk_dbEscape($q)."%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ";
- break;
- case 'email':
- $sql .= "`email` LIKE '%".hesk_dbEscape($q)."%' ";
- break;
- case 'subject':
- $sql .= "`subject` LIKE '%".hesk_dbEscape($q)."%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ";
- break;
- case 'message':
- $sql .= " ( `message` LIKE '%".hesk_dbEscape($q)."%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "'
+ foreach ($hesk_settings['custom_fields'] as $k => $v) {
+ if ($v['use']) {
+ $sql_final .= ", `" . $k . "`";
+ }
+ }
+
+ $sql_final .= " FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
+
+ // This code will be used to count number of results
+ $sql_count = "SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
+
+ // This is common SQL for both queries
+ $sql = "";
+
+ // Some default settings
+ $archive = array(1 => 0, 2 => 0);
+ $s_my = array(1 => 1, 2 => 1);
+ $s_ot = array(1 => 1, 2 => 1);
+ $s_un = array(1 => 1, 2 => 1);
+
+ // --> TICKET CATEGORY
+ $category = intval(hesk_GET('category', 0));
+
+ // Make sure user has access to this category
+ if ($category && hesk_okCategory($category, 0)) {
+ $sql .= " `category`='{$category}' ";
+ } // No category selected, show only allowed categories
+ else {
+ $sql .= hesk_myCategories();
+ }
+
+ // Show only tagged tickets?
+ if (!empty($_GET['archive'])) {
+ $archive[2] = 1;
+ $sql .= " AND `archive`='1' ";
+ }
+
+ // Ticket owner preferences
+ $fid = 2;
+ require(HESK_PATH . 'inc/assignment_search.inc.php');
+
+ $hesk_error_buffer = '';
+ $no_query = 0;
+
+ // Search query
+ $q = stripslashes(hesk_input(hesk_GET('q', '')));
+
+ // No query entered?
+ if (!strlen($q)) {
+ $hesk_error_buffer .= $hesklang['fsq'];
+ $no_query = 1;
+ }
+
+ // What field are we searching in
+ $what = hesk_GET('what', '') or $hesk_error_buffer .= '
' . $hesklang['wsel'];
+
+ // Sequential ID supported?
+ if ($what == 'seqid' && !$hesk_settings['sequential']) {
+ $what = 'trackid';
+ }
+
+ // Setup SQL based on searching preferences
+ if (!$no_query) {
+ $sql .= " AND ";
+
+ switch ($what) {
+ case 'trackid':
+ $sql .= " ( `trackid` = '" . hesk_dbEscape($q) . "' OR `merged` LIKE '%#" . hesk_dbEscape($q) . "#%' ) ";
+ break;
+ case 'name':
+ $sql .= "`name` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ";
+ break;
+ case 'email':
+ $sql .= "`email` LIKE '%" . hesk_dbEscape($q) . "%' ";
+ break;
+ case 'subject':
+ $sql .= "`subject` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ";
+ break;
+ case 'message':
+ $sql .= " ( `message` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "'
OR
`id` IN (
SELECT DISTINCT `replyto`
- FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies`
- WHERE `message` LIKE '%".hesk_dbEscape($q)."%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' )
+ FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies`
+ WHERE `message` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' )
)
";
- break;
- case 'seqid':
- $sql .= "`id` = '".intval($q)."' ";
- break;
- case 'notes':
- $sql .= "`id` IN (
+ break;
+ case 'seqid':
+ $sql .= "`id` = '" . intval($q) . "' ";
+ break;
+ case 'notes':
+ $sql .= "`id` IN (
SELECT DISTINCT `ticket`
- FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes`
- WHERE `message` LIKE '%".hesk_dbEscape($q)."%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' )
+ FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes`
+ WHERE `message` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' )
";
- break;
- default:
- if (isset($hesk_settings['custom_fields'][$what]) && $hesk_settings['custom_fields'][$what]['use'])
- {
- $sql .= "`".hesk_dbEscape($what)."` LIKE '%".hesk_dbEscape($q)."%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ";
- }
- else
- {
- $hesk_error_buffer .= '
' . $hesklang['invalid_search'];
- }
- }
-}
-
-// Owner
-if ( $tmp = intval( hesk_GET('owner', 0) ) )
-{
- $sql .= " AND `owner`={$tmp} ";
- $owner_input = $tmp;
- $hesk_error_buffer = str_replace($hesklang['fsq'],'',$hesk_error_buffer);
-}
-else
-{
- $owner_input = 0;
-}
-
-/* Date */
-/* -> Check for compatibility with old date format */
-if (preg_match("/(\d{4})-(\d{2})-(\d{2})/", hesk_GET('dt'), $m))
-{
- $_GET['dt']=$m[2].$m[3].$m[1];
-}
-
-/* -> Now process the date value */
-$dt = preg_replace('/[^0-9]/','', hesk_GET('dt') );
-if (strlen($dt) == 8)
-{
- $date = substr($dt,4,4) . '-' . substr($dt,0,2) . '-' . substr($dt,2,2);
- $date_input= substr($dt,0,2) . '/' . substr($dt,2,2) . '/' . substr($dt,4,4);
-
- /* This search is valid even if no query is entered */
- if ($no_query)
- {
- $hesk_error_buffer = str_replace($hesklang['fsq'],'',$hesk_error_buffer);
- }
-
- $sql .= " AND `dt` BETWEEN '{$date} 00:00:00' AND '{$date} 23:59:59' ";
-}
-else
-{
- $date = '';
- $date_input = '';
-}
-
-/* Any errors? */
-if (strlen($hesk_error_buffer))
-{
- hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
-}
-
-/* This will handle error, success and notice messages */
-$handle = hesk_handle_messages();
-
-# echo "$sql
";
-
-// That's all the SQL we need for count
-$sql_count .= $sql;
-$sql = $sql_final . $sql;
-
-/* Prepare variables used in search and forms */
-require_once(HESK_PATH . 'inc/prepare_ticket_search.inc.php');
-
-/* If there has been an error message skip searching for tickets */
-if ($handle !== FALSE)
-{
- $href = 'find_tickets.php';
- require_once(HESK_PATH . 'inc/ticket_list.inc.php');
-}
-?>
-
-
+ break;
+ default:
+ if (isset($hesk_settings['custom_fields'][$what]) && $hesk_settings['custom_fields'][$what]['use']) {
+ $sql .= "`" . hesk_dbEscape($what) . "` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ";
+ } else {
+ $hesk_error_buffer .= '
' . $hesklang['invalid_search'];
+ }
+ }
+ }
+
+ // Owner
+ if ($tmp = intval(hesk_GET('owner', 0))) {
+ $sql .= " AND `owner`={$tmp} ";
+ $owner_input = $tmp;
+ $hesk_error_buffer = str_replace($hesklang['fsq'], '', $hesk_error_buffer);
+ } else {
+ $owner_input = 0;
+ }
+
+ /* Date */
+ /* -> Check for compatibility with old date format */
+ if (preg_match("/(\d{4})-(\d{2})-(\d{2})/", hesk_GET('dt'), $m)) {
+ $_GET['dt'] = $m[2] . $m[3] . $m[1];
+ }
+
+ /* -> Now process the date value */
+ $dt = preg_replace('/[^0-9]/', '', hesk_GET('dt'));
+ if (strlen($dt) == 8) {
+ $date = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2);
+ $date_input = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4);
+
+ /* This search is valid even if no query is entered */
+ if ($no_query) {
+ $hesk_error_buffer = str_replace($hesklang['fsq'], '', $hesk_error_buffer);
+ }
+
+ $sql .= " AND `dt` BETWEEN '{$date} 00:00:00' AND '{$date} 23:59:59' ";
+ } else {
+ $date = '';
+ $date_input = '';
+ }
+
+ /* Any errors? */
+ if (strlen($hesk_error_buffer)) {
+ hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
+ }
+
+ /* This will handle error, success and notice messages */
+ $handle = hesk_handle_messages();
+
+ # echo "$sql
";
+
+ // That's all the SQL we need for count
+ $sql_count .= $sql;
+ $sql = $sql_final . $sql;
+
+ /* Prepare variables used in search and forms */
+ require_once(HESK_PATH . 'inc/prepare_ticket_search.inc.php');
+
+ /* If there has been an error message skip searching for tickets */
+ if ($handle !== FALSE) {
+ $href = 'find_tickets.php';
+ require_once(HESK_PATH . 'inc/ticket_list.inc.php');
+ }
+ ?>
+
+
diff --git a/admin/index.php b/admin/index.php
index 5909f9ee..440205b7 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -1,39 +1,35 @@
is_valid)
- {
- $_SESSION['img_a_verified']=true;
- }
- else
- {
- $hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
- }
- }
- // Using ReCaptcha API v2?
