restored original files and go to Versino 1.6 ST.

Author: carlosdelfino

include/class.msgtpl.php

@@ -3,7 +3,7 @@
     class.msgtpl.php
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.
@@ -86,6 +86,8 @@ function update($var,&$errors){
         $fields['ticket_autoresp_body']  = array('type'=>'string',   'required'=>1, 'error'=>'Template message required');
         $fields['message_autoresp_subj'] = array('type'=>'string',   'required'=>1, 'error'=>'Subject required');
         $fields['message_autoresp_body'] = array('type'=>'string',   'required'=>1, 'error'=>'Template message required');
+        $fields['ticket_notice_subj'] = array('type'=>'string',   'required'=>1, 'error'=>'Subject required');
+        $fields['ticket_notice_body'] = array('type'=>'string',   'required'=>1, 'error'=>'Template message required');
         $fields['ticket_overlimit_subj'] = array('type'=>'string',   'required'=>1, 'error'=>'Subject required');
         $fields['ticket_overlimit_body'] = array('type'=>'string',   'required'=>1, 'error'=>'Template message required');
         $fields['ticket_reply_subj']     = array('type'=>'string',   'required'=>1, 'error'=>'Subject required');
@@ -122,6 +124,8 @@ function update($var,&$errors){
                  ',ticket_autoresp_body='.db_input(Format::striptags($var['ticket_autoresp_body'])).
                  ',message_autoresp_subj='.db_input(Format::striptags($var['message_autoresp_subj'])).
                  ',message_autoresp_body='.db_input(Format::striptags($var['message_autoresp_body'])).
+                 ',ticket_notice_subj='.db_input(Format::striptags($var['ticket_notice_subj'])).
+                 ',ticket_notice_body='.db_input(Format::striptags($var['ticket_notice_body'])).
                  ',ticket_alert_subj='.db_input(Format::striptags($var['ticket_alert_subj'])).
                  ',ticket_alert_body='.db_input(Format::striptags($var['ticket_alert_body'])).
                  ',message_alert_subj='.db_input(Format::striptags($var['message_alert_subj'])).
@@ -186,6 +190,8 @@ function create($var,&$errors){
                  ',ticket_autoresp_body='.db_input(Format::striptags($info['ticket_autoresp_body'])).
                  ',message_autoresp_subj='.db_input(Format::striptags($info['message_autoresp_subj'])).
                  ',message_autoresp_body='.db_input(Format::striptags($info['message_autoresp_body'])).
+                 ',ticket_notice_subj='.db_input(Format::striptags($info['ticket_notice_subj'])).
+                 ',ticket_notice_body='.db_input(Format::striptags($info['ticket_notice_body'])).
                  ',ticket_alert_subj='.db_input(Format::striptags($info['ticket_alert_subj'])).
                  ',ticket_alert_body='.db_input(Format::striptags($info['ticket_alert_body'])).
                  ',message_alert_subj='.db_input(Format::striptags($info['message_alert_subj'])).

include/class.nav.php

@@ -5,14 +5,14 @@ class.nav.php
     Navigation helper classes. Pointless BUT helps keep navigation clean and free from errors.
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.
     See LICENSE.TXT for details.
 
     vim: expandtab sw=4 ts=4 sts=4:
-    $Id: class.nav.php,v 1.1.2.2 2009/11/29 22:03:28 carlos.delfino Exp $
+    $Id: $
 **********************************************************************/
 class StaffNav {
     var $tabs=array();
@@ -21,15 +21,9 @@ class StaffNav {
     var $activetab;
     var $ptype;
 
-	function StaffNav($pagetype='staff',$trl = null){
+    function StaffNav($pagetype='staff'){
 		global $thisuser;
 
-		if(isset($trl)){
-			$this->trl = $trl;
-		}else{
-			$this->trl = new Translate();
-		}
-		
 		$this->ptype=$pagetype;
 		$tabs=array();
 		if($thisuser->isAdmin() && strcasecmp($pagetype,'admin')==0) {

include/class.pagenate.php

@@ -5,7 +5,7 @@ class.format.php
  Pagenation  support class
 
  Peter Rotich <[email protected]>
- Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
  http://www.osticket.com
 
