Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

521 lines
24 KiB

<?php
/*******************************************************************************
* Title: Help Desk Software HESK
* Version: 2.6.7 from 18th April 2016
* Author: Klemen Stirn
* Website: http://www.hesk.com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
* HESK is a registered trademark of Klemen Stirn.
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it's use.
* Selling the code for this program, in part or full, without prior
* written consent is expressly forbidden.
* Using this code, in part or full, to create derivate work,
* new scripts or products is expressly forbidden. Obtain permission
* before redistributing this software over the Internet or in
* any other medium. In all cases copyright and header must remain intact.
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union.
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden. To remove HESK copyright notice you must purchase
* a license for this script. For more information on how to obtain
* a license please visit the page below:
* https://www.hesk.com/buy.php
*******************************************************************************/
define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
define('WYSIWYG', 1);
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_edit_tickets');
}
$modsForHesk_settings = mfh_getSettings();
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
$is_reply = 0;
$tmpvar = array();
/* Get ticket info */
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
// Demo mode
if (defined('HESK_DEMO')) {
$ticket['email'] = 'hidden@demo.com';
}
/* Is this user allowed to view tickets inside this category? */
if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
hesk_okCategory($ticket['category']);
}
if (hesk_isREQUEST('reply')) {
$tmpvar['id'] = intval(hesk_REQUEST('reply')) or die($hesklang['id_not_valid']);
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='{$tmpvar['id']}' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_error($hesklang['id_not_valid']);
}
$reply = hesk_dbFetchAssoc($result);
$ticket['message'] = $reply['message'];
$is_reply = 1;
}
if (isset($_POST['save'])) {
/* A security check */
hesk_token_check('POST');
$hesk_error_buffer = array();
if ($is_reply) {
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
if (count($hesk_error_buffer)) {
$myerror = '<ul>';
foreach ($hesk_error_buffer as $error) {
$myerror .= "<li>$error</li>\n";
}
$myerror .= '</ul>';
hesk_error($myerror);
}
if (!$modsForHesk_settings['rich_text_for_tickets']) {
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
}
$tmpvar['html'] = hesk_POST('html');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
} else {
$tmpvar['language'] = hesk_POST('customerLanguage');
$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name'];
$tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0);
$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['enter_ticket_subject'];
$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
$tmpvar['html'] = hesk_POST('html');
// Demo mode
if (defined('HESK_DEMO')) {
$tmpvar['email'] = 'hidden@demo.com';
}
if (count($hesk_error_buffer)) {
$myerror = '<ul>';
foreach ($hesk_error_buffer as $error) {
$myerror .= "<li>$error</li>\n";
}
$myerror .= '</ul>';
hesk_error($myerror);
}
if (!$tmpvar['html']) {
$tmpvar['message'] = hesk_makeURL($tmpvar['message']);
$tmpvar['message'] = nl2br($tmpvar['message']);
}
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] && isset($_POST[$k])) {
if ($v['type'] == 'date' && $_POST[$k] != '') {
$tmpvar[$k] = strtotime($_POST[$k]);
} elseif (is_array($_POST[$k])) {
$tmpvar[$k] = '';
foreach ($_POST[$k] as $myCB) {
$tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';
}
$tmpvar[$k] = substr($tmpvar[$k], 0, -6);
} else {
$tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k])));
}
} else {
$tmpvar[$k] = '';
}
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET
`name`='" . hesk_dbEscape($tmpvar['name']) . "',
`email`='" . hesk_dbEscape($tmpvar['email']) . "',
`subject`='" . hesk_dbEscape($tmpvar['subject']) . "',
`message`='" . hesk_dbEscape($tmpvar['message']) . "',
`custom1`='" . hesk_dbEscape($tmpvar['custom1']) . "',
