diff --git a/.gitignore b/.gitignore index bdfa288b..096135f6 100644 --- a/.gitignore +++ b/.gitignore @@ -11,6 +11,7 @@ docs/docs_style.css docs/index.html docs/quick-guide.html docs/step-by-step-guide.html +download_attachment.php file_limits.php footer.txt header.txt @@ -146,6 +147,7 @@ img/tag_off.png img/unlock.png img/vertical.jpg img/view.png +inc/admin_functions.inc.php inc/assignment_search.inc.php inc/attachments.inc.php inc/calendar/img/cal.gif @@ -178,8 +180,10 @@ inc/mail/sasl/ntlm_sasl_client.php inc/mail/sasl/plain_sasl_client.php inc/mail/sasl/sasl.php inc/mail/smtp.php +inc/pipe_functions.inc.php inc/posting_functions.inc.php inc/prepare_ticket_export.inc.php +inc/prepare_ticket_search.inc.php inc/print_group.inc.php inc/recaptcha/LICENSE inc/recaptcha/index.htm diff --git a/admin/admin_settings.php b/admin/admin_settings.php index f33173bb..d2cd8f43 100644 --- a/admin/admin_settings.php +++ b/admin/admin_settings.php @@ -484,7 +484,6 @@ if ( defined('HESK_DEMO') )
    • -
    • @@ -1843,20 +1842,6 @@ if ( defined('HESK_DEMO') ) -
    - -
    -
    - -
    -
    -
    - - -
    -
    -
    -
    - - - - - - - - - - fetch_assoc()) { - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - } - - ?> - - - - - - - -
    - - - -
    -
    -
    -
    -
    -
    - - - - - - - - - fetch_assoc()) { - echo ''; - echo ''; - echo ''; - echo ''; - } - ?> - - - - - - - -
    - -
    -
    @@ -2298,7 +2212,7 @@ if ( defined('HESK_DEMO') ) { echo '
    '.$hesklang['e_save_settings'].''; } - ?> + ?>
    diff --git a/admin/admin_settings_save.php b/admin/admin_settings_save.php index def711ce..510e0be9 100644 --- a/admin/admin_settings_save.php +++ b/admin/admin_settings_save.php @@ -496,48 +496,11 @@ $stmt = hesk_dbConnect()->prepare($updateQuery); $stmt->bind_param('i', $_POST['lockedTicketStatus']); $stmt->execute(); -//-- IP Bans -$ipBanSql = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_ips`'); -while ($row = $ipBanSql->fetch_assoc()) { - if (isset($_POST['ipDelete'][$row['ID']])) { - hesk_dbQuery('DELETE FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` WHERE ID = '.hesk_dbEscape($row['ID'])); - } else { - $ipAddressFrom = ip2long($_POST['ipFrom'][$row['ID']]); - $ipAddressTo = ip2long($_POST['ipTo'][$row['ID']]); - hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` - SET `RangeStart` = \''.hesk_dbEscape($ipAddressFrom).'\', - `RangeEnd` = \''.hesk_dbEscape($ipAddressTo).'\' - WHERE ID = '.hesk_dbEscape($row['ID'])); - } -} -if (!empty($_POST['addIpFrom']) && !empty($_POST['addIpTo'])) { - $ipAddressFrom = ip2long($_POST['addIpFrom']); - $ipAddressTo = ip2long($_POST['addIpTo']); - hesk_dbQuery('INSERT INTO `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` (`RangeStart`, `RangeEnd`) - VALUES (\''.hesk_dbEscape($ipAddressFrom).'\', \''.hesk_dbEscape($ipAddressTo).'\')'); -} - -//-- Email Bans -$emailBanSql = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails`'); -while ($row = $emailBanSql->fetch_assoc()) { - if (isset($_POST['emailDelete'][$row['ID']])) { - hesk_dbQuery('DELETE FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` WHERE ID = '.hesk_dbEscape($row['ID'])); - } else { - hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` - SET Email = \''.hesk_dbEscape($_POST['email'][$row['ID']]).'\' - WHERE ID = '.hesk_dbEscape($row['ID'])); - } -} -if (!empty($_POST['addEmail'])) { - hesk_dbQuery('INSERT INTO `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` (Email) VALUES (\''.hesk_dbEscape($_POST['addEmail']).'\')'); -} - $set['hesk_version'] = $hesk_settings['hesk_version']; // Save the modsForHesk_settings.inc.php file $set['rtl'] = empty($_POST['rtl']) ? 0 : 1; $set['show-icons'] = empty($_POST['show-icons']) ? 0 : 1; -$set['maintenance-mode'] = empty($_POST['maintenance-mode']) ? 0 : 1; $set['custom-field-setting'] = empty($_POST['custom-field-setting']) ? 0 : 1; $set['customer-email-verification-required'] = empty($_POST['email-verification']) ? 0 : 1; @@ -546,7 +509,6 @@ if ($set['customer-email-verification-required']) //-- Don't allow multiple emails if verification is required $set['multi_eml'] = 0; } - $set['navbarBackgroundColor'] = hesk_input(hesk_POST('navbarBackgroundColor')); $set['navbarBrandColor'] = hesk_input(hesk_POST('navbarBrandColor')); $set['navbarBrandHoverColor'] = hesk_input(hesk_POST('navbarBrandHoverColor')); @@ -579,9 +541,6 @@ $modsForHesk_settings[\'rtl\'] = '.$set['rtl'].'; //-- Set this to 1 to show icons next to navigation menu items $modsForHesk_settings[\'show_icons\'] = '.$set['show-icons'].'; -//-- Set this to 1 to enable maintenance mode -$modsForHesk_settings[\'maintenance_mode\'] = '.$set['maintenance-mode'].'; - //-- Set this to 1 to enable custom field names as keys $modsForHesk_settings[\'custom_field_setting\'] = '.$set['custom-field-setting'].'; diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php index eff4dac9..ed4fd551 100644 --- a/admin/admin_ticket.php +++ b/admin/admin_ticket.php @@ -39,7 +39,6 @@ define('HESK_PATH','../'); require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php'); -require(HESK_PATH . 'inc/posting_functions.inc.php'); hesk_load_database_functions(); hesk_session_start(); @@ -239,31 +238,7 @@ if (isset($_POST['notemsg']) && hesk_token_check('POST')) { /* Add note to database */ $msg = nl2br(hesk_makeURL($msg)); - hesk_dbInsertID(); hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`) VALUES ('".intval($ticket['id'])."','".intval($_SESSION['id'])."',NOW(),'".hesk_dbEscape($msg)."')"); - $noteId = hesk_dbInsertID(); - - /* Upload attachments to database */ - if ($hesk_settings['attachments']['use']) - { - require(HESK_PATH . 'inc/attachments.inc.php'); - $attachments = array(); - for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++) - { - $att = hesk_uploadFile($i); - if ($att !== false && !empty($att)) - { - $attachments[$i] = $att; - } - } - } - if ($hesk_settings['attachments']['use'] && !empty($attachments)) - { - foreach ($attachments as $myatt) - { - hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`note_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($noteId)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')"); - } - } /* Notify assigned staff that a note has been added if needed */ @@ -427,63 +402,6 @@ if (isset($_GET['delatt']) && hesk_token_check()) hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } -/* Delete note attachment option */ -if (isset($_GET['delete-note-att']) && hesk_token_check()) { - if ( ! $can_delete || ! $can_edit) - { - hesk_process_messages($hesklang['no_permission'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); - } - - $att_id = intval( hesk_GET('delete-note-att') ) or hesk_error($hesklang['inv_att_id']); - - $reply = intval( hesk_GET('reply', 0) ); - if ($reply < 1) - { - $reply = 0; - } - - /* Get attachment info */ - $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1"); - if (hesk_dbNumRows($res) != 1) - { - hesk_process_messages($hesklang['id_not_valid'].' (att_id)','admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); - } - $att = hesk_dbFetchAssoc($res); - - /* Is note ID valid for this attachment? */ - if (!isset($_GET['note_id']) || $att['note_id'] != $_GET['note_id']) - { - hesk_process_messages($hesklang['trackID_not_found'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); - } - - /* Delete file from server */ - hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$att['saved_name']); - - /* Delete attachment from database */ - hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."'"); - - hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); -} - - -if (isset($_POST['note_message'])) { - $n = $_POST['note_id']; - if ($can_del_notes) - { - hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` - SET `edit_date` = NOW(), `message` = '".hesk_dbEscape($_POST['note_message'])."', `number_of_edits` = `number_of_edits` + 1 - WHERE `id`='".intval($n)."' LIMIT 1"); - } - else - { - hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` - SET `edit_date` = NOW(), `message` = '".hesk_dbEscape($_POST['note_message'])."', `number_of_edits` = `number_of_edits` + 1 - WHERE `id`='".intval($n)."' AND `who`='".intval($_SESSION['id'])."' LIMIT 1"); - } - hesk_process_messages($hesklang['note_edit_successful'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); -} - - /* Print header */ require_once(HESK_PATH . 'inc/headerAdmin.inc.php'); @@ -897,48 +815,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); { ?>
    -
    - -
    - - -   - - - -
    - +
    +

