restored original files and go to Versino 1.6 ST.

Author: carlosdelfino

api/api.inc.php

@@ -5,7 +5,7 @@
     File included on every API page...handles security and abuse issues
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.

api/cron.php

@@ -5,7 +5,7 @@
     File to handle cron job calls (local and remote).
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.

api/pipe.php

@@ -6,7 +6,7 @@
     Converts piped emails to ticket. Both local and remote!
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.
@@ -89,7 +89,7 @@
 $var['pri']=$cfg->useEmailPriority()?$parser->getPriority():0;
 
 $ticket=null;
-if(ereg ("[[][#][0-9]{1,10}[]]",$var['subject'],$regs)) {
+if(preg_match ("[[#][0-9]{1,10}]",$var['subject'],$regs)) {
     $extid=trim(preg_replace("/[^0-9]/", "", $regs[0]));
     $ticket= new Ticket(Ticket::getIdByExtId($extid));
     //Allow mismatched emails?? For now hell NO.
@@ -115,19 +115,15 @@
     }
 }
 //Ticket created...save attachments if enabled.
-$struct=$parser->getStruct();       
-if($struct && $struct->parts && $cfg->allowEmailAttachments()) {                   
-    for($i = 0; $i < count($struct->parts); $i++) {
-        $part=$struct->parts[$i];
-        if($part->disposition 
-                && (!strcasecmp($part->disposition,'attachment') || !strcasecmp($part->disposition,'inline') || !strcasecmp($part->ctype_primary,'image'))){
-            $filename=$part->d_parameters['filename'];
-            if($filename && $cfg->canUploadFileType($filename)) {
-                $ticket->saveAttachment($filename,$part->body,$msgid,'M');
+if($cfg->allowEmailAttachments()) {                   
+    if($attachments=$parser->getAttachments()){
+        //print_r($attachments);
+        foreach($attachments as $k=>$attachment){
+            if($attachment['filename'] && $cfg->canUploadFileType($attachment['filename'])) {
+                $ticket->saveAttachment($attachment['filename'],$attachment['body'],$msgid,'M');
             }
         }
     }
 }
-//print_r($var);
 api_exit(EX_SUCCESS);
 ?>

images/fibres.png

@@ -5,7 +5,7 @@
     AJAX interface for knowledge base related...allowed methods.
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.
@@ -25,6 +25,15 @@ function cannedResp($params) {
 	    if(($res=db_query($sql)) && db_num_rows($res))
 		    list($response)=db_fetch_row($res);
 
+        if($response && $params['tid'] && strpos($response,'%')!==false) {
+            include_once(INCLUDE_DIR.'class.ticket.php');
+
+            $ticket = new Ticket($params['tid']);
+            if($ticket && $ticket->getId()){
+                $response=$ticket->replaceTemplateVars($response);
+            }
+        }
+
         return $response;
 	}
 }

images/home.gif

@@ -5,7 +5,7 @@
     AJAX interface for tickets
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.
@@ -23,7 +23,7 @@ class TicketsAjaxAPI{
 
     function searchbyemail($params) {
 
-        $input = strtolower($params['input']);
+        $input = db_input(strtolower($params['input']),false);
         $len = strlen($input);
         $limit = isset($params['limit']) ? (int) $params['limit']:25;
         $items=array();
@@ -41,7 +41,7 @@ function searchbyemail($params) {
 
     function search($params) {
 
-        $input = strtolower($params['input']);
+        $input = db_input(strtolower($params['input']),false);
         $len = strlen($input);
         $limit = isset($params['limit']) ? (int) $params['limit']:25;
         $items=array();
@@ -117,5 +117,25 @@ function renewLock($params) {
 
         return '{"id":'.$lock->getId().', "time":'.$lock->getTime().'}';
     }
+
+    function releaseLock($params) {
+        global $thisuser;
+
+        if($params['id'] && is_numeric($params['id'])){ //Lock Id provided!
+        
+            $lock= new TicketLock($params['id']);
+            //Already gone?
+            if(!$lock->load() || !$lock->getStaffId() || $lock->isExpired()) //Said lock doesn't exist or is is expired
+                return 1;
+        
+            //make sure the user actually owns the lock before releasing it.
+            return ($lock->getStaffId()==$thisuser->getId() && $lock->release())?1:0;
+
+        }elseif($params['tid']){ //release all the locks the user owns on the ticket.
+            return TicketLock::removeStaffLocks($thisuser->getId(),$params['tid'])?1:0;
+        }
+
+        return 0;
+    }
 }
 ?>

images/icons/ticket.gif

@@ -5,7 +5,7 @@ class.api.php
     Api related functions...
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.