- elseif ($hesk_settings['recaptcha_use'] == 2)
- {
+ if ($resp->is_valid) {
+ $_SESSION['img_a_verified'] = true;
+ } else {
+ $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
+ }
+ } // Using ReCaptcha API v2?
+ elseif ($hesk_settings['recaptcha_use'] == 2) {
require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php');
$resp = null;
$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
// Was there a reCAPTCHA response?
- if ( isset($_POST["g-recaptcha-response"]) )
- {
- $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response") );
+ if (isset($_POST["g-recaptcha-response"])) {
+ $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
}
- if ($resp != null && $resp->success)
- {
- $_SESSION['img_a_verified']=true;
+ if ($resp != null && $resp->success) {
+ $_SESSION['img_a_verified'] = true;
+ } else {
+ $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
- else
- {
- $hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
+ } // Using PHP generated image
+ else {
+ $mysecnum = intval(hesk_POST('mysecnum', 0));
+
+ if (empty($mysecnum)) {
+ $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
+ } else {
+ require(HESK_PATH . 'inc/secimg.inc.php');
+ $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
+ if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
+ $_SESSION['img_a_verified'] = true;
+ } else {
+ $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
+ }
}
}
- // Using PHP generated image
- else
- {
- $mysecnum = intval( hesk_POST('mysecnum', 0) );
-
- if ( empty($mysecnum) )
- {
- $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
- }
- else
- {
- require(HESK_PATH . 'inc/secimg.inc.php');
- $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
- if ( isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum']) )
- {
- $_SESSION['img_a_verified'] = true;
- }
- else
- {
- $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
- }
- }
- }
- }
+ }
/* Any missing fields? */
- if (count($hesk_error_buffer)!=0)
- {
- $_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
+ if (count($hesk_error_buffer) != 0) {
+ $_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
- $tmp = '';
- foreach ($hesk_error_buffer as $error)
- {
- $tmp .= "
$error \n";
- }
- $hesk_error_buffer = $tmp;
+ $tmp = '';
+ foreach ($hesk_error_buffer as $error) {
+ $tmp .= "
$error \n";
+ }
+ $hesk_error_buffer = $tmp;
- $hesk_error_buffer = $hesklang['pcer'].'
';
- hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
+ $hesk_error_buffer = $hesklang['pcer'] . '
' . $hesk_error_buffer . ' ';
+ hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
print_login();
exit();
- }
- elseif (isset($_SESSION['img_a_verified']))
- {
- unset($_SESSION['img_a_verified']);
+ } elseif (isset($_SESSION['img_a_verified'])) {
+ unset($_SESSION['img_a_verified']);
}
- /* User entered all required info, now lets limit brute force attempts */
- hesk_limitBfAttempts();
+ /* User entered all required info, now lets limit brute force attempts */
+ hesk_limitBfAttempts();
- $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `user` = '".hesk_dbEscape($user)."' LIMIT 1");
- if (hesk_dbNumRows($result) != 1)
- {
+ $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
+ if (hesk_dbNumRows($result) != 1) {
hesk_session_stop();
- $_SESSION['a_iserror'] = array('user','pass');
- hesk_process_messages($hesklang['wrong_user'],'NOREDIRECT');
+ $_SESSION['a_iserror'] = array('user', 'pass');
+ hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
print_login();
exit();
- }
+ }
- $res=hesk_dbFetchAssoc($result);
- foreach ($res as $k=>$v)
- {
- $_SESSION[$k]=$v;
- }
+ $res = hesk_dbFetchAssoc($result);
+ foreach ($res as $k => $v) {
+ $_SESSION[$k] = $v;
+ }
- /* Check password */
- if (hesk_Pass2Hash($pass) != $_SESSION['pass'])
- {
+ /* Check password */
+ if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
hesk_session_stop();
- $_SESSION['a_iserror'] = array('pass');
- hesk_process_messages($hesklang['wrong_pass'],'NOREDIRECT');
- print_login();
- exit();
- }
+ $_SESSION['a_iserror'] = array('pass');
+ hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
+ print_login();
+ exit();
+ }
- $pass_enc = hesk_Pass2Hash($_SESSION['pass'].strtolower($user).$_SESSION['pass']);
+ $pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
/* Check if default password */
- if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079')
- {
- hesk_process_messages($hesklang['chdp'],'NOREDIRECT','NOTICE');
+ if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
+ hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
// We don't need the password hash anymore
- unset($_SESSION['pass']);
-
+ unset($_SESSION['pass']);
- /* Login successful, clean brute force attempts */
- hesk_cleanBfAttempts();
+ /* Login successful, clean brute force attempts */
+ hesk_cleanBfAttempts();
/* Make sure our user is active */
if (!$_SESSION['active']) {
@@ -239,34 +204,28 @@ function do_login()
}
/* Regenerate session ID (security) */
- hesk_session_regenerate_id();
-
- /* Remember username? */
- if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN')
- {
- setcookie('hesk_username', "$user", strtotime('+1 year'));
- setcookie('hesk_p', "$pass_enc", strtotime('+1 year'));
- }
- elseif ( hesk_POST('remember_user') == 'JUSTUSER')
- {
- setcookie('hesk_username', "$user", strtotime('+1 year'));
- setcookie('hesk_p', '');
- }
- else
- {
- // Expire cookie if set otherwise
- setcookie('hesk_username', '');
- setcookie('hesk_p', '');
- }
+ hesk_session_regenerate_id();
+
+ /* Remember username? */
+ if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
+ setcookie('hesk_username', "$user", strtotime('+1 year'));
+ setcookie('hesk_p', "$pass_enc", strtotime('+1 year'));
+ } elseif (hesk_POST('remember_user') == 'JUSTUSER') {
+ setcookie('hesk_username', "$user", strtotime('+1 year'));
+ setcookie('hesk_p', '');
+ } else {
+ // Expire cookie if set otherwise
+ setcookie('hesk_username', '');
+ setcookie('hesk_p', '');
+ }
/* Close any old tickets here so Cron jobs aren't necessary */
- if ($hesk_settings['autoclose'])
- {
- $revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']);
- $dt = date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400);
+ if ($hesk_settings['autoclose']) {
+ $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
+ $dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
- $closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
+ $closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
$closedStatus = hesk_dbFetchAssoc($closedStatusRs);
// Are we allowed to close tickets in this status?
