/inc/common.inc.php

<?php
/*******************************************************************************
 *  Title: Help Desk Software HESK
 *  Version: 2.6.7 from 18th April 2016
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
 *  COPYRIGHT AND TRADEMARK NOTICE
 *  Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
 *  HESK is a registered trademark of Klemen Stirn.
 *  The HESK may be used and modified free of charge by anyone
 *  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
 *  By using this code you agree to indemnify Klemen Stirn from any
 *  liability that might arise from it's use.
 *  Selling the code for this program, in part or full, without prior
 *  written consent is expressly forbidden.
 *  Using this code, in part or full, to create derivate work,
 *  new scripts or products is expressly forbidden. Obtain permission
 *  before redistributing this software over the Internet or in
 *  any other medium. In all cases copyright and header must remain intact.
 *  This Copyright is in full effect in any country that has International
 *  Trade Agreements with the United States of America or
 *  with the European Union.
 *  Removing any of the copyright notices without purchasing a license
 *  is expressly forbidden. To remove HESK copyright notice you must purchase
 *  a license for this script. For more information on how to obtain
 *  a license please visit the page below:
 *  https://www.hesk.com/buy.php
 *******************************************************************************/

/* Check if this is a valid include */
if (!defined('IN_SCRIPT')) {
    die('Invalid attempt');
}

#error_reporting(E_ALL);

// Set correct Content-Type header
if (!defined('NO_HTTP_HEADER')) {
    header('Content-Type: text/html; charset=utf-8');
}

// Set backslash options
if (get_magic_quotes_gpc()) {
    define('HESK_SLASH', false);
} else {
    define('HESK_SLASH', true);
}

// Define some constants for backward-compatibility
if (!defined('ENT_SUBSTITUTE')) {
    define('ENT_SUBSTITUTE', 0);
}
if (!defined('ENT_XHTML')) {
    define('ENT_XHTML', 0);
}

// Load language file
hesk_getLanguage();


/*** FUNCTIONS ***/

function hesk_service_message($sm)
{
    $faIcon = $sm['icon'];
    switch ($sm['style']) {
        case 1:
            $style = "alert alert-success";
            break;
        case 2:
            $style = "alert alert-info";
            break;
        case 3:
            $style = "alert alert-warning";
            break;
        case 4:
            $style = "alert alert-danger";
            break;
        default:
            $style = "none";
    }

    ?>
    <div class="<?php echo $style; ?>">
        <?php echo $faIcon == '' ? '' : '<i class="' . $faIcon . '"></i> '; ?>
        <b><?php echo $sm['title']; ?></b><?php echo $sm['message']; ?>
    </div>
    <br/>
    <?php
} // END hesk_service_message()


function hesk_isBannedIP($ip)
{
    global $hesk_settings, $hesklang, $hesk_db_link;

    $ip = ip2long($ip) or $ip = 0;

    // We need positive value of IP
    if ($ip < 0) {
        $ip += 4294967296;
    } elseif ($ip > 4294967296) {
        $ip = 4294967296;
    }

    $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE {$ip} BETWEEN `ip_from` AND `ip_to` LIMIT 1");

    return (hesk_dbNumRows($res) == 1) ? hesk_dbResult($res) : false;

} // END hesk_isBannedIP()


function hesk_isBannedEmail($email)
{
    global $hesk_settings, $hesklang, $hesk_db_link;

    $email = strtolower($email);

    $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `email` IN ('" . hesk_dbEscape($email) . "', '" . hesk_dbEscape(substr($email, strrpos($email, "@"))) . "') LIMIT 1");

    return (hesk_dbNumRows($res) == 1) ? hesk_dbResult($res) : false;