    Delete Note

    -

    -
    -
    -

    - - -
    -
    - - - '.$noteAttachment['real_name'].'
    '; - } ?> -
    -
    - 0) { ?> -

    - +

    + :
    @@ -1020,7 +877,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
    -
    : '.$ticket['ip'].''; ?>
    +
    :
    @@ -1543,12 +1400,10 @@ function hesk_printReplyForm() {

    ()
    - -

    - - -

    - +

    + '; + } ?> diff --git a/admin/change_status.php b/admin/change_status.php index 8f0448ee..4598eb3f 100644 --- a/admin/change_status.php +++ b/admin/change_status.php @@ -74,13 +74,6 @@ if ( ! isset($status_options[$status])) $locked = 0; -// Ticket info -$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1"); -if (hesk_dbNumRows($result) != 1) { - hesk_error($hesklang['ticket_not_found']); -} -$ticket = hesk_dbFetchAssoc($result); - $statusRow = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE ID = ".$status)); if ($statusRow['IsClosed']) // Closed { @@ -91,14 +84,6 @@ if ($statusRow['IsClosed']) // Closed { $locked = 1; } - - // Notify customer - require(HESK_PATH . 'inc/email_functions.inc.php'); - - if (!empty($ticket['email'])) - { - hesk_notifyCustomer('ticket_closed'); - } } elseif ($statusRow['ID'] != 0) //Ticket is still open, but not new { @@ -111,15 +96,6 @@ else // Ticket is marked as "NEW" $revision = sprintf($hesklang['thist4'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')'); } -//-- Notify staff after ticket re-open? -$currentStatusRS = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `ID` = '.$ticket['status']); -$currentStatus = hesk_dbFetchAssoc($currentStatusRS); - -if (intval($currentStatus['IsClosed']) == 1 && $statusRow['IsClosed'] == 0 && $ticket['owner'] != $_SESSION['id']) { - $ticket['name'] = $_SESSION['name']; - require(HESK_PATH . 'inc/email_functions.inc.php'); - hesk_notifyAssignedStaff(false, 'ticket_reopen_assigned'); -} hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$status}', `locked`='{$locked}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1"); diff --git a/admin/delete_tickets.php b/admin/delete_tickets.php index 5403e9fa..e7b7390a 100644 --- a/admin/delete_tickets.php +++ b/admin/delete_tickets.php @@ -248,8 +248,6 @@ else hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='".$closedStatus['ID']."', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($this_id)."' LIMIT 1"); $i++; - - hesk_notifyCustomer('ticket_closed'); } hesk_process_messages(sprintf($hesklang['num_tickets_closed'],$i),$referer,'SUCCESS'); diff --git a/admin/index.php b/admin/index.php index f23f0ffe..25f222b6 100644 --- a/admin/index.php +++ b/admin/index.php @@ -34,7 +34,6 @@ define('IN_SCRIPT',1); define('HESK_PATH','../'); -define('ON_LOGIN_PAGE',1); /* Get all the required files and functions */ require(HESK_PATH . 'hesk_settings.inc.php'); diff --git a/admin/profile.php b/admin/profile.php index fcb8c1d4..21082c12 100644 --- a/admin/profile.php +++ b/admin/profile.php @@ -256,14 +256,6 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
    -
    - -
    -
    - -
    -
    -
    @@ -449,7 +441,6 @@ function update_profile() { $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1; $_SESSION['new']['notify_note_unassigned'] = empty($_POST['notify_note_unassigned']) ? 0 : 1; $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1; - $_SESSION['new']['default_notify_customer_email'] = empty($_POST['default_notify_customer_email']) ? 1 : 0; /* Any errors? */ if (strlen($hesk_error_buffer)) @@ -480,8 +471,7 @@ function update_profile() { `notify_assigned`='".intval($_SESSION['new']['notify_assigned'])."' , `notify_pm`='".intval($_SESSION['new']['notify_pm'])."', `notify_note`='".intval($_SESSION['new']['notify_note'])."', - `notify_note_unassigned`='".intval($_SESSION['new']['notify_note_unassigned'])."', - `default_notify_customer_email`='".intval($_SESSION['new']['default_notify_customer_email'])."' + `notify_note_unassigned`='".intval($_SESSION['new']['notify_note_unassigned'])."' WHERE `id`='".intval($_SESSION['id'])."' LIMIT 1" ); diff --git a/css/hesk_newStyle.php b/css/hesk_newStyle.php index 6f65ba1b..ac673961 100644 --- a/css/hesk_newStyle.php +++ b/css/hesk_newStyle.php @@ -359,12 +359,6 @@ div.setupButtons { width: 90%; } -@media (min-width: 768px) { - .float-right-sm { - float: right; - } -} - .white-readonly { cursor: text !important; background-color: #fff !important; diff --git a/css/hesk_newStyleRTL.php b/css/hesk_newStyleRTL.php index 879b572d..3c699673 100644 --- a/css/hesk_newStyleRTL.php +++ b/css/hesk_newStyleRTL.php @@ -356,10 +356,4 @@ div.setupButtons { margin-right: auto; margin-left: auto; width: 90%; -} - -@media (min-width: 768px) { - .float-right-sm { - float: left; - } } \ No newline at end of file diff --git a/download_attachment.php b/download_attachment.php deleted file mode 100644 index a7b713b1..00000000 --- a/download_attachment.php +++ /dev/null @@ -1,174 +0,0 @@ - $chunksize) -{ - $handle = fopen($realpath, 'rb'); - $buffer = ''; - while ( ! feof($handle)) - { - set_time_limit(300); - $buffer = fread($handle, $chunksize); - echo $buffer; - flush(); - } - fclose($handle); -} -else -{ - readfile($realpath); -} - -exit(); -?> diff --git a/inc/admin_functions.inc.php b/inc/admin_functions.inc.php deleted file mode 100644 index 662ffec1..00000000 --- a/inc/admin_functions.inc.php +++ /dev/null @@ -1,694 +0,0 @@ - 59) - { - $m = floor($s / 60) + $m; - $s = intval($s % 60); - } - - /* Convert minutes to hours if 60 or more minutes */ - if ($m > 59) - { - $h = floor($m / 60) + $h; - $m = intval($m % 60); - } - - /* MySQL accepts max time value of 838:59:59 */ - if ($h > 838) - { - return '838:59:59'; - } - - /* That's it, let's send out formatted time string */ - return str_pad($h, 2, "0", STR_PAD_LEFT) . ':' . str_pad($m, 2, "0", STR_PAD_LEFT) . ':' . str_pad($s, 2, "0", STR_PAD_LEFT); - -} // END hesk_getTime(); - - -function hesk_mergeTickets($merge_these, $merge_into) -{ - global $hesk_settings, $hesklang, $hesk_db_link; - - /* Target ticket must not be in the "merge these" list */ - if ( in_array($merge_into, $merge_these) ) - { - $merge_these = array_diff($merge_these, array( $merge_into ) ); - } - - /* At least 1 ticket needs to be merged with target ticket */ - if ( count($merge_these) < 1 ) - { - $_SESSION['error'] = $hesklang['merr1']; - return false; - } - - /* Make sure target ticket exists */ - $res = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($merge_into)."' LIMIT 1"); - if (hesk_dbNumRows($res) != 1) - { - $_SESSION['error'] = $hesklang['merr2']; - return false; - } - $ticket = hesk_dbFetchAssoc($res); - - /* Make sure user has access to ticket category */ - if ( ! hesk_okCategory($ticket['category'], 0) ) - { - $_SESSION['error'] = $hesklang['merr3']; - return false; - } - - /* Set some variables for later */ - $merge['attachments'] = ''; - $merge['replies'] = array(); - $merge['notes'] = array(); - $sec_worked = 0; - $history = ''; - $merged = ''; - - /* Get messages, replies, notes and attachments of tickets that will be merged */ - foreach ($merge_these as $this_id) - { - /* Validate ID */ - if ( is_array($this_id) ) - { - continue; - } - $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); - - /* Get required ticket information */ - $res = hesk_dbQuery("SELECT `id`,`trackid`,`category`,`name`,`message`,`dt`,`time_worked`,`attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1"); - if (hesk_dbNumRows($res) != 1) - { - continue; - } - $row = hesk_dbFetchAssoc($res); - - /* Has this user access to the ticket category? */ - if ( ! hesk_okCategory($row['category'], 0) ) - { - continue; - } - - /* Insert ticket message as a new reply to target ticket */ - hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($row['name'])."','".hesk_dbEscape($row['message'])."','".hesk_dbEscape($row['dt'])."','".hesk_dbEscape($row['attachments'])."')"); - - /* Update attachments */ - hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` SET `ticket_id`='".hesk_dbEscape($ticket['trackid'])."' WHERE `ticket_id`='".hesk_dbEscape($row['trackid'])."'"); - - /* Get old ticket replies and insert them as new replies */ - $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($row['id'])."'"); - while ( $reply = hesk_dbFetchAssoc($res) ) - { - hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`,`rating`,`read`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($reply['name'])."','".hesk_dbEscape($reply['message'])."','".hesk_dbEscape($reply['dt'])."','".hesk_dbEscape($reply['attachments'])."','".intval($reply['staffid'])."','".intval($reply['rating'])."','".intval($reply['read'])."')"); - } - - /* Delete replies to the old ticket */ - hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($row['id'])."'"); - - /* Get old ticket notes and insert them as new notes */ - $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($row['id'])."'"); - while ( $note = hesk_dbFetchAssoc($res) ) - { - hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`) VALUES ('".intval($ticket['id'])."','".intval($note['who'])."','".hesk_dbEscape($note['dt'])."','".hesk_dbEscape($note['message'])."')"); - } - - /* Delete replies to the old ticket */ - hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($row['id'])."'"); - - /* Delete old ticket */ - hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($row['id'])."'"); - - /* Log that ticket has been merged */ - $history .= sprintf($hesklang['thist13'],hesk_date(),$row['trackid'],$_SESSION['name'].' ('.$_SESSION['user'].')'); - - /* Add old ticket ID to target ticket "merged" field */ - $merged .= '#' . $row['trackid']; - - /* Convert old ticket "time worked" to seconds and add to $sec_worked variable */ - list ($hr, $min, $sec) = explode(':', $row['time_worked']); - $sec_worked += (((int)$hr) * 3600) + (((int)$min) * 60) + ((int)$sec); - } - - /* Convert seconds to HHH:MM:SS */ - $sec_worked = hesk_getTime('0:'.$sec_worked); - - /* Update history (log) and merged IDs of target ticket */ - hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `time_worked`=ADDTIME(`time_worked`, '".hesk_dbEscape($sec_worked)."'), `merged`=CONCAT(`merged`,'".hesk_dbEscape($merged . '#')."'), `history`=CONCAT(`history`,'".hesk_dbEscape($history)."') WHERE `id`='".intval($merge_into)."' LIMIT 1"); - - return true; - -} // END hesk_mergeTickets() - - -function hesk_updateStaffDefaults() -{ - global $hesk_settings, $hesklang; - - // Demo mode - if ( defined('HESK_DEMO') ) - { - return true; - } - // Remove the part that forces saving as default - we don't need it every time - $default_list = str_replace('&def=1','',$_SERVER['QUERY_STRING']); - - // Update database - $res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `default_list`='".hesk_dbEscape($default_list)."' WHERE `id`='".intval($_SESSION['id'])."'"); - - // Update session values so the changes take effect immediately - $_SESSION['default_list'] = $default_list; - - return true; - -} // END hesk_updateStaffDefaults() - - -function hesk_makeJsString($in) -{ - return addslashes(preg_replace("/\s+/",' ',$in)); -} // END hesk_makeJsString() - - -function hesk_checkNewMail() -{ - global $hesk_settings, $hesklang; - - $res = hesk_dbQuery("SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `to`='".intval($_SESSION['id'])."' AND `read`='0' AND `deletedby`!='".intval($_SESSION['id'])."' "); - $num = hesk_dbResult($res,0,0); - - return $num; -} // END hesk_checkNewMail() - - -function hesk_dateToString($dt, $returnName=1, $returnTime=0, $returnMonth=0, $from_database=false) -{ - global $hesk_settings, $hesklang; - - $dt = strtotime($dt); - - // Adjust MySQL time if different from PHP time - if ($from_database) - { - if ( ! defined('MYSQL_TIME_DIFF') ) - { - define('MYSQL_TIME_DIFF', time()-hesk_dbTime() ); - } - - if (MYSQL_TIME_DIFF != 0) - { - $dt += MYSQL_TIME_DIFF; - } - - // Add HESK set time difference - $dt += 3600*$hesk_settings['diff_hours'] + 60*$hesk_settings['diff_minutes']; - - // Daylight saving? - if ($hesk_settings['daylight'] && date('I', $dt)) - { - $dt += 3600; - } - } - - list($y,$m,$n,$d,$G,$i,$s) = explode('-', date('Y-n-j-w-G-i-s', $dt) ); - - $m = $hesklang['m'.$m]; - $d = $hesklang['d'.$d]; - - if ($returnName) - { - return "$d, $m $n, $y"; - } - - if ($returnTime) - { - return "$d, $m $n, $y $G:$i:$s"; - } - - if ($returnMonth) - { - return "$m $y"; - } - - return "$m $n, $y"; -} // End hesk_dateToString() - - -function hesk_getCategoriesArray($kb = 0) { - global $hesk_settings, $hesklang, $hesk_db_link; - - $categories = array(); - if ($kb) - { - $result = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` ORDER BY `cat_order` ASC'); - } - else - { - $result = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` ORDER BY `cat_order` ASC'); - } - - while ($row=hesk_dbFetchAssoc($result)) - { - $categories[$row['id']] = $row['name']; - } - - return $categories; -} // END hesk_getCategoriesArray() - - -function hesk_getHTML($in) -{ - global $hesk_settings, $hesklang; - - $replace_from = array("\t","","$","<%","%>"); - $replace_to = array("","<?","?>","\$","<%","%>"); - - $in = trim($in); - $in = str_replace($replace_from,$replace_to,$in); - $in = preg_replace('/\(.*)\<\/script\>/Uis',"",$in); - $in = preg_replace('/\<\!\-\-(.*)\-\-\>/Uis',"",$in); - - if (HESK_SLASH === true) - { - $in = addslashes($in); - } - $in = str_replace('\"','"',$in); - - return $in; -} // END hesk_getHTML() - - -function hesk_autoLogin($noredirect=0) -{ - global $hesk_settings, $hesklang, $hesk_db_link; - - if (!