if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') {
@@ -286,21 +245,21 @@ function do_login()
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
$ticket = hesk_ticketToPlain($ticket, 1, 0);
- hesk_notifyCustomer($modsForHesk_settings,'ticket_closed');
+ hesk_notifyCustomer($modsForHesk_settings, 'ticket_closed');
}
}
}
// Update ticket statuses and history in database if we're allowed to do so
- $defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsAutocloseOption` = 1');
+ $defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1');
$defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs);
- hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=".intval($defaultCloseStatus['ID']).", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '".$closedStatus['ID']."' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
+ hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
}
}
/* Redirect to the destination page */
- header('Location: ' . hesk_verifyGoto() );
- exit();
+ header('Location: ' . hesk_verifyGoto());
+ exit();
} // End do_login()
@@ -524,37 +483,35 @@ function print_login()
} // End print_login()
-function logout() {
- global $hesk_settings, $hesklang;
+function logout()
+{
+ global $hesk_settings, $hesklang;
- if ( ! hesk_token_check('GET', 0))
- {
- print_login();
+ if (!hesk_token_check('GET', 0)) {
+ print_login();
exit();
}
/* Delete from Who's online database */
- if ($hesk_settings['online'])
- {
- require(HESK_PATH . 'inc/users_online.inc.php');
- hesk_setOffline($_SESSION['id']);
- }
+ if ($hesk_settings['online']) {
+ require(HESK_PATH . 'inc/users_online.inc.php');
+ hesk_setOffline($_SESSION['id']);
+ }
/* Destroy session and cookies */
- hesk_session_stop();
+ hesk_session_stop();
/* If we're using the security image for admin login start a new session */
- if ($hesk_settings['secimg_use'] == 2)
- {
- hesk_session_start();
+ if ($hesk_settings['secimg_use'] == 2) {
+ hesk_session_start();
}
- /* Show success message and reset the cookie */
- hesk_process_messages($hesklang['logout_success'],'NOREDIRECT','SUCCESS');
+ /* Show success message and reset the cookie */
+ hesk_process_messages($hesklang['logout_success'], 'NOREDIRECT', 'SUCCESS');
setcookie('hesk_p', '');
/* Print the login form */
- print_login();
- exit();
+ print_login();
+ exit();
} // End logout()
?>
diff --git a/admin/knowledgebase_private.php b/admin/knowledgebase_private.php
index 261f066b..7259a39d 100644
--- a/admin/knowledgebase_private.php
+++ b/admin/knowledgebase_private.php
@@ -8,24 +8,20 @@
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
-
-* The HESK may be used and modified free of charge by anyone
+ * The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
-
-* Selling the code for this program, in part or full, without prior
+ * Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
-
-* Using this code, in part or full, to create derivate work,
+ * Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
-
-* Removing any of the copyright notices without purchasing a license
+ * Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
diff --git a/admin/lock.php b/admin/lock.php
index 1d96296f..24e1410e 100644
--- a/admin/lock.php
+++ b/admin/lock.php
@@ -1,39 +1,35 @@
fetch_assoc();
$statusId = $statusRow['ID'];
-hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$statusId}',`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$statusId}',`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
/* Back to ticket page and show a success message */
-hesk_process_messages($tmp,'admin_ticket.php?track='.$trackingID.'&Refresh='.rand(10000,99999),'SUCCESS');
+hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
?>
diff --git a/admin/mail.php b/admin/mail.php
index c2535884..4d32fb95 100644
--- a/admin/mail.php
+++ b/admin/mail.php
@@ -1,39 +1,35 @@
'.$hesklang['inbox'].' ';
-$hesk_settings['mailtmp']['outbox'] = '
'.$hesklang['outbox'].' ';
-$hesk_settings['mailtmp']['new'] = '
'.$hesklang['m_new'].' ';
+$hesk_settings['mailtmp']['inbox'] = '
' . $hesklang['inbox'] . ' ';
+$hesk_settings['mailtmp']['outbox'] = '
' . $hesklang['outbox'] . ' ';
+$hesk_settings['mailtmp']['new'] = '
' . $hesklang['m_new'] . ' ';
/* Get action */
-if ( $action = hesk_REQUEST('a') )
-{
- if ( defined('HESK_DEMO') && $action != 'new' && $action != 'read' )
- {
- hesk_process_messages($hesklang['ddemo'], 'mail.php', 'NOTICE');
- }
+if ($action = hesk_REQUEST('a')) {
+ if (defined('HESK_DEMO') && $action != 'new' && $action != 'read') {
+ hesk_process_messages($hesklang['ddemo'], 'mail.php', 'NOTICE');
+ }
}
/* Sub-page specific settings */
-if (isset($_GET['folder']) && hesk_GET('folder') == 'outbox')