} // END hesk_isBannedEmail()


function hesk_clean_utf8($in)
{
    //reject overly long 2 byte sequences, as well as characters above U+10000 and replace with ?
    $in = preg_replace('/[\x00-\x08\x10\x0B\x0C\x0E-\x19\x7F]' .
        '|[\x00-\x7F][\x80-\xBF]+' .
        '|([\xC0\xC1]|[\xF0-\xFF])[\x80-\xBF]*' .
        '|[\xC2-\xDF]((?![\x80-\xBF])|[\x80-\xBF]{2,})' .
        '|[\xE0-\xEF](([\x80-\xBF](?![\x80-\xBF]))|(?![\x80-\xBF]{2})|[\x80-\xBF]{3,})/S',
        '?', $in);

    //reject overly long 3 byte sequences and UTF-16 surrogates and replace with ?
    $in = preg_replace('/\xE0[\x80-\x9F][\x80-\xBF]' .
        '|\xED[\xA0-\xBF][\x80-\xBF]/S', '?', $in);

    return $in;
} // END hesk_clean_utf8()


function hesk_load_database_functions()
{
    // Preferrably use the MySQLi functions
    if (function_exists('mysqli_connect')) {
        require(HESK_PATH . 'inc/database_mysqli.inc.php');
    } // Default to MySQL
    else {
        require(HESK_PATH . 'inc/database.inc.php');
    }
} // END hesk_load_database_functions()


function hesk_load_api_database_functions()
{
    require(HESK_PATH . 'api/core/json_error.php');
    // Preferrably use the MySQLi functions
    if (function_exists('mysqli_connect')) {
        require(HESK_PATH . 'api/core/database_mysqli.inc.php');
    } // Default to MySQL
    else {
        require(HESK_PATH . 'api/core/database.inc.php');
    }
} // END hesk_load_database_functions()


function hesk_load_internal_api_database_functions()
{
    require(HESK_PATH . 'internal-api/core/json_error.php');
    // Preferrably use the MySQLi functions
    if (function_exists('mysqli_connect')) {
        require(HESK_PATH . 'internal-api/core/database_mysqli.inc.php');
    } // Default to MySQL
    else {
        require(HESK_PATH . 'internal-api/core/database.inc.php');
    }
} // END hesk_load_database_functions()

function hesk_load_cron_database_functions()
{
    if (function_exists('mysqli_connect')) {
        require(HESK_PATH . 'cron/core/database_mysqli.inc.php');
    } // Default to MySQL
    else {
        require(HESK_PATH . 'cron/core/database.inc.php');
    }
} // END hesk_load_cron_database_functions()

function hesk_unlink($file, $older_than = 0)
{
    return (is_file($file) && (!$older_than || (time() - filectime($file)) > $older_than) && @unlink($file)) ? true : false;
} // END hesk_unlink()


function hesk_utf8_urldecode($in)
{
    $in = preg_replace("/%u([0-9a-f]{3,4})/i", "&#x\\1;", urldecode($in));
    return hesk_html_entity_decode($in);
} // END hesk_utf8_urldecode

function hesk_SESSION($in, $default = '')
{
    return isset($_SESSION[$in]) && ! is_array($_SESSION[$in]) ? $_SESSION[$in] : $default;
} // END hesk_SESSION();


function hesk_COOKIE($in, $default = '')
{
    return isset($_COOKIE[$in]) && !is_array($_COOKIE[$in]) ? $_COOKIE[$in] : $default;
} // END hesk_COOKIE();


function hesk_GET($in, $default = '')
{
    return isset($_GET[$in]) && !is_array($_GET[$in]) ? $_GET[$in] : $default;
} // END hesk_GET()


function hesk_POST($in, $default = '')
{
    return isset($_POST[$in]) && !is_array($_POST[$in]) ? $_POST[$in] : $default;
} // END hesk_POST()

function hesk_POST_array($in, $default = array())
{
    return isset($_POST[$in]) && is_array($_POST[$in]) ? $_POST[$in] : $default;
} // END hesk_POST_array()


function hesk_REQUEST($in, $default = false)
{
    return isset($_GET[$in]) ? hesk_input(hesk_GET($in)) : (isset($_POST[$in]) ? hesk_input(hesk_POST($in)) : $default);
} // END hesk_REQUEST()


