From ff0ca2c99eeaa38524b2ea7a6081eb3f2420e1e7 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Mon, 12 Jan 2015 21:44:27 -0500
Subject: [PATCH] #92 Update root index.php

---
 index.php | 156 ++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 135 insertions(+), 21 deletions(-)

diff --git a/index.php b/index.php
index 27d6349c..33d2862f 100644
--- a/index.php
+++ b/index.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -39,6 +39,12 @@ define('HESK_PATH','./');
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 
+// Are we in maintenance mode?
+hesk_check_maintenance();
+
+// Are we in "Knowledgebase only" mode?
+hesk_check_kb_only();
+
 // What should we do?
 $action = hesk_REQUEST('a');
 
@@ -71,7 +77,59 @@ function print_add_ticket()
 	// Auto-focus first empty or error field
 	define('AUTOFOCUS', true);
 
-	// Varibles for coloring the fields in case of errors
+    // Pre-populate fields
+    // Customer name
+    if ( isset($_REQUEST['name']) )
+    {
+        $_SESSION['c_name'] = $_REQUEST['name'];
+    }
+
+    // Customer email address
+    if ( isset($_REQUEST['email']) )
+    {
+        $_SESSION['c_email']  = $_REQUEST['email'];
+        $_SESSION['c_email2'] = $_REQUEST['email'];
+    }
+
+    // Category ID
+    if ( isset($_REQUEST['catid']) )
+    {
+        $_SESSION['c_category'] = intval($_REQUEST['catid']);
+    }
+    if ( isset($_REQUEST['category']) )
+    {
+        $_SESSION['c_category'] = intval($_REQUEST['category']);
+    }
+
+    // Priority
+    if ( isset($_REQUEST['priority']) )
+    {
+        $_SESSION['c_priority'] = intval($_REQUEST['priority']);
+    }
+
+    // Subject
+    if ( isset($_REQUEST['subject']) )
+    {
+        $_SESSION['c_subject'] = $_REQUEST['subject'];
+    }
+
+    // Message
+    if ( isset($_REQUEST['message']) )
+    {
+        $_SESSION['c_message'] = $_REQUEST['message'];
+    }
+
+    // Custom fields
+    foreach ($hesk_settings['custom_fields'] as $k=>$v)
+    {
+        if ($v['use'] && isset($_REQUEST[$k]) )
+        {
+            $_SESSION['c_'.$k] = $_REQUEST[$k];
+        }
+    }
+
+
+    // Variables for coloring the fields in case of errors
 	if ( ! isset($_SESSION['iserror']))
 	{
 		$_SESSION['iserror'] = array();
@@ -82,13 +140,19 @@ function print_add_ticket()
 		$_SESSION['isnotice'] = array();
 	}
 
-    if ( ! isset($_SESSION['c_category']))
+if ( ! isset($_SESSION['c_category']) && ! $hesk_settings['select_cat'])
     {
     	$_SESSION['c_category'] = 0;
     }
 
 	hesk_cleanSessionVars('already_submitted');
 