`custom2`='" . hesk_dbEscape($tmpvar['custom2']) . "',
`custom3`='" . hesk_dbEscape($tmpvar['custom3']) . "',
`custom4`='" . hesk_dbEscape($tmpvar['custom4']) . "',
`custom5`='" . hesk_dbEscape($tmpvar['custom5']) . "',
`custom6`='" . hesk_dbEscape($tmpvar['custom6']) . "',
`custom7`='" . hesk_dbEscape($tmpvar['custom7']) . "',
`custom8`='" . hesk_dbEscape($tmpvar['custom8']) . "',
`custom9`='" . hesk_dbEscape($tmpvar['custom9']) . "',
`custom10`='" . hesk_dbEscape($tmpvar['custom10']) . "',
`custom11`='" . hesk_dbEscape($tmpvar['custom11']) . "',
`custom12`='" . hesk_dbEscape($tmpvar['custom12']) . "',
`custom13`='" . hesk_dbEscape($tmpvar['custom13']) . "',
`custom14`='" . hesk_dbEscape($tmpvar['custom14']) . "',
`custom15`='" . hesk_dbEscape($tmpvar['custom15']) . "',
`custom16`='" . hesk_dbEscape($tmpvar['custom16']) . "',
`custom17`='" . hesk_dbEscape($tmpvar['custom17']) . "',
`custom18`='" . hesk_dbEscape($tmpvar['custom18']) . "',
`custom19`='" . hesk_dbEscape($tmpvar['custom19']) . "',
`custom20`='" . hesk_dbEscape($tmpvar['custom20']) . "',
`language`='" . hesk_dbEscape($tmpvar['language']) . "',
`html`='" . hesk_dbEscape($tmpvar['html']) . "'
WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
}
unset($tmpvar);
hesk_cleanSessionVars('tmpvar');
hesk_process_messages($hesklang['edt2'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
$ticket['message'] = hesk_msgToPlain($ticket['message'], 0, 0);
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<ol class="breadcrumb">
<li>
<a href="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000, 99999); ?>"><?php echo $hesklang['ticket'] . ' ' . $trackingID; ?></a>
</li>
<li class="active"><?php echo $hesklang['edtt']; ?></li>
</ol>
<div class="row">
<div class="col-md-8 col-md-offset-2">
<h3><?php echo $hesklang['edtt']; ?></h3>
<div class="footerWithBorder blankSpace"></div>
<form role="form" class="form-horizontal" method="post" action="edit_post.php" name="form1">
<?php
/* If it's not a reply edit all the fields */
if (!$is_reply) {
if ($hesk_settings['can_sel_lang']) {
?>
<div class="form-group">
<label for="customerLanguage" class="col-sm-3 control-label"><?php echo $hesklang['chol']; ?>
:</label>
<div class="col-sm-9">
<select name="customerLanguage" id="customerLanguage" class="form-control">
<?php hesk_listLanguages(); ?>
</select>
</div>
</div>
<?php } else {
echo '<input type="hidden" name="customerLanguage" value="' . $ticket['language'] . '">';
} ?>
<div class="form-group">
<label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject']; ?>:</label>
<div class="col-sm-9">
<input class="form-control" type="text" name="subject" size="40" maxlength="40"
value="<?php echo $ticket['subject']; ?>"
placeholder="<?php echo htmlspecialchars($hesklang['subject']); ?>"/>
</div>
</div>
<div class="form-group">
<label for="name" class="col-sm-3 control-label"><?php echo $hesklang['name']; ?>:</label>
<div class="col-sm-9">
<input class="form-control" type="text" name="name" size="40" maxlength="30"
value="<?php echo $ticket['name']; ?>"
placeholder="<?php echo htmlspecialchars($hesklang['name']); ?>"/>
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>:</label>
<div class="col-sm-9">
<input class="form-control" type="text" name="email" size="40" maxlength="1000"
value="<?php echo $ticket['email']; ?>"
placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>"/>
</div>
</div>
<?php
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use']) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
$k_value = $ticket[$k];
if ($v['type'] == 'checkbox') {
$k_value = explode('<br />', $k_value);
}
switch ($v['type']) {
/* Radio box */
case 'radio':
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9">';
$options = explode('#HESK#', $v['value']);
foreach ($options as $option) {
if (strlen($k_value) == 0 || $k_value == $option) {
$k_value = $option;
$checked = 'checked="checked"';
} else {
$checked = '';
}
echo '<div class="radio"><label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' /> ' . $option . '</label></div>';
}
echo '</div>
</div>
';
break;
/* Select drop-down box */
case 'select':
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9"><select class="form-control" name="' . $k . '">';
// Show "Click to select"?
