Update to 2018.2.0

Resolve "Don't Rely On External CDNs"

See merge request mike-koch/Mods-for-HESK!109

.gitignore

@@ -1,26 +1,26 @@
+# Mods for HESK-specific files
+api/vendor
+api/Tests/integration_test_mfh_settings.php
+
+# HESK Files
 admin/admin_suggest_articles.php
 admin/archive.php
-admin/assign_owner.php
-admin/delete_tickets.php
+admin/custom_statuses.php
+admin/email_templates.php
 admin/generate_spam_question.php
-admin/move_category.php
-admin/options.php
-admin/priority.php
+admin/resend_notification.php
 admin/test_connection.php
 attachments/index.htm
-docs/changelog.html
-docs/docs_style.css
-docs/index.html
-docs/quick-guide.html
-docs/step-by-step-guide.html
-download_attachment.php
+cache/
+docs/
 file_limits.php
 footer.txt
+head.txt
 header.txt
-hesk_javascript_v25.js
 hesk_settings.inc.php
 img/add_article.png
 img/add_category.png
+img/anonymize.png
 img/article_text.png
 img/autoassign_off.png
 img/autoassign_on.png
@@ -33,10 +33,13 @@ img/clip.png
 img/code.png
 img/code_off.png
 img/delete.png
+img/delete_off.png
 img/delete_ticket.png
 img/edit.png
+img/email.png
 img/error.png
 img/existingticket.png
+img/export.png
 img/flag_critical.png
 img/flag_high.png
 img/flag_low.png
@@ -82,6 +85,7 @@ img/lock.png
 img/login.png
 img/mail.png
 img/manage.png
+img/menu.png
 img/minus.gif
 img/minusbottom.gif
 img/minustop.gif
@@ -120,6 +124,7 @@ img/print.png
 img/private.png
 img/public.png
 img/reload.png
+img/refresh.png
 img/roundcornersb.jpg
 img/roundcornerslb.jpg
 img/roundcornerslm.jpg
@@ -149,9 +154,7 @@ img/tag_off.png
 img/unlock.png
 img/vertical.jpg
 img/view.png
-inc/admin_functions.inc.php
 inc/assignment_search.inc.php
-inc/attachments.inc.php
 inc/calendar/img/cal.gif
 inc/calendar/img/next_mon.gif
 inc/calendar/img/next_year.gif
@@ -164,10 +167,11 @@ inc/calendar/tcal.js
 inc/calendar/tcal.php
 inc/database.inc.php
 inc/database_mysqli.inc.php
-inc/email_functions.inc.php
-inc/footer.inc.php
+inc/htmlpurifier
 inc/index.htm
+inc/jscolor/
 inc/mail/email_parser.php
+inc/mail/hesk_imap.php
 inc/mail/hesk_pipe.php
 inc/mail/hesk_pop3.php
 inc/mail/index.htm
@@ -183,8 +187,6 @@ inc/mail/sasl/ntlm_sasl_client.php
 inc/mail/sasl/plain_sasl_client.php
 inc/mail/sasl/sasl.php
 inc/mail/smtp.php
-inc/pipe_functions.inc.php
-inc/posting_functions.inc.php
 inc/prepare_ticket_export.inc.php
 inc/prepare_ticket_search.inc.php
 inc/print_group.inc.php
@@ -194,69 +196,69 @@ inc/recaptcha/recaptchalib.php
 inc/reporting_functions.inc.php
 inc/secimg.inc.php
 inc/setup_functions.inc.php
+inc/statuses.inc.php
 inc/tabs/index.htm
 inc/tabs/tabber-minimized.js
 inc/tabs/tabber.css
 inc/timer/hesk_timer.js
 inc/timer/index.htm
-inc/tiny_mce/3.5.10/langs/en.js
-inc/tiny_mce/3.5.10/license.txt
-inc/tiny_mce/3.5.10/themes/advanced/about.htm
-inc/tiny_mce/3.5.10/themes/advanced/anchor.htm
-inc/tiny_mce/3.5.10/themes/advanced/charmap.htm
-inc/tiny_mce/3.5.10/themes/advanced/color_picker.htm
-inc/tiny_mce/3.5.10/themes/advanced/editor_template.js
-inc/tiny_mce/3.5.10/themes/advanced/image.htm
-inc/tiny_mce/3.5.10/themes/advanced/img/colorpicker.jpg
-inc/tiny_mce/3.5.10/themes/advanced/img/flash.gif
-inc/tiny_mce/3.5.10/themes/advanced/img/icons.gif
-inc/tiny_mce/3.5.10/themes/advanced/img/iframe.gif
-inc/tiny_mce/3.5.10/themes/advanced/img/pagebreak.gif
-inc/tiny_mce/3.5.10/themes/advanced/img/quicktime.gif
-inc/tiny_mce/3.5.10/themes/advanced/img/realmedia.gif
-inc/tiny_mce/3.5.10/themes/advanced/img/shockwave.gif
-inc/tiny_mce/3.5.10/themes/advanced/img/trans.gif
-inc/tiny_mce/3.5.10/themes/advanced/img/video.gif
-inc/tiny_mce/3.5.10/themes/advanced/img/windowsmedia.gif
-inc/tiny_mce/3.5.10/themes/advanced/js/about.js
-inc/tiny_mce/3.5.10/themes/advanced/js/anchor.js
-inc/tiny_mce/3.5.10/themes/advanced/js/charmap.js
-inc/tiny_mce/3.5.10/themes/advanced/js/color_picker.js
-inc/tiny_mce/3.5.10/themes/advanced/js/image.js
-inc/tiny_mce/3.5.10/themes/advanced/js/link.js
-inc/tiny_mce/3.5.10/themes/advanced/js/source_editor.js
-inc/tiny_mce/3.5.10/themes/advanced/langs/en.js
-inc/tiny_mce/3.5.10/themes/advanced/langs/en_dlg.js
-inc/tiny_mce/3.5.10/themes/advanced/link.htm
-inc/tiny_mce/3.5.10/themes/advanced/shortcuts.htm
-inc/tiny_mce/3.5.10/themes/advanced/skins/default/content.css
-inc/tiny_mce/3.5.10/themes/advanced/skins/default/dialog.css
-inc/tiny_mce/3.5.10/themes/advanced/skins/default/img/buttons.png
-inc/tiny_mce/3.5.10/themes/advanced/skins/default/img/items.gif
-inc/tiny_mce/3.5.10/themes/advanced/skins/default/img/menu_arrow.gif
-inc/tiny_mce/3.5.10/themes/advanced/skins/default/img/menu_check.gif
-inc/tiny_mce/3.5.10/themes/advanced/skins/default/img/progress.gif
-inc/tiny_mce/3.5.10/themes/advanced/skins/default/img/tabs.gif
-inc/tiny_mce/3.5.10/themes/advanced/skins/default/ui.css
-inc/tiny_mce/3.5.10/themes/advanced/source_editor.htm
-inc/tiny_mce/3.5.10/tiny_mce.js
-inc/tiny_mce/3.5.10/tiny_mce_popup.js
-inc/tiny_mce/3.5.10/utils/editable_selects.js
-inc/tiny_mce/3.5.10/utils/form_utils.js
-inc/tiny_mce/3.5.10/utils/mctabs.js
-inc/tiny_mce/3.5.10/utils/validate.js
+inc/tiny_mce/3.5.12/langs/en.js
+inc/tiny_mce/3.5.12/license.txt
+inc/tiny_mce/3.5.12/themes/advanced/about.htm
+inc/tiny_mce/3.5.12/themes/advanced/anchor.htm
+inc/tiny_mce/3.5.12/themes/advanced/charmap.htm
+inc/tiny_mce/3.5.12/themes/advanced/color_picker.htm
+inc/tiny_mce/3.5.12/themes/advanced/editor_template.js
+inc/tiny_mce/3.5.12/themes/advanced/image.htm
+inc/tiny_mce/3.5.12/themes/advanced/img/colorpicker.jpg
+inc/tiny_mce/3.5.12/themes/advanced/img/flash.gif
+inc/tiny_mce/3.5.12/themes/advanced/img/icons.gif
+inc/tiny_mce/3.5.12/themes/advanced/img/iframe.gif
+inc/tiny_mce/3.5.12/themes/advanced/img/pagebreak.gif
+inc/tiny_mce/3.5.12/themes/advanced/img/quicktime.gif
+inc/tiny_mce/3.5.12/themes/advanced/img/realmedia.gif
+inc/tiny_mce/3.5.12/themes/advanced/img/shockwave.gif
+inc/tiny_mce/3.5.12/themes/advanced/img/trans.gif
+inc/tiny_mce/3.5.12/themes/advanced/img/video.gif
+inc/tiny_mce/3.5.12/themes/advanced/img/windowsmedia.gif
+inc/tiny_mce/3.5.12/themes/advanced/js/about.js
+inc/tiny_mce/3.5.12/themes/advanced/js/anchor.js
+inc/tiny_mce/3.5.12/themes/advanced/js/charmap.js
+inc/tiny_mce/3.5.12/themes/advanced/js/color_picker.js
+inc/tiny_mce/3.5.12/themes/advanced/js/image.js
+inc/tiny_mce/3.5.12/themes/advanced/js/link.js
+inc/tiny_mce/3.5.12/themes/advanced/js/source_editor.js
+inc/tiny_mce/3.5.12/themes/advanced/langs/en.js
+inc/tiny_mce/3.5.12/themes/advanced/langs/en_dlg.js
+inc/tiny_mce/3.5.12/themes/advanced/link.htm
+inc/tiny_mce/3.5.12/themes/advanced/shortcuts.htm
+inc/tiny_mce/3.5.12/themes/advanced/skins/default/content.css
+inc/tiny_mce/3.5.12/themes/advanced/skins/default/dialog.css
+inc/tiny_mce/3.5.12/themes/advanced/skins/default/img/buttons.png
+inc/tiny_mce/3.5.12/themes/advanced/skins/default/img/items.gif
+inc/tiny_mce/3.5.12/themes/advanced/skins/default/img/menu_arrow.gif
+inc/tiny_mce/3.5.12/themes/advanced/skins/default/img/menu_check.gif
+inc/tiny_mce/3.5.12/themes/advanced/skins/default/img/progress.gif
+inc/tiny_mce/3.5.12/themes/advanced/skins/default/img/tabs.gif
+inc/tiny_mce/3.5.12/themes/advanced/skins/default/ui.css
+inc/tiny_mce/3.5.12/themes/advanced/source_editor.htm
+inc/tiny_mce/3.5.12/tiny_mce.js
+inc/tiny_mce/3.5.12/tiny_mce_popup.js
+inc/tiny_mce/3.5.12/utils/editable_selects.js
+inc/tiny_mce/3.5.12/utils/form_utils.js
+inc/tiny_mce/3.5.12/utils/mctabs.js
+inc/tiny_mce/3.5.12/utils/validate.js
 inc/treemenu/TreeMenu.php
 inc/treemenu/index.htm
-inc/users_online.inc.php
 inc/zip/Zip.php
 inc/zip/index.htm
 inc/zip/pclzip.lib.php
 install/hesk.png
 install/update.php
+language/en/help_files
 language/en/emails/category_moved.txt
 language/en/emails/forgot_ticket_id.txt
 language/en/emails/index.htm
-language/en/emails/new_note.txt
 language/en/emails/new_pm.txt
 language/en/emails/new_reply_by_customer.txt
 language/en/emails/new_reply_by_staff.txt
@@ -264,9 +266,18 @@ language/en/emails/new_ticket.txt
 language/en/emails/new_ticket_staff.txt
 language/en/emails/ticket_assigned_to_you.txt
 language/en/index.htm
+language/en/text.php
 language/index.htm
 print_sec_img.php
 rate.php
 readme.html
 robots.txt
 .idea/
+attachments/__latest.txt
+/attachments
+img/ban.png
+img/banned.png
+img/ico_tools.png
+ip_whois.php
+language/en/emails/reset_password.txt
+language/en/help_files/ticket_list.html

.gitlab-ci.yml

@@ -0,0 +1,90 @@
+stages:
+  - validate
+  - test
+  - package
+
+before_script:
+  - bash ci/docker_install.sh > /dev/null
+
+validate:7.2:
+  image: php:7.2
+  stage: validate
+  script:
+    - bash ci/php_lint.sh ./
+
+validate:7.1:
+  image: php:7.1
+  stage: validate
+  script:
+    - bash ci/php_lint.sh ./
+
+validate:7.0:
+  image: php:7.0
+  stage: validate
+  script:
+    - bash ci/php_lint.sh ./
+
+validate:5.6:
+  image: php:5.6
+  stage: validate
+  script:
+    - bash ci/php_lint.sh ./
+
+validate:5.5:
+  image: php:5.5
+  stage: validate
+  script:
+    - bash ci/php_lint.sh ./
+
+validate:5.4:
+  image: php:5.4
+  stage: validate
+  script:
+    - bash ci/php_lint.sh ./
+
+validate:5.3:
+  image: php:5.3
+  stage: validate
+  script:
+    - bash ci/php_lint.sh ./
+
+test:7.1:
+  image: php:7.1
+  stage: test
+  script:
+    - cd api
+    - php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+    - php composer-setup.php
+    - php -r "unlink('composer-setup.php');"
+    - php composer.phar update
+    - php composer.phar install
+    - cd Tests
+    - phpunit
+
+test:7.2:
+  image: php:7.2
+  stage: test
+  script:
+    - cd api
+    - php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+    - php composer-setup.php
+    - php -r "unlink('composer-setup.php');"
+    - php composer.phar update
+    - php composer.phar install
+    - cd Tests
+    - phpunit
+
+package:
+  image: tetraweb/php
+  when: manual
+  stage: package
+  script:
+    - apt-get update
+    - apt-get install zip unzip
+    - cd api
+    - composer install --no-dev
+    - cd ../ci
+    - bash build_zip.sh
+  artifacts:
+    paths:
+      - release.zip

CONTRIBUTING.md

@@ -0,0 +1,27 @@
+# Contributing to Mods for HESK
+So you want to contribute to Mods for HESK? Awesome! However, there are a few guidelines that need to be followed so the project can be as easy to maintain as possible.
+
+## Submitting an issue
+If all you are doing is submitting an issue, please check if your "issue" qualifies as a GitLab issue:
+ - **Feature Requests:** Feature requests are now being recorded at the Mods for HESK [UserVoice page](https://mods-for-hesk.uservoice.com/forums/254758-general). Please do not open these types of issues on GitLab. Issues opened that are "feature requests" will be closed.
+ - **Translations:** Translations are now being recorded at the official Mods for HESK [website](https://mods-for-hesk.mkochcs.com/download.php). Please do not open these types of issues on GitLab. Issues opened that pertain to submitting new translations will be closed.
+ - **Bugs:** Yes, please open these types of issues here. :grinning:
+
+## Getting Started
+If you have already completed any of these steps in the past (such as creating a GitLab account), you can skip the respective step.
+ - Make sure you have a [GitLab account](https://gitlab.com/users/sign_in)
+ - Fork the repository on GitLab
+
+## Making Changes
+ - Create a feature branch from where to base your work off of
+   - This will be the `master` branch in most cases
+   - *Please do not work off of the `master` branch directly*
+ - Make commits of logical units.
+   - For example, if you add 10 new features, please make at least 10 commits (1 per feature). This way, if a feature needs to be removed, it will be as easy as reverting a commit, rather than removing all 10.
+ - Check for unnecessary whitespace using the `git diff --check` command. If there is trailing whitespace, your pull request will be denied.
+
+## Submitting Changes
+ - Push your changes to a topic branch in your fork of the repository
+ - Submit a pull request to the official Mods for HESK repository (mike-koch/Mods-for-HESK)
+ - The owner of Mods for HESK will then inspect and test the code in the pull request.  Feedback will be given via GitLab comments.
+ - The owner of Mods for HESK expects responses within two weeks of the original comment. If there is no feedback within that time range, the pull request will be considered abandoned and subsequently will be closed.

LICENSE

@@ -0,0 +1,23 @@
+NOTE: This license only applies to Mods for HESK. It does not apply to HESK.
+
+The MIT License (MIT)
+
+Copyright (c) 2015 Michael Koch
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -1,68 +1,82 @@
-[![Analytics](https://ga-beacon.appspot.com/UA-49251479-1/hesk/README)](https://github.com/mkoch227/Hesk)
+## [Mods for HESK](http://mods-for-hesk.mkochcs.com)  [![Number of Downloads](https://img.shields.io/github/downloads/mkoch227/Mods-for-HESK/latest/total.svg)](https://www.github.com/mkoch227/Mods-for-HESK/releases) [![Current Release](https://img.shields.io/github/release/mkoch227/Mods-for-HESK.svg)](https://www.github.com/mkoch227/Mods-for-HESK/releases) [![Project Status](https://img.shields.io/badge/status-maintained-brightgreen.svg)](https://www.github.com/mkoch227/Mods-for-HESK)
+[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/mkoch227/Mods-for-HESK/blob/master/LICENSE)
+[![Join the chat at https://gitter.im/mkoch227/Mods-for-HESK](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/mkoch227/Mods-for-HESK?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) 
 
-<h2>NuMods v1.2.1</h2>
+Mods for HESK is a set of modifications for [HESK](https://www.hesk.com) v2.7.x, a free and popular helpdesk solution.
 
-This branch contains all files modified from the base version of HESK to become NuMods, a set of modifications for HESK v2.x
+## Features
+<table>
+    <tr>
+        <td>
+            <ul>
+                <li>Calendar planning module</li>
+                <li>A new, responsive user interface</li>
+                <li>Ability to create custom ticket statuses</li>
+                <li>Right-to-left text direction</li>
+                <li>Designate parent/child relationships for tickets</li>
+                <li>Ticket dashboard automatic refresh</li>
+                <li>HTML-formatted e-mails</li>
+                <li>Mailgun API support</li>
+                <li>Customer email verifications</li>
+                <li>Custom fields in multiple languages</li>
+                <li>Create new ticket based on previous ticket</li>
+                <li>Admins can restrict users from modifying notification settings</li>
+                <li>Client-side form validation</li>
+            </ul>
+        </td>
+        <td>
+            <ul>
+                <li>Email template editor</li>
+                <li>Ticket attachments directly in emails</li>
+                <li>Recent tickets for contact when viewing another ticket</li>
+                <li>Restrict statuses from being closable</li>
+                <li>Custom service message icons</li>
+                <li>Permission templates</li>
+                <li>Request users location in tickets</li>
+                <li>Category managers</li>
+                <li>Show number of merged tickets in ticket search view</li>
+                <li>Enable / disable staff members</li>
+                <li>More-restricted settings page access</li>
+                <li>User agent tracking</li>
+                <li>New custom fields: Date, Readonly, Hidden, Email, Multiple Select</li>
+            </ul>
+        </td>
+    </tr>
+</table>
 
-<h2>Features</h2>
-<p>Currently, the two major features of NuMods are:</p>
-<ul>
-  <li>A new, responsive user interface</li>
-  <li>Ability to create custom ticket statuses</li>
-</ul>
+## Download
+The latest version available for download can be downloaded from https://mods-for-hesk.mkochcs.com. 
+The `master` branch will always contain the latest release.
 
-<h2>Download</h2>
+## Installation
+Visit [https://mods-for-hesk.mkochcs.com/download.php](https://mods-for-hesk.mkochcs.com/download.php) for installation instructions.
 
-You can download this tweak via two ways:
+## Languages / Support
+Please visit https://developers.phpjunkyard.com/viewforum.php?f=19 for translation instructions and support.  
+Mods for HESK translations are available at http://mods-for-hesk.mkochcs.com.
 
-<ol>
-<li><strong>Stable Releases:</strong> Releases that have a release tag associated with a commit are considered releases.  You can click on "releases" on the top of the repo, and then click "zip" or "tar.gz" to download the repo at that stage.</li>
-<li><strong>Bleeding-edge Releases:</strong> You can also download the latest, bleeding-edge version of NuMods by simply clicking "download as zip" to the right of the repository.  This will download an exact copy of this branch in its current state, which may be contain bugs/other issues.  This is not recommended for a production use.</li>
-</ol>
+## Browser Compatibility
+Mods for HESK is compatible with the following browsers:
 
-<h2>Installation</h2>
+- IE 11 / Edge
+- Chrome (Current Version - 2 previous major revisions)
+- Firefox (Current Version - 2 previous major revisions)
+- Opera (Current Version - 2 previous major revisions)
+- Safari (Current Version - 2 previous major revisions)
 
-<ol>
-<li>Download HESK from <a href="http://www.hesk.com/download.php" target="_blank">http://www.hesk.com/download.php</a>.</li>
-<li>Extract the contents of HESK to a directory of your choice.</li>
-<li>Download NuMods from one of the two methods described above.</li>
-<li>Copy and paste the contents of the zip/tar.gz bundle and overwrite any files in the original HESK 2.x folder.</li>
-<li>Upload the resulting folder to your webserver.</li>
-<li>Go to the /install directory in your web browser and click on "Install/Update NuMods Installation"</li>
-</ol>
-<p>Please consult the official HESK Documentation on how to install HESK, as it is the same for both HESK and NuMods.</p>
+It is possible that older browsers may or may not work with Mods for HESK.
+ However, support will not be provided for older browsers.
 
-<h2>Languages</h2>
-<p>As of current, only English is a supported language, as there have been several language items that have been edited/created. If you want to translate NuMods to your own language, it is recommended to download the original HESK language file for your language, and then add/edit the lines listed under <code>//Added or modified in HESK UI</code> and <code>//Added or modified in NuMods X.X.X</code> (where X.X.X is a version number) for your language.</p>
-<p>If you create a translation for NuMods, please submit it via a pull request or via the PHP Junkyards forum, where it will be committed to this branch.</p>
+## Versioning
+Releases will be numbered with the following format:
 
-<h2>Browser Compability</h2>
-<p>This list may be incomplete. Please leave a note on the PHP Junkyard forums for additional browser compatibility information.
-<ul>
-<li><strong>Google Chrome 33+: </strong> Compatible</li>
-<li><strong>Mozilla Firefox 28+:</strong> Compatible</li>
-<li><strong>Internet Explorer 6/7:</strong> <em>NOT</em> Compatible</li>
-<li><strong>Internet Explorer 8:</strong> Partial Compatibility</li>
-<li><strong>Internet Explorer 9:</strong> Compatible</li>
-</ul>
-<p>There are no intentions of making NuMods compatible with Internet Explorer 6 or 7, or any browser that is 2 or more major revisions older than its latest version.</p>
+`<major>.<minor>.<patch>`
 
-<h2>Versioning</h2>
-<p>NuMods will be maintained under the Semantic Versioning guidelines as much as possible. Releases will be numbered with the following format:</p>
+And constructed with the following guidelines:
+ - Updates to ensure compatibility with new minor/major versions of HESK bumps the major
+ - New additions, including new minor features, without breaking backward compatibility, or updates to patch versions of HESK bumps the minor (and resets the patch)
+ - Bug fixes and misc minor changes bumps the patch
 
-<code>&lt;major&gt;.&lt;minor&gt;.&lt;patch&gt;</code>
-
-<p>And constructed with the following guidelines:</p>
-
-<ul>
-<li>Breaking backward compatibility bumps the major (and resets the minor and patch)</li>
-<li>New additions, including new minor features, without breaking backward compatibility bumps the minor (and resets the patch)</li>
-<li>Bug fixes and misc minor changes bumps the patch</li>
-</ul>
-
-<p>For more information on SemVer, please visit http://semver.org.</p>
-
-<h2>Credits</h2>
-<p>Mike Koch - Creator of NuMods</p>
-<p>Klemen Stirn - Creator of HESK</p>
-<p>lupolo from PHPJunkyard Scripts - diligent bug reporting on the PHPJunkyard Scripts Forum</p>
+## Credits
+ - Mike Koch - Creator of Mods for HESK
+ - Klemen Stirn - Creator of HESK

admin/admin_main.php

@@ -1,143 +1,134 @@
 <?php
-/*******************************************************************************
-*  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
-*  Author: Klemen Stirn
-*  Website: http://www.hesk.com
-********************************************************************************
-*  COPYRIGHT AND TRADEMARK NOTICE
-*  Copyright 2005-2013 Klemen Stirn. All Rights Reserved.
-*  HESK is a registered trademark of Klemen Stirn.
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
 
-*  The HESK may be used and modified free of charge by anyone
-*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
-*  By using this code you agree to indemnify Klemen Stirn from any
-*  liability that might arise from it's use.
-
-*  Selling the code for this program, in part or full, without prior
-*  written consent is expressly forbidden.
-
-*  Using this code, in part or full, to create derivate work,
-*  new scripts or products is expressly forbidden. Obtain permission
-*  before redistributing this software over the Internet or in
-*  any other medium. In all cases copyright and header must remain intact.
-*  This Copyright is in full effect in any country that has International
-*  Trade Agreements with the United States of America or
-*  with the European Union.
-
-*  Removing any of the copyright notices without purchasing a license
-*  is expressly forbidden. To remove HESK copyright notice you must purchase
-*  a license for this script. For more information on how to obtain
-*  a license please visit the page below:
-*  https://www.hesk.com/buy.php
-*******************************************************************************/
-
-define('IN_SCRIPT',1);
-define('HESK_PATH','../');
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
 
 /* Make sure the install folder is deleted */
-if (is_dir(HESK_PATH . 'install')) {die('Please delete the <b>install</b> folder from your server for security reasons then refresh this page!');}
+if (is_dir(HESK_PATH . 'install')) {
+    die('Please delete the <b>install</b> folder from your server for security reasons then refresh this page!');
+}
 
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/status_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
 hesk_load_database_functions();
 
 hesk_session_start();
 hesk_dbConnect();
 hesk_isLoggedIn();
 
-define('CALENDAR',1);
-define('MAIN_PAGE',1);
+define('CALENDAR', 1);
+define('MAIN_PAGE', 1);
+define('PAGE_TITLE', 'ADMIN_HOME');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
+define('AUTO_RELOAD', 1);
 
 /* Print header */
 require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
-
-/* Print admin navigation */
 require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+
+/* Reset default settings? */
+if (isset($_GET['reset']) && hesk_token_check()) {
+    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "'");
+    $_SESSION['default_list'] = '';
+} /* Get default settings */
+else {
+    parse_str($_SESSION['default_list'], $defaults);
+    $_GET = isset($_GET) && is_array($_GET) ? array_merge($_GET, $defaults) : $defaults;
+}
+
 ?>
+<div class="content-wrapper">
+    <section class="content">
+    <?php
+    // Service messages
+    $service_messages = mfh_get_service_messages('STAFF_HOME');
+    foreach ($service_messages as $sm) {
+        hesk_service_message($sm);
+    }
 
-<div class="row">
-    <div class="col-md-8 col-md-offset-2" style="padding-top: 20px">
-    <?php 
-        /* This will handle error, success and notice messages */
-        hesk_handle_messages();
-
-        /* Print tickets? */
-        if (hesk_checkPermission('can_view_tickets',0))
-        {
-	        if ( ! isset($_SESSION['hide']['ticket_list']) )  //Number of tickets (table header. NOT ACTUAL TABLE)
-            {
-                echo '
-                <div class="row">
-                    <div class="col-md-4">&nbsp;</div>
-                    <div class="col-md-4" style="text-align: center"><h3>'.$hesklang['open_tickets'].'</h3></div>
-                    <div class="col-md-4">&nbsp;</div>
-                </div>
-                ';
-	        }
-
-	        /* Reset default settings? */
-	        if ( isset($_GET['reset']) && hesk_token_check() )
-	        {
-		        $res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `default_list`='' WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1");
-                $_SESSION['default_list'] = '';
-	        }
-	        /* Get default settings */
-	        else
-	        {
-		        parse_str($_SESSION['default_list'],$defaults);
-		        $_GET = isset($_GET) && is_array($_GET) ? array_merge($_GET, $defaults) : $defaults;
-	        }
-
-	        /* Print the list of tickets */
-	        require(HESK_PATH . 'inc/print_tickets.inc.php');
-
-            echo "&nbsp;<br />";
-
-            /* Print forms for listing and searching tickets */
-	        require(HESK_PATH . 'inc/show_search_form.inc.php');
-        }
-        else
-        {
-	        echo '<p><i>'.$hesklang['na_view_tickets'].'</i></p>';
-        }
-
-        $hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
-        CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
-        SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
-        SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
-        SBzdHJfcmVwbGFjZSgnd3d3LicsJycsc3RydG9sb3dlcigkaCkpOw0KaW5jbHVkZShIRVNLX1BBVEggL
-        iAnaGVza19saWNlbnNlLnBocCcpOw0KaWYgKGlzc2V0KCRoZXNrX3NldHRpbmdzWydsaWNlbnNlJ10pI
-        CYmIHN0cnBvcygkaGVza19zZXR0aW5nc1snbGljZW5zZSddLHNoYTEoJGguJ2gzJkZwMiNMYUEmNTkhd
-        yg4LlpjXSordVI1MTInKSkgIT09IGZhbHNlKQ0Kew0KJHMgPSAwOw0KfQ0KZWxzZQ0Kew0KZWNobyAnP
-        HAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyO2NvbG9yOnJlZDsiPklOVkFMSUQgTElDRU5TRSAoTk9UI
-        FJFR0lTVEVSRUQgRk9SICcuJGguJykhPC9wPic7DQp9DQp9DQppZiAoJHMpDQp7DQplY2hvICc8aHIgL
-        z48dGFibGUgYm9yZGVyPSIwIiB3aWR0aD0iMTAwJSI+PHRyPjx0ZD48Yj4nLiRoZXNrbGFuZ1sncmVtb
-        3ZlX3N0YXRlbWVudCddLic8L2I+PC90ZD48dGQgc3R5bGU9InRleHQtYWxpZ246cmlnaHQiPjxhIGhyZ
-        WY9IkphdmFzY3JpcHQ6dm9pZCgwKSIgb25jbGljaz0iYWxlcnQoXCcnLiRoZXNrbGFuZ1snc3VwcG9yd
-        F9ub3RpY2UnXS4nXCcpIj4nLiRoZXNrbGFuZ1snc2gnXS4nPC9hPjwvdGQ+PC90cj48L3RhYmxlPjxwP
-        icuJGhlc2tsYW5nWydzdXBwb3J0X3JlbW92ZSddLicuIDxhIGhyZWY9Imh0dHBzOi8vd3d3Lmhlc2suY
-        29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
-        C9wPic7DQp9DQo=',"\112");
-
-        echo '<hr />&nbsp;<br />';
-
-/* Clean unneeded session variables */
-hesk_cleanSessionVars('hide');
+    hesk_handle_messages();
     ?>
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['tickets']; ?>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
+            </div>
+        </div>
+        <div class="box-body">
+            <div class="row">
+                <div class="col-xs-6 text-left">
+                    <div class="checkbox">
+                        <label>
+                            <input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
+                            <?php echo $hesklang['arp']; ?>
+                            <span id="timer"></span>
+                        </label>
+                    </div>
+                    <script type="text/javascript">heskCheckReloading();</script>
+                </div>
+                <div class="col-xs-6 text-right">
+                    <a href="new_ticket.php" class="btn btn-success">
+                        <span class="glyphicon glyphicon-plus-sign"></span>
+                        <?php echo $hesklang['nti']; ?>
+                    </a>
+                </div>
+            </div>
+            <?php
+            /* Print tickets? */
+            if (hesk_checkPermission('can_view_tickets', 0)) {
+                /* Print the list of tickets */
+                require(HESK_PATH . 'inc/print_tickets.inc.php');
+                echo '<br>';
+                /* Print forms for listing and searching tickets */
+                require(HESK_PATH . 'inc/show_search_form.inc.php');
+            } else {
+                echo '<p><i>' . $hesklang['na_view_tickets'] . '</i></p>';
+            }
+            ?>
+        </div>
     </div>
+    <?php
+    /*******************************************************************************
+    The code below handles HESK licensing. Removing or modifying this code without
+    purchasing a HESK license is strictly prohibited.
+
+    To purchase a HESK license and support future HESK development please visit:
+    https://www.hesk.com/buy.php
+    *******************************************************************************/
+    $x1a="\142a".chr(0163).chr(847249408>>23)."\66\x34".chr(796917760>>23)."\x65\156\143".chr(0157)."\x64\145";$hesk_settings['hesk_license']($x1a("\x3c\150r\x20\57\76".chr(503316480>>23)."\x74\141\142l\x65\40".chr(0142).chr(0157).chr(0162)."\144\145r\x3d\42\60".chr(285212672>>23)."\x20\x77\x69".chr(0144)."th".chr(511705088>>23)."\x22".chr(061)."\60\60\x25\42".chr(520093696>>23)."\x3c\164".chr(0162).">\74t\x64\x3e\x3c".chr(0142).chr(076).$hesklang[chr(956301312>>23)."\145\155\157\x76e".chr(796917760>>23)."\x73ta\164e\x6d".chr(847249408>>23)."\156\x74"].chr(503316480>>23)."\x2f\142\x3e".chr(074)."\57t\x64\76".chr(074)."td".chr(268435456>>23)."\x73ty\154\x65\x3d\x22te".chr(1006632960>>23)."t\x2d\141\x6c\x69".chr(0147).chr(922746880>>23)."\x3ar\151\x67ht\"\76".chr(503316480>>23)."\141 \x68\162\145\146\x3d\42".chr(0112).chr(813694976>>23)."v\141".chr(0163).chr(830472192>>23)."\162\x69".chr(0160).chr(0164)."\x3a".chr(989855744>>23)."\157\151d\50\x30".chr(343932928>>23).chr(042)."\40onc\154\151\143\153\x3d".chr(042)."\x61\x6c\145\x72t(\x27".$hesklang["\163".chr(981467136>>23)."\x70".chr(939524096>>23).chr(0157)."\162\164\137n".chr(931135488>>23)."\x74\151".chr(0143)."\x65"].chr(047)."\51\42\x3e".$hesklang["\x73\x68"]."\74".chr(394264576>>23)."\x61\x3e\74\57\164d\76\x3c/\x74\162\76".chr(503316480>>23).chr(057)."t\x61\x62\x6ce\x3e\x3c\x70\x3e".$hesklang[chr(0163)."\x75ppo\x72\x74\137".chr(956301312>>23).chr(847249408>>23)."\155".chr(931135488>>23)."v\x65"]."\x2e\x20\x3c".chr(813694976>>23)."\40\x68re\x66\x3d".chr(285212672>>23)."\150".chr(973078528>>23).chr(973078528>>23)."\160\x73".chr(486539264>>23)."\57\x2f".chr(998244352>>23)."\x77\167".chr(056)."\150".chr(847249408>>23)."s\153\56\x63\157".chr(0155)."/".chr(0142)."\165\171.".chr(0160)."h\x70".chr(285212672>>23)."\x20\x74\141".chr(0162)."g".chr(847249408>>23)."\164\x3d".chr(042)."\137b\x6c".chr(813694976>>23)."\x6ek\x22\76".$hesklang["\x63\154\151\143\153\x5f".chr(880803840>>23)."\x6e".chr(855638016>>23).chr(0157)]."\x3c/\141\x3e\x3c\x2fp".chr(076)."<\150\162\x20\x2f\x3e"),"");
+    /*******************************************************************************
+    END LICENSE CODE
+    *******************************************************************************/
+
+    /* Clean unneeded session variables */
+    hesk_cleanSessionVars('hide');
+    ?>
+</section>
 </div>
 
 <?php
 
 
-
-
-
-
-
 require_once(HESK_PATH . 'inc/footer.inc.php');
 exit();
 ?>

admin/admin_reply_ticket.php

@@ -1,39 +1,18 @@
 <?php
-/*******************************************************************************
-*  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
-*  Author: Klemen Stirn
-*  Website: http://www.hesk.com
-********************************************************************************
-*  COPYRIGHT AND TRADEMARK NOTICE
-*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
-*  HESK is a registered trademark of Klemen Stirn.
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
 
-*  The HESK may be used and modified free of charge by anyone
-*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
-*  By using this code you agree to indemnify Klemen Stirn from any
-*  liability that might arise from it's use.
-
-*  Selling the code for this program, in part or full, without prior
-*  written consent is expressly forbidden.
-
-*  Using this code, in part or full, to create derivate work,
-*  new scripts or products is expressly forbidden. Obtain permission
-*  before redistributing this software over the Internet or in
-*  any other medium. In all cases copyright and header must remain intact.
-*  This Copyright is in full effect in any country that has International
-*  Trade Agreements with the United States of America or
-*  with the European Union.
-
-*  Removing any of the copyright notices without purchasing a license
-*  is expressly forbidden. To remove HESK copyright notice you must purchase
-*  a license for this script. For more information on how to obtain
-*  a license please visit the page below:
-*  https://www.hesk.com/buy.php
-*******************************************************************************/
-
-define('IN_SCRIPT',1);
-define('HESK_PATH','../');
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
 
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
@@ -42,18 +21,17 @@ require(HESK_PATH . 'inc/admin_functions.inc.php');
 hesk_load_database_functions();
 require(HESK_PATH . 'inc/email_functions.inc.php');
 require(HESK_PATH . 'inc/posting_functions.inc.php');
+require(HESK_PATH . 'inc/htmLawed.php');
 
 // We only allow POST requests from the HESK form to this file
-if ( $_SERVER['REQUEST_METHOD'] != 'POST' )
-{
-	header('Location: admin_main.php');
-	exit();
+if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+    header('Location: admin_main.php');
+    exit();
 }
 
 // Check for POST requests larger than what the server can handle
-if ( empty($_POST) && ! empty($_SERVER['CONTENT_LENGTH']) )
-{
-	hesk_error($hesklang['maxpost']);
+if (empty($_POST) && !empty($_SERVER['CONTENT_LENGTH'])) {
+    hesk_error($hesklang['maxpost']);
 }
 
 hesk_session_start();
@@ -61,247 +39,386 @@ hesk_dbConnect();
 hesk_isLoggedIn();
 
 /* Check permissions for this feature */
-hesk_checkPermission('can_reply_tickets');
+if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
+    hesk_checkPermission('can_reply_tickets');
+}
 
 /* A security check */
 # hesk_token_check('POST');
 
 /* Original ticket ID */
-$replyto = intval( hesk_POST('orig_id', 0) ) or die($hesklang['int_error']);
+$replyto = intval(hesk_POST('orig_id', 0)) or die($hesklang['int_error']);
 
 /* Get details about the original ticket */
-$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='{$replyto}' LIMIT 1");
-if (hesk_dbNumRows($result) != 1)
-{
-	hesk_error($hesklang['ticket_not_found']);
+$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='{$replyto}' LIMIT 1");
+if (hesk_dbNumRows($result) != 1) {
+    hesk_error($hesklang['ticket_not_found']);
 }
 $ticket = hesk_dbFetchAssoc($result);
 $trackingID = $ticket['trackid'];
 
+// Do we require owner before allowing to reply?
+if ($hesk_settings['require_owner'] && ! $ticket['owner']) {
+    hesk_process_messages($hesklang['atbr'],'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
+}
+
 $hesk_error_buffer = array();
 
 // Get the message
 $message = hesk_input(hesk_POST('message'));
 
-if (strlen($message))
-{
-	// Attach signature to the message?
-	if ( ! empty($_POST['signature']))
-	{
-	    $message .= "\n\n" . addslashes($_SESSION['signature']) . "\n";
-	}
+// Submit as customer?
+$submit_as_customer = isset($_POST['submit_as_customer']) ? true : false;
 
-    // Make links clickable
-	$message = hesk_makeURL($message);
+$modsForHesk_settings = mfh_getSettings();
+if (strlen($message)) {
+    // Save message for later and ignore the rest?
+    if (isset($_POST['save_reply'])) {
+        // Delete any existing drafts from this owner for this ticket
+        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
 
-    // Turn newlines into <br /> tags
-	$message = nl2br($message);
-}
-else
-{
+        // Save the message draft
+        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` (`owner`, `ticket`, `message`) VALUES (" . intval($_SESSION['id']) . ", " . intval($ticket['id']) . ", '" . hesk_dbEscape($message) . "')");
+
+        /* Set reply submitted message */
+        $_SESSION['HESK_SUCCESS'] = TRUE;
+        $_SESSION['HESK_MESSAGE'] = $hesklang['reply_saved'];
+
+        /* What to do after reply? */
+        if ($_SESSION['afterreply'] == 1) {
+            header('Location: admin_main.php');
+        } elseif ($_SESSION['afterreply'] == 2) {
+            /* Get the next open ticket that needs a reply */
+            $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `owner` IN ('0','" . intval($_SESSION['id']) . "')
+                    AND " . hesk_myCategories() . " AND `status` IN (SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses`
+                        WHERE `IsNewTicketStatus` = 1 OR `IsCustomerReplyStatus` = 1 OR `IsStaffReopenedStatus` = 1)
+                    ORDER BY `owner` DESC, `priority` ASC LIMIT 1");
+
+            if (hesk_dbNumRows($res) == 1) {
+                $row = hesk_dbFetchAssoc($res);
+                $_SESSION['HESK_MESSAGE'] .= '<br /><br />' . $hesklang['rssn'];
+                header('Location: admin_ticket.php?track=' . $row['trackid'] . '&Refresh=' . rand(10000, 99999));
+            } else {
+                header('Location: admin_main.php');
+            }
+        } else {
+            header('Location: admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . rand(10000, 99999));
+        }
+        exit();
+    }
+
+    // Attach signature to the message?
+    if (!$submit_as_customer && !empty($_POST['signature'])) {
+        if ($modsForHesk_settings['rich_text_for_tickets']) {
+            $signature = nl2br($_SESSION['signature']);
+            $signature = hesk_htmlspecialchars($signature);
+            $message .= "<br><br>" . $signature . "<br>";
+        } else {
+            $message .= "\n\n" . addslashes($_SESSION['signature']) . "\n";
+        }
+    }
+
+    if (!$modsForHesk_settings['rich_text_for_tickets']) {
+        // Make links clickable
+        $message = hesk_makeURL($message);
+
+        // Turn newlines into <br /> tags
+        $message = nl2br($message);
+    }
+} else {
     $hesk_error_buffer[] = $hesklang['enter_message'];
 }
 
 /* Attachments */
-if ($hesk_settings['attachments']['use'])
-{
+if ($hesk_settings['attachments']['use']) {
     require(HESK_PATH . 'inc/attachments.inc.php');
     $attachments = array();
-    for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
-    {
-        $att = hesk_uploadFile($i);
-        if ($att !== false && !empty($att))
-        {
-            $attachments[$i] = $att;
+
+    $use_legacy_attachments = hesk_POST('use-legacy-attachments', 0);
+
+    if ($use_legacy_attachments) {
+        for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
+            $att = hesk_uploadFile($i);
+            if ($att !== false && !empty($att)) {
+                $attachments[$i] = $att;
+            }
+        }
+    } else {
+        // The user used the new drag-and-drop system.
+        $temp_attachment_ids = hesk_POST_array('attachment-ids');
+        foreach ($temp_attachment_ids as $temp_attachment_id) {
+            // Simply get the temp info and move it to the attachments table
+            $temp_attachment = mfh_getTemporaryAttachment($temp_attachment_id);
+            $attachments[] = $temp_attachment;
+            mfh_deleteTemporaryAttachment($temp_attachment_id);
         }
     }
 }
-$myattachments='';
+$myattachments = '';
 
 /* Time spent working on ticket */
 $time_worked = hesk_getTime(hesk_POST('time_worked'));
 
 /* Any errors? */
-if (count($hesk_error_buffer)!=0)
-{
+if (count($hesk_error_buffer) != 0) {
     $_SESSION['ticket_message'] = hesk_POST('message');
     $_SESSION['time_worked'] = $time_worked;
 
-	// Remove any successfully uploaded attachments
-	if ($hesk_settings['attachments']['use'])
-	{
-		hesk_removeAttachments($attachments);
-	}
+    // Remove any successfully uploaded attachments
+    if ($hesk_settings['attachments']['use']) {
+        hesk_removeAttachments($attachments);
+    }
 
     $tmp = '';
-    foreach ($hesk_error_buffer as $error)
-    {
+    foreach ($hesk_error_buffer as $error) {
         $tmp .= "<li>$error</li>\n";
     }
     $hesk_error_buffer = $tmp;
 
-    $hesk_error_buffer = $hesklang['pcer'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
-    hesk_process_messages($hesk_error_buffer,'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
+    $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
+    hesk_process_messages($hesk_error_buffer, 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . rand(10000, 99999));
 }
 
-if ($hesk_settings['attachments']['use'] && !empty($attachments))
-{
-    foreach ($attachments as $myatt)
-    {
-        hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')");
-        $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .',';
+if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
+    foreach ($attachments as $myatt) {
+        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($trackingID) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
+        $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . '#' . $myatt['saved_name'] . ',';
     }
 }
 
-/* Add reply */
-$result = hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($_SESSION['name']))."','".hesk_dbEscape($message)."',NOW(),'".hesk_dbEscape($myattachments)."','".intval($_SESSION['id'])."')");
+// Add reply
+$html = $modsForHesk_settings['rich_text_for_tickets'];
+if ($submit_as_customer) {
+    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`html`) VALUES ('" . intval($replyto) . "','" . hesk_dbEscape(addslashes($ticket['name'])) . "','" . hesk_dbEscape($message . "<br /><br /><i>{$hesklang['creb']} {$_SESSION['name']}</i>") . "', NOW(),'" . hesk_dbEscape($myattachments) . "', '" . $html . "')");
+} else {
+    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`,`html`) VALUES ('" . intval($replyto) . "','" . hesk_dbEscape(addslashes($_SESSION['name'])) . "','" . hesk_dbEscape($message) . "', NOW(),'" . hesk_dbEscape($myattachments) . "','" . intval($_SESSION['id']) . "', '" . $html . "')");
+}
 
 /* Track ticket status changes for history */
 $revision = '';
 
 /* Change the status of priority? */
-if ( ! empty($_POST['set_priority']) )
-{
-    $priority = intval( hesk_POST('priority') );
-    if ($priority < 0 || $priority > 3)
-    {
-    	hesk_error($hesklang['select_priority']);
+$audit_priority = null;
+$audit_closed = null;
+$audit_status = null;
+$audit_customer_status = null;
+$audit_assigned_self = null;
+if (!empty($_POST['set_priority'])) {
+    $priority = intval(hesk_POST('priority'));
+    if ($priority < 0 || $priority > 3) {
+        hesk_error($hesklang['select_priority']);
     }
 
-	$options = array(
-		0 => '<font class="critical">'.$hesklang['critical'].'</font>',
-		1 => '<font class="important">'.$hesklang['high'].'</font>',
-		2 => '<font class="medium">'.$hesklang['medium'].'</font>',
-		3 => $hesklang['low']
-	);
+    $options = array(
+        0 => '<span class="critical">' . $hesklang['critical'] . '</span>',
+        1 => '<span class="important">' . $hesklang['high'] . '</span>',
+        2 => '<span class="medium">' . $hesklang['medium'] . '</span>',
+        3 => $hesklang['low']
+    );
 
-    $revision = sprintf($hesklang['thist8'],hesk_date(),$options[$priority],$_SESSION['name'].' ('.$_SESSION['user'].')');
+    $plain_options = array(
+        0 => 'critical',
+        1 => 'high',
+        2 => 'medium',
+        3 => 'low'
+    );
 
-    $priority_sql = ",`priority`='$priority', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
-}
-else
-{
+    $priority_sql = ",`priority`='$priority' ";
+
+    $audit_priority = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
+        1 => $plain_options[$priority]);
+} else {
     $priority_sql = "";
 }
 
 /* Update the original ticket */
-$defaultStatusReplyStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsDefaultStaffReplyStatus` = 1 LIMIT 1"));
-$staffClosedCheckboxStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsStaffClosedOption` = 1 LIMIT 1"));
-$lockedTicketStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `LockedTicketStatus` = 1 LIMIT 1"));
+$defaultStatusReplyStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsDefaultStaffReplyStatus` = 1 LIMIT 1"));
+$staffClosedCheckboxStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsStaffClosedOption` = 1 LIMIT 1"));
+$lockedTicketStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `LockedTicketStatus` = 1 LIMIT 1"));
 
-$new_status = empty($_POST['close']) ? $defaultStatusReplyStatus['ID'] : $staffClosedCheckboxStatus['ID'];
+// Get new ticket status
+$sql_status = '';
+$change_status = true;
+// -> If locked, keep it resolved
+if ($ticket['locked']) {
+    $new_status = $lockedTicketStatus['ID'];
+} elseif (isset($_POST['submit_as_status'])) {
+    $new_status = $_POST['submit_as_status'];
 
-/* --> If a ticket is locked keep it closed */
-if ($ticket['locked'])
-{
-	$new_status = $lockedTicketStatus['ID'];
+    if ($ticket['status'] != $new_status) {
+        // Does this status close the ticket?
+        $newStatusRs = hesk_dbQuery('SELECT `IsClosed`, `Key` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `ID` = ' . intval($new_status));
+        $newStatus = hesk_dbFetchAssoc($newStatusRs);
+
+        if ($newStatus['IsClosed'] && hesk_checkPermission('can_resolve', 0)) {
+            $audit_closed = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
+            $audit_status = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
+                1 => mfh_getDisplayTextForStatusId($new_status)
+            );
+            $sql_status = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . " ";
+
+            // Lock the ticket if customers are not allowed to reopen tickets
+            if ($hesk_settings['custopen'] != 1) {
+                $sql_status .= " , `locked`='1' ";
+            }
+        } else {
+            // Ticket isn't being closed, just add the history to the sql query (or tried to close but doesn't have permission)
+            $audit_status = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
+                1 => mfh_getDisplayTextForStatusId($new_status));
+        }
+    }
+} // -> Submit as Customer reply
+elseif ($submit_as_customer) {
+    //Get the status ID for customer replies
+    $customerReplyStatusRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsCustomerReplyStatus` = 1 LIMIT 1');
+    $customerReplyStatus = hesk_dbFetchAssoc($customerReplyStatusRs);
+    $new_status = $customerReplyStatus['ID'];
+
+    if ($ticket['status'] != $new_status) {
+        $audit_customer_status = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
+            1 => mfh_getDisplayTextForStatusId($new_status));
+    }
+} // -> Default: submit as "Replied by staff"
+else {
+    //Get the status ID for staff replies
+    $staffReplyStatusRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1 LIMIT 1');
+    $staffReplyStatus = hesk_dbFetchAssoc($staffReplyStatusRs);
+    $new_status = $staffReplyStatus['ID'];
 }
 
-$sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$new_status}', `lastreplier`='1', `replierid`='".intval($_SESSION['id'])."' ";
+$sql = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$new_status}',";
+$sql .= $submit_as_customer ? "`lastreplier`='0', `replierid`='0' " : "`lastreplier`='1', `replierid`='" . intval($_SESSION['id']) . "' ";
+
 
 /* Update time_worked or force update lastchange */
-if ($time_worked == '00:00:00')
-{
-	$sql .= ", `lastchange` = NOW() ";
-}
-else
-{
-	$sql .= ",`time_worked` = ADDTIME(`time_worked`,'" . hesk_dbEscape($time_worked) . "') ";
+if ($time_worked == '00:00:00') {
+    $sql .= ", `lastchange` = NOW() ";
+} else {
+    $parts = explode(':', $ticket['time_worked']);
+    $seconds = ($parts[0] * 3600) + ($parts[1] * 60) + $parts[2];
+
+    $parts = explode(':', $time_worked);
+    $seconds += ($parts[0] * 3600) + ($parts[1] * 60) + $parts[2];
+
+    require(HESK_PATH . 'inc/reporting_functions.inc.php');
+    $ticket['time_worked'] = hesk_SecondsToHHMMSS($seconds);
+
+    $sql .= ",`time_worked` = ADDTIME(`time_worked`,'" . hesk_dbEscape($time_worked) . "') ";
 }
 
-if ( ! empty($_POST['assign_self']) && hesk_checkPermission('can_assign_self',0))
-{
-	$revision = sprintf($hesklang['thist2'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')',$_SESSION['name'].' ('.$_SESSION['user'].')');
-    $sql .= " , `owner`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
+if (!empty($_POST['assign_self']) && (hesk_checkPermission('can_assign_self', 0) || (isset($_REQUEST['isManager']) && $_REQUEST['isManager']))) {
+    $audit_assigned_self = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
+    $sql .= " , `owner`=" . intval($_SESSION['id']) . " ";
 }
 
 $sql .= " $priority_sql ";
+$sql .= " $sql_status ";
 
 
-$isNewStatusClosed = empty($_POST['close']) ? $defaultStatusReplyStatus['IsClosed'] : $staffClosedCheckboxStatus['IsClosed'];
-if ($isNewStatusClosed)
-{
-    $revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
-    $sql .= " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
-
-    if ($hesk_settings['custopen'] != 1)
-    {
-		$sql .= " , `locked`='1' ";
-    }
+if (!$ticket['firstreplyby']) {
+    $sql .= " , `firstreply`=NOW(), `firstreplyby`=" . intval($_SESSION['id']) . " ";
 }
-$sql .= " WHERE `id`='{$replyto}' LIMIT 1";
+
+// Keep track of replies to this ticket for easier reporting
+$sql .= " , `replies`=`replies`+1 ";
+$sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 ";
+
+// End and execute the query
+$sql .= " WHERE `id`='{$replyto}'";
 hesk_dbQuery($sql);
 unset($sql);
 
 /* Update number of replies in the users table */
-hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `replies`=`replies`+1 WHERE `id`='".intval($_SESSION['id'])."' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "'");
+
+//-- Insert necessary audit trail records
+if ($audit_priority != null) {
+    mfh_insert_audit_trail_record($replyto, 'TICKET', 'audit_priority', hesk_date(), $audit_priority);
+}
+
+if ($audit_closed != null) {
+    mfh_insert_audit_trail_record($replyto, 'TICKET', 'audit_closed', hesk_date(), $audit_closed);
+}
+
+if ($audit_status != null) {
+    mfh_insert_audit_trail_record($replyto, 'TICKET', 'audit_status', hesk_date(), $audit_status);
+}
+
+if ($audit_customer_status != null) {
+    mfh_insert_audit_trail_record($replyto, 'TICKET', 'audit_status', hesk_date(),
+        $audit_customer_status);
+}
+
+if ($audit_assigned_self != null) {
+    mfh_insert_audit_trail_record($replyto, 'TICKET', 'audit_assigned_self', hesk_date(), $audit_assigned_self);
+}
+
 
 // --> Prepare reply message
 
 // 1. Generate the array with ticket info that can be used in emails
 $info = array(
-'email'			=> $ticket['email'],
-'category'		=> $ticket['category'],
-'priority'		=> $ticket['priority'],
-'owner'			=> $ticket['owner'],
-'trackid'		=> $ticket['trackid'],
-'status'		=> $new_status,
-'name'			=> $ticket['name'],
-'lastreplier'	=> $_SESSION['name'],
-'subject'		=> $ticket['subject'],
-'message'		=> stripslashes($message),
-'attachments'	=> $myattachments,
-'dt'			=> hesk_date($ticket['dt']),
-'lastchange'	=> hesk_date($ticket['lastchange']),
+    'email' => $ticket['email'],
+    'category' => $ticket['category'],
+    'priority' => $ticket['priority'],
+    'owner' => $ticket['owner'],
+    'trackid' => $ticket['trackid'],
+    'status' => $new_status,
+    'name' => $ticket['name'],
+    'lastreplier' => ($submit_as_customer ? $ticket['name'] : $_SESSION['name']),
+    'subject' => $ticket['subject'],
+    'message' => stripslashes($message),
+    'attachments' => $myattachments,
+    'dt' => hesk_date($ticket['dt'], true),
+    'lastchange' => hesk_date($ticket['lastchange'], true),
+    'id' => $ticket['id'],
+    'language' => $ticket['language'],
+    'time_worked'   => $ticket['time_worked'],
+    'last_reply_by'	=> ($submit_as_customer ? $ticket['name'] : $_SESSION['name']),
 );
 
 // 2. Add custom fields to the array
-foreach ($hesk_settings['custom_fields'] as $k => $v)
-{
-	$info[$k] = $v['use'] ? $ticket[$k] : '';
+foreach ($hesk_settings['custom_fields'] as $k => $v) {
+    $info[$k] = $v['use'] ? $ticket[$k] : '';
 }
 
 // 3. Make sure all values are properly formatted for email
 $ticket = hesk_ticketToPlain($info, 1, 0);
 
-// Notify the customer
-if ( ! isset($_POST['no_notify']) || intval( hesk_POST('no_notify') ) != 1)
-{
-	hesk_notifyCustomer('new_reply_by_staff');
+// Notify the assigned staff?
+if ($submit_as_customer) {
+    if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id']) {
+        hesk_notifyAssignedStaff(false, 'new_reply_by_customer', $modsForHesk_settings, 'notify_reply_my');
+    }
+} // Notify customer?
+elseif (!isset($_POST['no_notify']) || intval(hesk_POST('no_notify')) != 1) {
+    hesk_notifyCustomer($modsForHesk_settings, 'new_reply_by_staff');
 }
 
+// Delete any existing drafts from this owner for this ticket
+hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
+
 /* Set reply submitted message */
 $_SESSION['HESK_SUCCESS'] = TRUE;
 $_SESSION['HESK_MESSAGE'] = $hesklang['reply_submitted'];
-if (!empty($_POST['close']))
-{
-    $_SESSION['HESK_MESSAGE'] .= '<br /><br />'.$hesklang['ticket_marked'].' <span class="resolved">'.$hesklang['closed'].'</span>';
-}
 
 /* What to do after reply? */
-if ($_SESSION['afterreply'] == 1)
-{
-	header('Location: admin_main.php');
-}
-elseif ($_SESSION['afterreply'] == 2)
-{
-	/* Get the next open ticket that needs a reply */
-    $res  = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('0','".intval($_SESSION['id'])."') AND " . hesk_myCategories() . " AND `status` IN ('0','1') ORDER BY `owner` DESC, `priority` ASC LIMIT 1");
+if ($_SESSION['afterreply'] == 1) {
+    header('Location: admin_main.php');
+} elseif ($_SESSION['afterreply'] == 2) {
+    /* Get the next open ticket that needs a reply */
+    $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `owner` IN ('0','" . intval($_SESSION['id']) . "') AND " . hesk_myCategories() . " AND `status` IN (SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses`
+                        WHERE `IsNewTicketStatus` = 1 OR `IsCustomerReplyStatus` = 1 OR `IsStaffReopenedStatus` = 1) ORDER BY `owner` DESC, `priority` ASC LIMIT 1");
 
-    if (hesk_dbNumRows($res) == 1)
-    {
-    	$row = hesk_dbFetchAssoc($res);
-        $_SESSION['HESK_MESSAGE'] .= '<br /><br />'.$hesklang['rssn'];
-        header('Location: admin_ticket.php?track='.$row['trackid'].'&Refresh='.rand(10000,99999));
+    if (hesk_dbNumRows($res) == 1) {
+        $row = hesk_dbFetchAssoc($res);
+        $_SESSION['HESK_MESSAGE'] .= '<br /><br />' . $hesklang['rssn'];
+        header('Location: admin_ticket.php?track=' . $row['trackid'] . '&Refresh=' . rand(10000, 99999));
+    } else {
+        header('Location: admin_main.php');
     }
-    else
-    {
-		header('Location: admin_main.php');
-    }
-}
-else
-{
-	header('Location: admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
+} else {
+    header('Location: admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . rand(10000, 99999));
 }
 exit();
 ?>

admin/admin_submit_ticket.php

@@ -1,39 +1,18 @@
 <?php
-/*******************************************************************************
-*  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
-*  Author: Klemen Stirn
-*  Website: http://www.hesk.com
-********************************************************************************
-*  COPYRIGHT AND TRADEMARK NOTICE
-*  Copyright 2005-2013 Klemen Stirn. All Rights Reserved.
-*  HESK is a registered trademark of Klemen Stirn.
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
 
-*  The HESK may be used and modified free of charge by anyone
-*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
-*  By using this code you agree to indemnify Klemen Stirn from any
-*  liability that might arise from it's use.
-
-*  Selling the code for this program, in part or full, without prior
-*  written consent is expressly forbidden.
-
-*  Using this code, in part or full, to create derivate work,
-*  new scripts or products is expressly forbidden. Obtain permission
-*  before redistributing this software over the Internet or in
-*  any other medium. In all cases copyright and header must remain intact.
-*  This Copyright is in full effect in any country that has International
-*  Trade Agreements with the United States of America or
-*  with the European Union.
-
-*  Removing any of the copyright notices without purchasing a license
-*  is expressly forbidden. To remove HESK copyright notice you must purchase
-*  a license for this script. For more information on how to obtain
-*  a license please visit the page below:
-*  https://www.hesk.com/buy.php
-*******************************************************************************/
-
-define('IN_SCRIPT',1);
-define('HESK_PATH','../');
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
 
 // Get all the required files and functions
 require(HESK_PATH . 'hesk_settings.inc.php');
@@ -41,74 +20,155 @@ require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
 hesk_load_database_functions();
 require(HESK_PATH . 'inc/email_functions.inc.php');
+require(HESK_PATH . 'inc/htmLawed.php');
 require(HESK_PATH . 'inc/posting_functions.inc.php');
 
 hesk_session_start();
 hesk_dbConnect();
 hesk_isLoggedIn();
+$modsForHesk_settings = mfh_getSettings();
 
 // We only allow POST requests from the HESK form to this file
-if ( $_SERVER['REQUEST_METHOD'] != 'POST' )
-{
-	header('Location: admin_main.php');
-	exit();
+if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+    header('Location: admin_main.php');
+    exit();
 }
 
 // Check for POST requests larger than what the server can handle
-if ( empty($_POST) && ! empty($_SERVER['CONTENT_LENGTH']) )
-{
-	hesk_error($hesklang['maxpost']);
+if (empty($_POST) && !empty($_SERVER['CONTENT_LENGTH'])) {
+    hesk_error($hesklang['maxpost']);
 }
 
 $hesk_error_buffer = array();
 
-$tmpvar['name']	    = hesk_input( hesk_POST('name') ) or $hesk_error_buffer['name']=$hesklang['enter_your_name'];
-$tmpvar['email']	= hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
-$tmpvar['category'] = intval( hesk_POST('category') ) or $hesk_error_buffer['category']=$hesklang['sel_app_cat'];
-$tmpvar['priority'] = intval( hesk_POST('priority') );
+if ($hesk_settings['can_sel_lang']) {
+    $tmpvar['language'] = hesk_POST('customerLanguage');
+}
+$tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
+$email_available = true;
 
-if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3)
-{
-    $hesk_error_buffer['priority']=$hesklang['sel_app_priority'];
+if ($hesk_settings['require_email']) {
+    $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
+} else {
+    $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
+
+    // Not required, but must be valid if it is entered
+    if ($tmpvar['email'] == '') {
+        $email_available = false;
+
+        if (strlen(hesk_POST('email'))) {
+            $hesk_error_buffer['email'] = $hesklang['not_valid_email'];
+        }
+    }
+}
+if ($hesk_settings['multi_eml']) {
+    $tmpvar['email'] = str_replace(';',',', $tmpvar['email']);
+}
+$tmpvar['category'] = intval(hesk_POST('category')) or $hesk_error_buffer['category'] = $hesklang['sel_app_cat'];
+$tmpvar['priority'] = hesk_POST('priority');
+$tmpvar['priority'] = strlen($tmpvar['priority']) ? intval($tmpvar['priority']) : -1;
+
+if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3) {
+    // If we are showing "Click to select" priority needs to be selected
+    if ($hesk_settings['select_pri']) {
+        $tmpvar['priority'] = -1;
+        $hesk_error_buffer['priority'] = $hesklang['select_priority'];
+    } else {
+        $tmpvar['priority'] = 3;
+    }
 }
 
-$tmpvar['subject']  = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer['subject']=$hesklang['enter_ticket_subject'];
-$tmpvar['message']  = hesk_input( hesk_POST('message') ) or $hesk_error_buffer['message']=$hesklang['enter_message'];
+$tmpvar['subject'] = hesk_input( hesk_POST('subject') );
+if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
+    $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
+}
+
+$tmpvar['message']  = hesk_input( hesk_POST('message') );
+if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
+    $hesk_error_buffer['message'] = $hesklang['enter_message'];
+}
 
 // Is category a valid choice?
-if ($tmpvar['category'])
-{
-	hesk_verifyCategory(1);
+if ($tmpvar['category']) {
+    if ( ! hesk_checkPermission('can_submit_any_cat', 0) && ! hesk_okCategory($tmpvar['category'], 0) ) {
+        hesk_process_messages($hesklang['noauth_submit'],'new_ticket.php');
+    }
 
-	// Is auto-assign of tickets disabled in this category?
-	if ( empty($hesk_settings['category_data'][$tmpvar['category']]['autoassign']) )
-	{
-		$hesk_settings['autoassign'] = false;
-	}
+    hesk_verifyCategory(1);
+
+    // Is auto-assign of tickets disabled in this category?
+    if (empty($hesk_settings['category_data'][$tmpvar['category']]['autoassign'])) {
+        $hesk_settings['autoassign'] = false;
+    }
 }
 
 // Custom fields
-foreach ($hesk_settings['custom_fields'] as $k=>$v)
-{
-	if ($v['use'] && isset($_POST[$k]))
-    {
-       	if (is_array($_POST[$k]))
+foreach ($hesk_settings['custom_fields'] as $k=>$v) {
+    if ($v['use'] && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
+        if ($v['type'] == 'checkbox') {
+            $tmpvar[$k]='';
+
+            if (isset($_POST[$k]) && is_array($_POST[$k])) {
+                foreach ($_POST[$k] as $myCB) {
+                    $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';;
+                }
+                $tmpvar[$k]=substr($tmpvar[$k],0,-6);
+            } else {
+                if ($v['req'] == 2) {
+                    $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                }
+                $_POST[$k] = '';
+            }
+        } elseif ($v['type'] == 'date') {
+            $tmpvar[$k] = hesk_POST($k);
+            $_SESSION["as_$k"] = '';
+            if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
+                $date = strtotime($tmpvar[$k] . ' t00:00:00 UTC');
+                $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00 UTC') : false;
+                $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00 UTC') : false;
+
+                $_SESSION["as_$k"] = $tmpvar[$k];
+
+                if ($dmin && $dmin > $date) {
+                    $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
+                } elseif ($dmax && $dmax < $date) {
+                    $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
+                } else {
+                    $tmpvar[$k] = $date;
+                }
+            } else {
+                $tmpvar[$k] = '';
+
+                if ($v['req'] == 2) {
+                    $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                }
+            }
+        } elseif ($v['type'] == 'email')
         {
-			$tmpvar[$k]='';
-			foreach ($_POST[$k] as $myCB)
-			{
-				$tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';
-			}
-			$tmpvar[$k]=substr($tmpvar[$k],0,-6);
+            $tmp = $hesk_settings['multi_eml'];
+            $hesk_settings['multi_eml'] = $v['value']['multiple'];
+            $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
+            $hesk_settings['multi_eml'] = $tmp;
+
+            if ($tmpvar[$k] != '') {
+                $_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
+            } else {
+                $_SESSION["as_$k"] = '';
+
+                if ($v['req'] == 2) {
+                    $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
+                }
+            }
+        } elseif ($v['req'] == 2) {
+            $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
+            if ($tmpvar[$k] == '') {
+                $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+            }
+        } else {
+            $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
         }
-        else
-        {
-    		$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input($_POST[$k])));
-        }
-	}
-    else
-    {
-    	$tmpvar[$k] = '';
+    } else {
+        $tmpvar[$k] = '';
     }
 }
 
@@ -116,171 +176,173 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v)
 $tmpvar['trackid'] = hesk_createID();
 
 // Log who submitted ticket
-$tmpvar['history'] = sprintf($hesklang['thist7'], hesk_date(), $_SESSION['name'].' ('.$_SESSION['user'].')');
+$tmpvar['openedby'] = $_SESSION['id'];
 
 // Owner
 $tmpvar['owner'] = 0;
-if (hesk_checkPermission('can_assign_others',0))
-{
-	$tmpvar['owner'] = intval( hesk_POST('owner') );
+$autoassign_owner = null;
+if (hesk_checkPermission('can_assign_others', 0)) {
+    $tmpvar['owner'] = intval(hesk_POST('owner'));
 