+    // Tell header to load reCaptcha API if needed
+    if ($hesk_settings['recaptcha_use'] == 2)
+    {
+        define('RECAPTCHA',1);
+    }
+
 	// Print header
 	$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['submit_ticket'];
 	require_once(HESK_PATH . 'inc/header.inc.php');
@@ -135,7 +199,7 @@ function print_add_ticket()
 		            <div class="form-group">
 			            <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label>
 			            <div class="col-sm-9"> 
-                            <input type="text" class="form-control" id="email" name="email" size="40" maxlength="255" value="<?php if (isset($_SESSION['c_email'])) {echo stripslashes(hesk_input($_SESSION['c_email']));} ?>" <?php if (in_array('email',$_SESSION['iserror'])) {echo ' class="isError" ';} elseif (in_array('email',$_SESSION['isnotice'])) {echo ' class="isNotice" ';} ?> <?php if($hesk_settings['detect_typos']) { echo ' onblur="Javascript:hesk_suggestEmail(0)"'; } ?> placeholder="<?php echo $hesklang['email']; ?>" />
+                            <input type="text" class="form-control" id="email" name="email" size="40" maxlength="1000" value="<?php if (isset($_SESSION['c_email'])) {echo stripslashes(hesk_input($_SESSION['c_email']));} ?>" <?php if (in_array('email',$_SESSION['iserror'])) {echo ' class="isError" ';} elseif (in_array('email',$_SESSION['isnotice'])) {echo ' class="isNotice" ';} ?> <?php if($hesk_settings['detect_typos']) { echo ' onblur="Javascript:hesk_suggestEmail(0)"'; } ?> placeholder="<?php echo $hesklang['email']; ?>" />
 		                </div>
                     </div>
                     <?php
@@ -145,7 +209,7 @@ function print_add_ticket()
 		            <div class="form-group">
                         <label for="email2" class="col-sm-3 control-label"><?php echo $hesklang['confemail']; ?>: <font class="important">*</font></label>
                         <div class="col-sm-9">
-                            <input type="text" id="email2" class="form-control" name="email2" size="40" maxlength="255" value="<?php if (isset($_SESSION['c_email2'])) {echo stripslashes(hesk_input($_SESSION['c_email2']));} ?>" <?php if (in_array('email2',$_SESSION['iserror'])) {echo ' class="isError" ';} ?> placeholder="<?php echo $hesklang['confemail']; ?>" />
+                            <input type="text" id="email2" class="form-control" name="email2" size="40" maxlength="1000" value="<?php if (isset($_SESSION['c_email2'])) {echo stripslashes(hesk_input($_SESSION['c_email2']));} ?>" <?php if (in_array('email2',$_SESSION['iserror'])) {echo ' class="isError" ';} ?> placeholder="<?php echo $hesklang['confemail']; ?>" />
                         </div>
                     </div>
                     <?php
@@ -174,12 +238,6 @@ function print_add_ticket()
                         }
                         else
                         {
-		                    // Is the category ID preselected?
-		                    if ( ! empty($_GET['catid']) )
-		                    {
-			                    $_SESSION['c_category'] = intval( hesk_GET('catid') );
-		                    }
-
 		                    // List available categories
 		                    $is_table = 1;
 		            ?>
@@ -187,6 +245,12 @@ function print_add_ticket()
                         <label for="category" class="col-sm-3 control-label"><?php echo $hesklang['category']; ?>: <font class="important">*</font></label>
                         <div class="col-sm-9">
                             <select name="category" id="category" class="form-control" <?php if (in_array('category',$_SESSION['iserror'])) {echo ' class="isError" ';} ?> ><?php
+                                // Show the "Click to select"?
+                                if ($hesk_settings['select_cat'])
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+                                // List categories
 		                        while ($row = hesk_dbFetchAssoc($res))
 		                        {
 			                        echo '<option value="' . $row['id'] . '"' . (($_SESSION['c_category'] == $row['id']) ? ' selected="selected"' : '') . '>' . $row['name'] . '</option>';
@@ -205,6 +269,13 @@ function print_add_ticket()
                         <label for="priority" class="col-sm-3 control-label"><?php echo $hesklang['priority']; ?>: <font class="important">*</font></label>
                         <div class="col-sm-9">   
                             <select id="priority" class="form-control" name="priority" <?php if (in_array('priority',$_SESSION['iserror'])) {echo ' class="isError" ';} ?> >
+                                <?php
+                                // Show the "Click to select"?
+                                if ($hesk_settings['select_pri'])
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+                                ?>
 		                        <option value="3" <?php if(isset($_SESSION['c_priority']) && $_SESSION['c_priority']==3) {echo 'selected="selected"';} ?>><?php echo $hesklang['low']; ?></option>
 		                        <option value="2" <?php if(isset($_SESSION['c_priority']) && $_SESSION['c_priority']==2) {echo 'selected="selected"';} ?>><?php echo $hesklang['medium']; ?></option>
 		                        <option value="1" <?php if(isset($_SESSION['c_priority']) && $_SESSION['c_priority']==1) {echo 'selected="selected"';} ?>><?php echo $hesklang['high']; ?></option>
@@ -288,12 +359,19 @@ function print_add_ticket()
 					            echo '<div class="form-group"><label for="'.$v['name'].'" class="col-sm-3 control-label">'.$v['name'].': '.$v['req'].'</label>
                                 <div class="col-sm-9"><select class="form-control" id="'.$v['name'].'" name="'.$k.'" '.$cls.'>';
 
-	            	            $options = explode('#HESK#',$v['value']);
+                                // Show "Click to select"?
+                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
+                                if ($num)
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+
+                                $options = explode('#HESK#',$v['value']);
 