$v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
if ($num) {
echo '<option value="">' . $hesklang['select'] . '</option>';
}
$options = explode('#HESK#', $v['value']);
foreach ($options as $option) {
if (strlen($k_value) == 0 || $k_value == $option) {
$k_value = $option;
$selected = 'selected="selected"';
} else {
$selected = '';
}
echo '<option ' . $selected . '>' . $option . '</option>';
}
echo '</select></div>
</div>
';
break;
/* Checkbox */
case 'checkbox':
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9">';
$options = explode('#HESK#', $v['value']);
foreach ($options as $option) {
if (in_array($option, $k_value)) {
$checked = 'checked="checked"';
} else {
$checked = '';
}
echo '<div class="checkbox"><label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' /> ' . $option . '</label></div>';
}
echo '</div>
</div>
';
break;
/* Large text box */
case 'textarea':
$size = explode('#', $v['value']);
$size[0] = empty($size[0]) ? 5 : intval($size[0]);
$size[1] = empty($size[1]) ? 30 : intval($size[1]);
$k_value = hesk_msgToPlain($k_value, 0, 0);
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9">
<textarea class="form-control" name="' . $k . '" rows="' . $size[0] . '" placeholder="' . htmlspecialchars($v['name']) . '" cols="' . $size[1] . '">' . $k_value . '</textarea>
</div>
</div>';
break;
case 'date':
if (strlen($k_value) != 0) {
$v['value'] = $k_value;
}
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9">
<input type="text" class="datepicker form-control white-readonly" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $v['name'] . '" name="' . $k . '" size="40"
maxlength="' . $v['maxlen'] . '" value="' . date('Y-m-d', $v['value']) . '" readonly/>
</div>
</div>';
break;
case 'multiselect':
echo '<div class="form-group"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9"><select class="form-control" id="' . $v['name'] . '" name="' . $k . '" multiple>';
$options = explode('#HESK#', $v['value']);
foreach ($options as $option) {
if (strlen($k_value) == 0 || $k_value == $option) {
$k_value = $option;
$selected = 'selected="selected"';
} else {
$selected = '';
}
echo '<option ' . $selected . '>' . $option . '</option>';
}
echo '</select>
<div class="btn-group" role="group">
<button type="button" class="btn btn-default" onclick="selectAll(\'' . $v['name'] . '\')">Select All</button>
<button type="button" class="btn btn-default" onclick="deselectAll(\'' . $v['name'] . '\')">Deselect All</button>
</div></div></div>';
break;
case 'hidden':
//Clean up multiple dashes or whitespaces
$formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
$formattedId = preg_replace("/[\s_]/", "-", $formattedId);
if (strlen($k_value) != 0) {
$v['value'] = $k_value;
}
echo '<input type="hidden" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '"/>';
break;
case 'readonly':
//Clean up multiple dashes or whitespaces
$formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
$formattedId = preg_replace("/[\s_]/", "-", $formattedId);
if (strlen($k_value) != 0) {
$v['value'] = $k_value;
}
echo '<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" readonly></div>
</div>';
break;
/* Default text input */
default:
if (strlen($k_value) != 0) {
$k_value = hesk_msgToPlain($k_value, 0, 0);
$v['value'] = $k_value;
}
echo '
<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
<div class="col-sm-9">
<input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" />
</div>
</div>
';
}
}
}
?>
<?php } ?>
<div class="form-group">
<label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message']; ?>:</label>
<div class="col-sm-9">
<?php
$message = $modsForHesk_settings['rich_text_for_tickets'] ? hesk_html_entity_decode($ticket['message']) : $ticket['message'];
?>
<textarea class="form-control htmlEditor" name="message" rows="12"
placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>"
cols="60"><?php echo $message; ?></textarea>
</div>
</div>
<div class="form-group">
<input type="hidden" name="save" value="1"/><input type="hidden" name="track"
value="<?php echo $trackingID; ?>"/>
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
<?php
if ($is_reply) {
?>
<input type="hidden" name="reply" value="<?php echo $tmpvar['id']; ?>"/>
<?php
}
?>
</div>
<div class="form-group" style="text-align: center">
<?php
$html = $modsForHesk_settings['rich_text_for_tickets'] ? 1 : 0;
?>
<input type="hidden" name="html" value="<?php echo $html; ?>">
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default"/>
<?php if (isset($_REQUEST['isManager']) && $_REQUEST['isManager']): ?>
<input type="hidden" name="isManager" value="1">
<?php endif; ?>
<a class="btn btn-default" href="javascript:history.go(-1)"><?php echo $hesklang['back']; ?></a>
</div>
</form>
</div>
</div>
<?php if ($modsForHesk_settings['rich_text_for_tickets']): ?>
<script type="text/javascript">
/* <![CDATA[ */
tinyMCE.init({
mode: "textareas",
editor_selector: "htmlEditor",
elements: "content",
theme: "advanced",
convert_urls: false,
theme_advanced_buttons1: "cut,copy,paste,|,undo,redo,|,formatselect,fontselect,fontsizeselect,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull",
theme_advanced_buttons2: "sub,sup,|,charmap,|,bullist,numlist,|,outdent,indent,insertdate,inserttime,preview,|,forecolor,backcolor,|,hr,removeformat,visualaid,|,link,unlink,anchor,image,cleanup,code",
theme_advanced_buttons3: "",
theme_advanced_toolbar_location: "top",
theme_advanced_toolbar_align: "left",
theme_advanced_statusbar_location: "bottom",
theme_advanced_resizing: true
});
/* ]]> */
</script>
<?php endif; ?>
<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
?>