-	// If ID is -1 the ticket will be unassigned
-	if ($tmpvar['owner'] == -1)
-	{
-		$tmpvar['owner'] = 0;
-	}
-    // Automatically assign owner?
-    elseif ($tmpvar['owner'] == -2 && $hesk_settings['autoassign'] == 1)
-    {
-		$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
-		if ($autoassign_owner)
-		{
-			$tmpvar['owner']    = intval($autoassign_owner['id']);
-			$tmpvar['history'] .= sprintf($hesklang['thist10'],hesk_date(),$autoassign_owner['name'].' ('.$autoassign_owner['user'].')');
-		}
-        else
-        {
-        	$tmpvar['owner'] = 0;
+    // If ID is -1 the ticket will be unassigned
+    if ($tmpvar['owner'] == -1) {
+        $tmpvar['owner'] = 0;
+    } // Automatically assign owner?
+    elseif ($tmpvar['owner'] == -2 && $hesk_settings['autoassign'] == 1) {
+        $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
+        if ($autoassign_owner) {
+            $tmpvar['owner'] = intval($autoassign_owner['id']);
+        } else {
+            $tmpvar['owner'] = 0;
+        }
+    } // Check for invalid owner values
+    elseif ($tmpvar['owner'] < 1) {
+        $tmpvar['owner'] = 0;
+    } else {
+        // Has the new owner access to the selected category?
+        $res = hesk_dbQuery("SELECT `name`,`isadmin`,`categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='{$tmpvar['owner']}' LIMIT 1");
+        if (hesk_dbNumRows($res) == 1) {
+            $row = hesk_dbFetchAssoc($res);
+            if (!$row['isadmin']) {
+                $row['categories'] = explode(',', $row['categories']);
+                if (!in_array($tmpvar['category'], $row['categories'])) {
+                    $_SESSION['isnotice'][] = 'category';
+                    $hesk_error_buffer['owner'] = $hesklang['onasc'];
+                }
+            }
+        } else {
+            $_SESSION['isnotice'][] = 'category';
+            $hesk_error_buffer['owner'] = $hesklang['onasc'];
         }
     }
-    // Check for invalid owner values
-	elseif ($tmpvar['owner'] < 1)
-	{
-	    $tmpvar['owner'] = 0;
-	}
-    else
-    {
-	    // Has the new owner access to the selected category?
-		$res = hesk_dbQuery("SELECT `name`,`isadmin`,`categories` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$tmpvar['owner']}' LIMIT 1");
-	    if (hesk_dbNumRows($res) == 1)
-	    {
-	    	$row = hesk_dbFetchAssoc($res);
-	        if (!$row['isadmin'])
-	        {
-				$row['categories']=explode(',',$row['categories']);
-				if (!in_array($tmpvar['category'],$row['categories']))
-				{
-                	$_SESSION['isnotice'][] = 'category';
-					$hesk_error_buffer['owner']=$hesklang['onasc'];
-				}
-	        }
-	    }
-	    else
-	    {
-        	$_SESSION['isnotice'][] = 'category';
-	    	$hesk_error_buffer['owner']=$hesklang['onasc'];
-	    }
-    }
-}
-elseif (hesk_checkPermission('can_assign_self',0) && hesk_okCategory($tmpvar['category'],0) && !empty($_POST['assing_to_self']))
-{
-	$tmpvar['owner'] = intval($_SESSION['id']);
+} elseif (hesk_checkPermission('can_assign_self', 0) && hesk_okCategory($tmpvar['category'], 0) && !empty($_POST['assing_to_self'])) {
+    $tmpvar['owner'] = intval($_SESSION['id']);
 }
 
 // Notify customer of the ticket?
-$notify = ! empty($_POST['notify']) ? 1 : 0;
+$notify = (!empty($_POST['notify']) && !empty($tmpvar['email'])) ? 1 : 0;
 
 // Show ticket after submission?
-$show = ! empty($_POST['show']) ? 1 : 0;
+$show = !empty($_POST['show']) ? 1 : 0;
 
 // Attachments
-if ($hesk_settings['attachments']['use'])
-{
+if ($hesk_settings['attachments']['use']) {
     require_once(HESK_PATH . 'inc/attachments.inc.php');
 
     $attachments = array();
-    $trackingID  = $tmpvar['trackid'];
-    
-    for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
-    {
-        $att = hesk_uploadFile($i);
-        if ($att !== false && !empty($att))
-        {
-            $attachments[$i] = $att;
+    $trackingID = $tmpvar['trackid'];
+
+    $use_legacy_attachments = hesk_POST('use-legacy-attachments', 0);
+
+    if ($use_legacy_attachments) {
+        for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
+            $att = hesk_uploadFile($i);
+            if ($att !== false && !empty($att)) {
+                $attachments[$i] = $att;
+            }
+        }
+    } else {
+        // The user used the new drag-and-drop system.
+        $temp_attachment_ids = hesk_POST_array('attachment-ids');
+        foreach ($temp_attachment_ids as $temp_attachment_id) {
+            // Simply get the temp info and move it to the attachments table
+            $temp_attachment = mfh_getTemporaryAttachment($temp_attachment_id);
+            $attachments[] = $temp_attachment;
+            mfh_deleteTemporaryAttachment($temp_attachment_id);
         }
     }
 }
 $tmpvar['attachments'] = '';
 
 // If we have any errors lets store info in session to avoid re-typing everything
-if (count($hesk_error_buffer)!=0)
-{
-	$_SESSION['iserror'] = array_keys($hesk_error_buffer);
+if (count($hesk_error_buffer) != 0) {
+    $_SESSION['iserror'] = array_keys($hesk_error_buffer);
 
-    $_SESSION['as_name']     =  hesk_POST('name');
-    $_SESSION['as_email']    =  hesk_POST('email');
-    $_SESSION['as_category'] =  hesk_POST('category');
-    $_SESSION['as_priority'] =  hesk_POST('priority');
-    $_SESSION['as_subject']  =  hesk_POST('subject');
-    $_SESSION['as_message']  =  hesk_POST('message');
-    $_SESSION['as_owner']    = $tmpvar['owner'];
-    $_SESSION['as_notify']   = $notify;
-    $_SESSION['as_show']     = $show;
+    $_SESSION['as_name'] = hesk_POST('name');
+    $_SESSION['as_email'] = hesk_POST('email');
+    $_SESSION['as_priority'] = $tmpvar['priority'];
+    $_SESSION['as_subject'] = hesk_POST('subject');
+    $_SESSION['as_message'] = hesk_POST('message');
+    $_SESSION['as_owner'] = $tmpvar['owner'];
+    $_SESSION['as_notify'] = $notify;
+    $_SESSION['as_show'] = $show;
 
-	foreach ($hesk_settings['custom_fields'] as $k=>$v)
-	{
-		if ($v['use'])
-		{
-			$_SESSION["as_$k"] =  hesk_POST($k);
-		}
-	}
+    foreach ($hesk_settings['custom_fields'] as $k => $v) {
+        if ($v['use'] && ! in_array($v['type'], array('date', 'email'))) {
+            $_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
+        }
+    }
 
     $tmp = '';
-    foreach ($hesk_error_buffer as $error)
-    {
+    foreach ($hesk_error_buffer as $error) {
         $tmp .= "<li>$error</li>\n";
     }
     $hesk_error_buffer = $tmp;
 
-	// Remove any successfully uploaded attachments
-	if ($hesk_settings['attachments']['use'])
-	{
-		hesk_removeAttachments($attachments);
-	}
+    // Remove any successfully uploaded attachments
+    if ($hesk_settings['attachments']['use']) {
+        hesk_removeAttachments($attachments);
+    }
 
-    $hesk_error_buffer = $hesklang['pcer'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
-    hesk_process_messages($hesk_error_buffer,'new_ticket.php');
+    $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
+    hesk_process_messages($hesk_error_buffer,'new_ticket.php?category='.$tmpvar['category']);
 }
 
-if ($hesk_settings['attachments']['use'] && !empty($attachments))
-{
-    foreach ($attachments as $myatt)
-    {
-        hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($tmpvar['trackid'])."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')");
-        $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] .',';
+if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
+    foreach ($attachments as $myatt) {
+        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
+        $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . '#' . $myatt['saved_name'] . ',';
     }
 }
 
-$tmpvar['message']=hesk_makeURL($tmpvar['message']);
-$tmpvar['message']=nl2br($tmpvar['message']);
+if (!$modsForHesk_settings['rich_text_for_tickets']) {
+    $tmpvar['message'] = hesk_makeURL($tmpvar['message']);
+    $tmpvar['message'] = nl2br($tmpvar['message']);
+}
+
+// Track who assigned the ticket
+if ($tmpvar['owner'] > 0) {
+    $tmpvar['assignedby'] = !empty($autoassign_owner) ? -1 : $_SESSION['id'];
+}
+
+$tmpvar['latitude'] = hesk_POST('latitude', 'E-4');
+$tmpvar['longitude'] = hesk_POST('longitude', 'E-4');
+
+$tmpvar['html'] = $modsForHesk_settings['rich_text_for_tickets'];
+$tmpvar['due_date'] = hesk_POST('due-date');
+
+// Set user agent and screen res to null
+$tmpvar['user_agent'] = NULL;
+$tmpvar['screen_resolution_height'] = "NULL";
+$tmpvar['screen_resolution_width'] = "NULL";
 
 // Insert ticket to database
 $ticket = hesk_newTicket($tmpvar);
 
+mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_created', hesk_date(),
+    array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'));
+
+if ($autoassign_owner) {
+    mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_autoassigned', hesk_date(),
+        array(0 => $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')'));
+}
+
 // Notify the customer about the ticket?
-if ($notify)
-{
-	hesk_notifyCustomer();
+if ($notify && $email_available) {
+    hesk_notifyCustomer($modsForHesk_settings);
 }
 
 // If ticket is assigned to someone notify them?
-if ($ticket['owner'] && $ticket['owner'] != intval($_SESSION['id']))
-{
-	// If we don't have info from auto-assign get it from database
-    if ( ! isset($autoassign_owner['email']) )
-    {
-		hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you');
-	}
-    else
-    {
-		hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you');
+if ($ticket['owner'] && $ticket['owner'] != intval($_SESSION['id'])) {
+    // If we don't have info from auto-assign get it from database
+    if (!isset($autoassign_owner['email'])) {
+        hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you', $modsForHesk_settings);
+    } else {
+        hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you', $modsForHesk_settings);
     }
-}
-
-// Ticket unassigned, notify everyone that selected to be notified about unassigned tickets
-elseif ( ! $ticket['owner'])
-{
-	hesk_notifyStaff('new_ticket_staff', " `id` != ".intval($_SESSION['id'])." AND `notify_new_unassigned` = '1' ");
+} // Ticket unassigned, notify everyone that selected to be notified about unassigned tickets
+elseif (!$ticket['owner']) {
+    hesk_notifyStaff('new_ticket_staff', " `id` != " . intval($_SESSION['id']) . " AND `notify_new_unassigned` = '1' ", $modsForHesk_settings);
 }
 
 // Unset temporary variables
@@ -295,28 +357,19 @@ hesk_cleanSessionVars('as_message');
 hesk_cleanSessionVars('as_owner');
 hesk_cleanSessionVars('as_notify');
 hesk_cleanSessionVars('as_show');
-foreach ($hesk_settings['custom_fields'] as $k=>$v)
-{
-	if ($v['use'])
-	{
-        hesk_cleanSessionVars("as_$k");
-	}                    
+foreach ($hesk_settings['custom_fields'] as $k => $v) {
+    hesk_cleanSessionVars("as_$k");
 }
 
 // If ticket has been assigned to the person submitting it lets show a message saying so
-if ($ticket['owner'] && $ticket['owner'] == intval($_SESSION['id']))
-{
-	$hesklang['new_ticket_submitted'] .= '<br />&nbsp;<br />
+if ($ticket['owner'] && $ticket['owner'] == intval($_SESSION['id'])) {
+    $hesklang['new_ticket_submitted'] .= '<br />&nbsp;<br />
     <span class="glyphicon glyphicon-comment"></span> <b>' . (isset($autoassign_owner) ? $hesklang['taasy'] : $hesklang['tasy']) . '</b>';
 }
 
 // Show the ticket or just the success message
-if ($show)
-{
-	hesk_process_messages($hesklang['new_ticket_submitted'],'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000,99999), 'SUCCESS');
-}
-else
-{
-	hesk_process_messages($hesklang['new_ticket_submitted'].'. <a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000,99999) . '">' . $hesklang['view_ticket'] . '</a>', 'new_ticket.php', 'SUCCESS');
-}
-?>
+if ($show) {
+    hesk_process_messages($hesklang['new_ticket_submitted'], 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
+} else {
+    hesk_process_messages($hesklang['new_ticket_submitted'] . '. <a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999) . '">' . $hesklang['view_ticket'] . '</a>', 'new_ticket.php', 'SUCCESS');
+}

admin/anonymize_ticket.php

@@ -0,0 +1,43 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/privacy_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+// Check permissions for this feature
+hesk_checkPermission('can_privacy');
+
+// A security check
+hesk_token_check();
+
+// Tracking ID
+$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
+
+// Anonymize the ticket and redirect back
+if (hesk_anonymizeTicket(0, $trackingID))
+{
+    hesk_process_messages($hesklang['success_anon'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
+}
+
+hesk_error($hesklang['no_permission']);

admin/api_settings.php

@@ -0,0 +1,227 @@
+<?php
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'ADMIN_API_SETTINGS');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
+
+// Make sure the install folder is deleted
+if (is_dir(HESK_PATH . 'install')) {
+    die('Please delete the <b>install</b> folder from your server for security reasons then refresh this page!');
+}
+
+// Get all the required files and functions
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+// Check permissions for this feature
+hesk_checkPermission('can_man_settings');
+
+$modsForHesk_settings = mfh_getSettings();
+
+define('EXTRA_JS', '<script src="'.HESK_PATH.'internal-api/js/api-settings.js"></script>');
+// Print header
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+
+// Print main manage users page
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+<div class="content-wrapper">
+    <section class="content">
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['api_information']; ?>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
+            </div>
+        </div>
+        <div class="box-body">
+            <table class="table table-striped table-fixed">
+                <tr>
+                    <td class="text-right">
+                        <?php echo $hesklang['api_version']; ?>
+                    </td>
+                    <td class="warning">
+                        <?php echo $hesklang['beta_text']; ?>
+                    </td>
+                </tr>
+                <tr>
+                    <td class="text-right">
+                        <?php echo $hesklang['external_api']; ?>
+                    </td>
+                    <td class="success" id="public-api-sidebar">
+                        <?php
+                        $enabled = $modsForHesk_settings['public_api'] == '1' ? '' : 'hide';
+                        $disabled = $modsForHesk_settings['public_api'] == '1' ? 'hide' : '';
+                        ?>
+                        <span id="public-api-sidebar-disabled" class="<?php echo $disabled; ?>">
+                            <?php echo $hesklang['disabled_title_case']; ?>
+                        </span>
+                        <span id="public-api-sidebar-enabled"  class="<?php echo $enabled; ?>">
+                            <?php echo $hesklang['enabled_title_case']; ?>
+                        </span>
+                    </td>
+                </tr>
+            </table>
+        </div>
+    </div>
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['api_settings']; ?>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
+            </div>
+        </div>
+        <div class="box-body nav-tabs-custom">
+            <ul class="nav nav-tabs">
+                <li class="active"><a href="#general" data-toggle="tab"><?php echo $hesklang['tab_1']; ?></a></li>
+                <li><a href="#user-security" data-toggle="tab"><?php echo $hesklang['user_security']; ?></a></li>
+                <li><a href="https://mods-for-hesk.readme.io/reference" target="_blank"><?php echo $hesklang['api_documentation']; ?> <i class="fa fa-external-link"></i></a></li>
+            </ul>
+            <div class="tab-content summaryList tabPadding">
+                <div class="tab-pane fade in active" id="general">
+                    <form class="form-horizontal">
+                        <div class="form-group">
+                            <label for="public-api" class="col-sm-3 control-label">
+                                <?php echo $hesklang['external_api']; ?>
+                                <i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
+                                   title="<?php echo $hesklang['external_api']; ?>"
+                                   data-content="<?php echo $hesklang['external_api_help']; ?>"></i>
+                            </label>
+                            <div class="col-sm-9">
+                                <span class="btn-group" data-toggle="buttons">
+                                    <?php
+                                    $on = $modsForHesk_settings['public_api'] == '1' ? 'active' : '';
+                                    $off = $modsForHesk_settings['public_api'] == '1' ? '' : 'active';
+                                    ?>
+                                    <label id="enable-api-button" class="btn btn-success <?php echo $on; ?>">
+                                        <input type="radio" name="public-api" value="1"> <i class="fa fa-check-circle"></i>
+                                        <?php echo $hesklang['enable']; ?>
+                                    </label>
+                                    <label id="disable-api-button" class="btn btn-danger <?php echo $off; ?>">
+                                        <input type="radio" name="public-api" value="0"> <i class="fa fa-times-circle"></i>
+                                        <?php echo $hesklang['disable']; ?>
+                                    </label>
+                                </span>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <label for="url-rewrite" class="col-sm-3 control-label">
+                                <?php echo $hesklang['url_rewrite']; ?>
+                                <i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
+                                   title="<?php echo $hesklang['url_rewrite']; ?>"
+                                   data-content="<?php echo $hesklang['url_rewrite_help']; ?>"></i>
+                            </label>
+                            <div class="col-sm-9">
+                            <span class="btn-group" data-toggle="buttons">
+                                <?php
+                                $on = $modsForHesk_settings['api_url_rewrite'] == '1' ? 'active' : '';
+                                $off = $modsForHesk_settings['api_url_rewrite'] == '1' ? '' : 'active';
+                                ?>
+                                <label id="enable-url-rewrite-button" class="btn btn-success <?php echo $on; ?>">
+                                    <input type="radio" name="url-rewrite" value="1"> <i class="fa fa-check-circle"></i>
+                                    <?php echo $hesklang['enable']; ?>
+                                </label>
+                                <label id="disable-url-rewrite-button" class="btn btn-danger <?php echo $off; ?>">
+                                    <input type="radio" name="url-rewrite" value="0"> <i class="fa fa-times-circle"></i>
+                                    <?php echo $hesklang['disable']; ?>
+                                </label>
+                            </span>
+                            </div>
+                        </div>
+                    </form>
+                </div>
+                <div class="tab-pane fade in" id="user-security">
+                    <?php
+                    $users = array();
+                    $userRs = hesk_dbQuery("SELECT `id`, `user`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1'");
+                    while ($row = hesk_dbFetchAssoc($userRs)) {
+                        $row['number_of_tokens'] = 0;
+                        $users[$row['id']] = $row;
+                    }
+                    $tokensRs = hesk_dbQuery("SELECT `user_id`, 1 FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens`");
+                    while ($row = hesk_dbFetchAssoc($tokensRs)) {
+                        $users[$row['user_id']]['number_of_tokens']++;
+                    }
+                    ?>
+                    <table class="table table-striped">
+                        <thead>
+                        <tr>
+                            <th><?php echo $hesklang['username']; ?></th>
+                            <th><?php echo $hesklang['name']; ?></th>
+                            <th><?php echo $hesklang['number_of_tokens']; ?></th>
+                            <th><?php echo $hesklang['actions']; ?></th>
+                        </tr>
+                        </thead>
+                        <tbody>
+                        <?php
+                        foreach ($users as $row):
+                            ?>
+                            <tr>
+                                <td><?php echo $row['user']; ?></td>
+                                <td><?php echo $row['name']; ?></td>
+                                <td id="token-<?php echo $row['id']; ?>-count"><?php echo $row['number_of_tokens']; ?></td>
+                                <td>
+                                <span class="btn-group">
+                                    <button class="btn btn-default btn-xs" onclick="generateToken(<?php echo $row['id']; ?>)">
+                                        <i class="fa fa-plus-circle"></i>
+                                        <?php echo $hesklang['generate_new_token']; ?>
+                                    </button>
+                                    <button class="btn btn-danger btn-xs" onclick="clearTokens(<?php echo $row['id']; ?>)">
+                                        <i class="fa fa-times"></i>
+                                        <?php echo $hesklang['revoke_all_tokens']; ?>
+                                    </button>
+                                </span>
+                                <span>
+                                    <i id="token-<?php echo $row['id']; ?>-success" class="fa fa-check-circle fa-2x green hide media-middle"
+                                       data-toggle="tooltip" title="<?php echo $hesklang['changes_saved']; ?>"></i>
+                                    <i id="token-<?php echo $row['id']; ?>-failure" class="fa fa-times-circle fa-2x red hide media-middle"
+                                       data-toggle="tooltip" title="<?php echo $hesklang['save_failed_check_logs']; ?>"></i>
+                                    <i id="token-<?php echo $row['id']; ?>-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
+                                       data-toggle="tooltip" title="<?php echo $hesklang['saving']; ?>"></i>
+                                </span>
+                                </td>
+                            </tr>
+                            <tr id="token-<?php echo $row['id']; ?>-created" class="success hide">
+                                <td colspan="4">
+                                    <?php echo $hesklang['generated_token_colon']; ?> <code class="token"></code>
+                                    <p><b><?php echo $hesklang['record_this_token_warning']; ?></b></p>
+                                </td>
+                            </tr>
+                            <tr id="token-<?php echo $row['id']; ?>-reset" class="success hide">
+                                <td colspan="4">
+                                    <p><?php echo $hesklang['all_tokens_revoked']; ?></p>
+                                </td>
+                            </tr>
+                            <?php
+                        endforeach;
+                        ?>
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+</section>
+</div>
+<?php
+echo mfh_get_hidden_fields_for_language(array('success', 'url_rewrite_saved', 'api_settings_saved', 'an_error_occurred'));
+
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();

admin/assign_owner.php

@@ -0,0 +1,165 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+hesk_load_database_functions();
+require(HESK_PATH . 'inc/email_functions.inc.php');
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+$modsForHesk_settings = mfh_getSettings();
+
+$can_assign_others = hesk_checkPermission('can_assign_others', 0);
+if ($can_assign_others) {
+    $can_assign_self = TRUE;
+} else {
+    $can_assign_self = hesk_checkPermission('can_assign_self', 0);
+}
+
+/* A security check */
+hesk_token_check();
+
+/* Ticket ID */
+$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
+
+$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+if (hesk_dbNumRows($res) != 1) {
+    hesk_error($hesklang['ticket_not_found']);
+}
+$ticket = hesk_dbFetchAssoc($res);
+
+$_SERVER['PHP_SELF'] = 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999);
+
+/* New owner ID */
+$owner = intval(hesk_REQUEST('owner'));
+
+/* If ID is -1 the ticket will be unassigned */
+if ($owner == -1) {
+    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0, `assignedby`=NULL WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
+    mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_unassigned', hesk_date(),
+        array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'));
+
+    hesk_process_messages($hesklang['tunasi2'], $_SERVER['PHP_SELF'], 'SUCCESS');
+} elseif ($owner < 1) {
+    hesk_process_messages($hesklang['nose'], $_SERVER['PHP_SELF'], 'NOTICE');
+}
+
+/* Verify the new owner and permissions */
+$res = hesk_dbQuery("SELECT `id`,`user`,`name`,`email`,`isadmin`,`categories`,`notify_assigned` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='{$owner}' LIMIT 1");
+$row = hesk_dbFetchAssoc($res);
+
+/* Has new owner access to the category? */
+if (!$row['isadmin']) {
+    $row['categories'] = explode(',', $row['categories']);
+    if (!in_array($ticket['category'], $row['categories'])) {
+        hesk_error($hesklang['unoa']);
+    }
+}
+
+// Make sure two people don't assign a ticket to a different user at the same time
+if ($ticket['owner'] && $ticket['owner'] != $owner && hesk_REQUEST('unassigned') && hesk_GET('confirm') != 'Y') {
+    $new_owner = ($owner == $_SESSION['id']) ? $hesklang['scoy'] : sprintf($hesklang['scot'], $row['name']);
+    $originalOwner = intval($ticket['owner']);
+
+    $res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$originalOwner}' LIMIT 1");
+
+    if (hesk_dbNumRows($res) == 1) {
+        $row = hesk_dbFetchAssoc($res);
+
+        hesk_process_messages(
+            sprintf($hesklang['taat'], $row['name']) .
+            '<br /><br />' .
+            $new_owner .
+            '<br /><br />' .
+            '<a href="assign_owner.php?track='.$ticket['trackid'].'&amp;owner='.$owner.'&amp;token='.hesk_token_echo(0).'&amp;unassigned=1&amp;confirm=Y">'.$hesklang['ycto'].'</a> | ' .
+            '<a href="admin_ticket.php?track='.$ticket['trackid'].'">'.$hesklang['ncto'].'</a>',
+            $_SERVER['PHP_SELF'], 'NOTICE'
+        );
+    }
+}
+
+/* Assigning to self? */
+if ($can_assign_others || ($owner == $_SESSION['id'] && $can_assign_self)) {
+    $assignedby = intval(hesk_SESSION('id'));
+    if ($assignedby > 0) {
+        $assignedby = ',`assignedby`=' . $assignedby;
+    } else {
+        $assignedby = '';
+    }
+
+
+    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} {$assignedby} WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
+
+    if ($owner == $_SESSION['id'] && $can_assign_self) {
+        mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_assigned_self', hesk_date(),
+            array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'));
+    } else {
+        // current user -> assigned user
+        mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_assigned', hesk_date(),
+            array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
+                1 => $row['name'] . ' (' . $row['user'] . ')'));
+    }
+
+    if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) {
+        $_SERVER['PHP_SELF'] = 'admin_main.php';
+    }
+} else {
+    hesk_error($hesklang['no_permission']);
+}
+
+$ticket['owner'] = $owner;
+
+/* --> Prepare message */
+
+// 1. Generate the array with ticket info that can be used in emails
+$info = array(
+    'email' => $ticket['email'],
+    'category' => $ticket['category'],
+    'priority' => $ticket['priority'],
+    'owner' => $ticket['owner'],
+    'trackid' => $ticket['trackid'],
+    'status' => $ticket['status'],
+    'name' => $ticket['name'],
+    'subject' => $ticket['subject'],
+    'message' => $ticket['message'],
+    'attachments' => $ticket['attachments'],
+    'dt' => hesk_date($ticket['dt'], true),
+    'lastchange' => hesk_date($ticket['lastchange'], true),
+    'id' => $ticket['id'],
+    'time_worked'   => $ticket['time_worked'],
+    'last_reply_by' => hesk_getReplierName($ticket),
+);
+
+// 2. Add custom fields to the array
+foreach ($hesk_settings['custom_fields'] as $k => $v) {
+    $info[$k] = $v['use'] ? $ticket[$k] : '';
+}
+
+// 3. Make sure all values are properly formatted for email
+$ticket = hesk_ticketToPlain($info, 1, 0);
+
+/* Notify the new owner? */
+if ($ticket['owner'] != intval($_SESSION['id'])) {
+    hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you', $modsForHesk_settings);
+}
+
+$tmp = ($owner == $_SESSION['id']) ? $hesklang['tasy'] : $hesklang['taso'];
+hesk_process_messages($tmp, $_SERVER['PHP_SELF'], 'SUCCESS');
+?>

admin/banned_emails.php

@@ -0,0 +1,331 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'ADMIN_BANNED_EMAILS');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+/* Check permissions for this feature */
+hesk_checkPermission('can_ban_emails');
+$can_unban = hesk_checkPermission('can_unban_emails', 0);
+
+// Define required constants
+define('LOAD_TABS', 1);
+
+// What should we do?
+if ($action = hesk_REQUEST('a')) {
+    if (defined('HESK_DEMO')) {
+        hesk_process_messages($hesklang['ddemo'], 'banned_emails.php', 'NOTICE');
+    } elseif ($action == 'ban') {
+        ban_email();
+    } elseif ($action == 'unban' && $can_unban) {
+        unban_email();
+    }
+}
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+<div class="content-wrapper">
+    <section class="content">
+    <div class="box">
+        <div class="box-body">
+            <div class="nav-tabs-custom">
+                <ul class="nav nav-tabs" role="tablist">
+                    <li role="presentation" class="active">
+                        <a href="#"><?php echo $hesklang['banemail']; ?> <i class="fa fa-question-circle settingsquestionmark"
+                                                                            onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banemail_intro']); ?>')"></i></a>
+                    </li>
+                    <?php
+                    // Show a link to banned_ips.php if user has permission to do so
+                    if (hesk_checkPermission('can_ban_ips', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>
+            </li>';
+                    }
+                    // Show a link to status_message.php if user has permission to do so
+                    if (hesk_checkPermission('can_service_msg', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
+            </li>';
+                    }
+
+                    // Show a link to email tpl management if user has permission to do so
+                    if (hesk_checkPermission('can_man_email_tpl', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>
+            </li>
+            ';
+                    }
+                    if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
+            </li>
+            ';
+                    }
+                    if (hesk_checkPermission('can_man_settings', 0)) {
+                        echo '<li role="presentation"><a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a></li> ';
+                    }
+                    ?>
+                </ul>
+                <div class="tab-content summaryList tabPadding">
+                    <script language="javascript" type="text/javascript"><!--
+                        function confirm_delete() {
+                            if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {
+                                return true;
+                            }
+                            else {
+                                return false;
+                            }
+                        }
+                        //-->
+                    </script>
+                    <div class="row">
+                        <div class="col-md-8">
+                            <br><br>
+                            <?php
+                            /* This will handle error, success and notice messages */
+                            hesk_handle_messages();
+                            ?>
+                            <form action="banned_emails.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">
+                                <div class="form-group">
+                                    <label for="text" class="col-sm-3 control-label"><?php echo $hesklang['bananemail']; ?></label>
+
+                                    <div class="col-sm-9">
+                                        <input type="text" class="form-control" name="email" size="30" maxlength="255" data-error="<?php echo htmlspecialchars($hesklang['enterbanemail']); ?>"
+                                               placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>" required>
+                                        <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
+                                        <input type="hidden" name="a" value="ban"/>
+                                        <div class="help-block with-errors"></div>
+                                    </div>
+                                </div>
+                                <div class="form-group">
+                                    <div class="col-sm-9 col-sm-offset-3">
+                                        <input type="submit" value="<?php echo $hesklang['savebanemail']; ?>"
+                                               class="btn btn-default">
+                                    </div>
+                                </div>
+                            </form>
+                        </div>
+                        <div class="col-md-4">
+                            <h6 class="bold"><?php echo $hesklang['banex']; ?></h6>
+
+                            <div class="footerWithBorder blankSpace"></div>
+                            <b>john@example.com</b><br/>
+                            <b>@example.com</b>
+                        </div>
+                    </div>
+                    <div class="row">
+                        <div class="col-sm-12">
+                        <?php
+
+                        // Get banned emails from database
+                        $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'banned_emails` ORDER BY `email` ASC');
+                        $num = hesk_dbNumRows($res);
+
+                        echo '<h4>' . $hesklang['eperm'] . '</h4>';
+                        if ($num < 1) {
+                            echo '<p>' . $hesklang['no_banemails'] . '</p>';
+                        } else {
+                            // List of staff
+                            if (!isset($admins)) {
+                                $admins = array();
+                                $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");
+                                while ($row = hesk_dbFetchAssoc($res2)) {
+                                    $admins[$row['id']] = $row['name'];
+                                }
+                            }
+
+                            ?>
+                            <table class="table table-hover">
+                                <thead>
+                                <tr>
+                                    <th><?php echo $hesklang['email']; ?></th>
+                                    <th><?php echo $hesklang['banby']; ?></th>
+                                    <th><?php echo $hesklang['date']; ?></th>
+                                    <?php
+                                    if ($can_unban) {
+                                        ?>
+                                        <th><?php echo $hesklang['opt']; ?></th>
+                                        <?php
+                                    }
+                                    ?>
+                                </tr>
+                                </thead>
+                                <tbody>
+                                <?php
+                                while ($ban = hesk_dbFetchAssoc($res)) {
+                                    $color = '';
+                                    if (isset($_SESSION['ban_email']['id']) && $ban['id'] == $_SESSION['ban_email']['id']) {
+                                        $color = 'success';
+                                        unset($_SESSION['ban_email']['id']);
+                                    }
+
+                                    echo '
+                        <tr>
+                            <td class="' . $color . ' text-left">' . $ban['email'] . '</td>
+                            <td class="' . $color . ' text-left">' . (isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']) . '</td>
+                            <td class="' . $color . ' text-left">' . $ban['dt'] . '</td>
+                            ';
+
+                                    if ($can_unban) {
+                                        echo '
+                            <td class="' . $color . ' text-left">
+                                <a name="Unban '.$ban['email'].'" href="banned_emails.php?a=unban&amp;id=' . $ban['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();">
+                                    <i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i>
+                                </a>
+                            </td>
+                            ';
+                                    }
+
+                                    echo '</tr>';
+                                } // End while
+                                ?>
+                                </tbody>
+                            </table>
+                            <?php
+                        }
+
+                        ?>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</section>
+</div>
+<?php
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+
+/*** START FUNCTIONS ***/
+
+function ban_email()
+{
+    global $hesk_settings, $hesklang;
+
+    // A security check
+    hesk_token_check();
+
+    // Get the email
+    $email = hesk_emailCleanup(strtolower(hesk_input(hesk_REQUEST('email'))));
+
+    // Nothing entered?
+    if (!strlen($email)) {
+        hesk_process_messages($hesklang['enterbanemail'], 'banned_emails.php');
+    }
+
+    // Only allow one email to be entered
+    $email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email;
+    $email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email;
+
+    // Validate email address
+    $hesk_settings['multi_eml'] = 0;
+
+    if (!hesk_validateEmail($email, '', 0) && !verify_email_domain($email)) {
+        hesk_process_messages($hesklang['validbanemail'], 'banned_emails.php');
+    }
+
+    // Redirect either to banned emails or ticket page from now on
+    $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
+
+    // Prevent duplicate rows
+    if ($_SESSION['ban_email']['id'] = hesk_isBannedEmail($email)) {
+        hesk_process_messages(sprintf($hesklang['emailbanexists'], $email), $redirect_to, 'NOTICE');
+    }
+
+    // Insert the email address into database
+    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` (`email`,`banned_by`) VALUES ('" . hesk_dbEscape($email) . "','" . intval($_SESSION['id']) . "')");
+
+    // Remember email that got banned
+    $_SESSION['ban_email']['id'] = hesk_dbInsertID();
+
+    // Show success
+    hesk_process_messages(sprintf($hesklang['email_banned'], $email), $redirect_to, 'SUCCESS');
+
+} // End ban_email()
+
+
+function unban_email()
+{
+    global $hesk_settings, $hesklang;
+
+    // A security check
+    hesk_token_check();
+
+    // Delete from bans
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')));
+
+    // Redirect either to banned emails or ticket page from now on
+    $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
+
+    // Show success
+    hesk_process_messages($hesklang['email_unbanned'], $redirect_to, 'SUCCESS');
+
+} // End unban_email()
+
+
+function verify_email_domain($domain)
+{
+    // Does it start with an @?
+    $atIndex = strrpos($domain, "@");
+    if ($atIndex !== 0) {
+        return false;
+    }
+
+    // Get the domain and domain length
+    $domain = substr($domain, 1);
+    $domainLen = strlen($domain);
+
+    // Check domain part length
+    if ($domainLen < 1 || $domainLen > 254) {
+        return false;
+    }
+
+    // Check domain part characters
+    if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) {
+        return false;
+    }
+
+    // Domain part mustn't have two consecutive dots
+    if (strpos($domain, '..') !== false) {
+        return false;
+    }
+
+    // All OK
+    return true;
+
+} // END verify_email_domain()
+
+?>

admin/banned_ips.php

@@ -0,0 +1,436 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'ADMIN_BANNED_IPS');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+/* Check permissions for this feature */
+hesk_checkPermission('can_ban_ips');
+$can_unban = hesk_checkPermission('can_unban_ips', 0);
+
+// Define required constants
+define('LOAD_TABS', 1);
+
+// What should we do?
+if ($action = hesk_REQUEST('a')) {
+    if (defined('HESK_DEMO')) {
+        hesk_process_messages($hesklang['ddemo'], 'banned_ips.php', 'NOTICE');
+    } elseif ($action == 'ban') {
+        ban_ip();
+    } elseif ($action == 'unban' && $can_unban) {
+        unban_ip();
+    } elseif ($action == 'unbantemp' && $can_unban) {
+        unban_temp_ip();
+    }
+}
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+<div class="content-wrapper">
+    <section class="content">
+    <div class="box">
+        <div class="box-body">
+            <div class="nav-tabs-custom">
+                <ul class="nav nav-tabs" role="tablist">
+                    <?php
+                    // Show a link to banned_emails.php if user has permission to do so
+                    if (hesk_checkPermission('can_ban_emails', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a>
+            </li>';
+                    }
+                    ?>
+                    <li role="presentation" class="active">
+                        <a href="#"><?php echo $hesklang['banip']; ?> <i class="fa fa-question-circle settingsquestionmark"
+                                                                         onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banip_intro']); ?>')"></i></a>
+                    </li>
+                    <?php
+                    // Show a link to status_message.php if user has permission to do so
+                    if (hesk_checkPermission('can_service_msg', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
+            </li>';
+                    }
+
+                    // Show a link to email tpl management if user has permission to do so
+                    if (hesk_checkPermission('can_man_email_tpl', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>
+            </li>
+            ';
+                    }
+                    if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
+            </li>
+            ';
+                    }
+                    if (hesk_checkPermission('can_man_settings', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a>
+            </li>';
+                    }
+                    ?>
+                </ul>
+                <div class="tab-content summaryList tabPadding">
+                    <script language="javascript" type="text/javascript"><!--
+                        function confirm_delete() {
+                            if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {
+                                return true;
+                            }
+                            else {
+                                return false;
+                            }
+                        }
+                        //-->
+                    </script>
+                    <div class="row">
+                        <div class="col-md-8">
+                            <?php
+                            /* This will handle error, success and notice messages */
+                            hesk_handle_messages();
+                            ?>
+                            <form action="banned_ips.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">
+                                <div class="form-group">
+                                    <label for="ip" class="col-sm-3 control-label"><?php echo $hesklang['bananip']; ?></label>
+
+                                    <div class="col-sm-9">
+                                        <input type="text" name="ip" size="30" maxlength="255" class="form-control" data-error="<?php echo htmlspecialchars($hesklang['enterbanip']); ?>"
+                                               placeholder="<?php echo htmlspecialchars($hesklang['iprange']); ?>" required>
+                                        <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
+                                        <input type="hidden" name="a" value="ban"/>
+                                        <div class="help-block with-errors"></div>
+                                    </div>
+                                </div>
+                                <div class="form-group">
+                                    <div class="col-sm-9 col-sm-offset-3">
+                                        <input type="submit" value="<?php echo $hesklang['savebanip']; ?>" class="btn btn-default">
+                                    </div>
+                                </div>
+                            </form>
+                        </div>
+                        <div class="col-md-4">
+                            <h6 class="bold"><?php echo $hesklang['banex']; ?></h6>
+
+                            <div class="footerWithBorder blankSpace"></div>
+                            <b>123.0.0.0</b><br/>
+                            <b>123.0.0.1 - 123.0.0.53</b><br/>
+                            <b>123.0.0.0/24</b><br/>
+                            <b>123.0.*.*</b>
+                        </div>
+                    </div>
+                    <div class="row">
+                        <div class="col-sm-12">
+                        <?php
+
+                        // Get login failures
+                        $res = hesk_dbQuery("SELECT `ip`, TIMESTAMPDIFF(MINUTE, NOW(), DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE) ) AS `minutes` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `number` >= " . intval($hesk_settings['attempt_limit']) . " AND `last_attempt` > (NOW() -  INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE)");
+                        $num = hesk_dbNumRows($res);
+
+                        echo '<h4>' . $hesklang['iptemp'] . '</h4>';
+
+                        if ($num > 0) {
+                            ?>
+                            <table class="table table-hover">
+                                <thead>
+                                <tr>
+                                    <th><?php echo $hesklang['ip']; ?></th>
+                                    <th><?php echo $hesklang['m2e']; ?></th>
+                                    <?php
+                                    if ($can_unban) {
+                                        ?>
+                                        <th><?php echo $hesklang['opt']; ?></th>
+                                        <?php
+                                    }
+                                    ?>
+                                </tr>
+                                </thead>
+                                <tbody>
+                                <?php
+                                while ($ban = hesk_dbFetchAssoc($res)) {
+                                    echo '
+                                    <tr>
+                                    <td>' . $ban['ip'] . '</td>
+                                    <td>' . $ban['minutes'] . '</td>
+                                ';
+
+                                    if ($can_unban) {
+                                        echo '
+                                    <td>
+                                        <a href="banned_ips.php?a=ban&amp;ip=' . urlencode($ban['ip']) . '&amp;token=' . hesk_token_echo(0) . '">
+                                            <i class="fa fa-ban red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['ippermban'] . '"></i></a>
+                                        <a href="banned_ips.php?a=unbantemp&amp;ip=' . urlencode($ban['ip']) . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();">
+                                            <i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i></a>
+                                    </td>
+                                    ';
+                                    }
+
+                                    echo '</tr>';
+                                } // End while
+
+                                ?>
+                                </tbody>
+                            </table>
+                            <?php
+                        } else {
+                            echo '<p>' . $hesklang['no_banips'] . '</p>';
+                        }
+
+                        // Get banned ips from database
+                        $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'banned_ips` ORDER BY `ip_from` ASC');
+                        $num = hesk_dbNumRows($res);
+
+                        echo '<br><h4>' . $hesklang['ipperm'] . '</h4>';
+
+                        if ($num < 1) {
+                            echo '<p>' . $hesklang['no_banips'] . '</p>';
+                        } else {
+                            // List of staff
+                            if (!isset($admins)) {
+                                $admins = array();
+                                $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");
+                                while ($row = hesk_dbFetchAssoc($res2)) {
+                                    $admins[$row['id']] = $row['name'];
+                                }
+                            }
+
+                            ?>
+                            <table class="table table-hover">
+                                <thead>
+                                <tr>
+                                    <th><?php echo $hesklang['ip']; ?></th>
+                                    <th><?php echo $hesklang['iprange']; ?></th>
+                                    <th><?php echo $hesklang['banby']; ?></th>
+                                    <th><?php echo $hesklang['date']; ?></th>
+                                    <?php
+                                    if ($can_unban) {
+                                        ?>
+                                        <th><?php echo $hesklang['opt']; ?></th>
+                                        <?php
+                                    }
+                                    ?>
+                                </tr>
+                                </thead>
+                                <tbody>
+                                <?php
+                                while ($ban = hesk_dbFetchAssoc($res)) {
+                                    $color = '';
+                                    if (isset($_SESSION['ban_ip']['id']) && $ban['id'] == $_SESSION['ban_ip']['id']) {
+                                        $color = 'success';
+                                        unset($_SESSION['ban_ip']['id']);
+                                    }
+
+                                    echo '
+                                <tr>
+                                    <td class="' . $color . '">' . $ban['ip_display'] . '</td>
+                                    <td class="' . $color . '">' . (($ban['ip_to'] == $ban['ip_from']) ? long2ip($ban['ip_to']) : long2ip($ban['ip_from']) . ' - ' . long2ip($ban['ip_to'])) . '</td>
+                                    <td class="' . $color . '">' . (isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']) . '</td>
+                                    <td class="' . $color . '">' . $ban['dt'] . '</td>
+                            ';
+
+                                    if ($can_unban) {
+                                        echo '
+                                <td class="' . $color . ' text-left">
+                                    <a name="Unban '.$ban['ip_display'].'" href="banned_ips.php?a=unban&amp;id=' . $ban['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();">
+                                        <i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i></a>
+                                </td>
+                            ';
+                                    }
+
+                                    echo '</tr>';
+                                } // End while
+                                ?>
+                                </tbody>
+                            </table>
+                            <?php
+                        }
+
+                        ?>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</section>
+</div>
+<?php
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+
+/*** START FUNCTIONS ***/
+
+function ban_ip()
+{
+    global $hesk_settings, $hesklang;
+
+    // A security check
+    hesk_token_check();
+
+    // Get the ip
+    $ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip'));
+    $ip_display = str_replace('-', ' - ', $ip);
+
+    // Nothing entered?
+    if (!strlen($ip)) {
+        hesk_process_messages($hesklang['enterbanip'], 'banned_ips.php');
+    }
+
+    // Convert asterisk to ranges
+    if (strpos($ip, '*') !== false) {
+        $ip = str_replace('*', '0', $ip) . '-' . str_replace('*', '255', $ip);
+    }
+
+    $ip_regex = '(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])';
+
+    // Is this a single IP address?
+    if (preg_match('/^' . $ip_regex . '$/', $ip)) {
+        $ip_from = ip2long($ip);
+        $ip_to = $ip_from;
+    } // Is this an IP range?
+    elseif (preg_match('/^' . $ip_regex . '\-' . $ip_regex . '$/', $ip)) {
+        list($ip_from, $ip_to) = explode('-', $ip);
+        $ip_from = ip2long($ip_from);
+        $ip_to = ip2long($ip_to);
+    } // Is this an IP with CIDR?
+    elseif (preg_match('/^' . $ip_regex . '\/([0-9]{1,2})$/', $ip, $matches) && $matches[4] >= 0 && $matches[4] <= 32) {
+        list($ip_from, $ip_to) = hesk_cidr_to_range($ip);
+    } // Not a valid input
+    else {
+        hesk_process_messages($hesklang['validbanip'], 'banned_ips.php');
+    }
+
+    // Make sure we have valid ranges
+    if ($ip_from < 0) {
+        $ip_from += 4294967296;
+    } elseif ($ip_from > 4294967296) {
+        $ip_from = 4294967296;
+    }
+    if ($ip_to < 0) {
+        $ip_to += 4294967296;
+    } elseif ($ip_to > 4294967296) {
+        $ip_to = 4294967296;
+    }
+
+    // Make sure $ip_to is not lower that $ip_from
+    if ($ip_to < $ip_from) {
+        $tmp = $ip_to;
+        $ip_to = $ip_from;
+        $ip_from = $tmp;
+    }
+
+    // Is this IP address already banned?
+    $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE {$ip_from} BETWEEN `ip_from` AND `ip_to` AND {$ip_to} BETWEEN `ip_from` AND `ip_to` LIMIT 1");
+    if (hesk_dbNumRows($res) == 1) {
+        $_SESSION['ban_ip']['id'] = hesk_dbResult($res);
+        $hesklang['ipbanexists'] = ($ip_to == $ip_from) ? sprintf($hesklang['ipbanexists'], long2ip($ip_to)) : sprintf($hesklang['iprbanexists'], long2ip($ip_from) . ' - ' . long2ip($ip_to));
+        hesk_process_messages($hesklang['ipbanexists'], 'banned_ips.php', 'NOTICE');
+    }
+
+    // Delete any duplicate banned IP or ranges that are within the new banned range
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `ip_from` >= {$ip_from} AND `ip_to` <= {$ip_to}");
+
+    // Delete temporary bans from logins table
+    if ($ip_to == $ip_from) {
+        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "'");
+    }
+
+    // Redirect either to banned ips or ticket page from now on
+    $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_ips.php';
+
+    // Insert the ip address into database
+    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` (`ip_from`,`ip_to`,`ip_display`,`banned_by`) VALUES ({$ip_from}, {$ip_to},'" . hesk_dbEscape($ip_display) . "','" . intval($_SESSION['id']) . "')");
+
+    // Remember ip that got banned
+    $_SESSION['ban_ip']['id'] = hesk_dbInsertID();
+
+    // Generate success message
+    $hesklang['ip_banned'] = ($ip_to == $ip_from) ? sprintf($hesklang['ip_banned'], long2ip($ip_to)) : sprintf($hesklang['ip_rbanned'], long2ip($ip_from) . ' - ' . long2ip($ip_to));
+
+    // Show success
+    hesk_process_messages(sprintf($hesklang['ip_banned'], $ip), $redirect_to, 'SUCCESS');
+
+} // End ban_ip()
+
+
+function unban_temp_ip()
+{
+    global $hesk_settings, $hesklang;
+
+    // A security check
+    hesk_token_check();
+
+    // Get the ip
+    $ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip'));
+
+    // Delete from bans
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "'");
+
+    // Show success
+    hesk_process_messages($hesklang['ip_tempun'], 'banned_ips.php', 'SUCCESS');
+
+} // End unban_temp_ip()
+
+
+function unban_ip()
+{
+    global $hesk_settings, $hesklang;
+
+    // A security check
+    hesk_token_check();
+
+    // Delete from bans
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `id`=" . intval(hesk_GET('id')));
+
+    // Redirect either to banned ips or ticket page from now on
+    $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_ips.php';
+
+    // Show success
+    hesk_process_messages($hesklang['ip_unbanned'], $redirect_to, 'SUCCESS');
+
+} // End unban_ip()
+
+
+function hesk_cidr_to_range($cidr)
+{
+    $range = array();
+    $cidr = explode('/', $cidr);
+    $range[0] = (ip2long($cidr[0])) & ((-1 << (32 - (int)$cidr[1])));
+    $range[1] = (ip2long($cidr[0])) + pow(2, (32 - (int)$cidr[1])) - 1;
+    return $range;
+} // END hesk_cidr_to_range()
+
+?>

admin/calendar.php

@@ -0,0 +1,629 @@
+<?php
+
+define('IN_SCRIPT', 1);
+define('VALIDATOR', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'ADMIN_CALENDAR');
+define('MFH_PAGE_LAYOUT', 'TOP_AND_SIDE');
+define('USE_JQUERY_2', 1);
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+// Define required constants
+if (hesk_checkPermission('can_man_calendar', 0)) {
+    define('MFH_CALENDAR', 1);
+} else {
+    define('MFH_CALENDAR_READONLY', 1);
+}
+
+// Is the calendar enabled?
+$modsForHesk_settings = mfh_getSettings();
+if ($modsForHesk_settings['enable_calendar'] == '0') {
+    hesk_error($hesklang['calendar_disabled']);
+}
+
+// Get categories for the dropdown
+$order_by = $modsForHesk_settings['category_order_column'];
+$rs = hesk_dbQuery("SELECT `id`, `name`, `background_color`, `foreground_color`, `display_border_outline` 
+  FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` 
+  WHERE `usage` <> 1 ORDER BY `" . hesk_dbEscape($order_by) . "`");
+$categories = array();
+while ($row = hesk_dbFetchAssoc($rs)) {
+    if (!$_SESSION['isadmin'] && !in_array($row['id'], $_SESSION['categories'])) {
+        continue;
+    }
+
+    $row['css_style'] = "background: {$row['background_color']};";
+    $row['background_volatile'] = 'background-volatile';
+    if ($row['foreground_color'] != 'AUTO') {
+        $row['background_volatile'] = '';
+        $row['css_style'] .= " color: {$row['foreground_color']};";
+
+        if ($row['display_border_outline'] == '1') {
+            $row['css_style'] .= " border: solid 1px {$row['foreground_color']};";
+        }
+    }
+
+    $categories[] = $row;
+}
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+<aside class="main-sidebar">
+    <section class="sidebar" style="height: auto">
+        <ul class="sidebar-menu">
+            <li class="header text-uppercase"><?php echo $hesklang['calendar_categories']; ?></li>
+            <?php foreach ($categories as $category): ?>
+                <li>
+                    <div class="ticket-info">
+                        <div class="hide-on-overflow no-wrap event-category <?php echo $category['background_volatile']; ?>"
+                             data-select-toggle="category-toggle" data-name="category-toggle" data-category-value="<?php echo $category['id']; ?>"
+                             data-checked="1"
+                             data-toggle="tooltip"
+                             title="<?php echo $hesklang['click_to_toggle']; ?>"
+                             style="<?php echo $category['css_style']; ?>">
+                            <?php echo $category['name']; ?>
+                        </div>
+                    </div>
+                </li>
+            <?php endforeach; ?>
+            <li>
+                <div class="ticket-info">
+                    <button id="select-all" class="btn btn-default btn-sm" data-select-all="category-toggle">
+                        <?php echo $hesklang['select_all_title_case']; ?>
+                    </button>
+                    <button id="deselect-all" class="btn btn-default btn-sm" data-deselect-all="category-toggle">
+                        <?php echo $hesklang['deselect_all_title_case']; ?>
+                    </button>
+                </div>
+                <script>
+                    $('#select-all').click(function() {
+                        $('div[data-name="category-toggle"]').attr('data-checked', 1);
+                        updateCategoryVisibility();
+                    });
+                    $('#deselect-all').click(function() {
+                        $('div[data-name="category-toggle"]').attr('data-checked', 0);
+                        updateCategoryVisibility();
+                    });
+                </script>
+            </li>
+            <li class="header text-uppercase"><?php echo $hesklang['legend']; ?></li>
+            <li>
+                <div class="ticket-info">
+                    <i class="fa fa-calendar"></i> <?php echo $hesklang['event']; ?>
+                </div>
+            </li>
+            <li>
+                <div class="ticket-info">
+                    <i class="fa fa-ticket"></i> <?php echo $hesklang['ticket']; ?>
+                </div>
+            </li>
+            <li>
+                <div class="ticket-info">
+                    <i class="fa fa-exclamation-triangle"></i> <?php echo $hesklang['overdue_ticket_legend']; ?>
+                </div>
+            </li>
+        </ul>
+    </section>
+</aside>
+<div class="content-wrapper">
+    <section class="content">
+    <div class="row">
+        <div class="col-md-12">
+            <div class="box">
+                <div class="box-header">
+                    <h1 class="box-title">
+                        <?php echo $hesklang['calendar_title_case']; ?>
+                    </h1>
+                    <div class="box-tools pull-right">
+                        <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                            <i class="fa fa-minus"></i>
+                        </button>
+                    </div>
+                </div>
+                <div class="box-body no-padding">
+                    <?php if (hesk_checkPermission('can_man_calendar', 0)): ?>
+                    <div class="row" style="padding-right: 10px">
+                        <div class="col-xs-12 text-right">
+                            <button class="btn btn-success" id="create-event-button">
+                                <i class="fa fa-plus-circle"></i>
+                                <?php echo $hesklang['new_event']; ?>
+                            </button>
+                        </div>
+                    </div>
+                    <?php endif; ?>
+                    <div id="calendar"></div>
+                </div>
+            </div>
+        </div>
+    </div>
+</section>
+</div>
+<div class="modal fade" id="create-event-modal" tabindex="-1" role="dialog" style="overflow: hidden">
+    <div class="modal-dialog modal-lg" role="document">
+        <div class="modal-content">
+            <div class="modal-header" style="cursor: move">
+                <button type="button" class="close cancel-callback" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+                <h4 class="modal-title" id="myModalLabel">
+                    <?php echo $hesklang['create_event']; ?>
+                </h4>
+            </div>
+            <form id="create-form" class="form-horizontal" data-toggle="validator">
+                <div class="modal-body">
+                    <div class="row">
+                        <div class="col-md-12">
+                            <div class="form-group">
+                                <label for="name" class="col-sm-3 control-label">
+                                    <?php echo $hesklang['event_title']; ?>
+                                    <i class="fa fa-question-circle settingsquestionmark"
+                                        data-toggle="tooltip"
+                                        title="<?php echo htmlspecialchars($hesklang['event_title_tooltip']); ?>"></i></label>
+                                <div class="col-sm-9">
+                                    <input type="text" name="name" class="form-control" placeholder="<?php echo htmlspecialchars($hesklang['event_title']); ?>"
+                                           data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                           required>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                            <div class="form-group">
+                                <label for="location" class="col-sm-3 control-label">
+                                    <?php echo $hesklang['event_location']; ?>
+                                    <i class="fa fa-question-circle settingsquestionmark"
+                                       data-toggle="tooltip"
+                                       title="<?php echo htmlspecialchars($hesklang['event_location_tooltip']); ?>"></i>
+                                </label>
+                                <div class="col-sm-9">
+                                    <input type="text" name="location" class="form-control"
+                                           placeholder="<?php echo htmlspecialchars($hesklang['event_location']); ?>">
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                            <div class="form-group">
+                                <label for="category" class="col-sm-3 control-label">
+                                    <?php echo $hesklang['category']; ?>
+                                    <i class="fa fa-question-circle settingsquestionmark"
+                                       data-toggle="tooltip"
+                                       title="<?php echo htmlspecialchars($hesklang['event_category_tooltip']); ?>"></i>
+                                </label>
+                                <div class="col-sm-9">
+                                    <select name="category" class="form-control"
+                                        pattern="[0-9]+"
+                                        data-error="<?php echo htmlspecialchars($hesklang['sel_app_cat']); ?>" required>
+                                        <?php
+                                        if ($hesk_settings['select_cat']) {
+                                            echo '<option value="">'.$hesklang['select'].'</option>';
+                                        }
+                                        foreach ($categories as $category): ?>
+                                            <option value="<?php echo $category['id']; ?>" data-background-color="<?php echo htmlspecialchars($category['background_color']); ?>"
+                                                data-foreground-color="<?php echo htmlspecialchars($category['foreground_color']); ?>"
+                                                data-display-border="<?php echo htmlspecialchars($category['display_border_outline']); ?>">
+                                                <?php echo $category['name']; ?>
+                                            </option>
+                                        <?php endforeach; ?>
+                                    </select>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="row">
+                        <div class="col-md-6">
+                            <div class="form-group">
+                                <label for="start-date" class="col-sm-6 control-label">
+                                    <?php echo $hesklang['event_start']; ?>
+                                    <i class="fa fa-question-circle settingsquestionmark"
+                                       data-toggle="tooltip"
+                                       title="<?php echo htmlspecialchars($hesklang['event_start_tooltip']); ?>"></i>
+                                </label>
+                                <div class="col-sm-6">
+                                    <input type="text" name="start-date" class="form-control datepicker"
+                                           placeholder="<?php echo htmlspecialchars($hesklang['event_start_date']); ?>"
+                                           data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                           required>
+                                    <input type="text" name="start-time" class="form-control clockpicker"
+                                           placeholder="<?php echo htmlspecialchars($hesklang['event_start_time']); ?>"
+                                           data-placement="left" data-align="top" data-autoclose="true">
+                                    <div class="help-block with-errors"></div>
+                                    <div class="checkbox">
+                                        <label>
+                                            <input type="checkbox" name="all-day"> <?php echo $hesklang['event_all_day']; ?>
+                                        </label>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="col-md-6">
+                            <div class="form-group">
+                                <label for="end-date" class="col-sm-6 control-label">
+                                    <?php echo $hesklang['event_end']; ?>
+                                    <i class="fa fa-question-circle settingsquestionmark"
+                                       data-toggle="tooltip"
+                                       title="<?php echo htmlspecialchars($hesklang['event_end_tooltip']); ?>"></i>
+                                </label>
+                                <div class="col-sm-6">
+                                    <input type="text" name="end-date" class="form-control datepicker"
+                                           placeholder="<?php echo htmlspecialchars($hesklang['event_end_date']); ?>"
+                                           data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                           required>
+                                    <input type="text" name="end-time" class="form-control clockpicker"
+                                           data-placement="left"
+                                           data-align="top"
+                                           data-autoclose="true"
+                                           placeholder="<?php echo htmlspecialchars($hesklang['event_end_time']); ?>">
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="row">
+                        <div class="col-md-12">
+                            <div class="form-group">
+                                <label for="reminder" class="col-sm-3 control-label">
+                                    <?php echo $hesklang['event_reminder']; ?>
+                                    <i class="fa fa-question-circle settingsquestionmark"
+                                       data-toggle="tooltip"
+                                       title="<?php echo htmlspecialchars($hesklang['event_reminder_tooltip']); ?>"></i>
+                                </label>
+                                <div class="col-sm-2">
+                                    <input type="text" name="reminder-value" class="form-control" placeholder="#">
+                                </div>
+                                <div class="col-sm-4">
+                                    <select name="reminder-unit" class="form-control">
+                                        <option value="MINUTE"><?php echo $hesklang['event_min_before_event']; ?></option>
+                                        <option value="HOUR"><?php echo $hesklang['event_hours_before_event']; ?></option>
+                                        <option value="DAY"><?php echo $hesklang['event_days_before_event']; ?></option>
+                                        <option value="WEEK"><?php echo $hesklang['event_weeks_before_event']; ?></option>
+                                    </select>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="row">
+                        <div class="col-md-12">
+                            <div class="form-group">
+                                <label for="comments" class="col-sm-3 control-label">
+                                    <?php echo $hesklang['event_comments']; ?>
+                                    <i class="fa fa-question-circle settingsquestionmark"
+                                       data-toggle="tooltip"
+                                       title="<?php echo htmlspecialchars($hesklang['event_comments_tooltip']); ?>"></i>
+                                </label>
+                                <div class="col-sm-9">
+                                    <textarea name="comments" class="form-control" placeholder="<?php echo htmlspecialchars($hesklang['event_comments']); ?>"></textarea>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <div class="modal-footer">
+                    <input type="hidden" name="action" value="create">
+                    <div class="btn-group">
+                        <button type="button" class="btn btn-default cancel-callback" data-dismiss="modal">
+                            <i class="fa fa-times-circle"></i>
+                            <span><?php echo $hesklang['cancel']; ?></span>
+                        </button>
+                        <button type="submit" class="btn btn-success callback-btn">
+                            <i class="fa fa-check-circle"></i>
+                            <span><?php echo $hesklang['save']; ?></span>
+                        </button>
+                    </div>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+<?php // End create modal, begin edit modal ?>
+<div class="modal fade" id="edit-event-modal" tabindex="-1" role="dialog" style="overflow: hidden">
+    <div class="modal-dialog modal-lg" role="document">
+        <div class="modal-content">
+            <div class="modal-header" style="cursor: move">
+                <button type="button" class="close cancel-callback" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+                <h4 class="modal-title" id="myModalLabel">Edit Event</h4>
+            </div>
+            <form id="edit-form" class="form-horizontal" data-toggle="validator">
+                <div class="modal-body">
+                    <ul class="nav nav-tabs" role="tablist" id="edit-modal-tabs">
+                        <li role="presentation" class="active"><a href="#edit-contents" aria-controls="home" role="tab" data-toggle="tab"><?php echo $hesklang['information']; ?></a></li>
+                        <li role="presentation"><a href="#edit-history" aria-controls="profile" role="tab" data-toggle="tab"><?php echo $hesklang['thist']; ?></a></li>
+                    </ul>
+                    <div class="tab-content" id="information-tab">
+                        <div role="tabpanel" class="tab-pane active" id="edit-contents">
+                            <br>
+                            <div class="row">
+                                <div class="col-md-12">
+                                    <div class="form-group">
+                                        <label for="name" class="col-sm-3 control-label">
+                                            <?php echo $hesklang['event_title']; ?>
+                                            <i class="fa fa-question-circle settingsquestionmark"
+                                               data-toggle="tooltip"
+                                               title="<?php echo htmlspecialchars($hesklang['event_title_tooltip']); ?>"></i></label>
+                                        <div class="col-sm-9">
+                                            <input type="text" name="name" class="form-control"
+                                                   placeholder="<?php echo htmlspecialchars($hesklang['event_title']); ?>"
+                                                   data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                                   required>
+                                            <div class="help-block with-errors"></div>
+                                        </div>
+                                    </div>
+                                    <div class="form-group">
+                                        <label for="location" class="col-sm-3 control-label">
+                                            <?php echo $hesklang['event_location']; ?>
+                                            <i class="fa fa-question-circle settingsquestionmark"
+                                               data-toggle="tooltip"
+                                               title="<?php echo htmlspecialchars($hesklang['event_location_tooltip']); ?>"></i>
+                                        </label>
+                                        <div class="col-sm-9">
+                                            <input type="text" name="location" class="form-control"
+                                                   placeholder="<?php echo htmlspecialchars($hesklang['event_location']); ?>">
+                                            <div class="help-block with-errors"></div>
+                                        </div>
+                                    </div>
+                                    <div class="form-group">
+                                        <label for="category" class="col-sm-3 control-label">
+                                            <?php echo $hesklang['category']; ?>
+                                            <i class="fa fa-question-circle settingsquestionmark"
+                                               data-toggle="tooltip"
+                                               title="<?php echo htmlspecialchars($hesklang['event_category_tooltip']); ?>"></i>
+                                        </label>
+                                        <div class="col-sm-9">
+                                            <select name="category" class="form-control"
+                                                    pattern="[0-9]+"
+                                                    data-error="<?php echo htmlspecialchars($hesklang['sel_app_cat']); ?>" required>
+                                                <?php
+                                                if ($hesk_settings['select_cat']) {
+                                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                                }
+                                                foreach ($categories as $category): ?>
+                                                    <option value="<?php echo $category['id']; ?>" data-background-color="<?php echo htmlspecialchars($category['background_color']); ?>"
+                                                            data-foreground-color="<?php echo htmlspecialchars($category['foreground_color']); ?>"
+                                                            data-display-border="<?php echo htmlspecialchars($category['display_border_outline']); ?>">
+                                                        <?php echo $category['name']; ?>
+                                                    </option>
+                                                <?php endforeach; ?>
+                                            </select>
+                                            <div class="help-block with-errors"></div>
+                                        </div>
+                                    </div>
+                                </div>
+                            </div>
+                            <div class="row">
+                                <div class="col-md-6">
+                                    <div class="form-group">
+                                        <label for="start-date" class="col-sm-6 control-label">
+                                            <?php echo $hesklang['event_start']; ?>
+                                            <i class="fa fa-question-circle settingsquestionmark"
+                                               data-toggle="tooltip"
+                                               title="<?php echo htmlspecialchars($hesklang['event_start_tooltip']); ?>"></i>
+                                        </label>
+                                        <div class="col-sm-6">
+                                            <input type="text" name="start-date" class="form-control datepicker"
+                                                   placeholder="<?php echo htmlspecialchars($hesklang['event_start_date']); ?>"
+                                                   data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                                   required>
+                                            <input type="text" name="start-time" class="form-control clockpicker"
+                                                   placeholder="<?php echo htmlspecialchars($hesklang['event_start_time']); ?>"
+                                                   data-placement="left" data-align="top" data-autoclose="true">
+                                            <div class="help-block with-errors"></div>
+
+                                            <div class="checkbox">
+                                                <label>
+                                                    <input type="checkbox" name="all-day"> <?php echo $hesklang['event_all_day']; ?>
+                                                </label>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </div>
+                                <div class="col-md-6">
+                                    <div class="form-group">
+                                        <label for="end-date" class="col-sm-6 control-label">
+                                            <?php echo $hesklang['event_end']; ?>
+                                            <i class="fa fa-question-circle settingsquestionmark"
+                                               data-toggle="tooltip"
+                                               title="<?php echo htmlspecialchars($hesklang['event_end_tooltip']); ?>"></i>
+                                        </label>
+                                        <div class="col-sm-6">
+                                            <input type="text" name="end-date" class="form-control datepicker"
+                                                   placeholder="<?php echo htmlspecialchars($hesklang['event_end_date']); ?>"
+                                                   data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                                   required>
+                                            <input type="text" name="end-time" class="form-control clockpicker"
+                                                   data-placement="left" data-align="top" data-autoclose="true"
+                                                   placeholder="<?php echo htmlspecialchars($hesklang['event_end_time']); ?>">
+                                            <div class="help-block with-errors"></div>
+                                        </div>
+                                    </div>
+                                </div>
+                            </div>
+                            <div class="row">
+                                <div class="col-md-12">
+                                    <div class="form-group">
+                                        <label for="reminder" class="col-sm-3 control-label">
+                                            <?php echo $hesklang['event_reminder']; ?>
+                                            <i class="fa fa-question-circle settingsquestionmark"
+                                               data-toggle="tooltip"
+                                               title="<?php echo htmlspecialchars($hesklang['event_reminder_tooltip']); ?>"></i>
+                                        </label>
+                                        <div class="col-sm-2">
+                                            <input type="text" name="reminder-value" class="form-control" placeholder="#">
+                                        </div>
+                                        <div class="col-sm-4">
+                                            <select name="reminder-unit" class="form-control">
+                                                <option value="MINUTE"><?php echo $hesklang['event_min_before_event']; ?></option>
+                                                <option value="HOUR"><?php echo $hesklang['event_hours_before_event']; ?></option>
+                                                <option value="DAY"><?php echo $hesklang['event_days_before_event']; ?></option>
+                                                <option value="WEEK"><?php echo $hesklang['event_weeks_before_event']; ?></option>
+                                            </select>
+                                        </div>
+                                    </div>
+                                </div>
+                            </div>
+                            <div class="row">
+                                <div class="col-md-12">
+                                    <div class="form-group">
+                                        <label for="comments" class="col-sm-3 control-label">
+                                            <?php echo $hesklang['event_comments']; ?>
+                                            <i class="fa fa-question-circle settingsquestionmark"
+                                               data-toggle="tooltip"
+                                               title="<?php echo htmlspecialchars($hesklang['event_comments_tooltip']); ?>"></i>
+                                        </label>
+                                        <div class="col-sm-9">
+                                            <textarea name="comments" class="form-control" placeholder="<?php echo htmlspecialchars($hesklang['event_comments']); ?>"></textarea>
+                                        </div>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                        <div role="tabpanel" class="tab-pane" id="edit-history">
+                            <br>
+                            <table class="table table-striped">
+                                <thead>
+                                <tr>
+                                    <th><?php echo $hesklang['date']; ?></th>
+                                    <th><?php echo $hesklang['description']; ?></th>
+                                </tr>
+                                </thead>
+                                <tbody id="history-table"></tbody>
+                            </table>
+                        </div>
+                    </div>
+                </div>
+                <div class="modal-footer">
+                    <input type="hidden" name="id">
+                    <div class="btn-group">
+                        <button type="button" class="btn btn-danger" id="delete-button">
+                            <i class="fa fa-trash"></i>
+                            <span><?php echo $hesklang['delete']; ?></span>
+                        </button>
+                        <a href="#" class="btn btn-primary" id="create-ticket-button">
+                            <i class="fa fa-plus"></i>
+                            <span><?php echo $hesklang['event_create_ticket']; ?></span>
+                        </a>
+                        <button type="button" class="btn btn-default cancel-callback" data-dismiss="modal">
+                            <i class="fa fa-times-circle"></i>
+                            <span><?php echo $hesklang['cancel']; ?></span>
+                        </button>
+                        <button type="submit" class="btn btn-success callback-btn">
+                            <i class="fa fa-check-circle"></i>
+                            <span><?php echo $hesklang['save']; ?></span>
+                        </button>
+                    </div>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+<div class="popover-template" style="display: none">
+    <div>
+        <div class="popover-location">
+            <strong><?php echo $hesklang['event_location']; ?></strong>
+            <span></span>
+        </div>
+        <div class="popover-category">
+            <strong><?php echo $hesklang['category']; ?></strong>
+            <span></span>
+        </div>
+        <div class="popover-from">
+            <strong><?php echo $hesklang['from']; ?></strong>
+            <span></span>
+        </div>
+        <div class="popover-to">
+            <strong><?php echo $hesklang['to_title_case']; ?></strong>
+            <span></span>
+        </div>
+        <div class="popover-comments">
+            <strong><?php echo $hesklang['event_comments']; ?></strong>
+            <span></span>
+        </div>
+    </div>
+</div>
+<div class="ticket-popover-template" style="display: none">
+    <div>
+        <div class="popover-tracking-id">
+            <strong><?php echo $hesklang['trackID']; ?></strong>
+            <span></span>
+        </div>
+        <div class="popover-owner">
+            <strong><?php echo $hesklang['owner']; ?></strong>
+            <span></span>
+        </div>
+        <div class="popover-subject">
+            <strong><?php echo $hesklang['subject']; ?></strong>
+            <span></span>
+        </div>
+        <div class="popover-category">
+            <strong><?php echo $hesklang['category']; ?></strong>
+            <span></span>
+        </div>
+        <div class="popover-status">
+            <strong><?php echo $hesklang['status']; ?></strong>
+            <span></span>
+        </div>
+        <div class="popover-priority">
+            <strong><?php echo $hesklang['priority']; ?></strong>
+            <span></span>
+        </div>
+    </div>
+</div>
+<?php
+echo mfh_get_hidden_fields_for_language(array('error_loading_events',
+    'error_deleting_event',
+    'event_deleted',
+    'event_created',
+    'error_creating_event',
+    'event_updated',
+    'error_updating_event',
+    'ticket_due_date_updated',
+    'error_updating_ticket_due_date',
+    'critical',
+    'high',
+    'medium',
+    'low',
+    'audit_event_created',
+    'audit_event_updated'));
+?>
+<div style="display: none">
+    <p id="setting_first_day_of_week"><?php echo $modsForHesk_settings['first_day_of_week']; ?></p>
+    <p id="setting_default_view">
+        <?php
+        $view_array = array(
+            0 => 'month',
+            1 => 'agendaWeek',
+            2 => 'agendaDay',
+        );
+        echo $view_array[$_SESSION['default_calendar_view']];
+        ?>
+    </p>
+    <p id="setting_show_start_time"><?php echo $modsForHesk_settings['calendar_show_start_time']; ?></p>
+    <?php
+    $businessHoursRs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mfh_calendar_business_hours`");
+    while ($row = hesk_dbFetchAssoc($businessHoursRs)):
+    ?>
+        <p id="business_hours_<?php echo $row['day_of_week']; ?>_start"><?php echo $row['start_time']; ?></p>
+        <p id="business_hours_<?php echo $row['day_of_week']; ?>_end"><?php echo $row['end_time']; ?></p>
+    <?php endwhile; ?>
+</div>
+<script type="text/html" id="audit-trail-template">
+<tr>
+    <td data-property="date"></td>
+    <td data-property="description"></td>
+</tr>
+</script>
+<?php
+
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+
+/*** START FUNCTIONS ***/

admin/change_status.php

@@ -1,39 +1,18 @@
 <?php
-/*******************************************************************************
-*  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
-*  Author: Klemen Stirn
-*  Website: http://www.hesk.com
-********************************************************************************
-*  COPYRIGHT AND TRADEMARK NOTICE
-*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
-*  HESK is a registered trademark of Klemen Stirn.
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
 