 	                            foreach ($options as $option)
 	                            {
 
-		            	            if (strlen($k_value) == 0 || $k_value == $option)
+                                    if ($k_value == $option)
 		                            {
 	                    	            $k_value = $option;
 	                                    $selected = 'selected="selected"';
@@ -358,7 +436,7 @@ function print_add_ticket()
                                 foreach ($options as $option)
                                 {
 
-                                    if (strlen($k_value) == 0 || $k_value == $option)
+                                    if ($k_value == $option)
                                     {
                                         $k_value = $option;
                                         $selected = 'selected="selected"';
@@ -528,12 +606,20 @@ function print_add_ticket()
 					            echo '<div class="form-group"><label for="'.$v['name'].'" class="col-sm-3 control-label">'.$v['name'].': '.$v['req'].'</label>
                                 <div class="col-sm-9"><select class="form-control" id="'.$v['name'].'" name="'.$k.'" '.$cls.'>';
 
-	            	            $options = explode('#HESK#',$v['value']);
+                                // Show "Click to select"?
+                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
+                                if ($num)
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+
+
+                                $options = explode('#HESK#',$v['value']);
 
 	                            foreach ($options as $option)
 	                            {
 
-		            	            if (strlen($k_value) == 0 || $k_value == $option)
+		            	            if ($k_value == $option)
 		                            {
 	                    	            $k_value = $option;
 	                                    $selected = 'selected="selected"';
@@ -598,7 +684,7 @@ function print_add_ticket()
                                 foreach ($options as $option)
                                 {
 
-                                    if (strlen($k_value) == 0 || $k_value == $option)
+                                    if ($k_value == $option)
                                     {
                                         $k_value = $option;
                                         $selected = 'selected="selected"';
@@ -715,7 +801,7 @@ function print_add_ticket()
 				                echo '<img src="'.HESK_PATH.'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> '.$hesklang['vrfy'];
 			                }
 			                // Not verified yet, should we use Recaptcha?
-			                elseif ($hesk_settings['recaptcha_use'])
+			                elseif ($hesk_settings['recaptcha_use'] == 1)
 			                {
 				                ?>
 				                <script type="text/javascript">
@@ -738,7 +824,14 @@ function print_add_ticket()
 				                </script>
 				                <?php
 				                require(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
-				                echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, $hesk_settings['recaptcha_ssl']);
+                                echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
+                            }
+                            // Use reCaptcha API v2?
+                            elseif ($hesk_settings['recaptcha_use'] == 2)
+                            {
+                                ?>
+                                <div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>"></div>
+                            <?php
 			                }
 			                // At least use some basic PHP generated image (better than nothing)
 			                else
@@ -794,6 +887,13 @@ function print_add_ticket()
 	                <?php
                 } // End ELSE submit_notice
                 ?>
+
+                <!-- Do not delete or modify the code below, it is used to detect simple SPAM bots -->
+                <input type="hidden" name="hx" value="3" /><input type="hidden" name="hy" value="" />
+                <!-- >
+                <input type="text" name="phone" value="3" />
+                < -->
+
                 </form>
             </div>
                  <!-- END FORM -->
@@ -814,10 +914,12 @@ function print_start()
 	if ($hesk_settings['kb_enable'])
 	{
         require(HESK_PATH . 'inc/knowledgebase_functions.inc.php');
-		hesk_load_database_functions();
-	    hesk_dbConnect();
 	}
 
+    // Connect to database
+    hesk_load_database_functions();
+    hesk_dbConnect();
+
 	/* Print header */
 	require_once(HESK_PATH . 'inc/header.inc.php');
 
@@ -861,6 +963,13 @@ function print_start()
 		</div>
 		<div class="col-md-8">
 				<?php
+                // Service messages
+                $res = hesk_dbQuery('SELECT `title`, `message`, `style` FROM `'.hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `type`='0' ORDER BY `order` ASC");
+                while ($sm=hesk_dbFetchAssoc($res))
+                {
+                    hesk_service_message($sm);
+                }
+
 				// Print small search box
 				if ($hesk_settings['kb_enable'])
 				{
@@ -939,6 +1048,11 @@ function forgot_tid()
 
 	$email = hesk_validateEmail( hesk_POST('email'), 'ERR' ,0) or hesk_process_messages($hesklang['enter_valid_email'],'ticket.php?remind=1');
 
+    if ( isset($_POST['open_only']) )
+    {
+        $hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0;
+    }
+
 	/* Prepare ticket statuses */
 	$my_status = array(
 	    0 => $hesklang['open'],