-{
- $hesk_settings['mailtmp']['this'] = 'from';
- $hesk_settings['mailtmp']['other'] = 'to';
- $hesk_settings['mailtmp']['m_from'] = $hesklang['m_to'];
- $hesk_settings['mailtmp']['outbox'] = '
';
+if (isset($_GET['folder']) && hesk_GET('folder') == 'outbox') {
+ $hesk_settings['mailtmp']['this'] = 'from';
+ $hesk_settings['mailtmp']['other'] = 'to';
+ $hesk_settings['mailtmp']['m_from'] = $hesklang['m_to'];
+ $hesk_settings['mailtmp']['outbox'] = '
';
$hesk_settings['mailtmp']['folder'] = 'outbox';
-}
-elseif ($action == 'new')
-{
- $hesk_settings['mailtmp']['new'] = '
';
- $_SESSION['hide']['list'] = 1;
+} elseif ($action == 'new') {
+ $hesk_settings['mailtmp']['new'] = '
';
+ $_SESSION['hide']['list'] = 1;
/* Do we have a recipient selected? */
- if (!isset($_SESSION['mail']['to']) && isset($_GET['id']))
- {
- $_SESSION['mail']['to'] = intval( hesk_GET('id') );
+ if (!isset($_SESSION['mail']['to']) && isset($_GET['id'])) {
+ $_SESSION['mail']['to'] = intval(hesk_GET('id'));
}
-}
-else
-{
- $hesk_settings['mailtmp']['this'] = 'to';
- $hesk_settings['mailtmp']['other'] = 'from';
- $hesk_settings['mailtmp']['m_from'] = $hesklang['m_from'];
- if ($action != 'read')
- {
- $hesk_settings['mailtmp']['inbox'] = '
';
+} else {
+ $hesk_settings['mailtmp']['this'] = 'to';
+ $hesk_settings['mailtmp']['other'] = 'from';
+ $hesk_settings['mailtmp']['m_from'] = $hesklang['m_from'];
+ if ($action != 'read') {
+ $hesk_settings['mailtmp']['inbox'] = '
';
$hesk_settings['mailtmp']['folder'] = '';
}
}
/* What should we do? */
-switch ($action)
-{
- case 'send':
- mail_send();
+switch ($action) {
+ case 'send':
+ mail_send();
break;
case 'mark_read':
- mail_mark_read();
+ mail_mark_read();
break;
case 'mark_unread':
- mail_mark_unread();
+ mail_mark_unread();
break;
case 'delete':
- mail_delete();
+ mail_delete();
break;
}
@@ -127,12 +112,15 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
@@ -140,47 +128,46 @@ function confirm_delete()
- '.$hesk_settings['mailtmp']['inbox'].'
+ ' . $hesk_settings['mailtmp']['inbox'] . '
' . $hesk_settings['mailtmp']['outbox'] . '
' . $hesk_settings['mailtmp']['new'] . ' ';
- ?>
+ ?>
-
+ /* Hide list of messages? */
+ if (!isset($_SESSION['hide']['list'])) {
+ mail_list_messages();
+ } // END hide list of messages
+
+ /* Show new message form */
+ show_new_form();
+
+ /* Clean unneeded session variables */
+ hesk_cleanSessionVars('hide');
+ hesk_cleanSessionVars('mail');
+ ?>
+
+
' . $hesklang['m_rec'] . '';
- }
- elseif ($_SESSION['mail']['to'] == $_SESSION['id'])
- {
- $hesk_error_buffer .= '
' . $hesklang['m_inr'] . ' ';
- }
- else
- {
- $res = hesk_dbQuery("SELECT `name`,`email`,`notify_pm` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($_SESSION['mail']['to'])."' LIMIT 1");
- $num = hesk_dbNumRows($res);
- if (!$num)
- {
- $hesk_error_buffer .= '
' . $hesklang['m_inr'] . ' ';
- }
- else
- {
- $pm_recipient = hesk_dbFetchAssoc($res);
+ global $hesk_settings, $hesklang, $modsForHesk_settings;
+
+ /* A security check */
+ hesk_token_check('POST');
+
+ $hesk_error_buffer = '';
+
+ /* Recipient */
+ $_SESSION['mail']['to'] = intval(hesk_POST('to'));
+
+ /* Valid recipient? */
+ if (empty($_SESSION['mail']['to'])) {
+ $hesk_error_buffer .= '
' . $hesklang['m_rec'] . ' ';
+ } elseif ($_SESSION['mail']['to'] == $_SESSION['id']) {
+ $hesk_error_buffer .= '
' . $hesklang['m_inr'] . ' ';
+ } else {
+ $res = hesk_dbQuery("SELECT `name`,`email`,`notify_pm` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($_SESSION['mail']['to']) . "' LIMIT 1");
+ $num = hesk_dbNumRows($res);
+ if (!$num) {
+ $hesk_error_buffer .= '
' . $hesklang['m_inr'] . ' ';
+ } else {
+ $pm_recipient = hesk_dbFetchAssoc($res);
}
- }
+ }
- /* Subject */
- $_SESSION['mail']['subject'] = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer .= '
' . $hesklang['m_esu'] . ' ';
+ /* Subject */
+ $_SESSION['mail']['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer .= '
' . $hesklang['m_esu'] . ' ';
- /* Message */
- $_SESSION['mail']['message'] = hesk_input( hesk_POST('message') ) or $hesk_error_buffer .= '
' . $hesklang['enter_message'] . ' ';
+ /* Message */
+ $_SESSION['mail']['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer .= '
' . $hesklang['enter_message'] . ' ';
// Attach signature to the message?
- if ( ! empty($_POST['signature']))
- {
- $_SESSION['mail']['message'] .= "\n\n" . addslashes($_SESSION['signature']) . "\n";
+ if (!empty($_POST['signature'])) {
+ $_SESSION['mail']['message'] .= "\n\n" . addslashes($_SESSION['signature']) . "\n";
}
- /* Any errors? */
- if (strlen($hesk_error_buffer))
- {
- $_SESSION['hide']['list'] = 1;
- $hesk_error_buffer = $hesklang['rfm'].'