function hesk_isREQUEST($in)
{
    return isset($_GET[$in]) || isset($_POST[$in]) ? true : false;
} // END hesk_isREQUEST()


function hesk_htmlspecialchars_decode($in)
{
    return str_replace(array('&amp;', '&lt;', '&gt;', '&quot;'), array('&', '<', '>', '"'), $in);
} // END hesk_htmlspecialchars_decode()


function hesk_html_entity_decode($in)
{
    return html_entity_decode($in, ENT_COMPAT | ENT_XHTML, 'UTF-8');
    #return html_entity_decode($in, ENT_COMPAT | ENT_XHTML, 'ISO-8859-1');
} // END hesk_html_entity_decode()


function hesk_htmlspecialchars($in)
{
    return htmlspecialchars($in, ENT_COMPAT | ENT_SUBSTITUTE | ENT_XHTML, 'UTF-8');
    #return htmlspecialchars($in, ENT_COMPAT | ENT_SUBSTITUTE | ENT_XHTML, 'ISO-8859-1');
} // END hesk_htmlspecialchars()


function hesk_htmlentities($in)
{
    return htmlentities($in, ENT_COMPAT | ENT_SUBSTITUTE | ENT_XHTML, 'UTF-8');
    #return htmlentities($in, ENT_COMPAT | ENT_SUBSTITUTE | ENT_XHTML, 'ISO-8859-1');
} // END hesk_htmlentities()


function hesk_slashJS($in)
{
    return str_replace('\'', '\\\'', $in);
} // END hesk_slashJS()


function hesk_verifyEmailMatch($trackingID, $my_email = 0, $ticket_email = 0, $error = 1)
{
    global $hesk_settings, $hesklang, $hesk_db_link;

    /* Email required to view ticket? */
    if (!$hesk_settings['email_view_ticket']) {
        $hesk_settings['e_param'] = '';
        $hesk_settings['e_query'] = '';
        $hesk_settings['e_email'] = '';
        return true;
    }

    /* Limit brute force attempts */
    hesk_limitBfAttempts();

    /* Get email address */
    if ($my_email) {
        $hesk_settings['e_param'] = '&e=' . rawurlencode($my_email);
        $hesk_settings['e_query'] = '&amp;e=' . rawurlencode($my_email);
        $hesk_settings['e_email'] = $my_email;
    } else {
        $my_email = hesk_getCustomerEmail();
    }

    /* Get email from ticket */
    if (!$ticket_email) {
        $res = hesk_dbQuery("SELECT `email` FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
        if (hesk_dbNumRows($res) == 1) {
            $ticket_email = hesk_dbResult($res);
        } else {
            hesk_process_messages($hesklang['ticket_not_found'], 'ticket.php');
        }
    }

    /* Validate email */
    if ($hesk_settings['multi_eml']) {
        $ticket_email = str_replace(';', ',', $ticket_email);
        $valid_emails = explode(',', strtolower($ticket_email));
        if (in_array(strtolower($my_email), $valid_emails)) {
            /* Match, clean brute force attempts and return true */
            hesk_cleanBfAttempts();
            return true;
        }
    } elseif (strtolower($ticket_email) == strtolower($my_email)) {
        /* Match, clean brute force attempts and return true */
        hesk_cleanBfAttempts();
        return true;
    }

    /* Email doesn't match, clean cookies and error out */
    if ($error) {
        setcookie('hesk_myemail', '');
        hesk_process_messages($hesklang['enmdb'], 'ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999));
    } else {
        return false;
    }

} // END hesk_verifyEmailMatch()


function hesk_getCustomerEmail($can_remember = 0, $field = '')
{
    global $hesk_settings, $hesklang;

    /* Email required to view ticket? */
    if (!$hesk_settings['email_view_ticket']) {
        $hesk_settings['e_param'] = '';
        $hesk_settings['e_query'] = '';
        $hesk_settings['e_email'] = '';
        return '';
    }

    /* Is this a form that enables remembering email? */
    if ($can_remember) {
        global $do_remember;
    }