  Released under the GNU General Public License WITHOUT ANY WARRANTY.

include/class.staff.php

@@ -85,6 +85,10 @@ function observeDaylight() {
         return $this->udata['daylight_saving']?true:false;
     }
 
+    function getRefreshRate(){
+        return $this->udata['auto_refresh_rate'];
+    }
+
     function getPageLimit() {
         global $cfg;
         $limit=$this->udata['max_page_size'];
@@ -196,6 +200,10 @@ function canAccessDept($deptid){
         return ($this->isadmin() ||in_array($deptid,$this->getDepts()))?true:false;
     }
 
+    function canCreateTickets(){
+        return ($this->isadmin() || $this->udata['can_create_tickets'])?true:false;
+    }
+
     function canEditTickets(){
         return ($this->isadmin() || $this->udata['can_edit_tickets'])?true:false;
     }
@@ -242,6 +250,8 @@ function create($vars,&$errors) {
 
     function save($id,$vars,&$errors) {
 
+        include_once(INCLUDE_DIR.'class.dept.php');
+
         if($id && $id!=$vars['staff_id'])
             $errors['err']='Internal Error';
 
@@ -262,6 +272,8 @@ function save($id,$vars,&$errors) {
 
         if(!$vars['email'] || !Validator::is_email($vars['email']))
             $errors['email']='Valid email required';
+        elseif(Email::getIdByEmail($vars['email']))
+            $errors['email']='Already in-use system email';
 
         if($vars['phone'] && !Validator::is_phone($vars['phone']))
             $errors['phone']='Valid number required';
@@ -298,9 +310,9 @@ function save($id,$vars,&$errors) {
                  ',firstname='.db_input(Format::striptags($vars['firstname'])).
                  ',lastname='.db_input(Format::striptags($vars['lastname'])).
                  ',email='.db_input($vars['email']).
-                 ',phone='.db_input($vars['phone']).
+                 ',phone="'.db_input($vars['phone'],false).'"'.
                  ',phone_ext='.db_input($vars['phone_ext']).
-                 ',mobile='.db_input($vars['mobile']).
+                 ',mobile="'.db_input($vars['mobile'],false).'"'.
                  ',signature='.db_input(Format::striptags($vars['signature']));
 
             if($vars['npassword'])

include/class.sys.php

@@ -5,7 +5,7 @@ class.sys.php
     System core helper.
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.
@@ -23,7 +23,7 @@ class Sys {
 
     var $loglevel=array(1=>'Error','Warning','Debug');
 
-	static $trl ;
+static $trl ;
 
 	static function getTranslatorToLocale($str="us"){
 		if(!isset(self::$trl[$str])){

include/class.ticket.php

@@ -5,7 +5,7 @@ class.ticket.php
     The most important class! Don't play with fire please.
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.
@@ -38,15 +38,17 @@ class Ticket{
     var $fullname;
     var $staff_id;
     var $dept_id;
+    var $topic_id;
     var $dept_name;
     var $subject;
-    var $topic;
+    var $helptopic;
     var $overdue;
 
     var $lastMsgId;
 
     var $dept;  //Dept class
     var $staff; //Staff class
+    var $topic; //Topic class
     var $tlock; //TicketLock class
 
     function Ticket($id,$exid=false){
@@ -56,9 +58,10 @@ function Ticket($id,$exid=false){
     function load($id) {
 