-*  The HESK may be used and modified free of charge by anyone
-*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
-*  By using this code you agree to indemnify Klemen Stirn from any
-*  liability that might arise from it's use.
-
-*  Selling the code for this program, in part or full, without prior
-*  written consent is expressly forbidden.
-
-*  Using this code, in part or full, to create derivate work,
-*  new scripts or products is expressly forbidden. Obtain permission
-*  before redistributing this software over the Internet or in
-*  any other medium. In all cases copyright and header must remain intact.
-*  This Copyright is in full effect in any country that has International
-*  Trade Agreements with the United States of America or
-*  with the European Union.
-
-*  Removing any of the copyright notices without purchasing a license
-*  is expressly forbidden. To remove HESK copyright notice you must purchase
-*  a license for this script. For more information on how to obtain
-*  a license please visit the page below:
-*  https://www.hesk.com/buy.php
-*******************************************************************************/
-
-define('IN_SCRIPT',1);
-define('HESK_PATH','../');
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
 
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
@@ -44,64 +23,127 @@ hesk_load_database_functions();
 hesk_session_start();
 hesk_dbConnect();
 hesk_isLoggedIn();
+$modsForHesk_settings = mfh_getSettings();
 
 /* Check permissions for this feature */
-hesk_checkPermission('can_view_tickets');
-hesk_checkPermission('can_reply_tickets');
+if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
+    hesk_checkPermission('can_view_tickets');
+    hesk_checkPermission('can_reply_tickets');
+}
 
 /* A security check */
 hesk_token_check();
 
 /* Ticket ID */
-$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
+$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
+
+$ticket_id_rs = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid` = '" . hesk_dbEscape($trackingID) . "'");
+$ticket_id_row = hesk_dbFetchAssoc($ticket_id_rs);
+$ticket_id = $ticket_id_row['id'];
 
 /* Valid statuses */
-$statusSql = "SELECT `ID`, `ShortNameContentKey` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses`";
+$statusSql = "SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses`";
 $status_options = array();
 $results = hesk_dbQuery($statusSql);
 
-while ($row = $results->fetch_assoc())
-{
-    $status_options[$row['ID']] = $hesklang[$row['ShortNameContentKey']];
+while ($row = hesk_dbFetchAssoc($results)) {
+    $status_options[$row['ID']] = mfh_getDisplayTextForStatusId($row['ID']);
 }
 
 /* New status */
-$status = intval( hesk_REQUEST('s') );
-if ( ! isset($status_options[$status]))
-{
-	hesk_process_messages($hesklang['instat'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'NOTICE');
+$status = intval(hesk_REQUEST('s'));
+if (!isset($status_options[$status])) {
+    hesk_process_messages($hesklang['instat'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE');
 }
 
 $locked = 0;
 
-$statusRow = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE ID = ".$status));
+$audit_closed = null;
+$audit_locked = null;
+$audit_status = null;
+$audit_opened = null;
+
+$statusRow = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE ID = " . $status));
 if ($statusRow['IsClosed']) // Closed
 {
-	$action = $hesklang['ticket_been'] . ' ' . $hesklang['close'];
-    $revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
-
-    if ($hesk_settings['custopen'] != 1)
-    {
-    	$locked = 1;
+    if ( ! hesk_checkPermission('can_resolve', 0)) {
+        hesk_process_messages($hesklang['noauth_resolve'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'NOTICE');
     }
-}
-elseif ($statusRow['ID'] != 0) //Ticket is still open, but not new
+
+    $action = $hesklang['ticket_been'] . ' ' . $hesklang['close'];
+    $audit_closed = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
+    $audit_status = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
+        1 => $status_options[$status]);
+
+
+    if ($hesk_settings['custopen'] != 1) {
+        $locked = 1;
+        $audit_locked = array();
+    }
+
+    // Notify customer of closed ticket?
+    if ($hesk_settings['notify_closed']) {
+        // Get ticket info
+        $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+        if (hesk_dbNumRows($result) != 1) {
+            hesk_error($hesklang['ticket_not_found']);
+        }
+        $ticket = hesk_dbFetchAssoc($result);
+        $ticket['status'] = $status;
+        $ticket['dt'] = hesk_date($ticket['dt'], true);
+        $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
+        $ticket = hesk_ticketToPlain($ticket, 1, 0);
+
+        // Notify customer
+        require(HESK_PATH . 'inc/email_functions.inc.php');
+        hesk_notifyCustomer($modsForHesk_settings, 'ticket_closed');
+    }
+
+    // Log who marked the ticket resolved
+    $closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' ';
+} elseif ($statusRow['IsNewTicketStatus'] == 0) //Ticket is still open, but not new
 {
-	$action = sprintf($hesklang['tsst'],$status_options[$status]);
-    $revision = sprintf($hesklang['thist9'],hesk_date(),$status_options[$status],$_SESSION['name'].' ('.$_SESSION['user'].')');
-}
-else // Ticket is marked as "NEW"
+    $action = sprintf($hesklang['tsst'], $status_options[$status]);
+    $audit_status = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
+        1 => $status_options[$status]);
+
+
+    // Ticket is not resolved
+    $closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
+} else // Ticket is marked as "NEW"
 {
-	$action = $hesklang['ticket_been'] . ' ' . $hesklang['opened'];
-    $revision = sprintf($hesklang['thist4'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
+    $action = $hesklang['ticket_been'] . ' ' . $hesklang['opened'];
+    $audit_opened = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
+
+    // Ticket is not resolved
+    $closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
 }
 
-hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$status}', `locked`='{$locked}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
 
-if (hesk_dbAffectedRows() != 1)
-{
-	hesk_error("$hesklang[int_error]: $hesklang[trackID_not_found].");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
+
+if ($audit_status !== null) {
+    mfh_insert_audit_trail_record($ticket_id, 'TICKET', 'audit_status', hesk_date(),
+        $audit_status);
 }
 
-hesk_process_messages($action,'admin_ticket.php?track='.$trackingID.'&Refresh='.rand(10000,99999),'SUCCESS');
-?>
+if ($audit_closed !== null) {
+    mfh_insert_audit_trail_record($ticket_id, 'TICKET', 'audit_closed', hesk_date(),
+        $audit_closed);
+}
+
+if ($audit_locked !== null) {
+    mfh_insert_audit_trail_record($ticket_id, 'TICKET', 'audit_automatically_locked', hesk_date(),
+        array());
+}
+
+if ($audit_opened !== null) {
+    mfh_insert_audit_trail_record($ticket_id, 'TICKET', 'audit_opened', hesk_date(),
+        $audit_opened);
+}
+
+if (hesk_dbAffectedRows() != 1) {
+    hesk_error("$hesklang[int_error]: $hesklang[trackID_not_found].");
+}
+
+hesk_process_messages($action, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');

admin/delete_tickets.php

@@ -0,0 +1,599 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+$modsForHesk_settings = mfh_getSettings();
+
+/* Set correct return URL */
+if (isset($_SERVER['HTTP_REFERER'])) {
+    $url = hesk_input($_SERVER['HTTP_REFERER']);
+    $url = str_replace('&amp;', '&', $url);
+    if ($tmp = strstr($url, 'show_tickets.php')) {
+        $referer = $tmp;
+    } elseif ($tmp = strstr($url, 'find_tickets.php')) {
+        $referer = $tmp;
+    } elseif ($tmp = strstr($url, 'admin_main.php')) {
+        $referer = $tmp;
+    } else {
+        $referer = 'admin_main.php';
+    }
+} else {
+    $referer = 'admin_main.php';
+}
+
+/* Is this a delete ticket request from within a ticket ("delete" icon)? */
+if (isset($_GET['delete_ticket'])) {
+    /* Check permissions for this feature */
+    hesk_checkPermission('can_del_tickets');
+
+    /* A security check */
+    hesk_token_check();
+
+    // Tracking ID
+    $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
+
+    /* Get ticket info */
+    $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+    if (hesk_dbNumRows($result) != 1) {
+        hesk_error($hesklang['ticket_not_found']);
+    }
+    $ticket = hesk_dbFetchAssoc($result);
+
+    /* Is this user allowed to delete tickets inside this category? */
+    hesk_okCategory($ticket['category']);
+
+    hesk_fullyDeleteTicket();
+
+    hesk_process_messages(sprintf($hesklang['num_tickets_deleted'], 1), $referer, 'SUCCESS');
+}
+
+
+/* This is a request from ticket list. Must be POST and id must be an array */
+if (!isset($_POST['id']) || !is_array($_POST['id'])) {
+    hesk_process_messages($hesklang['no_selected'], $referer, 'NOTICE');
+} /* If not, then needs an action (a) POST variable set */
+elseif (!isset($_POST['a'])) {
+    hesk_process_messages($hesklang['invalid_action'], $referer);
+}
+
+$i = 0;
+
+// Possible priorities
+$priorities = array(
+    'critical' => array('value' => 0, 'lang' => 'critical', 'text' => $hesklang['critical'], 'formatted' => '<font class="critical">' . $hesklang['critical'] . '</font>'),
+    'high' => array('value' => 1, 'lang' => 'high', 'text' => $hesklang['high'], 'formatted' => '<font class="important">' . $hesklang['high'] . '</font>'),
+    'medium' => array('value' => 2, 'lang' => 'medium', 'text' => $hesklang['medium'], 'formatted' => '<font class="medium">' . $hesklang['medium'] . '</font>'),
+    'low' => array('value' => 3, 'lang' => 'low', 'text' => $hesklang['low'], 'formatted' => $hesklang['low']),
+);
+
+// Assign tickets to
+if ( isset($_POST['assign']) && $_POST['assign'] == $hesklang['assi']) {
+    if ( ! isset($_POST['owner']) || $_POST['owner'] == '') {
+        hesk_process_messages($hesklang['assign_no'], $referer, 'NOTICE');
+    }
+
+    $end_message = array();
+    $num_assigned = 0;
+
+    // Permissions
+    $can_assign_others = hesk_checkPermission('can_assign_others',0);
+    if ($can_assign_others) {
+        $can_assign_self = true;
+    } else {
+        $can_assign_self = hesk_checkPermission('can_assign_self',0);
+    }
+
+    $owner = intval( hesk_POST('owner') );
+
+    if ($owner == -1) {
+        foreach ($_POST['id'] as $this_id) {
+            if (is_array($this_id)) {
+                continue;
+            }
+
+            $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
+
+            $res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0, `assignedby`=NULL WHERE `id`={$this_id} LIMIT 1");
+            mfh_insert_audit_trail_record($this_id, 'TICKET', 'audit_unassigned', hesk_date(), array(0 => $_SESSION['name'].' ('.$_SESSION['user'].')'));
+
+            $end_message[] = sprintf($hesklang['assign_2'], $this_id);
+            $i++;
+        }
+
+        hesk_process_messages($hesklang['assign_1'],$referer,'SUCCESS');
+    }
+
+	$res = hesk_dbQuery("SELECT `id`,`user`,`name`,`email`,`isadmin`,`categories`,`notify_assigned` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$owner}' LIMIT 1");
+	$owner_data = hesk_dbFetchAssoc($res);
+
+	if (!$owner_data['isadmin']) {
+        $owner_data['categories']=explode(',',$owner_data['categories']);
+    }
+
+	require(HESK_PATH . 'inc/email_functions.inc.php');
+
+	foreach ($_POST['id'] as $this_id) {
+        if (is_array($this_id)) {
+            continue;
+        }
+
+        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
+
+        $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`={$this_id} LIMIT 1");
+        if (hesk_dbNumRows($result) != 1) {
+            continue;
+        }
+		$ticket = hesk_dbFetchAssoc($result);
+
+		if ($ticket['owner'] == $owner) {
+            $end_message[] = sprintf($hesklang['assign_3'], $ticket['trackid'], $owner_data['name']);
+            $i++;
+            continue;
+		}
+		if ($owner_data['isadmin'] || in_array($ticket['category'],$owner_data['categories'])) {
+            hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`={$owner}, `assignedby`=".intval($_SESSION['id'])." WHERE `id`={$this_id} LIMIT 1");
+            mfh_insert_audit_trail_record($this_id, 'TICKET', 'audit_assigned', hesk_date(), array(0 => $_SESSION['name'].' ('.$_SESSION['user'].')',
+                1 => $owner_data['name'].' ('.$owner_data['user'].')'));
+
+            $end_message[] = sprintf($hesklang['assign_4'], $ticket['trackid'], $owner_data['name']);
+            $num_assigned++;
+
+            $ticket['owner'] = $owner;
+
+            /* --> Prepare message */
+
+            // 1. Generate the array with ticket info that can be used in emails
+            $info = array(
+                'email'			=> $ticket['email'],
+                'category'		=> $ticket['category'],
+                'priority'		=> $ticket['priority'],
+                'owner'			=> $ticket['owner'],
+                'trackid'		=> $ticket['trackid'],
+                'status'		=> $ticket['status'],
+                'name'			=> $ticket['name'],
+                'subject'		=> $ticket['subject'],
+                'message'		=> $ticket['message'],
+                'attachments'	=> $ticket['attachments'],
+                'dt'			=> hesk_date($ticket['dt'], true),
+                'lastchange'	=> hesk_date($ticket['lastchange'], true),
+                'id'			=> $ticket['id'],
+                'time_worked'   => $ticket['time_worked'],
+                'last_reply_by' => hesk_getReplierName($ticket),
+            );
+
+            // 2. Add custom fields to the array
+            foreach ($hesk_settings['custom_fields'] as $k => $v) {
+                $info[$k] = $v['use'] ? $ticket[$k] : '';
+            }
+
+            // 3. Make sure all values are properly formatted for email
+            $ticket = hesk_ticketToPlain($info, 1, 0);
+
+            /* Notify the new owner? */
+            if ($ticket['owner'] != intval($_SESSION['id'])) {
+                hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you', $modsForHesk_settings);
+            }
+		} else {
+            $end_message[] = sprintf($hesklang['assign_5'], $ticket['trackid'], $owner_data['name']);
+        }
+
+		$i++;
+	}
+
+	hesk_process_messages(sprintf($hesklang['assign_log'], $num_assigned, ($i - $num_assigned), implode("\n", $end_message)),$referer,($num_assigned == 0) ? 'ERROR' : ($num_assigned < $i ? 'NOTICE' : 'SUCCESS'));
+}
+
+
+// Change priority
+if (array_key_exists($_POST['a'], $priorities)) {
+    // A security check
+    hesk_token_check('POST');
+
+    // Priority info
+    $priority = $priorities[$_POST['a']];
+
+    foreach ($_POST['id'] as $this_id) {
+        if (is_array($this_id)) {
+            continue;
+        }
+
+        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
+        $result = hesk_dbQuery("SELECT `priority`, `category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`={$this_id} LIMIT 1");
+        if (hesk_dbNumRows($result) != 1) {
+            continue;
+        }
+        $ticket = hesk_dbFetchAssoc($result);
+
+        if ($ticket['priority'] == $priority['value']) {
+            continue;
+        }
+
+        hesk_okCategory($ticket['category']);
+
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}' WHERE `id`={$this_id}");
+        mfh_insert_audit_trail_record($this_id, 'TICKET', 'audit_priority', hesk_date(),
+            array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
+                1 => $priority['lang']));
+
+        $i++;
+    }
+
+    hesk_process_messages($hesklang['pri_set_to'] . ' ' . $priority['formatted'], $referer, 'SUCCESS');
+} /* DELETE */
+elseif ($_POST['a'] == 'delete') {
+    /* Check permissions for this feature */
+    hesk_checkPermission('can_del_tickets');
+
+    /* A security check */
+    hesk_token_check('POST');
+
+    // Will we need ticket notifications?
+    if ($hesk_settings['notify_closed']) {
+        require(HESK_PATH . 'inc/email_functions.inc.php');
+    }
+
+    foreach ($_POST['id'] as $this_id) {
+        if (is_array($this_id)) {
+            continue;
+        }
+
+        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
+        $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($this_id) . "' LIMIT 1");
+        if (hesk_dbNumRows($result) != 1) {
+            continue;
+        }
+        $ticket = hesk_dbFetchAssoc($result);
+
+        hesk_okCategory($ticket['category']);
+
+        hesk_fullyDeleteTicket();
+        $i++;
+    }
+
+    hesk_process_messages(sprintf($hesklang['num_tickets_deleted'], $i), $referer, 'SUCCESS');
+} /* MERGE TICKETS */
+elseif ($_POST['a'] == 'merge') {
+    /* Check permissions for this feature */
+    hesk_checkPermission('can_merge_tickets');
+
+    /* A security check */
+    hesk_token_check('POST');
+
+    /* Sort IDs, tickets will be merged to the lowest ID */
+    sort($_POST['id'], SORT_NUMERIC);
+
+    /* Select lowest ID as the target ticket */
+    $merge_into = array_shift($_POST['id']);
+
+    /* Merge tickets or throw an error */
+    if (hesk_mergeTickets($_POST['id'], $merge_into)) {
+        hesk_process_messages($hesklang['merged'], $referer, 'SUCCESS');
+    } else {
+        $hesklang['merge_err'] .= ' ' . $_SESSION['error'];
+        hesk_cleanSessionVars($_SESSION['error']);
+        hesk_process_messages($hesklang['merge_err'], $referer);
+    }
+} /* TAG/UNTAG TICKETS */
+elseif ($_POST['a'] == 'tag' || $_POST['a'] == 'untag') {
+    /* Check permissions for this feature */
+    hesk_checkPermission('can_add_archive');
+
+    /* A security check */
+    hesk_token_check('POST');
+
+    if ($_POST['a'] == 'tag') {
+        $archived = 1;
+        $action = $hesklang['num_tickets_tag'];
+    } else {
+        $archived = 0;
+        $action = $hesklang['num_tickets_untag'];
+    }
+
+    foreach ($_POST['id'] as $this_id) {
+        if (is_array($this_id)) {
+            continue;
+        }
+
+        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
+        $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($this_id) . "' LIMIT 1");
+        if (hesk_dbNumRows($result) != 1) {
+            continue;
+        }
+        $ticket = hesk_dbFetchAssoc($result);
+
+        hesk_okCategory($ticket['category']);
+
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `archive`='$archived' WHERE `id`='" . intval($this_id) . "'");
+        $i++;
+    }
+
+    hesk_process_messages(sprintf($action, $i), $referer, 'SUCCESS');
+}
+/* EXPORT */
+elseif ($_POST['a']=='export') {
+    /* Check permissions for this feature */
+    hesk_checkPermission('can_export');
+
+    /* A security check */
+    hesk_token_check('POST');
+
+    $ids_to_export = array();
+
+    foreach ($_POST['id'] as $this_id) {
+        if ( is_array($this_id) ) {
+            continue;
+        }
+
+        $ids_to_export[] = intval($this_id) or hesk_error($hesklang['id_not_valid']);
+        $i++;
+    }
+
+    if ($i < 1) {
+        hesk_process_messages($hesklang['no_selected'], $referer, 'NOTICE');
+    }
+
+    // Start SQL statement for selecting tickets
+    $sql = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id` IN (".implode(',', $ids_to_export).") ";
+    $sql .= " AND " . hesk_myCategories();
+    $sql .= " AND " . hesk_myOwnership();
+
+    require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+    require(HESK_PATH . 'inc/export_functions.inc.php');
+
+    list($success_msg, $tickets_exported) = hesk_export_to_XML($sql, true);
+
+    if ($tickets_exported > 0) {
+        hesk_process_messages($success_msg,$referer,'SUCCESS');
+    } else {
+        hesk_process_messages($hesklang['n2ex'],$referer,'NOTICE');
+    }
+}
+/* ANONYMIZE */
+elseif ($_POST['a']=='anonymize') {
+    /* Check permissions for this feature */
+    hesk_checkPermission('can_privacy');
+
+    /* A security check */
+    hesk_token_check('POST');
+
+    require(HESK_PATH . 'inc/privacy_functions.inc.php');
+
+    foreach ($_POST['id'] as $this_id) {
+        if (is_array($this_id)) {
+            continue;
+        }
+
+        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
+        $result = hesk_dbQuery("SELECT `id`,`trackid`,`name`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' AND ".hesk_myOwnership()." LIMIT 1");
+        if (hesk_dbNumRows($result) != 1) {
+            continue;
+        }
+        $ticket = hesk_dbFetchAssoc($result);
+
+        hesk_okCategory($ticket['category']);
+
+        hesk_anonymizeTicket(null, null, true);
+        $i++;
+    }
+
+    hesk_process_messages(sprintf($hesklang['num_tickets_anon'],$i),$referer,'SUCCESS');
+}
+/* PRINT */
+elseif ($_POST['a']=='print') {
+    /* Check permissions for this feature */
+	hesk_checkPermission('can_view_tickets');
+
+	/* A security check */
+	hesk_token_check('POST');
+
+    // Load custom fields
+    require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
+	// List of staff
+	if (!isset($admins)) {
+        $admins = array();
+        $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `id` ASC");
+        while ($row=hesk_dbFetchAssoc($res2)) {
+            $admins[$row['id']]=$row['name'];
+        }
+    }
+
+	// List of categories
+	$hesk_settings['categories'] = array();
+	$res2 = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` WHERE ' . hesk_myCategories('id') . ' ORDER BY `cat_order` ASC');
+	while ($row=hesk_dbFetchAssoc($res2)) {
+        $hesk_settings['categories'][$row['id']] = $row['name'];
+    }
+
+    // Print page head
+    header('Content-Type: text/html; charset=utf-8');
+    ?>
+    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+    <html>
+    <head>
+        <title><?php echo $hesk_settings['hesk_title']; ?></title>
+        <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $hesklang['ENCODING']; ?>">
+        <style type="text/css">
+            body, table, td, p {
+                color : black;
+                font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
+                font-size : <?php echo $hesk_settings['print_font_size']; ?>px;
+            }
+            table {
+            	border-collapse:collapse;
+            }
+            hr {
+            	border: 0;
+            	color: #9e9e9e;
+            	background-color: #9e9e9e;
+            	height: 1px;
+            	width: 100%;
+            	text-align: left;
+            }
+            </style>
+    </head>
+    <body onload="window.print()">
+    <?php
+
+    // Loop through ticket IDs and print them
+    foreach ($_POST['id'] as $this_id) {
+        if (is_array($this_id)) {
+            continue;
+        }
+
+        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
+        $result = hesk_dbQuery("SELECT `t1`.* , `ticketStatus`.`IsClosed` AS `isClosed`, `ticketStatus`.`Key` AS `statusKey`, `t2`.name AS `repliername`
+					FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id`
+					INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` AS `ticketStatus` ON `t1`.`status` = `ticketStatus`.`ID`
+					WHERE `t1`.`id`='{$this_id}' LIMIT 1");
+        if (hesk_dbNumRows($result) != 1) {
+            continue;
+        }
+        $ticket = hesk_dbFetchAssoc($result);
+
+        // Check that we have proper permissions to view this ticket
+        hesk_okCategory($ticket['category']);
+
+        $can_view_ass_by     = hesk_checkPermission('can_view_ass_by', 0);
+        $can_view_unassigned = hesk_checkPermission('can_view_unassigned',0);
+
+        if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && ! hesk_checkPermission('can_view_ass_others',0)) {
+            // Maybe this user is allowed to view tickets he/she assigned?
+            if ( ! $can_view_ass_by || $ticket['assignedby'] != $_SESSION['id']) {
+                hesk_error($hesklang['ycvtao']);
+            }
+        }
+
+        if (!$ticket['owner'] && ! $can_view_unassigned) {
+            hesk_error($hesklang['ycovtay']);
+        }
+
+        // All good, continue...
+
+        $category['name'] = isset($hesk_settings['categories'][$ticket['category']]) ? $hesk_settings['categories'][$ticket['category']] : $hesklang['catd'];
+
+        // Get replies
+        $res  = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='{$ticket['id']}' ORDER BY `id` ASC");
+        $replies = hesk_dbNumRows($res);
+
+        // Print ticket
+        require(HESK_PATH . 'inc/print_template.inc.php');
+		flush();
+    }
+    ?>
+    </body>
+    </html>
+    <?php
+    exit();
+}
+/* JUST CLOSE */
+else {
+    /* Check permissions for this feature */
+    hesk_checkPermission('can_view_tickets');
+    hesk_checkPermission('can_reply_tickets');
+    hesk_checkPermission('can_resolve');
+
+    /* A security check */
+    hesk_token_check('POST');
+    require(HESK_PATH . 'inc/email_functions.inc.php');
+
+    foreach ($_POST['id'] as $this_id) {
+        if (is_array($this_id)) {
+            continue;
+        }
+
+        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
+
+        $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($this_id) . "' LIMIT 1");
+        $ticket = hesk_dbFetchAssoc($result);
+
+        hesk_okCategory($ticket['category']);
+
+        $closedStatusRS = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsStaffClosedOption` = 1");
+        $closedStatus = hesk_dbFetchAssoc($closedStatusRS);
+
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . " WHERE `id`='" . intval($this_id) . "'");
+
+        mfh_insert_audit_trail_record($this_id, 'TICKET', 'audit_closed', hesk_date(),
+            array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'));
+
+        $i++;
+
+        // Notify customer of closed ticket?
+        if ($hesk_settings['notify_closed']) {
+            $ticket['dt'] = hesk_date($ticket['dt'], true);
+            $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
+            $ticket = hesk_ticketToPlain($ticket, 1, 0);
+            hesk_notifyCustomer($modsForHesk_settings, 'ticket_closed');
+        }
+    }
+
+    hesk_process_messages(sprintf($hesklang['num_tickets_closed'], $i), $referer, 'SUCCESS');
+}
+
+
+/*** START FUNCTIONS ***/
+
+
+function hesk_fullyDeleteTicket()
+{
+    global $hesk_settings, $hesklang, $ticket;
+
+    /* Delete attachment files */
+    $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
+    if (hesk_dbNumRows($res)) {
+        $hesk_settings['server_path'] = dirname(dirname(__FILE__));
+
+        while ($file = hesk_dbFetchAssoc($res)) {
+            hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
+        }
+    }
+
+    /* Delete attachments info from the database */
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
+
+    /* Delete the ticket */
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($ticket['id']) . "'");
+
+    /* Delete replies to the ticket */
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "'");
+
+    /* Delete ticket notes */
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `ticket`='" . intval($ticket['id']) . "'");
+
+    /* Delete audit trail records */
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "audit_trail_to_replacement_values` 
+        WHERE `audit_trail_id` IN (
+            SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "audit_trail`
+            WHERE `entity_type` = 'TICKET' AND `entity_id` = " . intval($ticket['id']) . ")");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "audit_trail` WHERE `entity_type`='TICKET' 
+        AND `entity_id` = " . intval($ticket['id']));
+
+    /* Delete ticket reply drafts */
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `ticket`=" . intval($ticket['id']));
+
+    return true;
+}
+
+?>

admin/edit_note.php

@@ -0,0 +1,133 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+/* Check permissions for this feature */
+hesk_checkPermission('can_view_tickets');
+
+// Ticket ID
+$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
+
+// Note ID
+$noteID = intval(hesk_REQUEST('note')) or die($hesklang['int_error'] . ': ' . $hesklang['mis_note']);
+
+// Get ticket info
+$result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+if (hesk_dbNumRows($result) != 1) {
+    hesk_error($hesklang['ticket_not_found']);
+}
+$ticket = hesk_dbFetchAssoc($result);
+
+// Get note info
+$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}");
+if (hesk_dbNumRows($result) != 1) {
+    hesk_error($hesklang['no_note']);
+}
+$note = hesk_dbFetchAssoc($result);
+
+// Make sure the note matches the ticket and the user has permission to edit it
+if ($note['ticket'] != $ticket['id'] || (!hesk_checkPermission('can_del_notes', 0) && $note['who'] != $_SESSION['id'])) {
+    hesk_error($hesklang['perm_deny']);
+}
+
+// Save changes?
+if (isset($_POST['save'])) {
+    // A security check
+    hesk_token_check('POST');
+
+    // Get message
+    $tmpvar['message'] = nl2br(hesk_makeURL(hesk_input(hesk_POST('message'))));
+
+    // If we have message or attachments do the update
+    if (strlen($tmpvar['message']) || strlen($note['attachments'])) {
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`={$noteID}");
+        hesk_process_messages($hesklang['ednote2'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
+    } // If not, delete the note
+    else {
+        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$noteID}");
+        header('Location: admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
+        exit();
+    }
+}
+
+$note['message'] = hesk_msgToPlain($note['message'], 0, 0);
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print admin navigation */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+<div class="content-wrapper">
+    <ol class="breadcrumb">
+        <li>
+            <a href="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000, 99999); ?>"><?php echo $hesklang['ticket'] . ' ' . $trackingID; ?></a>
+        </li>
+        <li class="active"><?php echo $hesklang['ednote']; ?></li>
+    </ol>
+    <section class="content">
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['ednote']; ?>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
+            </div>
+        </div>
+        <div class="box-body">
+            <form method="post" action="edit_note.php" name="form1" class="form-horizontal" role="form">
+                <div class="form-group">
+                    <label for="message" class="col-md-2 control-label"><?php echo $hesklang['message']; ?></label>
+
+                    <div class="col-md-10">
+                    <textarea name="message" class="form-control" rows="12"
+                              cols="60"><?php echo $note['message']; ?></textarea>
+                    </div>
+                </div>
+                <div class="form-group">
+                    <div class="col-md-10 col-md-offset-2">
+                        <input type="hidden" name="save" value="1">
+                        <input type="hidden" name="track" value="<?php echo $trackingID; ?>">
+                        <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
+                        <input type="hidden" name="note" value="<?php echo $noteID; ?>">
+                        <div class="btn-group">
+                            <input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-primary">
+                            <a href="javascript:history.go(-1)" class="btn btn-default"><?php echo $hesklang['back']; ?></a>
+                        </div>
+                    </div>
+                </div>
+            </form>
+        </div>
+    </div>
+</section>
+</div>
+<?php
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();

admin/export_ticket.php

@@ -0,0 +1,54 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/privacy_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+// Check permissions for this feature
+hesk_checkPermission('can_export');
+
+// A security check
+hesk_token_check();
+
+// Tracking ID
+$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
+
+// Generate SQL for the ticket, make sure the user has access to it
+$sql = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' AND ";
+$sql .= hesk_myCategories();
+$sql .= " AND " . hesk_myOwnership();
+$sql .= " LIMIT 1";
+
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+require_once(HESK_PATH . 'inc/statuses.inc.php');
+require(HESK_PATH . 'inc/export_functions.inc.php');
+
+list($success_msg, $tickets_exported) = hesk_export_to_XML($sql, true);
+
+if ($tickets_exported == 1)
+{
+    hesk_process_messages($success_msg,'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
+}
+
+hesk_error($hesklang['n2ex']);

admin/find_tickets.php

@@ -1,51 +1,34 @@
 <?php
-/*******************************************************************************
-*  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
-*  Author: Klemen Stirn
-*  Website: http://www.hesk.com
-********************************************************************************
-*  COPYRIGHT AND TRADEMARK NOTICE
-*  Copyright 2005-2013 Klemen Stirn. All Rights Reserved.
-*  HESK is a registered trademark of Klemen Stirn.
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
 
-*  The HESK may be used and modified free of charge by anyone
-*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
-*  By using this code you agree to indemnify Klemen Stirn from any
-*  liability that might arise from it's use.
-
-*  Selling the code for this program, in part or full, without prior
-*  written consent is expressly forbidden.
-
-*  Using this code, in part or full, to create derivate work,
-*  new scripts or products is expressly forbidden. Obtain permission
-*  before redistributing this software over the Internet or in
-*  any other medium. In all cases copyright and header must remain intact.
-*  This Copyright is in full effect in any country that has International
-*  Trade Agreements with the United States of America or
-*  with the European Union.
-
-*  Removing any of the copyright notices without purchasing a license
-*  is expressly forbidden. To remove HESK copyright notice you must purchase
-*  a license for this script. For more information on how to obtain
-*  a license please visit the page below:
-*  https://www.hesk.com/buy.php
-*******************************************************************************/
-
-define('IN_SCRIPT',1);
-define('HESK_PATH','../');
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'ADMIN_HOME');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
 
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/status_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
 hesk_load_database_functions();
 
 hesk_session_start();
 hesk_dbConnect();
 hesk_isLoggedIn();
 
-define('CALENDAR',1);
+define('CALENDAR', 1);
 $_SESSION['hide']['ticket_list'] = true;
 
 /* Check permissions for this feature */
@@ -53,202 +36,250 @@ hesk_checkPermission('can_view_tickets');
 
 $_SERVER['PHP_SELF'] = './admin_main.php';
 
+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 /* Print header */
 require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 
 /* Print admin navigation */
 require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 
-?>
-
-</td>
-</tr>
-<tr>
-<td>
-
-<h3 align="center"><?php echo $hesklang['tickets_found']; ?></h3>
-
-<?php
 
 // This SQL code will be used to retrieve results
-$sql_final = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
+$sql_final = "SELECT
+`id`,
+`trackid`,
+`name`,
+`email`,
+`category`,
+`priority`,
+`subject`,
+LEFT(`message`, 400) AS `message`,
+`dt`,
+`lastchange`,
+`firstreply`,
+`closedat`,
+`status`,
+`openedby`,
+`firstreplyby`,
+`closedby`,
+`replies`,
+`staffreplies`,
+`owner`,
+`time_worked`,
+`lastreplier`,
+`replierid`,
+`archive`,
+`locked`,
+`merged`
+";
 
-// This code will be used to count number of results
-$sql_count = "SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
+                    foreach ($hesk_settings['custom_fields'] as $k => $v) {
+                        if ($v['use']) {
+                            $sql_final .= ", `" . $k . "`";
+                        }
+                    }
 
-// This is common SQL for both queries
-$sql = "";
+                    $sql_final .= " FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
 
-// Some default settings
-$archive = array(1=>0,2=>0);
-$s_my = array(1=>1,2=>1);
-$s_ot = array(1=>1,2=>1);
-$s_un = array(1=>1,2=>1);
+                    // This code will be used to count number of results
+                    $sql_count = "SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
 
-// --> TICKET CATEGORY
-$category = intval( hesk_GET('category', 0) );
+                    // This is common SQL for both queries
+                    $sql = "";
 
-// Make sure user has access to this category
-if ($category && hesk_okCategory($category, 0) )
-{
-	$sql .= " `category`='{$category}' ";
-}
-// No category selected, show only allowed categories
-else
-{
-	$sql .= hesk_myCategories();
-}
+                    // Some default settings
+                    $archive = array(1 => 0, 2 => 0);
+                    $s_my = array(1 => 1, 2 => 1);
+                    $s_ot = array(1 => 1, 2 => 1);
+                    $s_un = array(1 => 1, 2 => 1);
 
-// Show only tagged tickets?
-if ( ! empty($_GET['archive']) )
-{
-	$archive[2]=1;
-	$sql .= " AND `archive`='1' ";
-}
+                    // --> TICKET CATEGORY
+                    $category = intval(hesk_GET('category', 0));
 
-// Ticket owner preferences
-$fid = 2;
-require(HESK_PATH . 'inc/assignment_search.inc.php');
+                    // Make sure user has access to this category
+                    if ($category && hesk_okCategory($category, 0)) {
+                        $sql .= " `category`='{$category}' ";
+                    } // No category selected, show only allowed categories
+                    else {
+                        $sql .= hesk_myCategories();
+                    }
 
-$hesk_error_buffer = '';
-$no_query = 0;
+                    // Show only tagged tickets?
+                    if (!empty($_GET['archive'])) {
+                        $archive[2] = 1;
+                        $sql .= " AND `archive`='1' ";
+                    }
 
-// Search query
-$q = stripslashes( hesk_input( hesk_GET('q', '') ) );
+                    // Ticket owner preferences
+                    $fid = 2;
+                    require(HESK_PATH . 'inc/assignment_search.inc.php');
 
-// No query entered?
-if ( ! strlen($q) )
-{
-	$hesk_error_buffer .= $hesklang['fsq'];
-	$no_query = 1;
-}
+                    $hesk_error_buffer = '';
+                    $no_query = 0;
 
-// What field are we searching in
-$what = hesk_GET('what', '') or $hesk_error_buffer .= '<br />' . $hesklang['wsel'];
+                    // Search query
+                    $q = stripslashes(hesk_input(hesk_GET('q', '')));
 
-// Sequential ID supported?
-if ($what == 'seqid' && ! $hesk_settings['sequential'])
-{
-	$what = 'trackid';
-}
+                    // No query entered?
+                    if (!strlen($q)) {
+                        $hesk_error_buffer .= $hesklang['fsq'];
+                        $no_query = 1;
+                    }
 
-// Setup SQL based on searching preferences
-if ( ! $no_query)
-{
-	$sql .= " AND ";
+                    // What field are we searching in
+                    $what = hesk_GET('what', '') or $hesk_error_buffer .= '<br />' . $hesklang['wsel'];
 
-	switch ($what)
-	{
-		case 'trackid':
-		    $sql  .= " ( `trackid` = '".hesk_dbEscape($q)."' OR `merged` LIKE '%#".hesk_dbEscape($q)."#%' ) ";
-		    break;
-		case 'name':
-		    $sql  .= "`name` LIKE '%".hesk_dbEscape($q)."%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ";
-		    break;
-		case 'email':
-	         $sql  .= "`email` LIKE '%".hesk_dbEscape($q)."%' ";
-			 break;
-		case 'subject':
-		    $sql  .= "`subject` LIKE '%".hesk_dbEscape($q)."%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ";
-		    break;
-		case 'message':
-		    $sql  .= " ( `message` LIKE '%".hesk_dbEscape($q)."%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "'
+                    // Sequential ID supported?
+                    if ($what == 'seqid' && !$hesk_settings['sequential']) {
+                        $what = 'trackid';
+                    }
+
+                    // Setup SQL based on searching preferences
+                    if (!$no_query) {
+                        $sql .= " AND ";
+
+                        switch ($what) {
+                            case 'trackid':
+                                $sql .= " ( `trackid` = '" . hesk_dbEscape($q) . "' OR `merged` LIKE '%#" . hesk_dbEscape($q) . "#%' ) ";
+                                break;
+                            case 'name':
+                                $sql  .= "`name` LIKE '%".hesk_dbEscape( hesk_dbLike($q) )."%' COLLATE '" . hesk_dbCollate() . "' ";
+                                break;
+                            case 'email':
+                                $sql .= "`email` LIKE '%" . hesk_dbEscape($q) . "%' ";
+                                break;
+                            case 'subject':
+                                $sql  .= "`subject` LIKE '%".hesk_dbEscape( hesk_dbLike($q) )."%' COLLATE '" . hesk_dbCollate() . "' ";
+                                break;
+                            case 'message':
+                                $sql  .= " ( `message` LIKE '%".hesk_dbEscape( hesk_dbLike($q) )."%' COLLATE '" . hesk_dbCollate() . "'
             		OR
                     `id` IN (
             		SELECT DISTINCT `replyto`
-                	FROM   `".hesk_dbEscape($hesk_settings['db_pfix'])."replies`
-                	WHERE  `message` LIKE '%".hesk_dbEscape($q)."%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' )
+                	FROM   `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies`
+                	WHERE  `message` LIKE '%".hesk_dbEscape( hesk_dbLike($q) )."%' COLLATE '" . hesk_dbCollate() . "' )
                     )
                     ";
-		    break;
-		case 'seqid':
-	         $sql  .= "`id` = '".intval($q)."' ";
-			 break;
-		case 'notes':
-		    $sql  .= "`id` IN (
+                                break;
+                            case 'seqid':
+                                $sql .= "`id` = '" . intval($q) . "' ";
+                                break;
+                            case 'notes':
+                                $sql .= "`id` IN (
             		SELECT DISTINCT `ticket`
-                	FROM   `".hesk_dbEscape($hesk_settings['db_pfix'])."notes`
-                	WHERE  `message` LIKE '%".hesk_dbEscape($q)."%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' )
+                	FROM   `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes`
+                	WHERE  `message` LIKE '%".hesk_dbEscape( hesk_dbLike($q) )."%' COLLATE '" . hesk_dbCollate() . "' )
                 	";
-		    break;
-		default:
-	    	if (isset($hesk_settings['custom_fields'][$what]) && $hesk_settings['custom_fields'][$what]['use'])
-	        {
-	        	$sql .= "`".hesk_dbEscape($what)."` LIKE '%".hesk_dbEscape($q)."%' COLLATE '" . hesk_dbEscape($hesklang['_COLLATE']) . "' ";
-	        }
-	        else
-	        {
-	        	$hesk_error_buffer .= '<br />' . $hesklang['invalid_search'];
-	        }
-	}
-}
+                                break;
+                            case 'ip':
+                                $sql .= "`ip` LIKE '".preg_replace('/[^0-9\.\%]/', '', $q)."' ";
+                                break;
+                            default:
+                                if (isset($hesk_settings['custom_fields'][$what]) && $hesk_settings['custom_fields'][$what]['use']) {
+                                    $sql .= "`" . hesk_dbEscape($what) . "` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "' ";
+                                } else {
+                                    $hesk_error_buffer .= '<br />' . $hesklang['invalid_search'];
+                                }
+                        }
+                    }
 
-/* Date */
-/* -> Check for compatibility with old date format */
-if (preg_match("/(\d{4})-(\d{2})-(\d{2})/", hesk_GET('dt'), $m))
-{
-	$_GET['dt']=$m[2].$m[3].$m[1];
-}
+                    // Owner
+                    if ($tmp = intval(hesk_GET('owner', 0))) {
+                        $sql .= " AND `owner`={$tmp} ";
+                        $owner_input = $tmp;
+                        $hesk_error_buffer = str_replace($hesklang['fsq'], '', $hesk_error_buffer);
+                    } else {
+                        $owner_input = 0;
+                    }
 
-/* -> Now process the date value */
-$dt = preg_replace('/[^0-9]/','', hesk_GET('dt') );
-if (strlen($dt) == 8)
-{
-	$date = substr($dt,4,4) . '-' . substr($dt,0,2) . '-' . substr($dt,2,2);
-	$date_input= substr($dt,0,2) . '/' . substr($dt,2,2) . '/' . substr($dt,4,4);
+                    /* Date */
+                    /* -> Now process the date value */
+                    $dt = preg_replace('/[^0-9]/', '', hesk_GET('dt'));
+                    if (strlen($dt) == 8) {
+                        $date = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
+                        $date_input = $date;
 
-	/* This search is valid even if no query is entered */
-	if ($no_query)
-	{
-		$hesk_error_buffer = str_replace($hesklang['fsq'],'',$hesk_error_buffer);
-	}
+                        /* This search is valid even if no query is entered */
+                        if ($no_query) {
+                            $hesk_error_buffer = str_replace($hesklang['fsq'], '', $hesk_error_buffer);
+                        }
 
-	$sql .= " AND (`dt` LIKE '".hesk_dbEscape($date)."%' OR `lastchange` LIKE '".hesk_dbEscape($date)."%') ";
-}
-else
-{
-	$date = '';
-    $date_input = '';
-}
+                        $sql .= " AND `dt` BETWEEN '{$date} 00:00:00' AND '{$date} 23:59:59' ";
+                    } else {
+                        $date = '';
+                        $date_input = '';
+                    }
 
-/* Any errors? */
-if (strlen($hesk_error_buffer))
-{
-	hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
-}
+                    /* Any errors? */
+                    if (strlen($hesk_error_buffer)) {
+                        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
+                    }
 
-/* This will handle error, success and notice messages */
-$handle = hesk_handle_messages();
+                    # echo "$sql<br/>";
 
-# echo "$sql<br/>";
+                    // That's all the SQL we need for count
+                    $sql_count .= $sql;
+                    $sql = $sql_final . $sql;
 
-// That's all the SQL we need for count
-$sql_count .= $sql;
-$sql = $sql_final . $sql;
+                    // Strip extra slashes
+                    $q = stripslashes($q);
 
-/* Prepare variables used in search and forms */
-require_once(HESK_PATH . 'inc/prepare_ticket_search.inc.php');
+                    /* Prepare variables used in search and forms */
+                    require_once(HESK_PATH . 'inc/prepare_ticket_search.inc.php');
+                    ?>
+                    <div class="content-wrapper">
+                        <section class="content">
+                            <div class="box">
+                                <div class="box-header with-border">
+                                    <h1 class="box-title">
+                                        <?php echo $hesklang['tickets']; ?>
+                                    </h1>
+                                    <div class="box-tools pull-right">
+                                        <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                                            <i class="fa fa-minus"></i>
+                                        </button>
+                                    </div>
+                                </div>
+                                <div class="box-body">
+                                    <?php $handle = hesk_handle_messages(); ?>
+                                    <div class="row">
+                                        <div class="col-xs-6 text-left">
+                                            <div class="checkbox">
+                                                <label>
+                                                    <input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
+                                                    <?php echo $hesklang['arp']; ?>
+                                                    <span id="timer"></span>
+                                                </label>
+                                            </div>
+                                            <script type="text/javascript">heskCheckReloading();</script>
+                                        </div>
+                                        <div class="col-xs-6 text-right">
+                                            <a href="new_ticket.php" class="btn btn-success">
+                                                <span class="glyphicon glyphicon-plus-sign"></span>
+                                                <?php echo $hesklang['nti']; ?>
+                                            </a>
+                                        </div>
+                                    </div>
+                                    <?php
+                                    if ($handle !== FALSE) {
+                                        $href = 'find_tickets.php';
+                                        require_once(HESK_PATH . 'inc/ticket_list.inc.php');
+                                        echo '<br>';
+                                    }
 
-/* If there has been an error message skip searching for tickets */
-if ($handle !== FALSE)
-{
-	$href = 'find_tickets.php';
-	require_once(HESK_PATH . 'inc/ticket_list.inc.php');
-}
-?>
+                                    /* Clean unneeded session variables */
+                                    hesk_cleanSessionVars('hide');
 
-<hr />
-
-<?php
-
-/* Clean unneeded session variables */
-hesk_cleanSessionVars('hide');
-
-/* Show the search form */
-require_once(HESK_PATH . 'inc/show_search_form.inc.php');
-
-/* Print footer */
-require_once(HESK_PATH . 'inc/footer.inc.php');
-exit();
-
-?>
+                                    /* Show the search form */
+                                    require_once(HESK_PATH . 'inc/show_search_form.inc.php');
+                                    ?>
+                                </div>
+                            </div>
+                        </section>
+                    </div>
+                    <?php
+                    /* Print footer */
+                    require_once(HESK_PATH . 'inc/footer.inc.php');
+                    exit();

admin/index.php

@@ -1,39 +1,19 @@
 <?php
-/*******************************************************************************
-*  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
-*  Author: Klemen Stirn
-*  Website: http://www.hesk.com
-********************************************************************************
-*  COPYRIGHT AND TRADEMARK NOTICE
-*  Copyright 2005-2013 Klemen Stirn. All Rights Reserved.
-*  HESK is a registered trademark of Klemen Stirn.
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
 
-*  The HESK may be used and modified free of charge by anyone
-*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
-*  By using this code you agree to indemnify Klemen Stirn from any
-*  liability that might arise from it's use.
-
-*  Selling the code for this program, in part or full, without prior
-*  written consent is expressly forbidden.
-
-*  Using this code, in part or full, to create derivate work,
-*  new scripts or products is expressly forbidden. Obtain permission
-*  before redistributing this software over the Internet or in
-*  any other medium. In all cases copyright and header must remain intact.
-*  This Copyright is in full effect in any country that has International
-*  Trade Agreements with the United States of America or
-*  with the European Union.
-
-*  Removing any of the copyright notices without purchasing a license
-*  is expressly forbidden. To remove HESK copyright notice you must purchase
-*  a license for this script. For more information on how to obtain
-*  a license please visit the page below:
-*  https://www.hesk.com/buy.php
-*******************************************************************************/
-
-define('IN_SCRIPT',1);
-define('HESK_PATH','../');
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'LOGIN');
 
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
@@ -43,223 +23,226 @@ hesk_load_database_functions();
 
 hesk_session_start();
 hesk_dbConnect();
+$modsForHesk_settings = mfh_getSettings();
 
 /* What should we do? */
 $action = hesk_REQUEST('a');
 
-switch ($action)
-{
+switch ($action) {
     case 'do_login':
-    	do_login();
+        do_login();
         break;
     case 'login':
-    	print_login();
+        print_login();
         break;
     case 'logout':
-    	logout();
+        logout();
         break;
     default:
-    	hesk_autoLogin();
-    	print_login();
+        hesk_autoLogin();
+        print_login();
 }
-
-/* Print footer */
-require_once(HESK_PATH . 'inc/footer.inc.php');
 exit();
 
 /*** START FUNCTIONS ***/
 function do_login()
 {
-	global $hesk_settings, $hesklang;
+    global $hesk_settings, $hesklang, $modsForHesk_settings;
 
     $hesk_error_buffer = array();
 
-    $user = hesk_input( hesk_POST('user') );
-    if (empty($user))
-    {
-		$myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
+    $user = hesk_input(hesk_POST('user'));
+    if (empty($user)) {
+        $myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
         $hesk_error_buffer['user'] = $myerror;
     }
     define('HESK_USER', $user);
 
-	$pass = hesk_input( hesk_POST('pass') );
-	if (empty($pass))
-	{
-    	$hesk_error_buffer['pass'] = $hesklang['enter_pass'];
-	}
-
-	if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified']))
-	{
-		// Using ReCaptcha?
-		if ($hesk_settings['recaptcha_use'])
-		{
-			require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
-
-			$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'],
-			$_SERVER['REMOTE_ADDR'],
-			hesk_POST('recaptcha_challenge_field', ''),
-			hesk_POST('recaptcha_response_field', '')
-            );
-
-			if ($resp->is_valid)
-			{
-				$_SESSION['img_a_verified']=true;
-			}
-			else
-			{
-				$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
-			}
-		}
-		// Using PHP generated image
-		else
-		{
-			$mysecnum = intval( hesk_POST('mysecnum', 0) );
-
-			if ( empty($mysecnum) )
-			{
-				$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
-			}
-			else
-			{
-				require(HESK_PATH . 'inc/secimg.inc.php');
-				$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
-				if ( isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum']) )
-				{
-					$_SESSION['img_a_verified'] = true;
-				}
-				else
-				{
-					$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
-				}
-			}
-		}
-	}
-
-    /* Any missing fields? */
-	if (count($hesk_error_buffer)!=0)
-	{
-    	$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
-
-	    $tmp = '';
-	    foreach ($hesk_error_buffer as $error)
-	    {
-	        $tmp .= "<li>$error</li>\n";
-	    }
-	    $hesk_error_buffer = $tmp;
-
-	    $hesk_error_buffer = $hesklang['pcer'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
-	    hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
-        print_login();
-        exit();
-	}
-    elseif (isset($_SESSION['img_a_verified']))
-    {
-		unset($_SESSION['img_a_verified']);
+    $pass = hesk_input(hesk_POST('pass'));
+    if (empty($pass)) {
+        $hesk_error_buffer['pass'] = $hesklang['enter_pass'];
     }
 
-	/* User entered all required info, now lets limit brute force attempts */
-	hesk_limitBfAttempts();
+    if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
+        // Using ReCaptcha?
+        if ($hesk_settings['recaptcha_use']) {
+            require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php');
 
-	$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `user` = '".hesk_dbEscape($user)."' LIMIT 1");
-	if (hesk_dbNumRows($result) != 1)
-	{
-        hesk_session_stop();
-    	$_SESSION['a_iserror'] = array('user','pass');
-    	hesk_process_messages($hesklang['wrong_user'],'NOREDIRECT');
-        print_login();
-        exit();
-	}
+            $resp = null;
+            $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
 
-	$res=hesk_dbFetchAssoc($result);
-	foreach ($res as $k=>$v)
-	{
-	    $_SESSION[$k]=$v;
-	}
+            // Was there a reCAPTCHA response?
+            if (isset($_POST["g-recaptcha-response"])) {
+                $resp = $reCaptcha->verifyResponse(hesk_getClientIP(), hesk_POST("g-recaptcha-response"));
+            }
 
-	/* Check password */
-	if (hesk_Pass2Hash($pass) != $_SESSION['pass'])
-    {
-        hesk_session_stop();
-    	$_SESSION['a_iserror'] = array('pass');
-		hesk_process_messages($hesklang['wrong_pass'],'NOREDIRECT');
-		print_login();
-		exit();
-	}
+            if ($resp != null && $resp->success) {
+                $_SESSION['img_a_verified'] = true;
+            } else {
+                $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
+            }
+        } // Using PHP generated image
+        else {
+            $mysecnum = intval(hesk_POST('mysecnum', 0));
 
-    $pass_enc = hesk_Pass2Hash($_SESSION['pass'].strtolower($user).$_SESSION['pass']);
-
-    /* Check if default password */
-    if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079')
-    {
-    	hesk_process_messages($hesklang['chdp'],'NOREDIRECT','NOTICE');
-    }
-
-	unset($_SESSION['pass']);
-
-	/* Login successful, clean brute force attempts */
-	hesk_cleanBfAttempts();
-
-	/* Regenerate session ID (security) */
-	hesk_session_regenerate_id();
-
-	/* Remember username? */
-	if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN')
-	{
-		setcookie('hesk_username', "$user", strtotime('+1 year'));
-		setcookie('hesk_p', "$pass_enc", strtotime('+1 year'));
-	}
-	elseif ( hesk_POST('remember_user') == 'JUSTUSER')
-	{
-		setcookie('hesk_username', "$user", strtotime('+1 year'));
-		setcookie('hesk_p', '');
-	}
-	else
-	{
-		// Expire cookie if set otherwise
-		setcookie('hesk_username', '');
-		setcookie('hesk_p', '');
-	}
-
-    /* Close any old tickets here so Cron jobs aren't necessary */
-	if ($hesk_settings['autoclose'])
-    {
-    	$revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']);
-		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='3', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."')  WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape( date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400) )."'");
-    }
-
-	/* Redirect to the destination page */
-	if ( hesk_isREQUEST('goto') )
-	{
-    	$url = hesk_REQUEST('goto');
-	    $url = str_replace('&amp;','&',$url);
-
-        /* goto parameter can be set to the local domain only */
-        $myurl = parse_url($hesk_settings['hesk_url']);
-        $goto  = parse_url($url);
-
-        if (isset($myurl['host']) && isset($goto['host']))
-        {
-        	if ( str_replace('www.','',strtolower($myurl['host'])) != str_replace('www.','',strtolower($goto['host'])) )
-            {
-            	$url = 'admin_main.php';
+            if (empty($mysecnum)) {
+                $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
+            } else {
+                require(HESK_PATH . 'inc/secimg.inc.php');
+                $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
+                if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
+                    $_SESSION['img_a_verified'] = true;
+                } else {
+                    $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
+                }
             }
         }
+    }
 
-	    header('Location: '.$url);
-	}
-	else
-	{
-	    header('Location: admin_main.php');
-	}
-	exit();
+    /* Any missing fields? */
+    if (count($hesk_error_buffer) != 0) {
+        $_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
+
+        $tmp = '';
+        foreach ($hesk_error_buffer as $error) {
+            $tmp .= "<li>$error</li>\n";
+        }
+        $hesk_error_buffer = $tmp;
+
+        $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
+        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
+        print_login();
+        exit();
+    } elseif (isset($_SESSION['img_a_verified'])) {
+        unset($_SESSION['img_a_verified']);
+    }
+
+    /* User entered all required info, now lets limit brute force attempts */
+    hesk_limitBfAttempts();
+
+    $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
+    if (hesk_dbNumRows($result) != 1) {
+        hesk_session_stop();
+        $_SESSION['a_iserror'] = array('user', 'pass');
+        hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
+        print_login();
+        exit();
+    }
+
+    $res = hesk_dbFetchAssoc($result);
+    foreach ($res as $k => $v) {
+        $_SESSION[$k] = $v;
+    }
+
+    /* Check password */
+    if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
+        hesk_session_stop();
+        $_SESSION['a_iserror'] = array('pass');
+        hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
+        print_login();
+        exit();
+    }
+
+    $pass_enc = hesk_Pass2Hash($_SESSION['pass'].hesk_mb_strtolower($user).$_SESSION['pass']);
+
+    /* Check if default password */
+    if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
+        hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
+    }
+
+    // Set a tag that will be used to expire sessions after username or password change
+    $_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
+
+    // We don't need the password hash anymore
+    unset($_SESSION['pass']);
+
+
+    /* Login successful, clean brute force attempts */
+    hesk_cleanBfAttempts();
+
+    /* Make sure our user is active */
+    if (!$_SESSION['active']) {
+        hesk_session_stop();
+        $_SESSION['a_iserror'] = array('active');
+        hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT');
+        print_login();
+        exit();
+    }
+
+    /* Regenerate session ID (security) */
+    hesk_session_regenerate_id();
+
+    /* Remember username? */
+    if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
+        hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
+        hesk_setcookie('hesk_p', "$pass_enc", strtotime('+1 year'));
+    } elseif (hesk_POST('remember_user') == 'JUSTUSER') {
+        hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
+        hesk_setcookie('hesk_p', '');
+    } else {
+        // Expire cookie if set otherwise
+        hesk_setcookie('hesk_username', '');
+        hesk_setcookie('hesk_p', '');
+    }
+
+    /* Close any old tickets here so Cron jobs aren't necessary */
+    if ($hesk_settings['autoclose']) {
+        $dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
+
+
+        $closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
+        $closedStatus = hesk_dbFetchAssoc($closedStatusRs);
+        // Are we allowed to close tickets in this status?
+        if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') {
+
+            $result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
+            if (hesk_dbNumRows($result) > 0) {
+                global $ticket;
+
+                // Load required functions?
+                if (!function_exists('hesk_notifyCustomer')) {
+                    require(HESK_PATH . 'inc/email_functions.inc.php');
+                }
+
+                while ($ticket = hesk_dbFetchAssoc($result)) {
+                    $ticket['dt'] = hesk_date($ticket['dt'], true);
+                    $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
+                    $ticket = hesk_ticketToPlain($ticket, 1, 0);
+                    mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_automatically_closed', hesk_date(), array());
+
+                    // Notify customer of closed ticket?
+                    if ($hesk_settings['notify_closed']) {
+                        // Get list of tickets
+                        hesk_notifyCustomer($modsForHesk_settings, 'ticket_closed');
+                    }
+                }
+            }
+
+            // Update ticket statuses and history in database if we're allowed to do so
+            $defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1');
+            $defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs);
+            hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1' WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
+        }
+    }
+
+    /* Redirect to the destination page */
+    header('Location: ' . hesk_verifyGoto());
+    exit();
 } // End do_login()
 
 
 function print_login()
 {
-	global $hesk_settings, $hesklang;
+	global $hesk_settings, $hesklang, $modsForHesk_settings;
+
+    // Tell header to load reCaptcha API if needed
+    if ($hesk_settings['recaptcha_use'])
+    {
+        define('RECAPTCHA',1);
+    }
+
     $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['admin_login'];
-	require_once(HESK_PATH . 'inc/header.inc.php');
+	require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 
 	if ( hesk_isREQUEST('notice') )
 	{
@@ -272,206 +255,234 @@ function print_login()
     }
 
