is_valid) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error']; } } // Using ReCaptcha API v2? elseif ($hesk_settings['recaptcha_use'] == 2) { require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php'); $resp = null; $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']); // Was there a reCAPTCHA response? if (isset($_POST["g-recaptcha-response"])) { $resp = $reCaptcha->verifyResponse(hesk_getClientIP(), hesk_POST("g-recaptcha-response")); } if ($resp != null && $resp->success) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error']; } } // Using PHP generated image else { $mysecnum = intval(hesk_POST('mysecnum', 0)); if (empty($mysecnum)) { $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss']; } else { require(HESK_PATH . 'inc/secimg.inc.php'); $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']); if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng']; } } } } /* Any missing fields? */ if (count($hesk_error_buffer) != 0) { $_SESSION['a_iserror'] = array_keys($hesk_error_buffer); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'] . '

    '; hesk_process_messages($hesk_error_buffer, 'NOREDIRECT'); print_login(); exit(); } elseif (isset($_SESSION['img_a_verified'])) { unset($_SESSION['img_a_verified']); } /* User entered all required info, now lets limit brute force attempts */ hesk_limitBfAttempts(); $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_session_stop(); $_SESSION['a_iserror'] = array('user', 'pass'); hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT'); print_login(); exit(); } $res = hesk_dbFetchAssoc($result); foreach ($res as $k => $v) { $_SESSION[$k] = $v; } /* Check password */ if (hesk_Pass2Hash($pass) != $_SESSION['pass']) { hesk_session_stop(); $_SESSION['a_iserror'] = array('pass'); hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT'); print_login(); exit(); } $pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']); /* Check if default password */ if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') { hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE'); } // Set a tag that will be used to expire sessions after username or password change $_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']); // We don't need the password hash anymore unset($_SESSION['pass']); /* Login successful, clean brute force attempts */ hesk_cleanBfAttempts(); /* Make sure our user is active */ if (!$_SESSION['active']) { hesk_session_stop(); $_SESSION['a_iserror'] = array('active'); hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT'); print_login(); exit(); } /* Regenerate session ID (security) */ hesk_session_regenerate_id(); /* Remember username? */ if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') { hesk_setcookie('hesk_username', "$user", strtotime('+1 year')); hesk_setcookie('hesk_p', "$pass_enc", strtotime('+1 year')); } elseif (hesk_POST('remember_user') == 'JUSTUSER') { hesk_setcookie('hesk_username', "$user", strtotime('+1 year')); hesk_setcookie('hesk_p', ''); } else { // Expire cookie if set otherwise hesk_setcookie('hesk_username', ''); hesk_setcookie('hesk_p', ''); } /* Close any old tickets here so Cron jobs aren't necessary */ if ($hesk_settings['autoclose']) { $revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']); $dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400); $closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1'); $closedStatus = hesk_dbFetchAssoc($closedStatusRs); // Are we allowed to close tickets in this status? if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') { // Notify customer of closed ticket? if ($hesk_settings['notify_closed']) { // Get list of tickets $result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' "); if (hesk_dbNumRows($result) > 0) { global $ticket; // Load required functions? if (!function_exists('hesk_notifyCustomer')) { require(HESK_PATH . 'inc/email_functions.inc.php'); } while ($ticket = hesk_dbFetchAssoc($result)) { $ticket['dt'] = hesk_date($ticket['dt'], true); $ticket['lastchange'] = hesk_date($ticket['lastchange'], true); $ticket = hesk_ticketToPlain($ticket, 1, 0); hesk_notifyCustomer($modsForHesk_settings, 'ticket_closed'); } } } // Update ticket statuses and history in database if we're allowed to do so $defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1'); $defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs); hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' "); } } /* Redirect to the destination page */ header('Location: ' . hesk_verifyGoto()); exit(); } // End do_login() function print_login() { global $hesk_settings, $hesklang; // Tell header to load reCaptcha API if needed if ($hesk_settings['recaptcha_use'] == 2) { define('RECAPTCHA',1); } $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['admin_login']; require_once(HESK_PATH . 'inc/headerAdmin.inc.php'); if ( hesk_isREQUEST('notice') ) { hesk_process_messages($hesklang['session_expired'],'NOREDIRECT'); } if (!isset($_SESSION['a_iserror'])) { $_SESSION['a_iserror'] = array(); } ?>
    '.$hesklang['vrfy']; } // Not verified yet, should we use Recaptcha? elseif ($hesk_settings['recaptcha_use'] == 1) { ?>
    '; echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true); echo '
    '; } // Use reCaptcha API v2? elseif ($hesk_settings['recaptcha_use'] == 2) { ?>
    '; $cls = in_array('mysecnum',$_SESSION['a_iserror']) ? ' class="isError" ' : ''; echo $hesklang['sec_enter'].'

    '.$hesklang['sec_img'].' '. ''.$hesklang['reload'].''. '

    '; echo '
    '; } } // End if $hesk_settings['secimg_use'] == 2 if ($hesk_settings['autologin']) { ?>
    '; } // Do we allow staff password reset? if ($hesk_settings['reset_pass']) { echo '

    '.$hesklang['fpass'].''; } ?>