';
- hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
- }
- else
- {
- $_SESSION['mail']['message'] = hesk_makeURL($_SESSION['mail']['message']);
- $_SESSION['mail']['message'] = nl2br($_SESSION['mail']['message']);
-
- hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` (`from`,`to`,`subject`,`message`,`dt`,`read`) VALUES ('".intval($_SESSION['id'])."','".intval($_SESSION['mail']['to'])."','".hesk_dbEscape($_SESSION['mail']['subject'])."','".hesk_dbEscape($_SESSION['mail']['message'])."',NOW(),'0')");
+ /* Any errors? */
+ if (strlen($hesk_error_buffer)) {
+ $_SESSION['hide']['list'] = 1;
+ $hesk_error_buffer = $hesklang['rfm'] . '
' . $hesk_error_buffer . ' ';
+ hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
+ } else {
+ $_SESSION['mail']['message'] = hesk_makeURL($_SESSION['mail']['message']);
+ $_SESSION['mail']['message'] = nl2br($_SESSION['mail']['message']);
+
+ hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` (`from`,`to`,`subject`,`message`,`dt`,`read`) VALUES ('" . intval($_SESSION['id']) . "','" . intval($_SESSION['mail']['to']) . "','" . hesk_dbEscape($_SESSION['mail']['subject']) . "','" . hesk_dbEscape($_SESSION['mail']['message']) . "',NOW(),'0')");
/* Notify receiver via e-mail? */
- if (isset($pm_recipient) && $pm_recipient['notify_pm'])
- {
+ if (isset($pm_recipient) && $pm_recipient['notify_pm']) {
$pm_id = hesk_dbInsertID();
$pm = array(
- 'name' => hesk_msgToPlain( addslashes($_SESSION['name']) ,1,1),
- 'subject' => hesk_msgToPlain($_SESSION['mail']['subject'],1,1),
- 'message' => hesk_msgToPlain($_SESSION['mail']['message'],1,1),
- 'id' => $pm_id,
+ 'name' => hesk_msgToPlain(addslashes($_SESSION['name']), 1, 1),
+ 'subject' => hesk_msgToPlain($_SESSION['mail']['subject'], 1, 1),
+ 'message' => hesk_msgToPlain($_SESSION['mail']['message'], 1, 1),
+ 'id' => $pm_id,
);
- /* Format email subject and message for recipient */
- $subject = hesk_getEmailSubject('new_pm',$pm,0);
- $message = hesk_getEmailMessage('new_pm',$pm,$modsForHesk_settings,1,0);
- $htmlMessage = hesk_getHtmlMessage('new_pm',$pm,$modsForHesk_settings,1,0);
- $hasMessage = hesk_doesTemplateHaveTag('new_pm','%%MESSAGE%%', $modsForHesk_settings);
+ /* Format email subject and message for recipient */
+ $subject = hesk_getEmailSubject('new_pm', $pm, 0);
+ $message = hesk_getEmailMessage('new_pm', $pm, $modsForHesk_settings, 1, 0);
+ $htmlMessage = hesk_getHtmlMessage('new_pm', $pm, $modsForHesk_settings, 1, 0);
+ $hasMessage = hesk_doesTemplateHaveTag('new_pm', '%%MESSAGE%%', $modsForHesk_settings);
- /* Send e-mail */
- hesk_mail($pm_recipient['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, array(), array(), $hasMessage);
+ /* Send e-mail */
+ hesk_mail($pm_recipient['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, array(), array(), $hasMessage);
}
- unset($_SESSION['mail']);
+ unset($_SESSION['mail']);
- hesk_process_messages($hesklang['m_pms'],'./mail.php','SUCCESS');
+ hesk_process_messages($hesklang['m_pms'], './mail.php', 'SUCCESS');
}
} // END mail_send()
@@ -502,119 +464,109 @@ function show_message()
function mail_list_messages()
{
- global $hesk_settings, $hesklang, $admins;
+ global $hesk_settings, $hesklang, $admins;
$href = 'mail.php';
$query = '';
- if ($hesk_settings['mailtmp']['folder'] == 'outbox')
- {
- $query .= 'folder=outbox&';
+ if ($hesk_settings['mailtmp']['folder'] == 'outbox') {
+ $query .= 'folder=outbox&';
}
$query .= 'page=';
- $maxresults = 30;
-
- $tmp = intval( hesk_POST('page', 1) );
- $page = ($tmp > 1) ? $tmp : 1;
-
- /* List of private messages */
- $res = hesk_dbQuery("SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `".hesk_dbEscape($hesk_settings['mailtmp']['this'])."`='".intval($_SESSION['id'])."' AND `deletedby`!='".intval($_SESSION['id'])."'");
- $total = hesk_dbResult($res,0,0);
-
- if ($total > 0)
- {
-
- $pages = ceil($total/$maxresults) or $pages = 1;
- if ($page > $pages)
- {
- $page = $pages;
- }
- $limit_down = ($page * $maxresults) - $maxresults;
-
- $prev_page = ($page - 1 <= 0) ? 0 : $page - 1;
- $next_page = ($page + 1 > $pages) ? 0 : $page + 1;
-
- if ($pages > 1)
- {
- echo $hesklang['pg'] . ': ';
-
- /* List pages */
- if ($pages >= 7)
- {
- if ($page > 2)
- {
- echo '
« ';
- }
-
- if ($prev_page)
- {
- echo '
‹ ';
- }
- }
-
- for ($i=1; $i<=$pages; $i++)
- {
- if ($i <= ($page+5) && $i >= ($page-5))
- {
- if ($i == $page)
- {
- echo '
'.$i.' ';
- }
- else
- {
- echo '
'.$i.' ';
- }
- }
- }
-
- if ($pages >= 7)
- {
- if ($next_page)
- {
- echo '
› ';
- }
-
- if ($page < ($pages - 1))
- {
- echo '
» ';
- }
- }
+ $maxresults = 30;
+
+ $tmp = intval(hesk_POST('page', 1));
+ $page = ($tmp > 1) ? $tmp : 1;
+
+ /* List of private messages */
+ $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `" . hesk_dbEscape($hesk_settings['mailtmp']['this']) . "`='" . intval($_SESSION['id']) . "' AND `deletedby`!='" . intval($_SESSION['id']) . "'");
+ $total = hesk_dbResult($res, 0, 0);
+
+ if ($total > 0) {
+
+ $pages = ceil($total / $maxresults) or $pages = 1;
+ if ($page > $pages) {
+ $page = $pages;
+ }
+ $limit_down = ($page * $maxresults) - $maxresults;
+
+ $prev_page = ($page - 1 <= 0) ? 0 : $page - 1;
+ $next_page = ($page + 1 > $pages) ? 0 : $page + 1;
+
+ if ($pages > 1) {
+ echo $hesklang['pg'] . ': ';
+
+ /* List pages */
+ if ($pages >= 7) {
+ if ($page > 2) {
+ echo '
« ';
+ }
+
+ if ($prev_page) {
+ echo '
‹ ';
+ }
+ }
+
+ for ($i = 1; $i <= $pages; $i++) {