$hesk_settings['autologin']) - { - return false; - } - - $user = hesk_htmlspecialchars( hesk_COOKIE('hesk_username') ); - $hash = hesk_htmlspecialchars( hesk_COOKIE('hesk_p') ); - define('HESK_USER', $user); - - if (empty($user) || empty($hash)) - { - return false; - } - - /* Login cookies exist, now lets limit brute force attempts */ - hesk_limitBfAttempts(); - - /* Check username */ - $result = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `user` = '".hesk_dbEscape($user)."' LIMIT 1"); - if (hesk_dbNumRows($result) != 1) - { - setcookie('hesk_username', ''); - setcookie('hesk_p', ''); - header('Location: index.php?a=login¬ice=1'); - exit(); - } - - $res=hesk_dbFetchAssoc($result); - foreach ($res as $k=>$v) - { - $_SESSION[$k]=$v; - } - - /* Check password */ - if ($hash != hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']) ) - { - setcookie('hesk_username', ''); - setcookie('hesk_p', ''); - header('Location: index.php?a=login¬ice=1'); - exit(); - } - - /* Check if default password */ - if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') - { - hesk_process_messages($hesklang['chdp'],'NOREDIRECT','NOTICE'); - } - - unset($_SESSION['pass']); - - /* Login successful, clean brute force attempts */ - hesk_cleanBfAttempts(); - - /* Regenerate session ID (security) */ - hesk_session_regenerate_id(); - - /* Get allowed categories */ - if (empty($_SESSION['isadmin'])) - { - $_SESSION['categories']=explode(',',$_SESSION['categories']); - } - - /* Renew cookies */ - setcookie('hesk_username', "$user", strtotime('+1 year')); - setcookie('hesk_p', "$hash", strtotime('+1 year')); - - /* Close any old tickets here so Cron jobs aren't necessary */ - if ($hesk_settings['autoclose']) - { - $dt = date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400); - - $waitingForCustomerRS = hesk_dbQuery("SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsDefaultStaffReplyStatus` = 1"); - $waitingForCustomerStatus = hesk_dbFetchAssoc($waitingForCustomerRS); - - $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `status` = ".$waitingForCustomerStatus['ID']." AND `lastchange` <= '".hesk_dbEscape($dt)."' "); - if (hesk_dbNumRows($result) > 0) - { - require(HESK_PATH . 'inc/email_functions.inc.php'); - global $ticket; - while ($ticket = hesk_dbFetchAssoc($result)) { - hesk_notifyCustomer('ticket_closed'); - } - - $revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']); - - $closedStatusRS = hesk_dbQuery("SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsStaffClosedOption` = 1"); - $closedStatus = hesk_dbFetchAssoc($closedStatusRS); - - $sql = "UPDATE `".$hesk_settings['db_pfix']."tickets` SET `status`=".$closedStatus['ID'].", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `status` = ".$waitingForCustomerStatus['ID']." AND `lastchange` <= '".hesk_dbEscape($dt)."' "; - hesk_dbQuery($sql); - } - } - - /* If session expired while a HESK page is open just continue using it, don't redirect */ - if ($noredirect) - { - return true; - } - - /* Redirect to the destination page */ - if ( hesk_isREQUEST('goto') && $url=hesk_REQUEST('goto') ) - { - $url = str_replace('&','&',$url); - header('Location: '.$url); - } - else - { - header('Location: admin_main.php'); - } - exit(); -} // END hesk_autoLogin() - - -function hesk_isLoggedIn() -{ - global $hesk_settings; - - $referer = hesk_input($_SERVER['REQUEST_URI']); - $referer = str_replace('&','&',$referer); - - if (empty($_SESSION['id'])) - { - if ($hesk_settings['autologin'] && hesk_autoLogin(1) ) - { - // Users online - if ($hesk_settings['online']) - { - require(HESK_PATH . 'inc/users_online.inc.php'); - hesk_initOnline($_SESSION['id']); - } - - return true; - } - - // Some pages cannot be redirected to - $modify_redirect = array( - 'admin_reply_ticket.php' => 'admin_main.php', - 'admin_settings_save.php' => 'admin_settings.php', - 'delete_tickets.php' => 'admin_main.php', - 'move_category.php' => 'admin_main.php', - 'priority.php' => 'admin_main.php', - ); - - foreach ($modify_redirect as $from => $to) - { - if ( strpos($referer,$from) !== false ) - { - $referer = $to; - } - } - - $url = 'index.php?a=login¬ice=1&goto='.urlencode($referer); - header('Location: '.$url); - exit(); - } - else - { - hesk_session_regenerate_id(); - - // Need to update permissions? - if ( empty($_SESSION['isadmin']) ) - { - $res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `".$hesk_settings['db_pfix']."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1"); - if (hesk_dbNumRows($res) == 1) - { - $me = hesk_dbFetchAssoc($res); - foreach ($me as $k => $v) - { - $_SESSION[$k]=$v; - } - - // Get allowed categories - if (empty($_SESSION['isadmin']) ) - { - $_SESSION['categories']=explode(',',$_SESSION['categories']); - } - } - else - { - hesk_session_stop(); - $url = 'index.php?a=login¬ice=1&goto='.urlencode($referer); - header('Location: '.$url); - exit(); - } - } - - // Users online - if ($hesk_settings['online']) - { - require(HESK_PATH . 'inc/users_online.inc.php'); - hesk_initOnline($_SESSION['id']); - } - - return true; - } - -} // END hesk_isLoggedIn() - - -function hesk_Pass2Hash($plaintext) { - $majorsalt = ''; - $len = strlen($plaintext); - for ($i=0;$i<$len;$i++) - { - $majorsalt .= sha1(substr($plaintext,$i,1)); - } - $corehash = sha1($majorsalt); - return $corehash; -} // END hesk_Pass2Hash() - - -function hesk_formatDate($dt) -{ - $dt=hesk_date($dt); - $dt=str_replace(' ','
    ',$dt); - return $dt; -} // End hesk_formatDate() - - -function hesk_jsString($str) -{ - $str = str_replace( array('\'','
    ') , array('\\\'','') ,$str); - $from = array("/\r\n|\n|\r/", '/\([^\<]*)\<\/a\>/i', '/\([^\<]*)\<\/a\>/i'); - $to = array("\\r\\n' + \r\n'", "$1", "$1"); - return preg_replace($from,$to,$str); -} // END hesk_jsString() - - -function hesk_myCategories($what='category') -{ - if ( ! empty($_SESSION['isadmin']) ) - { - return '1'; - } - else - { - return " `".hesk_dbEscape($what)."` IN ('" . implode("','", array_map('intval', $_SESSION['categories']) ) . "')"; - } -} // END hesk_myCategories() - - -function hesk_okCategory($cat,$error=1,$user_isadmin=false,$user_cat=false) -{ - global $hesklang; - - /* Checking for current user or someone else? */ - if ($user_isadmin === false) - { - $user_isadmin = $_SESSION['isadmin']; - } - - if ($user_cat === false) - { - $user_cat = $_SESSION['categories']; - } - - /* Is admin? */ - if ($user_isadmin) - { - return true; - } - /* Staff with access? */ - elseif (in_array($cat,$user_cat)) - { - return true; - } - /* No access */ - else - { - if ($error) - { - hesk_error($hesklang['not_authorized_tickets']); - } - else - { - return false; - } - } - -} // END hesk_okCategory() - - -function hesk_checkPermission($feature,$showerror=1) { - global $hesklang; - - - /* Check if this is for managing settings */ - if ($feature == 'can_manage_settings') - { - if ($_SESSION['can_manage_settings']) { - return true; - } else { - if ($showerror) { - hesk_error($hesklang['no_permission'].'