    $my_email = '';

    /* Is email in session? */
    if ( strlen($field) && isset($_SESSION[$field]) )
    {
        $my_email = hesk_validateEmail($_SESSION[$field], 'ERR', 0);
    }

    /* Is email in query string? */
    if (isset($_GET['e']) || isset($_POST['e'])) {
        $my_email = hesk_validateEmail(hesk_REQUEST('e'), 'ERR', 0);
    } /* Is email in cookie? */
    elseif ( isset($_GET['e']) || isset($_POST['e']) ) {
        $my_email = hesk_validateEmail(hesk_COOKIE('hesk_myemail'), 'ERR', 0);
        if ($can_remember && $my_email) {
            $do_remember = ' checked="checked" ';
        }
    }

    $hesk_settings['e_param'] = '&e=' . rawurlencode($my_email);
    $hesk_settings['e_query'] = '&amp;e=' . rawurlencode($my_email);
    $hesk_settings['e_email'] = $my_email;

    return $my_email;

} // END hesk_getCustomerEmail()


function hesk_formatBytes($size, $translate_unit = 1, $precision = 2)
{
    global $hesklang;

    $units = array(
        'GB' => 1073741824,
        'MB' => 1048576,
        'kB' => 1024,
        'B' => 1
    );

    foreach ($units as $suffix => $bytes) {
        if ($bytes > $size) {
            continue;
        }

        $full = $size / $bytes;
        $round = round($full, $precision);

        if ($full == $round) {
            if ($translate_unit) {
                return $round . ' ' . $hesklang[$suffix];
            } else {
                return $round . ' ' . $suffix;
            }
        }
    }

    return false;
} // End hesk_formatBytes()


function hesk_autoAssignTicket($ticket_category)
{
    global $hesk_settings, $hesklang;

    /* Auto assign ticket enabled? */
    if (!$hesk_settings['autoassign']) {
        return false;
    }

    $autoassign_owner = array();

    /* Get all possible auto-assign staff, order by number of open tickets */
    $res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`user`,`t1`.`name`, `t1`.`email`, `t1`.`language`, `t1`.`isadmin`, `t1`.`categories`, `t1`.`notify_assigned`, `t1`.`heskprivileges`,
					    (SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` FORCE KEY (`statuses`) WHERE `owner`=`t1`.`id` AND `status` IN (SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsClosed` = 0) ) as `open_tickets`
						FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t1`
						WHERE `t1`.`autoassign`='1' ORDER BY `open_tickets` ASC, RAND()");

    /* Loop through the rows and return the first appropriate one */
    while ($myuser = hesk_dbFetchAssoc($res)) {
        /* Is this an administrator? */
        if ($myuser['isadmin']) {
            $autoassign_owner = $myuser;
            $hesk_settings['user_data'][$myuser['id']] = $myuser;
            hesk_dbFreeResult($res);
            break;
        }

        /* Not and administrator, check two things: */

        /* --> can view and reply to tickets */
        if (strpos($myuser['heskprivileges'], 'can_view_tickets') === false || strpos($myuser['heskprivileges'], 'can_reply_tickets') === false) {
            continue;
        }

        /* --> has access to ticket category */
        $myuser['categories'] = explode(',', $myuser['categories']);
        if (in_array($ticket_category, $myuser['categories'])) {
            $autoassign_owner = $myuser;
            $hesk_settings['user_data'][$myuser['id']] = $myuser;
            hesk_dbFreeResult($res);
            break;
        }
    }

    return $autoassign_owner;

} // END hesk_autoAssignTicket()


function hesk_cleanID($field = 'track')
{
    if ( isset($_SESSION[$field]) ) {
        return substr(preg_replace('/[^A-Z0-9\-]/', '', strtoupper($_SESSION[$field])), 0, 12);
    } elseif ( isset($_GET[$field]) && ! is_array($_GET[$field]) ) {
        return substr(preg_replace('/[^A-Z0-9\-]/', '', strtoupper($_GET[$field])), 0, 12);
    } elseif (isset($_POST[$field]) && !is_array($_POST[$field])) {
        return substr(preg_replace('/[^A-Z0-9\-]/', '', strtoupper($_POST[$field])), 0, 12);
    } else {
        return false;
    }