+ if ($i <= ($page + 5) && $i >= ($page - 5)) {
+ if ($i == $page) {
+ echo '
' . $i . ' ';
+ } else {
+ echo '
' . $i . ' ';
+ }
+ }
+ }
+
+ if ($pages >= 7) {
+ if ($next_page) {
+ echo '
› ';
+ }
+
+ if ($page < ($pages - 1)) {
+ echo '
» ';
+ }
+ }
echo '
';
- } // end PAGES > 1
-
- // Get messages from the database
- $res = hesk_dbQuery("SELECT `id`, `from`, `to`, `subject`, `dt`, `read` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `".hesk_dbEscape($hesk_settings['mailtmp']['this'])."`='".intval($_SESSION['id'])."' AND `deletedby`!='".intval($_SESSION['id'])."' ORDER BY `id` DESC LIMIT ".intval($limit_down)." , ".intval($maxresults)." ");
- ?>
-
-
+
-
-
+ 0
- else
- {
- echo '
' . $hesklang['npm'] . '
';
+ } // END if total > 0
+ else {
+ echo '
' . $hesklang['npm'] . '
';
}
} // END mail_list_messages()
@@ -665,74 +617,74 @@ EOC;
function show_new_form()
{
- global $hesk_settings, $hesklang, $admins;
- ?>
-
-
3)
- {
+ $_SESSION['cat_priority'] = intval(hesk_POST('priority', 3));
+ if ($_SESSION['cat_priority'] < 0 || $_SESSION['cat_priority'] > 3) {
$_SESSION['cat_priority'] = 3;
}
/* Category name */
- $catname = hesk_input( hesk_POST('name') , $hesklang['enter_cat_name'], 'manage_categories.php');
+ $catname = hesk_input(hesk_POST('name'), $hesklang['enter_cat_name'], 'manage_categories.php');
/* Do we already have a category with this name? */
- $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `name` LIKE '".hesk_dbEscape( hesk_dbLike($catname) )."' LIMIT 1");
- if (hesk_dbNumRows($res) != 0)
- {
- $_SESSION['catname'] = $catname;
- hesk_process_messages($hesklang['cndupl'],'manage_categories.php');
+ $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `name` LIKE '" . hesk_dbEscape(hesk_dbLike($catname)) . "' LIMIT 1");
+ if (hesk_dbNumRows($res) != 0) {
+ $_SESSION['catname'] = $catname;
+ hesk_process_messages($hesklang['cndupl'], 'manage_categories.php');
}
- /* Get the latest cat_order */
- $res = hesk_dbQuery("SELECT `cat_order` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` DESC LIMIT 1");
- $row = hesk_dbFetchRow($res);
- $my_order = $row[0]+10;
+ /* Get the latest cat_order */
+ $res = hesk_dbQuery("SELECT `cat_order` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ORDER BY `cat_order` DESC LIMIT 1");
+ $row = hesk_dbFetchRow($res);
+ $my_order = $row[0] + 10;
- hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` (`name`,`cat_order`,`autoassign`,`type`, `priority`) VALUES ('".hesk_dbEscape($catname)."','".intval($my_order)."','".intval($_SESSION['cat_autoassign'])."','".intval($_SESSION['cat_type'])."','{$_SESSION['cat_priority']}')");
+ hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` (`name`,`cat_order`,`autoassign`,`type`, `priority`) VALUES ('" . hesk_dbEscape($catname) . "','" . intval($my_order) . "','" . intval($_SESSION['cat_autoassign']) . "','" . intval($_SESSION['cat_type']) . "','{$_SESSION['cat_priority']}')");
hesk_cleanSessionVars('catname');
hesk_cleanSessionVars('cat_autoassign');
@@ -545,103 +549,95 @@ function new_cat()
$_SESSION['selcat2'] = hesk_dbInsertID();
- hesk_process_messages(sprintf($hesklang['cat_name_added'],'
'.stripslashes($catname).' '),'manage_categories.php','SUCCESS');
+ hesk_process_messages(sprintf($hesklang['cat_name_added'], '
' . stripslashes($catname) . ' '), 'manage_categories.php', 'SUCCESS');
} // End new_cat()
function rename_cat()
{
- global $hesk_settings, $hesklang;
+ global $hesk_settings, $hesklang;
- /* A security check */
- hesk_token_check('POST');
+ /* A security check */
+ hesk_token_check('POST');
- $_SERVER['PHP_SELF'] = 'manage_categories.php?catid='.intval( hesk_POST('catid') );
+ $_SERVER['PHP_SELF'] = 'manage_categories.php?catid=' . intval(hesk_POST('catid'));
- $catid = hesk_isNumber( hesk_POST('catid'), $hesklang['choose_cat_ren'], $_SERVER['PHP_SELF']);
- $_SESSION['selcat'] = $catid;
+ $catid = hesk_isNumber(hesk_POST('catid'), $hesklang['choose_cat_ren'], $_SERVER['PHP_SELF']);
+ $_SESSION['selcat'] = $catid;
$_SESSION['selcat2'] = $catid;
- $catname = hesk_input( hesk_POST('name'), $hesklang['cat_ren_name'], $_SERVER['PHP_SELF']);
+ $catname = hesk_input(hesk_POST('name'), $hesklang['cat_ren_name'], $_SERVER['PHP_SELF']);
$_SESSION['catname2'] = $catname;
- $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `name` LIKE '".hesk_dbEscape( hesk_dbLike($catname) )."' LIMIT 1");
- if (hesk_dbNumRows($res) != 0)
- {
- $old = hesk_dbFetchAssoc($res);
- if ($old['id'] == $catid)
- {
- hesk_process_messages($hesklang['noch'],$_SERVER['PHP_SELF'],'NOTICE');
- }
- else
- {
- hesk_process_messages($hesklang['cndupl'],$_SERVER['PHP_SELF']);
+ $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `name` LIKE '" . hesk_dbEscape(hesk_dbLike($catname)) . "' LIMIT 1");
+ if (hesk_dbNumRows($res) != 0) {
+ $old = hesk_dbFetchAssoc($res);
+ if ($old['id'] == $catid) {
+ hesk_process_messages($hesklang['noch'], $_SERVER['PHP_SELF'], 'NOTICE');
+ } else {
+ hesk_process_messages($hesklang['cndupl'], $_SERVER['PHP_SELF']);
}
}
- hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` SET `name`='".hesk_dbEscape($catname)."' WHERE `id`='".intval($catid)."' LIMIT 1");
+ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `name`='" . hesk_dbEscape($catname) . "' WHERE `id`='" . intval($catid) . "' LIMIT 1");
unset($_SESSION['selcat']);
unset($_SESSION['catname2']);
- hesk_process_messages($hesklang['cat_renamed_to'].'