     

    '.$hesklang['click_login'].''); - } else { - return false; - } - } - } - - /* Admins have full access to all features, besides possibly settings */ - if ($_SESSION['isadmin']) - { - return true; - } - - /* Check other staff for permissions */ - if (strpos($_SESSION['heskprivileges'], $feature) === false) - { - if ($showerror) - { - hesk_error($hesklang['no_permission'].'

     

    '.$hesklang['click_login'].''); - } - else - { - return false; - } - } - else - { - return true; - } - -} // END hesk_checkPermission() diff --git a/inc/email_functions.inc.php b/inc/email_functions.inc.php index a347a0a1..9470d819 100644 --- a/inc/email_functions.inc.php +++ b/inc/email_functions.inc.php @@ -241,9 +241,6 @@ function hesk_validEmails() // --> New ticket submitted 'new_ticket' => $hesklang['ticket_received'], - // --> Ticket closed - 'ticket_closed' => $hesklang['ticket_closed'], - // --> Verify email 'verify_email' => $hesklang['verify_email'], @@ -268,9 +265,6 @@ function hesk_validEmails() // --> New note by someone to a ticket assigned to you 'new_note' => $hesklang['new_note'], - // --> Assigned ticket reopened - 'ticket_reopen_assigned' => $hesklang['ticket_reopen_assigned'], - ); } // END hesk_validEmails() diff --git a/inc/header.inc.php b/inc/header.inc.php index c4c64c30..6f440217 100644 --- a/inc/header.inc.php +++ b/inc/header.inc.php @@ -35,10 +35,6 @@ /* Check if this is a valid include */ if (!defined('IN_SCRIPT')) {die('Invalid attempt');} require(HESK_PATH . 'modsForHesk_settings.inc.php'); -// Check to see if we're in maintenance mode before sending anything to the DOM -if ($modsForHesk_settings['maintenance_mode'] && !defined('ON_MAINTENANCE_PAGE') && !defined('ON_LOGIN_PAGE')) { - header('Location: '.HESK_PATH.'maintenance.php'); -} ?> diff --git a/inc/pipe_functions.inc.php b/inc/pipe_functions.inc.php deleted file mode 100755 index cf4e7016..00000000 --- a/inc/pipe_functions.inc.php +++ /dev/null @@ -1,505 +0,0 @@ -num_rows > 0) { - return hesk_cleanExit(); - } - - // Process "From:" name, convert to UTF-8, set to "[Customer]" if not set - $tmpvar['name'] = isset($results['from'][0]['name']) ? $results['from'][0]['name'] : $hesklang['pde']; - if ( ! empty($results['from'][0]['encoding']) ) - { - $tmpvar['name'] = hesk_encodeUTF8($tmpvar['name'], $results['from'][0]['encoding']); - } - $tmpvar['name'] = hesk_input($tmpvar['name'],'','',1,50) or $tmpvar['name'] = $hesklang['pde']; - - // Process "To:" email (not yet implemented, for future use) - // $tmpvar['to_email'] = hesk_validateEmail($results['to'][0]['address'],'ERR',0); - - // Process email subject, convert to UTF-8, set to "[Piped email]" if none set - $tmpvar['subject'] = isset($results['subject']) ? $results['subject'] : $hesklang['pem']; - if ( ! empty($results['subject_encoding']) ) - { - $tmpvar['subject'] = hesk_encodeUTF8($tmpvar['subject'], $results['subject_encoding']); - } - $tmpvar['subject'] = hesk_input($tmpvar['subject'],'','',1,70) or $tmpvar['subject'] = $hesklang['pem']; - - // Process email message, convert to UTF-8 - $tmpvar['message'] = isset($results['message']) ? $results['message'] : ''; - if ( ! empty($results['encoding']) ) - { - $tmpvar['message'] = hesk_encodeUTF8($tmpvar['message'], $results['encoding']); - } - $tmpvar['message'] = hesk_input($tmpvar['message'],'','',1); - - // Message missing? We require it! - if ( ! $tmpvar['message']) - { - return hesk_cleanExit(); - } - - // Strip quoted reply from email - $tmpvar['message'] = hesk_stripQuotedText($tmpvar['message']); - - // Convert URLs to links, change newlines to
    - $tmpvar['message'] = hesk_makeURL($tmpvar['message']); - $tmpvar['message'] = nl2br($tmpvar['message']); - - # For debugging purposes - # die( bin2hex($tmpvar['message']) ); - # die($tmpvar['message']); - - // Try to detect "delivery failed" and "noreply" emails - ignore if detected - if ( hesk_isReturnedEmail($tmpvar) ) - { - return hesk_cleanExit(); - } - - // Check for email loops - if ( hesk_isEmailLoop($tmpvar['email'], md5($tmpvar['message']) ) ) - { - return hesk_cleanExit(); - } - - // OK, everything seems OK. Now determine if this is a reply to a ticket or a new ticket - if ( preg_match('/\[#([A-Z0-9]{3}\-[A-Z0-9]{3}\-[A-Z0-9]{4})\]/', str_replace(' ', '', $tmpvar['subject']), $matches) ) - { - // We found a possible tracking ID - $tmpvar['trackid'] = $matches[1]; - - // Does it match one in the database? - $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($tmpvar['trackid'])."' LIMIT 1"); - if (hesk_dbNumRows($res)) - { - $ticket = hesk_dbFetchAssoc($res); - - // Do email addresses match? - if ( strpos( strtolower($ticket['email']), strtolower($tmpvar['email']) ) === false ) - { - $tmpvar['trackid'] = ''; - } - - // Is this ticket locked? Force create a new one if it is - if ($ticket['locked']) - { - $tmpvar['trackid'] = ''; - } - } - else - { - $tmpvar['trackid'] = ''; - } - } - - // If tracking ID is empty, generate a new one - if ( empty($tmpvar['trackid']) ) - { - $tmpvar['trackid'] = hesk_createID(); - $is_reply = 0; - } - else - { - $is_reply = 1; - } - - // Process attachments - $tmpvar['attachmment_notices'] = ''; - $tmpvar['attachments'] = ''; - $num = 0; - if ($hesk_settings['attachments']['use'] && isset($results['attachments'][0])) - { - #print_r($results['attachments']); - - foreach ($results['attachments'] as $k => $v) - { - - // Clean attachment names - $myatt['real_name'] = hesk_cleanFileName($v['orig_name']); - - // Check number of attachments, delete any over max number - if ($num >= $hesk_settings['attachments']['max_number']) - { - $tmpvar['attachmment_notices'] .= sprintf($hesklang['attnum'], $myatt['real_name']) . "\n"; - continue; - } - - // Check file extension - $ext = strtolower(strrchr($myatt['real_name'], ".")); - if (!in_array($ext,$hesk_settings['attachments']['allowed_types'])) - { - $tmpvar['attachmment_notices'] .= sprintf($hesklang['atttyp'], $myatt['real_name']) . "\n"; - continue; - } - - // Check file size - $myatt['size'] = $v['size']; - if ($myatt['size'] > ($hesk_settings['attachments']['max_size'])) - { - $tmpvar['attachmment_notices'] .= sprintf($hesklang['attsiz'], $myatt['real_name']) . "\n"; - continue; - } - - // Generate a random file name - $useChars='AEUYBDGHJLMNPQRSTVWXZ123456789'; - $tmp = $useChars{mt_rand(0,29)}; - for($j=1;$j<10;$j++) - { - $tmp .= $useChars{mt_rand(0,29)}; - } - $myatt['saved_name'] = substr($tmpvar['trackid'] . '_' . md5($tmp . $myatt['real_name']), 0, 200) . $ext; - - // Rename the temporary file - rename($v['stored_name'],HESK_PATH.$hesk_settings['attach_dir'].'/'.$myatt['saved_name']); - - // Insert into database - hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($tmpvar['trackid'])."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')"); - $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] .','; - - $num++; - } - - if (strlen($tmpvar['attachmment_notices'])) - { - $tmpvar['message'] .= "

