Netsyms
/
Mods-for-HESK-Netsyms
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 56 百科 动态
Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
1728 提交
6 分支
目录树: f4dbffa7e4
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'f4dbffa7e4'
${ noResults }
Mods-for-HESK-Netsyms/admin/banned_emails.php

banned_emails.php 13KB
原始文件 Blame 文件历史

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331 
  1. <?php

  2. /**

  3.  *

  4.  * This file is part of HESK - PHP Help Desk Software.

  5.  *

  6.  * (c) Copyright Klemen Stirn. All rights reserved.

  7.  * https://www.hesk.com

  8.  *

  9.  * For the full copyright and license agreement information visit

  10.  * https://www.hesk.com/eula.php

  11.  *

  12.  */

  13. 

  14. define('IN_SCRIPT', 1);

  15. define('HESK_PATH', '../');

  16. define('PAGE_TITLE', 'ADMIN_BANNED_EMAILS');

  17. define('MFH_PAGE_LAYOUT', 'TOP_ONLY');

  18. 

  19. /* Get all the required files and functions */

  20. require(HESK_PATH . 'hesk_settings.inc.php');

  21. require(HESK_PATH . 'inc/common.inc.php');

  22. require(HESK_PATH . 'inc/admin_functions.inc.php');

  23. require(HESK_PATH . 'inc/mail_functions.inc.php');

  24. hesk_load_database_functions();

  25. 

  26. hesk_session_start();

  27. hesk_dbConnect();

  28. hesk_isLoggedIn();

  29. 

  30. /* Check permissions for this feature */

  31. hesk_checkPermission('can_ban_emails');

  32. $can_unban = hesk_checkPermission('can_unban_emails', 0);

  33. 

  34. // Define required constants

  35. define('LOAD_TABS', 1);

  36. 

  37. // What should we do?

  38. if ($action = hesk_REQUEST('a')) {

  39.     if (defined('HESK_DEMO')) {

  40.         hesk_process_messages($hesklang['ddemo'], 'banned_emails.php', 'NOTICE');

  41.     } elseif ($action == 'ban') {

  42.         ban_email();

  43.     } elseif ($action == 'unban' && $can_unban) {

  44.         unban_email();

  45.     }

  46. }

  47. 

  48. /* Print header */

  49. require_once(HESK_PATH . 'inc/headerAdmin.inc.php');

  50. 

  51. /* Print main manage users page */

  52. require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');

  53. ?>

  54. <div class="content-wrapper">

  55.     <section class="content">

  56.     <div class="box">

  57.         <div class="box-body">

  58.             <div class="nav-tabs-custom">

  59.                 <ul class="nav nav-tabs" role="tablist">

  60.                     <li role="presentation" class="active">

  61.                         <a href="#"><?php echo $hesklang['banemail']; ?> <i class="fa fa-question-circle settingsquestionmark"

  62.                                                                             onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banemail_intro']); ?>')"></i></a>

  63.                     </li>

  64.                     <?php

  65.                     // Show a link to banned_ips.php if user has permission to do so

  66.                     if (hesk_checkPermission('can_ban_ips', 0)) {

  67.                         echo '

  68.             <li role="presentation">

  69.                 <a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>

  70.             </li>';

  71.                     }

  72.                     // Show a link to status_message.php if user has permission to do so

  73.                     if (hesk_checkPermission('can_service_msg', 0)) {

  74.                         echo '

  75.             <li role="presentation">

  76.                 <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>

  77.             </li>';

  78.                     }

  79. 

  80.                     // Show a link to email tpl management if user has permission to do so

  81.                     if (hesk_checkPermission('can_man_email_tpl', 0)) {

  82.                         echo '

  83.             <li role="presentation">

  84.                 <a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>

  85.             </li>

  86.             ';

  87.                     }

  88.                     if (hesk_checkPermission('can_man_ticket_statuses', 0)) {

  89.                         echo '

  90.             <li role="presentation">

  91.                 <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>

  92.             </li>

  93.             ';

  94.                     }

  95.                     if (hesk_checkPermission('can_man_settings', 0)) {

  96.                         echo '<li role="presentation"><a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a></li> ';