images/icons/ticket_source_email.gif

@@ -5,7 +5,7 @@ class.banlist.php
     Banned emails handle.
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.

images/icons/ticket_source_other.gif

@@ -0,0 +1,55 @@
+<?php
+/*********************************************************************
+    class.captcha.php
+
+    Very basic captcha class.
+    
+    Peter Rotich <[email protected]>
+    Copyright (c)  2006-2010 osTicket
+    http://www.osticket.com
+
+    Released under the GNU General Public License WITHOUT ANY WARRANTY.
+    See LICENSE.TXT for details.
+
+    vim: expandtab sw=4 ts=4 sts=4:
+    $Id: $
+**********************************************************************/
+class Captcha {
+    var $hash;
+    var $bgimages=array('cottoncandy.png','grass.png','ripple.png','silk.png','whirlpool.png',
+                        'bubbles.png','crackle.png','lines.png','sand.png','snakeskin.png');
+    var $font = 10;
+    function Captcha($len=6,$font=7,$bg=''){
+
+        $this->hash = strtoupper(substr(md5(rand(0, 9999)),rand(0, 24),$len));
+        $this->font = $font;
+
+        if($bg && !is_dir($bg)){ //bg file provided?
+            $this->bgimg=$bg;
+        }else{ //assume dir provided or defaults to local.
+            $this->bgimg=rtrim($bg,'/').'/'.$this->bgimages[array_rand($this->bgimages, 1)];
+        }
+    }
+
+    function getImage(){
+
+        if(!extension_loaded('gd') || !function_exists('gd_info')) //GD ext required.
+            return;
+
+        $_SESSION['captcha'] =''; //Clear
+
+        list($w,$h) = getimagesize($this->bgimg);
+        $x = round(($w/2)-((strlen($this->hash)*imagefontwidth($this->font))/2), 1);
+        $y = round(($h/2)-(imagefontheight($this->font)/2));
+
+        $img= imagecreatefrompng($this->bgimg);
+        imagestring($img,$this->font, $x, $y,$this->hash,imagecolorallocate($img,0, 0, 0));
+
+        Header ("(captcha-content-type:) image/png");
+        imagepng($img);
+        imagedestroy($img);
+        $_SESSION['captcha'] = md5($this->hash);
+    }
+}
+
+?>

images/icons/ticket_source_phone.gif

@@ -8,7 +8,7 @@ class.client.php
     At the moment we will play off the email + ticket ID authentication.
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.

images/icons/ticket_source_web.gif

@@ -5,7 +5,7 @@ class.config.php
  osTicket config info manager.
 
  Peter Rotich <[email protected]>
- Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
  http://www.osticket.com
 
  Released under the GNU General Public License WITHOUT ANY WARRANTY.
@@ -258,6 +258,10 @@ function getLogGracePeriod(){
 		return $this->config['log_graceperiod'];
 	}
 
+    function logTicketActivity(){
+        return $this->config['log_ticket_activity'];
+    }
+
 	function clickableURLS() {
 		return $this->config['clickable_urls']?true:false;
 	}
@@ -266,6 +270,19 @@ function canFetchMail() {
 		return $this->config['enable_mail_fetch']?true:false;
 	}
 
+    function enableStaffIPBinding(){
+        return $this->config['staff_ip_binding']?true:false;
+    }
+
+    function enableCaptcha() {
+        
+        //Checking it in real time!
+        if(!extension_loaded('gd') || !function_exists('gd_info'))
+            return false;
+
+        return $this->config['enable_captcha']?true:false;
+    }
+
 	function enableAutoCron() {
 		return $this->config['enable_auto_cron']?true:false;
 	}
@@ -311,6 +328,11 @@ function autoRespONNewTicket() {
 	function autoRespONNewMessage() {
 		return $this->config['message_autoresponder']?true:false;
 	}
+
+    function notifyONNewStaffTicket(){
+        return $this->config['ticket_notice_active']?true:false;
+    }
+
 	function alertONNewMessage() {
 		return $this->config['message_alert_active']?true:false;
 	}
@@ -498,12 +520,26 @@ function updatePref($var,&$errors) {
 		if($var['strip_quoted_reply'] && !$var['reply_separator'])
 		$errors['reply_separator']='Reply separator required (?)';
 
+        if($var['enable_captcha']){
+            if (!extension_loaded('gd'))
+                $errors['enable_captcha']='The GD extension required';
+            elseif(!function_exists('imagepng'))
+                $errors['enable_captcha']='PNG support required for Image Captcha';
+        }
+
+        if(!$errors['admin_email'] && Email::getIdByEmail($var['admin_email'])) //Make sure admin email is not also a system email.
+            $errors['admin_email']='Email already setup as system email';
+
+
+
+
 		if($errors) return false; //No go!
 