'.stripslashes($catname).' ',$_SERVER['PHP_SELF'],'SUCCESS');
+ hesk_process_messages($hesklang['cat_renamed_to'] . '
' . stripslashes($catname) . ' ', $_SERVER['PHP_SELF'], 'SUCCESS');
} // End rename_cat()
function remove()
{
- global $hesk_settings, $hesklang;
+ global $hesk_settings, $hesklang;
- /* A security check */
- hesk_token_check();
+ /* A security check */
+ hesk_token_check();
$_SERVER['PHP_SELF'] = 'manage_categories.php';
- $mycat = intval( hesk_GET('catid') ) or hesk_error($hesklang['no_cat_id']);
- if ($mycat == 1)
- {
- hesk_process_messages($hesklang['cant_del_default_cat'],$_SERVER['PHP_SELF']);
+ $mycat = intval(hesk_GET('catid')) or hesk_error($hesklang['no_cat_id']);
+ if ($mycat == 1) {
+ hesk_process_messages($hesklang['cant_del_default_cat'], $_SERVER['PHP_SELF']);
}
- hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($mycat)."' LIMIT 1");
- if (hesk_dbAffectedRows() != 1)
- {
- hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
+ hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($mycat) . "' LIMIT 1");
+ if (hesk_dbAffectedRows() != 1) {
+ hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
}
- hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `category`=1 WHERE `category`='".intval($mycat)."'");
+ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `category`=1 WHERE `category`='" . intval($mycat) . "'");
- hesk_process_messages($hesklang['cat_removed_db'],$_SERVER['PHP_SELF'],'SUCCESS');
+ hesk_process_messages($hesklang['cat_removed_db'], $_SERVER['PHP_SELF'], 'SUCCESS');
} // End remove()
function order_cat()
{
- global $hesk_settings, $hesklang;
+ global $hesk_settings, $hesklang;
- /* A security check */
- hesk_token_check();
+ /* A security check */
+ hesk_token_check();
- $catid = intval( hesk_GET('catid') ) or hesk_error($hesklang['cat_move_id']);
- $_SESSION['selcat2'] = $catid;
+ $catid = intval(hesk_GET('catid')) or hesk_error($hesklang['cat_move_id']);
+ $_SESSION['selcat2'] = $catid;
- $cat_move=intval( hesk_GET('move') );
+ $cat_move = intval(hesk_GET('move'));
- hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` SET `cat_order`=`cat_order`+".intval($cat_move)." WHERE `id`='".intval($catid)."' LIMIT 1");
- if (hesk_dbAffectedRows() != 1)
- {
- hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
+ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=`cat_order`+" . intval($cat_move) . " WHERE `id`='" . intval($catid) . "' LIMIT 1");
+ if (hesk_dbAffectedRows() != 1) {
+ hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
}
- /* Update all category fields with new order */
- $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` ASC");
+ /* Update all category fields with new order */
+ $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ORDER BY `cat_order` ASC");
- $i = 10;
- while ($mycat=hesk_dbFetchAssoc($res))
- {
- hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` SET `cat_order`=".intval($i)." WHERE `id`='".intval($mycat['id'])."' LIMIT 1");
- $i += 10;
- }
+ $i = 10;
+ while ($mycat = hesk_dbFetchAssoc($res)) {
+ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($mycat['id']) . "' LIMIT 1");
+ $i += 10;
+ }
header('Location: manage_categories.php');
exit();
@@ -650,120 +646,114 @@ function order_cat()
function toggle_autoassign()
{
- global $hesk_settings, $hesklang;
+ global $hesk_settings, $hesklang;
- /* A security check */
- hesk_token_check();
+ /* A security check */
+ hesk_token_check();
- $catid = intval( hesk_GET('catid') ) or hesk_error($hesklang['cat_move_id']);
- $_SESSION['selcat2'] = $catid;
+ $catid = intval(hesk_GET('catid')) or hesk_error($hesklang['cat_move_id']);
+ $_SESSION['selcat2'] = $catid;
- if ( intval( hesk_GET('s') ) )
- {
- $autoassign = 1;
+ if (intval(hesk_GET('s'))) {
+ $autoassign = 1;
$tmp = $hesklang['caaon'];
- }
- else
- {
+ } else {
$autoassign = 0;
$tmp = $hesklang['caaoff'];
}
- /* Update auto-assign settings */
- $res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` SET `autoassign`='".intval($autoassign)."' WHERE `id`='".intval($catid)."' LIMIT 1");
- if (hesk_dbAffectedRows() != 1)
- {
- hesk_process_messages($hesklang['int_error'].': '.$hesklang['cat_not_found'],'./manage_categories.php');
+ /* Update auto-assign settings */
+ $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `autoassign`='" . intval($autoassign) . "' WHERE `id`='" . intval($catid) . "' LIMIT 1");
+ if (hesk_dbAffectedRows() != 1) {
+ hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
}
- hesk_process_messages($tmp,'./manage_categories.php','SUCCESS');
+ hesk_process_messages($tmp, './manage_categories.php', 'SUCCESS');
} // End toggle_autoassign()
function toggle_type()
{
- global $hesk_settings, $hesklang;
+ global $hesk_settings, $hesklang;
- /* A security check */
- hesk_token_check();
+ /* A security check */
+ hesk_token_check();
- $catid = intval( hesk_GET('catid') ) or hesk_error($hesklang['cat_move_id']);
- $_SESSION['selcat2'] = $catid;
+ $catid = intval(hesk_GET('catid')) or hesk_error($hesklang['cat_move_id']);
+ $_SESSION['selcat2'] = $catid;
- if ( intval( hesk_GET('s') ) )
- {
- $type = 1;
+ if (intval(hesk_GET('s'))) {
+ $type = 1;
$tmp = $hesklang['cpriv'];
- }
- else
- {
+ } else {
$type = 0;
$tmp = $hesklang['cpub'];
}
- /* Update auto-assign settings */
- hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` SET `type`='{$type}' WHERE `id`='".intval($catid)."' LIMIT 1");
- if (hesk_dbAffectedRows() != 1)
- {
- hesk_process_messages($hesklang['int_error'].': '.$hesklang['cat_not_found'],'./manage_categories.php');
+ /* Update auto-assign settings */
+ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `type`='{$type}' WHERE `id`='" . intval($catid) . "' LIMIT 1");
+ if (hesk_dbAffectedRows() != 1) {
+ hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
}
- hesk_process_messages($tmp,'./manage_categories.php','SUCCESS');
+ hesk_process_messages($tmp, './manage_categories.php', 'SUCCESS');
} // End toggle_type()
-function output_user_dropdown($catId, $selectId, $userArray) {
+function output_user_dropdown($catId, $selectId, $userArray)
+{
global $hesklang;
if (!hesk_checkPermission('can_set_manager', 0)) {
foreach ($userArray as $user) {
if ($user['id'] == $selectId) {
- return '
'.$user['name'].'
';
+ return '
' . $user['name'] . '
';
}
}
- return '
'.$hesklang['no_manager'].'