    " . hesk_input($hesklang['attrem'],'','',1) . "
    " . nl2br(hesk_input($tmpvar['attachmment_notices'],'','',1)); - } - } - - // Delete the temporary files - deleteAll($results['tempdir']); - - // If this is a reply add a new reply - if ($is_reply) - { - // Set last replier name to customer name - $ticket['lastreplier'] = ($tmpvar['name'] == $hesklang['pde']) ? $tmpvar['email'] : $tmpvar['name'];; - - // If staff hasn't replied yet, keep ticket status "New", otherwise set it to "Waiting reply from staff" - $ticket['status'] = $ticket['status'] ? 1 : 0; - - // Update ticket as necessary - hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`lastreplier`='0' WHERE `id`='".intval($ticket['id'])."' LIMIT 1"); - - // Insert reply into database - hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($ticket['lastreplier'])."','".hesk_dbEscape($tmpvar['message'])."',NOW(),'".hesk_dbEscape($tmpvar['attachments'])."')"); - - // --> Prepare reply message - - // 1. Generate the array with ticket info that can be used in emails - $info = array( - 'email' => $ticket['email'], - 'category' => $ticket['category'], - 'priority' => $ticket['priority'], - 'owner' => $ticket['owner'], - 'trackid' => $ticket['trackid'], - 'status' => $ticket['status'], - 'name' => $ticket['name'], - 'lastreplier' => $ticket['lastreplier'], - 'subject' => $ticket['subject'], - 'message' => stripslashes($tmpvar['message']), - 'attachments' => $tmpvar['attachments'], - 'dt' => hesk_date($ticket['dt'], true), - 'lastchange' => hesk_date($ticket['lastchange'], true), - ); - - // 2. Add custom fields to the array - foreach ($hesk_settings['custom_fields'] as $k => $v) - { - $info[$k] = $v['use'] ? $ticket[$k] : ''; - } - - // 3. Make sure all values are properly formatted for email - $ticket = hesk_ticketToPlain($info, 1, 0); - - // --> Process custom fields before sending - foreach ($hesk_settings['custom_fields'] as $k => $v) - { - $ticket[$k] = $v['use'] ? hesk_msgToPlain($ticket[$k], 1) : ''; - } - - // --> If ticket is assigned just notify the owner - if ($ticket['owner']) - { - hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my'); - } - // --> No owner assigned, find and notify appropriate staff - else - { - hesk_notifyStaff('new_reply_by_customer',"`notify_reply_unassigned`='1'"); - } - - return $ticket['trackid']; - - } // END REPLY - - // Not a reply, but a new ticket. Add it to the database - $tmpvar['category'] = 1; - $tmpvar['priority'] = 3; - $_SERVER['REMOTE_ADDR'] = $hesklang['unknown']; - - // Auto assign tickets if aplicable - $tmpvar['owner'] = 0; - $tmpvar['history'] = $pop3 ? sprintf($hesklang['thist16'], hesk_date()) : sprintf($hesklang['thist11'], hesk_date()); - - $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']); - - #print_r($autoassign_owner); - - if ($autoassign_owner) - { - $tmpvar['owner'] = $autoassign_owner['id']; - $tmpvar['history'] .= sprintf($hesklang['thist10'],hesk_date(),$autoassign_owner['name'].' ('.$autoassign_owner['user'].')'); - } - - // Custom fields will be empty as there is no reliable way of detecting them - foreach ($hesk_settings['custom_fields'] as $k=>$v) - { - $tmpvar[$k] = ''; - } - - // Insert ticket to database - $ticket = hesk_newTicket($tmpvar); - - // Notify the customer - hesk_notifyCustomer(); - - // Need to notify staff? - // --> From autoassign? - if ($tmpvar['owner'] && $autoassign_owner['notify_assigned']) - { - hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you'); - } - // --> No autoassign, find and notify appropriate staff - elseif ( ! $tmpvar['owner'] ) - { - hesk_notifyStaff('new_ticket_staff', " `notify_new_unassigned` = '1' "); - } - - return $ticket['trackid']; -} // END hesk_email2ticket() - - -function hesk_encodeUTF8($in, $encoding) -{ - $encoding = strtoupper($encoding); - - switch($encoding) - { - case 'UTF-8': - return $in; - break; - case 'ISO-8859-1': - return utf8_encode($in); - break; - default: - return iconv($encoding, 'UTF-8', $in); - break; - } -} // END hesk_encodeUTF8() - - -function hesk_stripQuotedText($message) -{ - global $hesk_settings, $hesklang; - - // Stripping quoted text disabled? - if ( ! $hesk_settings['strip_quoted']) - { - return $message; - } - - // Loop through available languages and ty to find the tag - foreach ($hesk_settings['languages'] as $language => $settings) - { - if ( ($found = strpos($message, $settings['hr']) ) !== false ) - { - // "Reply above this line" tag found, strip quoted reply - $message = substr($message, 0, $found); - $message .= "\n" . $hesklang['qrr']; - - // Set language to the detected language - hesk_setLanguage($language); - break; - } - } - - return $message; -} // END hesk_stripQuotedText() - - -function hesk_isReturnedEmail($tmpvar) -{ - // Check noreply email addresses - if ( preg_match('/not?[\-_]reply@/i', $tmpvar['email']) ) - { - return true; - } - - // Check mailer daemon email addresses - if ( preg_match('/mail(er)?[\-_]daemon@/i', $tmpvar['email']) ) - { - return true; - } - - // Check autoreply subjects - if ( preg_match('/^[\[\(]?Auto(mat(ic|ed))?[ \-]?reply/i', $tmpvar['subject']) ) - { - return true; - } - - // Check out of office subjects - if ( preg_match('/^Out of Office/i', $tmpvar['subject']) ) - { - return true; - } - - // Check delivery failed email subjects - if ( - preg_match('/DELIVERY FAILURE/i', $tmpvar['subject']) || - preg_match('/Undelivered Mail Returned to Sender/i', $tmpvar['subject']) || - preg_match('/Delivery Status Notification \(Failure\)/i', $tmpvar['subject']) || - preg_match('/Returned mail\: see transcript for details/i', $tmpvar['subject']) - ) - { - return true; - } - - // Check Mail Delivery sender name - if ( preg_match('/Mail[ \-_]?Delivery/i', $tmpvar['name']) ) - { - return true; - } - - // Check Delivery failed message - if ( preg_match('/postmaster@/i', $tmpvar['email']) && preg_match('/Delivery has failed to these recipients/i', $tmpvar['message']) ) - { - return true; - } - - // No pattern detected, seems like this is not a returned email - return false; - -} // END hesk_isReturnedEmail() - - -function hesk_isEmailLoop($email, $message_hash) -{ - global $hesk_settings, $hesklang, $hesk_db_link; - - // If $hesk_settings['loop_hits'] is set to 0 this function is disabled - if ( ! $hesk_settings['loop_hits']) - { - return false; - } - - // Escape wildcards in email - $email_like = hesk_dbEscape(hesk_dbLike($email)); - - // Delete expired DB entries - hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` WHERE `dt` < (NOW() - INTERVAL ".intval($hesk_settings['loop_time'])." SECOND) "); - - // Check current entry - $res = hesk_dbQuery("SELECT `hits`, `message_hash` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` WHERE `email` LIKE '{$email_like}' LIMIT 1"); - - // Any active entry* - if (hesk_dbNumRows($res)) - { - list($num, $md5) = hesk_dbFetchRow($res); - - $num++; - - // Number of emails in a time period reached? - if ($num >= $hesk_settings['loop_hits']) - { - return true; - } - - // Message exactly the same as in previous email? - if ($message_hash == $md5) - { - return true; - } - - // Update DB entry - hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '".hesk_dbEscape($message_hash)."' WHERE `email` LIKE '{$email_like}' LIMIT 1"); - } - else - { - // First instance, insert a new database row - hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` (`email`, `message_hash`) VALUES ('".hesk_dbEscape($email)."', '".hesk_dbEscape($message_hash)."')"); - } - - // No loop rule trigered - return false; - -} // END hesk_isEmailLoop() - - -function hesk_cleanExit() -{ - global $results; - - // Delete the temporary files - deleteAll($results['tempdir']); - - // Return NULL - return NULL; -} // END hesk_cleanExit() diff --git a/inc/prepare_ticket_search.inc.php b/inc/prepare_ticket_search.inc.php deleted file mode 100644 index 92383f4a..00000000 --- a/inc/prepare_ticket_search.inc.php +++ /dev/null @@ -1,177 +0,0 @@ - 0) ? $tmp : $hesk_settings['max_listings']; - -$tmp = intval( hesk_GET('page', 1) ); -$page = ($tmp > 1) ? $tmp : 1; - -/* Acceptable $sort values and default asc(1)/desc(0) setting */ -$sort_possible = array( -'trackid' => 1, -'lastchange' => 0, -'name' => 1, -'subject' => 1, -'status' => 1, -'lastreplier' => 1, -'priority' => 1, -'category' => 1, -'dt' => 0, -'id' => 1, -'owner' => 1, -'custom1' => 1, -'custom2' => 1, -'custom3' => 1, -'custom4' => 1, -'custom5' => 1, -'custom6' => 1, -'custom7' => 1, -'custom8' => 1, -'custom9' => 1, -'custom10' => 1, -'custom11' => 1, -'custom12' => 1, -'custom13' => 1, -'custom14' => 1, -'custom15' => 1, -'custom16' => 1, -'custom17' => 1, -'custom18' => 1, -'custom19' => 1, -'custom20' => 1 -); - -/* These values should have collate appended in SQL */ -$sort_collation = array( -'name', -'subject', -); - -/* Acceptable $group values and default asc(1)/desc(0) setting */ -$group_possible = array( -'owner' => 1, -'priority' => 1, -'category' => 1, -); - -/* Start the order by part of the SQL query */ -$sql .= " ORDER BY "; - -/* Group tickets? Default: no */ -if (isset($_GET['g']) && ! is_array($_GET['g']) && isset($group_possible[$_GET['g']])) -{ - $group = hesk_input($_GET['g']); - - if ($group == 'priority' && isset($_GET['sort']) && ! is_array($_GET['sort']) && $_GET['sort'] == 'priority') - { - // No need to group by priority if we are already sorting by priority - } - elseif ($group == 'owner') - { - // If group by owner place own tickets on top - $sql .= " CASE WHEN `owner` = '".intval($_SESSION['id'])."' THEN 1 ELSE 0 END DESC, `owner` ASC, "; - } - else - { - $sql .= ' `'.hesk_dbEscape($group).'` '; - $sql .= $group_possible[$group] ? 'ASC, ' : 'DESC, '; - } -} -else -{ - $group = ''; -} - - -/* Show critical tickets always on top? Default: yes */ -$cot = (isset($_GET['cot']) && intval($_GET['cot']) == 1) ? 1 : 0; -if (!$cot) -{ - $sql .= " CASE WHEN `priority` = '0' THEN 1 ELSE 0 END DESC , "; -} - -/* Sort by which field? */ -if (isset($_GET['sort']) && ! is_array($_GET['sort']) && isset($sort_possible[$_GET['sort']])) -{ - $sort = hesk_input($_GET['sort']); - - $sql .= $sort == 'lastreplier' ? " CASE WHEN `lastreplier` = '0' THEN 0 ELSE 1 END DESC, COALESCE(`replierid`, NULLIF(`lastreplier`, '0'), `name`) " : ' `'.hesk_dbEscape($sort).'` '; - - // Need to set MySQL collation? - if ( in_array($_GET['sort'], $sort_collation) ) - { - $sql .= " COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' "; - } -} -else -{ - /* Default sorting by ticket status */ - $sql .= ' `status` '; - $sort = 'status'; -} - -/* Ascending or Descending? */ -if (isset($_GET['asc']) && intval($_GET['asc'])==0) -{ - $sql .= ' DESC '; - $asc = 0; - $asc_rev = 1; - - $sort_possible[$sort] = 1; -} -else -{ - $sql .= ' ASC '; - $asc = 1; - $asc_rev = 0; - if (!isset($_GET['asc'])) - { - $is_default = 1; - } - - $sort_possible[$sort] = 0; -} - -/* In the end same results should always be sorted by priority */ -if ($sort != 'priority') -{ - $sql .= ' , `priority` ASC '; -} - -# Uncomment for debugging purposes -# echo "SQL: $sql
    "; diff --git a/inc/ticket_list.inc.php b/inc/ticket_list.inc.php index a01d82fc..32c32b8e 100644 --- a/inc/ticket_list.inc.php +++ b/inc/ticket_list.inc.php @@ -324,32 +324,18 @@ if ($total > 0) $ticket['archive'] = !($ticket['archive']) ? $hesklang['no'] : $hesklang['yes']; $ticket['message'] = $first_line . substr(strip_tags($ticket['message']),0,200).'...'; - $ownerColumn = $ticket['owner'] != 0 ? $admins[$ticket['owner']] : '('.$hesklang['unas'].')'; - - $customFieldsHtml = ''; - for ($i = 1; $i <= 20; $i++) { - if ($hesk_settings['custom_fields']['custom'.$i]['use']) { - $display = 'display: none'; - if ((isset($_GET['sort']) && $_GET['sort'] == 'custom'.$i) || (isset($_GET['what']) && $_GET['what'] == 'custom'.$i)) { - $display = ''; - } - $customFieldsHtml .= ''.$ticket['custom'.$i].''; - } - } echo <<   - $ticket[trackid] - $ticket[lastchange] - $ticket[name] - $tagged$owner$ticket[subject] - $ticket[status]  - $ticket[repliername] - $ticket[priority] - $ownerColumn - $customFieldsHtml + $ticket[trackid] + $ticket[lastchange] + $ticket[name] + $tagged$owner$ticket[subject] + $ticket[status]  + $ticket[repliername] + $ticket[priority]  EOC; @@ -359,98 +345,8 @@ EOC;