 		//We are good to go...blanket update!
 		$sql= 'UPDATE '.CONFIG_TABLE.' SET isonline='.db_input($var['isonline']).
             ',timezone_offset='.db_input($var['timezone_offset']).
             ',enable_daylight_saving='.db_input(isset($var['enable_daylight_saving'])?1:0).
+            ',staff_ip_binding='.db_input(isset($var['staff_ip_binding'])?1:0).
             ',staff_max_logins='.db_input($var['staff_max_logins']).
             ',staff_login_timeout='.db_input($var['staff_login_timeout']).
             ',staff_session_timeout='.db_input($var['staff_session_timeout']).
@@ -526,16 +562,18 @@ function updatePref($var,&$errors) {
             ',clickable_urls='.db_input(isset($var['clickable_urls'])?1:0).
             ',allow_priority_change='.db_input(isset($var['allow_priority_change'])?1:0).
             ',use_email_priority='.db_input(isset($var['use_email_priority'])?1:0).
+            ',enable_captcha='.db_input(isset($var['enable_captcha'])?1:0).
             ',enable_auto_cron='.db_input(isset($var['enable_auto_cron'])?1:0).
             ',enable_mail_fetch='.db_input(isset($var['enable_mail_fetch'])?1:0).
             ',enable_email_piping='.db_input(isset($var['enable_email_piping'])?1:0).
             ',send_sql_errors='.db_input(isset($var['send_sql_errors'])?1:0).
             ',send_login_errors='.db_input(isset($var['send_login_errors'])?1:0).
             ',save_email_headers='.db_input(isset($var['save_email_headers'])?1:0).
             ',strip_quoted_reply='.db_input(isset($var['strip_quoted_reply'])?1:0).
-            ',email_attachments='.db_input(isset($var['email_attachments'])?1:0).
+            ',log_ticket_activity='.db_input(isset($var['log_ticket_activity'])?1:0).
             ',ticket_autoresponder='.db_input($var['ticket_autoresponder']).
             ',message_autoresponder='.db_input($var['message_autoresponder']).
+            ',ticket_notice_active='.db_input($var['ticket_notice_active']).
             ',ticket_alert_active='.db_input($var['ticket_alert_active']).
             ',ticket_alert_admin='.db_input(isset($var['ticket_alert_admin'])?1:0).
             ',ticket_alert_dept_manager='.db_input(isset($var['ticket_alert_dept_manager'])?1:0).
@@ -562,7 +600,7 @@ function updatePref($var,&$errors) {
             ',date_format='.db_input($var['date_format']).
             ',datetime_format='.db_input($var['datetime_format']).
             ',daydatetime_format='.db_input($var['daydatetime_format']).
-            ',reply_separator='.db_input($var['reply_separator']).
+            ',reply_separator='.db_input(trim($var['reply_separator'])).
             ',admin_email='.db_input($var['admin_email']).
             ',helpdesk_title='.db_input($var['helpdesk_title']).
             ',helpdesk_url='.db_input($var['helpdesk_url']).

images/lipsum.png

@@ -5,7 +5,7 @@ class.cron.php
     Nothing special...just a central location for all cron calls.
     
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.
@@ -35,7 +35,7 @@ function PurgeLogs() {
         Sys::purgeLogs();
     }
 
-    function run(){
+    function run(){ //called by outside cron NOT autocron
         Cron::MailFetcher();
         Cron::TicketMonitor();
         cron::PurgeLogs();

images/logo2.jpg

@@ -5,7 +5,7 @@ class.dept.php
     Department class
 
     Peter Rotich <[email protected]>
-    Copyright (c)  2006,2007,2008,2009 osTicket
+    Copyright (c)  2006-2010 osTicket
     http://www.osticket.com
 
     Released under the GNU General Public License WITHOUT ANY WARRANTY.
@@ -249,7 +249,7 @@ function save($id,$vars,&$errors) {
             if($id) {
                 $sql='UPDATE '.DEPT_TABLE.' '.$sql.' WHERE dept_id='.db_input($id);
                 if(!db_query($sql) || !db_affected_rows())
-                    $errors['err']='Unable to update '.Format::htmlchars($_POST['dept_name']).' Dept. Error occured';
+                    $errors['err']='Unable to update '.Format::input($_POST['dept_name']).' Dept. Error occured';
             }else{
                 $sql='INSERT INTO '.DEPT_TABLE.' '.$sql.',created=NOW()';
                 if(db_query($sql) && ($deptID=db_insert_id()))