';
+ return '
' . $hesklang['no_manager'] . '
';
} else {
$dropdownMarkup = '
- '.$hesklang['no_manager'].' ';
+ ' . $hesklang['no_manager'] . ' ';
foreach ($userArray as $user) {
$select = $selectId == $user['id'] ? 'selected' : '';
- $dropdownMarkup .= ''.$user['name'].' ';
+ $dropdownMarkup .= '' . $user['name'] . ' ';
}
$dropdownMarkup .= ' ';
- return '
';
}
}
-function change_manager() {
+function change_manager()
+{
global $hesklang, $hesk_settings;
$catid = hesk_POST('catid');
$newManagerId = hesk_POST('managerid');
- hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` SET `manager` = '.intval($newManagerId).' WHERE `id` = '.intval($catid));
- if (hesk_dbAffectedRows() != 1)
- {
- hesk_process_messages($hesklang['int_error'].': '.$hesklang['cat_not_found'],'./manage_categories.php');
+ hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` SET `manager` = ' . intval($newManagerId) . ' WHERE `id` = ' . intval($catid));
+ if (hesk_dbAffectedRows() != 1) {
+ hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
}
if ($newManagerId == 0) {
// There is no new manager.
return;
}
// Add the category to the user's categories list, if not already present
- $currentCatRs = hesk_dbQuery('SELECT `categories` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` WHERE `id` = '.intval($newManagerId));
+ $currentCatRs = hesk_dbQuery('SELECT `categories` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` WHERE `id` = ' . intval($newManagerId));
$currentCategories = hesk_dbFetchAssoc($currentCatRs);
$categories = explode(',', $currentCategories['categories']);
if (!in_array($catid, $categories)) {
- hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` SET `categories` = \''.$currentCategories['categories'].','.$catid.'\' WHERE `id` = '.intval($newManagerId));
+ hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` SET `categories` = \'' . $currentCategories['categories'] . ',' . $catid . '\' WHERE `id` = ' . intval($newManagerId));
}
- hesk_process_messages($hesklang['manager_updated'],'./manage_categories.php','SUCCESS');
+ hesk_process_messages($hesklang['manager_updated'], './manage_categories.php', 'SUCCESS');
}
+
?>
diff --git a/admin/manage_email_templates.php b/admin/manage_email_templates.php
index 5d816e92..87e0f586 100644
--- a/admin/manage_email_templates.php
+++ b/admin/manage_email_templates.php
@@ -1,7 +1,7 @@
-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+ } else {
+ echo '
';
+ }
+ ?>
+
+
+
-
-
-
-
-
+
+
+ $value) {
- $languages[$key] = $hesk_settings['languages'][$key]['folder'];
- }
+ // Output list of templates, and provide links to edit the plaintext and HTML versions for each language
+ // First get list of languages
+ $languages = array();
+ foreach ($hesk_settings['languages'] as $key => $value) {
+ $languages[$key] = $hesk_settings['languages'][$key]['folder'];
+ }
- // Get all files, but don't worry about index.htm, items beginning with '.', or the html folder
- // We'll also assume the template file exists in all language folders and in the html folder
- reset($languages);
- $firstKey = key($languages);
- $firstDirectory = HESK_PATH . 'language/'.$languages[$firstKey].'/emails';
- $directoryListing = preg_grep('/^([^.])/', scandir($firstDirectory));
- $emailTemplates = array_diff($directoryListing, array('html', 'index.htm'));
+ // Get all files, but don't worry about index.htm, items beginning with '.', or the html folder
+ // We'll also assume the template file exists in all language folders and in the html folder
+ reset($languages);
+ $firstKey = key($languages);
+ $firstDirectory = HESK_PATH . 'language/' . $languages[$firstKey] . '/emails';
+ $directoryListing = preg_grep('/^([^.])/', scandir($firstDirectory));
+ $emailTemplates = array_diff($directoryListing, array('html', 'index.htm'));
- ?>
-
-
+ ?>
+
+
-
-
+
+
-
-
+
+
+
-
-
+
+
+
-
';
+ $markup .= ' ';
return $markup;
} else {
- $markup = '';
- $markup .= ' ';
+ $markup .= ' ';
return $markup;
}
}
-function save() {
+function save()
+{
global $hesklang;
- $filePath = HESK_PATH . 'language/'.$_POST['language'].'/emails/'.$_POST['template'];
+ $filePath = HESK_PATH . 'language/' . $_POST['language'] . '/emails/' . $_POST['template'];
if ($_POST['html'] == '1') {
- $filePath = HESK_PATH . 'language/'.$_POST['language'].'/emails/html/'.$_POST['template'];
+ $filePath = HESK_PATH . 'language/' . $_POST['language'] . '/emails/html/' . $_POST['template'];
}
$success = file_put_contents($filePath, $_POST['text']);
@@ -277,11 +283,12 @@ function save() {
hesk_process_messages($hesklang['email_template_not_saved'], 'manage_email_templates.php');
} else {
$message = sprintf($hesklang['email_template_saved'], $_POST['template']);
- hesk_process_messages($message,'manage_email_templates.php','SUCCESS');
+ hesk_process_messages($message, 'manage_email_templates.php', 'SUCCESS');
}
}
-function getSpecialTagMap() {
+function getSpecialTagMap()
+{
global $hesk_settings, $modsForHesk_settings, $hesklang;
$map = array();
@@ -305,7 +312,7 @@ function getSpecialTagMap() {
foreach ($hesk_settings['custom_fields'] as $key => $value) {
if ($value['use']) {
$uppercaseKey = strtoupper($key);
- $map['%%'.$uppercaseKey.'%%'] = sprintf($hesklang['custom_field_x'], $i++);
+ $map['%%' . $uppercaseKey . '%%'] = sprintf($hesklang['custom_field_x'], $i++);
}
}
diff --git a/admin/manage_knowledgebase.php b/admin/manage_knowledgebase.php
index 97a407b0..e1c86bea 100644
--- a/admin/manage_knowledgebase.php
+++ b/admin/manage_knowledgebase.php
@@ -8,24 +8,20 @@
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
-
-* The HESK may be used and modified free of charge by anyone
+ * The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
-
-* Selling the code for this program, in part or full, without prior
+ * Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
-
-* Using this code, in part or full, to create derivate work,
+ * Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
-
-* Removing any of the copyright notices without purchasing a license
+ * Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
diff --git a/admin/manage_permission_templates.php b/admin/manage_permission_templates.php
index 1849f1b2..373a1629 100644
--- a/admin/manage_permission_templates.php
+++ b/admin/manage_permission_templates.php
@@ -1,39 +1,35 @@
-
-
+
+
+
-
-
-
-
-
+
+
+
+
+
-
-
-
-
+ ?>
+
+
+
+
+
@@ -160,14 +165,16 @@ exit();
/*** START FUNCTIONS ***/
-function getNumberOfUsersWithPermissionGroup($templateId) {
+function getNumberOfUsersWithPermissionGroup($templateId)
+{
global $hesk_settings;
- $res = hesk_dbQuery("SELECT 1 FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `permission_template` = ".intval($templateId));
+ $res = hesk_dbQuery("SELECT 1 FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `permission_template` = " . intval($templateId));
return hesk_dbNumRows($res);
}
-function createEditModal($template, $features, $categories) {
+function createEditModal($template, $features, $categories)
+{
global $hesklang;
$showNotice = true;
@@ -181,32 +188,37 @@ function createEditModal($template, $features, $categories) {
$enabledCategories = explode(',', $template['categories']);
}
?>
-