 	?>
-    <div class="loginError"><?php
-	            /* This will handle error, success and notice messages */
-	            hesk_handle_messages();
-	        ?></div>
-    <div>
-        <form class="form-signin form-horizontal" role="form" action="index.php" method="post" name="form1">
-            
-            <h2 class="form-signin-heading">&nbsp;<?php echo $hesklang['admin_login']; ?></a></h2><br/>
-            <?php if (in_array('pass',$_SESSION['a_iserror'])) { echo '<div class="form-group has-error">';} else { echo '<div class="form-group">';}?>
-                <label for="user" class="col-sm-3 control-label"><?php echo $hesklang['username']; ?>:</label>
-                <div class="col-sm-9">
+<div class="login-box">
+    <div class="login-box-container">
+        <div class="login-box-background"></div>
+        <div class="login-box-body">
+            <div class="loginError">
+                <?php
+                /* This will handle error, success and notice messages */
+                hesk_handle_messages();
+
+                // Service messages
+                $service_messages = mfh_get_service_messages('STAFF_LOGIN');
+                foreach ($service_messages as $sm) {
+                    hesk_service_message($sm);
+                }
+                ?>
+            </div>
+            <div class="login-logo">
+                <?php if ($modsForHesk_settings['login_box_header'] == 'image'): ?>
+                    <img src="<?php echo HESK_PATH . $hesk_settings['cache_dir'] . '/lbh_' . $modsForHesk_settings['login_box_header_image']; ?>"
+                         style="height: 75px">
+                <?php else:
+                    echo $hesk_settings['hesk_title'];
+                endif; ?>
+            </div>
+            <h4 class="login-box-msg">
+                <?php echo $hesklang['staff_login_title']; ?>
+            </h4>
+            <form class="form-horizontal" role="form" action="index.php" method="post" name="form1" id="form1">
+                <?php
+                $has_error = '';
+                if (in_array('pass',$_SESSION['a_iserror'])) {
+                    $has_error = 'has-error';
+                }
+                ?>
+                <div class="form-group <?php echo $has_error; ?>">
+                    <label for="user" class="col-sm-4 control-label">
+                        <?php echo $hesklang['username']; ?>
+                    </label>
+                    <div class="col-sm-8">
+                        <?php
+                        if (defined('HESK_USER')) {
+                            $savedUser = HESK_USER;
+                        } else {
+                            $savedUser = hesk_htmlspecialchars(hesk_COOKIE('hesk_username'));
+                        }
+
+                        $is_1 = '';
+                        $is_2 = '';
+                        $is_3 = '';
+
+                        $remember_user = hesk_POST('remember_user');
+
+                        if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN')) {
+                            $is_1 = 'checked';
+                        } elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER') {
+                            $is_2 = 'checked';
+                        } else {
+                            $is_3 = 'checked';
+                        }
+
+                        if ($hesk_settings['list_users']) :
+                            $res = hesk_dbQuery("SELECT `user` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1' ORDER BY `user` ASC");
+                            ?>
+                            <select class="form-control" name="user">
+                                <?php
+                                while ($row = hesk_dbFetchAssoc($res)):
+                                    $sel = (hesk_mb_strtolower($savedUser) == hesk_mb_strtolower($row['user'])) ? 'selected="selected"' : '';
+                                    ?>
+                                    <option value="<?php echo $row['user']; ?>" <?php echo $sel; ?>>
+                                        <?php echo $row['user']; ?>
+                                    </option>
+                                <?php endwhile; ?>
+                            </select>
+                        <?php else: ?>
+                            <input class="form-control" type="text" name="user" size="35"
+                                   placeholder="<?php echo htmlspecialchars($hesklang['username']); ?>"
+                                   value="<?php echo $savedUser; ?>">
+                        <?php endif; ?>
+                    </div>
+                </div>
+                <?php
+                $has_error = '';
+                if (in_array('pass',$_SESSION['a_iserror'])) {
+                    $has_error = 'has-error';
+                }
+                ?>
+                <div class="form-group <?php echo $has_error; ?>">
+                    <label for="pass" class="col-sm-4 control-label">
+                        <?php echo $hesklang['pass']; ?>
+                    </label>
+                    <div class="col-sm-8">
+                        <input type="password" class="form-control" id="pass" name="pass" size="35" placeholder="<?php echo htmlspecialchars($hesklang['pass']); ?>">
+                    </div>
+                </div>
+                <?php
+                if ($hesk_settings['secimg_use'] == 2 && $hesk_settings['recaptcha_use'] != 1)
+                {
+
+                    // SPAM prevention verified for this session
+                    if (isset($_SESSION['img_a_verified']))
+                    {
+                        echo '<img src="'.HESK_PATH.'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> '.$hesklang['vrfy'];
+                    }
+                    // Use reCaptcha API v2?
+                    elseif ($hesk_settings['recaptcha_use'] == 2)
+                    {
+                    ?>
+                        <div class="form-group">
+                            <div class="col-md-8 col-md-offset-4">
+                                <div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>"></div>
+                            </div>
+                        </div>
+                        <?php
+                    }
+                    // At least use some basic PHP generated image (better than nothing)
+                    else
+                    {
+                        echo '<div class="form-group"><div class="col-md-8 col-md-offset-4">';
+                        $cls = in_array('mysecnum',$_SESSION['a_iserror']) ? ' class="isError" ' : '';
+
+                        echo $hesklang['sec_enter'].'<br><br><img src="'.HESK_PATH.'print_sec_img.php?'.rand(10000,99999).'" width="150" height="40" alt="'.$hesklang['sec_img'].'" title="'.$hesklang['sec_img'].'" border="1" name="secimg" style="vertical-align:text-bottom"> '.
+                            '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\''.HESK_PATH.'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="'.HESK_PATH.'img/reload.png" height="24" width="24" alt="'.$hesklang['reload'].'" title="'.$hesklang['reload'].'" border="0" style="vertical-align:text-bottom"></a>'.
+                            '<br><br><input type="text" name="mysecnum" size="20" maxlength="5" '.$cls.'>';
+                        echo '</div></div>';
+                    }
+                } // End if $hesk_settings['secimg_use'] == 2
+
+                if ($hesk_settings['autologin'])
+                {
+                    ?>
+                    <div class="form-group">
+                        <div class="col-md-offset-4 col-md-8">
+                            <div class="radio">
+                                <label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php echo $is_1; ?>> <?php echo $hesklang['autologin']; ?></label>
+                            </div>
+                            <div class="radio">
+                                <label><input type="radio" name="remember_user" value="JUSTUSER" <?php echo $is_2; ?>> <?php echo $hesklang['just_user']; ?></label>
+                            </div>
+                            <div class="radio">
+                                <label><input type="radio" name="remember_user" value="NOTHANKS" <?php echo $is_3; ?>> <?php echo $hesklang['nothx']; ?></label>
+                            </div>
+                        </div>
+                    </div>
                     <?php
-
-				    if (defined('HESK_USER'))
-				    {
-					    $savedUser = HESK_USER;
-				    }
-				    else
-				    {
-					    $savedUser = hesk_htmlspecialchars( hesk_COOKIE('hesk_username') );
-				    }
-
-		            $is_1 = '';
-		            $is_2 = '';
-		            $is_3 = '';
-
-				    $remember_user = hesk_POST('remember_user');
-
-				    if ($hesk_settings['autologin'] && (isset($_COOKIE['hesk_p']) || $remember_user == 'AUTOLOGIN') )
-		            {
-		        	    $is_1 = 'checked="checked"';
-		            }
-		            elseif (isset($_COOKIE['hesk_username']) || $remember_user == 'JUSTUSER' )
-		            {
-		        	    $is_2 = 'checked="checked"';
-		            }
-		            else
-		            {
-		        	    $is_3 = 'checked="checked"';
-		            }
-
-				    if ($hesk_settings['list_users'])
-				    {
-				        echo '<select class="form-control" name="user" '.$cls.'>';
-				        $res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `user` ASC');
-				        while ($row=hesk_dbFetchAssoc($res))
-				        {
-				            $sel = (strtolower($savedUser) == strtolower($row['user'])) ? 'selected="selected"' : '';
-				            echo '<option value="'.$row['user'].'" '.$sel.'>'.$row['user'].'</option>';
-				        }
-				        echo '</select>';
-
-				    }
-				    else
-				    {
-				        echo '<input class="form-control" type="text" name="user" size="35" placeholder="'.$hesklang['username'].'" value="'.$savedUser.'" />';
-				    }
-				    ?>
-                </div>
-            </div>
-            <?php if (in_array('pass',$_SESSION['a_iserror'])) { echo '<div class="form-group has-error">';} else { echo '<div class="form-group">';}?>
-                <label for="pass" class="col-sm-3 control-label"><?php echo $hesklang['pass']; ?>:</label>
-                <div class="col-sm-9">
-                    <input type="password" class="form-control" id="pass" name="pass" size="35" placeholder="<?php echo $hesklang['pass']; ?>"  />
-                </div>
-            </div>
-		<?php
-		if ($hesk_settings['secimg_use'] == 2)
-	    {
-		
-				// SPAM prevention verified for this session
-				if (isset($_SESSION['img_a_verified']))
-				{
-					echo '<img src="'.HESK_PATH.'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> '.$hesklang['vrfy'];
-				}
-				// Not verified yet, should we use Recaptcha?
-				elseif ($hesk_settings['recaptcha_use'])
-				{
-					?>
-					<script type="text/javascript">
-					var RecaptchaOptions = {
-					theme : '<?php echo ( isset($_SESSION['a_iserror']) && in_array('mysecnum',$_SESSION['a_iserror']) ) ? 'red' : 'white'; ?>',
-					custom_translations : {
-						visual_challenge : "<?php echo hesk_slashJS($hesklang['visual_challenge']); ?>",
-						audio_challenge : "<?php echo hesk_slashJS($hesklang['audio_challenge']); ?>",
-						refresh_btn : "<?php echo hesk_slashJS($hesklang['refresh_btn']); ?>",
-						instructions_visual : "<?php echo hesk_slashJS($hesklang['instructions_visual']); ?>",
-						instructions_context : "<?php echo hesk_slashJS($hesklang['instructions_context']); ?>",
-						instructions_audio : "<?php echo hesk_slashJS($hesklang['instructions_audio']); ?>",
-						help_btn : "<?php echo hesk_slashJS($hesklang['help_btn']); ?>",
-						play_again : "<?php echo hesk_slashJS($hesklang['play_again']); ?>",
-						cant_hear_this : "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?>",
-						incorrect_try_again : "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?>",
-						image_alt_text : "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>",
-					},
-					};
-					</script>
-					<?php
-					require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
-					echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, $hesk_settings['recaptcha_ssl']);
-				}
-				// At least use some basic PHP generated image (better than nothing)
-				else
-				{
-					$cls = in_array('mysecnum',$_SESSION['a_iserror']) ? ' class="isError" ' : '';
-
-					echo $hesklang['sec_enter'].'<br />&nbsp;<br /><img src="'.HESK_PATH.'print_sec_img.php?'.rand(10000,99999).'" width="150" height="40" alt="'.$hesklang['sec_img'].'" title="'.$hesklang['sec_img'].'" border="1" name="secimg" style="vertical-align:text-bottom" /> '.
-					'<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\''.HESK_PATH.'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="'.HESK_PATH.'img/reload.png" height="24" width="24" alt="'.$hesklang['reload'].'" title="'.$hesklang['reload'].'" border="0" style="vertical-align:text-bottom" /></a>'.
-					'<br />&nbsp;<br /><input type="text" name="mysecnum" size="20" maxlength="5" '.$cls.' />';
-				}
-		} // End if $hesk_settings['secimg_use'] == 2
-
-		if ($hesk_settings['autologin'])
-		{
-			?>
-			<div class="form-group">
-				<div class="col-sm-offset-2 col-sm-10">
-                    <div class="radio">
-				        <label><input type="radio" name="remember_user" value="AUTOLOGIN" <?php echo $is_1; ?> /> <?php echo $hesklang['autologin']; ?></label>
+                }
+                else
+                {
+                    ?>
+                    <div class="form-group">
+                        <div class="col-md-offset-4 col-md-8">
+                            <div class="checkbox">
+                                <label><input type="checkbox" name="remember_user" value="JUSTUSER" <?php echo $is_2; ?> /> <?php echo $hesklang['remember_user']; ?></label>
+                            </div>
+                        </div>
                     </div>
-                    <div class="radio">
-				        <label><input type="radio" name="remember_user" value="JUSTUSER" <?php echo $is_2; ?> /> <?php echo $hesklang['just_user']; ?></label>
-                    </div>
-                    <div class="radio">
-				        <label><input type="radio" name="remember_user" value="NOTHANKS" <?php echo $is_3; ?> /> <?php echo $hesklang['nothx']; ?></label>
+                    <?php
+                } // End if $hesk_settings['autologin']
+                ?>
+                <div class="form-group">
+                    <div class="col-md-offset-4 col-md-8">
+                        <input type="submit" value="<?php echo $hesklang['click_login']; ?>" class="btn btn-default" id="recaptcha-submit">
+                        <input type="hidden" name="a" value="do_login">
+                        <?php
+                        if ( hesk_isREQUEST('goto') && $url=hesk_REQUEST('goto') )
+                        {
+                            echo '<input type="hidden" name="goto" value="'.$url.'">';
+                        }
+
+                        // Do we allow staff password reset?
+                        if ($hesk_settings['reset_pass'])
+                        {
+                            echo '<br><br><a href="password.php" class="smaller">'.$hesklang['fpass'].'</a>';
+                        }
+                        ?>
                     </div>
                 </div>
-			</div>
-			<?php
-		}
-		else
-		{
-			?>
-			<div class="form-group">
-				<div class="col-sm-offset-2 col-sm-10">
-				    <div class="checkbox">
-                        <label><input type="checkbox" name="remember_user" value="JUSTUSER" <?php echo $is_2; ?> /> <?php echo $hesklang['remember_user']; ?></label>
-                    </div>
-			    </div>
-            </div>
-			<?php
-		} // End if $hesk_settings['autologin']
-		?>
-        <div class="form-group">
-            <div class="col-sm-offset-2 col-sm-10">
-                <input type="submit" value="<?php echo $hesklang['click_login']; ?>" class="btn btn-default" />
-                <input type="hidden" name="a" value="do_login" />
-		        <?php
-		        if ( hesk_isREQUEST('goto') && $url=hesk_REQUEST('goto') )
-		        {
-			        echo '<input type="hidden" name="goto" value="'.$url.'" />';
-		        }
-		        ?>
-            </div>
+
+                <?php
+                // Use Invisible reCAPTCHA?
+                if ($hesk_settings['secimg_use'] == 2 && $hesk_settings['recaptcha_use'] == 1 && ! isset($_SESSION['img_a_verified'])) {
+                ?>
+                <div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>" data-bind="recaptcha-submit" data-callback="recaptcha_submitForm"></div>
+                <?php
+                }
+                ?>
+            </form>
+            <a class="btn btn-default" href="<?php echo $hesk_settings['hesk_url']; ?>">
+                <i class="fa fa-chevron-left"></i> <?php echo $hesklang['back']; ?>
+            </a>
         </div>
-
-        </form>
     </div>
-
-    <p>&nbsp;</p>
-
-	<?php
+</div>
+<?php
 	hesk_cleanSessionVars('a_iserror');
 
-    require_once(HESK_PATH . 'inc/footer.inc.php');
     exit();
 } // End print_login()
 
 
-function logout() {
-	global $hesk_settings, $hesklang;
+function logout()
+{
+    global $hesk_settings, $hesklang;
 
-    if ( ! hesk_token_check('GET', 0))
-    {
-		print_login();
+    if (!hesk_token_check('GET', 0)) {
+        print_login();
         exit();
     }
 
     /* Delete from Who's online database */
-	if ($hesk_settings['online'])
-	{
-    	require(HESK_PATH . 'inc/users_online.inc.php');
-		hesk_setOffline($_SESSION['id']);
-	}
+    if ($hesk_settings['online']) {
+        require(HESK_PATH . 'inc/users_online.inc.php');
+        hesk_setOffline($_SESSION['id']);
+    }
     /* Destroy session and cookies */
-	hesk_session_stop();
+    hesk_session_stop();
 
     /* If we're using the security image for admin login start a new session */
-	if ($hesk_settings['secimg_use'] == 2)
-    {
-    	hesk_session_start();
+    if ($hesk_settings['secimg_use'] == 2) {
+        hesk_session_start();
     }
 
-	/* Show success message and reset the cookie */
-    hesk_process_messages($hesklang['logout_success'],'NOREDIRECT','SUCCESS');
-    setcookie('hesk_p', '');
+    /* Show success message and reset the cookie */
+    hesk_process_messages($hesklang['logout_success'], 'NOREDIRECT', 'SUCCESS');
+    hesk_setcookie('hesk_p', '');
 
     /* Print the login form */
-	print_login();
-	exit();
+    print_login();
+    exit();
 } // End logout()
 
 ?>

admin/knowledgebase_private.php

@@ -1,50 +1,35 @@
 <?php
-/*******************************************************************************
-*  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
-*  Author: Klemen Stirn
-*  Website: http://www.hesk.com
-********************************************************************************
-*  COPYRIGHT AND TRADEMARK NOTICE
-*  Copyright 2005-2013 Klemen Stirn. All Rights Reserved.
-*  HESK is a registered trademark of Klemen Stirn.
-
-*  The HESK may be used and modified free of charge by anyone
-*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
-*  By using this code you agree to indemnify Klemen Stirn from any
-*  liability that might arise from it's use.
-
-*  Selling the code for this program, in part or full, without prior
-*  written consent is expressly forbidden.
-
-*  Using this code, in part or full, to create derivate work,
-*  new scripts or products is expressly forbidden. Obtain permission
-*  before redistributing this software over the Internet or in
-*  any other medium. In all cases copyright and header must remain intact.
-*  This Copyright is in full effect in any country that has International
-*  Trade Agreements with the United States of America or
-*  with the European Union.
-
-*  Removing any of the copyright notices without purchasing a license
-*  is expressly forbidden. To remove HESK copyright notice you must purchase
-*  a license for this script. For more information on how to obtain
-*  a license please visit the page below:
-*  https://www.hesk.com/buy.php
-*******************************************************************************/
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
 
 define('IN_SCRIPT',1);
 define('HESK_PATH','../');
+define('PAGE_TITLE', 'ADMIN_KB');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
 
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
 require(HESK_PATH . 'inc/knowledgebase_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
 hesk_load_database_functions();
 
+
 hesk_session_start();
 hesk_dbConnect();
 hesk_isLoggedIn();
+hesk_kb_preheader();
+
 
 /* Is Knowledgebase enabled? */
 if ( ! $hesk_settings['kb_enable'])
@@ -59,6 +44,7 @@ $can_man_kb = hesk_checkPermission('can_man_kb',0);
 $catid = intval( hesk_GET('category', 1) );
 $artid = intval( hesk_GET('article', 0) );
 
+
 if (isset($_GET['search']))
 {
 	$query = hesk_input( hesk_GET('search') );
@@ -72,7 +58,9 @@ $hesk_settings['kb_link'] = ($artid || $catid != 1 || $query) ? '<a href="knowle
 
 if ($hesk_settings['kb_search'] && $query)
 {
-    hesk_kb_search($query);
+    if (hesk_kb_search($query)) {
+		hesk_show_kb_category(1,1);
+	}
 }
 elseif ($artid)
 {
@@ -107,20 +95,19 @@ exit();
 
 
 /*** START FUNCTIONS ***/
+function hesk_kb_preheader() {
+	global $hesk_settings, $hesklang, $can_man_kb;
+
+	/* Print admin navigation */
+	require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+	require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+}
 
 function hesk_kb_header($kb_link, $catid=1)
 {
 	global $hesk_settings, $hesklang, $can_man_kb;
-
-	/* Print admin navigation */
-	require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 	?>
 
-	</td>
-	</tr>
-	<tr>
-	<td>
-
 	<ol class="breadcrumb">
     <?php
     if ($can_man_kb)
@@ -132,17 +119,11 @@ function hesk_kb_header($kb_link, $catid=1)
     ?>
 	<li class="active"><?php echo $kb_link; ?></li>
     </ol>
-
-	<!-- SUB NAVIGATION -->
-	<?php show_subnav('view', $catid); ?>
-	<!-- SUB NAVIGATION -->
-
-    <div style="margin-left:40px;margin-right:40px">
-
-	<?php hesk_kbSearchLarge(1); ?>
-
-
-    <?php
+	<?php
+		show_subnav('view', $catid);
+        echo '<div style="margin-left:40px;margin-right:40px">';
+		hesk_kbSearchLarge(1);
+        echo '</div>';
 } // END hesk_kb_header()
 
 
@@ -150,79 +131,76 @@ function hesk_kb_search($query)
 {
 	global $hesk_settings, $hesklang;
 
-    define('HESK_NO_ROBOTS',1);
-
-	/* Print header */
-	require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
-	hesk_kb_header($hesk_settings['kb_link']);
-
-	$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, t1.`content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit']));
+    $res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, LEFT(`t1`.`content`, '.max(200, $hesk_settings['kb_substrart'] * 2).') AS `content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit']));
     $num = hesk_dbNumRows($res);
-
+	$show_default_category = false;
     ?>
-	<h4><?php echo $hesklang['sr']; ?> (<?php echo $num; ?>)</h4>
-    <div class="footerWithBorder blankSpace"></div>
+	<div class="content-wrapper">
+		<?php hesk_kb_header($hesk_settings['kb_link']); ?>
+		<section style="padding: 15px">
+			<div class="box">
+				<div class="box-header with-border">
+					<h1 class="box-title">
+						<?php echo $hesklang['sr']; ?> (<?php echo $num; ?>)
+					</h1>
+					<div class="box-tools pull-right">
+						<button type="button" class="btn btn-box-tool" data-widget="collapse">
+							<i class="fa fa-minus"></i>
+						</button>
+					</div>
+				</div>
+				<div class="box-body">
+					<?php
+					if ($num == 0) {
+						echo '<i>'.$hesklang['nosr'].'</i>';
+						$show_default_category = true;
+					} else {
+						?>
+						<table class="table table-striped">
+							<?php
+							while ($article = hesk_dbFetchAssoc($res))
+							{
+								$txt = hesk_kbArticleContentPreview($article['content']);
 
-	<?php
-	if ($num == 0)
-	{
-		echo '<p style="margin-left:20px"><i>'.$hesklang['nosr'].'</i></p>';
-        hesk_show_kb_category(1,1);
-	}
-    else
-    {
-?>
-<table width="100%" border="0" cellspacing="0" cellpadding="0">
-<tr>
-	<td>
-		<div align="center">
-        <table border="0" cellspacing="1" cellpadding="3" width="100%">
-        <?php
-			while ($article = hesk_dbFetchAssoc($res))
-			{
-	            $txt = hesk_kbArticleContentPreview($article['content']);
+								if ($hesk_settings['kb_rating'])
+								{
+									$rat = '<td width="1" valign="top">' . mfh_get_stars($article['rating']) . '</td>';
+								}
+								else
+								{
+									$rat = '';
+								}
 
-	            if ($hesk_settings['kb_rating'])
-	            {
-	            	$alt = $article['rating'] ? sprintf($hesklang['kb_rated'], sprintf("%01.1f", $article['rating'])) : $hesklang['kb_not_rated'];
-	                $rat = '<td width="1" valign="top"><img src="../img/star_'.(hesk_round_to_half($article['rating'])*10).'.png" width="85" height="16" alt="'.$alt.'" border="0" style="vertical-align:text-bottom" /></td>';
-	            }
-	            else
-	            {
-	            	$rat = '';
-	            }
+								echo '
+					<tr>
+					<td>
+						<table border="0" width="100%" cellspacing="0" cellpadding="1">
+						<tr>
+						<td width="1" valign="top"><span class="glyphicon glyphicon-file"></span></td>
+						<td valign="top"><a href="knowledgebase_private.php?article='.$article['id'].'">'.$article['subject'].'</a></td>
+						'.$rat.'
+						</tr>
+						</table>
+						<table border="0" width="100%" cellspacing="0" cellpadding="1">
+						<tr>
+						<td width="1" valign="top"><img src="../img/blank.gif" width="16" height="10" style="vertical-align:middle" alt="" /></td>
+						<td><span class="article_list">'.$txt.'</span></td>
+						</tr>
+						</table>
 
-				echo '
-				<tr>
-				<td>
-	                <table border="0" width="100%" cellspacing="0" cellpadding="1">
-	                <tr>
-	                <td width="1" valign="top"><span class="glyphicon glyphicon-file"></span></td>
-	                <td valign="top"><a href="knowledgebase_private.php?article='.$article['id'].'">'.$article['subject'].'</a></td>
-	                '.$rat.'
-                    </tr>
-	                </table>
-	                <table border="0" width="100%" cellspacing="0" cellpadding="1">
-	                <tr>
-	                <td width="1" valign="top"><img src="../img/blank.gif" width="16" height="10" style="vertical-align:middle" alt="" /></td>
-	                <td><span class="article_list">'.$txt.'</span></td>
-                    </tr>
-	                </table>
-
-	            </td>
-				</tr>';
-			}
-	?>
-    	</table>
-        </div>
-	</td>
-</tr>
-</table>
-
-    <p><br /><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>&nbsp;<?php echo $hesklang['back']; ?></a></p>
+					</td>
+					</tr>';
+							}
+							?>
+						</table>
+						<a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>&nbsp;<?php echo $hesklang['back']; ?></a>
+					<?php } ?>
+				</div>
+			</div>
+		</section>
+	</div>
     <?php
-    } // END else
-
+	return $show_default_category;
 } // END hesk_kb_search()
 
 
@@ -232,77 +210,186 @@ function hesk_show_kb_article($artid)
 
 	// Print header
     $hesk_settings['tmp_title'] = $article['subject'];
-	require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
-	hesk_kb_header($hesk_settings['kb_link'], $article['catid']);
 
     // Update views by 1
-	hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`='".intval($artid)."' LIMIT 1");
+    hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid}");
 
-    echo '<h3>'.$article['subject'].'</h3>
-        <div class="footerWithBorder blankSpace"></div>
-
-
-
-	<h4>'.$hesklang['as'].'</h4>
-    '. $article['content'];
-
-    if ( ! empty($article['attachments']))
-    {
-		echo '<p><b>'.$hesklang['attachments'].':</b><br />';
-		$att=explode(',',substr($article['attachments'], 0, -1));
-		foreach ($att as $myatt)
-        {
-			list($att_id, $att_name) = explode('#', $myatt);
-			echo '<i class="fa fa-papercip"></i> <a href="../download_attachment.php?kb_att='.$att_id.'" rel="nofollow">'.$att_name.'</a><br />';
-		}
-		echo '</p>';
-    }
-
-
-    if ($article['catid']==1)
-    {
-    	$link = 'knowledgebase_private.php';
-    }
-    else
-    {
-    	$link = 'knowledgebase_private.php?category='.$article['catid'];
+?>
+<div class="content-wrapper">
+	<?php
+    hesk_kb_header($hesk_settings['kb_link'], $article['catid']);
+    echo '<div style="margin-left:40px;margin-right:40px">';
+    $service_messages = mfh_get_service_messages('STAFF_VIEW_KB_ARTICLE');
+    foreach ($service_messages as $sm) {
+        hesk_service_message($sm);
     }
+    echo '</div>';
     ?>
-    <br><br>
-    <h4><?php echo $hesklang['ad']; ?></h4>
-    <div class="footerWithBorder blankSpace"></div>
-	<table border="0">
-    <tr>
-    <td><?php echo $hesklang['aid']; ?>: </td>
-    <td><?php echo $article['id']; ?></td>
-    </tr>
-    <tr>
-    <td><?php echo $hesklang['category']; ?>: </td>
-    <td><a href="<?php echo $link; ?>"><?php echo $article['cat_name']; ?></a></td>
-    </tr>
-    <tr>
-    <td><?php echo $hesklang['dta']; ?>: </td>
-    <td><?php echo hesk_date($article['dt']); ?></td>
-    </tr>
-    <tr>
-    <td><?php echo $hesklang['views']; ?>: </td>
-    <td><?php echo (isset($_GET['rated']) ? $article['views'] : $article['views']+1); ?></td>
-    </tr>
-    </table>
+	<section class="content">
+		<div class="box">
+			<div class="box-header with-border">
+				<h1 class="box-title">
+					<?php echo $article['subject']; ?>
+				</h1>
+				<div class="box-tools pull-right">
+					<button type="button" class="btn btn-box-tool" data-widget="collapse">
+						<i class="fa fa-minus"></i>
+					</button>
+				</div>
+			</div>
+			<div class="box-body">
+				<?php echo $article['content']; ?>
+			</div>
+			<?php if (!empty($article['attachments'])): ?>
+			<div class="box-footer">
+				<p><b><?php echo $hesklang['attachments']; ?></b></p>
+				<?php
+				$att=explode(',',substr($article['attachments'], 0, -1));
+				foreach ($att as $myatt)
+				{
+					list($att_id, $att_name) = explode('#', $myatt);
+					echo '<i class="fa fa-paperclip"></i> <a href="../download_attachment.php?kb_att='.$att_id.'" rel="nofollow">'.$att_name.'</a><br />';
+				}
+				?>
+			</div>
+			<?php endif; ?>
+		</div>
+		<?php
 
-    <?php
-    if (!isset($_GET['back']))
-    {
-    	?>
-		<p><br /><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>&nbsp;<?php echo $hesklang['back']; ?></a></p>
-        <?php
-    }
-    else
-    {
-    	?>
-        <p>&nbsp;</p>
-        <?php
-    }
+		if ($article['catid']==1)
+		{
+			$link = 'knowledgebase_private.php';
+		}
+		else
+		{
+			$link = 'knowledgebase_private.php?category='.$article['catid'];
+		}
+		?>
+		<br><br>
+		<div class="row">
+			<?php
+			$showRelated = false;
+			$column = 'col-md-12';
+			require(HESK_PATH . 'inc/mail/email_parser.php');
+
+			$query = hesk_dbEscape( $article['subject'] . ' ' . convert_html_to_text($article['content']) );
+
+			// Get relevant articles from the database
+			$res = hesk_dbQuery("SELECT `id`, `subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT ".intval($hesk_settings['kb_related']+1));
+
+			// Array with related articles
+			$related_articles = array();
+
+			while ($related = hesk_dbFetchAssoc($res))
+			{
+				// Get base match score from the first (this) article
+				if ( ! isset($base_score) )
+				{
+					$base_score = $related['score'];
+				}
+
+				// Ignore this article
+				if ($related['id'] == $artid)
+				{
+					continue;
+				}
+
+				// Stop when articles reach less than 10% of base score
+				if ($related['score'] / $base_score < 0.10)
+				{
+					break;
+				}
+
+				// This is a valid related article
+				$related_articles[$related['id']] = $related['subject'];
+			}
+
+			// Print related articles if we have any valid matches
+			if ( count($related_articles) ) {
+				$column = 'col-md-6';
+				$showRelated = true;
+			}
+			?>
+			<div class="<?php echo $column; ?> col-sm-12">
+				<div class="box">
+					<div class="box-header with-border">
+						<h1 class="box-title">
+							<?php echo $hesklang['ad']; ?>
+						</h1>
+						<div class="box-tools pull-right">
+							<button type="button" class="btn btn-box-tool" data-widget="collapse">
+								<i class="fa fa-minus"></i>
+							</button>
+						</div>
+					</div>
+					<div class="box-body">
+						<table border="0">
+							<tr>
+								<td><?php echo $hesklang['aid']; ?>: </td>
+								<td>
+									<?php
+									echo $article['id'];
+									if ($article['type'] == 0)
+									{
+										echo ' [<a href="' . $hesk_settings['hesk_url'] . '/knowledgebase.php?article=' . $article['id'] . '">' . $hesklang['public_link'] . '</a>]';
+									}
+									?>
+								</td>
+							</tr>
+							<tr>
+								<td><?php echo $hesklang['category']; ?>: </td>
+								<td><a href="<?php echo $link; ?>"><?php echo $article['cat_name']; ?></a></td>
+							</tr>
+							<tr>
+								<td><?php echo $hesklang['dta']; ?>: </td>
+								<td><?php echo hesk_date($article['dt'], true); ?></td>
+							</tr>
+							<tr>
+								<td><?php echo $hesklang['views']; ?>: </td>
+								<td><?php echo (isset($_GET['rated']) ? $article['views'] : $article['views']+1); ?></td>
+							</tr>
+						</table>
+					</div>
+				</div>
+			</div>
+			<?php if ($showRelated) { ?>
+				<div class="col-md-6 col-sm-12">
+					<div class="box">
+						<div class="box-header with-border">
+							<h1 class="box-title">
+								<?php echo $hesklang['relart']; ?>
+							</h1>
+							<div class="box-tools pull-right">
+								<button type="button" class="btn btn-box-tool" data-widget="collapse">
+									<i class="fa fa-minus"></i>
+								</button>
+							</div>
+						</div>
+						<div class="box-body">
+							<?php
+							// Related articles
+							foreach ($related_articles as $id => $subject)
+							{
+								echo '<span class="glyphicon glyphicon-file" style="font-size: 16px;"></span> <a href="knowledgebase_private.php?article='.$id.'">'.$subject.'</a><br />';
+							}
+							?>
+						</div>
+					</div>
+				</div>
+			<?php } ?>
+		</div>
+
+		<?php
+		if (!isset($_GET['back']))
+		{
+			?>
+			<p><br /><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>&nbsp;<?php echo $hesklang['back']; ?></a></p>
+			<?php
+		}
+		?>
+	</section>
+</div>
+<?php
 
 } // END hesk_show_kb_article()
 
@@ -310,153 +397,163 @@ function hesk_show_kb_article($artid)
 function hesk_show_kb_category($catid, $is_search = 0) {
 	global $hesk_settings, $hesklang;
 
-    if ($is_search == 0)
-    {
-		/* Print header */
-		require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
-		hesk_kb_header($hesk_settings['kb_link'], $catid);
-
-		if ($catid == 1)
-	    {
-	    	echo $hesklang['priv'];
-	    }
-    }
-
-	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."' LIMIT 1");
+    $res = hesk_dbQuery("SELECT `name`,`parent` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."' LIMIT 1");
     $thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']);
 
-	if ($thiscat['parent'])
+?>
+<div class="content-wrapper">
+	<?php
+	if ($is_search == 0)
 	{
-		$link = ($thiscat['parent'] == 1) ? 'knowledgebase_private.php' : 'knowledgebase_private.php?category='.$thiscat['parent'];
-		echo '<h3>'.$hesklang['kb_cat'].': '.$thiscat['name'].'</h3>
-        <p align="left"><a href="javascript:history.go(-1)"><span class="glyphicon glyphicon-circle-arrow-left"></span>'.$hesklang['back'].'</a></p>
-        <div class="footerWithBorder blankSpace"></div>';
-	}
-
-	$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='".intval($catid)."' ORDER BY `parent` ASC, `cat_order` ASC");
-	if (hesk_dbNumRows($result) > 0)
-	{
-        ?>
-
-		<h4><?php echo $hesklang['kb_cat_sub']; ?></h4>
-        <div class="footerWithBorder blankSpace"></div>
-
-<table width="100%" border="0" cellspacing="0" cellpadding="0">
-<tr>
-	<td>
-
-		<table border="0" cellspacing="1" cellpadding="3" width="100%">
+		/* Print header */
+		hesk_kb_header($hesk_settings['kb_link'], $catid);
 
+        echo '<div style="margin-left:40px;margin-right:40px">';
+        $service_messages = mfh_get_service_messages('STAFF_KB_HOME');
+        foreach ($service_messages as $sm) {
+            hesk_service_message($sm);
+        }
+        echo '</div>';
+	} ?>
+	<section class="content">
+		<?php if ($thiscat['parent']): ?>
+			<h3><?php echo $hesklang['kb_cat'].': '.$thiscat['name']; ?></h3>
+        	<p align="left"><a href="javascript:history.go(-1)">
+					<span class="glyphicon glyphicon-circle-arrow-left"></span>
+					<?php echo $hesklang['back']; ?>
+			</a></p>
 		<?php
-		$per_col = $hesk_settings['kb_cols'];
-		$i = 1;
+		endif;
 
-		while ($cat = hesk_dbFetchAssoc($result))
-		{
+		$result = hesk_dbQuery("SELECT `id`,`name`,`articles`,`type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='".intval($catid)."' ORDER BY `parent` ASC, `cat_order` ASC");
 
-			if ($i == 1)
-		    {
-				echo '<tr>';
-		    }
+		if (hesk_dbNumRows($result) > 0) {
+		?>
+		<div class="box">
+			<div class="box-header with-border">
+				<h1 class="box-title">
+					<?php echo $hesklang['kb_cat_sub']; ?>
+				</h1>
+				<div class="box-tools pull-right">
+					<button type="button" class="btn btn-box-tool" data-widget="collapse">
+						<i class="fa fa-minus"></i>
+					</button>
+				</div>
+			</div>
+			<div class="box-body">
+				<table class="table table-striped">
+					<?php
+					$per_col = $hesk_settings['kb_cols'];
+					$i = 1;
 
-            $private = ($cat['type'] == 1) ? ' *' : '';
+					while ($cat = hesk_dbFetchAssoc($result))
+					{
 
-			echo '
+						if ($i == 1)
+						{
+							echo '<tr>';
+						}
+
+						$private = ($cat['type'] == 1) ? ' *' : '';
+
+						echo '
 		    <td width="50%" valign="top">
 			<table border="0">
 			<tr><td><span class="glyphicon glyphicon-folder-close"></span>&nbsp;<a href="knowledgebase_private.php?category='.$cat['id'].'">'.$cat['name'].'</a>'.$private.'</td></tr>
 			';
 
-			/* Print most popular/sticky articles */
-			if ($hesk_settings['kb_numshow'] && $cat['articles'])
-		    {
-		        $res = hesk_dbQuery("SELECT `id`,`subject`,`type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($cat['id'])."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `views` DESC, `art_order` ASC LIMIT " . (intval($hesk_settings['kb_numshow']) + 1) );
-		        $num = 1;
-				while ($art = hesk_dbFetchAssoc($res))
-				{
-                	$private = ($art['type'] == 1) ? ' *' : '';
-					echo '
+						/* Print most popular/sticky articles */
+						if ($hesk_settings['kb_numshow'] && $cat['articles'])
+						{
+							$res = hesk_dbQuery("SELECT `id`,`subject`,`type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($cat['id'])."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `views` DESC, `art_order` ASC LIMIT " . (intval($hesk_settings['kb_numshow']) + 1) );
+							$num = 1;
+							while ($art = hesk_dbFetchAssoc($res))
+							{
+								$private = ($art['type'] == 1) ? ' *' : '';
+								echo '
 		            <tr>
 		            <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="glyphicon glyphicon-file"></span>
 		            <a href="knowledgebase_private.php?article='.$art['id'].'" class="article">'.$art['subject'].'</a>'.$private.'</td>
 		            </tr>';
 
-		            if ($num == $hesk_settings['kb_numshow'])
-		            {
-		            	break;
-		            }
-		            else
-		            {
-		            	$num++;
-		            }
-				}
-		        if (hesk_dbNumRows($res) > $hesk_settings['kb_numshow'])
-		        {
-		        	echo '<tr><td>&raquo; <a href="knowledgebase_private.php?category='.$cat['id'].'"><i>'.$hesklang['m'].'</i></a></td></tr>';
-		        }
-		    }
+								if ($num == $hesk_settings['kb_numshow'])
+								{
+									break;
+								}
+								else
+								{
+									$num++;
+								}
+							}
+							if (hesk_dbNumRows($res) > $hesk_settings['kb_numshow'])
+							{
+								echo '<tr><td>&raquo; <a href="knowledgebase_private.php?category='.$cat['id'].'"><i>'.$hesklang['m'].'</i></a></td></tr>';
+							}
+						}
 
-			echo '
+						echo '
 			</table>
 		    </td>
 			';
 
-			if ($i == $per_col)
-		    {
-				echo '</tr>';
-		        $i = 0;
-		    }
-			$i++;
-		}
-		/* Finish the table if needed */
-		if ($i != 1)
-		{
-			for ($j=1;$j<=$per_col;$j++)
-		    {
-				echo '<td width="50%">&nbsp;</td>';
-				if ($i == $per_col)
-			    {
-					echo '</tr>';
-			        break;
-			    }
-		        $i++;
-		    }
-		}
+						if ($i == $per_col)
+						{
+							echo '</tr>';
+							$i = 0;
+						}
+						$i++;
+					}
+					/* Finish the table if needed */
+					if ($i != 1)
+					{
+						for ($j=1;$j<=$per_col;$j++)
+						{
+							echo '<td width="50%">&nbsp;</td>';
+							if ($i == $per_col)
+							{
+								echo '</tr>';
+								break;
+							}
+							$i++;
+						}
+					}
 
-		?>
-		</table>
+					?>
+				</table>
+			</div>
+			<div class="box-footer">
+				<?php echo $hesklang['private_category_star']; ?>
+			</div>
+		</div>
+		<?php } ?>
+		<div class="box">
+			<div class="box-header with-border">
+				<h1 class="box-title">
+					<?php echo $hesklang['ac']; ?>
+				</h1>
+				<div class="box-tools pull-right">
+					<button type="button" class="btn btn-box-tool" data-widget="collapse">
+						<i class="fa fa-minus"></i>
+					</button>
+				</div>
+			</div>
+			<div class="box-body">
+				<?php
+				$res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, ".max(200, $hesk_settings['kb_substrart'] * 2).") AS `content`, `rating`, `type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($catid)."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `art_order` ASC");
+				if (hesk_dbNumRows($res) == 0)
+				{
+					echo '<i>'.$hesklang['noac'].'</i>';
+				}
+				else
+				{
+					echo '<table border="0" cellspacing="1" cellpadding="3" width="100%">';
+					while ($article = hesk_dbFetchAssoc($res))
+					{
+						$private = ($article['type'] == 1) ? ' *' : '';
 
-	</td>
-</tr>
-</table>
+						$txt = hesk_kbArticleContentPreview($article['content']);
 
-	<?php
-	} // END if NumRows > 0
-	?>
-    <br>
-	<h4><?php echo $hesklang['ac']; ?></h4>
-    <div class="footerWithBorder blankSpace"></div>
-
-<table width="100%" border="0" cellspacing="0" cellpadding="0">
-<tr>
-	<td>
-
-	<?php
-	$res = hesk_dbQuery("SELECT `id`, `subject`, `content`, `rating`, `type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($catid)."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `art_order` ASC");
-	if (hesk_dbNumRows($res) == 0)
-	{
-		echo '<p><i>'.$hesklang['noac'].'</i></p>';
-	}
-	else
-	{
-			echo '<div align="center"><table border="0" cellspacing="1" cellpadding="3" width="100%">';
-			while ($article = hesk_dbFetchAssoc($res))
-			{
-            	$private = ($article['type'] == 1) ? ' *' : '';
-
-	            $txt = hesk_kbArticleContentPreview($article['content']);
-
-				echo '
+						echo '
 				<tr>
 				<td>
 	                <table border="0" width="100%" cellspacing="0" cellpadding="1">
@@ -473,14 +570,17 @@ function hesk_show_kb_category($catid, $is_search = 0) {
 	                </table>
 	            </td>
 				</tr>';
-			}
-		    echo '</table></div>';
-	}
-	?>
-
-	</td>
-</tr>
-</table>
+					}
+					echo '</table>';
+				}
+				?>
+			</div>
+			<div class="box-footer">
+				<?php echo $hesklang['private_article_star']; ?>
+			</div>
+		</div>
+	</section>
+</div>
 <?php
 } // END hesk_show_kb_category()
 
@@ -516,10 +616,10 @@ function show_subnav($hide='', $catid=1)
     echo $link['newa'];
     echo $link['newc'];
     ?>
-	<i class="fa fa-pencil" style="color:orange;font-size:16px"></i></a> <input type="hidden" name="a" value="edit_article" /><?php echo $hesklang['aid']; ?>: <input type="text" name="id" size="3" <?php if ($artid) echo 'value="' . $artid . '"'; ?> /> <input type="submit" value="<?php echo $hesklang['edit']; ?>" class="btn btn-default btn-xs" />
+	<i class="fa fa-pencil" style="color:orange;font-size:16px"></i> <input type="hidden" name="a" value="edit_article" /><?php echo $hesklang['aid']; ?>: <input type="text" name="id" size="3" <?php if ($artid) echo 'value="' . $artid . '"'; ?> /> <input type="submit" value="<?php echo $hesklang['edit']; ?>" class="btn btn-default btn-xs" />
 	</form>
     </div>
 
 	<?php
 } // End show_subnav()
-?>
+?>

admin/lock.php

@@ -1,39 +1,18 @@
 <?php
-/*******************************************************************************
-*  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
-*  Author: Klemen Stirn
-*  Website: http://www.hesk.com
-********************************************************************************
-*  COPYRIGHT AND TRADEMARK NOTICE
-*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
-*  HESK is a registered trademark of Klemen Stirn.
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
 
-*  The HESK may be used and modified free of charge by anyone
-*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
-*  By using this code you agree to indemnify Klemen Stirn from any
-*  liability that might arise from it's use.
-
-*  Selling the code for this program, in part or full, without prior
-*  written consent is expressly forbidden.
-
-*  Using this code, in part or full, to create derivate work,
-*  new scripts or products is expressly forbidden. Obtain permission
-*  before redistributing this software over the Internet or in
-*  any other medium. In all cases copyright and header must remain intact.
-*  This Copyright is in full effect in any country that has International
-*  Trade Agreements with the United States of America or
-*  with the European Union.
-
-*  Removing any of the copyright notices without purchasing a license
-*  is expressly forbidden. To remove HESK copyright notice you must purchase
-*  a license for this script. For more information on how to obtain
-*  a license please visit the page below:
-*  https://www.hesk.com/buy.php
-*******************************************************************************/
-
-define('IN_SCRIPT',1);
-define('HESK_PATH','../');
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
 
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
@@ -44,39 +23,80 @@ hesk_load_database_functions();
 hesk_session_start();
 hesk_dbConnect();
 hesk_isLoggedIn();
+$modsForHesk_settings = mfh_getSettings();
 
 /* Check permissions for this feature */
 hesk_checkPermission('can_view_tickets');
 hesk_checkPermission('can_reply_tickets');
 hesk_checkPermission('can_edit_tickets');
+hesk_checkPermission('can_resolve');
 
 /* A security check */
 hesk_token_check();
 
 /* Ticket ID */
-$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
+$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
 
-/* New archived status */
-if (empty($_GET['locked']))
-{
-	$status = 0;
-	$tmp = $hesklang['tunlock'];                                                                      
-    $revision = sprintf($hesklang['thist6'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
+
+// Get ticket info
+$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+if (hesk_dbNumRows($result) != 1) {
+    hesk_error($hesklang['ticket_not_found']);
 }
-else
-{
-	$status = 1;
-	$tmp = $hesklang['tlock'];
-    $revision = sprintf($hesklang['thist5'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
+$ticket = hesk_dbFetchAssoc($result);
+
+$audit_unlocked = null;
+$audit_locked = null;
+
+/* New locked status */
+if (empty($_GET['locked'])) {
+    $status = 0;
+    $tmp = $hesklang['tunlock'];
+    $audit_unlocked = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
+    $closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
+} else {
+    $status = 1;
+    $tmp = $hesklang['tlock'];
+    $audit_locked = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
+    $closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' ';
+
+    // Notify customer of closed ticket?
+    if ($hesk_settings['notify_closed']) {
+        $closedStatusRS = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsClosed` = 1');
+        $ticketIsOpen = true;
+        while ($row = hesk_dbFetchAssoc($closedStatusRS)) {
+            if ($ticket['status'] == $row['ID']) {
+                $ticketIsOpen = false;
+            }
+        }
+        // Notify customer, but only if ticket is not already closed
+        if ($ticketIsOpen) {
+            require(HESK_PATH . 'inc/email_functions.inc.php');
+
+            $ticket['dt'] = hesk_date($ticket['dt'], true);
+            $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
+            hesk_notifyCustomer($modsForHesk_settings, 'ticket_closed');
+        }
+    }
 }
 
 /* Update database */
-$statusSql = 'SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `LockedTicketStatus` = 1';
-$statusRow = hesk_dbQuery($statusSql)->fetch_assoc();
+$statusSql = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `LockedTicketStatus` = 1';
+$statusRs = hesk_dbQuery($statusSql);
+$statusRow = hesk_dbFetchAssoc($statusRs);
 $statusId = $statusRow['ID'];
 
-hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$statusId}',`locked`='{$status}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."')  WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
+
+if ($audit_unlocked) {
+    mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_unlocked', hesk_date(),
+        $audit_unlocked);
+}
+
+if ($audit_locked) {
+    mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_locked', hesk_date(),
+        $audit_locked);
+}
 
 /* Back to ticket page and show a success message */
-hesk_process_messages($tmp,'admin_ticket.php?track='.$trackingID.'&Refresh='.rand(10000,99999),'SUCCESS');
-?>
+hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');

admin/manage_canned.php

@@ -1,63 +1,57 @@
 <?php
-/*******************************************************************************
-*  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
-*  Author: Klemen Stirn
-*  Website: http://www.hesk.com
-********************************************************************************
-*  COPYRIGHT AND TRADEMARK NOTICE
-*  Copyright 2005-2013 Klemen Stirn. All Rights Reserved.
-*  HESK is a registered trademark of Klemen Stirn.
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
 
-*  The HESK may be used and modified free of charge by anyone
-*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
-*  By using this code you agree to indemnify Klemen Stirn from any
-*  liability that might arise from it's use.
-
-*  Selling the code for this program, in part or full, without prior
-*  written consent is expressly forbidden.
-
-*  Using this code, in part or full, to create derivate work,
-*  new scripts or products is expressly forbidden. Obtain permission
-*  before redistributing this software over the Internet or in
-*  any other medium. In all cases copyright and header must remain intact.
-*  This Copyright is in full effect in any country that has International
-*  Trade Agreements with the United States of America or
-*  with the European Union.
-
-*  Removing any of the copyright notices without purchasing a license
-*  is expressly forbidden. To remove HESK copyright notice you must purchase
-*  a license for this script. For more information on how to obtain
-*  a license please visit the page below:
-*  https://www.hesk.com/buy.php
-*******************************************************************************/
-
-define('IN_SCRIPT',1);
-define('HESK_PATH','../');
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('VALIDATOR', 1);
+define('PAGE_TITLE', 'ADMIN_CANNED');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
 
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
 hesk_load_database_functions();
 
 hesk_session_start();
 hesk_dbConnect();
 hesk_isLoggedIn();
+define('WYSIWYG', 1);
 
 /* Check permissions for this feature */
 hesk_checkPermission('can_man_canned');
 
+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 /* What should we do? */
-if ( $action = hesk_REQUEST('a') )
-{
-	if ( defined('HESK_DEMO') )  {hesk_process_messages($hesklang['ddemo'], 'manage_canned.php', 'NOTICE');}
-	elseif ($action == 'new')    {new_saved();}
-	elseif ($action == 'edit')   {edit_saved();}
-	elseif ($action == 'remove') {remove();}
-	elseif ($action == 'order')  {order_saved();}
+if ($action = hesk_REQUEST('a')) {
+    if (defined('HESK_DEMO')) {
+        hesk_process_messages($hesklang['ddemo'], 'manage_canned.php', 'NOTICE');
+    } elseif ($action == 'new') {
+        new_saved();
+    } elseif ($action == 'edit') {
+        edit_saved();
+    } elseif ($action == 'remove') {
+        remove();
+    } elseif ($action == 'order') {
+        order_saved();
+    }
 }
 
+$modsForHesk_settings = mfh_getSettings();
+
 /* Print header */
 require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 
@@ -66,244 +60,337 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 ?>
 
 <script language="javascript" type="text/javascript"><!--
-function confirm_delete()
-{
-if (confirm('<?php echo addslashes($hesklang['delete_saved']); ?>')) {return true;}
-else {return false;}
-}
+    function confirm_delete() {
+        if (confirm('<?php echo hesk_makeJsString($hesklang['delete_saved']); ?>')) {
+            return true;
+        }
+        else {
+            return false;
+        }
+    }
 
-function hesk_insertTag(tag) {
-var text_to_insert = '%%'+tag+'%%';
-hesk_insertAtCursor(document.form1.msg, text_to_insert);
-document.form1.msg.focus();
-}
+    function hesk_insertTag(tag) {
+        var text_to_insert = '%%' + tag + '%%';
+        var msg = '';
+        <?php
+        if ($modsForHesk_settings['rich_text_for_tickets']) { ?>
+        msg = $('#message').val();
+        $("#message").summernote('reset');
+        $("#message").summernote('editor.insertText', msg + text_to_insert));
+        <?php } else { ?>
+        msg = document.getElementById('message').value;
+        document.getElementById('message').value = msg + text_to_insert;
+        <?php }
+        ?>
+        document.form1.msg.focus();
+    }
 
-function hesk_insertAtCursor(myField, myValue) {
-if (document.selection) {
-myField.focus();
-sel = document.selection.createRange();
-sel.text = myValue;
-}
-else if (myField.selectionStart || myField.selectionStart == '0') {
-var startPos = myField.selectionStart;
-var endPos = myField.selectionEnd;
-myField.value = myField.value.substring(0, startPos)
-+ myValue
-+ myField.value.substring(endPos, myField.value.length);
-} else {
-myField.value += myValue;                                             
-}
-}
-//-->
+    function hesk_insertAtCursor(myField, myValue) {
+        if (document.selection) {
+            myField.focus();
+            sel = document.selection.createRange();
+            sel.text = myValue;
+        } else if (myField.selectionStart || myField.selectionStart == '0') {
+            var startPos = myField.selectionStart;
+            var endPos = myField.selectionEnd;
+            myField.value = myField.value.substring(0, startPos)
+                + myValue
+                + myField.value.substring(endPos, myField.value.length);
+        } else {
+            myField.value += myValue;
+        }
+    }
+    //-->
 </script>
 
 <?php
-    $result = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'std_replies` ORDER BY `reply_order` ASC');
-    $options='';
-    $javascript_messages='';
-    $javascript_titles='';
+$result = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'std_replies` ORDER BY `reply_order` ASC');
+$options = '';
+$javascript_messages = '';
+$javascript_titles = '';
 
-    $i=1;
-    $j=0;
-    $num = hesk_dbNumRows($result);  
+$i = 1;
+$j = 0;
+$num = hesk_dbNumRows($result);
 ?>
-
-<div class="enclosingDashboard" style="padding-top: 20px">
-    <div class="row">
-        <div class="col-md-5">
-            <div class="moreToLeft">
-                <ul class="nav nav-tabs">
-				    <li class="active"><a href="#" onclick="return false;"><?php echo $hesklang['savedResponses']; ?></a></li>
-			    </ul>
-                <div class="summaryList">
-                    <div class="viewTicketSidebar">
-                    <?php if ($num < 1)
-                    {
-                        echo '<p>'.$hesklang['no_saved'].'</p>';
-                    }
-                    else
-                    { ?>
-                    <table class="table table-hover">
-	                    <tr>
-	                    <th><?php echo $hesklang['saved_title']; ?></th>
-	                    <th><?php echo $hesklang['opt']; ?></th>
-	                    </tr>
-	                    <?php
-
-                        while ($mysaved=hesk_dbFetchAssoc($result))
-                        {
-    	                    $j++;
-
-		                    if (isset($_SESSION['canned']['selcat2']) && $mysaved['id'] == $_SESSION['canned']['selcat2'])
-		                    {
-			                    $color = 'admin_green';
-			                    unset($_SESSION['canned']['selcat2']);
-		                    }
-		                    else
-		                    {
-			                    $color = $i ? 'admin_white' : 'admin_gray';
-		                    }
-        
-		                    $tmp   = $i ? 'White' : 'Blue';
-	                        $style = 'class="option'.$tmp.'OFF" onmouseover="this.className=\'option'.$tmp.'ON\'" onmouseout="this.className=\'option'.$tmp.'OFF\'"';
-	                        $i     = $i ? 0 : 1;
-
-                            $options .= '<option value="'.$mysaved['id'].'"';
-                            $options .= (isset($_SESSION['canned']['id']) && $_SESSION['canned']['id'] == $mysaved['id']) ? ' selected="selected" ' : '';
-                            $options .= '>'.$mysaved['title'].'</option>';
-
-
-                            $javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved['message']) )."';\n";
-                            $javascript_titles.='myTitle['.$mysaved['id'].']=\''.addslashes($mysaved['title'])."';\n";
-
-	                        echo '
-	                        <tr>
-	                        <td>'.$mysaved['title'].'</td>
-                            <td>
-                            ';
-
-                            if ($num > 1)
-                            {
-        	                    if ($j == 1)
-                                {
-            	                    echo'<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" /> <a href="manage_canned.php?a=order&amp;replyid='.$mysaved['id'].'&amp;move=15&amp;token='.hesk_token_echo(0).'" data-toggle="tooltip" data-placement="top" title="'.$hesklang['move_dn'].'"><i class="fa fa-arrow-down" style="font-size: 14px; color: green"></i></a>';
-                                }
-                                elseif ($j == $num)
-                                {
-            	                    echo'<a href="manage_canned.php?a=order&amp;replyid='.$mysaved['id'].'&amp;move=-15&amp;token='.hesk_token_echo(0).'" data-toggle="tooltip" data-placement="top" title="'.$hesklang['move_up'].'"><i class="fa fa-arrow-up" style="font-size: 14px; color: green"></i></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
-                                }
-                                else
-                                {
-            	                    echo'
-			                        <a href="manage_canned.php?a=order&amp;replyid='.$mysaved['id'].'&amp;move=-15&amp;token='.hesk_token_echo(0).'" data-toggle="tooltip" data-placement="top" title="'.$hesklang['move_up'].'"><i class="fa fa-arrow-up" style="font-size: 14px; color: green"></i></a>
-			                        <a href="manage_canned.php?a=order&amp;replyid='.$mysaved['id'].'&amp;move=15&amp;token='.hesk_token_echo(0).'" data-toggle="tooltip" data-placement="top" title="'.$hesklang['move_dn'].'"><i class="fa fa-arrow-down" style="font-size: 14px; color: green"></i></a>
-                                    ';
-                                }
-                            }
-                            else
-                            {
-        	                    echo '';
-                            }
-
-                            echo '
-                            <a href="manage_canned.php?a=remove&amp;id='.$mysaved['id'].'&amp;token='.hesk_token_echo(0).'" onclick="return confirm_delete();" data-toggle="tooltip" data-placement="top" title="'.$hesklang['delete'].'"><i class="fa fa-times" style="font-size: 14px; color: #FF0000"></i></a>&nbsp;</td>
-	                        </tr>
-		                    ';
-                        } // End while
-                    }
-                        ?>
-	                    </table>
-                    </div>
-                </div>
+<div class="content-wrapper">
+    <section class="content">
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['savedResponses']; ?>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
             </div>
         </div>
-        <div class="col-md-7">
-            <script language="javascript" type="text/javascript"><!--
-            var myMsgTxt = new Array();
-            myMsgTxt[0]='';
-            var myTitle = new Array();
-            myTitle[0]='';
-
-            <?php
-            echo $javascript_titles;
-            echo $javascript_messages;
-            ?>
-
-            function setMessage(msgid) {
-                if (document.getElementById) {
-                    document.getElementById('HeskMsg').innerHTML='<textarea class="form-control" name="msg" rows="15" cols="70">'+myMsgTxt[msgid]+'</textarea>';
-                    document.getElementById('HeskTitle').innerHTML='<input type="text" class="form-control" name="name" size="40" maxlength="50" value="'+myTitle[msgid]+'">';
-                } else {
-                    document.form1.msg.value=myMsgTxt[msgid];
-                    document.form1.name.value=myTitle[msgid];
-                }
-
-                if (msgid==0) {
-                    document.form1.a[0].checked=true;
-                } else {
-                    document.form1.a[1].checked=true;
-                }
+        <div class="box-body">
+            <?php if ($num < 1)
+            {
+                echo '<p>' . $hesklang['no_saved'] . '</p>';
             }
-            //-->
-            </script>
+            else
+            { ?>
+            <table class="table table-hover">
+                <tr>
+                    <th><?php echo $hesklang['saved_title']; ?></th>
+                    <th><?php echo $hesklang['opt']; ?></th>
+                </tr>
+                <?php
 
+                while ($mysaved = hesk_dbFetchAssoc($result)) {
+                    $j++;
+
+                    if (isset($_SESSION['canned']['selcat2']) && $mysaved['id'] == $_SESSION['canned']['selcat2']) {
+                        $color = 'admin_green';
+                        unset($_SESSION['canned']['selcat2']);
+                    } else {
+                        $color = $i ? 'admin_white' : 'admin_gray';
+                    }
+
+                    $tmp = $i ? 'White' : 'Blue';
+                    $style = 'class="option' . $tmp . 'OFF" onmouseover="this.className=\'option' . $tmp . 'ON\'" onmouseout="this.className=\'option' . $tmp . 'OFF\'"';
+                    $i = $i ? 0 : 1;
+
+                    $options .= '<option value="' . $mysaved['id'] . '"';
+                    $options .= (isset($_SESSION['canned']['id']) && $_SESSION['canned']['id'] == $mysaved['id']) ? ' selected="selected" ' : '';
+                    $options .= '>' . $mysaved['title'] . '</option>';
+
+
+                    $javascript_titles .= 'myTitle[' . $mysaved['id'] . ']=\'' . addslashes($mysaved['title']) . "';\n";
+                    if ($modsForHesk_settings['rich_text_for_tickets']) {
+                        $theMessage = hesk_html_entity_decode($mysaved['message']);
+                        $theMessage = addslashes($theMessage);
+                        $javascript_messages .= 'myMsgTxt[' . $mysaved['id'] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", $theMessage) . "';\n";
+                    } else {
+                        $javascript_messages .= 'myMsgTxt[' . $mysaved['id'] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved['message'])) . "';\n";
+                    }
+
+                    echo '
+                        <tr>
+                        <td>' . $mysaved['title'] . '</td>
+                        <td>
+                        ';
+
+                    if ($num > 1) {
+                        if ($j == 1) {
+                            echo '<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" /> <a href="manage_canned.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-fw fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_dn'] . '"></i></a>';
+                        } elseif ($j == $num) {
+                            echo '<a href="manage_canned.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_up'] . '"></i></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
+                        } else {
+                            echo '
+                                <a href="manage_canned.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_up'] . '"></i></a>
+                                <a href="manage_canned.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['move_dn'] . '"></i></a>
+                                ';
+                        }
+                    } else {
+                        echo '';
+                    }
+
+                    echo '
+                        <a name="'.$mysaved['title'].'" href="manage_canned.php?a=remove&amp;id=' . $mysaved['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();"><i class="fa fa-times icon-link red" data-toggle="tooltip" data-placement="top" title="' . $hesklang['delete'] . '"></i></a>&nbsp;</td>
+                        </tr>
+                        ';
+                } // End while
+            }
+            ?>
+            </table>
+        </div>
+    </div>
+    <?php if ($modsForHesk_settings['rich_text_for_tickets']): ?>
+        <script type="text/javascript">
+            /* <![CDATA[ */
+        	$(document).ready(function() {
+            	$('.htmlEditor').summernote({
+			    height: 200,
+			    toolbar: [
+				    ['style', ['bold', 'italic', 'underline', 'clear']],
+				    ['font', ['strikethrough', 'superscript', 'subscript']],
+				    ['para', ['ul', 'ol']]
+			    ]
+		    });
+            });
+            /* ]]> */
+        </script>
+    <?php endif; ?>
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['manage_saved']; ?> <a href="javascript:void(0)"
+                                                            onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['manage_intro']); ?>')"><i
+                        class="fa fa-question-circle settingsquestionmark"></i></a>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
+            </div>
+        </div>
+        <div class="box-body">
+            <script language="javascript" type="text/javascript"><!--
+                // -->
+                var myMsgTxt = new Array();
+                var myTitle = new Array();
+                myMsgTxt[0] = '';
+                myTitle[0] = '';
+
+                <?php
+                echo $javascript_titles;
+                echo $javascript_messages;
+                ?>
+
+                function setMessage(msgid) {
+                    var useHtmlEditor = <?php echo $modsForHesk_settings['rich_text_for_tickets']; ?>;
+                    var myMsg = myMsgTxt[msgid];
+                    var mySubject = myTitle[msgid];
+
+                    if (myMsg == '') {
+                        if (useHtmlEditor) {
+                            $("#message").summernote("reset");
+                        }
+                        else {
+                            $('#message').val('');
+                        }
+                        $('#subject').val('');
+                        return true;
+                    }
+                    if (document.getElementById) {
+                        if (useHtmlEditor) {
+                            $("#message").summernote('reset');
+                            $("#message").summernote('editor.insertText', myMsg));
+                        } else {
+                            myMsg = $('<textarea />').html(myMsg).text();
+                            $('#message').val(myMsg).trigger('input');
+                        }
+                        mySubject = $('<textarea />').html(mySubject).text();
+                        $('#subject').val(mySubject).trigger('input');
+                    }
+                    else {
+                        document.form1.message.value = myMsg;
+                        document.form1.subject.value = mySubject;
+                    }
+
+                    if (msgid == 0) {
+                        document.form1.a[0].checked = true;
+                    } else {
+                        document.form1.a[1].checked = true;
+                    }
+
+                }
+                //-->
+            </script>
             <?php
             /* This will handle error, success and notice messages */
             hesk_handle_messages();
             ?>
-            <h3><?php echo $hesklang['manage_saved']; ?> <a href="javascript:void(0)" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['manage_intro']); ?>')"><i class="fa fa-question-circle" style="color:black"></i></a></h3>
-            <div class="footerWithBorder blankSpace"></div>
-
-            <form action="manage_canned.php" method="post" name="form1" class="form-horizontal" role="form">
-                <h3><?php echo $hesklang['new_saved']; ?></h3>
-                <div class="footerWithBorder blankSpace"></div>
+            <?php
+            $onsubmit = '';
+            if ($modsForHesk_settings['rich_text_for_tickets']) {
+                $onsubmit = 'onsubmit="return validateRichText(\'message-help-block\', \'message-group\', \'message\', \''.htmlspecialchars($hesklang['this_field_is_required']).'\')"';
+            }
+            ?>
+            <form action="manage_canned.php" method="post" name="form1" class="form-horizontal" role="form" data-toggle="validator" <?php echo $onsubmit; ?>>
                 <div class="form-group">
                     <div class="col-sm-12">
                         <?php
-                        if ($num > 0)
-                        {
-	                        ?>
-		                    <div class="radio">
-                                <label><input type="radio" name="a" value="new" <?php echo (!isset($_SESSION['canned']['what']) || $_SESSION['canned']['what'] != 'EDIT') ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['canned_add']; ?></label>
+                        if ($num > 0) {
+                            ?>
+                            <div class="row">
+                                <div class="col-sm-12">
+                                    <div class="radio">
+                                        <label><input type="radio" name="a"
+                                                      value="new" <?php echo (!isset($_SESSION['canned']['what']) || $_SESSION['canned']['what'] != 'EDIT') ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['canned_add']; ?>
+                                        </label>
+                                    </div>
+                                </div>
                             </div>
                             <div class="row">
                                 <div class="col-sm-6">
                                     <div class="radio">
-                                        <label><input type="radio" name="a" value="edit" <?php echo (isset($_SESSION['canned']['what']) && $_SESSION['canned']['what'] == 'EDIT') ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['canned_edit']; ?></label>:
+                                        <label><input type="radio" name="a"
+                                                      value="edit" <?php echo (isset($_SESSION['canned']['what']) && $_SESSION['canned']['what'] == 'EDIT') ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['canned_edit']; ?>
+                                        </label>:
                                     </div>
                                 </div>
                                 <div class="col-sm-6">
-                                    <select class="form-control" name="saved_replies" onchange="setMessage(this.value)"><option value="0"> - <?php echo $hesklang['select_empty']; ?> - </option><?php echo $options; ?></select>
+                                    <select class="form-control" name="saved_replies" onchange="setMessage(this.value)">
+                                        <option value="0"> - <?php echo $hesklang['select_empty']; ?>-
+                                        </option><?php echo $options; ?></select>
                                 </div>
                             </div>
-	                        <?php
-                        }
-                        else
-                        {
-    	                    echo '<input type="hidden" name="a" value="new" /><label> ' . $hesklang['canned_add'] . '</label>';
+                            <?php
+                        } else {
+                            echo '<input type="hidden" name="a" value="new" /><label> ' . $hesklang['canned_add'] . '</label>';
                         }
                         ?>
                     </div>
                 </div>
                 <div class="form-group">
-                    <label for="name" class="col-sm-2 control-label"><?php echo $hesklang['saved_title']; ?>:</label>
+                    <label for="name" class="col-sm-2 control-label"><?php echo $hesklang['saved_title']; ?></label>
+
                     <div class="col-sm-10">
-                        <span id="HeskTitle"><input class="form-control" placeholder="<?php echo $hesklang['saved_title']; ?>" type="text" name="name" size="40" maxlength="50" <?php if (isset($_SESSION['canned']['name'])) {echo ' value="'.stripslashes($_SESSION['canned']['name']).'" ';} ?> /></span>     
+                    <span id="HeskTitle"><input id="subject" class="form-control"
+                                                placeholder="<?php echo htmlspecialchars($hesklang['saved_title']); ?>"
+                                                type="text" name="name" size="40"
+                                                data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                                maxlength="50" <?php if (isset($_SESSION['canned']['name'])) {
+                            echo ' value="' . stripslashes($_SESSION['canned']['name']) . '" ';
+                        } ?> required></span>
+                        <div class="help-block with-errors"></div>
                     </div>
                 </div>
-                <div class="form-group">
-                    <label for="msg" class="col-sm-2 control-label"><?php echo $hesklang['message']; ?>:</label>
+                <div class="form-group" id="message-group">
+                    <label for="msg" class="col-sm-2 control-label"><?php echo $hesklang['message']; ?></label>
+
                     <div class="col-sm-10">
-                        <span id="HeskMsg">
-                            <textarea class="form-control" placeholder="<?php echo $hesklang['message']; ?>" name="msg" rows="15" cols="70"><?php
-                                    if (isset($_SESSION['canned']['msg']))
-                                    {
-    	                                echo stripslashes($_SESSION['canned']['msg']);
-                                    }
-                                ?></textarea>
-                            <?php echo $hesklang['insert_special']; ?>:
-	                        <a href="javascript:void(0)" onclick="hesk_insertTag('HESK_NAME')"><?php echo $hesklang['name']; ?></a> |
-	                        <a href="javascript:void(0)" onclick="hesk_insertTag('HESK_EMAIL')"><?php echo $hesklang['email']; ?></a>
-	                        <?php
-	                            foreach ($hesk_settings['custom_fields'] as $k=>$v)
-	                            {
-	                                if ($v['use'])
-	                                {
-	                                    echo '| <a href="javascript:void(0)" onclick="hesk_insertTag(\'HESK_'.$k.'\')">'.$v['name'].'</a> ';
-	                                }
-	                            }
-	                        ?> 
-                        </span>         
-                    </div>     
+                    <span id="HeskMsg">
+                        <textarea id="message" class="htmlEditor form-control"
+                                  placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>" name="msg"
+                                  data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                  rows="15" cols="70" required><?php
+                            if (isset($_SESSION['canned']['msg'])) {
+                                echo stripslashes($_SESSION['canned']['msg']);
+                            }
+                            ?></textarea>
+                    </span>
+                        <div class="help-block with-errors" id="message-help-block"></div>
+                        <?php echo $hesklang['insert_special']; ?>:
+                        <a href="javascript:void(0)"
+                           onclick="hesk_insertTag('HESK_ID')"><?php echo $hesklang['seqid']; ?></a> |
+                        <a href="javascript:void(0)"
+                           onclick="hesk_insertTag('HESK_TRACK_ID')"><?php echo $hesklang['trackID']; ?></a> |
+                        <a href="javascript:void(0)"
+                           onclick="hesk_insertTag('HESK_NAME')"><?php echo $hesklang['name']; ?></a> |
+                        <a href="javascript:void(0)"
+                           onclick="hesk_insertTag('HESK_FIRST_NAME')"><?php echo $hesklang['fname']; ?></a> |
+                        <a href="javascript:void(0)"
+                           onclick="hesk_insertTag('HESK_EMAIL')"><?php echo $hesklang['email']; ?></a> |
+                        <a href="javascript:void(0)"
+                           onclick="hesk_insertTag('HESK_OWNER')"><?php echo $hesklang['owner']; ?></a>
+                        <?php
+                        foreach ($hesk_settings['custom_fields'] as $k => $v) {
+                            if ($v['use']) {
+                                if ($modsForHesk_settings['custom_field_setting']) {
+                                    $v['name'] = $hesklang[$v['name']];
+                                }
+
+                                echo '| <a href="javascript:void(0)" onclick="hesk_insertTag(\'HESK_' . $k . '\')">' . $v['name'] . '</a> ';
+                            }
+                        }
+                        ?>
+                    </div>
+                </div>
+                <div class="form-group text-center">
+                    <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
+                    <input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default"/>
                 </div>
-                <div class="form-group" style="text-align: center">
-                    <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
-                    <input type="submit" value="<?php echo $hesklang['save_reply']; ?>" class="btn btn-default" />   
-                </div>          
             </form>
         </div>
     </div>
-
+</section>
+</div>
 <?php
 require_once(HESK_PATH . 'inc/footer.inc.php');
 exit();
@@ -313,129 +400,127 @@ exit();
 
 function edit_saved()
 {
-	global $hesk_settings, $hesklang;
+    global $hesk_settings, $hesklang;
 
-	/* A security check */
-	hesk_token_check('POST');
+    /* A security check */
+    hesk_token_check('POST');
 
