is_valid) {
$_SESSION['img_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} // Using ReCaptcha API v2?
elseif ($hesk_settings['recaptcha_use'] == 2) {
require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php');
$resp = null;
$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
// Was there a reCAPTCHA response?
if (isset($_POST["g-recaptcha-response"])) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
}
if ($resp != null && $resp->success) {
$_SESSION['img_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} // Using PHP generated image
else {
$mysecnum = intval(hesk_POST('mysecnum', 0));
if (empty($mysecnum)) {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
} else {
require(HESK_PATH . 'inc/secimg.inc.php');
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
$_SESSION['img_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
$email_available = true;
if ($hesk_settings['require_email']) {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
} else {
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
// Not required, but must be valid if it is entered
if ($tmpvar['email'] == '') {
$email_available = false;
if (strlen(hesk_POST('email'))) {
$hesk_error_buffer['email'] = $hesklang['not_valid_email'];
}
// No need to confirm the email
$hesk_settings['confirm_email'] = 0;
$_POST['email2'] = '';
$_SESSION['c_email'] = '';
$_SESSION['c_email2'] = '';
}
}
if ($hesk_settings['confirm_email']) {
$tmpvar['email2'] = hesk_validateEmail(hesk_POST('email2'), 'ERR', 0) or $hesk_error_buffer['email2'] = $hesklang['confemail2'];
// Anything entered as email confirmation?
if ($tmpvar['email2'] != '') {
// Do we have multiple emails?
if ($hesk_settings['multi_eml']) {
$tmpvar['email'] = str_replace(';', ',', $tmpvar['email']);
$tmpvar['email2'] = str_replace(';', ',', $tmpvar['email2']);
if (count(array_diff(explode(',', strtolower($tmpvar['email'])), explode(',', strtolower($tmpvar['email2'])))) == 0) {
$_SESSION['c_email2'] = hesk_POST('email2');
}
} // Single email address match
elseif (!$hesk_settings['multi_eml'] && strtolower($tmpvar['email']) == strtolower($tmpvar['email2'])) {
$_SESSION['c_email2'] = hesk_POST('email2');
} else {
// Invalid match
$tmpvar['email2'] = '';
$_POST['email2'] = '';
$_SESSION['c_email2'] = '';
$_SESSION['isnotice'][] = 'email';
$hesk_error_buffer['email2'] = $hesklang['confemaile'];
}
} else {
$_SESSION['c_email2'] = hesk_POST('email2');
}
}
$tmpvar['category'] = intval(hesk_POST('category')) or $hesk_error_buffer['category'] = $hesklang['sel_app_cat'];
// Do we allow customer to select priority?
if ($hesk_settings['cust_urgency']) {
$tmpvar['priority'] = intval(hesk_POST('priority'));
// We don't allow customers select "Critical". If priority is not valid set it to "low".
if ($tmpvar['priority'] < 1 || $tmpvar['priority'] > 3) {
// If we are showing "Click to select" priority needs to be selected
if ($hesk_settings['select_pri']) {
$tmpvar['priority'] = -1;
$hesk_error_buffer['priority'] = $hesklang['select_priority'];
} else {
$tmpvar['priority'] = 3;
}
}
} // Priority will be selected based on the category selected
else {
$res = hesk_dbQuery("SELECT `priority` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`=" . intval($tmpvar['category']));
if (hesk_dbNumRows($res) == 1) {
$tmpvar['priority'] = intval(hesk_dbResult($res));
} else {
$tmpvar['priority'] = 3;
}
}
if ($hesk_settings['require_subject'] == -1) {
$tmpvar['subject'] = '';
} else {
$tmpvar['subject'] = hesk_input( hesk_POST('subject') );
if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
$hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
}
}
if ($hesk_settings['require_message'] == -1) {
$tmpvar['message'] = '';
} else {
$tmpvar['message'] = hesk_input( hesk_POST('message') );
if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
$hesk_error_buffer['message'] = $hesklang['enter_message'];
}
}
// Is category a valid choice?
if ($tmpvar['category']) {
hesk_verifyCategory();
// Is auto-assign of tickets disabled in this category?