} // END hesk_cleanID()


function hesk_createID()
{
    global $hesk_settings, $hesklang, $hesk_error_buffer;

    /*** Generate tracking ID and make sure it's not a duplicate one ***/

    /* Ticket ID can be of these chars */
    $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789';

    /* Set tracking ID to an empty string */
    $trackingID = '';

    /* Let's avoid duplicate ticket ID's, try up to 3 times */
    for ($i = 1; $i <= 3; $i++) {
        /* Generate raw ID */
        $trackingID .= $useChars[mt_rand(0, 29)];
        $trackingID .= $useChars[mt_rand(0, 29)];
        $trackingID .= $useChars[mt_rand(0, 29)];
        $trackingID .= $useChars[mt_rand(0, 29)];
        $trackingID .= $useChars[mt_rand(0, 29)];
        $trackingID .= $useChars[mt_rand(0, 29)];
        $trackingID .= $useChars[mt_rand(0, 29)];
        $trackingID .= $useChars[mt_rand(0, 29)];
        $trackingID .= $useChars[mt_rand(0, 29)];
        $trackingID .= $useChars[mt_rand(0, 29)];

        /* Format the ID to the correct shape and check wording */
        $trackingID = hesk_formatID($trackingID);

        /* Check for duplicate IDs */
        $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid` = '" . hesk_dbEscape($trackingID) . "' LIMIT 1");

        if (hesk_dbNumRows($res) == 0) {
            /* Everything is OK, no duplicates found */
            return $trackingID;
        }

        /* A duplicate ID has been found! Let's try again (up to 2 more) */
        $trackingID = '';
    }

    /* No valid tracking ID, try one more time with microtime() */
    $trackingID = $useChars[mt_rand(0, 29)];
    $trackingID .= $useChars[mt_rand(0, 29)];
    $trackingID .= $useChars[mt_rand(0, 29)];
    $trackingID .= $useChars[mt_rand(0, 29)];
    $trackingID .= $useChars[mt_rand(0, 29)];
    $trackingID .= substr(microtime(), -5);

    /* Format the ID to the correct shape and check wording */
    $trackingID = hesk_formatID($trackingID);

    $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid` = '" . hesk_dbEscape($trackingID) . "' LIMIT 1");

    /* All failed, must be a server-side problem... */
    if (hesk_dbNumRows($res) == 0) {
        return $trackingID;
    }

    $hesk_error_buffer['etid'] = $hesklang['e_tid'];
    return false;

} // END hesk_createID()


function hesk_formatID($id)
{

    $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789';

    $replace = $useChars[mt_rand(0, 29)];
    $replace .= mt_rand(1, 9);
    $replace .= $useChars[mt_rand(0, 29)];

    /*
    Remove 3 letter bad words from ID
    Possiblitiy: 1:27,000
    */
    $remove = array(
        'ASS',
        'CUM',
        'FAG',
        'FUK',
        'GAY',
        'SEX',
        'TIT',
        'XXX',
    );

    $id = str_replace($remove, $replace, $id);

    /*
    Remove 4 letter bad words from ID
    Possiblitiy: 1:810,000
    */
    $remove = array(
        'ANAL',
        'ANUS',
        'BUTT',
        'CAWK',
        'CLIT',
        'COCK',
        'CRAP',
        'CUNT',
        'DICK',
        'DYKE',
        'FART',
        'FUCK',
        'JAPS',
        'JERK',
        'JIZZ',
        'KNOB',
        'PISS',
        'POOP',
        'SHIT',
        'SLUT',
        'SUCK',
        'TURD',

        // Also, remove words that are known to trigger mod_security
        'WGET',
    );

    $replace .= mt_rand(1, 9);
    $id = str_replace($remove, $replace, $id);