  97.                     }

  98.                     ?>

  99.                 </ul>

  100.                 <div class="tab-content summaryList tabPadding">

  101.                     <script language="javascript" type="text/javascript"><!--

  102.                         function confirm_delete() {

  103.                             if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {

  104.                                 return true;

  105.                             }

  106.                             else {

  107.                                 return false;

  108.                             }

  109.                         }

  110.                         //-->

  111.                     </script>

  112.                     <div class="row">

  113.                         <div class="col-md-8">

  114.                             <br><br>

  115.                             <?php

  116.                             /* This will handle error, success and notice messages */

  117.                             hesk_handle_messages();

  118.                             ?>

  119.                             <form action="banned_emails.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">

  120.                                 <div class="form-group">

  121.                                     <label for="text" class="col-sm-3 control-label"><?php echo $hesklang['bananemail']; ?></label>

  122. 

  123.                                     <div class="col-sm-9">

  124.                                         <input type="text" class="form-control" name="email" size="30" maxlength="255" data-error="<?php echo htmlspecialchars($hesklang['enterbanemail']); ?>"

  125.                                                placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>" required>

  126.                                         <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>

  127.                                         <input type="hidden" name="a" value="ban"/>

  128.                                         <div class="help-block with-errors"></div>

  129.                                     </div>

  130.                                 </div>

  131.                                 <div class="form-group">

  132.                                     <div class="col-sm-9 col-sm-offset-3">

  133.                                         <input type="submit" value="<?php echo $hesklang['savebanemail']; ?>"

  134.                                                class="btn btn-default">

  135.                                     </div>

  136.                                 </div>

  137.                             </form>

  138.                         </div>

  139.                         <div class="col-md-4">

  140.                             <h6 class="bold"><?php echo $hesklang['banex']; ?></h6>

  141. 

  142.                             <div class="footerWithBorder blankSpace"></div>

  143.                             <b>john@example.com</b><br/>

  144.                             <b>@example.com</b>

  145.                         </div>

  146.                     </div>

  147.                     <div class="row">

  148.                         <div class="col-sm-12">

  149.                         <?php

  150. 

  151.                         // Get banned emails from database

  152.                         $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'banned_emails` ORDER BY `email` ASC');

  153.                         $num = hesk_dbNumRows($res);

  154. 

  155.                         echo '<h4>' . $hesklang['eperm'] . '</h4>';

  156.                         if ($num < 1) {

  157.                             echo '<p>' . $hesklang['no_banemails'] . '</p>';

  158.                         } else {

  159.                             // List of staff

  160.                             if (!isset($admins)) {

  161.                                 $admins = array();

  162.                                 $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");

  163.                                 while ($row = hesk_dbFetchAssoc($res2)) {

  164.                                     $admins[$row['id']] = $row['name'];

  165.                                 }

  166.                             }

  167. 

  168.                             ?>

  169.                             <table class="table table-hover">

  170.                                 <thead>

  171.                                 <tr>

  172.                                     <th><?php echo $hesklang['email']; ?></th>

  173.                                     <th><?php echo $hesklang['banby']; ?></th>

  174.                                     <th><?php echo $hesklang['date']; ?></th>

  175.                                     <?php

  176.                                     if ($can_unban) {

  177.                                         ?>

  178.                                         <th><?php echo $hesklang['opt']; ?></th>

  179.                                         <?php

  180.                                     }

  181.                                     ?>

  182.                                 </tr>

  183.                                 </thead>

  184.                                 <tbody>

  185.                                 <?php

  186.                                 while ($ban = hesk_dbFetchAssoc($res)) {

  187.                                     $color = '';

  188.                                     if (isset($_SESSION['ban_email']['id']) && $ban['id'] == $_SESSION['ban_email']['id']) {

  189.                                         $color = 'success';

  190.                                         unset($_SESSION['ban_email']['id']);

  191.                                     }

  192. 

  193.                                     echo '

  194.                         <tr>

  195.                             <td class="' . $color . ' text-left">' . $ban['email'] . '</td>

  196.                             <td class="' . $color . ' text-left">' . (isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']) . '</td>

  197.                             <td class="' . $color . ' text-left">' . $ban['dt'] . '</td>

  198.                             ';

  199. 

