Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

banned_emails.php 13KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331
  1. <?php
  2. /**
  3. *
  4. * This file is part of HESK - PHP Help Desk Software.
  5. *
  6. * (c) Copyright Klemen Stirn. All rights reserved.
  7. * https://www.hesk.com
  8. *
  9. * For the full copyright and license agreement information visit
  10. * https://www.hesk.com/eula.php
  11. *
  12. */
  13. define('IN_SCRIPT', 1);
  14. define('HESK_PATH', '../');
  15. define('PAGE_TITLE', 'ADMIN_BANNED_EMAILS');
  16. define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
  17. /* Get all the required files and functions */
  18. require(HESK_PATH . 'hesk_settings.inc.php');
  19. require(HESK_PATH . 'inc/common.inc.php');
  20. require(HESK_PATH . 'inc/admin_functions.inc.php');
  21. require(HESK_PATH . 'inc/mail_functions.inc.php');
  22. hesk_load_database_functions();
  23. hesk_session_start();
  24. hesk_dbConnect();
  25. hesk_isLoggedIn();
  26. /* Check permissions for this feature */
  27. hesk_checkPermission('can_ban_emails');
  28. $can_unban = hesk_checkPermission('can_unban_emails', 0);
  29. // Define required constants
  30. define('LOAD_TABS', 1);
  31. // What should we do?
  32. if ($action = hesk_REQUEST('a')) {
  33. if (defined('HESK_DEMO')) {
  34. hesk_process_messages($hesklang['ddemo'], 'banned_emails.php', 'NOTICE');
  35. } elseif ($action == 'ban') {
  36. ban_email();
  37. } elseif ($action == 'unban' && $can_unban) {
  38. unban_email();
  39. }
  40. }
  41. /* Print header */
  42. require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
  43. /* Print main manage users page */
  44. require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
  45. ?>
  46. <div class="content-wrapper">
  47. <section class="content">
  48. <div class="box">
  49. <div class="box-body">
  50. <div class="nav-tabs-custom">
  51. <ul class="nav nav-tabs" role="tablist">
  52. <li role="presentation" class="active">
  53. <a href="#"><?php echo $hesklang['banemail']; ?> <i class="fa fa-question-circle settingsquestionmark"
  54. onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banemail_intro']); ?>')"></i></a>
  55. </li>
  56. <?php
  57. // Show a link to banned_ips.php if user has permission to do so
  58. if (hesk_checkPermission('can_ban_ips', 0)) {
  59. echo '
  60. <li role="presentation">
  61. <a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>
  62. </li>';
  63. }
  64. // Show a link to status_message.php if user has permission to do so
  65. if (hesk_checkPermission('can_service_msg', 0)) {
  66. echo '
  67. <li role="presentation">
  68. <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
  69. </li>';
  70. }
  71. // Show a link to email tpl management if user has permission to do so
  72. if (hesk_checkPermission('can_man_email_tpl', 0)) {
  73. echo '
  74. <li role="presentation">
  75. <a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>
  76. </li>
  77. ';
  78. }
  79. if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
  80. echo '
  81. <li role="presentation">
  82. <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
  83. </li>
  84. ';
  85. }
  86. if (hesk_checkPermission('can_man_settings', 0)) {
  87. echo '<li role="presentation"><a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a></li> ';
  88. }
  89. ?>
  90. </ul>
  91. <div class="tab-content summaryList tabPadding">
  92. <script language="javascript" type="text/javascript"><!--
  93. function confirm_delete() {
  94. if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {
  95. return true;
  96. }
  97. else {
  98. return false;
  99. }
  100. }
  101. //-->
  102. </script>
  103. <div class="row">
  104. <div class="col-md-8">
  105. <br><br>
  106. <?php
  107. /* This will handle error, success and notice messages */
  108. hesk_handle_messages();
  109. ?>
  110. <form action="banned_emails.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">
  111. <div class="form-group">
  112. <label for="text" class="col-sm-3 control-label"><?php echo $hesklang['bananemail']; ?></label>
  113. <div class="col-sm-9">
  114. <input type="text" class="form-control" name="email" size="30" maxlength="255" data-error="<?php echo htmlspecialchars($hesklang['enterbanemail']); ?>"
  115. placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>" required>
  116. <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
  117. <input type="hidden" name="a" value="ban"/>
  118. <div class="help-block with-errors"></div>
  119. </div>
  120. </div>
  121. <div class="form-group">
  122. <div class="col-sm-9 col-sm-offset-3">
  123. <input type="submit" value="<?php echo $hesklang['savebanemail']; ?>"
  124. class="btn btn-default">
  125. </div>
  126. </div>
  127. </form>
  128. </div>
  129. <div class="col-md-4">
  130. <h6 class="bold"><?php echo $hesklang['banex']; ?></h6>
  131. <div class="footerWithBorder blankSpace"></div>
  132. <b>john@example.com</b><br/>
  133. <b>@example.com</b>
  134. </div>
  135. </div>
  136. <div class="row">
  137. <div class="col-sm-12">
