= \''.hesk_dbEscape($ipAddress).'\'');
if ($ipSql->num_rows > 0) {
$hesk_error_buffer['ip_ban'] = $hesklang['ip_banned'];
}
$emailSql = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` WHERE Email = \''.hesk_dbEscape(hesk_POST('email')).'\'');
if ($emailSql->num_rows > 0) {
$hesk_error_buffer['email_ban'] = $hesklang['email_banned'];
}
// Check anti-SPAM question
if ($hesk_settings['question_use'])
{
$question = hesk_input( hesk_POST('question') );
if ( strlen($question) == 0)
{
$hesk_error_buffer['question'] = $hesklang['q_miss'];
}
elseif (strtolower($question) != strtolower($hesk_settings['question_ans']))
{
$hesk_error_buffer['question'] = $hesklang['q_wrng'];
}
else
{
$_SESSION['c_question'] = $question;
}
}
// Check anti-SPAM image
if ($hesk_settings['secimg_use'] && ! isset($_SESSION['img_verified']))
{
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use'])
{
require(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'],
$_SERVER['REMOTE_ADDR'],
hesk_POST('recaptcha_challenge_field', ''),
hesk_POST('recaptcha_response_field', '')
);
if ($resp->is_valid)
{
$_SESSION['img_verified']=true;
}
else
{
$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
}
}
// Using PHP generated image
else
{
$mysecnum = intval( hesk_POST('mysecnum', 0) );
if ( empty($mysecnum) )
{
$hesk_error_buffer['mysecnum']=$hesklang['sec_miss'];
}
else
{
require(HESK_PATH . 'inc/secimg.inc.php');
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if ( isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum']) )
{
$_SESSION['img_verified']=true;
}
else
{
$hesk_error_buffer['mysecnum']=$hesklang['sec_wrng'];
}
}
}
}
$tmpvar['name'] = hesk_input( hesk_POST('name') ) or $hesk_error_buffer['name']=$hesklang['enter_your_name'];
$tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
if ($hesk_settings['confirm_email'])
{
$tmpvar['email2'] = hesk_input( hesk_POST('email2') ) or $hesk_error_buffer['email2']=$hesklang['confemail2'];
if (strlen($tmpvar['email2']) && ( strtolower($tmpvar['email']) != strtolower($tmpvar['email2']) ))
{
$tmpvar['email2'] = '';
$_POST['email2'] = '';
$_SESSION['c_email2'] = '';
$_SESSION['isnotice'][] = 'email';
$hesk_error_buffer['email2']=$hesklang['confemaile'];
}
else
{
$_SESSION['c_email2'] = $_POST['email2'];
}
}
$tmpvar['category'] = intval( hesk_POST('category') ) or $hesk_error_buffer['category']=$hesklang['sel_app_cat'];
$tmpvar['priority'] = $hesk_settings['cust_urgency'] ? intval( hesk_POST('priority') ) : 3;
// Is priority a valid choice?
if ($tmpvar['priority'] < 1 || $tmpvar['priority'] > 3)
{
$hesk_error_buffer['priority'] = $hesklang['sel_app_priority'];
}
$tmpvar['subject'] = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer['subject']=$hesklang['enter_ticket_subject'];
$tmpvar['message'] = hesk_input( hesk_POST('message') ) or $hesk_error_buffer['message']=$hesklang['enter_message'];
// Is category a valid choice?
if ($tmpvar['category'])
{
hesk_verifyCategory();
// Is auto-assign of tickets disabled in this category?
if ( empty($hesk_settings['category_data'][$tmpvar['category']]['autoassign']) )
{
$hesk_settings['autoassign'] = false;
}
}
// Custom fields
foreach ($hesk_settings['custom_fields'] as $k=>$v)
{
if ($v['use'])
{
if ($modsForHesk_settings['custom_field_setting'])
{
$v['name'] = $hesklang[$v['name']];
}
if ($v['type'] == 'checkbox' || $v['type'] == 'multiselect')
{
$tmpvar[$k]='';
if (isset($_POST[$k]))
{
if (is_array($_POST[$k]))
{
foreach ($_POST[$k] as $myCB)
{
$tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '
';;
}
$tmpvar[$k]=substr($tmpvar[$k],0,-6);
}
}
else
{
if ($v['req'])
{
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
$_POST[$k] = '';
}
}
elseif ($v['req'])
{
$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
if (!strlen($tmpvar[$k]))
{
$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
}
if ($v['type'] == 'date')
{
$tmpvar[$k] = strtotime($_POST[$k]);
}
}
else
{
if ($v['type'] == 'date' && $_POST[$k] != '')
{
$tmpvar[$k] = strtotime($_POST[$k]);
} else
{
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
}
}
$_SESSION["c_$k"]=hesk_POST($k);
}
else
{
$tmpvar[$k] = '';
}
}
// Check maximum open tickets limit
$below_limit = true;
if ($hesk_settings['max_open'] && ! isset($hesk_error_buffer['email']) )
{
$res = hesk_dbQuery("SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `status` IN ('0', '1', '2', '4', '5') AND " . hesk_dbFormatEmail($tmpvar['email']));
$num = hesk_dbResult($res);
if ($num >= $hesk_settings['max_open'])
{
$hesk_error_buffer = array( 'max_open' => sprintf($hesklang['maxopen'], $num, $hesk_settings['max_open']) );
$below_limit = false;
}
}
// If we reached max tickets let's save some resources
if ($below_limit)
{
// Generate tracking ID
$tmpvar['trackid'] = hesk_createID();
// Attachments
if ($hesk_settings['attachments']['use'])
{
require_once(HESK_PATH . 'inc/attachments.inc.php');
$attachments = array();
$trackingID = $tmpvar['trackid'];
for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++)
{
$att = hesk_uploadFile($i);
if ($att !== false && ! empty($att) )
{
$attachments[$i] = $att;
}
}
}
$tmpvar['attachments'] = '';
}
// If we have any errors lets store info in session to avoid re-typing everything
if (count($hesk_error_buffer))
{
$_SESSION['iserror'] = array_keys($hesk_error_buffer);
$_SESSION['c_name'] = hesk_POST('name');
$_SESSION['c_email'] = hesk_POST('email');
$_SESSION['c_category'] = hesk_POST('category');
$_SESSION['c_priority'] = hesk_POST('priority');
$_SESSION['c_subject'] = hesk_POST('subject');
$_SESSION['c_message'] = hesk_POST('message');
$tmp = '';
foreach ($hesk_error_buffer as $error)
{
$tmp .= "