  200.                                     if ($can_unban) {

  201.                                         echo '

  202.                             <td class="' . $color . ' text-left">

  203.                                 <a href="banned_emails.php?a=unban&amp;id=' . $ban['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();">

  204.                                     <i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i>

  205.                                 </a>

  206.                             </td>

  207.                             ';

  208.                                     }

  209. 

  210.                                     echo '</tr>';

  211.                                 } // End while

  212.                                 ?>

  213.                                 </tbody>

  214.                             </table>

  215.                             <?php

  216.                         }

  217. 

  218.                         ?>

  219.                         </div>

  220.                     </div>

  221.                 </div>

  222.             </div>

  223.         </div>

  224.     </div>

  225. </section>

  226. </div>

  227. <?php

  228. require_once(HESK_PATH . 'inc/footer.inc.php');

  229. exit();

  230. 

  231. 

  232. /*** START FUNCTIONS ***/

  233. 

  234. function ban_email()

  235. {

  236.     global $hesk_settings, $hesklang;

  237. 

  238.     // A security check

  239.     hesk_token_check();

  240. 

  241.     // Get the email

  242.     $email = hesk_emailCleanup(strtolower(hesk_input(hesk_REQUEST('email'))));

  243. 

  244.     // Nothing entered?

  245.     if (!strlen($email)) {

  246.         hesk_process_messages($hesklang['enterbanemail'], 'banned_emails.php');

  247.     }

  248. 

  249.     // Only allow one email to be entered

  250.     $email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email;

  251.     $email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email;

  252. 

  253.     // Validate email address

  254.     $hesk_settings['multi_eml'] = 0;

  255. 

  256.     if (!hesk_validateEmail($email, '', 0) && !verify_email_domain($email)) {

  257.         hesk_process_messages($hesklang['validbanemail'], 'banned_emails.php');

  258.     }

  259. 

  260.     // Redirect either to banned emails or ticket page from now on

  261.     $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';

  262. 

  263.     // Prevent duplicate rows

  264.     if ($_SESSION['ban_email']['id'] = hesk_isBannedEmail($email)) {

  265.         hesk_process_messages(sprintf($hesklang['emailbanexists'], $email), $redirect_to, 'NOTICE');

  266.     }

  267. 

  268.     // Insert the email address into database

  269.     hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` (`email`,`banned_by`) VALUES ('" . hesk_dbEscape($email) . "','" . intval($_SESSION['id']) . "')");

  270. 

  271.     // Remember email that got banned

  272.     $_SESSION['ban_email']['id'] = hesk_dbInsertID();

  273. 

  274.     // Show success

  275.     hesk_process_messages(sprintf($hesklang['email_banned'], $email), $redirect_to, 'SUCCESS');

  276. 

  277. } // End ban_email()

  278. 

  279. 

  280. function unban_email()

  281. {

  282.     global $hesk_settings, $hesklang;

  283. 

  284.     // A security check

  285.     hesk_token_check();

  286. 

  287.     // Delete from bans

  288.     hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')));

  289. 

  290.     // Redirect either to banned emails or ticket page from now on

  291.     $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';

  292. 

  293.     // Show success

  294.     hesk_process_messages($hesklang['email_unbanned'], $redirect_to, 'SUCCESS');

  295. 

  296. } // End unban_email()

  297. 

  298. 

  299. function verify_email_domain($domain)

  300. {

  301.     // Does it start with an @?

  302.     $atIndex = strrpos($domain, "@");

  303.     if ($atIndex !== 0) {

  304.         return false;

  305.     }

  306. 

  307.     // Get the domain and domain length

  308.     $domain = substr($domain, 1);

  309.     $domainLen = strlen($domain);

  310. 

  311.     // Check domain part length

  312.     if ($domainLen < 1 || $domainLen > 254) {

  313.         return false;

  314.     }

  315. 

  316.     // Check domain part characters

  317.     if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) {

  318.         return false;

  319.     }

  320. 

  321.     // Domain part mustn't have two consecutive dots

  322.     if (strpos($domain, '..') !== false) {

  323.         return false;

  324.     }

  325. 

  326.     // All OK

  327.     return true;

  328. 

  329. } // END verify_email_domain()

  330. 

  331. ?>