 
-        $sql =' SELECT  ticket.*,lock_id,dept_name,priority_desc FROM '.TICKET_TABLE.' ticket '.
+        $sql =' SELECT  ticket.*,topic.topic_id as topicId,lock_id,dept_name,priority_desc FROM '.TICKET_TABLE.' ticket '.
               ' LEFT JOIN '.DEPT_TABLE.' dept ON ticket.dept_id=dept.dept_id '.
               ' LEFT JOIN '.TICKET_PRIORITY_TABLE.' pri ON ticket.priority_id=pri.priority_id '.
+              ' LEFT JOIN '.TOPIC_TABLE.' topic ON ticket.topic_id=topic.topic_id '.
               ' LEFT JOIN '.TICKET_LOCK_TABLE.' tlock ON ticket.ticket_id=tlock.ticket_id AND tlock.expire>NOW() '.
               ' WHERE ticket.ticket_id='.db_input($id); 
         //echo $sql;
@@ -80,6 +83,7 @@ function load($id) {
             $this->priority=$row['priority_desc'];
             $this->staff_id =$row['staff_id'];
             $this->dept_id  =$row['dept_id'];
+            $this->topic_id  =$row['topicId']; //Note that we're actually joining the topic table to make the topic is not deleted (long story!).
             $this->dept_name    =$row['dept_name'];
             $this->subject =$row['subject'];
             $this->topic =$row['topic'];

include/class.topic.php

@@ -5,7 +5,7 @@ class.topic.php
     Help topic helper
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.
@@ -46,7 +46,7 @@ function load() {
             $this->topic=$info['topic'];
             $this->dept_id=$info['dept_id'];
             $this->priority_id=$info['priority_id'];
-            $this->active=$info['enabled'];
+            $this->active=$info['isactive'];
             $this->autoresp=$info['noautoresp']?false:true;
             $this->info=$info;
             return true;
@@ -84,6 +84,10 @@ function isEnabled() {
          return $this->active?true:false;
     }
 
+    function isActive(){
+        return $this->isEnabled();
+    }
+
     function getInfo() {
         return $this->info;
     }
@@ -110,6 +114,13 @@ function save($id,$vars,&$errors) {
             $errors['topic']='Help topic required';
         elseif(strlen($vars['topic'])<5)
             $errors['topic']='Topic is too short. 5 chars minimum';
+        else{
+            $sql='SELECT topic_id FROM '.TOPIC_TABLE.' WHERE topic='.db_input(Format::striptags($vars['topic']));
+            if($id)
+                $sql.=' AND topic_id!='.db_input($id);
+            if(($res=db_query($sql)) && db_num_rows($res))
+                $errors['topic']='Topic alredy exists';
+        }
 
         if(!$vars['dept_id'])
             $errors['dept_id']='You must select a department';

include/class.usersession.php

@@ -5,14 +5,14 @@ class.usersession.php
     User (client and staff) sessions handle.
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.
     See LICENSE.TXT for details.
 
     vim: expandtab sw=4 ts=4 sts=4:
-    $Id: class.usersession.php,v 1.1.2.1 2009/08/17 18:38:50 carlos.delfino Exp $
+    $Id: $
 **********************************************************************/
 
 include_once(INCLUDE_DIR.'class.client.php');
@@ -67,7 +67,7 @@ function sessionToken(){
       return($token);
    }
 
-   function isvalidSession($htoken,$maxidletime=0){
+   function isvalidSession($htoken,$maxidletime=0,$checkip=false){
         global $cfg;
 
         $token = rawurldecode($htoken);
@@ -90,7 +90,7 @@ function isvalidSession($htoken,$maxidletime=0){
             return FALSE;
         }
         #Make sure IP is still same ( proxy access??????)
-        if(strcmp($ip, MD5($this->ip)))
+        if($checkip && strcmp($ip, MD5($this->ip)))
             return FALSE;
 
         $this->validated=TRUE;
@@ -119,7 +119,7 @@ function isValid(){
         if(!$this->getId() || $this->session->getSessionId()!=session_id())
             return false;
 
-        return $this->session->isvalidSession($_SESSION['_client']['token'],$cfg->getClientTimeout())?true:false;
+        return $this->session->isvalidSession($_SESSION['_client']['token'],$cfg->getClientTimeout(),false)?true:false;
     }
 
     function refreshSession(){
@@ -157,7 +157,7 @@ function isValid(){
         if(!$this->getId() || $this->session->getSessionId()!=session_id())
             return false;
 
-        return $this->session->isvalidSession($_SESSION['_staff']['token'],$cfg->getStaffTimeout())?true:false;
+        return $this->session->isvalidSession($_SESSION['_staff']['token'],$cfg->getStaffTimeout(),$cfg->enableStaffIPBinding())?true:false;
     }
 
     function refreshSession(){

include/class.validator.php

@@ -6,14 +6,14 @@ class.validator.php
    
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.
     See LICENSE.TXT for details.
 
     vim: expandtab sw=4 ts=4 sts=4:
-    $Id: class.validator.php,v 1.1.2.1 2009/08/17 18:38:50 carlos.delfino Exp $
+    $Id: $
 **********************************************************************/
 class Validator {
 
@@ -35,7 +35,7 @@ function setFields(&$fields){
     }
 
 
-    function validate($source){
+    function validate($source,$userinput=true){
 
         $this->errors=array();
         //Check the input and make sure the fields are specified.
@@ -47,6 +47,11 @@ function validate($source){
         if($this->errors)
             return false;
 
+        //if magic quotes are enabled - then try cleaning up inputs before validation...
+        if($userinput && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
+            $source=Format::strip_slashes($source);
+
+
         $this->input=$source;
 
         //Do the do.
@@ -126,16 +131,14 @@ function errors(){
         return $this->errors;
     }
 
-    /* Functione below can be called directly without class instance. Validator::func(var..); */
+    /* Functions below can be called directly without class instance. Validator::func(var..); */
     function is_email($email) {
-        return (preg_match('/^([*+!.&#$|\'\\%\/0-9a-z^_`{}=?~:-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})$/i',trim($email)));
-        /*
-        //return eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$",trim($email));
-        */
+        return (preg_match('/^([*+!.&#$|\'\\%\/0-9a-z^_`{}=?~:-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})$/i',trim(stripslashes($email))));
     }
     function is_phone($phone) {
-        $stripped=eregi_replace("(\(|\)|\-|\+)","",ereg_replace("([  ]+)","",$phone));
-        return (!is_numeric($stripped) || ((strlen($stripped)<7) || (strlen($stripped)>13)))?false:true;
+        /* We're not really validating the phone number but just making sure it doesn't contain illegal chars and of acceptable len */
+        $stripped=preg_replace("(\(|\)|\-|\+|[  ]+)","",$phone);
+        return (!is_numeric($stripped) || ((strlen($stripped)<7) || (strlen($stripped)>16)))?false:true;
     }
 
     function is_url($url) { //Thanks to 4ice for the fix.
@@ -166,7 +169,7 @@ function is_ip($ip) {
             return false;
 
         $ip=trim($ip);
-        if(ereg("^[0-9]{1,3}(.[0-9]{1,3}){3}$",$ip)) {
+        if(preg_match("/^[0-9]{1,3}(.[0-9]{1,3}){3}$/",$ip)) {
             foreach(explode(".", $ip) as $block)
                 if($block<0 || $block>255 )
                     return false;

include/client/footer.inc.php

@@ -1,16 +1,9 @@
  <div style="clear:both"></div> 
  </div>
- <div id="footer">Copyright &copy; Doede.net All rights reserved</div>
+ <div id="footer">Copyright &copy; osTicket.com. All rights reserved</div>
  <div align="center">
     <!--> As a show of support, we ask that you leave powered by osTicket link to help spread the word. Thank you! -->
-    <a id="powered_by" href="http://osticket.com">
-    <img src="./images/poweredby.jpg" width="126" height="23" alt="Powered by osTicket"></a></div>
-    <hr/>
-	<br>
-    Translated Copyright &copy; Doede.net
-	<br />
-	<a id="powered_by" href="http://www.webreus.nl">Hosted By Webreus</a>
-	</div>
+     <a id="powered_by" href="http://osticket.com"><img src="./images/poweredby.jpg" width="126" height="23" alt="Powered by osTicket"></a></div>
 </div>
 </body>
 </html>