     $hesk_error_buffer = '';
 
-	$id = intval( hesk_POST('saved_replies') ) or $hesk_error_buffer .= '<li>' . $hesklang['selcan'] . '</li>';
-	$savename = hesk_input( hesk_POST('name') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_saved_title'] . '</li>';
-	$msg = hesk_input( hesk_POST('msg') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_saved_msg'] . '</li>';
-    
+    $id = intval(hesk_POST('saved_replies')) or $hesk_error_buffer .= '<li>' . $hesklang['selcan'] . '</li>';
+    $savename = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_saved_title'] . '</li>';
+    $msg = hesk_input(hesk_POST('msg')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_saved_msg'] . '</li>';
+
     // Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
     $msg = preg_replace('/\R/u', "\r\n", $msg);
 
-	$_SESSION['canned']['what'] = 'EDIT';
+    $_SESSION['canned']['what'] = 'EDIT';
     $_SESSION['canned']['id'] = $id;
     $_SESSION['canned']['name'] = $savename;
     $_SESSION['canned']['msg'] = $msg;
 
     /* Any errors? */
-    if (strlen($hesk_error_buffer))
-    {
-    	$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
-    	hesk_process_messages($hesk_error_buffer,'manage_canned.php?saved_replies='.$id);
+    if (strlen($hesk_error_buffer)) {
+        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
+        hesk_process_messages($hesk_error_buffer, 'manage_canned.php?saved_replies=' . $id);
     }
 
-	$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` SET `title`='".hesk_dbEscape($savename)."',`message`='".hesk_dbEscape($msg)."' WHERE `id`='".intval($id)."' LIMIT 1");
+    $result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "'");
 
-	unset($_SESSION['canned']['what']);
+    unset($_SESSION['canned']['what']);
     unset($_SESSION['canned']['id']);
     unset($_SESSION['canned']['name']);
     unset($_SESSION['canned']['msg']);
 
-    hesk_process_messages($hesklang['your_saved'],'manage_canned.php?saved_replies='.$id,'SUCCESS');
+    hesk_process_messages($hesklang['your_saved'], 'manage_canned.php?saved_replies=' . $id, 'SUCCESS');
 } // End edit_saved()
 
 
 function new_saved()
 {
-	global $hesk_settings, $hesklang;
+    global $hesk_settings, $hesklang;
 
-	/* A security check */
-	hesk_token_check('POST');
+    /* A security check */
+    hesk_token_check('POST');
 
     $hesk_error_buffer = '';
-	$savename = hesk_input( hesk_POST('name') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_saved_title'] . '</li>';
-	$msg = hesk_input( hesk_POST('msg') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_saved_msg'] . '</li>';
-    
+    $savename = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_saved_title'] . '</li>';
+    $msg = hesk_input(hesk_POST('msg')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_saved_msg'] . '</li>';
+
     // Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
     $msg = preg_replace('/\R/u', "\r\n", $msg);
 
-	$_SESSION['canned']['what'] = 'NEW';
+    $_SESSION['canned']['what'] = 'NEW';
     $_SESSION['canned']['name'] = $savename;
     $_SESSION['canned']['msg'] = $msg;
 
     /* Any errors? */
-    if (strlen($hesk_error_buffer))
-    {
-    	$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
-    	hesk_process_messages($hesk_error_buffer,'manage_canned.php');
+    if (strlen($hesk_error_buffer)) {
+        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
+        hesk_process_messages($hesk_error_buffer, 'manage_canned.php');
     }
 
-	/* Get the latest reply_order */
-	$result = hesk_dbQuery('SELECT `reply_order` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'std_replies` ORDER BY `reply_order` DESC LIMIT 1');
-	$row = hesk_dbFetchRow($result);
-	$my_order = $row[0]+10;
+    /* Get the latest reply_order */
+    $result = hesk_dbQuery('SELECT `reply_order` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'std_replies` ORDER BY `reply_order` DESC LIMIT 1');
+    $row = hesk_dbFetchRow($result);
+    $my_order = $row[0] + 10;
 
-	hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` (`title`,`message`,`reply_order`) VALUES ('".hesk_dbEscape($savename)."','".hesk_dbEscape($msg)."','".intval($my_order)."')");
+    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` (`title`,`message`,`reply_order`) VALUES ('" . hesk_dbEscape($savename) . "','" . hesk_dbEscape($msg) . "','" . intval($my_order) . "')");
 
-	unset($_SESSION['canned']['what']);
+    unset($_SESSION['canned']['what']);
     unset($_SESSION['canned']['name']);
     unset($_SESSION['canned']['msg']);
 
-    hesk_process_messages($hesklang['your_saved'],'manage_canned.php','SUCCESS');
+    hesk_process_messages($hesklang['your_saved'], 'manage_canned.php', 'SUCCESS');
 } // End new_saved()
 
 
 function remove()
 {
-	global $hesk_settings, $hesklang;
+    global $hesk_settings, $hesklang;
 
-	/* A security check */
-	hesk_token_check();
+    /* A security check */
+    hesk_token_check();
 
-	$mysaved = intval( hesk_GET('id') ) or hesk_error($hesklang['id_not_valid']);
+    $mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']);
 
-	hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` WHERE `id`='".intval($mysaved)."' LIMIT 1");
-	if (hesk_dbAffectedRows() != 1)
-    {
-    	hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` WHERE `id`='" . intval($mysaved) . "'");
+    if (hesk_dbAffectedRows() != 1) {
+        hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");
     }
 
-    hesk_process_messages($hesklang['saved_rem_full'],'manage_canned.php','SUCCESS');
+    hesk_process_messages($hesklang['saved_rem_full'], 'manage_canned.php', 'SUCCESS');
 } // End remove()
 
 
 function order_saved()
 {
-	global $hesk_settings, $hesklang;
+    global $hesk_settings, $hesklang;
 
-	/* A security check */
-	hesk_token_check();
+    /* A security check */
+    hesk_token_check();
 
-	$replyid = intval( hesk_GET('replyid') ) or hesk_error($hesklang['reply_move_id']);
+    $replyid = intval(hesk_GET('replyid')) or hesk_error($hesklang['reply_move_id']);
     $_SESSION['canned']['selcat2'] = $replyid;
 
-	$reply_move = intval( hesk_GET('move') );
+    $reply_move = intval(hesk_GET('move'));
 
-	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` SET `reply_order`=`reply_order`+".intval($reply_move)." WHERE `id`='".intval($replyid)."' LIMIT 1");
-	if (hesk_dbAffectedRows() != 1) {hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");}
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=`reply_order`+" . intval($reply_move) . " WHERE `id`='" . intval($replyid) . "'");
+    if (hesk_dbAffectedRows() != 1) {
+        hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");
+    }
 
-	/* Update all category fields with new order */
-	$result = hesk_dbQuery('SELECT `id` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'std_replies` ORDER BY `reply_order` ASC');
+    /* Update all category fields with new order */
+    $result = hesk_dbQuery('SELECT `id` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'std_replies` ORDER BY `reply_order` ASC');
 
-	$i = 10;
-	while ($myreply=hesk_dbFetchAssoc($result))
-	{
-	    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` SET `reply_order`=".intval($i)." WHERE `id`='".intval($myreply['id'])."' LIMIT 1");
-	    $i += 10;
-	}
+    $i = 10;
+    while ($myreply = hesk_dbFetchAssoc($result)) {
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=" . intval($i) . " WHERE `id`='" . intval($myreply['id']) . "'");
+        $i += 10;
+    }
 
-	header('Location: manage_canned.php');
-	exit();
+    header('Location: manage_canned.php');
+    exit();
 } // End order_saved()
 
 ?>

admin/manage_custom_nav_elements.php

@@ -0,0 +1,275 @@
+<?php
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'ADMIN_CUSTOM_NAV_ELEMENTS');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
+define('EXTRA_JS', '<script src="'.HESK_PATH.'internal-api/js/manage-custom-nav-elements.js"></script>');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+//hesk_checkPermission('can_man_custom_nav');
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+<div class="content-wrapper">
+    <section class="content">
+        <div class="box">
+            <div class="box-header with-border">
+                <h1 class="box-title">
+                    <?php echo $hesklang['custom_nav_menu_elements']; ?>
+                </h1>
+                <div class="box-tools pull-right">
+                    <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                        <i class="fa fa-minus"></i>
+                    </button>
+                </div>
+            </div>
+            <div class="box-body">
+                <div class="row">
+                    <div class="col-md-12 text-right">
+                        <button id="create-button" class="btn btn-success">
+                            <i class="fa fa-plus-circle"></i>&nbsp;
+                            <?php echo $hesklang['create_new']; ?>
+                        </button>
+                    </div>
+                    <div class="col-md-12">
+                        <table class="table table-striped">
+                            <thead>
+                            <tr>
+                                <th><?php echo $hesklang['id']; ?></th>
+                                <th><?php echo $hesklang['custom_nav_text']; ?></th>
+                                <th><?php echo $hesklang['custom_nav_subtext']; ?></th>
+                                <th><?php echo $hesklang['image_url_slash_font_icon']; ?></th>
+                                <th><?php echo $hesklang['url']; ?></th>
+                                <th><?php echo $hesklang['actions']; ?></th>
+                            </tr>
+                            </thead>
+                            <tbody id="table-body">
+                            </tbody>
+                        </table>
+                    </div>
+                </div>
+            </div>
+            <div class="overlay" id="overlay">
+                <i class="fa fa-spinner fa-spin"></i>
+            </div>
+        </div>
+    </section>
+</div>
+<div class="modal fade" id="nav-element-modal" tabindex="-1" role="dialog" style="overflow: hidden">
+    <div class="modal-dialog modal-lg" role="document">
+        <div class="modal-content">
+            <div class="modal-header" style="cursor: move">
+                <button type="button" class="close cancel-callback" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+                <h4 class="modal-title" id="edit-label">
+                    <?php echo $hesklang['edit_custom_nav_element_title_case']; ?>
+                </h4>
+                <h4 class="modal-title" id="create-label">
+                    <?php echo $hesklang['create_custom_nav_element_title_case']; ?>
+                </h4>
+            </div>
+            <form id="manage-nav-element" class="form-horizontal" data-toggle="validator">
+                <input type="hidden" name="id">
+                <div class="modal-body">
+                    <div class="row">
+                        <div class="col-md-12">
+                            <div class="form-group">
+                                <label for="place" class="col-md-4 col-sm-12 control-label">
+                                    <?php echo $hesklang['place']; ?>
+                                    <i class="fa fa-question-circle settingsquestionmark" data-toggle="htmlpopover"
+                                       title="<?php echo $hesklang['place']; ?>"
+                                       data-content="<?php echo $hesklang['place_help']; ?>"></i>
+                                </label>
+                                <div class="col-md-8 col-sm-12">
+                                    <select name="place" id="place" class="form-control"
+                                            data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                            required>
+                                        <option value="1"><?php echo $hesklang['homepage_block']; ?></option>
+                                        <option value="2"><?php echo $hesklang['customer_navigation']; ?></option>
+                                        <option value="3"><?php echo $hesklang['staff_navigation']; ?></option>
+                                    </select>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="row">
+                        <div class="col-md-6 col-sm-12">
+                            <h4><?php echo $hesklang['custom_nav_text']; ?></h4>
+                            <?php foreach ($hesk_settings['languages'] as $language => $value): ?>
+                                <div class="form-group">
+                                    <label for="text[<?php echo $language; ?>]" class="col-md-4 col-sm-12 control-label">
+                                        <?php echo $language; ?>
+                                    </label>
+                                    <div class="col-md-8 col-sm-12">
+                                        <input type="text" name="text" class="form-control"
+                                               data-text-language="<?php echo $language; ?>"
+                                               id="text[<?php echo $language; ?>" placeholder="<?php echo $hesklang['custom_nav_text']; ?>"
+                                               data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                               required>
+                                        <div class="help-block with-errors"></div>
+                                    </div>
+                                </div>
+                            <?php endforeach; ?>
+                            <div id="subtext">
+                                <h4><?php echo $hesklang['custom_nav_subtext']; ?></h4>
+                                <?php foreach ($hesk_settings['languages'] as $language => $value): ?>
+                                    <div class="form-group">
+                                        <label for="subtext[<?php echo $language; ?>]" class="col-md-4 col-sm-12 control-label">
+                                            <?php echo $language; ?>
+                                        </label>
+                                        <div class="col-md-8 col-sm-12">
+                                            <input type="text" name="subtext" class="form-control"
+                                                   data-subtext-language="<?php echo $language; ?>"
+                                                   id="subtext[<?php echo $language; ?>" placeholder="<?php echo $hesklang['custom_nav_subtext']; ?>"
+                                                   data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                                   required>
+                                            <div class="help-block with-errors"></div>
+                                        </div>
+                                    </div>
+                                <?php endforeach; ?>
+                            </div>
+                        </div>
+                        <div class="col-md-6 col-sm-12">
+                            <h4><?php echo $hesklang['url']; ?></h4>
+                            <div class="form-group">
+                                <label for="image-type" class="col-md-4 col-sm-12 control-label">
+                                    <?php echo $hesklang['url']; ?>
+                                    <i class="fa fa-question-circle settingsquestionmark" data-toggle="htmlpopover"
+                                       title="<?php echo $hesklang['url']; ?>"
+                                       data-content="<?php echo $hesklang['url_help']; ?>"></i>
+                                </label>
+                                <div class="col-md-8 col-sm-12">
+                                    <input type="text" name="url" class="form-control"
+                                           data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                           placeholder="<?php echo $hesklang['url']; ?>" required>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                            <h4><?php echo $hesklang['image']; ?></h4>
+                            <div class="form-group">
+                                <label for="image-type" class="col-md-4 col-sm-12 control-label"><?php echo $hesklang['image_type']; ?></label>
+                                <div class="col-md-8 col-sm-12">
+                                    <select name="image-type" id="image-type" class="form-control"
+                                            data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                            required>
+                                        <option value="image-url"><?php echo $hesklang['image_url']; ?></option>
+                                        <option value="font-icon"><?php echo $hesklang['font_icon']; ?></option>
+                                    </select>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                            <div class="form-group" id="image-url-group">
+                                <label for="image-url" class="col-md-4 col-sm-12 control-label">
+                                    <?php echo $hesklang['image_url']; ?>
+                                    <i class="fa fa-question-circle settingsquestionmark" data-toggle="htmlpopover"
+                                       title="<?php echo $hesklang['image_url']; ?>"
+                                       data-content="<?php echo $hesklang['image_url_help']; ?>"></i>
+                                </label>
+                                <div class="col-md-8 col-sm-12">
+                                    <input type="text" name="image-url" class="form-control"
+                                           data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                           placeholder="<?php echo $hesklang['image_url']; ?>" required>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                            <div class="form-group" id="font-icon-group">
+                                <p style="display:none" id="no-icon"><?php echo $hesklang['sm_no_icon']; ?></p>
+
+                                <p style="display:none" id="search-icon"><?php echo $hesklang['sm_search_icon']; ?></p>
+
+                                <p style="display:none"
+                                   id="footer-icon"><?php echo $hesklang['sm_iconpicker_footer_label']; ?></p>
+                                <label for="font-icon" class="col-md-4 col-sm-12 control-label"><?php echo $hesklang['font_icon']; ?></label>
+                                <div class="col-md-8 col-sm-12">
+                                    <div class="btn btn-default iconpicker-container" data-toggle="nav-iconpicker">
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <div class="modal-footer">
+                    <div class="btn-group" id="action-buttons">
+                        <button type="button" class="btn btn-default cancel-button" data-dismiss="modal">
+                            <i class="fa fa-times-circle"></i>
+                            <span><?php echo $hesklang['cancel']; ?></span>
+                        </button>
+                        <button type="submit" class="btn btn-success save-button">
+                            <i class="fa fa-check-circle"></i>
+                            <span><?php echo $hesklang['save']; ?></span>
+                        </button>
+                    </div>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+<?php
+echo mfh_get_hidden_fields_for_language(
+    array(
+        'edit',
+        'delete',
+        'no_custom_nav_elements_found',
+        'failed_to_load_custom_nav_elements',
+        'custom_nav_element_deleted',
+        'error_deleting_custom_nav_element',
+        'error_sorting_custom_nav_elements',
+        'custom_nav_element_created',
+        'custom_nav_element_saved',
+        'homepage_block',
+        'customer_navigation',
+        'staff_navigation',
+        'error_saving_custom_nav_element',
+    )
+);
+?>
+<script type="text/html" id="nav-element-template">
+    <tr>
+        <td><span data-property="id" data-value="x"></span></td>
+        <td><span>
+                <ul data-property="text" class="list-unstyled"></ul>
+            </span></td>
+        <td><span>
+                <ul data-property="subtext" class="list-unstyled"></ul>
+            </span></td>
+        <td><span data-property="image-or-font"></span></td>
+        <td><span data-property="url"></span></td>
+        <td>
+            <a href="#" data-action="sort"
+               data-direction="up">
+                <i class="fa fa-fw fa-arrow-up icon-link green"
+                   data-toggle="tooltip" title="<?php echo $hesklang['move_up']; ?>"></i>
+            </a>
+            <a href="#" data-action="sort"
+               data-direction="down">
+                <i class="fa fa-fw fa-arrow-down icon-link green"
+                   data-toggle="tooltip" title="<?php echo $hesklang['move_dn'] ?>"></i>
+            </a>
+            <a href="#" data-action="edit">
+                <i class="fa fa-fw fa-pencil icon-link orange"
+                   data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i>
+            </a>
+            <a href="#" data-action="delete">
+                <i class="fa fa-fw fa-times icon-link red"
+                   data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i>
+            </a>
+        </td>
+    </tr>
+</script>
+<?php
+require_once(HESK_PATH . 'inc/footer.inc.php');

admin/manage_email_templates.php

@@ -0,0 +1,340 @@
+<?php
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'ADMIN_EMAIL_TEMPLATES');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+require(HESK_PATH . 'inc/custom_fields.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+hesk_checkPermission('can_man_email_tpl');
+
+define('WYSIWYG', 1);
+
+// Are we performing an action?
+$showEditPanel = false;
+if (isset($_GET['action'])) {
+    if ($_GET['action'] == 'edit') {
+        $showEditPanel = true;
+    }
+}
+
+// Are we saving?
+if (isset($_POST['action'])) {
+    if ($_POST['action'] == 'save') {
+        save();
+    }
+}
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+if ($modsForHesk_settings['html_emails']) {
+?>
+    <script type="text/javascript">
+        /* <![CDATA[ */
+    	$(document).ready(function() {
+        	$('.htmlEditor').summernote({
+			height: 200,
+			toolbar: [
+				['style', ['bold', 'italic', 'underline', 'clear']],
+				['font', ['strikethrough', 'superscript', 'subscript']],
+				['para', ['ul', 'ol']]
+			]
+		});
+        });
+        /* ]]> */
+    </script>
+<?php
+}
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+<div class="content-wrapper">
+    <section class="content">
+    <div class="box">
+        <div class="box-body">
+            <div class="nav-tabs-custom">
+                <ul class="nav nav-tabs" role="tablist">
+                    <?php
+                    // Show a link to banned_emails.php if user has permission
+                    if (hesk_checkPermission('can_ban_emails', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a>
+            </li>
+            ';
+                    }
+                    if (hesk_checkPermission('can_ban_ips', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>
+            </li>';
+                    }
+                    // Show a link to status_message.php if user has permission to do so
+                    if (hesk_checkPermission('can_service_msg', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
+            </li>';
+                    }
+                    ?>
+                    <li role="presentation" class="active">
+                        <a href="#"><?php echo $hesklang['email_templates']; ?> <i
+                                class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
+                                title="<?php echo $hesklang['email_templates']; ?>"
+                                data-content="<?php echo $hesklang['email_templates_intro']; ?>"></i></a>
+                    </li>
+                    <?php
+                    if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
+            </li>
+            ';
+                    }
+
+                    if (hesk_checkPermission('can_man_settings', 0)) {
+                        echo '
+                    <li role="presentation">
+						<a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' .
+                            $hesklang['tab_4']
+                            . '</a>
+					</li>
+                        ';
+                    }
+                    ?>
+                </ul>
+                <div class="tab-content summaryList tabPadding">
+                    <?php if ($showEditPanel): ?>
+                        <div class="row">
+                            <div class="col-md-12">
+                                <div class="panel panel-default">
+                                    <div class="panel-heading">
+                                        <h4>
+                                            <?php
+                                            $isHtml = ($_GET['html'] == 'true');
+                                            $class = 'plaintext-editor';
+                                            if ($isHtml) {
+                                                $class = 'htmlEditor';
+                                                echo sprintf($hesklang['editing_html_template'], $_GET['template']);
+                                            } else {
+                                                echo sprintf($hesklang['editing_plain_text_template'], $_GET['template']);
+                                            } ?>
+                                        </h4>
+                                    </div>
+                                    <div class="panel-body">
+                                        <?php
+                                        $fileContent = '';
+                                        if ($isHtml) {
+                                            $fileContent = file_get_contents(HESK_PATH . 'language/' . urldecode($_GET['language']) . '/emails/html/' . $_GET['template']);
+                                        } else {
+                                            $fileContent = file_get_contents(HESK_PATH . 'language/' . urldecode($_GET['language']) . '/emails/' . $_GET['template']);
+                                        }
+                                        if ($fileContent === false) {
+                                            //throw error
+                                        }
+                                        ?>
+                                        <a href="#" id="showSpecialTags"
+                                           onclick="toggleContainers(['specialTags'],['showSpecialTags'])">
+                                            <?php echo $hesklang['show_special_tags']; ?>
+                                        </a>
+
+                                        <div id="specialTags" style="display: none">
+                                            <a href="#" onclick="toggleContainers(['showSpecialTags'],['specialTags'])">
+                                                <?php echo $hesklang['hide_special_tags']; ?>
+                                            </a>
+                                            <table class="table table-striped table-responsive table-condensed">
+                                                <thead>
+                                                <tr>
+                                                    <th><?php echo $hesklang['special_tag']; ?></th>
+                                                    <th><?php echo $hesklang['description'] ?></th>
+                                                </tr>
+                                                </thead>
+                                                <tbody>
+                                                <?php
+                                                $tags = getSpecialTagMap();
+                                                foreach ($tags as $tag => $text): ?>
+                                                    <tr>
+                                                        <td><?php echo $tag; ?></td>
+                                                        <td><?php echo $text; ?></td>
+                                                    </tr>
+                                                <?php endforeach; ?>
+                                                </tbody>
+                                            </table>
+                                        </div>
+                                        <form action="manage_email_templates.php" method="post">
+                                    <textarea name="text" rows="15"
+                                              class="form-control <?php echo $class; ?>"><?php echo $fileContent; ?></textarea>
+                                            <input type="hidden" name="action" value="save">
+                                            <input type="hidden" name="template"
+                                                   value="<?php echo htmlspecialchars($_GET['template']); ?>">
+                                            <input type="hidden" name="language"
+                                                   value="<?php echo htmlspecialchars($_GET['language']); ?>">
+                                            <input type="hidden" name="html" value="<?php echo $isHtml; ?>">
+                                            <br>
+                                            <?php
+                                            $fileWritable = false;
+                                            if ($isHtml) {
+                                                $fileWritable = is_writable(HESK_PATH . 'language/' . $_GET['language'] . '/emails/html/' . $_GET['template']);
+                                            } else {
+                                                $fileWritable = is_writable(HESK_PATH . 'language/' . $_GET['language'] . '/emails/' . $_GET['template']);
+                                            }
+
+                                            if (!$fileWritable) {
+                                                echo '<div class="alert alert-danger">
+                                    <p>' . sprintf($hesklang['email_template_directory_not_writable'], $_GET['template']) . '</p>
+                                    </div>';
+                                            } else {
+                                                echo '<input type="submit" class="btn btn-default" value="' . $hesklang['save'] . '">';
+                                            }
+                                            ?>
+                                        </form>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    <?php endif; ?>
+                    <div class="row">
+                        <div class="col-md-12">
+                            <?php
+                            /* This will handle error, success and notice messages */
+                            hesk_handle_messages();
+
+                            // Output list of templates, and provide links to edit the plaintext and HTML versions for each language
+                            // First get list of languages
+                            $languages = array();
+                            foreach ($hesk_settings['languages'] as $key => $value) {
+                                $languages[$key] = $hesk_settings['languages'][$key]['folder'];
+                            }
+
+                            // Get all files, but don't worry about index.htm, items beginning with '.', or the html folder
+                            // We'll also assume the template file exists in all language folders and in the html folder
+                            reset($languages);
+                            $firstKey = key($languages);
+                            $firstDirectory = HESK_PATH . 'language/' . $languages[$firstKey] . '/emails';
+                            $directoryListing = preg_grep('/^([^.])/', scandir($firstDirectory));
+                            $emailTemplates = array_diff($directoryListing, array('html', 'index.htm'));
+
+                            ?>
+                            <table class="table table-striped table-responsive">
+                                <thead>
+                                <tr>
+                                    <th><?php echo $hesklang['file_name']; ?></th>
+                                    <?php foreach ($languages as $language => $languageCode): ?>
+                                        <th><?php echo $language; ?></th>
+                                    <?php endforeach; ?>
+                                </tr>
+                                </thead>
+                                <tbody>
+                                <?php foreach ($emailTemplates as $template): ?>
+                                    <tr>
+                                        <td><?php echo $template; ?></td>
+                                        <?php foreach ($languages as $language => $languageCode): ?>
+                                            <td>
+                                                <?php
+                                                echo getTemplateMarkup($template, $languageCode);
+                                                echo '&nbsp;&nbsp;&nbsp;';
+                                                if ($modsForHesk_settings['html_emails']) {
+                                                    echo getTemplateMarkup($template, $languageCode, true);
+                                                }
+                                                ?>
+                                            </td>
+                                        <?php endforeach; ?>
+                                    </tr>
+                                <?php endforeach; ?>
+                                </tbody>
+                            </table>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</section>
+</div>
+<?php
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+function getTemplateMarkup($template, $languageCode, $html = false)
+{
+    global $hesklang;
+
+    $templateUrl = urlencode($template);
+    $languageCodeUrl = urlencode($languageCode);
+    if ($html) {
+        $markup = '<a name="Edit '.$templateUrl.'" href="manage_email_templates.php?action=edit&template=' . $templateUrl . '&language=' . $languageCodeUrl . '&html=true">';
+        $markup .= '<i class="fa fa-html5 font-size-150" data-toggle="tooltip" title="' . $hesklang['edit_html_template'] . '"></i>';
+        $markup .= '</a>';
+        return $markup;
+    } else {
+        $markup = '<a name="Edit '.$templateUrl.'" href="manage_email_templates.php?action=edit&template=' . $templateUrl . '&language=' . $languageCodeUrl . '&html=false">';
+        $markup .= '<i class="fa fa-file-text-o font-size-150" data-toggle="tooltip" title="' . $hesklang['edit_plain_text_template'] . '"></i>';
+        $markup .= '</a>';
+        return $markup;
+    }
+}
+
+function save()
+{
+    global $hesklang;
+
+    $filePath = HESK_PATH . 'language/' . $_POST['language'] . '/emails/' . $_POST['template'];
+    if ($_POST['html'] == '1') {
+        $filePath = HESK_PATH . 'language/' . $_POST['language'] . '/emails/html/' . $_POST['template'];
+    }
+
+    $success = file_put_contents($filePath, $_POST['text']);
+    if ($success === false) {
+        hesk_process_messages($hesklang['email_template_not_saved'], 'manage_email_templates.php');
+    } else {
+        $message = sprintf($hesklang['email_template_saved'], $_POST['template']);
+        hesk_process_messages($message, 'manage_email_templates.php', 'SUCCESS');
+    }
+}
+
+function getSpecialTagMap()
+{
+    global $hesk_settings, $modsForHesk_settings, $hesklang;
+
+    $map = array();
+    $map['%%NAME%%'] = $hesklang['customer_name'];
+    $map['%%FIRST_NAME%%'] = $hesklang['fname'];
+    $map['%%EMAIL%%'] = $hesklang['customer_email'];
+    $map['%%SUBJECT%%'] = $hesklang['ticket_subject'];
+    $map['%%MESSAGE%%'] = $hesklang['ticket_message'];
+    $map['%%MESSAGE_NO_ATTACHMENTS%%'] = $hesklang['ticket_message_no_attachments'];
+    $map['%%CREATED%%'] = $hesklang['ticket_created'];
+    $map['%%UPDATED%%'] = $hesklang['ticket_updated'];
+    $map['%%TRACK_ID%%'] = $hesklang['ticket_trackID'];
+    $map['%%TRACK_URL%%'] = $hesklang['ticket_url'];
+    $map['%%SITE_TITLE%%'] = $hesklang['wbst_title'];
+    $map['%%SITE_URL%%'] = $hesklang['wbst_url'];
+    $map['%%CATEGORY%%'] = $hesklang['ticket_category'];
+    $map['%%OWNER%%'] = $hesklang['ticket_owner'];
+    $map['%%PRIORITY%%'] = $hesklang['ticket_priority'];
+    $map['%%STATUS%%'] = $hesklang['ticket_status'];
+    $map['%%LAST_REPLY_BY%%'] = $hesklang['last_replier'];
+    $map['%%TIME_WORKED%%'] = $hesklang['ts'];
+
+    $i = 1;
+    foreach ($hesk_settings['custom_fields'] as $key => $value) {
+        if ($value['use']) {
+            $uppercaseKey = strtoupper($key);
+            $map['%%' . $uppercaseKey . '%%'] = sprintf($hesklang['custom_field_x'], $i++);
+        }
+    }
+
+    return $map;
+}

admin/manage_permission_groups.php

@@ -0,0 +1,515 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('VALIDATOR', 1);
+define('PAGE_TITLE', 'ADMIN_PERMISSION_TPL');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+/* Check permissions for this feature */
+hesk_checkPermission('can_man_permission_tpl');
+
+/* What should we do? */
+if ($action = hesk_REQUEST('a')) {
+    if ($action == 'save') {
+        save();
+    } elseif ($action == 'create') {
+        create();
+    } elseif ($action == 'delete') {
+        deleteTemplate();
+    }
+}
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+
+$modsForHesk_settings = mfh_getSettings();
+
+$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` ORDER BY `name` ASC");
+$templates = array();
+while ($row = hesk_dbFetchAssoc($res)) {
+    $templates[] = $row;
+}
+$featureArray = hesk_getFeatureArray();
+$orderBy = $modsForHesk_settings['category_order_column'];
+$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ORDER BY `" . $orderBy . "` ASC");
+$categories = array();
+while ($row = hesk_dbFetchAssoc($res)) {
+    $categories[] = $row;
+}
+?>
+<div class="content-wrapper">
+    <section class="content">
+    <?php hesk_handle_messages(); ?>
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['manage_permission_groups']; ?>
+                <i class="fa fa-question-circle settingsquestionmark" data-toggle="tooltip" data-placement="right"
+                   title="<?php echo $hesklang['manage_permission_groups_help']; ?>"></i>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
+            </div>
+        </div>
+        <div class="box-body">
+            <div class="text-right">
+                <a href="#" data-toggle="modal" data-target="#modal-template-new" class="btn btn-success nu-floatRight">
+                    <i class="fa fa-plus-circle"></i> <?php echo $hesklang['create_new']; ?>
+                </a>
+            </div>
+
+            <table class="table table-striped">
+                <thead>
+                <tr>
+                    <th><?php echo $hesklang['name']; ?></th>
+                    <th><?php echo $hesklang['number_of_users']; ?></th>
+                    <th><?php echo $hesklang['actions']; ?></th>
+                </tr>
+                </thead>
+                <tbody>
+                <?php foreach ($templates as $row): ?>
+                    <tr>
+                        <td><?php echo $row['name']; ?></td>
+                        <td><?php echo getNumberOfUsersWithPermissionGroup($row['id']); ?></td>
+                        <td>
+                            <a href="#" data-toggle="modal" data-target="#modal-template-<?php echo $row['id'] ?>">
+                                <i class="fa fa-fw fa-pencil icon-link orange" data-toggle="tooltip"
+                                   title="<?php echo $hesklang['view_permissions_for_this_group'] ?>"></i></a>
+                            <?php
+                            if ($row['id'] != 1 && $row['id'] != 2):
+                                ?>
+                                <a href="manage_permission_groups.php?a=delete&amp;id=<?php echo $row['id']; ?>">
+                                    <i class="fa fa-fw fa-times icon-link red" data-toggle="tooltip"
+                                       title="<?php echo $hesklang['delete']; ?>"></i></a>
+                            <?php endif; ?>
+                        </td>
+                    </tr>
+                <?php endforeach; ?>
+                </tbody>
+            </table>
+        </div>
+    </div>
+</section>
+</div>
+<?php
+foreach ($templates as $template) {
+    createEditModal($template, $featureArray, $categories);
+}
+buildCreateModal($featureArray, $categories);
+
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+
+/*** START FUNCTIONS ***/
+function getNumberOfUsersWithPermissionGroup($templateId)
+{
+    global $hesk_settings;
+
+    $res = hesk_dbQuery("SELECT 1 FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `permission_template` = " . intval($templateId));
+    return hesk_dbNumRows($res);
+}
+
+function createEditModal($template, $features, $categories)
+{
+    global $hesklang;
+
+    $enabledFeatures = array();
+    $enabledCategories = array();
+    if ($template['heskprivileges'] !== 'ALL') {
+        $enabledFeatures = explode(',', $template['heskprivileges']);
+        $enabledCategories = explode(',', $template['categories']);
+    }
+    ?>
+    <div class="modal fade" id="modal-template-<?php echo $template['id'] ?>" tabindex="-1" role="dialog"
+         aria-labelledby="myLargeModalLabel" aria-hidden="true">
+        <div class="modal-dialog modal-lg">
+            <div class="modal-content">
+                <form action="manage_permission_groups.php" role="form" method="post" id="form<?php echo $template['id']; ?>">
+                    <div class="modal-header">
+                        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
+                                aria-hidden="true">&times;</span></button>
+                        <h4 class="modal-title"><?php echo sprintf($hesklang['permissions_for_group'], $template['name']); ?></h4>
+                    </div>
+                    <div class="modal-body">
+                        <?php if ($template['id'] == 1): ?>
+                            <div class="alert alert-info">
+                                <i class="fa fa-info-circle"></i>
+                                <?php echo $hesklang['protected_group']; ?>
+                            </div>
+                        <?php endif; ?>
+                        <div class="row">
+                            <div class="form-group">
+                                <div class="col-sm-2">
+                                    <label for="name"
+                                           class="control-label"><?php echo $hesklang['group_name']; ?></label>
+                                </div>
+                                <div class="col-sm-10">
+                                    <input type="text" class="form-control" name="name"
+                                           value="<?php echo htmlspecialchars($template['name']); ?>"
+                                           placeholder="<?php echo htmlspecialchars($hesklang['group_name']); ?>"
+                                           data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                           required>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="row">
+                            <div class="col-md-6 col-sm-12">
+                                <h4><?php echo $hesklang['menu_cat']; ?></h4>
+
+                                <div class="footerWithBorder blankSpace"></div>
+                                <div class="form-group">
+                                    <?php
+                                    foreach ($categories as $category):
+                                        $can_man_categories = hesk_checkPermission('can_man_cat', 0);
+
+                                        $checked = '';
+                                        $disabled = '';
+                                        if (in_array($category['id'], $enabledCategories) ||
+                                            $template['categories'] == 'ALL') {
+                                            $checked = 'checked ';
+                                        }
+                                        if ((!hesk_SESSION('isadmin') &&
+                                                !in_array($category['id'], $_SESSION['categories']) &&
+                                                !$can_man_categories) ||
+                                            $template['categories'] === 'ALL') {
+                                            $disabled = ' disabled';
+                                        }
+
+                                        if ($_SESSION['isadmin'] || $can_man_categories || in_array($category['id'], $_SESSION['categories']) || $checked): ?>
+                                        <div class="checkbox">
+                                            <label>
+                                                <input type="checkbox" name="categories[]"
+                                                       value="<?php echo $category['id']; ?>" <?php echo $checked . ' ' . $disabled; ?>>
+                                                <?php echo $category['name']; ?>
+                                            </label>
+                                        </div>
+                                        <?php
+                                        endif;
+                                    endforeach; ?>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                            <div class="col-md-6 col-sm-12">
+                                <h4><?php echo $hesklang['allow_feat']; ?></h4>
+
+                                <div class="footerWithBorder blankSpace"></div>
+                                <div class="form-group">
+                                    <?php
+                                    foreach ($features as $feature): ?>
+                                        <?php
+                                        $checked = '';
+                                        $disabled = '';
+                                        if (in_array($feature, $enabledFeatures) ||
+                                            $template['heskprivileges'] === 'ALL') {
+                                            $checked = 'checked ';
+                                        }
+                                        if ((!hesk_SESSION('isadmin') &&
+                                                strpos($_SESSION['heskprivileges'], $feature) === false) ||
+                                            $template['heskprivileges'] === 'ALL') {
+                                            $disabled = ' disabled';
+                                        }
+                                        if ($_SESSION['isadmin'] || strpos($_SESSION['heskprivileges'], $feature) !== false || $checked):  ?>
+                                        <div class="checkbox">
+                                            <label>
+                                                <input type="checkbox" name="features[]"
+                                                       value="<?php echo $feature; ?>" <?php echo $checked . $disabled; ?>>
+                                                <?php echo $hesklang[$feature]; ?>
+                                            </label>
+                                        </div>
+                                        <?php endif;
+                                        endforeach; ?>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="modal-footer">
+                        <input type="hidden" name="a" value="save">
+                        <input type="hidden" name="template_id" value="<?php echo $template['id']; ?>">
+                        <div class="btn-group">
+                            <input type="submit" class="btn btn-success"
+                                   value="<?php echo $hesklang['save_changes']; ?>">
+                            <button type="button" class="btn btn-default"
+                                    data-dismiss="modal"><?php echo $hesklang['close_modal_without_saving']; ?></button>
+                        </div>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+    <?php
+}
+
+function buildCreateModal($features, $categories)
+{
+    global $hesklang;
+    ?>
+    <div class="modal fade" id="modal-template-new" tabindex="-1" role="dialog" aria-labelledby="myLargeModalLabel"
+         aria-hidden="true">
+        <div class="modal-dialog modal-lg">
+            <div class="modal-content">
+                <form action="manage_permission_groups.php" role="form" method="post" id="createForm">
+                    <div class="modal-header">
+                        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
+                                aria-hidden="true">&times;</span></button>
+                        <h4 class="modal-title"><?php echo $hesklang['create_new_group_title']; ?></h4>
+                    </div>
+                    <div class="modal-body">
+                        <div class="row">
+                            <div class="form-group">
+                                <div class="col-sm-2">
+                                    <label for="name"
+                                           class="control-label"><?php echo $hesklang['group_name']; ?></label>
+                                </div>
+                                <div class="col-sm-10">
+                                    <input type="text" class="form-control" name="name"
+                                           placeholder="<?php echo $hesklang['group_name']; ?>" required>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="row">
+                            <div class="col-md-6 col-sm-12">
+                                <h4><?php echo $hesklang['menu_cat']; ?></h4>
+
+                                <div class="footerWithBorder blankSpace"></div>
+                                <div class="form-group">
+                                    <?php
+                                    foreach ($categories as $category):
+                                        if (hesk_SESSION('isadmin') || in_array($category['id'], $_SESSION['categories'])): ?>
+                                        <div class="checkbox">
+                                            <label>
+                                                <input type="checkbox" name="categories[]"
+                                                       data-modal="new-categories"
+                                                       data-checkbox="categories"
+                                                       value="<?php echo $category['id']; ?>">
+                                                <?php echo $category['name']; ?>
+                                            </label>
+                                        </div>
+                                    <?php endif; endforeach; ?>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                            <div class="col-md-6 col-sm-12">
+                                <h4><?php echo $hesklang['allow_feat']; ?></h4>
+
+                                <div class="footerWithBorder blankSpace"></div>
+                                <div class="form-group">
+                                    <?php foreach ($features as $feature):
+                                        if (strpos($_SESSION['heskprivileges'], $feature) !== false || hesk_SESSION('isadmin')):
+                                        ?>
+                                        <div class="checkbox">
+                                            <label>
+                                                <input type="checkbox" name="features[]"
+                                                       data-modal="new-features"
+                                                       data-checkbox="features"
+                                                       value="<?php echo $feature; ?>">
+                                                <?php echo $hesklang[$feature]; ?>
+                                            </label>
+                                        </div>
+                                    <?php endif; endforeach; ?>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="modal-footer">
+                        <input type="hidden" name="a" value="create">
+
+                        <div class="btn-group">
+                            <input type="submit" class="btn btn-success"
+                                   value="<?php echo $hesklang['save_changes']; ?>">
+                            <button type="button" class="btn btn-default"
+                                    data-dismiss="modal"><?php echo $hesklang['close_modal_without_saving']; ?></button>
+                        </div>
+                    </div>
+                </form>
+                <script>
+                    buildValidatorForPermissionTemplates('createForm', '<?php echo $hesklang['select_at_least_one_value']; ?>');
+                </script>
+            </div>
+        </div>
+    </div>
+    <?php
+}
+
+function save()
+{
+    global $hesk_settings, $hesklang;
+
+    $templateId = hesk_POST('template_id');
+    $res = hesk_dbQuery("SELECT `heskprivileges`, `categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
+        WHERE `id` = " . intval($templateId));
+    $row = hesk_dbFetchAssoc($res);
+
+    // Add 'can ban emails' if 'can unban emails' is set (but not added). Same with 'can ban ips'
+    $catArray = hesk_POST_array('categories');
+    $featArray = hesk_POST_array('features');
+    validate($featArray, $catArray);
+    if (in_array('can_unban_emails', $featArray) && !in_array('can_ban_emails', $featArray)) {
+        array_push($catArray, 'can_ban_emails');
+    }
+    if (in_array('can_unban_ips', $featArray) && !in_array('can_ban_ips', $featArray)) {
+        array_push($featArray, 'can_ban_ips');
+    }
+    $categories = implode(',', $catArray);
+    $features = implode(',', $featArray);
+    $name = hesk_POST('name');
+
+    // Only allow users to add what they are allowed to add
+    // Admins can handle anything
+    if (!$_SESSION['isadmin']) {
+        // Update categories based on user visibility
+        $originalCategories = explode(',', $row['categories']);
+        $newCategories = array();
+        foreach ($originalCategories as $innerCategory) {
+            if (in_array($innerCategory, $catArray) && in_array($innerCategory, $_SESSION['categories'])) {
+                $newCategories[] = $innerCategory;
+            } elseif (!in_array($innerCategory, $catArray) && !in_array($innerCategory, $_SESSION['categories'])) {
+                // The user can't modify this, so keep it in
+                $newCategories[] = $innerCategory;
+            }
+            // If neither, the user removed it.
+        }
+
+        // Update features based on user visibility
+        $originalFeatures = explode(',', $row['heskprivileges']);
+        $newFeatures = array();
+        foreach ($originalFeatures as $innerFeature) {
+            if (in_array($innerFeature, $featArray) && strpos($_SESSION['heskprivileges'], $innerFeature) !== false) {
+                $newFeatures[] = $innerFeature;
+            } elseif (!in_array($innerFeature, $featArray) && strpos($_SESSION['heskprivileges'], $innerFeature) === false) {
+                // The user can't modify this, so keep it in
+                $newFeatures[] = $innerFeature;
+            }
+            // If neither, the user removed it.
+        }
+
+        $categories = implode(',', $newCategories);
+        $features = implode(',', $newFeatures);
+    }
+
+
+
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
+        SET `categories` = '" . hesk_dbEscape($categories) . "', `heskprivileges` = '" . hesk_dbEscape($features) . "',
+            `name` = '" . hesk_dbEscape($name) . "'
+        WHERE `id` = " . intval($templateId));
+
+    if ($row['categories'] != $categories || $row['heskprivileges'] != $features) {
+        // Any users with this template should have their permissions updated
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges` = '" . hesk_dbEscape($features) . "',
+            `categories` = '" . hesk_dbEscape($categories) . "'
+            WHERE `permission_template` = " . intval($templateId));
+    }
+
+    hesk_process_messages($hesklang['permission_group_updated'], $_SERVER['PHP_SELF'], 'SUCCESS');
+}
+
+function create()
+{
+    global $hesk_settings, $hesklang;
+
+    // Add 'can ban emails' if 'can unban emails' is set (but not added). Same with 'can ban ips'
+    $catArray = hesk_POST_array('categories');
+    $featArray = hesk_POST_array('features');
+    $name = hesk_POST('name');
+    validate($featArray, $catArray, true, $name);
+    if (in_array('can_unban_emails', $featArray) && !in_array('can_ban_emails', $featArray)) {
+        array_push($catArray, 'can_ban_emails');
+    }
+    if (in_array('can_unban_ips', $featArray) && !in_array('can_ban_ips', $featArray)) {
+        array_push($featArray, 'can_ban_ips');
+    }
+
+    $categories = implode(',', $catArray);
+    $features = implode(',', $featArray);
+
+    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` (`name`, `heskprivileges`, `categories`)
+        VALUES ('" . hesk_dbEscape($name) . "', '" . hesk_dbEscape($features) . "', '" . hesk_dbEscape($categories) . "')");
+
+    hesk_process_messages($hesklang['group_created'], $_SERVER['PHP_SELF'], 'SUCCESS');
+}
+
+function validate($features, $categories, $create = false, $name = '')
+{
+    global $hesklang;
+
+    $errorMarkup = '<ul>';
+    $isValid = true;
+    if ($create && $name == '') {
+        $errorMarkup .= '<li>' . $hesklang['group_name_required'] . '</li>';
+        $isValid = false;
+    }
+    if (count($features) == 0) {
+        $errorMarkup .= '<li>' . $hesklang['you_must_select_a_feature'] . '</li>';
+        $isValid = false;
+    }
+    if (count($categories) == 0) {
+        $errorMarkup .= '<li>' . $hesklang['you_must_select_a_category'] . '</li>';
+        $isValid = false;
+    }
+    $errorMarkup .= '</ul>';
+
+    if (!$isValid) {
+        $error = sprintf($hesklang['permission_group_error'], $errorMarkup);
+        hesk_process_messages($error, $_SERVER['PHP_SELF']);
+    }
+    return true;
+}
+
+function deleteTemplate()
+{
+    global $hesk_settings, $hesklang;
+
+    $id = hesk_GET('id');
+
+    // Admin/Staff templates cannot be deleted!
+    if ($id == 1 || $id == 2) {
+        hesk_process_messages($hesklang['cannot_delete_admin_or_staff'], $_SERVER['PHP_SELF']);
+    }
+
+    // Otherwise delete the template
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` WHERE `id` = " . intval($id));
+    if (hesk_dbAffectedRows() != 1) {
+        hesk_process_messages($hesklang['no_group_were_deleted'], $_SERVER['PHP_SELF']);
+    }
+
+    // Move all users who used to be in this group to "custom"
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `permission_template` = NULL
+        WHERE `permission_template` = " . intval($id));
+
+    hesk_process_messages($hesklang['permission_group_deleted'], $_SERVER['PHP_SELF'], 'SUCCESS');
+}
+
+?>

admin/manage_statuses.php

@@ -0,0 +1,909 @@
+<?php
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'ADMIN_STATUSES');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/status_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+hesk_checkPermission('can_man_ticket_statuses');
+
+define('WYSIWYG', 1);
+
+// Are we performing an action?
+if (isset($_REQUEST['a'])) {
+    if (defined('HESK_DEMO')) {
+        hesk_process_messages($hesklang['cannot_edit_status_demo'], 'manage_statuses.php');
+    } elseif ($_REQUEST['a'] == 'create') {
+        createStatus();
+    } elseif ($_REQUEST['a'] == 'update') {
+        updateStatus();
+    } elseif ($_REQUEST['a'] == 'delete') {
+        deleteStatus();
+    } elseif ($_REQUEST['a'] == 'sort') {
+        moveStatus();
+    } elseif ($_REQUEST['a'] == 'save') {
+        save();
+    }
+}
+
+$modsForHesk_settings = mfh_getSettings();
+
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+<div class="content-wrapper">
+    <section class="content">
+    <div class="box">
+        <div class="box-body">
+            <div class="nav-tabs-custom">
+                <ul class="nav nav-tabs" role="tablist">
+                    <?php
+                    // Show a link to banned_emails.php if user has permission
+                    if (hesk_checkPermission('can_ban_emails', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a>
+            </li>
+            ';
+                    }
+                    if (hesk_checkPermission('can_ban_ips', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>
+            </li>';
+                    }
+                    // Show a link to status_message.php if user has permission to do so
+                    if (hesk_checkPermission('can_service_msg', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
+            </li>';
+                    }
+                    if (hesk_checkPermission('can_man_email_tpl', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>
+            </li>
+            ';
+                    }
+                    ?>
+                    <li role="presentation" class="active">
+                        <a href="#"><?php echo $hesklang['statuses']; ?> <i class="fa fa-question-circle settingsquestionmark"
+                                                                            data-toggle="popover"
+                                                                            title="<?php echo $hesklang['statuses']; ?>"
+                                                                            data-content="<?php echo $hesklang['statuses_intro']; ?>"></i></a>
+                    </li>
+                    <?php
+                    if (hesk_checkPermission('can_man_settings', 0)) {
+                        echo '
+                    <li role="presentation">
+						<a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' .
+							$hesklang['tab_4']
+						. '</a>
+					</li>
+                        ';
+                    }
+                    ?>
+                </ul>
+                <div class="tab-content summaryList tabPadding">
+                    <div class="row">
+                        <div class="col-md-12">
+                            <?php
+                            /* This will handle error, success and notice messages */
+                            hesk_handle_messages();
+
+                            //-- We need to get all of the statuses and dump the information to the page.
+                            $numOfStatusesRS = hesk_dbQuery('SELECT 1 FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses`');
+                            $numberOfStatuses = hesk_dbNumRows($numOfStatusesRS);
+
+                            $statuses = mfh_getAllStatuses();
+                            ?>
+                            <form class="form-horizontal" method="post" action="manage_statuses.php" role="form">
+                                <div class="panel panel-default">
+                                    <div class="panel-heading">
+                                        <h4>
+                                            <?php echo $hesklang['statuses']; ?>
+                                            <span style="float: right; margin-top: -7px">
+                                                <button type="button" class="btn btn-success" data-toggle="modal" data-target="#modal-status-new">
+                                                    <i class="fa fa-plus-circle"></i>
+                                                    <?php
+                                                    echo $hesklang['new_status'];
+                                                    ?>
+                                                </button>
+                                            </span>
+                                        </h4>
+                                    </div>
+                                    <table class="table table-hover">
+                                        <thead>
+                                        <tr>
+                                            <th><?php echo $hesklang['status_name_title']; ?></th>
+                                            <th><?php echo $hesklang['closable_question']; ?></th>
+                                            <th><?php echo $hesklang['closedQuestionMark']; ?></th>
+                                            <th><?php echo $hesklang['actions']; ?></th>
+                                        </tr>
+                                        </thead>
+                                        <tbody>
+                                        <?php
+                                        $j = 1;
+                                        foreach ($statuses as $key => $row):
+                                            ?>
+                                            <tr id="s<?php echo $row['ID']; ?>_row">
+                                                <td class="bold" style="color: <?php echo $row['TextColor']; ?>">
+                                                    <?php echo $row['text']; ?>
+                                                </td>
+                                                <td>
+                                                    <?php
+                                                    if ($row['Closable'] == 'yes') {
+                                                        echo $hesklang['yes_title_case'];
+                                                    } elseif ($row['Closable'] == 'conly') {
+                                                        echo $hesklang['customers_only'];
+                                                    } elseif ($row['Closable'] == 'sonly') {
+                                                        echo $hesklang['staff_only'];
+                                                    } elseif ($row['Closable'] == 'no') {
+                                                        echo $hesklang['no_title_case'];
+                                                    }
+                                                    ?>
+                                                </td>
+                                                <td>
+                                                    <?php
+                                                    if ($row['IsClosed']) {
+                                                        echo '<i class="fa fa-check-circle icon-link green"></i>';
+                                                    }
+                                                    ?>
+                                                </td>
+                                                <td>
+                                        <span data-toggle="modal" data-target="#modal-status-<?php echo $row['ID']; ?>"
+                                              style="cursor: pointer;">
+                                            <i class="fa fa-pencil icon-link orange"
+                                               data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i>
+                                        </span>
+                                                    <?php echoArrows($j, $numberOfStatuses, $row['ID'], $modsForHesk_settings); ?>
+                                                    <?php
+                                                    // Only show the delete button if (1) it's not a default action and (2) no tickets are set to that status
+                                                    $delete = canStatusBeDeleted($row['ID']);
+                                                    $cursor = 'cursor: pointer';
+                                                    $iconStyle = 'color: red';
+                                                    $dataTarget = 'data-target="#modal-status-delete-' . $row['ID'] . '"';
+                                                    $tooltip = $hesklang['delete'];
+                                                    if ($delete == 'no-default' || $delete == 'no-tickets') {
+                                                        $cursor = '';
+                                                        $dataTarget = '';
+                                                        $iconStyle = 'color: grey';
+                                                    }
+                                                    if ($delete == 'no-default') {
+                                                        $tooltip = $hesklang['whyCantIDeleteThisStatusReason'];
+                                                    } elseif ($delete == 'no-tickets') {
+                                                        $tooltip = $hesklang['cannot_delete_status_tickets'];
+                                                    }
+                                                    ?>
+                                                    <span data-toggle="modal" <?php echo $dataTarget; ?>
+                                                          style="<?php echo $cursor; ?>;">
+                                            <i class="fa fa-times icon-link" style="<?php echo $iconStyle; ?>"
+                                               data-toggle="tooltip" title="<?php echo $tooltip; ?>"></i>
+                                        </span>
+                                                </td>
+                                            </tr>
+                                            <?php
+                                            $j++;
+                                        endforeach; ?>
+                                        </tbody>
+                                    </table>
+                                </div>
+                                <div class="panel panel-default">
+                                    <div class="panel-heading">
+                                        <h4><?php echo $hesklang['defaultStatusForAction']; ?></h4>
+                                    </div>
+                                    <div class="panel-body">
+                                        <div class="form-group">
+                                            <label for="newTicket"
+                                                   class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isNewTicketMsg']; ?></label>
+
+                                            <div class="col-sm-6 col-xs-12">
+                                                <select name="newTicket" class="form-control" id="newTicket">
+                                                    <?php
+                                                    foreach ($statuses as $key => $row) {
+                                                        if ($row['IsClosed'] == 1) {
+                                                            continue;
+                                                        }
+
+                                                        $selectedEcho = ($row['IsNewTicketStatus'] == 1) ? 'selected="selected"' : '';
+                                                        echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
+                                                    }
+                                                    ?>
+                                                </select>
+                                            </div>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="closedByClient"
+                                                   class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isClosedByClientMsg']; ?></label>
+
+                                            <div class="col-sm-6 col-xs-12">
+                                                <select name="closedByClient" class="form-control" id="closedByClient">
+                                                    <?php
+                                                    foreach ($statuses as $key => $row) {
+                                                        if ($row['IsClosed'] == 0) {
+                                                            continue;
+                                                        }
+
+                                                        $selectedEcho = ($row['IsClosedByClient'] == 1) ? 'selected="selected"' : '';
+                                                        echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
+                                                    }
+                                                    ?>
+                                                </select>
+                                            </div>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="replyFromClient"
+                                                   class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isRepliedByClientMsg']; ?></label>
+
+                                            <div class="col-sm-6 col-xs-12">
+                                                <select name="replyFromClient" class="form-control" id="replyFromClient">
+                                                    <?php
+                                                    foreach ($statuses as $key => $row) {
+                                                        if ($row['IsClosed'] == 1) {
+                                                            continue;
+                                                        }
+
+                                                        $selectedEcho = ($row['IsCustomerReplyStatus'] == 1) ? 'selected="selected"' : '';
+                                                        echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
+                                                    }
+                                                    ?>
+                                                </select>
+                                            </div>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="staffClosedOption"
+                                                   class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isStaffClosedOptionMsg']; ?></label>
+
+                                            <div class="col-sm-6 col-xs-12">
+                                                <select name="staffClosedOption" class="form-control" id="staffClosedOption">
+                                                    <?php
+                                                    foreach ($statuses as $key => $row) {
+                                                        if ($row['IsClosed'] == 0) {
+                                                            continue;
+                                                        }
+
+                                                        $selectedEcho = ($row['IsStaffClosedOption'] == 1) ? 'selected="selected"' : '';
+                                                        echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
+                                                    }
+                                                    ?>
+                                                </select>
+                                            </div>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="staffReopenedStatus"
+                                                   class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isStaffReopenedStatusMsg']; ?></label>
+
+                                            <div class="col-sm-6 col-xs-12">
+                                                <select name="staffReopenedStatus" class="form-control"
+                                                        id="staffReopenedStatus">
+                                                    <?php
+                                                    foreach ($statuses as $key => $row) {
+                                                        if ($row['IsClosed'] == 1) {
+                                                            continue;
+                                                        }
+
+                                                        $selectedEcho = ($row['IsStaffReopenedStatus'] == 1) ? 'selected="selected"' : '';
+                                                        echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
+                                                    }
+                                                    ?>
+                                                </select>
+                                            </div>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="defaultStaffReplyStatus"
+                                                   class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['isDefaultStaffReplyStatusMsg']; ?></label>
+
+                                            <div class="col-sm-6 col-xs-12">
+                                                <select name="defaultStaffReplyStatus" class="form-control"
+                                                        id="defaultStaffReplyStatus">
+                                                    <?php
+                                                    foreach ($statuses as $key => $row) {
+                                                        if ($row['IsClosed'] == 1) {
+                                                            continue;
+                                                        }
+
+                                                        $selectedEcho = ($row['IsDefaultStaffReplyStatus'] == 1) ? 'selected="selected"' : '';
+                                                        echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
+                                                    }
+                                                    ?>
+                                                </select>
+                                            </div>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="lockedTicketStatus"
+                                                   class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['lockedTicketStatusMsg']; ?></label>
+
+                                            <div class="col-sm-6 col-xs-12">
+                                                <select name="lockedTicketStatus" class="form-control" id="lockedTicketStatus">
+                                                    <?php
+                                                    foreach ($statuses as $key => $row) {
+                                                        $selectedEcho = ($row['LockedTicketStatus'] == 1) ? 'selected="selected"' : '';
+                                                        echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
+                                                    }
+                                                    ?>
+                                                </select>
+                                            </div>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="autocloseTicketOption"
+                                                   class="col-sm-6 col-xs-12 control-label"><?php echo $hesklang['autoclose_ticket_status']; ?></label>
+
+                                            <div class="col-sm-6 col-xs-12">
+                                                <select name="autocloseTicketOption" class="form-control"
+                                                        id="autocloseTicketOption">
+                                                    <?php
+                                                    foreach ($statuses as $key => $row) {
+                                                        if ($row['IsClosed'] == 0) {
+                                                            continue;
+                                                        }
+
+                                                        $selectedEcho = ($row['IsAutocloseOption'] == 1) ? 'selected' : '';
+                                                        echo '<option value="' . $row['ID'] . '" ' . $selectedEcho . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
+                                                    }
+                                                    ?>
+                                                </select>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </div>
+                                <div class="col-sm-6 col-sm-offset-6">
+                                    <input type="hidden" name="a" value="save">
+                                    <input type="submit" class="btn btn-default"
+                                           value="<?php echo $hesklang['save_changes']; ?>">
+                                </div>
+                            </form>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</section>
+</div>
+<?php
+foreach ($statuses as $status) {
+    buildEditModal($status['ID']);
+    buildConfirmDeleteModal($status['ID']);
+}
+buildCreateModal();
+
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+function buildConfirmDeleteModal($statusId)
+{
+    global $hesklang;
+
+    ?>
+    <div class="modal fade" id="modal-status-delete-<?php echo $statusId; ?>" tabindex="-1" role="dialog"
+         aria-labelledby="myLargeModalLabel" aria-hidden="true">
+        <div class="modal-dialog modal-lg">
+            <div class="modal-content">
+                <div class="modal-header">
+                    <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
+                            aria-hidden="true">&times;</span></button>
+                    <h4 class="modal-title"><?php echo $hesklang['confirm_delete_status_question']; ?></h4>
+                </div>
+                <div class="modal-body">
+                    <div class="row">
+                        <div class="col-md-12">
+                            <p><?php echo $hesklang['confirm_delete_status']; ?></p>
+                        </div>
+                    </div>
+                </div>
+                <div class="modal-footer">
+                    <input type="hidden" name="a" value="create">
+
+                    <div class="btn-group">
+                        <a href="manage_statuses.php?a=delete&id=<?php echo $statusId; ?>" class="btn btn-danger">
+                            <?php echo $hesklang['delete']; ?>
+                        </a>
+                        <button type="button" class="btn btn-default"
+                                data-dismiss="modal"><?php echo $hesklang['cancel']; ?></button>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+    <?php
+}
+
+function echoArrows($index, $numberOfStatuses, $statusId, $modsForHesk_settings)
+{
+    global $hesklang;
+
+    if ($modsForHesk_settings['statuses_order_column'] == 'name') {
+        return;
+    }
+
+    if ($index !== 1) {
+        // Display move up
+        echo '<a href="manage_statuses.php?a=sort&move=-15&id=' . $statusId . '">
+            <i class="fa fa-arrow-up icon-link green" data-toggle="tooltip"
+            title="' . htmlspecialchars($hesklang['move_up']) . '"></i></a> ';
+    } else {
+        echo '<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;"> ';
+    }
+
+    if ($index !== $numberOfStatuses) {
+        // Display move down
+        echo '<a href="manage_statuses.php?a=sort&move=15&id=' . $statusId . '">
+            <i class="fa fa-arrow-down icon-link green" data-toggle="tooltip"
+            title="' . htmlspecialchars($hesklang['move_dn']) . '"></i></a>';
+    } else {
+        echo '<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;">';
+    }
+
+}
+
+function buildCreateModal()
+{
+    global $hesklang, $hesk_settings;
+
+    $languages = array();
+    foreach ($hesk_settings['languages'] as $key => $value) {
+        $languages[$key] = $hesk_settings['languages'][$key]['folder'];
+    }
+    ?>
+    <div class="modal fade" id="modal-status-new" tabindex="-1" role="dialog" aria-labelledby="myLargeModalLabel"
+         aria-hidden="true">
+        <div class="modal-dialog modal-lg">
+            <div class="modal-content">
+                <form action="manage_statuses.php" role="form" method="post" class="form-horizontal" data-toggle="validator">
+                    <div class="modal-header">
+                        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
+                                aria-hidden="true">&times;</span></button>
+                        <h4 class="modal-title"><?php echo $hesklang['create_new_status_title']; ?></h4>
+                    </div>
+                    <div class="modal-body">
+                        <div class="row">
+                            <div class="col-md-6">
+                                <h4><?php echo $hesklang['status_name_title']; ?>
+                                    <i class="fa fa-question-circle settingsquestionmark"
+                                       data-toggle="popover"
+                                       title="<?php echo $hesklang['status_name_title']; ?>"
+                                       data-content="<?php echo $hesklang['status_name_title_help']; ?>"></i></h4>
+
+                                <div class="footerWithBorder blankSpace"></div>
+                                <?php foreach ($languages as $language => $languageCode): ?>
+                                    <div class="form-group">
+                                        <label class="col-sm-3 control-label" for="name[<?php echo $language; ?>]">
+                                            <?php echo $language; ?>
+                                        </label>
+
+                                        <div class="col-sm-9">
+                                            <input type="text" placeholder="<?php echo htmlspecialchars($language); ?>"
+                                                   data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                                   class="form-control" name="name[<?php echo $language; ?>]" required>
+                                            <div class="help-block with-errors"></div>
+                                        </div>
+                                    </div>
+                                <?php endforeach; ?>
+                            </div>
+                            <div class="col-md-6">
+                                <h4><?php echo $hesklang['properties']; ?></h4>
+
+                                <div class="footerWithBorder blankSpace"></div>
+                                <div class="form-group">
+                                    <label for="text-color" class="col-sm-4 control-label">
+                                        <?php echo $hesklang['textColor']; ?>
+                                        <i class="fa fa-question-circle settingsquestionmark"
+                                           data-toggle="popover"
+                                           title="<?php echo $hesklang['textColor']; ?>"
+                                           data-content="<?php echo $hesklang['textColorDescr']; ?>"></i>
+                                    </label>
+
+                                    <div class="col-sm-8">
+                                        <input type="text" name="text-color" class="form-control colorpicker-trigger"
+                                               data-color=""
+                                               data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                               placeholder="<?php echo htmlspecialchars($hesklang['textColor']); ?>" required>
+                                        <div class="help-block with-errors"></div>
+                                    </div>
+                                </div>
+                                <div class="form-group">
+                                    <label for="closable" class="col-sm-4 control-label">
+                                        <?php echo $hesklang['closable']; ?>
+                                        <i class="fa fa-question-circle settingsquestionmark"
+                                           data-toggle="htmlpopover"
+                                           title="<?php echo $hesklang['closable']; ?>"
+                                           data-content="<?php echo $hesklang['closable_description']; ?>"></i>
+                                    </label>
+
+                                    <div class="col-sm-8">
+                                        <select name="closable" class="form-control">
+                                            <option value="yes"><?php echo $hesklang['yes_title_case']; ?></option>
+                                            <option value="conly"><?php echo $hesklang['customers_only']; ?></option>
+                                            <option value="sonly"><?php echo $hesklang['staff_only']; ?></option>
+                                            <option value="no"><?php echo $hesklang['no_title_case']; ?></option>
+                                        </select>
+                                    </div>
+                                </div>
+                                <div class="form-group">
+                                    <label for="closed" class="col-sm-4 control-label">
+                                        <?php echo $hesklang['closed_title']; ?>
+                                        <i class="fa fa-question-circle settingsquestionmark"
+                                           data-toggle="htmlpopover"
+                                           title="<?php echo $hesklang['closed_title']; ?>"
+                                           data-content="<?php echo $hesklang['closedQuestionMarkDescr']; ?>"></i>
+                                    </label>
+
+                                    <div class="col-sm-8">
+                                        <select name="closed" class="form-control">
+                                            <option value="1"><?php echo $hesklang['yes_title_case']; ?></option>
+                                            <option value="0"><?php echo $hesklang['no_title_case']; ?></option>
+                                        </select>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="modal-footer">
+                        <input type="hidden" name="a" value="create">
+
+                        <div class="btn-group">
+                            <input type="submit" class="btn btn-success"
+                                   value="<?php echo $hesklang['save_changes']; ?>">
+                            <button type="button" class="btn btn-default"
+                                    data-dismiss="modal"><?php echo $hesklang['close_modal_without_saving']; ?></button>
+                        </div>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+    <?php
+}
+
+function buildEditModal($statusId)
+{
+    global $hesklang, $hesk_settings;
+
+    // Get status information for this status
+    $getStatusRs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `ID` = " . intval($statusId));
+    $status = hesk_dbFetchAssoc($getStatusRs);
+
+    $textRs = hesk_dbQuery("SELECT `language`, `text` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "text_to_status_xref`
+        WHERE `status_id` = " . intval($statusId));
+    $textArray = array();
+    while ($row = hesk_dbFetchAssoc($textRs)) {
+        $textArray[$row['language']] = $row['text'];
+    }
+
+    $languages = array();
+    foreach ($hesk_settings['languages'] as $key => $value) {
+        $languages[$key] = $hesk_settings['languages'][$key]['folder'];
+    }
+    ?>
+    <div class="modal fade" id="modal-status-<?php echo $statusId; ?>" tabindex="-1" role="dialog"
+         aria-labelledby="myLargeModalLabel" aria-hidden="true">
+        <div class="modal-dialog modal-lg">
+            <div class="modal-content">
+                <form action="manage_statuses.php" role="form" method="post" class="form-horizontal" data-toggle="validator">
+                    <div class="modal-header">
+                        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
+                                aria-hidden="true">&times;</span></button>
+                        <h4 class="modal-title"><?php echo sprintf($hesklang['editing_status_x'], $status['TextColor'], mfh_getDisplayTextForStatusId($statusId)); ?></h4>
+                    </div>
+                    <div class="modal-body">
+                        <div class="row">
+                            <div class="col-md-6">
+                                <h4>
+                                    <?php echo $hesklang['status_name_title']; ?>
+                                    <i class="fa fa-question-circle settingsquestionmark"
+                                       data-toggle="popover"
+                                       title="<?php echo $hesklang['status_name_title']; ?>"
+                                       data-content="<?php echo $hesklang['status_name_title_help']; ?>"></i>
+                                </h4>
+
+                                <div class="footerWithBorder blankSpace"></div>
+                                <?php foreach ($languages as $language => $languageCode):
+                                    $warning = '';
+                                    if (isset($textArray[$language])) {
+                                        $text = $textArray[$language];
+                                    } else {
+                                        hesk_setLanguage($language);
+                                        $text = $hesklang[$status['Key']];
+                                        hesk_resetLanguage();
+                                        $warning = 'has-warning';
+                                    }
+                                    ?>
+                                    <div class="form-group <?php echo $warning; ?>">
+                                        <label class="col-sm-3 control-label" for="name[<?php echo $language; ?>]">
+                                            <?php
+                                            if ($warning != '') {
+                                                echoWarningForStatus();
+                                            }
+                                            echo $language;
+                                            ?>
+                                        </label>
+
+                                        <div class="col-sm-9">
+                                            <input type="text" placeholder="<?php echo htmlspecialchars($language); ?>"
+                                                   class="form-control" name="name[<?php echo $language; ?>]"
+                                                   data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                                   value="<?php echo htmlspecialchars($text); ?>" required>
+                                            <div class="help-block with-errors"></div>
+                                        </div>
+                                    </div>
+                                <?php endforeach; ?>
+                            </div>
+                            <div class="col-md-6">
+                                <h4><?php echo $hesklang['properties']; ?></h4>
+
+                                <div class="footerWithBorder blankSpace"></div>
+                                <div class="form-group">
+                                    <label for="text-color" class="col-sm-4 control-label">
+                                        <?php echo $hesklang['textColor']; ?>
+                                        <i class="fa fa-question-circle settingsquestionmark"
+                                           data-toggle="popover"
+                                           title="<?php echo $hesklang['textColor']; ?>"
+                                           data-content="<?php echo $hesklang['textColorDescr']; ?>"></i>
+                                    </label>
+
+                                    <div class="col-sm-8">
+                                        <input type="text" name="text-color" class="form-control colorpicker-trigger"
+                                               value="<?php echo $status['TextColor']; ?>"
+                                               data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                               placeholder="<?php echo htmlspecialchars($hesklang['textColor']); ?>" required>
+                                        <div class="help-block with-errors"></div>
+                                    </div>
+                                </div>
+                                <div class="form-group">
+                                    <label for="closable" class="col-sm-4 control-label">
+                                        <?php echo $hesklang['closable']; ?>
+                                        <i class="fa fa-question-circle settingsquestionmark"
+                                           data-toggle="htmlpopover"
+                                           title="<?php echo $hesklang['closable']; ?>"
+                                           data-content="<?php echo $hesklang['closable_description']; ?>"></i>
+                                    </label>
+
+                                    <div class="col-sm-8">
+                                        <?php
+                                        $yesSelected = $status['Closable'] == 'yes' ? 'selected' : '';
+                                        $customersOnlySelected = $status['Closable'] == 'conly' ? 'selected' : '';
+                                        $staffOnlySelected = $status['Closable'] == 'sonly' ? 'selected' : '';
+                                        $noSelected = $status['Closable'] == 'no' ? 'selected' : '';
+                                        ?>
+                                        <select name="closable" class="form-control">
+                                            <option
+                                                value="yes" <?php echo $yesSelected; ?>><?php echo $hesklang['yes_title_case']; ?></option>
+                                            <option
+                                                value="conly" <?php echo $customersOnlySelected; ?>><?php echo $hesklang['customers_only']; ?></option>
+                                            <option
+                                                value="sonly" <?php echo $staffOnlySelected; ?>><?php echo $hesklang['staff_only']; ?></option>
+                                            <option
+                                                value="no" <?php echo $noSelected; ?>><?php echo $hesklang['no_title_case']; ?></option>
+                                        </select>
+                                    </div>
+                                </div>
+                                <div class="form-group">
+                                    <label for="closed" class="col-sm-4 control-label">
+                                        <?php echo $hesklang['closed_title']; ?>
+                                        <i class="fa fa-question-circle settingsquestionmark"
+                                           data-toggle="htmlpopover"
+                                           title="<?php echo $hesklang['closed_title']; ?>"
+                                           data-content="<?php echo $hesklang['closedQuestionMarkDescr']; ?>"></i>
+                                    </label>
+
+                                    <div class="col-sm-8">
+                                        <?php
+                                        $yes = $status['IsClosed'] == 1 ? 'selected' : '';
+                                        $no = $status['IsClosed'] == 1 ? '' : 'selected';
+                                        ?>
+                                        <select name="closed" class="form-control">
+                                            <option
+                                                value="1" <?php echo $yes; ?>><?php echo $hesklang['yes_title_case']; ?></option>
+                                            <option
+                                                value="0" <?php echo $no; ?>><?php echo $hesklang['no_title_case']; ?></option>
+                                        </select>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="modal-footer">
+                        <input type="hidden" name="a" value="update">
+                        <input type="hidden" name="status-id" value="<?php echo $statusId; ?>">
+
+                        <div class="btn-group">
+                            <input type="submit" class="btn btn-success"
+                                   value="<?php echo $hesklang['save_changes']; ?>">
+                            <button type="button" class="btn btn-default"
+                                    data-dismiss="modal"><?php echo $hesklang['close_modal_without_saving']; ?></button>
+                        </div>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+    <?php
+}
+
+function canStatusBeDeleted($id)
+{
+    global $hesk_settings;
+
+    $defaultActionSql = "SELECT 1 FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `ID` = " . intval($id) . " AND
+        (`IsNewTicketStatus` = 1 OR `IsClosedByClient` = 1 OR `IsCustomerReplyStatus` = 1 OR `IsStaffClosedOption` = 1
+            OR `IsStaffReopenedStatus` = 1 OR `IsDefaultStaffReplyStatus` = 1 OR `LockedTicketStatus` = 1 OR `IsAutocloseOption` = 1)";
+    $defaultActionRs = hesk_dbQuery($defaultActionSql);
+    if (hesk_dbNumRows($defaultActionRs) > 0) {
+        // it's a default action
+        return 'no-default';
+    }
+    // check if any tickets have this status
+    $statusRs = hesk_dbQuery("SELECT 1 FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` = " . intval($id));
+    if (hesk_dbNumRows($statusRs) > 0) {
+        return 'no-tickets';
+    }
+    return 'yes';
+}
+
+function echoWarningForStatus()
+{
+    global $hesklang;
+
+    echo '<i class="fa fa-exclamation-triangle" data-toggle="tooltip" title="' . htmlspecialchars($hesklang['status_not_in_database']) . '"></i> ';
+}
+
+function createStatus()
+{
+    global $hesklang, $hesk_settings;
+
+    hesk_dbConnect();
+
+    // Create the new status record
+    $isClosed = hesk_POST('closed');
+    $closable = hesk_POST('closable');
+    $textColor = hesk_POST('text-color');
+
+    /* Get the latest cat_order */
+    $res = hesk_dbQuery("SELECT `sort` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` ORDER BY `sort` DESC LIMIT 1");
+    $row = hesk_dbFetchRow($res);
+    $my_order = $row[0] + 10;
+
+    // Get the next status id
+    $res = hesk_dbQuery("SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` ORDER BY `ID` DESC LIMIT 1");
+    $row = hesk_dbFetchAssoc($res);
+    $nextId = $row['ID'] + 1;
+
+    $insert = "INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` (`ID`, `Key`, `TextColor`, `IsClosed`, `Closable`, `sort`)
+		VALUES (" . intval($nextId) . ", 'STORED IN XREF TABLE', '" . hesk_dbEscape($textColor) . "', " . intval($isClosed) . ", '" . hesk_dbEscape($closable) . "', " . intval($my_order) . ")";
+    hesk_dbQuery($insert);
+
+
+    // For each language, create a value in the xref table
+    foreach (hesk_POST_array('name') as $language => $translation) {
+        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "text_to_status_xref` (`language`, `text`, `status_id`)
+            VALUES ('" . hesk_dbEscape($language) . "', '" . hesk_dbEscape($translation) . "', " . intval($nextId) . ")");
+    }
+
+    hesk_process_messages($hesklang['new_status_created'], 'manage_statuses.php', 'SUCCESS');
+}
+
+function updateStatus()
+{
+    global $hesklang, $hesk_settings;
+
+    $statusId = hesk_POST('status-id');
+    $isClosed = hesk_POST('closed');
+    $closable = hesk_POST('closable');
+    $textColor = hesk_POST('text-color');
+    $update = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses`
+        SET `TextColor` = '" . hesk_dbEscape($textColor) . "',
+            `IsClosed` = " . intval($isClosed) . ",
+            `Closable` = '" . hesk_dbEscape($closable) . "'
+        WHERE `ID` = " . intval($statusId);
+    hesk_dbQuery($update);
+
+    // For each language, delete the xref record and insert the new ones
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "text_to_status_xref` WHERE `status_id` = " . intval($statusId));
+    foreach (hesk_POST_array('name') as $language => $translation) {
+        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "text_to_status_xref` (`language`, `text`, `status_id`)
+            VALUES ('" . hesk_dbEscape($language) . "', '" . hesk_dbEscape($translation) . "', " . intval($statusId) . ")");
+    }
+
+    hesk_process_messages($hesklang['ticket_status_updated'], 'manage_statuses.php', 'SUCCESS');
+}
+
+function deleteStatus()
+{
+    global $hesklang, $hesk_settings;
+
+    $statusId = hesk_GET('id');
+
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "text_to_status_xref` WHERE `status_id` = " . intval($statusId));
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `ID` = " . intval($statusId));
+    resortStatuses();
+
+    hesk_process_messages($hesklang['ticket_status_deleted'], 'manage_statuses.php', 'SUCCESS');
+}
+
+function moveStatus()
+{
+    global $hesk_settings, $hesklang;
+
+    $statusId = intval(hesk_GET('id'));
+    $statusMove = intval(hesk_GET('move'));
+
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` SET `sort` = `sort`+" . intval($statusMove) . "
+        WHERE `ID` = '" . intval($statusId) . "' LIMIT 1");
+
+    resortStatuses();
+
+    hesk_process_messages($hesklang['status_sort_updated'], 'manage_statuses.php', 'SUCCESS');
+}
+
+function resortStatuses()
+{
+    global $hesk_settings;
+
+    /* Update all category fields with new order */
+    $res = hesk_dbQuery("SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` ORDER BY `sort` ASC");
+    $i = 10;
+    while ($myStatus = hesk_dbFetchAssoc($res)) {
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` SET `sort`=" . intval($i) . "
+            WHERE `ID`='" . intval($myStatus['ID']) . "' LIMIT 1");
+        $i += 10;
+    }
+}
+
+function save()
+{
+    global $hesklang, $hesk_settings;
+
+    //-- Update default status for actions
+    $defaultQuery = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` SET ";
+
+    hesk_dbQuery($defaultQuery . "`IsNewTicketStatus` = 0");
+    $updateQuery = $defaultQuery . "`IsNewTicketStatus` = 1 WHERE `ID` = " . intval($_POST['newTicket']);
+    hesk_dbQuery($updateQuery);
+
+    hesk_dbQuery($defaultQuery . "`IsClosedByClient` = 0");
+    $updateQuery = $defaultQuery . "`IsClosedByClient` = 1 WHERE `ID` = " . intval($_POST['closedByClient']);
+    hesk_dbQuery($updateQuery);
+
+    hesk_dbQuery($defaultQuery . "`IsCustomerReplyStatus` = 0");
+    $updateQuery = $defaultQuery . "`IsCustomerReplyStatus` = 1 WHERE `ID` = " . intval($_POST['replyFromClient']);
+    hesk_dbQuery($updateQuery);
+
+    hesk_dbQuery($defaultQuery . "`IsStaffClosedOption` = 0");
+    $updateQuery = $defaultQuery . "`IsStaffClosedOption` = 1 WHERE `ID` = " . intval($_POST['staffClosedOption']);
+    hesk_dbQuery($updateQuery);
+
+    hesk_dbQuery($defaultQuery . "`IsStaffReopenedStatus` = 0");
+    $updateQuery = $defaultQuery . "`IsStaffReopenedStatus` = 1 WHERE `ID` = " . intval($_POST['staffReopenedStatus']);
+    hesk_dbQuery($updateQuery);
+
+    hesk_dbQuery($defaultQuery . "`IsDefaultStaffReplyStatus` = 0");
+    $updateQuery = $defaultQuery . "`IsDefaultStaffReplyStatus` = 1 WHERE `ID` = " . intval($_POST['defaultStaffReplyStatus']);
+    hesk_dbQuery($updateQuery);
+
+    hesk_dbQuery($defaultQuery . "`LockedTicketStatus` = 0");
+    $updateQuery = $defaultQuery . "`LockedTicketStatus` = 1 WHERE `ID` = " . intval($_POST['lockedTicketStatus']);
+    hesk_dbQuery($updateQuery);
+
+    hesk_dbQuery($defaultQuery . "`IsAutocloseOption` = 0");
+    $updateQuery = $defaultQuery . "`IsAutocloseOption` = 1 WHERE `ID` = " . intval($_POST['autocloseTicketOption']);
+    hesk_dbQuery($updateQuery);
+
+    hesk_process_messages($hesklang['default_statuses_updated'], 'manage_statuses.php', 'SUCCESS');
+}

admin/manage_ticket_templates.php

@@ -0,0 +1,488 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('VALIDATOR', 1);
+define('PAGE_TITLE', 'ADMIN_TICKET_TPL');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+$modsForHesk_settings = mfh_getSettings();
+
+/* Check permissions for this feature */
+hesk_checkPermission('can_man_ticket_tpl');
+
+// Define required constants
+define('LOAD_TABS', 1);
+
+if ($modsForHesk_settings['rich_text_for_tickets']) {
+    define('WYSIWYG', 1);
+}
+
+/* What should we do? */
+if ($action = hesk_REQUEST('a')) {
+    if (defined('HESK_DEMO')) {
+        hesk_process_messages($hesklang['ddemo'], 'manage_ticket_templates.php', 'NOTICE');
+    } elseif ($action == 'new') {
+        new_saved();
+    } elseif ($action == 'edit') {
+        edit_saved();
+    } elseif ($action == 'remove') {
+        remove();
+    } elseif ($action == 'order') {
+        order_saved();
+    }
+}
+
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+
+<script language="javascript" type="text/javascript"><!--
+    function confirm_delete() {
+        if (confirm('<?php echo hesk_makeJsString($hesklang['delete_tpl']); ?>')) {
+            return true;
+        }
+        else {
+            return false;
+        }
+    }
+    //-->
+</script>
+
+<?php
+// Get canned responses from database
+$result = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'ticket_templates` ORDER BY `tpl_order` ASC');
+$options = '';
+$javascript_messages = '';
+$javascript_titles = '';
+
+$i = 1;
+$j = 0;
+$num = hesk_dbNumRows($result);
+?>
+<div class="content-wrapper">
+    <section class="content">
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['saved_ticket_tpl']; ?>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
+            </div>
+        </div>
+        <div class="box-body">
+            <?php if ($num < 1) {
+                echo '<p>' . $hesklang['no_ticket_tpl'] . '</p>';
+            } else {
+                ?>
+                <table class="table table-hover">
+                    <thead>
+                    <tr>
+                        <th><?php echo $hesklang['ticket_tpl_title']; ?></th>
+                        <th><?php echo $hesklang['opt']; ?></th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    <?php
+
+                    while ($mysaved = hesk_dbFetchAssoc($result)) {
+                        $j++;
+                        $color = '';
+                        if (isset($_SESSION['canned']['selcat2']) && $mysaved['id'] == $_SESSION['canned']['selcat2']) {
+                            $color = 'success';
+                            unset($_SESSION['canned']['selcat2']);
+                        }
+
+                        $options .= '<option class="form-control" value="' . $mysaved['id'] . '"';
+                        $options .= (isset($_SESSION['canned']['id']) && $_SESSION['canned']['id'] == $mysaved['id']) ? ' selected="selected" ' : '';
+                        $options .= '>' . $mysaved['title'] . '</option>';
+
+                        if ($modsForHesk_settings['rich_text_for_tickets']) {
+                            $theMessage = html_entity_decode($mysaved['message']);
+                            $theMessage = addslashes($theMessage);
+                            $javascript_messages .= 'myMsgTxt[' . $mysaved['id'] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", $theMessage) . "';\n";
+                        } else {
+                            $javascript_messages .= 'myMsgTxt[' . $mysaved['id'] . ']=\'' . str_replace("\r\n", "\\r\\n' + \r\n'", addslashes($mysaved['message'])) . "';\n";
+                        }
+                        $javascript_titles .= 'myTitle[' . $mysaved['id'] . ']=\'' . addslashes($mysaved['title']) . "';\n";
+
+                        echo '
+                                    <tr>
+                                    <td>' . $mysaved['title'] . '</td>
+                                    <td class="text-left">
+                                    ';
+
+                        if ($num > 1) {
+                            if ($j == 1) {
+                                echo '<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
+                                        <a href="manage_ticket_templates.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '">
+                                            <i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['move_dn'] . '"></i></a>';
+                            } elseif ($j == $num) {
+                                echo '<a href="manage_ticket_templates.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['move_up'] . '"></i></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
+                            } else {
+                                echo '
+                                        <a href="manage_ticket_templates.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=-15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-up icon-link green" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['move_up'] . '"></i></a>
+                                        <a href="manage_ticket_templates.php?a=order&amp;replyid=' . $mysaved['id'] . '&amp;move=15&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-arrow-down icon-link green" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['move_dn'] . '"></i></a>
+                                        ';
+                            }
+                        } else {
+                            echo '';
+                        }
+
+                        echo '
+                                    <a name="'.$mysaved['title'].'" href="manage_ticket_templates.php?a=remove&amp;id=' . $mysaved['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();"><i class="fa fa-times icon-link red" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delete'] . '"></i></a></td>
+                                    </tr>
+                                    ';
+                    } // End while
+
+                    ?>
+                    </tbody>
+                </table>
+                <?php
+            }
+            ?>
+        </div>
+    </div>
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['new_ticket_tpl']; ?>
+                <a href="javascript:void(0)"
+                   onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['ticket_tpl_intro']); ?>')"><i
+                        class="fa fa-question-circle settingsquestionmark"></i></a>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
+            </div>
+        </div>
+        <div class="box-body">
+            <?php
+            /* This will handle error, success and notice messages */
+            hesk_handle_messages();
+
+            $onsubmit = '';
+            if ($modsForHesk_settings['rich_text_for_tickets']) {
+                $onsubmit = 'onsubmit="return validateRichText(\'message-help-block\', \'message-group\', \'message\', \''.htmlspecialchars($hesklang['this_field_is_required']).'\')"';
+            }
+            ?>
+            <form class="form-horizontal" action="manage_ticket_templates.php" method="post" name="form1" role="form" data-toggle="validator" <?php echo $onsubmit; ?>>
+                <?php
+                if ($num > 0) {
+                    ?>
+                    <div class="form-group">
+                        <div class="col-sm-12">
+                            <div class="row">
+                                <div class="col-sm-12">
+                                    <div class="radio">
+                                        <label>
+                                            <input type="radio" name="a"
+                                                   value="new" <?php echo (!isset($_SESSION['canned']['what']) || $_SESSION['canned']['what'] != 'EDIT') ? 'checked=' : ''; ?>>
+                                            <?php echo $hesklang['ticket_tpl_add']; ?>
+                                        </label>
+                                    </div>
+                                </div>
+                            </div>
+                            <div class="row">
+                                <div class="col-sm-6">
+                                    <div class="radio">
+                                        <label>
+                                            <input type="radio" name="a"
+                                                   value="edit" <?php echo (isset($_SESSION['canned']['what']) && $_SESSION['canned']['what'] == 'EDIT') ? 'checked' : ''; ?>>
+                                            <?php echo $hesklang['ticket_tpl_edit']; ?>
+                                        </label>
+                                    </div>
+                                </div>
+                                <div class="col-sm-6">
+                                    <select class="form-control" name="saved_replies" onchange="setMessage(this.value)">
+                                        <option value="0"> - <?php echo $hesklang['select_empty']; ?>-
+                                        </option><?php echo $options; ?></select>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <?php
+                } else {
+                    echo '<p><input type="hidden" name="a" value="new" /> ' . $hesklang['ticket_tpl_add'] . '</label></p>';
+                }
+                ?>
+                <div class="form-group">
+                    <label for="name" class="col-sm-2 control-label"><?php echo $hesklang['ticket_tpl_title']; ?></label>
+
+                    <div class="col-sm-10">
+                    <span id="HeskTitle">
+                        <input id="subject" class="form-control" type="text" name="name" size="40" maxlength="50"
+                               data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                               placeholder="<?php echo htmlspecialchars($hesklang['ticket_tpl_title']); ?>"
+                            <?php if (isset($_SESSION['canned']['name'])) {
+                                echo ' value="' . stripslashes($_SESSION['canned']['name']) . '" ';
+                            } ?> required>
+                    </span>
+                        <div class="help-block with-errors"></div>
+                    </div>
+                </div>
+                <div class="form-group" id="message-group">
+                    <label for="msg" class="col-sm-2 control-label"><?php echo $hesklang['message']; ?></label>
+
+                    <div class="col-sm-10">
+                    <span id="HeskMsg">
+                        <textarea id="message" class="form-control htmlEditor"
+                                  data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
+                                  placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>" name="msg"
+                                  rows="15" cols="70" required><?php
+                            if (isset($_SESSION['canned']['msg'])) {
+                                if ($modsForHesk_settings['rich_text_for_tickets']) {
+                                    echo $_SESSION['canned']['msg'];
+                                } else {
+                                    echo stripslashes($_SESSION['canned']['msg']);
+                                }
+                            }
+                            ?></textarea>
+                    </span>
+                        <div class="help-block with-errors" id="message-help-block"></div>
+                    </div>
+                </div>
+                <div class="form-group">
+                    <div class="col-sm-10 col-sm-offset-2">
+                        <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
+                        <input type="submit" value="<?php echo $hesklang['save_ticket_tpl']; ?>" class="btn btn-default">
+                    </div>
+                </div>
+            </form>
+        </div>
+    </div>
+</section>
+</div>
+<?php if ($modsForHesk_settings['rich_text_for_tickets']): ?>
+    <script type="text/javascript">
+        /* <![CDATA[ */
+    	$(document).ready(function() {
+        	$('.htmlEditor').summernote({
+			height: 200,
+			toolbar: [
+				['style', ['bold', 'italic', 'underline', 'clear']],
+				['font', ['strikethrough', 'superscript', 'subscript']],
+				['para', ['ul', 'ol']]
+			]
+		});
+        });
+        /* ]]> */
+    </script>
+<?php endif; ?>
+
+<script language="javascript" type="text/javascript"><!--
+    // -->
+    var myMsgTxt = new Array();
+    var myTitle = new Array();
+    myMsgTxt[0] = '';
+    myTitle[0] = '';
+
+    <?php
+    echo $javascript_titles;
+    echo $javascript_messages;
+    ?>
+
+    function setMessage(msgid) {
+        var useHtmlEditor = <?php echo $modsForHesk_settings['rich_text_for_tickets']; ?>;
+        var myMsg = myMsgTxt[msgid];
+        var mySubject = myTitle[msgid];
+
+        if (myMsg == '') {
+            if (useHtmlEditor) {
+                $("#message").summernote('reset');
+            }
+            else {
+                $('#message').val('');
+            }
+            $('#subject').val('');
+            return true;
+        }
+        if (document.getElementById) {
+            if (useHtmlEditor) {
+                $("#message").summernote('reset');
+                $("#message").summernote('editor.insertText', myMsg));
+            } else {
+                myMsg = $('<textarea />').html(myMsg).text();
+                $('#message').val(myMsg).trigger('input');
+            }
+            mySubject = $('<textarea />').html(mySubject).text();
+            $('#subject').val(mySubject).trigger('input');
+        }
+        else {
+            document.form1.message.value = myMsg;
+            document.form1.subject.value = mySubject;
+        }
+
+        if (msgid == 0) {
+            document.form1.a[0].checked = true;
+        } else {
+            document.form1.a[1].checked = true;
+        }
+
+    }
+    //-->
+</script>
+
+<?php
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+
+/*** START FUNCTIONS ***/
+
+function edit_saved()
+{
+    global $hesk_settings, $hesklang;
+
+    /* A security check */
+    hesk_token_check('POST');
+
+    $hesk_error_buffer = '';
+
+    $id = intval(hesk_POST('saved_replies')) or $hesk_error_buffer .= '<li>' . $hesklang['sel_ticket_tpl'] . '</li>';
+    $savename = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_title'] . '</li>';
+    $msg = hesk_input(hesk_POST('msg')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_msg'] . '</li>';
+
+    // Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
+    $msg = preg_replace('/\R/u', "\r\n", $msg);
+
+    $_SESSION['canned']['what'] = 'EDIT';
+    $_SESSION['canned']['id'] = $id;
+    $_SESSION['canned']['name'] = $savename;
+    $_SESSION['canned']['msg'] = $msg;
+
+    /* Any errors? */
+    if (strlen($hesk_error_buffer)) {
+        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
+        hesk_process_messages($hesk_error_buffer, 'manage_ticket_templates.php?saved_replies=' . $id);
+    }
+
+    $result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "'");
+
+    unset($_SESSION['canned']['what']);
+    unset($_SESSION['canned']['id']);
+    unset($_SESSION['canned']['name']);
+    unset($_SESSION['canned']['msg']);
+
+    hesk_process_messages($hesklang['ticket_tpl_saved'], 'manage_ticket_templates.php?saved_replies=' . $id, 'SUCCESS');
+} // End edit_saved()
+
+
+function new_saved()
+{
+    global $hesk_settings, $hesklang;
+
+    /* A security check */
+    hesk_token_check('POST');
+
+    $hesk_error_buffer = '';
+    $savename = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_title'] . '</li>';
+    $msg = hesk_input(hesk_POST('msg')) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_msg'] . '</li>';
+
+    // Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
+    $msg = preg_replace('/\R/u', "\r\n", $msg);
+
+    $_SESSION['canned']['what'] = 'NEW';
+    $_SESSION['canned']['name'] = $savename;
+    $_SESSION['canned']['msg'] = $msg;
+
+    /* Any errors? */
+    if (strlen($hesk_error_buffer)) {
+        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
+        hesk_process_messages($hesk_error_buffer, 'manage_ticket_templates.php');
+    }
+
+    /* Get the latest tpl_order */
+    $result = hesk_dbQuery('SELECT `tpl_order` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'ticket_templates` ORDER BY `tpl_order` DESC LIMIT 1');
+    $row = hesk_dbFetchRow($result);
+    $my_order = $row[0] + 10;
+
+    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` (`title`,`message`,`tpl_order`) VALUES ('" . hesk_dbEscape($savename) . "','" . hesk_dbEscape($msg) . "','" . intval($my_order) . "')");
+
+    unset($_SESSION['canned']['what']);
+    unset($_SESSION['canned']['name']);
+    unset($_SESSION['canned']['msg']);
+
+    hesk_process_messages($hesklang['ticket_tpl_saved'], 'manage_ticket_templates.php', 'SUCCESS');
+} // End new_saved()
+
+
+function remove()
+{
+    global $hesk_settings, $hesklang;
+
+    /* A security check */
+    hesk_token_check();
+
+    $mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']);
+
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` WHERE `id`='" . intval($mysaved) . "'");
+    if (hesk_dbAffectedRows() != 1) {
+        hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
+    }
+
+    hesk_process_messages($hesklang['ticket_tpl_removed'], 'manage_ticket_templates.php', 'SUCCESS');
+} // End remove()
+
+
+function order_saved()
+{
+    global $hesk_settings, $hesklang;
+
+    /* A security check */
+    hesk_token_check();
+
+    $tplid = intval(hesk_GET('replyid')) or hesk_error($hesklang['ticket_tpl_id']);
+    $_SESSION['canned']['selcat2'] = $tplid;
+
+    $tpl_move = intval(hesk_GET('move'));
+
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=`tpl_order`+" . intval($tpl_move) . " WHERE `id`='" . intval($tplid) . "'");
+    if (hesk_dbAffectedRows() != 1) {
+        hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
+    }
+
+    /* Update all category fields with new order */
+    $result = hesk_dbQuery('SELECT `id` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'ticket_templates` ORDER BY `tpl_order` ASC');
+
+    $i = 10;
+    while ($mytpl = hesk_dbFetchAssoc($result)) {
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=" . intval($i) . " WHERE `id`='" . intval($mytpl['id']) . "'");
+        $i += 10;
+    }
+
+    header('Location: manage_ticket_templates.php');
+    exit();
+} // End order_saved()
+
+?>

admin/move_category.php

@@ -0,0 +1,177 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+hesk_load_database_functions();
+require(HESK_PATH . 'inc/email_functions.inc.php');
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+$modsForHesk_settings = mfh_getSettings();
+
+/* Check permissions for this feature */
+if (hesk_checkPermission('can_change_cat', 0)) {
+    hesk_checkPermission('can_change_own_cat');
+}
+
+/* A security check */
+hesk_token_check('POST');
+
+/* Ticket ID */
+$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
+
+/* Category ID */
+$category = intval(hesk_POST('category', -1));
+if ($category < 1) {
+    hesk_process_messages($hesklang['incat'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'NOTICE');
+}
+
+/* Get new category details */
+$res = hesk_dbQuery("SELECT `name`,`autoassign` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='{$category}' LIMIT 1");
+if (hesk_dbNumRows($res) != 1) {
+    hesk_error("$hesklang[int_error]: $hesklang[kb_cat_inv].");
+}
+$row = hesk_dbFetchAssoc($res);
+
+/* Should tickets in new category be auto-assigned if necessary? */
+if (!$row['autoassign']) {
+    $hesk_settings['autoassign'] = false;
+}
+
+/* Is user allowed to view tickets in new category? */
+$category_ok = hesk_okCategory($category, 0);
+
+// Is user allowed to move tickets to this category?
+if ( ! $category_ok && ! hesk_checkPermission('can_change_cat', 0) ) {
+    hesk_process_messages($hesklang['noauth_move'],'admin_main.php');
+}
+
+/* Get details about the original ticket */
+$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+if (hesk_dbNumRows($res) != 1) {
+    hesk_error($hesklang['ticket_not_found']);
+}
+$ticket = hesk_dbFetchAssoc($res);
+
+
+/* Is the ticket assigned to someone? If yes, check that the user has access to category or change to unassigned */
+$need_to_reassign = 0;
+if ($ticket['owner']) {
+    if ($ticket['owner'] == $_SESSION['id'] && !$category_ok) {
+        $need_to_reassign = 1;
+    } else {
+        $res = hesk_dbQuery("SELECT `isadmin`,`categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($ticket['owner']) . "' LIMIT 1");
+        if (hesk_dbNumRows($res) != 1) {
+            $need_to_reassign = 1;
+        } else {
+            $tmp = hesk_dbFetchAssoc($res);
+            if (!hesk_okCategory($category, 0, $tmp['isadmin'], explode(',', $tmp['categories']))) {
+                $need_to_reassign = 1;
+            }
+        }
+    }
+}
+
+/* Reassign automatically if possible */
+$autoassign_owner = null;
+if ($need_to_reassign || !$ticket['owner']) {
+    $need_to_reassign = 1;
+    $autoassign_owner = hesk_autoAssignTicket($category);
+    if ($autoassign_owner) {
+        $ticket['owner'] = $autoassign_owner['id'];
+    } else {
+        $ticket['owner'] = 0;
+    }
+}
+
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `category`='" . intval($category) . "', `owner`='" . intval($ticket['owner']) . "' WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
+
+/* Log that ticket is being moved */
+mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_moved_category', hesk_date(), array(
+    0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
+    1 => $row['name']
+));
+
+if ($autoassign_owner) {
+    mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_autoassigned', hesk_date(), array(
+        0 => $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')'
+    ));
+}
+
+$ticket['category'] = $category;
+
+/* --> Prepare message */
+
+// 1. Generate the array with ticket info that can be used in emails
+$info = array(
+    'email' => $ticket['email'],
+    'category' => $ticket['category'],
+    'priority' => $ticket['priority'],
+    'owner' => $ticket['owner'],
+    'trackid' => $ticket['trackid'],
+    'status' => $ticket['status'],
+    'name' => $ticket['name'],
+    'subject' => $ticket['subject'],
+    'message' => $ticket['message'],
+    'attachments' => $ticket['attachments'],
+    'dt' => hesk_date($ticket['dt'], true),
+    'lastchange' => hesk_date($ticket['lastchange'], true),
+    'id' => $ticket['id'],'time_worked'   => $ticket['time_worked'],
+    'last_reply_by' => hesk_getReplierName($ticket),
+);
+
+// 2. Add custom fields to the array
+foreach ($hesk_settings['custom_fields'] as $k => $v) {
+    $info[$k] = $v['use'] ? $ticket[$k] : '';
+}
+
+// 3. Make sure all values are properly formatted for email
+$ticket = hesk_ticketToPlain($info, 1, 0);
+
+/* Need to notify any staff? */
+/* --> From autoassign? */
+if ($need_to_reassign && !empty($autoassign_owner['email'])) {
+    hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you', $modsForHesk_settings);
+} /* --> No autoassign, find and notify appropriate staff */
+elseif (!$ticket['owner']) {
+    hesk_notifyStaff('category_moved', "`notify_new_unassigned`='1' AND `id`!=" . intval($_SESSION['id']), $modsForHesk_settings);
+}
+
+/* Is the user allowed to view tickets in the new category? */
+if ($category_ok) {
+    /* Ticket has an owner */
+    if ($ticket['owner']) {
+        /* Staff is owner or can view tickets assigned to others */
+        if ($ticket['owner'] == $_SESSION['id'] || hesk_checkPermission('can_view_ass_others', 0)) {
+            hesk_process_messages($hesklang['moved_to'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
+        } else {
+            hesk_process_messages($hesklang['moved_to'], 'admin_main.php', 'SUCCESS');
+        }
+    } /* Ticket is unassigned, staff can view unassigned tickets */
+    elseif (hesk_checkPermission('can_view_unassigned', 0)) {
+        hesk_process_messages($hesklang['moved_to'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
+    } /* Ticket is unassigned, staff cannot view unassigned tickets */
+    else {
+        hesk_process_messages($hesklang['moved_to'], 'admin_main.php', 'SUCCESS');
+    }
+} else {
+    hesk_process_messages($hesklang['moved_to'], 'admin_main.php', 'SUCCESS');
+}
+?>

admin/password.php

@@ -0,0 +1,290 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'LOGIN');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+
+// Connect to database and check for brute force attempts
+hesk_load_database_functions();
+hesk_dbConnect();
+
+$modsForHesk_settings = mfh_getSettings();
+
+// Is the password reset function enabled?
+if (!$hesk_settings['reset_pass']) {
+    die($hesklang['attempt']);
+}
+
+// Allow additional 5 attempts in case the user is already blocked
+$hesk_settings['attempt_limit'] += 5;
+
+// Start session
+hesk_session_start();
+
+if (!isset($_SESSION['a_iserror'])) {
+    $_SESSION['a_iserror'] = array();
+}
+
+$hesk_error_buffer = array();
+
+// If this is a POST method, check input
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+    // Verify security image
+    if ($hesk_settings['secimg_use']) {
+        // Using ReCaptcha?
+        if ($hesk_settings['recaptcha_use']) {
+            require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php');
+
+            $resp = null;
+            $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
+
+            // Was there a reCAPTCHA response?
+            if (isset($_POST["g-recaptcha-response"])) {
+                $resp = $reCaptcha->verifyResponse(hesk_getClientIP(), hesk_POST("g-recaptcha-response"));
+            }
+
+            if ($resp != null && $resp->success) {
+                //$_SESSION['img_a_verified']=true;
+            } else {
+                $hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
+            }
+        } // Using PHP generated image
+        else {
+            $mysecnum = intval(hesk_POST('mysecnum', 0));
+
+            if (empty($mysecnum)) {
+                $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
+            } else {
+                require(HESK_PATH . 'inc/secimg.inc.php');
+                $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
+                if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
+                    //$_SESSION['img_a_verified'] = true;
+                } else {
+                    $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
+                }
+            }
+        }
+    }
+    hesk_limitBfAttempts();
+
+    // Get email
+    $email = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email'];
+
+    // Any errors?
+    if (count($hesk_error_buffer) != 0) {
+        $_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
+
+        $tmp = '';
+        foreach ($hesk_error_buffer as $error) {
+            $tmp .= "<li>$error</li>\n";
+        }
+        $hesk_error_buffer = $tmp;
+
+        $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
+        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
+    } elseif (defined('HESK_DEMO')) {
+        hesk_process_messages($hesklang['ddemo'], 'NOREDIRECT');
+    } else {
+        // Get user data from the database
+        $res = hesk_dbQuery("SELECT `id`, `name`, `pass` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `email` LIKE '" . hesk_dbEscape($email) . "' LIMIT 1");
+        if (hesk_dbNumRows($res) != 1) {
+            hesk_process_messages($hesklang['noace'], 'NOREDIRECT');
+        } else {
+            $row = hesk_dbFetchAssoc($res);
+            $hash = sha1(microtime() . hesk_getClientIP() . mt_rand() . $row['id'] . $row['name'] . $row['pass']);
+
+            // Insert the verification hash into the database
+            hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` (`user`, `hash`, `ip`) VALUES (" . intval($row['id']) . ", '{$hash}', '" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "') ");
+
+            // Prepare and send email
+            require(HESK_PATH . 'inc/email_functions.inc.php');
+
+            // Get the email message
+            $msg = hesk_getEmailMessage('reset_password', array(), $modsForHesk_settings, 1, 0, 1);
+            $htmlMsg = hesk_getHtmlMessage('reset_password', array(), $modsForHesk_settings, 1, 0, 1);
+
+            // Replace message special tags
+            $msg = str_replace('%%NAME%%', hesk_msgToPlain($row['name'], 1, 1), $msg);
+            $msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg);
+            $msg = str_replace('%%SITE_TITLE%%', $hesk_settings['site_title'], $msg);
+            $msg = str_replace('%%PASSWORD_RESET%%', $hesk_settings['hesk_url'] . '/' . $hesk_settings['admin_dir'] . '/password.php?h=' . $hash, $msg);
+            $htmlMsg = str_replace('%%NAME%%', hesk_msgToPlain($row['name'], 1, 1), $htmlMsg);
+            $htmlMsg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $htmlMsg);
+            $htmlMsg = str_replace('%%SITE_TITLE%%', $hesk_settings['site_title'], $htmlMsg);
+            $htmlMsg = str_replace('%%PASSWORD_RESET%%', $hesk_settings['hesk_url'] . '/' . $hesk_settings['admin_dir'] . '/password.php?h=' . $hash, $htmlMsg);
+
+            // Send email
+            hesk_mail($email, $hesklang['reset_password'], $msg, $htmlMsg, $modsForHesk_settings);
+
+            // Show success
+            hesk_process_messages($hesklang['pemls'], 'NOREDIRECT', 'SUCCESS');
+        }
+    }
+} // If the "h" parameter is set verify it and reset the password
+elseif (isset($_GET['h'])) {
+    // Get the hash
+    $hash = preg_replace('/[^a-zA-Z0-9]/', '', $_GET['h']);
+
+    // Connect to database
+    hesk_dbConnect();
+
+    // Expire verification hashes older than 2 hours
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` WHERE `dt` < (NOW() - INTERVAL 2 HOUR)");
+
+    // Verify the hash exists
+    $res = hesk_dbQuery("SELECT `user`, `ip` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` WHERE `hash` = '{$hash}' LIMIT 1");
+    if (hesk_dbNumRows($res) != 1) {
+        // Not a valid hash
+        hesk_limitBfAttempts();
+        hesk_process_messages($hesklang['ehash'], 'NOREDIRECT');
+    } else {
+        // Get info from database
+        $row = hesk_dbFetchAssoc($res);
+
+        // Only allow resetting password from the same IP address that submitted password reset request
+        if ($row['ip'] != $_SERVER['REMOTE_ADDR']) {
+            hesk_limitBfAttempts();
+            hesk_process_messages($hesklang['ehaip'], 'NOREDIRECT');
+        } else {
+            // Expire all verification hashes for this user
+            hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reset_password` WHERE `user`=" . intval($row['user']));
+
+            // Load additional required functions
+            require(HESK_PATH . 'inc/admin_functions.inc.php');
+
+            // Get user details
+            $res = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `id`=" . intval($row['user']) . " LIMIT 1");
+            $row = hesk_dbFetchAssoc($res);
+            foreach ($row as $k => $v) {
+                $_SESSION[$k] = $v;
+            }
+
+            // Set a tag that will be used to expire sessions after username or password change
+            $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['user'], $_SESSION['pass']);
+
+            // We don't need the password hash anymore
+            unset($_SESSION['pass']);
+
+            // Clean brute force attempts
+            hesk_cleanBfAttempts();
+
+            // Regenerate session ID (security)
+            hesk_session_regenerate_id();
+
+            // Get allowed categories
+            if (empty($_SESSION['isadmin'])) {
+                $_SESSION['categories'] = explode(',', $_SESSION['categories']);
+            }
+
+            // Redirect to the profile page
+            hesk_process_messages($hesklang['resim'], 'profile.php', 'NOTICE');
+            exit();
+
+        } // End IP matches
+    }
+}
+
+// Tell header to load reCaptcha API if needed
+if ($hesk_settings['recaptcha_use']) {
+    define('RECAPTCHA', 1);
+}
+
+$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['passr'];
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+?>
+<div class="login-box">
+    <div class="login-logo">
+        <?php echo $hesk_settings['hesk_title']; ?>
+    </div>
+    <div class="login-box-body">
+        <h4 class="login-box-msg">
+            <?php echo $hesklang['passr']; ?>
+        </h4>
+        <form action="password.php" method="post" name="form1" id="form1" class="form-horizontal" role="form">
+            <?php
+            /* This will handle error, success and notice messages */
+            hesk_handle_messages();
+
+            $has_error = '';
+            if (in_array('email', $_SESSION['a_iserror'])) {
+                $has_error = 'has-error';
+            }
+
+            $form_email = '';
+            if (isset($email)) {
+                $form_email = stripslashes(hesk_input($email));
+            }
+            ?>
+            <div class="form-group <?php echo $has_error; ?>">
+                <label for="email" class="col-sm-3 control-label">
+                    <?php echo $hesklang['email']; ?>
+                </label>
+                <div class="col-sm-9">
+                    <input type="text" name="email" size="35" value="<?php echo $form_email; ?>"
+                           class="form-control" placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>">
+                </div>
+            </div>
+            <?php
+            if ($hesk_settings['secimg_use'] && $hesk_settings['recaptcha_use'] != 1) {
+                ?>
+                <div class="form-group">
+                    <div class="col-sm-11 col-sm-offset-1">
+                        <?php
+                        // Use reCaptcha API v2?
+                        if ($hesk_settings['recaptcha_use'] == 2)
+                        {
+                        ?>
+                            <div class="g-recaptcha"
+                                 data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>"></div>
+                            <?php
+                        }
+                        // At least use some basic PHP generated image (better than nothing)
+                        else {
+                            $cls = in_array('mysecnum', $_SESSION['a_iserror']) ? ' class="isError" ' : '';
+
+                            echo $hesklang['sec_enter'] . '<br />&nbsp;<br /><img src="' . HESK_PATH . 'print_sec_img.php?' . rand(10000, 99999) . '" width="150" height="40" alt="' . $hesklang['sec_img'] . '" title="' . $hesklang['sec_img'] . '" border="1" name="secimg" style="vertical-align:text-bottom" /> ' .
+                                '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\'' . HESK_PATH . 'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="' . HESK_PATH . 'img/reload.png" height="24" width="24" alt="' . $hesklang['reload'] . '" title="' . $hesklang['reload'] . '" border="0" style="vertical-align:text-bottom" /></a>' .
+                                '<br />&nbsp;<br /><input type="text" name="mysecnum" size="20" maxlength="5" ' . $cls . ' />';
+                        }
+                        ?>
+                    </div>
+                </div>
+                <?php
+            }
+            ?>
+            <div class="form-group">
+                <div class="col-sm-9 col-sm-offset-3">
+                    <input type="submit" value="<?php echo $hesklang['passs']; ?>" class="btn btn-default">
+                </div>
+            </div>
+            <?php
+            // Use Invisible reCAPTCHA?
+            if ($hesk_settings['secimg_use'] && $hesk_settings['recaptcha_use'] == 1) {
+            ?>
+                <div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>" data-bind="recaptcha-submit" data-callback="recaptcha_submitForm"></div>
+            <?php
+            }
+            ?>
+        </form>
+    </div>
+</div>
+<?php
+// Clean session errors
+hesk_cleanSessionVars('a_iserror');
+hesk_cleanSessionVars('img_a_verified');
+?>

admin/priority.php

@@ -0,0 +1,73 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+/* Check permissions for this feature */
+hesk_checkPermission('can_view_tickets');
+hesk_checkPermission('can_reply_tickets');
+
+/* A security check */
+hesk_token_check('POST');
+
+/* Ticket ID */
+$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
+
+$priority   = intval( hesk_POST('priority') );
+if ($priority < 0 || $priority > 3)
+{
+	hesk_process_messages($hesklang['inpr'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'NOTICE');
+}
+
+$options = array(
+	0 => '<font class="critical">'.$hesklang['critical'].'</font>',
+	1 => '<font class="important">'.$hesklang['high'].'</font>',
+	2 => '<font class="medium">'.$hesklang['medium'].'</font>',
+	3 => $hesklang['low']
+);
+
+$plain_options = array(
+    0 => 'critical',
+    1 => 'high',
+    2 => 'medium',
+    3 => 'low'
+);
+
+$ticketRs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid` = '" . hesk_dbEscape($trackingID) . "'");
+$ticket = hesk_dbFetchAssoc($ticketRs);
+
+hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `priority`='{$priority}' WHERE `trackid`='".hesk_dbEscape($trackingID)."'");
+
+mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_priority', hesk_date(), array(
+    0 => $_SESSION['name'].' ('.$_SESSION['user'].')',
+    1 => $plain_options[$priority]
+));
+
+if (hesk_dbAffectedRows() != 1)
+{
+	hesk_process_messages($hesklang['inpr'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'NOTICE');
+}
+
+hesk_process_messages(sprintf($hesklang['chpri2'],$options[$priority]),'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
+?>

admin/profile.php

@@ -1,44 +1,27 @@
 <?php
-/*******************************************************************************
-*  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
-*  Author: Klemen Stirn
-*  Website: http://www.hesk.com
-********************************************************************************
-*  COPYRIGHT AND TRADEMARK NOTICE
-*  Copyright 2005-2013 Klemen Stirn. All Rights Reserved.
-*  HESK is a registered trademark of Klemen Stirn.
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
 
-*  The HESK may be used and modified free of charge by anyone
-*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
-*  By using this code you agree to indemnify Klemen Stirn from any
-*  liability that might arise from it's use.
-
-*  Selling the code for this program, in part or full, without prior
-*  written consent is expressly forbidden.
-
-*  Using this code, in part or full, to create derivate work,
-*  new scripts or products is expressly forbidden. Obtain permission
-*  before redistributing this software over the Internet or in
-*  any other medium. In all cases copyright and header must remain intact.
-*  This Copyright is in full effect in any country that has International
-*  Trade Agreements with the United States of America or
-*  with the European Union.
-
-*  Removing any of the copyright notices without purchasing a license
-*  is expressly forbidden. To remove HESK copyright notice you must purchase
-*  a license for this script. For more information on how to obtain
-*  a license please visit the page below:
-*  https://www.hesk.com/buy.php
-*******************************************************************************/
-
-define('IN_SCRIPT',1);
-define('HESK_PATH','../');
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'ADMIN_PROFILE');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
 
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/profile_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
 hesk_load_database_functions();
 
 hesk_session_start();
@@ -46,48 +29,38 @@ hesk_dbConnect();
 hesk_isLoggedIn();
 
 /* Check permissions */
-$can_view_tickets = hesk_checkPermission('can_view_tickets',0);
-$can_reply_tickets = hesk_checkPermission('can_reply_tickets',0);
-$can_view_unassigned = hesk_checkPermission('can_view_unassigned',0);
+$can_view_tickets = hesk_checkPermission('can_view_tickets', 0);
+$can_reply_tickets = hesk_checkPermission('can_reply_tickets', 0);
+$can_view_unassigned = hesk_checkPermission('can_view_unassigned', 0);
 
 /* Update profile? */
-if ( ! empty($_POST['action']))
-{
-	// Demo mode
-	if ( defined('HESK_DEMO') )
-	{
-		hesk_process_messages($hesklang['sdemo'], 'profile.php', 'NOTICE');
-	}
+if (!empty($_POST['action'])) {
+    // Demo mode
+    if (defined('HESK_DEMO')) {
+        hesk_process_messages($hesklang['sdemo'], 'profile.php', 'NOTICE');
+    }
 
-	// Update profile
-	update_profile();
-}
-else
-{
-	$res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1");
-	$tmp = hesk_dbFetchAssoc($res);
+    // Update profile
+    update_profile();
+} else {
+    $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
+    $tmp = hesk_dbFetchAssoc($res);
 
-	foreach ($tmp as $k=>$v)
-	{
-		if ($k == 'pass')
-        {
-			if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079')
-			{
-				define('WARN_PASSWORD',true);
-			}
-			continue;
+    foreach ($tmp as $k => $v) {
+        if ($k == 'pass') {
+            if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
+                define('WARN_PASSWORD', true);
+            }
+            continue;
+        } elseif ($k == 'categories') {
+            continue;
         }
-        elseif ($k == 'categories')
-		{
-			continue;
-		}
-		$_SESSION['new'][$k]=$v;
-	}
+        $_SESSION['new'][$k] = $v;
+    }
 }
 
-if ( ! isset($_SESSION['new']['username']))
-{
-	$_SESSION['new']['username'] = '';
+if (!isset($_SESSION['new']['username'])) {
+    $_SESSION['new']['username'] = '';
 }
 
 /* Print header */
@@ -96,216 +69,81 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 /* Print admin navigation */
 require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 ?>
-
-<div class="row">
-    <div class="col-md-8 col-md-offset-2" style="padding-top: 20px">
-        <?php
-        /* This will handle error, success and notice messages */
-        hesk_handle_messages();
-
-        if (defined('WARN_PASSWORD'))
-        {
-	        hesk_show_notice($hesklang['chdp2'],$hesklang['security']);
-        }
-        ?>
-
-        <h3><?php echo $hesklang['profile_for'].' <b>'.$_SESSION['new']['user']; ?></b></h3>
-        <h6><?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span></h6>
-        <div class="footerWithBorder blankSpace"></div>
-
-        <?php
-	if ($hesk_settings['can_sel_lang'])
-	{
-		/* Update preferred language in the database? */
-		if (isset($_GET['save_language']) )
-		{
-			$newlang = hesk_input( hesk_GET('language') );
-
-			/* Only update if it's a valid language */
-			if ( isset($hesk_settings['languages'][$newlang]) )
-			{
-            	$newlang = ($newlang == HESK_DEFAULT_LANGUAGE) ? "NULL" : "'" . hesk_dbEscape($newlang) . "'";
-				hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `language`=$newlang WHERE `id`='".intval($_SESSION['id'])."' LIMIT 1");
-			}
-		}
-
-		$str  = '<form class="form-horizontal" role="form" method="get" action="profile.php">';
-        $str .= '<input type="hidden" name="save_language" value="1" />';
-        $str .= '<div class="form-group">';
-        $str .= '<label for="language" class="col-sm-3 control-label">'.$hesklang['chol'].':</label>';
-
-        if ( ! isset($_GET) )
-        {
-        	$_GET = array();
-        }
-
-		foreach ($_GET as $k => $v)
-		{
-			if ($k == 'language' || $k == 'save_language')
-			{
-				continue;
-			}
-			$str .= '<input type="hidden" name="'.htmlentitieshesk_htmlentities($k).'" value="'.hesk_htmlentities($v).'" />';
-		}
-
-        $str .= '<div class="col-sm-9"><select class="form-control" name="language" onchange="this.form.submit()">';
-		$str .= hesk_listLanguages(0);
-		$str .= '</select></div>';
-        $str .= '</div>'
-
-	?>
-        <script language="javascript" type="text/javascript">
-		document.write('<?php echo str_replace(array('"','<','=','>'),array('\42','\74','\75','\76'),$str . '</form>'); ?>');
-        </script>
-        <noscript>
-        <?php
-        	echo $str . '<input type="submit" value="'.$hesklang['go'].'" /></form>';
-        ?>
-        </noscript>
-	<?php
-	}
-    ?>
-
-        <form role="form" class="form-horizontal" method="post" action="profile.php" name="form1">
-            <h4><?php echo $hesklang['pinfo']; ?></h4>
-            <div class="footerWithBorder blankSpace"></div>
-            <!-- Contact info -->
-            <div class="form-group">
-                <label for="name" class="col-sm-3 control-label"><?php echo $hesklang['name']; ?>: <font class="important">*</font></label>
-                <div class="col-sm-9">
-                    <input class="form-control" type="text" name="name" size="30" maxlength="50" value="<?php echo $_SESSION['new']['name']; ?>" placeholder="<?php echo $hesklang['name']; ?>" />
-                </div>
-            </div>
-            <div class="form-group">
-                <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label> 
-                <div class="col-sm-9">
-                    <input type="text" class="form-control" name="email" size="30" maxlength="255" value="<?php echo $_SESSION['new']['email']; ?>" placeholder="<?php echo $hesklang['email']; ?>"/>    
-                </div>    
+<div class="content-wrapper">
+    <section class="content">
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['profile_for']; ?> <b><?php echo $_SESSION['new']['user']; ?></b>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
             </div>
+        </div>
+        <div class="box-body">
+            <?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span>
             <?php
-            // Let admins change their username
-            if ($_SESSION['isadmin'])
-            {
-	        ?>
-	        <div class="form-group">
-	            <label for="user" class="col-sm-3 control-label"><?php echo $hesklang['username']; ?>: <font class="important">*</font></label>
-	            <div class="col-sm-9">
-                    <input type="text" class="form-control" name="user" size="30" maxlength="50" value="<?php echo $_SESSION['new']['user']; ?>" autocomplete="off" placeholder="<?php echo $hesklang['username']; ?>" />
-                </div>
-	        </div>
-            <?php
+            /* This will handle error, success and notice messages */
+            hesk_handle_messages();
+
+            if (defined('WARN_PASSWORD')) {
+                hesk_show_notice($hesklang['chdp2'], $hesklang['security']);
+            }
+
+            if ($hesk_settings['can_sel_lang']) {
+                /* Update preferred language in the database? */
+                if (isset($_GET['save_language'])) {
+                    $newlang = hesk_input(hesk_GET('language'));
+
+                    /* Only update if it's a valid language */
+                    if (isset($hesk_settings['languages'][$newlang])) {
+                        $newlang = ($newlang == HESK_DEFAULT_LANGUAGE) ? "NULL" : "'" . hesk_dbEscape($newlang) . "'";
+                        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `language`=$newlang WHERE `id`='" . intval($_SESSION['id']) . "'");
+                    }
+                }
+
+                $str = '<form class="form-horizontal" role="form" method="get" action="profile.php">';
+                $str .= '<input type="hidden" name="save_language" value="1" />';
+                $str .= '<div class="form-group">';
+                $str .= '<label for="language" class="col-sm-3 control-label">' . $hesklang['chol'] . ':</label>';
+
+                if (!isset($_GET)) {
+                    $_GET = array();
+                }
+
+                foreach ($_GET as $k => $v) {
+                    if ($k == 'language' || $k == 'save_language') {
+                        continue;
+                    }
+                    $str .= '<input type="hidden" name="' . htmlentitieshesk_htmlentities($k) . '" value="' . hesk_htmlentities($v) . '" />';
+                }
+
+                $str .= '<div class="col-sm-9"><select class="form-control" name="language" onchange="this.form.submit()">';
+                $str .= hesk_listLanguages(0);
+                $str .= '</select></div>';
+                $str .= '</div>'
+
+                ?>
+                <script language="javascript" type="text/javascript">
+                    document.write('<?php echo str_replace(array('"','<','=','>',"'"),array('\42','\74','\75','\76','\47'),$str . '</form>'); ?>');
+                </script>
+                <noscript>
+                    <?php
+                    echo $str . '<input type="submit" value="' . $hesklang['go'] . '" /></form>';
+                    ?>
+                </noscript>
+                <?php
             }
             ?>
-            <div class="form-group">
-                <label for="newpass" class="col-sm-3 control-label"><?php echo $hesklang['new_pass']; ?>:</label>
-                <div class="col-sm-9">
-                    <input type="password" class="form-control" name="newpass" size="30" onkeyup="javascript:hesk_checkPassword(this.value)" autocomplete="off" placeholder="<?php echo $hesklang['new_pass']; ?>" />     
-                </div>
-            </div>
-            <div class="form-group">
-                <label for="newpass2" class="col-sm-3 control-label"><?php echo $hesklang['confirm_pass']; ?>:</label>
-                <div class="col-sm-9">
-                    <input type="password" class="form-control" name="newpass2" size="30" autocomplete="off" placeholder="<?php echo $hesklang['confirm_pass']; ?>" />     
-                </div>     
-            </div>
-            <div class="form-group">
-                <label for="pwdStrength" class="col-sm-3 control-label"><?php echo $hesklang['pwdst']; ?>:</label>
-                <div class="col-sm-9">
-                    <div style="border: 1px solid gray; width: 100px;">
-	                    <div id="progressBar"
-	                         style="font-size: 1px; height: 14px; width: 0px; border: 1px solid white;">
-	                    </div>
-	                </div>         
-                </div>     
-            </div>
-            <h4><?php echo $hesklang['sig']; ?></h4>
-            <div class="footerWithBorder blankSpace"></div>
-            <!-- Signature -->
-            <div class="form-group">
-                <label for="signature" class="col-sm-3 control-label"><?php echo $hesklang['signature_max']; ?>:</label>
-                <div class="col-sm-9">
-                    <textarea class="form-control" name="signature" rows="6" cols="40" placholder="<?php echo $hesklang['sig']; ?>"><?php echo $_SESSION['new']['signature']; ?></textarea><br />
-	                <?php echo $hesklang['sign_extra']; ?>
-                </div>
-            </div>
-            <?php
-            if ($can_reply_tickets)                
-            {
-            ?>
-            <h4><?php echo $hesklang['pref']; ?></h4>
-            <div class="footerWithBorder blankSpace"></div>
-            <div class="form-group">
-                <label for="afterreply" class="col-sm-3 control-label"><?php echo $hesklang['aftrep']; ?>:</label>
-                <div class="col-sm-9">
-                    <div class="radio">
-                        <label><input type="radio" name="afterreply" value="0" <?php if (!$_SESSION['new']['afterreply']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['showtic']; ?></label>
-                    </div>
-                    <div class="radio">
-                        <label><input type="radio" name="afterreply" value="1" <?php if ($_SESSION['new']['afterreply'] == 1) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['gomain']; ?></label>
-                    </div>
-                    <div class="radio">    
-                        <label><input type="radio" name="afterreply" value="2" <?php if ($_SESSION['new']['afterreply'] == 2) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['shownext']; ?></label>
-                    </div>
-                </div>
-            </div>
-            <div class="form-group">
-                <label for="autostart" class="col-sm-3 control-label"><?php echo $hesklang['ts']; ?>:</label>
-                <div class="col-sm-9">
-                    <div class="checkbox">
-                        <label><input type="checkbox" name="autostart" value="1" <?php if (!empty($_SESSION['new']['autostart'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['autoss']; ?></label>     
-                    </div>     
-                </div>     
-            </div>
-            <?php } ?>
-            <h4><?php echo $hesklang['notn']; ?></h4>
-            <h6><?php echo $hesklang['nomw']; ?></h6>
-            <div class="footerWithBorder blankSpace"></div>
-            <div class="form-group">
-                <?php
-                if ($can_view_tickets)
-                {
-		            if ($can_view_unassigned)
-		            {
-			            ?>
-			            <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_new_unassigned" value="1" <?php if (!empty($_SESSION['new']['notify_new_unassigned'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['nwts']; ?> <?php echo $hesklang['unas']; ?></label></div></div>
-			            <?php
-		            }
-		            else
-                    {
-			            ?>
-			            <input type="hidden" name="notify_new_unassigned" value="0" />
-			            <?php
-		            }
-		            ?>
 
-		            <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_new_my" value="1" <?php if (!empty($_SESSION['new']['notify_new_my'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['nwts']; ?> <?php echo $hesklang['s_my']; ?></label></div></div>
-
-                    <?php if ($can_view_unassigned)
-		            {
-			            ?>
-			            <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_reply_unassigned" value="1" <?php if (!empty($_SESSION['new']['notify_reply_unassigned'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['ncrt']; ?> <?php echo $hesklang['unas']; ?></label></div></div>
-			            <?php
-		            }
-		            else
-		            {
-			            ?>
-			            <input type="hidden" name="notify_reply_unassigned" value="0" />
-			            <?php
-		            }
-		            ?>
-	                <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_reply_my" value="1" <?php if (!empty($_SESSION['new']['notify_reply_my'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['ncrt']; ?> <?php echo $hesklang['s_my']; ?></label></div></div>
-                    <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_assigned" value="1" <?php if (!empty($_SESSION['new']['notify_assigned'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['ntam']; ?></label></div></div>
-	                <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_note" value="1" <?php if (!empty($_SESSION['new']['notify_note'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['ntnote']; ?></label></div></div>
-                <?php
-                } // END $can_view_tickets
-                ?>
-                <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_pm" value="1" <?php if (!empty($_SESSION['new']['notify_pm'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['npms']; ?></label></div></div>
-            </div>
-            <input type="hidden" name="action" value="update" />
-            <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" /> 
-	        <div style="text-align: center"><input type="submit" class="btn btn-default" value="<?php echo $hesklang['update_profile']; ?>" class="orangebutton" /></div>
-        </form>
+            <form role="form" class="form-horizontal" method="post" action="profile.php" name="form1" data-toggle="validator">
+                <?php hesk_profile_tab('new'); ?>
+            </form>
+        </div>
     </div>
+</section>
 </div>
 
 <?php
@@ -315,136 +153,162 @@ exit();
 
 /*** START FUNCTIONS ***/
 
-function update_profile() {
-	global $hesk_settings, $hesklang, $can_view_unassigned;
+function update_profile()
+{
+    global $hesk_settings, $hesklang, $can_view_unassigned;
 
-	/* A security check */
-	hesk_token_check('POST');
+    /* A security check */
+    hesk_token_check('POST');
 
     $sql_pass = '';
     $sql_username = '';
 
     $hesk_error_buffer = '';
 
-	$_SESSION['new']['name']  = hesk_input( hesk_POST('name') ) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
-	$_SESSION['new']['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
-	$_SESSION['new']['signature'] = hesk_input( hesk_POST('signature') );
+    $_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
+    $_SESSION['new']['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '<li>' . $hesklang['enter_valid_email'] . '</li>';
+    $_SESSION['new']['signature'] = hesk_input(hesk_POST('signature'));
 
-	/* Signature */
-	if (strlen($_SESSION['new']['signature'])>255)
-    {
-		$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
+    /* Signature */
+    if (hesk_mb_strlen($_SESSION['new']['signature']) > 1000) {
+        $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
     }
 
     /* Admins can change username */
-    if ($_SESSION['isadmin'])
-    {
-		$_SESSION['new']['user']  = hesk_input( hesk_POST('user') ) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
+    if ($_SESSION['isadmin']) {
+        $_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
 
-	    /* Check for duplicate usernames */
-		$result = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `user`='".hesk_dbEscape($_SESSION['new']['user'])."' AND `id`!='".intval($_SESSION['id'])."' LIMIT 1");
-		if (hesk_dbNumRows($result) != 0)
-		{
-	        $hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
-		}
-        else
-        {
-        	$sql_username =  ",`user`='" . hesk_dbEscape($_SESSION['new']['user']) . "'";
+        /* Check for duplicate usernames */
+        $result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1");
+        if (hesk_dbNumRows($result) != 0) {
+            $hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
+        } else {
+            $sql_username = ",`user`='" . hesk_dbEscape($_SESSION['new']['user']) . "'";
         }
     }
 
-	/* Change password? */
-    $newpass = hesk_input( hesk_POST('newpass') );
+    /* Change password? */
+    $newpass = hesk_input(hesk_POST('newpass'));
     $passlen = strlen($newpass);
-	if ($passlen > 0)
-	{
+    if ($passlen > 0) {
         /* At least 5 chars? */
-        if ($passlen < 5)
-        {
-        	$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
-        }
-        /* Check password confirmation */
-        else
-        {
-        	$newpass2 = hesk_input( hesk_POST('newpass2') );
+        if ($passlen < 5) {
+            $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
+        } /* Check password confirmation */
+        else {
+            $newpass2 = hesk_input(hesk_POST('newpass2'));
 
-			if ($newpass != $newpass2)
-			{
-				$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
-			}
-            else
-            {
-				$v = hesk_Pass2Hash($newpass);
-				if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079')
-				{
-					define('WARN_PASSWORD',true);
-				}
-				$sql_pass = ',`pass`=\''.$v.'\'';
+            if ($newpass != $newpass2) {
+                $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
+            } else {
+                $newpass_hash = hesk_Pass2Hash($newpass);
+                if ($newpass_hash == '499d74967b28a841c98bb4baaabaad699ff3c079') {
+                    define('WARN_PASSWORD', true);
+                }
+                $sql_pass = ',`pass`=\'' . $newpass_hash . '\'';
             }
         }
-	}
+    }
 
     /* After reply */
-    $_SESSION['new']['afterreply'] = intval( hesk_POST('afterreply') );
-    if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2)
-    {
-    	$_SESSION['new']['afterreply'] = 0;
+    $_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply'));
+    if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) {
+        $_SESSION['new']['afterreply'] = 0;
+    }
+    $_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
+    $_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
+    $_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
+    $_SESSION['new']['autoreload'] = isset($_POST['autoreload']) ? 1 : 0;
+
+    if ($_SESSION['new']['autoreload']) {
+        $_SESSION['new']['autoreload'] = intval(hesk_POST('reload_time'));
+
+        if (hesk_POST('secmin') == 'min') {
+            $_SESSION['new']['autoreload'] *= 60;
+        }
+
+        if ($_SESSION['new']['autoreload'] < 0 || $_SESSION['new']['autoreload'] > 65535) {
+            $_SESSION['new']['autoreload'] = 30;
+        }
+    } else {
+        hesk_setcookie('autorefresh', '');
     }
 
     /* Auto-start ticket timer */
     $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
 
+    /* Default calendar view */
+    $_SESSION['new']['default_calendar_view'] = hesk_POST('default-calendar-view', 0);
+
     /* Notifications */
-    $_SESSION['new']['notify_new_unassigned']	= empty($_POST['notify_new_unassigned']) || ! $can_view_unassigned ? 0 : 1;
-    $_SESSION['new']['notify_new_my'] 			= empty($_POST['notify_new_my']) ? 0 : 1;
-    $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || ! $can_view_unassigned ? 0 : 1;
-    $_SESSION['new']['notify_reply_my']			= empty($_POST['notify_reply_my']) ? 0 : 1;
-    $_SESSION['new']['notify_assigned']			= empty($_POST['notify_assigned']) ? 0 : 1;
-    $_SESSION['new']['notify_note']				= empty($_POST['notify_note']) ? 0 : 1;
-    $_SESSION['new']['notify_pm']				= empty($_POST['notify_pm']) ? 0 : 1;
+    if (!(!$_SESSION[$session_array]['isadmin'] && isset($_SESSION[$session_array]['heskprivileges'])
+        && strpos($_SESSION[$session_array]['heskprivileges'], 'can_change_notification_settings') === false)) {
+        $_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1;
+        $_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
+        $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1;
+        $_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
+        $_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
+        $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
+        $_SESSION['new']['notify_note_unassigned'] = empty($_POST['notify_note_unassigned']) ? 0 : 1;
+        $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
+        $_SESSION['new']['notify_overdue_unassigned'] = empty($_POST['notify_overdue_unassigned']) ? 0 : 1;
+    }
 
     /* Any errors? */
-    if (strlen($hesk_error_buffer))
-    {
-		/* Process the session variables */
-		$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
+    if (strlen($hesk_error_buffer)) {
+        /* Process the session variables */
+        $_SESSION['new'] = hesk_stripArray($_SESSION['new']);
 
-		$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
-		hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
-    }
-    else
-    {
-		/* Update database */
-		hesk_dbQuery(
-        "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET
-	    `name`='".hesk_dbEscape($_SESSION['new']['name'])."',
-	    `email`='".hesk_dbEscape($_SESSION['new']['email'])."',
-		`signature`='".hesk_dbEscape($_SESSION['new']['signature'])."'
+        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
+        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
+    } else {
+        /* Update database */
+        hesk_dbQuery(
+            "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET
+	    `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',
+	    `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',
+		`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'
         $sql_username
 		$sql_pass ,
-	    `afterreply`='".intval($_SESSION['new']['afterreply'])."' ,
-        `autostart`='".intval($_SESSION['new']['autostart'])."' ,
-	    `notify_new_unassigned`='".intval($_SESSION['new']['notify_new_unassigned'])."' ,
-        `notify_new_my`='".intval($_SESSION['new']['notify_new_my'])."' ,
-        `notify_reply_unassigned`='".intval($_SESSION['new']['notify_reply_unassigned'])."' ,
-        `notify_reply_my`='".intval($_SESSION['new']['notify_reply_my'])."' ,
-        `notify_assigned`='".intval($_SESSION['new']['notify_assigned'])."' ,
-        `notify_pm`='".intval($_SESSION['new']['notify_pm'])."',
-        `notify_note`='".intval($_SESSION['new']['notify_note'])."'
-	    WHERE `id`='".intval($_SESSION['id'])."' LIMIT 1"
+	    `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,
+        `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,
+        `autoreload`='".($_SESSION['new']['autoreload'])."' ,
+	    `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,
+        `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,
+        `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,
+        `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,
+        `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,
+        `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',
+        `notify_note`='" . intval($_SESSION['new']['notify_note']) . "',
+        `notify_note_unassigned`='" . intval($_SESSION['new']['notify_note_unassigned']) . "',
+        `notify_customer_new`='" . $_SESSION['new']['notify_customer_new'] . "',
+        `notify_customer_reply`='" . $_SESSION['new']['notify_customer_reply'] . "',
+        `notify_overdue_unassigned`='" . $_SESSION['new']['notify_overdue_unassigned'] . "',
+        `show_suggested`='" . $_SESSION['new']['show_suggested'] . "',
+        `default_calendar_view`=" . intval($_SESSION['new']['default_calendar_view']) . "
+	    WHERE `id`='" . intval($_SESSION['id']) . "'"
         );
 
-		/* Process the session variables */
-		$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
+        /* Process the session variables */
+        $_SESSION['new'] = hesk_stripArray($_SESSION['new']);
+
+        // Do we need a new session_verify tag?
+        if (strlen($sql_username) && strlen($sql_pass)) {
+            $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], $newpass_hash);
+        } elseif (strlen($sql_pass)) {
+            $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['user'], $newpass_hash);
+        } elseif (strlen($sql_username)) {
+            $res = hesk_dbQuery('SELECT `pass` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
+            $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], hesk_dbResult($res));
+        }
 
         /* Update session variables */
-        foreach ($_SESSION['new'] as $k => $v)
-        {
-        	$_SESSION[$k] = $v;
+        foreach ($_SESSION['new'] as $k => $v) {
+            $_SESSION[$k] = $v;
         }
         unset($_SESSION['new']);
 
-	    hesk_process_messages($hesklang['profile_updated_success'],'profile.php','SUCCESS');
+        hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS');
     }
 } // End update_profile()
 

admin/service_messages.php

@@ -0,0 +1,439 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'ADMIN_SERVICE_MESSAGES');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
+define('EXTRA_JS', '<script src="'.HESK_PATH.'internal-api/js/service-messages.js"></script>');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+/* Check permissions for this feature */
+hesk_checkPermission('can_service_msg');
+
+// Define required constants
+define('WYSIWYG', 1);
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+<div class="content-wrapper">
+    <section class="content">
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['manage_service_messages']; ?>
+                <i class="fa fa-question-circle settingsquestionmark" data-toggle="tooltip"
+                   title="<?php echo hesk_makeJsString($hesklang['sm_intro']); ?>"
+                    data-placement="bottom"></i>
+            </h1>
+        </div>
+        <div class="box-body">
+            <div class="row">
+                <div class="col-md-12 text-right">
+                    <button id="create-button" class="btn btn-success">
+                        <i class="fa fa-plus-circle"></i>&nbsp;
+                        <?php echo $hesklang['create_new']; ?>
+                    </button>
+                </div>
+                <div class="col-sm-12">
+                    <?php
+
+                    if ($hesk_settings['kb_wysiwyg']) {
+                        ?>
+                        <script type="text/javascript">
+                            /* <![CDATA[ */
+                            $(document).ready(function() {
+                                $('#content').summernote({
+                                height: 200,
+                                toolbar: [
+                                    ['style', ['bold', 'italic', 'underline', 'clear']],
+                                    ['font', ['strikethrough', 'superscript', 'subscript']],
+                                    ['para', ['ul', 'ol']]
+                                ]
+                            });
+                            });
+                            /* ]]> */
+                        </script>
+                        <input type="hidden" name="kb_wysiwyg" value="1">
+                        <?php
+                    } else {
+                        ?>
+                        <input type="hidden" name="kb_wysiwyg" value="0">
+                        <?php
+                    }
+                    ?>
+                    <table class="table table-hover">
+                        <thead>
+                        <tr>
+                            <th style="display: none"><?php echo $hesklang['id']; ?></th>
+                            <th><?php echo $hesklang['sm_mtitle']; ?></th>
+                            <th><?php echo $hesklang['sm_author']; ?></th>
+                            <th><?php echo $hesklang['lgs']; ?></th>
+                            <th><?php echo $hesklang['sm_type']; ?></th>
+                            <th><?php echo $hesklang['opt']; ?></th>
+                        </tr>
+                        </thead>
+                        <tbody id="table-body">
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+        <div class="overlay" id="overlay">
+            <i class="fa fa-spinner fa-spin"></i>
+        </div>
+    </div>
+</section>
+</div>
+<div class="modal fade" id="service-message-modal" tabindex="-1" role="dialog" style="overflow: hidden">
+    <div class="modal-dialog modal-lg" role="document">
+        <div class="modal-content">
+            <div class="modal-header">
+                <button type="button" class="close cancel-callback" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+                <h4 class="modal-title" id="myModalLabel">
+                    <span id="edit-label"><?php echo $hesklang['edit_sm']; ?></span>
+                    <span id="create-label"><?php echo $hesklang['new_sm']; ?></span>
+                </h4>
+            </div>
+            <form id="service-message" class="form-horizontal" data-toggle="validator" method="post">
+                <div class="modal-body">
+                    <ul class="nav nav-tabs" role="tablist">
+                        <li role="presentation" class="active"><a href="#sm-contents" role="tab" data-toggle="tab"><?php echo $hesklang['kb_content']; ?></a></li>
+                        <li role="presentation"><a href="#properties" role="tab" data-toggle="tab"><?php echo $hesklang['properties']; ?></a></li>
+                    </ul><br>
+                    <div class="tab-content">
+                        <div role="tabpanel" class="tab-pane active" id="sm-contents">
+                            <div class="form-group">
+                                <label for="title"
+                                       class="col-md-2 control-label"><?php echo $hesklang['sm_mtitle']; ?></label>
+                                <div class="col-md-10">
+                                    <input class="form-control"
+                                           placeholder="<?php echo htmlspecialchars($hesklang['sm_mtitle']); ?>"
+                                           type="text" name="title" size="70" maxlength="255"
+                                           data-error="<?php echo htmlspecialchars($hesklang['sm_e_title']); ?>" required>
+                                    <div class="help-block with-errors"></div>
+                                </div>
+                            </div>
+                            <div class="form-group">
+                                <label for="message"
+                                       class="col-md-2 control-label"><?php echo $hesklang['sm_msg']; ?></label>
+
+                                <div class="col-md-10">
+                            <textarea placeholder="<?php echo htmlspecialchars($hesklang['sm_msg']); ?>"
+                                      class="form-control" name="message" id="content"></textarea>
+                                </div>
+                            </div>
+                        </div>
+                        <div role="tabpanel" class="tab-pane" id="properties">
+                            <div class="form-group">
+                                <label for="language" class="col-md-2 control-label">
+                                    <?php echo $hesklang['lgs']; ?>
+                                </label>
+                                <div class="col-md-10">
+                                    <select name="language" class="form-control">
+                                        <option value="ALL"><?php echo $hesklang['all']; ?></option>
+                                        <?php foreach($hesk_settings['languages'] as $name => $info): ?>
+                                        <option value="<?php echo $info['folder']; ?>">
+                                            <?php echo $name; ?>
+                                        </option>
+                                        <?php endforeach; ?>
+                                    </select>
+                                </div>
+                            </div>
+                            <div class="form-group">
+                                <div class="row" style="padding-bottom: 10px;">
+                                    <label for="style"
+                                           class="col-md-2 control-label"><?php echo $hesklang['sm_style']; ?></label>
+
+                                    <div class="col-md-3">
+                                        <div class="radio alert pad-5" style="box-shadow: none; border-radius: 4px;">
+                                            <label>
+                                                <input type="radio" name="style" value="0" onclick="setIcon('')">
+                                                <?php echo $hesklang['sm_none']; ?>
+                                            </label>
+                                        </div>
+                                    </div>
+                                    <div class="col-md-3">
+                                        <div class="radio alert alert-success pad-5">
+                                            <label style="margin-top: -5px">
+                                                <input type="radio" name="style" value="1" onclick="setIcon('fa fa-check-circle')">
+                                                <?php echo $hesklang['sm_success']; ?>
+                                            </label>
+                                        </div>
+                                    </div>
+                                    <div class="col-md-3">
+                                        <div class="radio alert alert-info pad-5" onclick="setIcon('fa fa-comment')">
+                                            <label style="margin-top: -5px">
+                                                <input type="radio" name="style" value="2">
+                                                <?php echo $hesklang['sm_info']; ?>
+                                            </label>
+                                        </div>
+                                    </div>
+                                </div>
+                                <div class="row">
+                                    <div class="col-md-3 col-md-offset-2">
+                                        <div class="radio alert alert-warning pad-5">
+                                            <label style="margin-top: -5px">
+                                                <input type="radio" name="style" value="3"
+                                                       onclick="setIcon('fa fa-exclamation-triangle')">
+                                                <?php echo $hesklang['sm_notice']; ?>
+                                            </label>
+                                        </div>
+                                    </div>
+                                    <div class="col-md-3">
+                                        <div class="radio alert alert-danger pad-5">
+                                            <label style="margin-top: -5px">
+                                                <input type="radio" name="style" value="4" onclick="setIcon('fa fa-times-circle')">
+                                                <?php echo $hesklang['sm_error']; ?>
+                                            </label>
+                                        </div>
+                                    </div>
+                                </div>
+                            </div>
+                            <div class="form-group">
+                                <label for="icon" class="col-md-2 control-label"><?php echo $hesklang['sm_icon']; ?></label>
+                                <div class="col-md-10">
+                                    <p style="display:none" id="no-icon"><?php echo $hesklang['sm_no_icon']; ?></p>
+
+                                    <p style="display:none" id="search-icon"><?php echo $hesklang['sm_search_icon']; ?></p>
+
+                                    <p style="display:none"
+                                       id="footer-icon"><?php echo $hesklang['sm_iconpicker_footer_label']; ?></p>
+
+                                    <div name="icon" class="btn btn-default iconpicker-container" data-toggle="iconpicker"
+                                         data-search="false" data-icon=""></div>
+                                </div>
+                            </div>
+                            <div class="form-group">
+                                <label for="type" class="col-md-2 control-label"><?php echo $hesklang['sm_type']; ?></label>
+
+                                <div class="col-md-2">
+                                    <div class="radio pad-5">
+                                        <label>
+                                            <input type="radio" name="type" value="0">
+                                            <?php echo $hesklang['sm_published']; ?>
+                                        </label>
+                                    </div>
+                                </div>
+                                <div class="col-md-2">
+                                    <div class="radio pad-5">
+                                        <label>
+                                            <input type="radio" name="type" value="1">
+                                            <?php echo $hesklang['sm_draft']; ?>
+                                        </label>
+                                    </div>
+                                </div>
+                            </div>
+                            <div class="form-group">
+                                <label for="location" class="col-md-2 control-label"><?php echo $hesklang['sm_location']; ?></label>
+                                <div class="col-sm-4" style="margin-left:20px">
+                                    <h5 style="text-decoration: underline;"><?php echo $hesklang['sm_customer_pages']; ?></h5>
+                                    <div class="btn-group btn-group-sm">
+                                        <div data-select-all="customer-location" class="btn btn-default">
+                                            <?php echo $hesklang['select_all_title_case']; ?>
+                                        </div>
+                                        <div data-deselect-all="customer-location" class="btn btn-default">
+                                            <?php echo $hesklang['deselect_all_title_case']; ?>
+                                        </div>
+                                    </div>
+                                    <div class="checkbox">
+                                        <input data-select-target="customer-location" type="checkbox"
+                                               name="location[]" value="CUSTOMER_HOME"> <?php echo $hesklang['sm_homepage']; ?>
+                                    </div>
+                                    <?php if ($hesk_settings['kb_enable'] > 0): ?>
+                                    <div class="checkbox">
+                                        <input data-select-target="customer-location" type="checkbox"
+                                               name="location[]" value="CUSTOMER_KB_HOME"> <?php echo $hesklang['sm_kb_home']; ?>
+                                    </div>
+                                    <div class="checkbox">
+                                        <input data-select-target="customer-location" type="checkbox"
+                                               name="location[]" value="CUSTOMER_VIEW_KB_ARTICLE"> <?php echo $hesklang['sm_view_kb_article']; ?>
+                                    </div>
+                                    <?php endif; if ($hesk_settings['kb_enable'] != 2): ?>
+                                    <div class="checkbox">
+                                        <input data-select-target="customer-location" type="checkbox"
+                                               name="location[]" value="CUSTOMER_SUBMIT_TICKET"> <?php echo $hesklang['sm_submit_ticket']; ?>
+                                    </div>
+                                    <div class="checkbox">
+                                        <input data-select-target="customer-location" type="checkbox"
+                                               name="location[]" value="CUSTOMER_VIEW_TICKET"> <?php echo $hesklang['sm_view_ticket']; ?>
+                                    </div>
+                                    <?php endif; ?>
+                                </div>
+                                <div class="col-sm-4" style="margin-left:20px">
+                                    <h5 style="text-decoration: underline;"><?php echo $hesklang['sm_staff_pages']; ?></h5>
+                                    <div class="btn-group btn-group-sm">
+                                        <div data-select-all="staff-location" class="btn btn-default">
+                                            <?php echo $hesklang['select_all_title_case']; ?>
+                                        </div>
+                                        <div data-deselect-all="staff-location" class="btn btn-default">
+                                            <?php echo $hesklang['deselect_all_title_case']; ?>
+                                        </div>
+                                    </div>
+                                    <div class="checkbox">
+                                        <input data-select-target="staff-location" type="checkbox"
+                                               name="location[]" value="STAFF_LOGIN"> <?php echo $hesklang['sm_login_page']; ?>
+                                    </div>
+                                    <div class="checkbox">
+                                        <input data-select-target="staff-location" type="checkbox"
+                                               name="location[]" value="STAFF_HOME"> <?php echo $hesklang['sm_homepage']; ?>
+                                    </div>
+                                    <?php if ($hesk_settings['kb_enable'] > 0): ?>
+                                    <div class="checkbox">
+                                        <input data-select-target="staff-location" type="checkbox"
+                                               name="location[]" value="STAFF_KB_HOME"> <?php echo $hesklang['sm_kb_home']; ?>
+                                    </div>
+                                    <div class="checkbox">
+                                        <input data-select-target="staff-location" type="checkbox"
+                                               name="location[]" value="STAFF_VIEW_KB_ARTICLE"> <?php echo $hesklang['sm_view_kb_article']; ?>
+                                    </div>
+                                    <?php endif; if ($hesk_settings['kb_enable'] != 2): ?>
+                                    <div class="checkbox">
+                                        <input data-select-target="staff-location" type="checkbox"
+                                               name="location[]" value="STAFF_SUBMIT_TICKET"> <?php echo $hesklang['sm_submit_ticket']; ?>
+                                    </div>
+                                    <div class="checkbox">
+                                        <input data-select-target="staff-location" type="checkbox"
+                                               name="location[]" value="STAFF_VIEW_TICKET"> <?php echo $hesklang['sm_view_ticket']; ?>
+                                    </div>
+                                    <?php endif; ?>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <div id="preview-pane"></div>
+                </div>
+                <div class="modal-footer">
+                    <input type="hidden" name="id">
+                    <input type="hidden" name="order">
+                    <div id="action-buttons" class="btn-group">
+                        <button type="button" class="btn btn-default cancel-button cancel-callback" data-dismiss="modal">
+                            <i class="fa fa-times-circle"></i>
+                            <span><?php echo $hesklang['cancel']; ?></span>
+                        </button>
+                        <button type="button" class="btn btn-primary preview-button">
+                            <i class="fa fa-search"></i>
+                            <span><?php echo $hesklang['sm_preview']; ?></span>
+                        </button>
+                        <button type="submit" class="btn btn-success save-button">
+                            <i class="fa fa-check-circle"></i>
+                            <span><?php echo $hesklang['save']; ?></span>
+                        </button>
+                    </div>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+<?php
+echo mfh_get_hidden_fields_for_language(array(
+    'sm_published',
+    'sm_draft',
+    'no_sm',
+    'sm_added',
+    'sm_mdf',
+    'error_saving_updating_sm',
+    'sm_deleted',
+    'error_deleting_sm',
+    'error_sorting_categories',
+    'error_retrieving_sm',
+    'all',
+    'e_udel',
+));
+
+echo '<script>var users = [];';
+$usersRs = hesk_dbQuery("SELECT `id`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1'");
+$users = array();
+while ($row = hesk_dbFetchAssoc($usersRs)) {
+    $users[] = $row;
+    echo "users[" . $row['id'] . "] = {
+        id: ".$row['id'].",
+        name: '".$row['name']."'
+    }\n";
+}
+echo "
+var languages = [];\n";
+foreach ($hesk_settings['languages'] as $key => $value) {
+    echo "languages[" . json_encode($value['folder']) . "] = " . json_encode($key) . ";\n";
+}
+echo '</script>';
+?>
+<script type="text/html" id="service-message-title-template">
+<div class="{{CLASS}}">
+    <i data-property="icon"></i>
+    <b data-property="title"></b>
+</div>
+</script>
+<script type="text/html" id="service-message-preview-template">
+    <?php
+    $sm = array(
+        'icon' => 'fa',
+        'style' => 0,
+        'title' => '{{TITLE}}',
+        'message' => '{{MESSAGE}}'
+    );
+    hesk_service_message($sm);
+    ?>
+</script>
+<script type="text/html" id="service-message-template">
+<tr>
+    <td style="display: none"><span data-property="id" data-value="x"></span></td>
+    <td><span data-property="title"></span></td>
+    <td><span data-property="author"></span></td>
+    <td><span data-property="language"></span></td>
+    <td><span data-property="type"></span></td>
+    <td>
+        <span class="sort-arrows">
+            <a href="#" data-action="sort"
+               data-direction="up">
+                <i class="fa fa-fw fa-arrow-up icon-link green"
+                   data-toggle="tooltip" title="<?php echo $hesklang['move_up']; ?>"></i>
+            </a>
+            <a href="#" data-action="sort"
+               data-direction="down">
+                <i class="fa fa-fw fa-arrow-down icon-link green"
+                   data-toggle="tooltip" title="<?php echo $hesklang['move_dn'] ?>"></i>
+            </a>
+        </span>
+        <a name="Edit Service Message" href="#" data-action="edit">
+            <i class="fa fa-fw fa-pencil icon-link orange"
+               data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i>
+        </a>
+        <a name="Delete Service Message" href="#" data-action="delete">
+            <i class="fa fa-fw fa-times icon-link red"
+               data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i>
+        </a>
+    </td>
+</tr>
+</script>
+
+<?php
+
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+?>

admin/show_tickets.php

@@ -1,88 +1,106 @@
 <?php
-/*******************************************************************************
-*  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
-*  Author: Klemen Stirn
-*  Website: http://www.hesk.com
-********************************************************************************
-*  COPYRIGHT AND TRADEMARK NOTICE
-*  Copyright 2005-2013 Klemen Stirn. All Rights Reserved.
-*  HESK is a registered trademark of Klemen Stirn.
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
 
-*  The HESK may be used and modified free of charge by anyone
-*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
-*  By using this code you agree to indemnify Klemen Stirn from any
-*  liability that might arise from it's use.
-
-*  Selling the code for this program, in part or full, without prior
-*  written consent is expressly forbidden.
-
-*  Using this code, in part or full, to create derivate work,
-*  new scripts or products is expressly forbidden. Obtain permission
-*  before redistributing this software over the Internet or in
-*  any other medium. In all cases copyright and header must remain intact.
-*  This Copyright is in full effect in any country that has International
-*  Trade Agreements with the United States of America or
-*  with the European Union.
-
-*  Removing any of the copyright notices without purchasing a license
-*  is expressly forbidden. To remove HESK copyright notice you must purchase
-*  a license for this script. For more information on how to obtain
-*  a license please visit the page below:
-*  https://www.hesk.com/buy.php
-*******************************************************************************/
-
-define('IN_SCRIPT',1);
-define('HESK_PATH','../');
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'ADMIN_TICKET');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
 
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/status_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
 hesk_load_database_functions();
 
 hesk_session_start();
 hesk_dbConnect();
 hesk_isLoggedIn();
 
-define('CALENDAR',1);
+define('CALENDAR', 1);
+define('AUTO_RELOAD',1);
 
 /* Check permissions for this feature */
 hesk_checkPermission('can_view_tickets');
 
+
 /* Print header */
 require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
-
-/* Print admin navigation */
 require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 
 ?>
+<div class="content-wrapper">
+    <section class="content">
+    <?php hesk_handle_messages(); ?>
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['tickets']; ?>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
+            </div>
+        </div>
+        <div class="box-body">
+            <div class="row">
+                <div class="col-xs-6 text-left">
+                    <div class="checkbox">
+                        <label>
+                            <input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
+                            <?php echo $hesklang['arp']; ?>
+                            <span id="timer"></span>
+                        </label>
+                    </div>
+                    <script type="text/javascript">heskCheckReloading();</script>
+                </div>
+                <div class="col-xs-6 text-right">
+                    <a href="new_ticket.php" class="btn btn-success">
+                        <span class="glyphicon glyphicon-plus-sign"></span>
+                        <?php echo $hesklang['nti']; ?>
+                    </a>
+                </div>
+            </div>
+            <?php
+            /* Print the list of tickets */
+            $is_search = 1;
+            require_once(HESK_PATH . 'inc/print_tickets.inc.php');
+            echo '<br>';
+            /* Update staff default settings? */
+            if (!empty($_GET['def'])) {
+                hesk_updateStaffDefaults();
+            }
 
-<div class="col-md-8 col-md-offset-2">
+            /* Print forms for listing and searching tickets */
+            require_once(HESK_PATH . 'inc/show_search_form.inc.php');
+            ?>
+        </div>
+    </div>
     <?php
-    /* This will handle error, success and notice messages */
-    hesk_handle_messages();
-    ?>
-    <h3 style="text-align: center"><?php echo $hesklang['tickets']; ?></h3>
-    <?php
-        /* Print the list of tickets */
-        $is_search = 1;
-        require_once(HESK_PATH . 'inc/print_tickets.inc.php');
-
-        /* Update staff default settings? */
-        if ( ! empty($_GET['def']))
-        {
-	        hesk_updateStaffDefaults();
-        }
-    
-        /* Print forms for listing and searching tickets */
-        require_once(HESK_PATH . 'inc/show_search_form.inc.php');
-
-        /* Print footer */
-        require_once(HESK_PATH . 'inc/footer.inc.php');
-        exit();
-
+
+    /* Clean unneeded session variables */
+    hesk_cleanSessionVars('hide');
     ?>
+</section>
 </div>
+<?php
+
+
+/* Print footer */
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+?>
 
 

admin/view_message_log.php

@@ -0,0 +1,111 @@
+<?php
+
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../');
+define('PAGE_TITLE', 'ADMIN_LOGS');
+define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+hesk_checkPermission('can_view_logs');
+
+define('EXTRA_JS', '<script src="'.HESK_PATH.'internal-api/js/view-message-log.js"></script>');
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+<div class="content-wrapper">
+    <section class="content">
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['search_logs']; ?>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
+            </div>
+        </div>
+        <div class="box-body">
+            <div class="form-horizontal">
+                <div class="form-group">
+                    <label for="location" class="control-label col-sm-4">
+                        <?php echo $hesklang['custom_place']; ?>
+                    </label>
+                    <div class="col-sm-8">
+                        <input type="text" name="location" class="form-control" placeholder="<?php echo hesk_htmlspecialchars($hesklang['custom_place']); ?>">
+                    </div>
+                </div>
+                <div class="form-group">
+                    <label for="date" class="control-label col-sm-4">
+                        <?php echo $hesklang['date_logged']; ?>
+                    </label>
+                    <div class="col-sm-8">
+                        <input type="text" name="from-date" class="datepicker form-control white-readonly no-bottom-round-corners no-bottom-border" placeholder="<?php echo hesk_htmlspecialchars($hesklang['from_date']); ?>" readonly>
+                        <input type="text" name="to-date" class="datepicker form-control white-readonly no-top-round-corners" placeholder="<?php echo hesk_htmlspecialchars($hesklang['to_date']); ?>" readonly>
+                    </div>
+                </div>
+                <div class="form-group">
+                    <label for="severity" class="control-label col-sm-4"><?php echo $hesklang['severity']; ?></label>
+                    <div class="col-sm-8">
+                        <select name="severity" class="form-control">
+                            <option value="-1" selected><?php echo $hesklang['all']; ?></option>
+                            <option value="0"><?php echo $hesklang['debug']; ?></option>
+                            <option value="1"><?php echo $hesklang['info']; ?></option>
+                            <option value="2"><?php echo $hesklang['warning_title_case']; ?></option>
+                            <option value="3"><?php echo $hesklang['sm_error']; ?></option>
+                        </select>
+                    </div>
+                </div>
+                <div class="form-group">
+                    <div class="col-sm-8 col-sm-offset-4">
+                        <button class="btn btn-default" id="search-button"><?php echo $hesklang['search']; ?></button>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+    <div class="box">
+        <div class="box-header with-border">
+            <h1 class="box-title">
+                <?php echo $hesklang['logs']; ?>
+            </h1>
+            <div class="box-tools pull-right">
+                <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                    <i class="fa fa-minus"></i>
+                </button>
+            </div>
+        </div>
+        <div class="box-body">
+            <table class="table table-striped" id="results-table">
+                <thead>
+                <tr>
+                    <th><?php echo $hesklang['date']; ?></th>
+                    <th><?php echo $hesklang['user']; ?></th>
+                    <th><?php echo $hesklang['custom_place']; ?></th>
+                    <th><?php echo $hesklang['message']; ?></th>
+                    <th><?php echo $hesklang['stack_trace_header']; ?></th>
+                </tr>
+                </thead>
+                <tbody></tbody>
+            </table>
+        </div>
+    </div>
+</section>
+</div>
+<?php
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();

api/BaseClass.php

@@ -0,0 +1,7 @@
+<?php
+
+class BaseClass {
+    static function clazz() {
+        return get_called_class();
+    }
+}

api/BaseException.php

@@ -0,0 +1,7 @@
+<?php
+
+class BaseException extends Exception {
+    static function clazz() {
+        return get_called_class();
+    }
+}

api/BusinessLogic/Attachments/Attachment.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace BusinessLogic\Attachments;
+
+
+class Attachment extends \BaseClass {
+    /* @var $id int */
+    public $id;
+
+    /* @var $savedName string */
+    public $savedName;
+
+    /* @var $displayName string */
+    public $displayName;
+
+    /* @var $id int */
+    public $fileSize;
+
+    /* @var $downloadCount int */
+    public $downloadCount;
+}

api/BusinessLogic/Attachments/AttachmentHandler.php

@@ -0,0 +1,479 @@
+<?php
+
+namespace BusinessLogic\Attachments;
+
+
+use BusinessLogic\Exceptions\AccessViolationException;
+use BusinessLogic\Exceptions\ApiFriendlyException;
+use BusinessLogic\Exceptions\ValidationException;
+use BusinessLogic\Security\UserContext;
+use BusinessLogic\Security\UserPrivilege;
+use BusinessLogic\Security\UserToTicketChecker;
+use BusinessLogic\Tickets\Attachment;
+use BusinessLogic\Tickets\Ticket;
+use BusinessLogic\ValidationModel;
+use DataAccess\Attachments\AttachmentGateway;
+use DataAccess\Files\FileDeleter;
+use DataAccess\Files\FileWriter;
+use DataAccess\Tickets\TicketGateway;
+
+class AttachmentHandler extends \BaseClass {
+    /* @var $ticketGateway TicketGateway */
+    private $ticketGateway;
+
+    /* @var $attachmentGateway AttachmentGateway */
+    private $attachmentGateway;
+
+    /* @var $fileWriter FileWriter */
+    private $fileWriter;
+
+    /* @var $fileDeleter FileDeleter */
+    private $fileDeleter;
+
+    /* @var  $userToTicketChecker UserToTicketChecker */
+    private $userToTicketChecker;
+
+    function __construct(TicketGateway $ticketGateway,
+                         AttachmentGateway $attachmentGateway,
+                         FileWriter $fileWriter,
+                         UserToTicketChecker $userToTicketChecker,
+                         FileDeleter $fileDeleter) {
+        $this->ticketGateway = $ticketGateway;
+        $this->attachmentGateway = $attachmentGateway;
+        $this->fileWriter = $fileWriter;
+        $this->userToTicketChecker = $userToTicketChecker;
+        $this->fileDeleter = $fileDeleter;
+    }
+
+
+    /**
+     * @param $createAttachmentModel CreateAttachmentForTicketModel
+     * @param $userContext UserContext
+     * @param $heskSettings array
+     * @return TicketAttachment the newly created attachment
+     * @throws \Exception
+     */
+    function createAttachmentForTicket($createAttachmentModel, $userContext, $heskSettings) {
+        $this->validate($createAttachmentModel, $heskSettings);
+
+        $decodedAttachment = base64_decode($createAttachmentModel->attachmentContents);
+
+        $ticket = $this->ticketGateway->getTicketById($createAttachmentModel->ticketId, $heskSettings);
+
+        if ($ticket === null) {
+            throw new ApiFriendlyException("Ticket {$createAttachmentModel->ticketId} not found", "Ticket Not Found", 404);
+        }
+
+        $extraPermissions = $createAttachmentModel->isEditing
+            ? array(UserPrivilege::CAN_EDIT_TICKETS)
+            : array();
+
+        if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings, $extraPermissions)) {
+            throw new AccessViolationException("User does not have access to ticket {$ticket->id} being created / edited!");
+        }
+
+        $cleanedFileName = $this->cleanFileName($createAttachmentModel->displayName);
+        $fileParts = pathinfo($cleanedFileName);
+
+        $ticketAttachment = new TicketAttachment();
+        $ticketAttachment->savedName = $this->generateSavedName($ticket->trackingId,
+            $cleanedFileName, $fileParts['extension']);
+        $ticketAttachment->displayName = $cleanedFileName;
+        $ticketAttachment->ticketTrackingId = $ticket->trackingId;
+        $ticketAttachment->type = 0;
+        $ticketAttachment->downloadCount = 0;
+
+        $ticketAttachment->fileSize =
+            $this->fileWriter->writeToFile($ticketAttachment->savedName, $heskSettings['attach_dir'], $decodedAttachment);
+
+        $attachmentId = $this->attachmentGateway->createAttachmentForTicket($ticketAttachment, $heskSettings);
+
+        $this->updateAttachmentsOnTicket($ticket, $ticketAttachment, $attachmentId, $heskSettings);
+
+        $ticketAttachment->id = $attachmentId;
+
+        return $ticketAttachment;
+    }
+
+    /**
+     * Supports deleting attachments from both ticket messages AND replies
+     *
+     * @param $ticketId int The ticket ID
+     * @param $attachmentId int The attachment ID
+     * @param $userContext UserContext
+     * @param $heskSettings array
+     * @throws ApiFriendlyException
+     * @throws \Exception
+     */
+    function deleteAttachmentFromTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
+        $ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);
+
+        if ($ticket === null) {
+            throw new ApiFriendlyException("Ticket {$ticketId} not found!", "Ticket Not Found", 404);
+        }
+
+        if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings, array(UserPrivilege::CAN_EDIT_TICKETS))) {
+            throw new AccessViolationException("User does not have access to ticket {$ticketId} being created / edited!");
+        }
+
+        $indexToRemove = -1;
+        $attachmentType = AttachmentType::MESSAGE;
+        $replyId = -1;
+        for ($i = 0; $i < count($ticket->attachments); $i++) {
+            $attachment = $ticket->attachments[$i];
+            if ($attachment->id === $attachmentId) {
+                $indexToRemove = $i;
+                $this->fileDeleter->deleteFile($attachment->savedName, $heskSettings['attach_dir']);
+                $this->attachmentGateway->deleteAttachment($attachment->id, $heskSettings);
+            }
+        }
+
+        foreach ($ticket->replies as $reply) {
+            for ($i = 0; $i < count($reply->attachments); $i++) {
+                $attachment = $reply->attachments[$i];
+                if ($attachment->id === $attachmentId) {
+                    $indexToRemove = $i;
+                    $replyId = $reply->id;
+                    $attachmentType = AttachmentType::REPLY;
+                    $this->fileDeleter->deleteFile($attachment->savedName, $heskSettings['attach_dir']);
+                    $this->attachmentGateway->deleteAttachment($attachment->id, $heskSettings);
+                }
+            }
+        }
+
+        if ($indexToRemove === -1) {
+            throw new ApiFriendlyException("Attachment not found for ticket or reply! ID: {$attachmentId}", "Attachment not found", 404);
+        }
+
+        if ($attachmentType == AttachmentType::MESSAGE) {
+            $attachments = $ticket->attachments;
+            unset($attachments[$indexToRemove]);
+            $this->ticketGateway->updateAttachmentsForTicket($ticketId, $attachments, $heskSettings);
+        } else {
+            $attachments = $ticket->replies[$replyId]->attachments;
+            unset($attachments[$indexToRemove]);
+            $this->ticketGateway->updateAttachmentsForReply($replyId, $attachments, $heskSettings);
+        }
+    }
+
+    /**
+     * @param $createAttachmentModel CreateAttachmentForTicketModel
+     * @param $heskSettings array
+     * @throws ValidationException
+     */
+    private function validate($createAttachmentModel, $heskSettings) {
+        $errorKeys = array();
+        if ($createAttachmentModel->attachmentContents === null ||
+            trim($createAttachmentModel->attachmentContents) === '') {
+            $errorKeys[] = 'CONTENTS_EMPTY';
+        }
+
+        if (base64_decode($createAttachmentModel->attachmentContents, true) === false) {
+            $errorKeys[] = 'CONTENTS_NOT_BASE_64';
+        }
+
+        if ($createAttachmentModel->displayName === null ||
+            trim($createAttachmentModel->displayName === '')) {
+            $errorKeys[] = 'DISPLAY_NAME_EMPTY';
+        }
+
+        if ($createAttachmentModel->ticketId === null ||
+            $createAttachmentModel->ticketId < 1) {
+            $errorKeys[] = 'TICKET_ID_MISSING';
+        }
+
+        $fileParts = pathinfo($createAttachmentModel->displayName);
+        if (!isset($fileParts['extension']) || !in_array(".{$fileParts['extension']}", $heskSettings['attachments']['allowed_types'])) {
+            $errorKeys[] = 'EXTENSION_NOT_PERMITTED';
+        }
+
+        $fileContents = base64_decode($createAttachmentModel->attachmentContents);
+        if (function_exists('mb_strlen')) {
+            $fileSize = mb_strlen($fileContents, '8bit');
+        } else {
+            $fileSize = strlen($fileContents);
+        }
+
+        if ($fileSize > $heskSettings['attachments']['max_size']) {
+            $errorKeys[] = 'FILE_SIZE_TOO_LARGE';
+        }
+
+        if (count($errorKeys) > 0) {
+            $validationModel = new ValidationModel();
+            $validationModel->errorKeys = $errorKeys;
+            throw new ValidationException($validationModel);
+        }
+    }
+
+    private function generateSavedName($trackingId, $displayName, $fileExtension) {
+        $fileExtension = ".{$fileExtension}";
+        $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789';
+        $tmp = uniqid();
+        for ($j = 1; $j < 10; $j++) {
+            $tmp .= $useChars{mt_rand(0, 29)};
+        }
+
+
+        return substr($trackingId . '_' . md5($tmp . $displayName), 0, 200) . $fileExtension;
+    }
+
+    /**
+     * @param $displayName string original file name
+     * @return string The cleaned file name
+     */
+    private function cleanFileName($displayName) {
+        $filename = str_replace(array('%20', '+'), '-', $displayName);
+        $filename = preg_replace('/[\s-]+/', '-', $filename);
+        $filename = $this->removeAccents($filename);
+        $filename = preg_replace('/[^A-Za-z0-9\.\-_]/', '', $filename);
+        $filename = trim($filename, '-_');
+
+        return $filename;
+    }
+
+    // The following code has been borrowed from Wordpress, and also from posting_functions.inc.php :P
+    // Credits: http://wordpress.org
+    private function removeAccents($string)
+    {
+        if (!preg_match('/[\x80-\xff]/', $string)) {
+            return $string;
+        }
+
+        if ($this->seemsUtf8($string)) {
+            $chars = array(
+                // Decompositions for Latin-1 Supplement
+                chr(194) . chr(170) => 'a', chr(194) . chr(186) => 'o',
+                chr(195) . chr(128) => 'A', chr(195) . chr(129) => 'A',
+                chr(195) . chr(130) => 'A', chr(195) . chr(131) => 'A',
+                chr(195) . chr(132) => 'A', chr(195) . chr(133) => 'A',
+                chr(195) . chr(134) => 'AE', chr(195) . chr(135) => 'C',
+                chr(195) . chr(136) => 'E', chr(195) . chr(137) => 'E',
+                chr(195) . chr(138) => 'E', chr(195) . chr(139) => 'E',
+                chr(195) . chr(140) => 'I', chr(195) . chr(141) => 'I',
+                chr(195) . chr(142) => 'I', chr(195) . chr(143) => 'I',
+                chr(195) . chr(144) => 'D', chr(195) . chr(145) => 'N',
+                chr(195) . chr(146) => 'O', chr(195) . chr(147) => 'O',
+                chr(195) . chr(148) => 'O', chr(195) . chr(149) => 'O',
+                chr(195) . chr(150) => 'O', chr(195) . chr(153) => 'U',
+                chr(195) . chr(154) => 'U', chr(195) . chr(155) => 'U',
+                chr(195) . chr(156) => 'U', chr(195) . chr(157) => 'Y',
+                chr(195) . chr(158) => 'TH', chr(195) . chr(159) => 's',
+                chr(195) . chr(160) => 'a', chr(195) . chr(161) => 'a',
+                chr(195) . chr(162) => 'a', chr(195) . chr(163) => 'a',
+                chr(195) . chr(164) => 'a', chr(195) . chr(165) => 'a',
+                chr(195) . chr(166) => 'ae', chr(195) . chr(167) => 'c',
+                chr(195) . chr(168) => 'e', chr(195) . chr(169) => 'e',
+                chr(195) . chr(170) => 'e', chr(195) . chr(171) => 'e',
+                chr(195) . chr(172) => 'i', chr(195) . chr(173) => 'i',
+                chr(195) . chr(174) => 'i', chr(195) . chr(175) => 'i',
+                chr(195) . chr(176) => 'd', chr(195) . chr(177) => 'n',
+                chr(195) . chr(178) => 'o', chr(195) . chr(179) => 'o',
+                chr(195) . chr(180) => 'o', chr(195) . chr(181) => 'o',
+                chr(195) . chr(182) => 'o', chr(195) . chr(184) => 'o',
+                chr(195) . chr(185) => 'u', chr(195) . chr(186) => 'u',
+                chr(195) . chr(187) => 'u', chr(195) . chr(188) => 'u',
+                chr(195) . chr(189) => 'y', chr(195) . chr(190) => 'th',
+                chr(195) . chr(191) => 'y', chr(195) . chr(152) => 'O',
+                // Decompositions for Latin Extended-A
+                chr(196) . chr(128) => 'A', chr(196) . chr(129) => 'a',
+                chr(196) . chr(130) => 'A', chr(196) . chr(131) => 'a',
+                chr(196) . chr(132) => 'A', chr(196) . chr(133) => 'a',
+                chr(196) . chr(134) => 'C', chr(196) . chr(135) => 'c',
+                chr(196) . chr(136) => 'C', chr(196) . chr(137) => 'c',
+                chr(196) . chr(138) => 'C', chr(196) . chr(139) => 'c',
+                chr(196) . chr(140) => 'C', chr(196) . chr(141) => 'c',
+                chr(196) . chr(142) => 'D', chr(196) . chr(143) => 'd',
+                chr(196) . chr(144) => 'D', chr(196) . chr(145) => 'd',
+                chr(196) . chr(146) => 'E', chr(196) . chr(147) => 'e',
+                chr(196) . chr(148) => 'E', chr(196) . chr(149) => 'e',
+                chr(196) . chr(150) => 'E', chr(196) . chr(151) => 'e',
+                chr(196) . chr(152) => 'E', chr(196) . chr(153) => 'e',
+                chr(196) . chr(154) => 'E', chr(196) . chr(155) => 'e',
+                chr(196) . chr(156) => 'G', chr(196) . chr(157) => 'g',
+                chr(196) . chr(158) => 'G', chr(196) . chr(159) => 'g',
+                chr(196) . chr(160) => 'G', chr(196) . chr(161) => 'g',
+                chr(196) . chr(162) => 'G', chr(196) . chr(163) => 'g',
+                chr(196) . chr(164) => 'H', chr(196) . chr(165) => 'h',
+                chr(196) . chr(166) => 'H', chr(196) . chr(167) => 'h',
+                chr(196) . chr(168) => 'I', chr(196) . chr(169) => 'i',
+                chr(196) . chr(170) => 'I', chr(196) . chr(171) => 'i',
+                chr(196) . chr(172) => 'I', chr(196) . chr(173) => 'i',
+                chr(196) . chr(174) => 'I', chr(196) . chr(175) => 'i',
+                chr(196) . chr(176) => 'I', chr(196) . chr(177) => 'i',
+                chr(196) . chr(178) => 'IJ', chr(196) . chr(179) => 'ij',
+                chr(196) . chr(180) => 'J', chr(196) . chr(181) => 'j',
+                chr(196) . chr(182) => 'K', chr(196) . chr(183) => 'k',
+                chr(196) . chr(184) => 'k', chr(196) . chr(185) => 'L',
+                chr(196) . chr(186) => 'l', chr(196) . chr(187) => 'L',
+                chr(196) . chr(188) => 'l', chr(196) . chr(189) => 'L',
+                chr(196) . chr(190) => 'l', chr(196) . chr(191) => 'L',
+                chr(197) . chr(128) => 'l', chr(197) . chr(129) => 'L',
+                chr(197) . chr(130) => 'l', chr(197) . chr(131) => 'N',
+                chr(197) . chr(132) => 'n', chr(197) . chr(133) => 'N',
+                chr(197) . chr(134) => 'n', chr(197) . chr(135) => 'N',
+                chr(197) . chr(136) => 'n', chr(197) . chr(137) => 'N',
+                chr(197) . chr(138) => 'n', chr(197) . chr(139) => 'N',
+                chr(197) . chr(140) => 'O', chr(197) . chr(141) => 'o',
+                chr(197) . chr(142) => 'O', chr(197) . chr(143) => 'o',
+                chr(197) . chr(144) => 'O', chr(197) . chr(145) => 'o',
+                chr(197) . chr(146) => 'OE', chr(197) . chr(147) => 'oe',
+                chr(197) . chr(148) => 'R', chr(197) . chr(149) => 'r',
+                chr(197) . chr(150) => 'R', chr(197) . chr(151) => 'r',
+                chr(197) . chr(152) => 'R', chr(197) . chr(153) => 'r',
+                chr(197) . chr(154) => 'S', chr(197) . chr(155) => 's',
+                chr(197) . chr(156) => 'S', chr(197) . chr(157) => 's',
+                chr(197) . chr(158) => 'S', chr(197) . chr(159) => 's',
+                chr(197) . chr(160) => 'S', chr(197) . chr(161) => 's',
+                chr(197) . chr(162) => 'T', chr(197) . chr(163) => 't',
+                chr(197) . chr(164) => 'T', chr(197) . chr(165) => 't',
+                chr(197) . chr(166) => 'T', chr(197) . chr(167) => 't',
+                chr(197) . chr(168) => 'U', chr(197) . chr(169) => 'u',
+                chr(197) . chr(170) => 'U', chr(197) . chr(171) => 'u',
+                chr(197) . chr(172) => 'U', chr(197) . chr(173) => 'u',
+                chr(197) . chr(174) => 'U', chr(197) . chr(175) => 'u',
+                chr(197) . chr(176) => 'U', chr(197) . chr(177) => 'u',
+                chr(197) . chr(178) => 'U', chr(197) . chr(179) => 'u',
+                chr(197) . chr(180) => 'W', chr(197) . chr(181) => 'w',
+                chr(197) . chr(182) => 'Y', chr(197) . chr(183) => 'y',
+                chr(197) . chr(184) => 'Y', chr(197) . chr(185) => 'Z',
+                chr(197) . chr(186) => 'z', chr(197) . chr(187) => 'Z',
+                chr(197) . chr(188) => 'z', chr(197) . chr(189) => 'Z',
+                chr(197) . chr(190) => 'z', chr(197) . chr(191) => 's',
+                // Decompositions for Latin Extended-B
+                chr(200) . chr(152) => 'S', chr(200) . chr(153) => 's',
+                chr(200) . chr(154) => 'T', chr(200) . chr(155) => 't',
+                // Euro Sign
+                chr(226) . chr(130) . chr(172) => 'E',
+                // GBP (Pound) Sign
+                chr(194) . chr(163) => '',
+                // Vowels with diacritic (Vietnamese)
+                // unmarked
+                chr(198) . chr(160) => 'O', chr(198) . chr(161) => 'o',
+                chr(198) . chr(175) => 'U', chr(198) . chr(176) => 'u',
+                // grave accent
+                chr(225) . chr(186) . chr(166) => 'A', chr(225) . chr(186) . chr(167) => 'a',
+                chr(225) . chr(186) . chr(176) => 'A', chr(225) . chr(186) . chr(177) => 'a',
+                chr(225) . chr(187) . chr(128) => 'E', chr(225) . chr(187) . chr(129) => 'e',
+                chr(225) . chr(187) . chr(146) => 'O', chr(225) . chr(187) . chr(147) => 'o',
+                chr(225) . chr(187) . chr(156) => 'O', chr(225) . chr(187) . chr(157) => 'o',
+                chr(225) . chr(187) . chr(170) => 'U', chr(225) . chr(187) . chr(171) => 'u',
+                chr(225) . chr(187) . chr(178) => 'Y', chr(225) . chr(187) . chr(179) => 'y',
+                // hook
+                chr(225) . chr(186) . chr(162) => 'A', chr(225) . chr(186) . chr(163) => 'a',
+                chr(225) . chr(186) . chr(168) => 'A', chr(225) . chr(186) . chr(169) => 'a',
+                chr(225) . chr(186) . chr(178) => 'A', chr(225) . chr(186) . chr(179) => 'a',
+                chr(225) . chr(186) . chr(186) => 'E', chr(225) . chr(186) . chr(187) => 'e',
+                chr(225) . chr(187) . chr(130) => 'E', chr(225) . chr(187) . chr(131) => 'e',
+                chr(225) . chr(187) . chr(136) => 'I', chr(225) . chr(187) . chr(137) => 'i',
+                chr(225) . chr(187) . chr(142) => 'O', chr(225) . chr(187) . chr(143) => 'o',
+                chr(225) . chr(187) . chr(148) => 'O', chr(225) . chr(187) . chr(149) => 'o',
+                chr(225) . chr(187) . chr(158) => 'O', chr(225) . chr(187) . chr(159) => 'o',
+                chr(225) . chr(187) . chr(166) => 'U', chr(225) . chr(187) . chr(167) => 'u',
+                chr(225) . chr(187) . chr(172) => 'U', chr(225) . chr(187) . chr(173) => 'u',
+                chr(225) . chr(187) . chr(182) => 'Y', chr(225) . chr(187) . chr(183) => 'y',
+                // tilde
+                chr(225) . chr(186) . chr(170) => 'A', chr(225) . chr(186) . chr(171) => 'a',
+                chr(225) . chr(186) . chr(180) => 'A', chr(225) . chr(186) . chr(181) => 'a',
+                chr(225) . chr(186) . chr(188) => 'E', chr(225) . chr(186) . chr(189) => 'e',
+                chr(225) . chr(187) . chr(132) => 'E', chr(225) . chr(187) . chr(133) => 'e',
+                chr(225) . chr(187) . chr(150) => 'O', chr(225) . chr(187) . chr(151) => 'o',
+                chr(225) . chr(187) . chr(160) => 'O', chr(225) . chr(187) . chr(161) => 'o',
+                chr(225) . chr(187) . chr(174) => 'U', chr(225) . chr(187) . chr(175) => 'u',
+                chr(225) . chr(187) . chr(184) => 'Y', chr(225) . chr(187) . chr(185) => 'y',
+                // acute accent
+                chr(225) . chr(186) . chr(164) => 'A', chr(225) . chr(186) . chr(165) => 'a',
+                chr(225) . chr(186) . chr(174) => 'A', chr(225) . chr(186) . chr(175) => 'a',
+                chr(225) . chr(186) . chr(190) => 'E', chr(225) . chr(186) . chr(191) => 'e',
+                chr(225) . chr(187) . chr(144) => 'O', chr(225) . chr(187) . chr(145) => 'o',
+                chr(225) . chr(187) . chr(154) => 'O', chr(225) . chr(187) . chr(155) => 'o',
+                chr(225) . chr(187) . chr(168) => 'U', chr(225) . chr(187) . chr(169) => 'u',
+                // dot below
+                chr(225) . chr(186) . chr(160) => 'A', chr(225) . chr(186) . chr(161) => 'a',
+                chr(225) . chr(186) . chr(172) => 'A', chr(225) . chr(186) . chr(173) => 'a',
+                chr(225) . chr(186) . chr(182) => 'A', chr(225) . chr(186) . chr(183) => 'a',
+                chr(225) . chr(186) . chr(184) => 'E', chr(225) . chr(186) . chr(185) => 'e',
+                chr(225) . chr(187) . chr(134) => 'E', chr(225) . chr(187) . chr(135) => 'e',
+                chr(225) . chr(187) . chr(138) => 'I', chr(225) . chr(187) . chr(139) => 'i',
+                chr(225) . chr(187) . chr(140) => 'O', chr(225) . chr(187) . chr(141) => 'o',
+                chr(225) . chr(187) . chr(152) => 'O', chr(225) . chr(187) . chr(153) => 'o',
+                chr(225) . chr(187) . chr(162) => 'O', chr(225) . chr(187) . chr(163) => 'o',
+                chr(225) . chr(187) . chr(164) => 'U', chr(225) . chr(187) . chr(165) => 'u',
+                chr(225) . chr(187) . chr(176) => 'U', chr(225) . chr(187) . chr(177) => 'u',
+                chr(225) . chr(187) . chr(180) => 'Y', chr(225) . chr(187) . chr(181) => 'y',
+                // Vowels with diacritic (Chinese, Hanyu Pinyin)
+                chr(201) . chr(145) => 'a',
+                // macron
+                chr(199) . chr(149) => 'U', chr(199) . chr(150) => 'u',
+                // acute accent
+                chr(199) . chr(151) => 'U', chr(199) . chr(152) => 'u',
+                // caron
+                chr(199) . chr(141) => 'A', chr(199) . chr(142) => 'a',
+                chr(199) . chr(143) => 'I', chr(199) . chr(144) => 'i',
+                chr(199) . chr(145) => 'O', chr(199) . chr(146) => 'o',
+                chr(199) . chr(147) => 'U', chr(199) . chr(148) => 'u',
+                chr(199) . chr(153) => 'U', chr(199) . chr(154) => 'u',
+                // grave accent
+                chr(199) . chr(155) => 'U', chr(199) . chr(156) => 'u',
+            );
+
+            $string = strtr($string, $chars);
+        } else {
+            // Assume ISO-8859-1 if not UTF-8
+            $chars['in'] = chr(128) . chr(131) . chr(138) . chr(142) . chr(154) . chr(158)
+                . chr(159) . chr(162) . chr(165) . chr(181) . chr(192) . chr(193) . chr(194)
+                . chr(195) . chr(196) . chr(197) . chr(199) . chr(200) . chr(201) . chr(202)
+                . chr(203) . chr(204) . chr(205) . chr(206) . chr(207) . chr(209) . chr(210)
+                . chr(211) . chr(212) . chr(213) . chr(214) . chr(216) . chr(217) . chr(218)
+                . chr(219) . chr(220) . chr(221) . chr(224) . chr(225) . chr(226) . chr(227)
+                . chr(228) . chr(229) . chr(231) . chr(232) . chr(233) . chr(234) . chr(235)
+                . chr(236) . chr(237) . chr(238) . chr(239) . chr(241) . chr(242) . chr(243)
+                . chr(244) . chr(245) . chr(246) . chr(248) . chr(249) . chr(250) . chr(251)
+                . chr(252) . chr(253) . chr(255);
+
+            $chars['out'] = "EfSZszYcYuAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy";
+
+            $string = strtr($string, $chars['in'], $chars['out']);
+            $double_chars['in'] = array(chr(140), chr(156), chr(198), chr(208), chr(222), chr(223), chr(230), chr(240), chr(254));
+            $double_chars['out'] = array('OE', 'oe', 'AE', 'DH', 'TH', 'ss', 'ae', 'dh', 'th');
+            $string = str_replace($double_chars['in'], $double_chars['out'], $string);
+        }
+
+        return $string;
+    }
+
+    private function seemsUtf8($str)
+    {
+        $length = strlen($str);
+        for ($i = 0; $i < $length; $i++) {
+            $c = ord($str[$i]);
+            if ($c < 0x80) $n = 0; # 0bbbbbbb
+            elseif (($c & 0xE0) == 0xC0) $n = 1; # 110bbbbb
+            elseif (($c & 0xF0) == 0xE0) $n = 2; # 1110bbbb
+            elseif (($c & 0xF8) == 0xF0) $n = 3; # 11110bbb
+            elseif (($c & 0xFC) == 0xF8) $n = 4; # 111110bb
+            elseif (($c & 0xFE) == 0xFC) $n = 5; # 1111110b
+            else return false; # Does not match any model
+            for ($j = 0; $j < $n; $j++) { # n bytes matching 10bbbbbb follow ?
+                if ((++$i == $length) || ((ord($str[$i]) & 0xC0) != 0x80))
+                    return false;
+            }
+        }
+        return true;
+    }
+
+    /**
+     * @param $ticket Ticket
+     * @param $ticketAttachment TicketAttachment
+     * @param $attachmentId int
+     * @param $heskSettings array
+     */
+    private function updateAttachmentsOnTicket($ticket, $ticketAttachment, $attachmentId, $heskSettings) {
+        $attachments = $ticket->attachments === null ? array() : $ticket->attachments;
+        $newAttachment = new Attachment();
+        $newAttachment->savedName = $ticketAttachment->savedName;
+        $newAttachment->fileName = $ticketAttachment->displayName;
+        $newAttachment->id = $attachmentId;
+        $attachments[] = $newAttachment;
+        $this->ticketGateway->updateAttachmentsForTicket($ticket->id, $attachments, $heskSettings);
+    }
+}

api/BusinessLogic/Attachments/AttachmentRetriever.php

@@ -0,0 +1,64 @@
+<?php
+
+namespace BusinessLogic\Attachments;
+
+
+use BusinessLogic\Exceptions\AccessViolationException;
+use BusinessLogic\Exceptions\ApiFriendlyException;
+use BusinessLogic\Security\UserToTicketChecker;
+use DataAccess\Attachments\AttachmentGateway;
+use DataAccess\Files\FileReader;
+use DataAccess\Tickets\TicketGateway;
+
+class AttachmentRetriever extends \BaseClass {
+    /* @var $attachmentGateway AttachmentGateway */
+    private $attachmentGateway;
+
+    /* @var $fileReader FileReader */
+    private $fileReader;
+
+    /* @var $ticketGateway TicketGateway */
+    private $ticketGateway;
+
+    /* @var $userToTicketChecker UserToTicketChecker */
+    private $userToTicketChecker;
+
+    function __construct($attachmentGateway, $fileReader, $ticketGateway, $userToTicketChecker) {
+        $this->attachmentGateway = $attachmentGateway;
+        $this->fileReader = $fileReader;
+        $this->ticketGateway = $ticketGateway;
+        $this->userToTicketChecker = $userToTicketChecker;
+    }
+
+    //-- TODO Test
+    function getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $heskSettings) {
+        $ticket = $this->ticketGateway->getTicketByTrackingId($trackingId, $heskSettings);
+
+        if ($ticket === null) {
+            throw new ApiFriendlyException("Ticket {$trackingId} not found!", "Ticket Not Found", 404);
+        }
+
+        $attachment = $this->attachmentGateway->getAttachmentById($attachmentId, $heskSettings);
+
+        return array('meta' => $attachment,
+            'contents' => $this->fileReader->readFromFile($attachment->savedName, $heskSettings['attach_dir']));
+    }
+
+    function getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
+        $ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);
+
+        if ($ticket === null) {
+            throw new ApiFriendlyException("Ticket {$ticketId} not found!", "Ticket Not Found", 404);
+        }
+
+        if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings)) {
+            throw new AccessViolationException("User does not have access to attachment {$attachmentId}!");
+        }
+
+        $attachment = $this->attachmentGateway->getAttachmentById($attachmentId, $heskSettings);
+        $contents = base64_encode($this->fileReader->readFromFile(
+            $attachment->savedName, $heskSettings['attach_dir']));
+
+        return $contents;
+    }
+}

api/BusinessLogic/Attachments/AttachmentType.php

@@ -0,0 +1,9 @@
+<?php
+
+namespace BusinessLogic\Attachments;
+
+
+class AttachmentType extends \BaseClass {
+    const MESSAGE = 0;
+    const REPLY = 1;
+}

api/BusinessLogic/Attachments/CreateAttachmentForTicketModel.php

@@ -0,0 +1,9 @@
+<?php
+
+namespace BusinessLogic\Attachments;
+
+
+class CreateAttachmentForTicketModel extends CreateAttachmentModel {
+    /* @var $ticketId int */
+    public $ticketId;
+}

api/BusinessLogic/Attachments/CreateAttachmentModel.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace BusinessLogic\Attachments;
+
+
+class CreateAttachmentModel extends \BaseClass {
+    /* @var $savedName string */
+    public $savedName;
+
+    /* @var $displayName string */
+    public $displayName;
+
+    /* @var $id int */
+    public $fileSize;
+
+    /* @var $attachmentContents string */
+    public $attachmentContents;
+
+    /* @var $isEditing bool */
+    public $isEditing;
+}

api/BusinessLogic/Attachments/TicketAttachment.php

@@ -0,0 +1,12 @@
+<?php
+
+namespace BusinessLogic\Attachments;
+
+
+class TicketAttachment extends Attachment {
+    /* @var $ticketTrackingId string */
+    public $ticketTrackingId;
+
+    /* @var $type int [use <code>AttachmentType</code>] */
+    public $type;
+}

api/BusinessLogic/Calendar/AbstractEvent.php

@@ -0,0 +1,22 @@
+<?php
+
+namespace BusinessLogic\Calendar;
+
+
+class AbstractEvent {
+    public $id;
+
+    public $startTime;
+
+    public $title;
+
+    public $categoryId;
+
+    public $categoryName;
+
+    public $backgroundColor;
+
+    public $foregroundColor;
+
+    public $displayBorder;
+}

api/BusinessLogic/Calendar/BusinessHours.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace BusinessLogic\Calendar;
+
+
+class BusinessHours {
+    /* @var $dayOfWeek int */
+    public $dayOfWeek;
+
+    /* @var $startTime string */
+    public $startTime;
+
+    /* @var $endTime string */
+    public $endTime;
+}

api/BusinessLogic/Calendar/CalendarEvent.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace BusinessLogic\Calendar;
+
+
+use BusinessLogic\Tickets\AuditTrail;
+
+class CalendarEvent extends AbstractEvent {
+    public $type = 'CALENDAR';
+
+    public $endTime;
+
+    /* @var $allDay bool */
+    public $allDay;
+
+    public $location;
+
+    public $comments;
+
+    public $reminderValue;
+
+    public $reminderUnits;
+
+    /* @var $auditTrail AuditTrail[] */
+    public $auditTrail = array();
+}

api/BusinessLogic/Calendar/CalendarHandler.php

@@ -0,0 +1,96 @@
+<?php
+
+namespace BusinessLogic\Calendar;
+
+
+use BusinessLogic\DateTimeHelpers;
+use BusinessLogic\Security\UserContext;
+use BusinessLogic\Tickets\AuditTrailEntityType;
+use DataAccess\AuditTrail\AuditTrailGateway;
+use DataAccess\Calendar\CalendarGateway;
+
+class CalendarHandler extends \BaseClass {
+    private $calendarGateway;
+    private $auditTrailGateway;
+
+    public function __construct(CalendarGateway $calendarGateway,
+                                AuditTrailGateway $auditTrailGateway) {
+        $this->calendarGateway = $calendarGateway;
+        $this->auditTrailGateway = $auditTrailGateway;
+    }
+
+    public function getEventsForStaff($searchEventsFilter, $heskSettings) {
+        return $this->calendarGateway->getEventsForStaff($searchEventsFilter, $heskSettings);
+    }
+
+    /**
+     * @param $calendarEvent CalendarEvent
+     * @param $userContext UserContext
+     * @param $heskSettings array
+     * @return CalendarEvent
+     * @throws \Exception If more than one event is returned for the given ID
+     */
+    public function updateEvent($calendarEvent, $userContext, $heskSettings) {
+        $this->calendarGateway->updateEvent($calendarEvent, $userContext, $heskSettings);
+
+        $this->auditTrailGateway->insertAuditTrailRecord($calendarEvent->id,
+            AuditTrailEntityType::CALENDAR_EVENT,
+            'audit_event_updated',
+            DateTimeHelpers::heskDate($heskSettings),
+            array(0 => $userContext->name . ' (' . $userContext->username . ')'), $heskSettings);
+
+        $eventFilter = new SearchEventsFilter();
+        $eventFilter->eventId = $calendarEvent->id;
+        $eventFilter->reminderUserId = $userContext->id;
+
+        $events = $this->calendarGateway->getEventsForStaff($eventFilter, $heskSettings);
+
+        if (count($events) !== 1) {
+            throw new \Exception("Expected exactly 1 event, found: " . count($events));
+        }
+
+        $event = $events[0];
+
+        return $event;
+    }
+
+
+    /**
+     * @param $calendarEvent CalendarEvent
+     * @param $userContext UserContext
+     * @param $heskSettings array
+     * @return AbstractEvent
+     * @throws \Exception
+     */
+    public function createEvent($calendarEvent, $userContext, $heskSettings) {
+        $this->calendarGateway->createEvent($calendarEvent, $userContext, $heskSettings);
+
+        $eventFilter = new SearchEventsFilter();
+        $eventFilter->eventId = $calendarEvent->id;
+        $eventFilter->reminderUserId = $userContext->id;
+
+        $events = $this->calendarGateway->getEventsForStaff($eventFilter, $heskSettings);
+
+        if (count($events) !== 1) {
+            throw new \Exception("Expected exactly 1 event, found: " . count($events));
+        }
+
+        $event = $events[0];
+
+        $this->auditTrailGateway->insertAuditTrailRecord($event->id,
+            AuditTrailEntityType::CALENDAR_EVENT,
+            'audit_event_created',
+            DateTimeHelpers::heskDate($heskSettings),
+            array(0 => $userContext->name . ' (' . $userContext->username . ')'), $heskSettings);
+
+        return $event;
+    }
+
+    public function deleteEvent($id, $userContext, $heskSettings) {
+        $this->calendarGateway->deleteEvent($id, $userContext, $heskSettings);
+    }
+
+    public function getBusinessHours($heskSettings) {
+        return $this->calendarGateway->getBusinessHours($heskSettings);
+    }
+}

api/BusinessLogic/Calendar/ReminderUnit.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace BusinessLogic\Calendar;
+
+
+class ReminderUnit {
+    const MINUTE = 0;
+    const HOUR = 1;
+    const DAY = 2;
+    const WEEK = 3;
+
+    static function getByValue($value) {
+        switch ($value) {
+            case 0:
+                return 'MINUTE';
+            case 1:
+                return 'HOUR';
+            case 2:
+                return 'DAY';
+            case 3:
+                return 'WEEK';
+            default:
+                return 'UNKNOWN';
+        }
+    }
+
+    static function getByName($name) {
+        switch ($name) {
+            case 'MINUTE':
+                return self::MINUTE;
+            case 'HOUR':
+                return self::HOUR;
+            case 'DAY':
+                return self::DAY;
+            case 'WEEK':
+                return self::WEEK;
+            default:
+                return null;
+        }
+    }
+}

api/BusinessLogic/Calendar/SearchEventsFilter.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace BusinessLogic\Calendar;
+
+
+class SearchEventsFilter {
+    /* @var $startTime int|null */
+    public $startTime;
+
+    /* @var $endTime int|null */
+    public $endTime;
+
+    /* @var $id int|null */
+    public $eventId;
+
+    /* @var $categories int[]|null */
+    public $categories;
+
+    /* @var $reminderUserId int|null */
+    public $reminderUserId;
+
+    /* @var $includeTickets bool */
+    public $includeTickets;
+
+    /* @var $includeUnassignedTickets bool */
+    public $includeUnassignedTickets;
+
+    /* @var $includeTicketsAssignedToOthers bool */
+    public $includeTicketsAssignedToOthers;
+
+    /* @var $includeTicketsAssignedToMe bool */
+    public $includeTicketsAssignedToMe;
+}

api/BusinessLogic/Calendar/TicketEvent.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace BusinessLogic\Calendar;
+
+
+class TicketEvent extends AbstractEvent {
+    public $type = 'TICKET';
+
+    public $trackingId;
+
+    public $subject;
+
+    public $url;
+
+    public $owner;
+
+    public $priority;
+
+    public $status;
+}

api/BusinessLogic/Categories/Category.php

@@ -0,0 +1,73 @@
+<?php
+
+namespace BusinessLogic\Categories;
+
+class Category extends \BaseClass {
+    /**
+     * @var int The Categories ID
+     */
+    public $id;
+
+    /* @var $name string */
+    public $name;
+
+    /**
+     * @var int Categories order number
+     */
+    public $catOrder;
+
+    /**
+     * @var bool Tickets autoassigned in this Categories
+     */
+    public $autoAssign;
+
+    /**
+     * @var int The type of Categories (1 = Private, 0 = Public)
+     */
+    public $type;
+
+    /**
+     * @var int The Categories's usage (0 = Tickets and Events, 1 = Tickets, 2 = Events)
+     */
+    public $usage;
+
+    /**
+     * @var string
+     */
+    public $backgroundColor;
+
+    /**
+     * @var string
+     */
+    public $foregroundColor;
+
+    /**
+     * @var bool
+     */
+    public $displayBorder;
+
+    /**
+     * @var int The default Tickets priority
+     */
+    public $priority;
+
+    /**
+     * @var int|null The manager for the Categories, if applicable
+     */
+    public $manager;
+
+    /**
+     * @var bool Indication if the user has access to the Categories
+     */
+    public $accessible;
+
+    /**
+     * @var string
+     */
+    public $description;
+
+    /**
+     * @var int
+     */
+    public $numberOfTickets;
+}