     
    - - - - - - - - - - - - '.$hesk_settings['custom_fields']['custom'.$i]['name'].''; - } - } - ?> + + + + + + + //-- Set this to 1 to enable email verification for new customers $modsForHesk_settings[\'customer_email_verification_required\'] = 0; - -

    -

    Now you can delete the install folder for security reasons, and then proceed back to the Help Desk

    '; + +

    After you have done this, click this link to continue installation

    '; } if ($updateSuccess) { -?> - -

    Installation / Update complete!

    -

    Please delete the install folder for security reasons, and then proceed back to the Help Desk

    - - \ No newline at end of file + header('Location: updateTo2-0-0.php'); +} ?> \ No newline at end of file diff --git a/install/updateTo2-0-0.php b/install/updateTo2-0-0.php new file mode 100644 index 00000000..5f5929d3 --- /dev/null +++ b/install/updateTo2-0-0.php @@ -0,0 +1,26 @@ + + +

    Installation / Update complete!

    +

    Please delete the install folder for security reasons, and then proceed back to the Help Desk

    + + \ No newline at end of file diff --git a/js/modsForHesk-javascript.js b/js/modsForHesk-javascript.js index 5383ad72..3e1f9913 100644 --- a/js/modsForHesk-javascript.js +++ b/js/modsForHesk-javascript.js @@ -47,26 +47,6 @@ function toggleRow(id) { } } -function toggleColumn(className) { - if ($('.' + className).css('display') == 'none') { - $('.' + className).show(); - } else { - $('.' + className).hide(); - } -} - -function toggleFilterCheckboxes(show) { - if (show) { - $('#filterCheckboxes').show(); - $('#showFiltersText').hide(); - $('#hideFiltersText').show(); - } else { - $('#filterCheckboxes').hide(); - $('#showFiltersText').show(); - $('#hideFiltersText').hide(); - } -} - function toggleChildrenForm(show) { if (show) { $('#childrenForm').show(); @@ -77,15 +57,4 @@ function toggleChildrenForm(show) { } } -function toggleNote(noteId, showForm) { - if (showForm) { - $('#note-' + noteId + '-p').hide(); - $('#note-' + noteId + '-form').show(); - } else { - $('#note-' + noteId + '-p').show(); - $('#note-' + noteId + '-form').hide(); - $('#note-' + noteId + '-textarea').val($('#note-' + noteId + '-p').text()) - } -} - jQuery(document).ready(loadJquery); diff --git a/language/en/text.php b/language/en/text.php index ba17d865..2cdbbcc9 100644 --- a/language/en/text.php +++ b/language/en/text.php @@ -50,19 +50,11 @@ $hesklang['verify_your_email'] = 'Your ticket has been created; however your ema $hesklang['installation_information'] = 'Installation Information'; // ADDED OR MODIFIED IN Mods For HESK 1.6.0 -$hesklang['ticket_closed'] = '[#%%TRACK_ID%%] Ticket closed/resolved'; -$hesklang['ticket_reopen'] = '[#%%TRACK_ID%%] Ticket reopened'; -$hesklang['ticket_reopen_assigned'] = '[#%%TRACK_ID%%] Assigned ticket reopened'; $hesklang['create_based_on_contact'] = 'Create Ticket For Same Contact'; $hesklang['notify_note_unassigned'] = 'Someone adds a note to a ticket not assigned to me'; $hesklang['can_change_notification_settings'] = 'Can change notification settings'; -$hesklang['note_edit_successful'] = 'Note edited'; -$hesklang['note_last_edit'] = 'Note last edited on: %s'; // %s: timestamp of last edit -$hesklang['total_number_of_edits'] = 'Total number of edits: %s'; // %s: total number of edits $hesklang['add_row'] = 'Add row'; $hesklang['addnote'] = 'Add note'; -$hesklang['no_noteID'] = 'No Note ID'; -$hesklang['note_id_not_found'] = 'Note ID not found'; $hesklang['mods_for_hesk'] = 'Mods for HESK'; $hesklang['err_modsForHesk_settings'] = 'Can\'t open file modsForHesk_settings.inc.php for writing. Please CHMOD this file to 666 (rw-rw-rw-)'; $hesklang['mods_for_hesk_version'] = 'Mods for HESK Version'; @@ -80,8 +72,6 @@ $hesklang['user_deactivated'] = 'User has been deactivated'; $hesklang['active_user'] = 'Is active user'; $hesklang['self_deactivation'] = 'You cannot deactivate yourself!'; $hesklang['inactive_user'] = 'Your account is currently inactive. Contact an administrator for more information.'; -$hesklang['notify_customer_email'] = 'Emails to customer on reply'; -$hesklang['notify_customer_email_text'] = 'Don\'t send email notifications of replies to the customer by default'; $hesklang['cant_edit_admin'] = 'You cannot edit the God Admin (User ID = 1)'; $hesklang['notifications_disabled_info'] = 'Changing notifications settings has been disabled by your administrator.'; @@ -115,12 +105,6 @@ $hesklang['showIcons'] = 'Show Icons'; $hesklang['showIconsHelp'] = 'Check this box to show icons next to navigation bar items'; $hesklang['maintenanceMode'] = 'Maintenance Mode'; $hesklang['maintenanceModeHelp'] = 'Check this box to put the Help Desk in maintenance mode. Staff can still log into the backend, but the front end will be inaccessible.'; -$hesklang['ip_to'] = 'To'; -$hesklang['ip_bans'] = 'IP Bans'; -$hesklang['email_bans'] = 'Email Bans'; -$hesklang['ip_email_bans'] = 'IP / Email Bans'; -$hesklang['ip_banned'] = 'Your IP has been banned by the help desk. You will be unable to submit a ticket until your IP ban has been removed.'; -$hesklang['email_banned'] = 'The email address you have entered has been banned by the help desk. You will be unable to submit a ticket until your email ban has been removed.'; $hesklang['none'] = 'None'; $hesklang['parent'] = 'Parent'; $hesklang['children'] = 'Children'; @@ -134,10 +118,6 @@ $hesklang['relationship_deleted'] = 'Parent/Child relationship deleted.'; $hesklang['autorefresh'] = 'Autorefresh:'; $hesklang['autorefresh_restrictions'] = 'Enter value in milliseconds. Value must be greater than 1000 to use this feature. No fractional values.'; -// ADDED OR MODIFIED IN Mods For HESK 1.3.0 -$hesklang['show_filters'] = 'Show Column Filters'; -$hesklang['hide_filters'] = 'Hide Column Filters'; - // ADDED OR MODIFIED IN Mods For HESK 1.2.2 $hesklang['changeLanguage'] = 'Change language to'; diff --git a/maintenance.php b/maintenance.php deleted file mode 100644 index 0037c119..00000000 --- a/maintenance.php +++ /dev/null @@ -1,24 +0,0 @@ - -
    -
    -
    -

    The helpdesk is currently undergoing maintenance. Please come back later.

    -
    -
    - \ No newline at end of file diff --git a/modsForHesk_settings.inc.php b/modsForHesk_settings.inc.php index 64f97803..3335dc4e 100644 --- a/modsForHesk_settings.inc.php +++ b/modsForHesk_settings.inc.php @@ -19,11 +19,8 @@ $modsForHesk_settings['rtl'] = 0; //-- Set this to 1 to show icons next to navigation menu items $modsForHesk_settings['show_icons'] = 0; -//-- Set this to 1 to enable maintenance mode -$modsForHesk_settings['maintenance_mode'] = 0; - //-- Set this to 1 to enable custom field names as keys $modsForHesk_settings['custom_field_setting'] = 0; //-- Set this to 1 to enable email verification for new customers -$modsForHesk_settings['customer_email_verification_required'] = 0; \ No newline at end of file +$modsForHesk_settings['customer_email_verification_required'] = 0;$modsForHesk_settings['show_icons'] = 0; \ No newline at end of file diff --git a/submit_ticket.php b/submit_ticket.php index dd1bb5f0..b1cab6fa 100644 --- a/submit_ticket.php +++ b/submit_ticket.php @@ -79,19 +79,6 @@ hesk_dbConnect(); $hesk_error_buffer = array(); -// Check to see if the user's IP address or email they submitted is banned. -$ipAddress = ip2long($_SERVER['REMOTE_ADDR']); -$ipSql = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` WHERE `RangeStart` <= \''.hesk_dbEscape($ipAddress) - .'\' AND `RangeEnd` >= \''.hesk_dbEscape($ipAddress).'\''); -if ($ipSql->num_rows > 0) { - $hesk_error_buffer['ip_ban'] = $hesklang['ip_banned']; -} - -$emailSql = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` WHERE Email = \''.hesk_dbEscape(hesk_POST('email')).'\''); -if ($emailSql->num_rows > 0) { - $hesk_error_buffer['email_ban'] = $hesklang['email_banned']; -} - // Check anti-SPAM question if ($hesk_settings['question_use']) {
    -
    - - -