if (empty($hesk_settings['category_data'][$tmpvar['category']]['autoassign'])) {
$hesk_settings['autoassign'] = false;
}
}
// Custom fields
$modsForHesk_settings = mfh_getSettings();
foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use']==1 && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
if ($v['type'] == 'checkbox') {
$tmpvar[$k]='';
if (isset($_POST[$k]) && is_array($_POST[$k])) {
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '
';;
}
$tmpvar[$k]=substr($tmpvar[$k],0,-6);
} else {
if ($v['req']) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
$_POST[$k] = '';
}
$_SESSION["c_$k"]=hesk_POST_array($k);
} elseif ($v['type'] == 'date') {
$tmpvar[$k] = hesk_POST($k);
$_SESSION["c_$k"] = '';
if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
$date = strtotime($tmpvar[$k] . ' t00:00:00');
$dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
$dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
$_SESSION["c_$k"] = $tmpvar[$k];
if ($dmin && $dmin > $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
} elseif ($dmax && $dmax < $date) {
$hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
} else {
$tmpvar[$k] = $date;
}
} else {
if ($v['req']) {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
}
} elseif ($v['type'] == 'email') {
$tmp = $hesk_settings['multi_eml'];
$hesk_settings['multi_eml'] = $v['value']['multiple'];
$tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
$hesk_settings['multi_eml'] = $tmp;
if ($tmpvar[$k] != '') {
$_SESSION["c_$k"] = hesk_input($tmpvar[$k]);
} else {
$_SESSION["c_$k"] = '';
if ($v['req']) {
$hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
}
}
} elseif ($v['req']) {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
if ($tmpvar[$k] == '') {
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
$_SESSION["c_$k"]=hesk_POST($k);
} else {
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
$_SESSION["c_$k"]=hesk_POST($k);
}
} else {
$tmpvar[$k] = '';
}
}
// Check bans
if ($email_available && ! isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
hesk_error($hesklang['baned_e']);
}
// Check maximum open tickets limit
$below_limit = true;
if ($email_available && $hesk_settings['max_open'] && ! isset($hesk_error_buffer['email'])) {
$res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN (SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsClosed` = 0) AND " . hesk_dbFormatEmail($tmpvar['email']));
$num = hesk_dbResult($res);
if ($num >= $hesk_settings['max_open']) {
$hesk_error_buffer = array('max_open' => sprintf($hesklang['maxopen'], $num, $hesk_settings['max_open']));
$below_limit = false;
}
}
// If we reached max tickets let's save some resources
if ($below_limit) {
// Generate tracking ID
$tmpvar['trackid'] = hesk_createID();
// Attachments
if ($hesk_settings['attachments']['use']) {
require_once(HESK_PATH . 'inc/attachments.inc.php');
$attachments = array();
$trackingID = $tmpvar['trackid'];
$use_legacy_attachments = hesk_POST('use-legacy-attachments', 0);
if ($use_legacy_attachments) {
// The user went to the fallback file upload system.
for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
$att = hesk_uploadFile($i);
if ($att !== false && !empty($att)) {
$attachments[$i] = $att;
}
}
} else {
// The user used the new drag-and-drop system.
$temp_attachment_ids = hesk_POST_array('attachment-ids');
foreach ($temp_attachment_ids as $temp_attachment_id) {
// Simply get the temp info and move it to the attachments table
$temp_attachment = mfh_getTemporaryAttachment($temp_attachment_id);
$attachments[] = $temp_attachment;
mfh_deleteTemporaryAttachment($temp_attachment_id);
}
}
}
$tmpvar['attachments'] = '';
}
// If we have any errors lets store info in session to avoid re-typing everything
if (count($hesk_error_buffer)) {
$_SESSION['iserror'] = array_keys($hesk_error_buffer);
$_SESSION['c_name'] = hesk_POST('name');
$_SESSION['c_email'] = hesk_POST('email');
$_SESSION['c_priority'] = hesk_POST('priority');
$_SESSION['c_subject'] = hesk_POST('subject');
$_SESSION['c_message'] = hesk_POST('message');
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "