PageRenderTime 42ms CodeModel.GetById 13ms RepoModel.GetById 1ms app.codeStats 0ms

/admin/banned_emails.php

https://gitlab.com/kingcody/Mods-for-HESK
PHP | 343 lines | 228 code | 53 blank | 62 comment | 30 complexity | 649a23ff19544a34bfd35d062faa1199 MD5 | raw file
    

  1. <?php
    2. 

  2. /*******************************************************************************
    3. 

  3.  *  Title: Help Desk Software HESK
    4. 

  4.  *  Version: 2.6.7 from 18th April 2016
    5. 

  5.  *  Author: Klemen Stirn
    6. 

  6.  *  Website: http://www.hesk.com
    7. 

  7.  ********************************************************************************
    8. 

  8.  *  COPYRIGHT AND TRADEMARK NOTICE
    9. 

  9.  *  Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
    10. 

  10.  *  HESK is a registered trademark of Klemen Stirn.
    11. 

  11.  *  The HESK may be used and modified free of charge by anyone
    12. 

  12.  *  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
    13. 

  13.  *  By using this code you agree to indemnify Klemen Stirn from any
    14. 

  14.  *  liability that might arise from it's use.
    15. 

  15.  *  Selling the code for this program, in part or full, without prior
    16. 

  16.  *  written consent is expressly forbidden.
    17. 

  17.  *  Using this code, in part or full, to create derivate work,
    18. 

  18.  *  new scripts or products is expressly forbidden. Obtain permission
    19. 

  19.  *  before redistributing this software over the Internet or in
    20. 

  20.  *  any other medium. In all cases copyright and header must remain intact.
    21. 

  21.  *  This Copyright is in full effect in any country that has International
    22. 

  22.  *  Trade Agreements with the United States of America or
    23. 

  23.  *  with the European Union.
    24. 

  24.  *  Removing any of the copyright notices without purchasing a license
    25. 

  25.  *  is expressly forbidden. To remove HESK copyright notice you must purchase
    26. 

  26.  *  a license for this script. For more information on how to obtain
    27. 

  27.  *  a license please visit the page below:
    28. 

  28.  *  https://www.hesk.com/buy.php
    29. 

  29.  *******************************************************************************/
    30. 

  30. 

  31. define('IN_SCRIPT', 1);
    32. 

  32. define('HESK_PATH', '../');
    33. 

  33. define('PAGE_TITLE', 'ADMIN_TOOLS');
    34. 

  34. 

  35. /* Get all the required files and functions */
    36. 

  36. require(HESK_PATH . 'hesk_settings.inc.php');
    37. 

  37. require(HESK_PATH . 'inc/common.inc.php');
    38. 

  38. require(HESK_PATH . 'inc/admin_functions.inc.php');
    39. 

  39. hesk_load_database_functions();
    40. 

  40. 

  41. hesk_session_start();
    42. 

  42. hesk_dbConnect();
    43. 

  43. hesk_isLoggedIn();
    44. 

  44. 

  45. /* Check permissions for this feature */
    46. 

  46. hesk_checkPermission('can_ban_emails');
    47. 

  47. $can_unban = hesk_checkPermission('can_unban_emails', 0);
    48. 

  48. 

  49. // Define required constants
    50. 

  50. define('LOAD_TABS', 1);
    51. 

  51. 

  52. // What should we do?
    53. 

  53. if ($action = hesk_REQUEST('a')) {
    54. 

  54.     if (defined('HESK_DEMO')) {
    55. 

  55.         hesk_process_messages($hesklang['ddemo'], 'banned_emails.php', 'NOTICE');
    56. 

  56.     } elseif ($action == 'ban') {
    57. 

  57.         ban_email();
    58. 

  58.     } elseif ($action == 'unban' && $can_unban) {
    59. 

  59.         unban_email();
    60. 

  60.     }
    61. 

  61. }
    62. 

  62. 

  63. /* Print header */
    64. 

  64. require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
    65. 

  65. 

  66. /* Print main manage users page */
    67. 

  67. require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
    68. 

  68. ?>
    69. 

  69. 

  70. <div class="row pad-down-20">
    71. 

  71.     <ul class="nav nav-tabs" role="tablist">
    72. 

  72.         <li role="presentation" class="active">
    73. 

  73.             <a href="#"><?php echo $hesklang['banemail']; ?> <i class="fa fa-question-circle settingsquestionmark"
    74. 

  74.                                                                 onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banemail_intro']); ?>')"></i></a>
    75. 

  75.         </li>
    76. 

  76.         <?php
    77. 

  77.         // Show a link to banned_ips.php if user has permission to do so
    78. 

  78.         if (hesk_checkPermission('can_ban_ips', 0)) {
    79. 

  79.             echo '
    80. 

  80.             <li role="presentation">
    81. 

  81.                 <a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>
    82. 

  82.             </li>';
    83. 

  83.         }
    84. 

  84.         // Show a link to status_message.php if user has permission to do so
    85. 

  85.         if (hesk_checkPermission('can_service_msg', 0)) {
    86. 

  86.             echo '
    87. 

  87.             <li role="presentation">
    88. 

  88.                 <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
    89. 

  89.             </li>';
    90. 

  90.         }
    91. 

  91. 

  92.         // Show a link to email tpl management if user has permission to do so
    93. 

  93.         if (hesk_checkPermission('can_man_email_tpl', 0)) {
    94. 

  94.             echo '
    95. 

  95.             <li role="presentation">
    96. 

  96.                 <a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>
    97. 

  97.             </li>
    98. 

  98.             ';
    99. 

  99.         }
    100. 

  100.         if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
    101. 

  101.             echo '
    102. 

  102.             <li role="presentation">
    103. 

  103.                 <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
    104. 

  104.             </li>
    105. 

  105.             ';
    106. 

  106.         }
    107. 

  107.         ?>
    108. 

  108.     </ul>
    109. 

  109.     <div class="tab-content summaryList tabPadding">
    110. 

  110.         <script language="javascript" type="text/javascript"><!--
    111. 

  111.             function confirm_delete() {
    112. 

  112.                 if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {
    113. 

  113.                     return true;
    114. 

  114.                 }
    115. 

  115.                 else {
    116. 

  116.                     return false;
    117. 

  117.                 }
    118. 

  118.             }
    119. 

  119.             //-->
    120. 

  120.         </script>
    121. 

  121.         <div class="row">
    122. 

  122.             <div class="col-md-8">
    123. 

  123.                 <br><br>
    124. 

  124.                 <?php
    125. 

  125.                 /* This will handle error, success and notice messages */
    126. 

  126.                 hesk_handle_messages();
    127. 

  127.                 ?>
    128. 

  128.                 <form action="banned_emails.php" method="post" name="form1" role="form" class="form-horizontal" data-toggle="validator">
    129. 

  129.                     <div class="form-group">
    130. 

  130.                         <label for="text" class="col-sm-3 control-label"><?php echo $hesklang['bananemail']; ?></label>
    131. 

  131. 

  132.                         <div class="col-sm-9">
    133. 

  133.                             <input type="text" class="form-control" name="email" size="30" maxlength="255" data-error="<?php echo htmlspecialchars($hesklang['enterbanemail']); ?>"
    134. 

  134.                                    placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>" required>
    135. 

  135.                             <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
    136. 

  136.                             <input type="hidden" name="a" value="ban"/>
    137. 

  137.                             <div class="help-block with-errors"></div>
    138. 

  138.                         </div>
    139. 

  139.                     </div>
    140. 

  140.                     <div class="form-group">
    141. 

  141.                         <div class="col-sm-9 col-sm-offset-3">
    142. 

  142.                             <input type="submit" value="<?php echo $hesklang['savebanemail']; ?>"
    143. 

  143.                                    class="btn btn-default">
    144. 

  144.                         </div>
    145. 

  145.                     </div>
    146. 

  146.                 </form>
    147. 

  147.             </div>
    148. 

  148.             <div class="col-md-4">
    149. 

  149.                 <h6 class="bold"><?php echo $hesklang['banex']; ?></h6>
    150. 

  150. 

  151.                 <div class="footerWithBorder blankSpace"></div>
    152. 

  152.                 <b>john@email.com</b><br/>
    153. 

  153.                 <b>@domain.com</b>
    154. 

  154.             </div>
    155. 

  155.         </div>
    156. 

  156.         <div class="row">
    157. 

  157.             <?php
    158. 

  158. 

  159.             // Get banned emails from database
    160. 

  160.             $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'banned_emails` ORDER BY `email` ASC');
    161. 

  161.             $num = hesk_dbNumRows($res);
    162. 

  162. 

  163.             echo '<h4>' . $hesklang['eperm'] . '</h4>';
    164. 

  164.             if ($num < 1) {
    165. 

  165.                 echo '<p>' . $hesklang['no_banemails'] . '</p>';
    166. 

  166.             } else {
    167. 

  167.                 // List of staff
    168. 

  168.                 if (!isset($admins)) {
    169. 

  169.                     $admins = array();
    170. 

  170.                     $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users`");
    171. 

  171.                     while ($row = hesk_dbFetchAssoc($res2)) {
    172. 

  172.                         $admins[$row['id']] = $row['name'];
    173. 

  173.                     }
    174. 

  174.                 }
    175. 

  175. 

  176.                 ?>
    177. 

  177.                 <table class="table table-hover">
    178. 

  178.                     <thead>
    179. 

  179.                     <tr>
    180. 

  180.                         <th><?php echo $hesklang['email']; ?></th>
    181. 

  181.                         <th><?php echo $hesklang['banby']; ?></th>
    182. 

  182.                         <th><?php echo $hesklang['date']; ?></th>
    183. 

  183.                         <?php
    184. 

  184.                         if ($can_unban) {
    185. 

  185.                             ?>
    186. 

  186.                             <th><?php echo $hesklang['opt']; ?></th>
    187. 

  187.                             <?php
    188. 

  188.                         }
    189. 

  189.                         ?>
    190. 

  190.                     </tr>
    191. 

  191.                     </thead>
    192. 

  192.                     <tbody>
    193. 

  193.                     <?php
    194. 

  194.                     while ($ban = hesk_dbFetchAssoc($res)) {
    195. 

  195.                         $color = '';
    196. 

  196.                         if (isset($_SESSION['ban_email']['id']) && $ban['id'] == $_SESSION['ban_email']['id']) {
    197. 

  197.                             $color = 'success';
    198. 

  198.                             unset($_SESSION['ban_email']['id']);
    199. 

  199.                         }
    200. 

  200. 

  201.                         echo '
    202. 

  202.                         <tr>
    203. 

  203.                             <td class="' . $color . ' text-left">' . $ban['email'] . '</td>
    204. 

  204.                             <td class="' . $color . ' text-left">' . (isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']) . '</td>
    205. 

  205.                             <td class="' . $color . ' text-left">' . $ban['dt'] . '</td>
    206. 

  206.                             ';
    207. 

    208. 

  208.                         if ($can_unban) {
    209. 

  209.                             echo '
    210. 

  210.                             <td class="' . $color . ' text-left">
    211. 

  211.                                 <a href="banned_emails.php?a=unban&amp;id=' . $ban['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();">
    212. 

  212.                                     <i class="fa fa-times red font-size-16p" data-toggle="tooltip" data-placement="top" data-original-title="' . $hesklang['delban'] . '"></i>
    213. 

  213.                                 </a>
    214. 

  214.                             </td>
    215. 

  215.                             ';
    216. 

  216.                         }
    217. 

  217. 

  218.                         echo '</tr>';
    219. 

  219.                     } // End while
    220. 

  220.                     ?>
    221. 

  221.                     </tbody>
    222. 

  222.                 </table>
    223. 

  223.                 <div align="center">
    224. 

  224.                     <table border="0" cellspacing="1" cellpadding="3" class="white" width="100%">
    225. 

  225.                         <?php
    226. 

  226. 

  227. 

  228.                         ?>
    229. 

  229.                     </table>
    230. 

  230.                 </div>
    231. 

  231.                 <?php
    232. 

  232.             }
    233. 

  233. 

  234.             ?>
    235. 

  235.         </div>
    236. 

  236.     </div>
    237. 

  237. </div>
    238. 

  238. 

  239. <?php
    240. 

  240. require_once(HESK_PATH . 'inc/footer.inc.php');
    241. 

  241. exit();
    242. 

  242. 

  243. 

  244. /*** START FUNCTIONS ***/
    245. 

  245. 

  246. function ban_email()
    247. 

  247. {
    248. 

  248.     global $hesk_settings, $hesklang;
    249. 

  249. 

  250.     // A security check
    251. 

  251.     hesk_token_check();
    252. 

  252. 

  253.     // Get the email
    254. 

  254.     $email = strtolower(hesk_input(hesk_REQUEST('email')));
    255. 

  255. 

  256.     // Nothing entered?
    257. 

  257.     if (!strlen($email)) {
    258. 

  258.         hesk_process_messages($hesklang['enterbanemail'], 'banned_emails.php');
    259. 

  259.     }
    260. 

  260. 

  261.     // Only allow one email to be entered
    262. 

  262.     $email = ($index = strpos($email, ',')) ? substr($email, 0, $index) : $email;
    263. 

  263.     $email = ($index = strpos($email, ';')) ? substr($email, 0, $index) : $email;
    264. 

  264. 

  265.     // Validate email address
    266. 

  266.     $hesk_settings['multi_eml'] = 0;
    267. 

  267. 

  268.     if (!hesk_validateEmail($email, '', 0) && !verify_email_domain($email)) {
    269. 

  269.         hesk_process_messages($hesklang['validbanemail'], 'banned_emails.php');
    270. 

  270.     }
    271. 

  271. 

  272.     // Redirect either to banned emails or ticket page from now on
    273. 

  273.     $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
    274. 

  274. 

  275.     // Prevent duplicate rows
    276. 

  276.     if ($_SESSION['ban_email']['id'] = hesk_isBannedEmail($email)) {
    277. 

  277.         hesk_process_messages(sprintf($hesklang['emailbanexists'], $email), $redirect_to, 'NOTICE');
    278. 

  278.     }
    279. 

  279. 

  280.     // Insert the email address into database
    281. 

  281.     hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` (`email`,`banned_by`) VALUES ('" . hesk_dbEscape($email) . "','" . intval($_SESSION['id']) . "')");
    282. 

  282. 

  283.     // Remember email that got banned
    284. 

  284.     $_SESSION['ban_email']['id'] = hesk_dbInsertID();
    285. 

  285. 

  286.     // Show success
    287. 

  287.     hesk_process_messages(sprintf($hesklang['email_banned'], $email), $redirect_to, 'SUCCESS');
    288. 

  288. 

  289. } // End ban_email()
    290. 

  290. 

  291. 

  292. function unban_email()
    293. 

  293. {
    294. 

  294.     global $hesk_settings, $hesklang;
    295. 

  295. 

  296.     // A security check
    297. 

  297.     hesk_token_check();
    298. 

  298. 

  299.     // Delete from bans
    300. 

  300.     hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1");
    301. 

  301. 

  302.     // Redirect either to banned emails or ticket page from now on
    303. 

  303.     $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
    304. 

  304. 

  305.     // Show success
    306. 

  306.     hesk_process_messages($hesklang['email_unbanned'], $redirect_to, 'SUCCESS');
    307. 

  307. 

  308. } // End unban_email()
    309. 

  309. 

  310. 

  311. function verify_email_domain($domain)
    312. 

  312. {
    313. 

  313.     // Does it start with an @?
    314. 

  314.     $atIndex = strrpos($domain, "@");
    315. 

  315.     if ($atIndex !== 0) {
    316. 

  316.         return false;
    317. 

  317.     }
    318. 

  318. 

  319.     // Get the domain and domain length
    320. 

  320.     $domain = substr($domain, 1);
    321. 

  321.     $domainLen = strlen($domain);
    322. 

  322. 

  323.     // Check domain part length
    324. 

  324.     if ($domainLen < 1 || $domainLen > 254) {
    325. 

  325.         return false;
    326. 

  326.     }
    327. 

  327. 

  328.     // Check domain part characters
    329. 

  329.     if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) {
    330. 

  330.         return false;
    331. 

  331.     }
    332. 

  332. 

  333.     // Domain part mustn't have two consecutive dots
    334. 

  334.     if (strpos($domain, '..') !== false) {
    335. 

  335.         return false;
    336. 

  336.     }
    337. 

  337. 

  338.     // All OK
    339. 

  339.     return true;
    340. 

  340. 

  341. } // END verify_email_domain()
    342. 

  342. 

  343. ?>
    344. 

  344.