api/BusinessLogic/Categories/CategoryHandler.php

@@ -0,0 +1,203 @@
+<?php
+
+namespace BusinessLogic\Categories;
+
+
+use BusinessLogic\Exceptions\AccessViolationException;
+use BusinessLogic\Exceptions\ValidationException;
+use BusinessLogic\Navigation\Direction;
+use BusinessLogic\Security\PermissionChecker;
+use BusinessLogic\Security\UserPrivilege;
+use BusinessLogic\ValidationModel;
+use DataAccess\Categories\CategoryGateway;
+use DataAccess\Settings\ModsForHeskSettingsGateway;
+use DataAccess\Tickets\TicketGateway;
+
+class CategoryHandler extends \BaseClass {
+    /* @var $categoryGateway CategoryGateway */
+    private $categoryGateway;
+
+    /* @var $ticketGateway TicketGateway */
+    private $ticketGateway;
+
+    /* @var $permissionChecker PermissionChecker */
+    private $permissionChecker;
+
+    /* @var $modsForHeskSettingsGateway ModsForHeskSettingsGateway */
+    private $modsForHeskSettingsGateway;
+
+    function __construct(CategoryGateway $categoryGateway,
+                         TicketGateway $ticketGateway,
+                         PermissionChecker $permissionChecker,
+                         ModsForHeskSettingsGateway $modsForHeskSettingsGateway) {
+        $this->categoryGateway = $categoryGateway;
+        $this->ticketGateway = $ticketGateway;
+        $this->permissionChecker = $permissionChecker;
+        $this->modsForHeskSettingsGateway = $modsForHeskSettingsGateway;
+    }
+
+    /**
+     * @param $category Category
+     * @param $userContext
+     * @param $heskSettings array
+     * @return Category The newly created category with ID
+     * @throws ValidationException When validation fails
+     * @throws \Exception When the newly created category was not retrieved
+     */
+    //TODO Test
+    function createCategory($category, $userContext, $heskSettings) {
+        $modsForHeskSettings = $this->modsForHeskSettingsGateway->getAllSettings($heskSettings);
+
+        $validationModel = $this->validate($category, $userContext);
+
+        if (count($validationModel->errorKeys) > 0) {
+            throw new ValidationException($validationModel);
+        }
+
+        $id = $this->categoryGateway->createCategory($category, $heskSettings);
+
+        $allCategories = $this->categoryGateway->getAllCategories($heskSettings, $modsForHeskSettings);
+
+        foreach ($allCategories as $innerCategory) {
+            if ($innerCategory->id === $id) {
+                return $innerCategory;
+            }
+        }
+
+        throw new \BaseException("Newly created category {$id} lost! :O");
+    }
+
+    /**
+     * @param $category Category
+     * @param $userContext
+     * @param $creating bool
+     * @return ValidationModel
+     * @throws AccessViolationException
+     */
+    //TODO Test
+    private function validate($category, $userContext, $creating = true) {
+        $validationModel = new ValidationModel();
+
+        if (!$this->permissionChecker->doesUserHavePermission($userContext, UserPrivilege::CAN_MANAGE_CATEGORIES)) {
+            throw new AccessViolationException('User cannot manage categories!');
+        }
+
+        if (!$creating && $category->id < 1) {
+            $validationModel->errorKeys[] = 'ID_MISSING';
+        }
+
+        if ($category->backgroundColor === null || trim($category->backgroundColor) === '') {
+            $validationModel->errorKeys[] = 'BACKGROUND_COLOR_MISSING';
+        }
+
+        if ($category->foregroundColor === null || trim($category->foregroundColor) === '') {
+            $validationModel->errorKeys[] = 'FOREGROUND_COLOR_MISSING';
+        }
+
+        if ($category->name === null || trim($category->name) === '') {
+            $validationModel->errorKeys[] = 'NAME_MISSING';
+        }
+
+        if ($category->priority === null || intval($category->priority) < 0 || intval($category->priority) > 3) {
+            $validationModel->errorKeys[] = 'INVALID_PRIORITY';
+        }
+
+        if ($category->autoAssign === null || !is_bool($category->autoAssign)) {
+            $validationModel->errorKeys[] = 'INVALID_AUTOASSIGN';
+        }
+
+        if ($category->displayBorder === null || !is_bool($category->displayBorder)) {
+            $validationModel->errorKeys[] = 'INVALID_DISPLAY_BORDER';
+        }
+
+        if ($category->type === null || (intval($category->type) !== 0 && intval($category->type) !== 1)) {
+            $validationModel->errorKeys[] = 'INVALID_TYPE';
+        }
+
+        return $validationModel;
+    }
+
+    /**
+     * @param $category Category
+     * @param $userContext
+     * @param $heskSettings array
+     * @return Category
+     * @throws ValidationException
+     * @throws \Exception When the category is missing
+     */
+    function editCategory($category, $userContext, $heskSettings) {
+        $modsForHeskSettings = $this->modsForHeskSettingsGateway->getAllSettings($heskSettings);
+
+        $validationModel = $this->validate($category, $userContext, false);
+
+        if (count($validationModel->errorKeys) > 0) {
+            throw new ValidationException($validationModel);
+        }
+
+        $this->categoryGateway->updateCategory($category, $heskSettings);
+        $this->categoryGateway->resortAllCategories($heskSettings);
+
+        $allCategories = $this->categoryGateway->getAllCategories($heskSettings, $modsForHeskSettings);
+
+        foreach ($allCategories as $innerCategory) {
+            if ($innerCategory->id === $category->id) {
+                return $innerCategory;
+            }
+        }
+
+        throw new \BaseException("Category {$category->id} vanished! :O");
+    }
+
+    function deleteCategory($id, $userContext, $heskSettings) {
+        if (!$this->permissionChecker->doesUserHavePermission($userContext, UserPrivilege::CAN_MANAGE_CATEGORIES)) {
+            throw new AccessViolationException('User cannot manage categories!');
+        }
+
+        if ($id === 1) {
+            throw new \BaseException("Category 1 cannot be deleted!");
+        }
+
+        $this->ticketGateway->moveTicketsToDefaultCategory($id, $heskSettings);
+        $this->categoryGateway->deleteCategory($id, $heskSettings);
+        $this->categoryGateway->resortAllCategories($heskSettings);
+    }
+
+    function sortCategory($id, $direction, $heskSettings) {
+        $modsForHeskSettings = $this->modsForHeskSettingsGateway->getAllSettings($heskSettings);
+
+        $categories = $this->categoryGateway->getAllCategories($heskSettings, $modsForHeskSettings);
+        $category = null;
+        foreach ($categories as $innerCategory) {
+            if ($innerCategory->id === intval($id)) {
+                $category = $innerCategory;
+                break;
+            }
+        }
+
+        if ($category === null) {
+            throw new \BaseException("Could not find category with ID {$id}!");
+        }
+
+        if ($direction === Direction::UP) {
+            $category->catOrder -= 15;
+        } else {
+            $category->catOrder += 15;
+        }
+
+        $this->categoryGateway->updateCategory($category, $heskSettings);
+        $this->categoryGateway->resortAllCategories($heskSettings);
+    }
+
+    function getPublicCategories($heskSettings) {
+        $allCategories = $this->categoryGateway->getAllCategories($heskSettings, $this->modsForHeskSettingsGateway->getAllSettings($heskSettings));
+
+        $publicCategories = array();
+        foreach ($allCategories as $category) {
+            if ($category->type === 0) {
+                $publicCategories[] = $category;
+            }
+        }
+
+        return $publicCategories;
+    }
+}

api/BusinessLogic/Categories/CategoryRetriever.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace BusinessLogic\Categories;
+
+use BusinessLogic\Security\UserContext;
+use DataAccess\Categories\CategoryGateway;
+use DataAccess\Settings\ModsForHeskSettingsGateway;
+
+class CategoryRetriever extends \BaseClass {
+    /**
+     * @var CategoryGateway
+     */
+    private $categoryGateway;
+
+    /**
+     * @var ModsForHeskSettingsGateway
+     */
+    private $modsForHeskSettingsGateway;
+
+    function __construct(CategoryGateway $categoryGateway,
+                         ModsForHeskSettingsGateway $modsForHeskSettingsGateway) {
+        $this->categoryGateway = $categoryGateway;
+        $this->modsForHeskSettingsGateway = $modsForHeskSettingsGateway;
+    }
+
+    /**
+     * @param $heskSettings array
+     * @param $userContext UserContext
+     * @return array
+     */
+    function getAllCategories($heskSettings, $userContext) {
+        $modsForHeskSettings = $this->modsForHeskSettingsGateway->getAllSettings($heskSettings);
+
+        $categories = $this->categoryGateway->getAllCategories($heskSettings, $modsForHeskSettings);
+
+        foreach ($categories as $category) {
+            $category->accessible = $userContext->admin ||
+                in_array($category->id, $userContext->categories);
+        }
+
+        return $categories;
+    }
+}

api/BusinessLogic/DateTimeHelpers.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace BusinessLogic;
+
+
+class DateTimeHelpers {
+    static function heskDate($heskSettings, $dt = '', $isStr = true, $return_str = true) {
+
+        if (!$dt) {
+            $dt = time();
+        } elseif ($isStr) {
+            $dt = strtotime($dt);
+        }
+
+        // Return formatted date
+        return $return_str ? date($heskSettings['timeformat'], $dt) : $dt;
+
+    }
+}

api/BusinessLogic/Emails/Addressees.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace BusinessLogic\Emails;
+
+
+class Addressees extends \BaseClass {
+    /**
+     * @var $to string[]
+     */
+    public $to;
+
+    /**
+     * @var $cc string[]|null
+     */
+    public $cc = array();
+
+    /**
+     * @var $bcc string[]|null
+     */
+    public $bcc = array();
+}

api/BusinessLogic/Emails/BasicEmailSender.php

@@ -0,0 +1,84 @@
+<?php
+
+namespace BusinessLogic\Emails;
+
+
+use BusinessLogic\Tickets\Attachment;
+use BusinessLogic\Tickets\Ticket;
+use PHPMailer;
+
+class BasicEmailSender extends \BaseClass implements EmailSender {
+
+    function sendEmail($emailBuilder, $heskSettings, $modsForHeskSettings, $sendAsHtml) {
+        $toEmails = implode(',', $emailBuilder->to);
+        if (preg_match("/\n|\r|\t|%0A|%0D|%08|%09/", $toEmails . $emailBuilder->subject)) {
+            return false;
+        }
+
+        $mailer = new PHPMailer();
+
+        if ($heskSettings['smtp']) {
+            $mailer->isSMTP();
+            $mailer->SMTPAuth = true;
+
+            //-- We'll set this explicitly below if the user has it enabled.
+            $mailer->SMTPAutoTLS = false;
+            
+            if ($heskSettings['smtp_ssl']) {
+                $mailer->SMTPSecure = "ssl";
+            } elseif ($heskSettings['smtp_tls']) {
+                $mailer->SMTPSecure = "tls";
+            }
+            $mailer->Host = $heskSettings['smtp_host_name'];
+            $mailer->Port = $heskSettings['smtp_host_port'];
+            $mailer->Username = $heskSettings['smtp_user'];
+            $mailer->Password = $heskSettings['smtp_password'];
+        }
+
+        $mailer->FromName = $heskSettings['noreply_name'] !== null &&
+                            $heskSettings['noreply_name'] !== '' ? $heskSettings['noreply_name'] : '';
+        $mailer->From = $heskSettings['noreply_mail'];
+
+        if ($emailBuilder->to !== null) {
+            foreach ($emailBuilder->to as $to) {
+                $mailer->addAddress($to);
+            }
+        }
+
+        if ($emailBuilder->cc !== null) {
+            foreach ($emailBuilder->cc as $cc) {
+                $mailer->addCC($cc);
+            }
+        }
+
+        if ($emailBuilder->bcc !== null) {
+            foreach ($emailBuilder->bcc as $bcc) {
+                $mailer->addBCC($bcc);
+            }
+        }
+
+        $mailer->Subject = $emailBuilder->subject;
+
+        if ($sendAsHtml) {
+            $mailer->Body = $emailBuilder->htmlMessage;
+            $mailer->AltBody = $emailBuilder->message;
+        } else {
+            $mailer->Body = $emailBuilder->message;
+            $mailer->isHTML(false);
+        }
+        $mailer->Timeout = $heskSettings['smtp_timeout'];
+
+        if ($emailBuilder->attachments !== null) {
+            foreach ($emailBuilder->attachments as $attachment) {
+                $mailer->addAttachment(__DIR__ . '/../../../' . $heskSettings['attach_dir'] . '/' . $attachment->savedName,
+                    $attachment->fileName);
+            }
+        }
+
+        if ($mailer->send()) {
+            return true;
+        }
+
+        return $mailer->ErrorInfo;
+    }
+}

api/BusinessLogic/Emails/EmailBuilder.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace BusinessLogic\Emails;
+
+
+use BusinessLogic\Tickets\Attachment;
+
+class EmailBuilder extends \BaseClass {
+    /**
+     * @var $to string[]
+     */
+    public $to;
+
+    /**
+     * @var $cc string[]
+     */
+    public $cc;
+
+    /**
+     * @var $bcc string[]
+     */
+    public $bcc;
+
+    /**
+     * @var $subject string
+     */
+    public $subject;
+
+    /**
+     * @var $message string
+     */
+    public $message;
+
+    /**
+     * @var $htmlMessage string
+     */
+    public $htmlMessage;
+
+    /**
+     * @var $attachments Attachment[]
+     */
+    public $attachments;
+}

api/BusinessLogic/Emails/EmailSender.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace BusinessLogic\Emails;
+
+
+use BusinessLogic\Tickets\Attachment;
+use BusinessLogic\Tickets\Ticket;
+use PHPMailer;
+
+interface EmailSender {
+    /**
+     * Use to send emails
+     *
+     * @param $emailBuilder EmailBuilder
+     * @param $heskSettings array
+     * @param $modsForHeskSettings array
+     * @param $sendAsHtml bool
+     * @return bool|string|\stdClass true if message sent successfully, string for PHPMail/Smtp error, stdClass for Mailgun error
+     */
+    function sendEmail($emailBuilder, $heskSettings, $modsForHeskSettings, $sendAsHtml);
+}

api/BusinessLogic/Emails/EmailSenderHelper.php

@@ -0,0 +1,76 @@
+<?php
+
+namespace BusinessLogic\Emails;
+
+
+use BusinessLogic\Tickets\Ticket;
+
+class EmailSenderHelper extends \BaseClass {
+    /**
+     * @var $emailTemplateParser EmailTemplateParser
+     */
+    private $emailTemplateParser;
+
+    /**
+     * @var $basicEmailSender BasicEmailSender
+     */
+    private $basicEmailSender;
+
+    /**
+     * @var $mailgunEmailSender MailgunEmailSender
+     */
+    private $mailgunEmailSender;
+
+    function __construct(EmailTemplateParser $emailTemplateParser,
+                         BasicEmailSender $basicEmailSender,
+                         MailgunEmailSender $mailgunEmailSender) {
+        $this->emailTemplateParser = $emailTemplateParser;
+        $this->basicEmailSender = $basicEmailSender;
+        $this->mailgunEmailSender = $mailgunEmailSender;
+    }
+
+    /**
+     * @param $templateId int the EmailTemplateRetriever::TEMPLATE_NAME
+     * @param $language string the language name
+     * @param $addressees Addressees the addressees. **cc and bcc addresses from custom fields will be added here!**
+     * @param $ticket Ticket
+     * @param $heskSettings array
+     * @param $modsForHeskSettings array
+     */
+    function sendEmailForTicket($templateId, $language, $addressees, $ticket, $heskSettings, $modsForHeskSettings) {
+        $languageCode = $heskSettings['languages'][$language]['folder'];
+
+        $parsedTemplate = $this->emailTemplateParser->getFormattedEmailForLanguage($templateId, $languageCode,
+            $ticket, $heskSettings, $modsForHeskSettings);
+
+        $emailBuilder = new EmailBuilder();
+        $emailBuilder->subject = $parsedTemplate->subject;
+        $emailBuilder->message = $parsedTemplate->message;
+        $emailBuilder->htmlMessage = $parsedTemplate->htmlMessage;
+        $emailBuilder->to = $addressees->to;
+        $emailBuilder->cc = $addressees->cc;
+        $emailBuilder->bcc = $addressees->bcc;
+
+        foreach ($heskSettings['custom_fields'] as $k => $v) {
+            $number = intval(str_replace('custom', '', $k));
+            if ($v['use'] && $v['type'] == 'email' && !empty($ticket->customFields[$number])) {
+                if ($v['value']['email_type'] == 'cc') {
+                    $emailBuilder->cc[] = $ticket->customFields[$number];
+                } elseif ($v['value']['email_type'] == 'bcc') {
+                    $emailBuilder->bcc[] = $ticket->customFields[$number];
+                }
+            }
+        }
+
+        if ($modsForHeskSettings['attachments']) {
+            $emailBuilder->attachments = $ticket->attachments;
+        }
+
+        if ($modsForHeskSettings['use_mailgun']) {
+            $this->mailgunEmailSender->sendEmail($emailBuilder, $heskSettings, $modsForHeskSettings, $modsForHeskSettings['html_emails']);
+        } else {
+            $this->basicEmailSender->sendEmail($emailBuilder, $heskSettings, $modsForHeskSettings, $modsForHeskSettings['html_emails']);
+        }
+
+    }
+}

api/BusinessLogic/Emails/EmailTemplate.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace BusinessLogic\Emails;
+
+
+class EmailTemplate extends \BaseClass {
+    /**
+     * @var $languageKey string
+     */
+    public $languageKey;
+
+    /**
+     * @var $fileName string
+     */
+    public $fileName;
+
+    /**
+     * @var $forStaff bool
+     */
+    public $forStaff;
+
+    function __construct($forStaff, $fileName, $languageKey = null) {
+        $this->languageKey = $languageKey === null ? $fileName : $languageKey;
+        $this->fileName = $fileName;
+        $this->forStaff = $forStaff;
+    }
+}

api/BusinessLogic/Emails/EmailTemplateParser.php

@@ -0,0 +1,385 @@
+<?php
+
+namespace BusinessLogic\Emails;
+
+
+use BusinessLogic\Exceptions\EmailTemplateNotFoundException;
+use BusinessLogic\Exceptions\InvalidEmailTemplateException;
+use BusinessLogic\Helpers;
+use BusinessLogic\Security\UserContext;
+use BusinessLogic\Statuses\DefaultStatusForAction;
+use BusinessLogic\Tickets\Ticket;
+use Core\Constants\Priority;
+use DataAccess\Categories\CategoryGateway;
+use DataAccess\Logging\LoggingGateway;
+use DataAccess\Security\UserGateway;
+use DataAccess\Statuses\StatusGateway;
+
+class EmailTemplateParser extends \BaseClass {
+
+    /**
+     * @var $statusGateway StatusGateway
+     */
+    private $statusGateway;
+
+    /**
+     * @var $categoryGateway CategoryGateway
+     */
+    private $categoryGateway;
+
+    /**
+     * @var $userGateway UserGateway
+     */
+    private $userGateway;
+
+    /**
+     * @var $emailTemplateRetriever EmailTemplateRetriever
+     */
+    private $emailTemplateRetriever;
+
+    /**
+     * @var $logger LoggingGateway
+     */
+    private $logger;
+
+    function __construct(StatusGateway $statusGateway,
+                         CategoryGateway $categoryGateway,
+                         UserGateway $userGateway,
+                         EmailTemplateRetriever $emailTemplateRetriever,
+                         LoggingGateway $loggingGateway) {
+        $this->statusGateway = $statusGateway;
+        $this->categoryGateway = $categoryGateway;
+        $this->userGateway = $userGateway;
+        $this->emailTemplateRetriever = $emailTemplateRetriever;
+        $this->logger = $loggingGateway;
+    }
+
+    /**
+     * @param $templateId int
+     * @param $languageCode string
+     * @param $ticket Ticket
+     * @param $heskSettings array
+     * @param $modsForHeskSettings array
+     * @return ParsedEmailProperties
+     * @throws InvalidEmailTemplateException
+     * @throws \Exception
+     */
+    function getFormattedEmailForLanguage($templateId, $languageCode, $ticket, $heskSettings, $modsForHeskSettings) {
+        global $hesklang;
+
+        $emailTemplate = $this->emailTemplateRetriever->getTemplate($templateId);
+
+        if ($emailTemplate === null) {
+            throw new InvalidEmailTemplateException($templateId);
+        }
+
+        $template = self::getFromFileSystem($emailTemplate->fileName, $languageCode, false);
+        $htmlTemplate = self::getFromFileSystem($emailTemplate->fileName, $languageCode, true);
+        $subject = $hesklang[$emailTemplate->languageKey];
+
+        $fullLanguageName = null;
+        foreach ($heskSettings['languages'] as $key => $value) {
+            if ($value['folder'] === $languageCode) {
+                $fullLanguageName = $key;
+                break;
+            }
+        }
+
+        if ($fullLanguageName === null) {
+            throw new \BaseException("Language code {$languageCode} did not return any valid HESK languages!");
+        }
+
+        $subject = $this->parseSubject($subject, $ticket, $fullLanguageName, $heskSettings, $modsForHeskSettings);
+        $message = $this->parseMessage($template, $ticket, $fullLanguageName, $emailTemplate->forStaff, $heskSettings, $modsForHeskSettings, false);
+        $htmlMessage = $this->parseMessage($htmlTemplate, $ticket, $fullLanguageName, $emailTemplate->forStaff, $heskSettings, $modsForHeskSettings, true);
+
+        return new ParsedEmailProperties($subject, $message, $htmlMessage);
+    }
+
+    /**
+     * @param $template string
+     * @param $language string
+     * @param $html bool
+     * @return string The template
+     * @throws EmailTemplateNotFoundException If the template was not found in the filesystem for the provided language
+     */
+    private function getFromFileSystem($template, $language, $html)
+    {
+        $htmlFolder = $html ? 'html/' : '';
+
+        /* Get email template */
+        $file = "language/{$language}/emails/{$htmlFolder}{$template}.txt";
+        $absoluteFilePath = __DIR__ . '/../../../' . $file;
+
+        if (file_exists($absoluteFilePath)) {
+            return file_get_contents($absoluteFilePath);
+        } else {
+            throw new EmailTemplateNotFoundException($template, $language);
+        }
+    }
+
+    /**
+     * @param $subjectTemplate string
+     * @param $ticket Ticket
+     * @param $language string
+     * @param $heskSettings array
+     * @return string
+     * @throws \Exception if common.inc.php isn't loaded
+     */
+    private function parseSubject($subjectTemplate, $ticket, $language, $heskSettings, $modsForHeskSettings) {
+        global $hesklang;
+
+        if (!function_exists('hesk_msgToPlain')) {
+            throw new \BaseException("common.inc.php not loaded!");
+        }
+
+        if ($ticket === null) {
+            return $subjectTemplate;
+        }
+
+        // Status name and category name
+        $defaultStatus = $this->statusGateway->getStatusForDefaultAction(DefaultStatusForAction::NEW_TICKET, $heskSettings);
+
+        if (key_exists($language, $defaultStatus->localizedNames)) {
+            $statusName = $defaultStatus->localizedNames[$language];
+        } elseif (key_exists('English', $defaultStatus->localizedNames)) {
+            $statusName = $defaultStatus->localizedNames['English'];
+            $this->logger->logWarning('EmailTemplateParser', "No localized status found for status '{$defaultStatus->id}' and language '{$language}'. Defaulted to English.", "", new UserContext(), $heskSettings);
+        } else {
+            $statusName = "[ERROR: No localized status found for status '{$defaultStatus->id}']";
+            $this->logger->logError('EmailTemplateParser', "No localized status found for status '{$defaultStatus->id}'", "",  new UserContext(), $heskSettings);
+        }
+
+        $categories = $this->categoryGateway->getAllCategories($heskSettings, $modsForHeskSettings);
+        $category = null;
+        foreach ($categories as $innerCategory) {
+            if ($innerCategory->id === $ticket->categoryId) {
+                $category = $innerCategory;
+                break;
+            }
+        }
+
+        switch ($ticket->priorityId) {
+            case Priority::CRITICAL:
+                $priority = $hesklang['critical'];
+                break;
+            case Priority::HIGH:
+                $priority = $hesklang['high'];
+                break;
+            case Priority::MEDIUM:
+                $priority = $hesklang['medium'];
+                break;
+            case Priority::LOW:
+                $priority = $hesklang['low'];
+                break;
+            default:
+                $priority = 'PRIORITY NOT FOUND';
+                break;
+        }
+
+        // Special tags
+        $subject = str_replace('%%SUBJECT%%', $ticket->subject, $subjectTemplate);
+        $subject = str_replace('%%TRACK_ID%%', $ticket->trackingId, $subject);
+        $subject = str_replace('%%CATEGORY%%', $category->id, $subject);
+        $subject = str_replace('%%PRIORITY%%', $priority, $subject);
+        $subject = str_replace('%%STATUS%%', $statusName, $subject);
+
+        return $subject;
+    }
+
+    /**
+     * @param $messageTemplate string
+     * @param $ticket Ticket
+     * @param $language string
+     * @param $heskSettings array
+     * @return string
+     * @throws \Exception if common.inc.php isn't loaded
+     */
+    private function parseMessage($messageTemplate, $ticket, $language, $admin, $heskSettings, $modsForHeskSettings, $html) {
+        global $hesklang;
+
+        if (!function_exists('hesk_msgToPlain')) {
+            throw new \BaseException("common.inc.php not loaded!");
+        }
+
+        if ($ticket === null) {
+            return $messageTemplate;
+        }
+
+        $heskSettings['site_title'] = hesk_msgToPlain($heskSettings['site_title'], 1);
+
+        // Is email required to view ticket (for customers only)?
+        $heskSettings['e_param'] = $heskSettings['email_view_ticket'] ? '&e=' . rawurlencode(implode(';', $ticket->email)) : '';
+
+        /* Generate the ticket URLs */
+        $trackingURL = $heskSettings['hesk_url'];
+        $trackingURL .= $admin ? '/' . $heskSettings['admin_dir'] . '/admin_ticket.php' : '/ticket.php';
+        $trackingURL .= '?track=' . $ticket->trackingId . ($admin ? '' : $heskSettings['e_param']) . '&Refresh=' . rand(10000, 99999);
+
+        // Status name and category name
+        $defaultStatus = $this->statusGateway->getStatusForDefaultAction(DefaultStatusForAction::NEW_TICKET, $heskSettings);
+        $statusName = hesk_msgToPlain($defaultStatus->localizedNames[$language]);
+
+        $categories = $this->categoryGateway->getAllCategories($heskSettings, $modsForHeskSettings);
+        $category = null;
+        foreach ($categories as $innerCategory) {
+            if ($innerCategory->id === $ticket->categoryId) {
+                $category = $innerCategory;
+                break;
+            }
+        }
+
+        $category = hesk_msgToPlain($category->name);
+        $owner = $this->userGateway->getUserById($ticket->ownerId, $heskSettings);
+
+        $ownerName = $owner === null ? $hesklang['unas'] : hesk_msgToPlain($owner->name);
+
+        switch ($ticket->priorityId) {
+            case Priority::CRITICAL:
+                $priority = $hesklang['critical'];
+                break;
+            case Priority::HIGH:
+                $priority = $hesklang['high'];
+                break;
+            case Priority::MEDIUM:
+                $priority = $hesklang['medium'];
+                break;
+            case Priority::LOW:
+                $priority = $hesklang['low'];
+                break;
+            default:
+                $priority = 'PRIORITY NOT FOUND';
+                break;
+        }
+
+        // Special tags
+        $msg = str_replace('%%NAME%%', $ticket->name, $messageTemplate);
+        $msg = str_replace('%%SUBJECT%%', $ticket->subject, $msg);
+        $msg = str_replace('%%TRACK_ID%%', $ticket->trackingId, $msg);
+        $msg = str_replace('%%TRACK_URL%%', $trackingURL, $msg);
+        $msg = str_replace('%%SITE_TITLE%%', $heskSettings['site_title'], $msg);
+        $msg = str_replace('%%SITE_URL%%', $heskSettings['site_url'], $msg);
+        $msg = str_replace('%%FIRST_NAME%%', Helpers::fullNameToFirstName($ticket->name), $msg);
+        $msg = str_replace('%%CATEGORY%%', $category, $msg);
+        $msg = str_replace('%%PRIORITY%%', $priority, $msg);
+        $msg = str_replace('%%OWNER%%', $ownerName, $msg);
+        $msg = str_replace('%%STATUS%%', $statusName, $msg);
+        $msg = str_replace('%%EMAIL%%', implode(';', $ticket->email), $msg);
+        $msg = str_replace('%%CREATED%%', $ticket->dateCreated, $msg);
+        $msg = str_replace('%%UPDATED%%', $ticket->lastChanged, $msg);
+        $msg = str_replace('%%ID%%', $ticket->id, $msg);
+        $msg = str_replace('%%TIME_WORKED%%', $ticket->timeWorked, $msg);
+
+        $lastReplyBy = '';
+        // Get the last reply by
+        if (!empty($ticket->lastReplier)) {
+            $lastReplyBy = $ticket->lastReplier;
+        } else {
+            $lastReplyBy = $ticket->name;
+        }
+
+        $msg = str_replace('%%LAST_REPLY_BY%%', $lastReplyBy, $msg);
+
+        /* All custom fields */
+        for ($i=1; $i<=50; $i++) {
+            $k = 'custom'.$i;
+
+            if (isset($heskSettings['custom_fields'][$k]) && isset($ticket->customFields[$i])) {
+                $v = $heskSettings['custom_fields'][$k];
+
+                switch ($v['type']) {
+                    case 'checkbox':
+                        $ticket->customFields[$i] = str_replace("<br>","\n",$ticket->customFields[$i]);
+                        break;
+                    case 'date':
+                        $ticket->customFields[$i] = hesk_custom_date_display_format($ticket->customFields[$i], $v['value']['date_format']);
+                        break;
+                }
+
+                $msg = str_replace('%%'.strtoupper($k).'%%',stripslashes($ticket->customFields[$i]),$msg);
+            } else {
+                $msg = str_replace('%%'.strtoupper($k).'%%','',$msg);
+            }
+        }
+
+        // Is message tag in email template?
+        if (strpos($msg, '%%MESSAGE%%') !== false) {
+            // Replace message
+            if ($html) {
+                $htmlMessage = html_entity_decode($ticket->message);
+                $htmlMessage = nl2br($htmlMessage);
+                $msg = str_replace('%%MESSAGE%%', $htmlMessage, $msg);
+            } else {
+                $plainTextMessage = $ticket->message;
+
+                $messageHtml = $ticket->usesHtml;
+
+                if (count($ticket->replies) > 0) {
+                    $lastReply = end($ticket->replies);
+                    $messageHtml = $lastReply->usesHtml;
+                }
+
+                if ($messageHtml) {
+                    if (!function_exists('convert_html_to_text')) {
+                        require(__DIR__ . '/../../../inc/html2text/html2text.php');
+                    }
+                    $plainTextMessage = convert_html_to_text($plainTextMessage);
+                    $plainTextMessage = fix_newlines($plainTextMessage);
+                }
+                $msg = str_replace('%%MESSAGE%%', $plainTextMessage, $msg);
+            }
+
+            // Add direct links to any attachments at the bottom of the email message
+            if ($heskSettings['attachments']['use'] && isset($ticket->attachments) && count($ticket->attachments) > 0) {
+                if (!$modsForHeskSettings['attachments']) {
+                    if ($html) {
+                        $msg .= "<br><br><br>" . $hesklang['fatt'];
+                    } else {
+                        $msg .= "\n\n\n" . $hesklang['fatt'];
+                    }
+
+                    foreach ($ticket->attachments as $attachment) {
+                        if ($html) {
+                            $msg .= "<br><br>{$attachment->fileName}<br>";
+                        } else {
+                            $msg .= "\n\n{$attachment->fileName}\n";
+                        }
+
+                        $msg .= "{$heskSettings['hesk_url']}/download_attachment.php?att_id={$attachment->id}&track={$ticket->trackingId}{$heskSettings['e_param']}";
+                    }
+                }
+            }
+
+            // For customer notifications: if we allow email piping/pop 3 fetching and
+            // stripping quoted replies add an "reply above this line" tag
+            if (!$admin && ($heskSettings['email_piping'] || $heskSettings['pop3']) && $heskSettings['strip_quoted']) {
+                $msg = $hesklang['EMAIL_HR'] . "\n\n" . $msg;
+            }
+        } elseif (strpos($msg, '%%MESSAGE_NO_ATTACHMENTS%%') !== false) {
+            if ($html) {
+                $htmlMessage = nl2br($ticket->message);
+                $msg = str_replace('%%MESSAGE_NO_ATTACHMENTS%%', $htmlMessage, $msg);
+            } else {
+                $plainTextMessage = $ticket->message;
+
+                $messageHtml = $ticket->usesHtml;
+
+                if (count($ticket->replies) > 0) {
+                    $lastReply = end($ticket->replies);
+                    $messageHtml = $lastReply->usesHtml;
+                }
+
+                if ($messageHtml) {
+                    if (!function_exists('convert_html_to_text')) {
+                        require(__DIR__ . '/../../../inc/html2text/html2text.php');
+                    }
+                    $plainTextMessage = convert_html_to_text($plainTextMessage);
+                    $plainTextMessage = fix_newlines($plainTextMessage);
+                }
+                $msg = str_replace('%%MESSAGE_NO_ATTACHMENTS%%', $plainTextMessage, $msg);
+            }
+        }
+
+        return $msg;
+    }
+}

api/BusinessLogic/Emails/EmailTemplateRetriever.php

@@ -0,0 +1,65 @@
+<?php
+
+namespace BusinessLogic\Emails;
+
+
+class EmailTemplateRetriever extends \BaseClass {
+    /**
+     * @var $validTemplates EmailTemplate[]
+     */
+    private $validTemplates;
+
+    function __construct() {
+        $this->validTemplates = array();
+        $this->initializeArray();
+    }
+
+    const FORGOT_TICKET_ID = 0;
+    const NEW_REPLY_BY_STAFF = 1;
+    const NEW_TICKET = 2;
+    const VERIFY_EMAIL = 3;
+    const TICKET_CLOSED = 4;
+    const CATEGORY_MOVED = 5;
+    const NEW_REPLY_BY_CUSTOMER = 6;
+    const NEW_TICKET_STAFF = 7;
+    const TICKET_ASSIGNED_TO_YOU = 8;
+    const NEW_PM = 9;
+    const NEW_NOTE = 10;
+    const RESET_PASSWORD = 11;
+    const CALENDAR_REMINDER = 12;
+    const OVERDUE_TICKET = 13;
+
+    function initializeArray() {
+        if (count($this->validTemplates) > 0) {
+            //-- Map already built
+            return;
+        }
+
+        $this->validTemplates[self::FORGOT_TICKET_ID] = new EmailTemplate(false, 'forgot_ticket_id');
+        $this->validTemplates[self::NEW_REPLY_BY_STAFF] = new EmailTemplate(false, 'new_reply_by_staff');
+        $this->validTemplates[self::NEW_TICKET] = new EmailTemplate(false, 'new_ticket', 'ticket_received');
+        $this->validTemplates[self::VERIFY_EMAIL] = new EmailTemplate(false, 'verify_email');
+        $this->validTemplates[self::TICKET_CLOSED] = new EmailTemplate(false, 'ticket_closed');
+        $this->validTemplates[self::CATEGORY_MOVED] = new EmailTemplate(true, 'category_moved');
+        $this->validTemplates[self::NEW_REPLY_BY_CUSTOMER] = new EmailTemplate(true, 'new_reply_by_customer');
+        $this->validTemplates[self::NEW_TICKET_STAFF] = new EmailTemplate(true, 'new_ticket_staff');
+        $this->validTemplates[self::TICKET_ASSIGNED_TO_YOU] = new EmailTemplate(true, 'ticket_assigned_to_you');
+        $this->validTemplates[self::NEW_PM] = new EmailTemplate(true, 'new_pm');
+        $this->validTemplates[self::NEW_NOTE] = new EmailTemplate(true, 'new_note');
+        $this->validTemplates[self::RESET_PASSWORD] = new EmailTemplate(true, 'reset_password');
+        $this->validTemplates[self::CALENDAR_REMINDER] = new EmailTemplate(true, 'reset_password');
+        $this->validTemplates[self::OVERDUE_TICKET] = new EmailTemplate(true, 'overdue_ticket');
+    }
+
+    /**
+     * @param $templateId
+     * @return EmailTemplate|null
+     */
+    function getTemplate($templateId) {
+        if (isset($this->validTemplates[$templateId])) {
+            return $this->validTemplates[$templateId];
+        }
+
+        return null;
+    }
+}

api/BusinessLogic/Emails/MailgunEmailSender.php

@@ -0,0 +1,73 @@
+<?php
+
+namespace BusinessLogic\Emails;
+
+
+use BusinessLogic\Tickets\Attachment;
+use BusinessLogic\Tickets\Ticket;
+use Mailgun\Mailgun;
+
+class MailgunEmailSender extends \BaseClass implements EmailSender {
+    function sendEmail($emailBuilder, $heskSettings, $modsForHeskSettings, $sendAsHtml) {
+        $mailgunArray = array();
+
+        $mailgunArray['from'] = $heskSettings['noreply_mail']; // Email Address
+        if ($heskSettings['noreply_name'] !== null && $heskSettings['noreply_name'] !== '') {
+            $mailgunArray['from'] = "{$heskSettings['noreply_name']} <{$heskSettings['noreply_mail']}>"; // Name and address
+        }
+
+        $mailgunArray['to'] = implode(',', $emailBuilder->to);
+
+        if ($emailBuilder->cc !== null && count($emailBuilder->cc) > 0) {
+            $mailgunArray['cc'] = implode(',', $emailBuilder->cc);
+        }
+
+        if ($emailBuilder->bcc !== null && count($emailBuilder->bcc) > 0) {
+            $mailgunArray['bcc'] = implode(',', $emailBuilder->bcc);
+        }
+
+        $mailgunArray['subject'] = $emailBuilder->subject;
+        $mailgunArray['text'] = $emailBuilder->message;
+
+        if ($sendAsHtml) {
+            $mailgunArray['html'] = $emailBuilder->htmlMessage;
+        }
+
+        $mailgunAttachments = array();
+        if ($emailBuilder->attachments !== null) {
+            foreach ($emailBuilder->attachments as $attachment) {
+                $mailgunAttachments[] = array(
+                    'remoteName' => $attachment->fileName,
+                    'filePath' => __DIR__ . '/../../../' . $heskSettings['attach_dir'] . '/' . $attachment->savedName
+                );
+            }
+        }
+
+        $result = $this->sendMessage($mailgunArray, $mailgunAttachments, $modsForHeskSettings);
+
+
+        if (isset($result->http_response_code)
+            && $result->http_response_code === 200) {
+            return true;
+        }
+
+        return $result;
+    }
+
+    private function sendMessage($mailgunArray, $attachments, $modsForHeskSettings) {
+        $ssl = !defined('NO_MAILGUN_SSL');
+
+        $messageClient = new Mailgun($modsForHeskSettings['mailgun_api_key'], 'api.mailgun.net', 'v2', $ssl);
+
+        $mailgunAttachments = array();
+        if (count($attachments) > 0) {
+            $mailgunAttachments = array(
+                'attachment' => $attachments
+            );
+        }
+
+        $result = $messageClient->sendMessage($modsForHeskSettings['mailgun_domain'], $mailgunArray, $mailgunAttachments);
+
+        return $result;
+    }
+}

api/BusinessLogic/Emails/ParsedEmailProperties.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace BusinessLogic\Emails;
+
+
+class ParsedEmailProperties extends \BaseClass {
+    function __construct($subject, $message, $htmlMessage) {
+        $this->subject = $subject;
+        $this->message = $message;
+        $this->htmlMessage = $htmlMessage;
+    }
+
+    /**
+     * @var $subject string
+     */
+    public $subject;
+
+    /**
+     * @var $message string
+     */
+    public $message;
+
+    /**
+     * @var $htmlMessage string
+     */
+    public $htmlMessage;
+}

api/BusinessLogic/Exceptions/AccessViolationException.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace BusinessLogic\Exceptions;
+
+
+class AccessViolationException extends ApiFriendlyException {
+    function __construct($message) {
+        parent::__construct($message, 'Access Exception', 403);
+    }
+}

api/BusinessLogic/Exceptions/ApiFriendlyException.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace BusinessLogic\Exceptions;
+
+
+use Exception;
+
+class ApiFriendlyException extends \BaseException {
+    public $title;
+    public $httpResponseCode;
+
+    /**
+     * ApiFriendlyException constructor.
+     * @param string $message
+     * @param string $title
+     * @param int $httpResponseCode
+     */
+    function __construct($message, $title, $httpResponseCode) {
+        $this->title = $title;
+        $this->httpResponseCode = $httpResponseCode;
+
+        parent::__construct($message);
+    }
+
+}

api/BusinessLogic/Exceptions/EmailTemplateNotFoundException.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: mkoch
+ * Date: 2/22/2017
+ * Time: 10:00 PM
+ */
+
+namespace BusinessLogic\Exceptions;
+
+
+class EmailTemplateNotFoundException extends ApiFriendlyException {
+    function __construct($emailTemplate, $language) {
+        parent::__construct(sprintf("The email template '%s' was not found for the language '%s'", $emailTemplate, $language),
+            'Email Template Not Found!', 400);
+    }
+}

api/BusinessLogic/Exceptions/InternalUseOnlyException.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace BusinessLogic\Exceptions;
+
+
+class InternalUseOnlyException extends ApiFriendlyException {
+    function __construct() {
+        parent::__construct("This endpoint can only be used internally", "Internal Use Only", 401);
+    }
+}

api/BusinessLogic/Exceptions/InvalidAuthenticationTokenException.php

@@ -0,0 +1,12 @@
+<?php
+
+namespace BusinessLogic\Exceptions;
+
+
+class InvalidAuthenticationTokenException extends ApiFriendlyException {
+    public function __construct() {
+        parent::__construct('The X-Auth-Token is invalid. The token must be for an active helpdesk user.',
+            'Security Exception',
+            401);
+    }
+}

api/BusinessLogic/Exceptions/InvalidEmailTemplateException.php

@@ -0,0 +1,16 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: mkoch
+ * Date: 2/23/2017
+ * Time: 8:13 PM
+ */
+
+namespace BusinessLogic\Exceptions;
+
+
+class InvalidEmailTemplateException extends ApiFriendlyException {
+    function __construct($template) {
+        parent::__construct(sprintf("The email template '%s' is invalid", $template), 'Invalid Email Template', 400);
+    }
+}

api/BusinessLogic/Exceptions/MissingAuthenticationTokenException.php

@@ -0,0 +1,11 @@
+<?php
+
+namespace BusinessLogic\Exceptions;
+
+class MissingAuthenticationTokenException extends ApiFriendlyException {
+    function __construct() {
+        parent::__construct("An 'X-Auth-Token' is required for this request",
+            'Security Exception',
+            401);
+    }
+}

api/BusinessLogic/Exceptions/SessionNotActiveException.php

@@ -0,0 +1,16 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: cokoch
+ * Date: 5/2/2017
+ * Time: 12:28 PM
+ */
+
+namespace BusinessLogic\Exceptions;
+
+
+class SessionNotActiveException extends ApiFriendlyException {
+    function __construct() {
+        parent::__construct("You must be logged in to call internal API methods", "Authentication Required", 401);
+    }
+}

api/BusinessLogic/Exceptions/ValidationException.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace BusinessLogic\Exceptions;
+
+use BusinessLogic\ValidationModel;
+use Exception;
+
+class ValidationException extends ApiFriendlyException {
+    /**
+     * ValidationException constructor.
+     * @param ValidationModel $validationModel The validation model
+     * @throws Exception If the validationModel's errorKeys is empty
+     */
+    function __construct($validationModel) {
+        if (count($validationModel->errorKeys) === 0) {
+            throw new Exception('Tried to throw a ValidationException, but the validation model was valid or had 0 error keys!');
+        }
+
+        parent::__construct(implode(",", $validationModel->errorKeys), "Validation Failed. Error keys are available in the message section.", 400);
+    }
+}

api/BusinessLogic/Helpers.php

@@ -0,0 +1,244 @@
+<?php
+
+namespace BusinessLogic;
+
+
+class Helpers extends \BaseClass {
+    static function getHeader($key) {
+        $headers = getallheaders();
+
+        $uppercaseHeaders = array();
+        foreach ($headers as $header => $value) {
+            $uppercaseHeaders[strtoupper($header)] = $value;
+        }
+
+        return isset($uppercaseHeaders[$key])
+            ? $uppercaseHeaders[$key]
+            : NULL;
+    }
+
+    static function hashToken($token) {
+        return hash('sha512', $token);
+    }
+
+    static function safeArrayGet($array, $key) {
+        return $array !== null && array_key_exists($key, $array)
+            ? $array[$key]
+            : null;
+    }
+
+    static function boolval($val) {
+        return $val == true;
+    }
+
+    static function heskHtmlSpecialCharsDecode($in) {
+        return str_replace(array('&amp;', '&lt;', '&gt;', '&quot;'), array('&', '<', '>', '"'), $in);
+    }
+
+    static function heskMakeUrl($text, $class = '', $shortenLinks = true) {
+        if (!defined('MAGIC_URL_EMAIL')) {
+            define('MAGIC_URL_EMAIL', 1);
+            define('MAGIC_URL_FULL', 2);
+            define('MAGIC_URL_LOCAL', 3);
+            define('MAGIC_URL_WWW', 4);
+        }
+
+        $class = ($class) ? ' class="' . $class . '"' : '';
+
+        // matches a xxxx://aaaaa.bbb.cccc. ...
+        $text = preg_replace_callback(
+            '#(^|[\n\t (>.])(' . "[a-z][a-z\d+]*:/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?" . ')#iu',
+            function($matches) use ($class, $shortenLinks) {
+                return self::makeClickableCallback(MAGIC_URL_FULL, $matches[1], $matches[2], '', $class, $shortenLinks);
+            },
+            $text
+        );
+
+        // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
+        $text = preg_replace_callback(
+            '#(^|[\n\t (>])(' . "www\.(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})+(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?" . ')#iu',
+            function($matches) use ($class, $shortenLinks) {
+                return self::makeClickableCallback(MAGIC_URL_WWW, $matches[1], $matches[2], '', $class, $shortenLinks);
+            },
+            $text
+        );
+
+        // matches an email address
+        $text = preg_replace_callback(
+            '/(^|[\n\t (>])(' . '((?:[\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&amp;)+)@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)' . ')/iu',
+            function($matches) use ($class, $shortenLinks) {
+                return self::makeClickableCallback(MAGIC_URL_EMAIL, $matches[1], $matches[2], '', $class, $shortenLinks);
+            },
+            $text
+        );
+
+        return $text;
+    }
+
+    static function makeClickableCallback($type, $whitespace, $url, $relative_url, $class, $shortenLinks)
+    {
+        global $hesk_settings;
+
+        $orig_url = $url;
+        $orig_relative = $relative_url;
+        $append = '';
+        $url = htmlspecialchars_decode($url);
+        $relative_url = htmlspecialchars_decode($relative_url);
+
+        // make sure no HTML entities were matched
+        $chars = array('<', '>', '"');
+        $split = false;
+
+        foreach ($chars as $char) {
+            $next_split = strpos($url, $char);
+            if ($next_split !== false) {
+                $split = ($split !== false) ? min($split, $next_split) : $next_split;
+            }
+        }
+
+        if ($split !== false) {
+            // an HTML entity was found, so the URL has to end before it
+            $append = substr($url, $split) . $relative_url;
+            $url = substr($url, 0, $split);
+            $relative_url = '';
+        } else if ($relative_url) {
+            // same for $relative_url
+            $split = false;
+            foreach ($chars as $char) {
+                $next_split = strpos($relative_url, $char);
+                if ($next_split !== false) {
+                    $split = ($split !== false) ? min($split, $next_split) : $next_split;
+                }
+            }
+
+            if ($split !== false) {
+                $append = substr($relative_url, $split);
+                $relative_url = substr($relative_url, 0, $split);
+            }
+        }
+
+        // if the last character of the url is a punctuation mark, exclude it from the url
+        $last_char = ($relative_url) ? $relative_url[strlen($relative_url) - 1] : $url[strlen($url) - 1];
+
+        switch ($last_char) {
+            case '.':
+            case '?':
+            case '!':
+            case ':':
+            case ',':
+                $append = $last_char;
+                if ($relative_url) {
+                    $relative_url = substr($relative_url, 0, -1);
+                } else {
+                    $url = substr($url, 0, -1);
+                }
+                break;
+
+            // set last_char to empty here, so the variable can be used later to
+            // check whether a character was removed
+            default:
+                $last_char = '';
+                break;
+        }
+
+        $short_url = ($hesk_settings['short_link'] && strlen($url) > 70 && $shortenLinks) ? substr($url, 0, 54) . ' ... ' . substr($url, -10) : $url;
+
+        switch ($type) {
+            case MAGIC_URL_LOCAL:
+                $tag = 'l';
+                $relative_url = preg_replace('/[&?]sid=[0-9a-f]{32}$/', '', preg_replace('/([&?])sid=[0-9a-f]{32}&/', '$1', $relative_url));
+                $url = $url . '/' . $relative_url;
+                $text = $relative_url;
+
+                // this url goes to http://domain.tld/path/to/board/ which
+                // would result in an empty link if treated as local so
+                // don't touch it and let MAGIC_URL_FULL take care of it.
+                if (!$relative_url) {
+                    return $whitespace . $orig_url . '/' . $orig_relative; // slash is taken away by relative url pattern
+                }
+                break;
+
+            case MAGIC_URL_FULL:
+                $tag = 'm';
+                $text = $short_url;
+                break;
+
+            case MAGIC_URL_WWW:
+                $tag = 'w';
+                $url = 'http://' . $url;
+                $text = $short_url;
+                break;
+
+            case MAGIC_URL_EMAIL:
+                $tag = 'e';
+                $text = $short_url;
+                $url = 'mailto:' . $url;
+                break;
+        }
+
+        $url = htmlspecialchars($url);
+        $text = htmlspecialchars($text);
+        $append = htmlspecialchars($append);
+
+        $html = "$whitespace<a href=\"$url\" target=\"blank\" $class>$text</a>$append";
+
+        return $html;
+    } // END make_clickable_callback()
+
+    static function fullNameToFirstName($full_name) {
+        $name_parts = explode(' ', $full_name);
+
+        // Only one part, return back the original
+        if (count($name_parts) < 2){
+            return $full_name;
+        }
+
+        $first_name = self::heskMbStrToLower($name_parts[0]);
+
+        // Name prefixes without dots
+        $prefixes = array('mr', 'ms', 'mrs', 'miss', 'dr', 'rev', 'fr', 'sr', 'prof', 'sir');
+
+        if (in_array($first_name, $prefixes) || in_array($first_name, array_map(function ($i) {return $i . '.';}, $prefixes))) {
+            if(isset($name_parts[2])) {
+                // Mr James Smith -> James
+                $first_name = $name_parts[1];
+            } else {
+                // Mr Smith (no first name given)
+                return $full_name;
+            }
+        }
+
+        // Detect LastName, FirstName
+        if (self::heskMbSubstr($first_name, -1, 1) == ',') {
+            if (count($name_parts) == 2) {
+                $first_name = $name_parts[1];
+            } else {
+                return $full_name;
+            }
+        }
+
+        // If the first name doesn't have at least 3 chars, return the original
+        if(self::heskMbStrlen($first_name) < 3) {
+            return $full_name;
+        }
+
+        // Return the name with first character uppercase
+        return self::heskUcfirst($first_name);
+    }
+
+    static function heskMbStrToLower($in) {
+        return function_exists('mb_strtolower') ? mb_strtolower($in) : strtolower($in);
+    }
+
+    static function heskMbStrlen($in) {
+        return function_exists('mb_strlen') ? mb_strlen($in, 'UTF-8') : strlen($in);
+    }
+
+    static function heskMbSubstr($in, $start, $length) {
+        return function_exists('mb_substr') ? mb_substr($in, $start, $length, 'UTF-8') : substr($in, $start, $length);
+    }
+
+    static function heskUcfirst($in) {
+        return function_exists('mb_convert_case') ? mb_convert_case($in, MB_CASE_TITLE, 'UTF-8') : ucfirst($in);
+    }
+}

api/BusinessLogic/Navigation/CustomNavElement.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace BusinessLogic\Navigation;
+
+
+class CustomNavElement extends \BaseClass {
+    /* @var $id int*/
+    public $id;
+
+    /* @var $text string[] */
+    public $text;
+
+    /* @var $subtext string[]|null */
+    public $subtext;
+
+    /* @var $imageUrl string|null */
+    public $imageUrl;
+
+    /* @var $fontIcon string|null */
+    public $fontIcon;
+
+    /* @var $place int */
+    public $place;
+
+    /* @var $url string */
+    public $url;
+
+    /* @var $sort int */
+    public $sort;
+}

api/BusinessLogic/Navigation/CustomNavElementHandler.php

@@ -0,0 +1,70 @@
+<?php
+
+namespace BusinessLogic\Navigation;
+
+// TODO Test!
+use BusinessLogic\Exceptions\ApiFriendlyException;
+use DataAccess\Navigation\CustomNavElementGateway;
+
+class CustomNavElementHandler extends \BaseClass {
+    /* @var $customNavElementGateway CustomNavElementGateway */
+    private $customNavElementGateway;
+
+    function __construct(CustomNavElementGateway $customNavElementGateway) {
+        $this->customNavElementGateway = $customNavElementGateway;
+    }
+
+
+    function getAllCustomNavElements($heskSettings) {
+        return $this->customNavElementGateway->getAllCustomNavElements($heskSettings);
+    }
+
+    function getCustomNavElement($id, $heskSettings) {
+        $elements = $this->getAllCustomNavElements($heskSettings);
+
+        foreach ($elements as $element) {
+            if ($element->id === intval($id)) {
+                return output($element);
+            }
+        }
+
+        throw new ApiFriendlyException("Custom nav element {$id} not found!", "Element Not Found", 404);
+    }
+
+    function deleteCustomNavElement($id, $heskSettings) {
+        $this->customNavElementGateway->deleteCustomNavElement($id, $heskSettings);
+        $this->customNavElementGateway->resortAllElements($heskSettings);
+    }
+
+    function saveCustomNavElement($element, $heskSettings) {
+        $this->customNavElementGateway->saveCustomNavElement($element, $heskSettings);
+    }
+
+    function createCustomNavElement($element, $heskSettings) {
+        $element = $this->customNavElementGateway->createCustomNavElement($element, $heskSettings);
+        $this->customNavElementGateway->resortAllElements($heskSettings);
+
+        return $element;
+    }
+
+    function sortCustomNavElement($elementId, $direction, $heskSettings) {
+        /* @var $element CustomNavElement */
+        $elements = $this->customNavElementGateway->getAllCustomNavElements($heskSettings);
+        $elementToChange = null;
+        foreach ($elements as $element) {
+            if ($element->id === intval($elementId)) {
+                $elementToChange = $element;
+            }
+        }
+
+
+        if ($direction === Direction::UP) {
+            $elementToChange->sort -= 15;
+        } else {
+            $elementToChange->sort += 15;
+        }
+
+        $this->customNavElementGateway->saveCustomNavElement($elementToChange, $heskSettings);
+        $this->customNavElementGateway->resortAllElements($heskSettings);
+    }
+}

api/BusinessLogic/Navigation/CustomNavElementPlace.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace BusinessLogic\Navigation;
+
+
+class CustomNavElementPlace extends \BaseClass {
+    const HOMEPAGE_BLOCK = 1;
+    const CUSTOMER_NAVIGATION = 2;
+    const ADMIN_NAVIGATION = 3;
+}

api/BusinessLogic/Navigation/Direction.php

@@ -0,0 +1,9 @@
+<?php
+
+namespace BusinessLogic\Navigation;
+
+
+class Direction extends \BaseClass {
+    const UP = 'up';
+    const DOWN = 'down';
+}

api/BusinessLogic/Security/BanRetriever.php

@@ -0,0 +1,52 @@
+<?php
+
+namespace BusinessLogic\Security;
+
+
+use DataAccess\Security\BanGateway;
+
+class BanRetriever extends \BaseClass {
+    /**
+     * @var BanGateway
+     */
+    private $banGateway;
+
+    function __construct(BanGateway $banGateway) {
+        $this->banGateway = $banGateway;
+    }
+
+    /**
+     * @param $email
+     * @param $heskSettings
+     * @return bool
+     */
+    function isEmailBanned($email, $heskSettings) {
+
+        $bannedEmails = $this->banGateway->getEmailBans($heskSettings);
+
+        foreach ($bannedEmails as $bannedEmail) {
+            if ($bannedEmail->email === $email) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * @param $ip int the IP address, converted beforehand using ip2long()
+     * @param $heskSettings
+     * @return bool
+     */
+    function isIpAddressBanned($ip, $heskSettings) {
+        $bannedIps = $this->banGateway->getIpBans($heskSettings);
+
+        foreach ($bannedIps as $bannedIp) {
+            if ($bannedIp->ipFrom <= $ip && $bannedIp->ipTo >= $ip) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}

api/BusinessLogic/Security/BannedEmail.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace BusinessLogic\Security;
+
+
+class BannedEmail extends \BaseClass {
+    /**
+     * @var int
+     */
+    public $id;
+
+    /**
+     * @var string
+     */
+    public $email;
+
+    /**
+     * @var int|null The user who banned the email, or null if the user was deleted
+     */
+    public $bannedById;
+
+    /**
+     * @var string
+     */
+    public $dateBanned;
+}

api/BusinessLogic/Security/BannedIp.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace BusinessLogic\Security;
+
+
+class BannedIp extends \BaseClass {
+    /**
+     * @var int
+     */
+    public $id;
+
+    /**
+     * @var int the lower bound of the IP address range
+     */
+    public $ipFrom;
+
+    /**
+     * @var int the upper bound of the IP address range
+     */
+    public $ipTo;
+
+    /**
+     * @var string the display of the IP ban to be shown to the user
+     */
+    public $ipDisplay;
+
+    /**
+     * @var int|null The user who banned the IP, or null if the user was deleted
+     */
+    public $bannedById;
+
+    /**
+     * @var string
+     */
+    public $dateBanned;
+}

api/BusinessLogic/Security/PermissionChecker.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace BusinessLogic\Security;
+
+
+class PermissionChecker extends \BaseClass {
+    /**
+     * @param $userContext UserContext
+     * @param $permission string
+     * @return bool
+     */
+    function doesUserHavePermission($userContext, $permission) {
+        if ($userContext->admin) {
+            return true;
+        }
+
+        if (in_array($permission, $userContext->permissions)) {
+            return true;
+        }
+
+        return false;
+    }
+}

api/BusinessLogic/Security/UserContext.php

@@ -0,0 +1,131 @@
+<?php
+
+namespace BusinessLogic\Security;
+
+
+use BusinessLogic\Helpers;
+
+class UserContext extends \BaseClass {
+    /* @var $id int */
+    public $id;
+
+    /* @var $username string */
+    public $username;
+
+    /* @var $admin bool */
+    public $admin;
+
+    /* @var $name string */
+    public $name;
+
+    /* @var $email string */
+    public $email;
+
+    /* @var $signature string */
+    public $signature;
+
+    /* @var $language string|null */
+    public $language;
+
+    /* @var $categories int[] */
+    public $categories;
+
+    /* @var $permissions string[] */
+    public $permissions;
+
+    /* @var UserContextPreferences */
+    public $preferences;
+
+    /* @var UserContextNotifications */
+    public $notificationSettings;
+
+    /* @var $autoAssign bool */
+    public $autoAssign;
+
+    /* @var $ratingNegative int */
+    public $ratingNegative;
+
+    /* @var $ratingPositive int */
+    public $ratingPositive;
+
+    /* @var $rating float */
+    public $rating;
+
+    /* @var $totalNumberOfReplies int */
+    public $totalNumberOfReplies;
+
+    /* @var $active bool */
+    public $active;
+
+    function isAnonymousUser() {
+        return $this->id === -1;
+    }
+
+    static function buildAnonymousUser() {
+        $userContext = new UserContext();
+        $userContext->id = -1;
+        $userContext->username = "API - ANONYMOUS USER"; // Usernames can't have spaces, so no one will take this username
+        $userContext->admin = false;
+        $userContext->name = "ANONYMOUS USER";
+        $userContext->email = "anonymous-user@example.com";
+        $userContext->categories = array();
+        $userContext->permissions = array();
+        $userContext->autoAssign = false;
+        $userContext->active = true;
+
+        return $userContext;
+    }
+
+    /**
+     * Builds a user context based on the current session. **The session must be active!**
+     * @param $dataRow array the $_SESSION superglobal or the hesk_users result set
+     * @return UserContext the built user context
+     */
+    static function fromDataRow($dataRow) {
+        $userContext = new UserContext();
+        $userContext->id = intval($dataRow['id']);
+        $userContext->username = $dataRow['user'];
+        $userContext->admin = Helpers::boolval($dataRow['isadmin']);
+        $userContext->name = $dataRow['name'];
+        $userContext->email = $dataRow['email'];
+        $userContext->signature = $dataRow['signature'];
+        $userContext->language = $dataRow['language'];
+        if (is_array($dataRow['categories'])) {
+            $userContext->categories = $dataRow['categories'];
+        } else {
+            $userContext->categories = explode(',', $dataRow['categories']);
+        }
+        $userContext->permissions = explode(',', $dataRow['heskprivileges']);
+        $userContext->autoAssign = Helpers::boolval($dataRow['autoassign']);
+        $userContext->ratingNegative = intval($dataRow['ratingneg']);
+        $userContext->ratingPositive = intval($dataRow['ratingpos']);
+        $userContext->rating = floatval($dataRow['rating']);
+        $userContext->totalNumberOfReplies = intval($dataRow['replies']);
+        $userContext->active = Helpers::boolval($dataRow['active']);
+
+        $preferences = new UserContextPreferences();
+        $preferences->afterReply = intval($dataRow['afterreply']);
+        $preferences->autoStartTimeWorked = Helpers::boolval($dataRow['autostart']);
+        $preferences->autoreload = intval($dataRow['autoreload']);
+        $preferences->defaultNotifyCustomerNewTicket = Helpers::boolval($dataRow['notify_customer_new']);
+        $preferences->defaultNotifyCustomerReply = Helpers::boolval($dataRow['notify_customer_reply']);
+        $preferences->showSuggestedKnowledgebaseArticles = Helpers::boolval($dataRow['show_suggested']);
+        $preferences->defaultCalendarView = intval($dataRow['default_calendar_view']);
+        $preferences->defaultTicketView = $dataRow['default_list'];
+        $userContext->preferences = $preferences;
+
+        $notifications = new UserContextNotifications();
+        $notifications->newUnassigned = Helpers::boolval($dataRow['notify_new_unassigned']);
+        $notifications->newAssignedToMe = Helpers::boolval($dataRow['notify_new_my']);
+        $notifications->replyUnassigned = Helpers::boolval($dataRow['notify_reply_unassigned']);
+        $notifications->replyToMe = Helpers::boolval($dataRow['notify_reply_my']);
+        $notifications->ticketAssignedToMe = Helpers::boolval($dataRow['notify_assigned']);
+        $notifications->privateMessage = Helpers::boolval($dataRow['notify_pm']);
+        $notifications->noteOnTicketAssignedToMe = Helpers::boolval($dataRow['notify_note']);
+        $notifications->noteOnTicketNotAssignedToMe = Helpers::boolval($dataRow['notify_note_unassigned']);
+        $notifications->overdueTicketUnassigned = Helpers::boolval($dataRow['notify_overdue_unassigned']);
+        $userContext->notificationSettings = $notifications;
+
+        return $userContext;
+    }
+}

api/BusinessLogic/Security/UserContextBuilder.php

@@ -0,0 +1,87 @@
+<?php
+
+namespace BusinessLogic\Security;
+
+
+use BusinessLogic\Exceptions\InvalidAuthenticationTokenException;
+use BusinessLogic\Exceptions\MissingAuthenticationTokenException;
+use BusinessLogic\Helpers;
+use DataAccess\Security\UserGateway;
+
+class UserContextBuilder extends \BaseClass {
+    /**
+     * @var UserGateway
+     */
+    private $userGateway;
+
+    function __construct(UserGateway $userGateway) {
+        $this->userGateway = $userGateway;
+    }
+
+    function buildUserContext($authToken, $heskSettings) {
+        $NULL_OR_EMPTY_STRING = 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e';
+
+        $hashedToken = Helpers::hashToken($authToken);
+
+        if ($hashedToken === $NULL_OR_EMPTY_STRING) {
+            throw new MissingAuthenticationTokenException();
+        }
+
+        $userRow = $this->userGateway->getUserForAuthToken($hashedToken, $heskSettings);
+
+        if ($userRow === null) {
+            throw new InvalidAuthenticationTokenException();
+        }
+
+        return UserContext::fromDataRow($userRow);
+    }
+
+    /**
+     * Builds a user context based on the current session. **The session must be active!**
+     * @param $dataRow array the $_SESSION superglobal or the hesk_users result set
+     * @return UserContext the built user context
+     */
+    function fromDataRow($dataRow) {
+        $userContext = new UserContext();
+        $userContext->id = $dataRow['id'];
+        $userContext->username = $dataRow['user'];
+        $userContext->admin = $dataRow['isadmin'];
+        $userContext->name = $dataRow['name'];
+        $userContext->email = $dataRow['email'];
+        $userContext->signature = $dataRow['signature'];
+        $userContext->language = $dataRow['language'];
+        $userContext->categories = explode(',', $dataRow['categories']);
+        $userContext->permissions = explode(',', $dataRow['heskprivileges']);
+        $userContext->autoAssign = $dataRow['autoassign'];
+        $userContext->ratingNegative = $dataRow['ratingneg'];
+        $userContext->ratingPositive = $dataRow['ratingpos'];
+        $userContext->rating = $dataRow['rating'];
+        $userContext->totalNumberOfReplies = $dataRow['replies'];
+        $userContext->active = $dataRow['active'];
+
+        $preferences = new UserContextPreferences();
+        $preferences->afterReply = $dataRow['afterreply'];
+        $preferences->autoStartTimeWorked = $dataRow['autostart'];
+        $preferences->autoreload = $dataRow['autoreload'];
+        $preferences->defaultNotifyCustomerNewTicket = $dataRow['notify_customer_new'];
+        $preferences->defaultNotifyCustomerReply = $dataRow['notify_customer_reply'];
+        $preferences->showSuggestedKnowledgebaseArticles = $dataRow['show_suggested'];
+        $preferences->defaultCalendarView = $dataRow['default_calendar_view'];
+        $preferences->defaultTicketView = $dataRow['default_list'];
+        $userContext->preferences = $preferences;
+
+        $notifications = new UserContextNotifications();
+        $notifications->newUnassigned = $dataRow['notify_new_unassigned'];
+        $notifications->newAssignedToMe = $dataRow['notify_new_my'];
+        $notifications->replyUnassigned = $dataRow['notify_reply_unassigned'];
+        $notifications->replyToMe = $dataRow['notify_reply_my'];
+        $notifications->ticketAssignedToMe = $dataRow['notify_assigned'];
+        $notifications->privateMessage = $dataRow['notify_pm'];
+        $notifications->noteOnTicketAssignedToMe = $dataRow['notify_note'];
+        $notifications->noteOnTicketNotAssignedToMe = $dataRow['notify_note_unassigned'];
+        $notifications->overdueTicketUnassigned = $dataRow['notify_overdue_unassigned'];
+        $userContext->notificationSettings = $notifications;
+
+        return $userContext;
+    }
+}

api/BusinessLogic/Security/UserContextNotifications.php

@@ -0,0 +1,16 @@
+<?php
+
+namespace BusinessLogic\Security;
+
+
+class UserContextNotifications extends \BaseClass {
+    public $newUnassigned;
+    public $newAssignedToMe;
+    public $replyUnassigned;
+    public $replyToMe;
+    public $ticketAssignedToMe;
+    public $privateMessage;
+    public $noteOnTicketAssignedToMe;
+    public $noteOnTicketNotAssignedToMe;
+    public $overdueTicketUnassigned;
+}

api/BusinessLogic/Security/UserContextPreferences.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace BusinessLogic\Security;
+
+
+class UserContextPreferences extends \BaseClass {
+    public $afterReply;
+    public $autoStartTimeWorked;
+    public $autoreload;
+    public $defaultNotifyCustomerNewTicket;
+    public $defaultNotifyCustomerReply;
+    public $showSuggestedKnowledgebaseArticles;
+    public $defaultCalendarView;
+    public $defaultTicketView;
+}

api/BusinessLogic/Security/UserPrivilege.php

@@ -0,0 +1,23 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: mkoch
+ * Date: 3/12/2017
+ * Time: 12:11 PM
+ */
+
+namespace BusinessLogic\Security;
+
+
+class UserPrivilege extends \BaseClass {
+    const CAN_VIEW_TICKETS = 'can_view_tickets';
+    const CAN_REPLY_TO_TICKETS = 'can_reply_tickets';
+    const CAN_EDIT_TICKETS = 'can_edit_tickets';
+    const CAN_DELETE_TICKETS = 'can_del_tickets';
+    const CAN_MANAGE_CATEGORIES = 'can_man_cat';
+    const CAN_VIEW_ASSIGNED_TO_OTHER = 'can_view_ass_others';
+    const CAN_VIEW_UNASSIGNED = 'can_view_unassigned';
+    const CAN_VIEW_ASSIGNED_BY_ME = 'can_view_ass_by';
+    const CAN_MANAGE_SERVICE_MESSAGES = 'can_service_msg';
+    const CAN_CHANGE_DUE_DATE = 'can_change_due_date';
+}