From efce82d1d66dedc1351354546b6fde27a0f7439e Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Thu, 1 Jan 2015 14:13:11 -0500 Subject: [PATCH] #30 Only validate emails if the help desk is configured to do so --- modsForHesk_settings.inc.php | 5 ++++- submit_ticket.php | 37 +++++++++++++++++++++--------------- 2 files changed, 26 insertions(+), 16 deletions(-) diff --git a/modsForHesk_settings.inc.php b/modsForHesk_settings.inc.php index a24c1410..64f97803 100644 --- a/modsForHesk_settings.inc.php +++ b/modsForHesk_settings.inc.php @@ -23,4 +23,7 @@ $modsForHesk_settings['show_icons'] = 0; $modsForHesk_settings['maintenance_mode'] = 0; //-- Set this to 1 to enable custom field names as keys -$modsForHesk_settings['custom_field_setting'] = 0; \ No newline at end of file +$modsForHesk_settings['custom_field_setting'] = 0; + +//-- Set this to 1 to enable email verification for new customers +$modsForHesk_settings['customer_email_verification_required'] = 0; \ No newline at end of file diff --git a/submit_ticket.php b/submit_ticket.php index f02cadba..fc497a32 100644 --- a/submit_ticket.php +++ b/submit_ticket.php @@ -37,6 +37,7 @@ define('HESK_PATH','./'); // Get all the required files and functions require(HESK_PATH . 'hesk_settings.inc.php'); +require(HESK_PATH . 'modsForHesk_settings.inc.php'); require(HESK_PATH . 'inc/common.inc.php'); hesk_load_database_functions(); require(HESK_PATH . 'inc/email_functions.inc.php'); @@ -360,26 +361,32 @@ if ($hesk_settings['attachments']['use'] && ! empty($attachments) ) } } -// Check to see if the email address of the user is verified. If not, add the ticket to the stage_ticket table and send verification email -$verifiedEmailSql = "SELECT `Email` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."verified_emails` WHERE `Email` = '".hesk_dbEscape($tmpvar['email'])."'"; -$verifiedEmailRS = hesk_dbQuery($verifiedEmailSql); -if ($verifiedEmailRS->num_rows == 0) +// Should the helpdesk validate emails? +$createTicket = true; +if ($modsForHesk_settings['customer_email_verification_required']) { - //-- email has not yet been verified. - $ticket = hesk_newTicket($tmpvar, false); + $verifiedEmailSql = "SELECT `Email` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."verified_emails` WHERE `Email` = '".hesk_dbEscape($tmpvar['email'])."'"; + $verifiedEmailRS = hesk_dbQuery($verifiedEmailSql); + if ($verifiedEmailRS->num_rows == 0) + { + //-- email has not yet been verified. + $ticket = hesk_newTicket($tmpvar, false); - //-- generate the activation key, which is a hash of their email address along with the current time. - $unhashedKey = $tmpvar['email'].time(); - $key = hash('sha512', $unhashed); + //-- generate the activation key, which is a hash of their email address along with the current time. + $unhashedKey = $tmpvar['email'].time(); + $key = hash('sha512', $unhashed); - $escapedEmail = hesk_dbEscape($tmpvar['email']); - $escapedKey = hesk_dbEscape($key); - hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."pending_verification_emails` (`Email`, `ActivationKey`) + $escapedEmail = hesk_dbEscape($tmpvar['email']); + $escapedKey = hesk_dbEscape($key); + hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."pending_verification_emails` (`Email`, `ActivationKey`) VALUES ('".$escapedEmail."', '".$escapedKey."')"); - require(HESK_PATH . 'inc/email_functions.inc.php'); - hesk_notifyCustomer('verify_email'); -} else + require(HESK_PATH . 'inc/email_functions.inc.php'); + hesk_notifyCustomer('verify_email'); + $createTicket = false; + } +} +if ($createTicket) { //-- email has been verified, and a ticket can be created $ticket = hesk_newTicket($tmpvar);