  138. <?php
  139. // Get banned emails from database
  140. $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'banned_emails` ORDER BY `email` ASC');
  141. $num = hesk_dbNumRows($res);
  142. echo '<h4>' . $hesklang['eperm'] . '</h4>';
  143. if ($num < 1) {
  144. echo '<p>' . $hesklang['no_banemails'] . '</p>';
  145. } else {
  146. // List of staff
  147. if (!isset($admins)) {
  148. $admins = array();
  149. $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");
  150. while ($row = hesk_dbFetchAssoc($res2)) {
  151. $admins[$row['id']] = $row['name'];
  152. }
  153. }
  154. ?>
  155. <table class="table table-hover">
  156. <thead>
  157. <tr>
  158. <th><?php echo $hesklang['email']; ?></th>
  159. <th><?php echo $hesklang['banby']; ?></th>
  160. <th><?php echo $hesklang['date']; ?></th>
  161. <?php
  162. if ($can_unban) {
  163. ?>
  164. <th><?php echo $hesklang['opt']; ?></th>
  165. <?php
  166. }
  167. ?>
  168. </tr>
  169. </thead>
  170. <tbody>
  171. <?php
  172. while ($ban = hesk_dbFetchAssoc($res)) {
  173. $color = '';
  174. if (isset($_SESSION['ban_email']['id']) && $ban['id'] == $_SESSION['ban_email']['id']) {
  175. $color = 'success';
  176. unset($_SESSION['ban_email']['id']);
  177. }
  178. echo '
  179. <tr>
  180. <td class="' . $color . ' text-left">' . $ban['email'] . '</td>
  181. <td class="' . $color . ' text-left">' . (isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']) . '</td>
  182. <td class="' . $color . ' text-left">' . $ban['dt'] . '</td>
  183. ';
  184. if ($can_unban) {
  185. echo '
  186. <td class="' . $color . ' text-left">
  187. <a name="Unban '.$ban['email'].'" href="banned_emails.php?a=unban&amp;id=' . $ban['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();">
  188. <i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i>
  189. </a>
  190. </td>
  191. ';
  192. }
  193. echo '</tr>';
  194. } // End while
  195. ?>
  196. </tbody>
  197. </table>
  198. <?php
  199. }
  200. ?>
  201. </div>
  202. </div>
  203. </div>
  204. </div>
  205. </div>
  206. </div>
  207. </section>
  208. </div>
  209. <?php
  210. require_once(HESK_PATH . 'inc/footer.inc.php');
  211. exit();
  212. /*** START FUNCTIONS ***/
  213. function ban_email()
  214. {
  215. global $hesk_settings, $hesklang;
  216. // A security check
  217. hesk_token_check();
  218. // Get the email
  219. $email = hesk_emailCleanup(strtolower(hesk_input(hesk_REQUEST('email'))));
  220. // Nothing entered?
  221. if (!strlen($email)) {
  222. hesk_process_messages($hesklang['enterbanemail'], 'banned_emails.php');
  223. }
  224. // Only allow one email to be entered
  225. $email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email;
  226. $email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email;
  227. // Validate email address
  228. $hesk_settings['multi_eml'] = 0;
  229. if (!hesk_validateEmail($email, '', 0) && !verify_email_domain($email)) {
  230. hesk_process_messages($hesklang['validbanemail'], 'banned_emails.php');
  231. }
  232. // Redirect either to banned emails or ticket page from now on
  233. $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
  234. // Prevent duplicate rows
  235. if ($_SESSION['ban_email']['id'] = hesk_isBannedEmail($email)) {
  236. hesk_process_messages(sprintf($hesklang['emailbanexists'], $email), $redirect_to, 'NOTICE');
  237. }
  238. // Insert the email address into database
  239. hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` (`email`,`banned_by`) VALUES ('" . hesk_dbEscape($email) . "','" . intval($_SESSION['id']) . "')");
  240. // Remember email that got banned
  241. $_SESSION['ban_email']['id'] = hesk_dbInsertID();
  242. // Show success
  243. hesk_process_messages(sprintf($hesklang['email_banned'], $email), $redirect_to, 'SUCCESS');
  244. } // End ban_email()
  245. function unban_email()
  246. {
  247. global $hesk_settings, $hesklang;
  248. // A security check
  249. hesk_token_check();
  250. // Delete from bans
  251. hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')));
  252. // Redirect either to banned emails or ticket page from now on
  253. $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
  254. // Show success
  255. hesk_process_messages($hesklang['email_unbanned'], $redirect_to, 'SUCCESS');
  256. } // End unban_email()
  257. function verify_email_domain($domain)
  258. {
  259. // Does it start with an @?
  260. $atIndex = strrpos($domain, "@");
  261. if ($atIndex !== 0) {
  262. return false;
  263. }
  264. // Get the domain and domain length
  265. $domain = substr($domain, 1);
  266. $domainLen = strlen($domain);
  267. // Check domain part length
  268. if ($domainLen < 1 || $domainLen > 254) {
  269. return false;
  270. }
  271. // Check domain part characters
  272. if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) {
  273. return false;
  274. }
  275. // Domain part mustn't have two consecutive dots
  276. if (strpos($domain, '..') !== false) {
  277. return false;
  278. }
  279. // All OK
  280. return true;
  281. } // END verify_email_domain()
  282. ?>