    /* Format the ID string into XXX-XXX-XXXX format for easier readability */
    $id = $id[0] . $id[1] . $id[2] . '-' . $id[3] . $id[4] . $id[5] . '-' . $id[6] . $id[7] . $id[8] . $id[9];

    return $id;

} // END hesk_formatID()


function hesk_cleanBfAttempts()
{
    global $hesk_settings, $hesklang;

    /* If this feature is disabled, just return */
    if (!$hesk_settings['attempt_limit'] || defined('HESK_BF_CLEAN')) {
        return true;
    }

    /* Delete expired logs from the database */
    $res = hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "'");

    define('HESK_BF_CLEAN', 1);

    return true;
} // END hesk_cleanAttempts()


function hesk_limitBfAttempts($showError = 1)
{
    global $hesk_settings, $hesklang;

    // Check if this IP is banned permanently
    if (hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
        hesk_error($hesklang['baned_ip'], 0);
    }

    /* If this feature is disabled or already called, return false */
    if (!$hesk_settings['attempt_limit'] || defined('HESK_BF_LIMIT')) {
        return false;
    }

    /* Define this constant to avoid duplicate checks */
    define('HESK_BF_LIMIT', 1);

    $ip = $_SERVER['REMOTE_ADDR'];

    /* Get number of failed attempts from the database */
    $res = hesk_dbQuery("SELECT `number`, (CASE WHEN `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL " . intval($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW() THEN 1 ELSE 0 END) AS `banned` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1");

    /* Not in the database yet? Add first one and return false */
    if (hesk_dbNumRows($res) != 1) {
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` (`ip`) VALUES ('" . hesk_dbEscape($ip) . "')");
        return false;
    }

    /* Get number of failed attempts and increase by 1 */
    $row = hesk_dbFetchAssoc($res);
    $row['number']++;

    /* If too many failed attempts either return error or reset count if time limit expired */
    if ($row['number'] >= $hesk_settings['attempt_limit']) {
        if ($row['banned']) {
            $tmp = sprintf($hesklang['yhbb'], $hesk_settings['attempt_banmin']);

            unset($_SESSION);

            if ($showError) {
                hesk_error($tmp, 0);
            } else {
                return $tmp;
            }
        } else {
            $row['number'] = 1;
        }
    }

    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` SET `number`=" . intval($row['number']) . " WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1");

    return false;

} // END hesk_limitAttempts()


function hesk_getCategoryName($id)
{
    global $hesk_settings, $hesklang;

    if (empty($id)) {
        return $hesklang['unas'];
    }

    // If we already have the name no need to query DB another time
    if (isset($hesk_settings['category_data'][$id]['name'])) {
        return $hesk_settings['category_data'][$id]['name'];
    }

    $res = hesk_dbQuery("SELECT `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($id) . "' LIMIT 1");

    if (hesk_dbNumRows($res) != 1) {
        return $hesklang['catd'];
    }

    $hesk_settings['category_data'][$id]['name'] = hesk_dbResult($res, 0, 0);

    return $hesk_settings['category_data'][$id]['name'];
} // END hesk_getOwnerName()


function hesk_getOwnerName($id)
{
    global $hesk_settings, $hesklang;

    if (empty($id)) {
        return $hesklang['unas'];
    }

    // If we already have the name no need to query DB another time
    if (isset($hesk_settings['user_data'][$id]['name'])) {
        return $hesk_settings['user_data'][$id]['name'];
    }

    $res = hesk_dbQuery("SELECT `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($id) . "' LIMIT 1");

    if (hesk_dbNumRows($res) != 1) {
        return $hesklang['unas'];
    }

    $hesk_settings['user_data'][$id]['name'] = hesk_dbResult($res, 0, 0);

    return $hesk_settings['user_data'][$id]['name'];
} // END hesk_getOwnerName()


function hesk_cleanSessionVars($arr)
{
    if (is_array($arr)) {
        foreach ($arr as $str) {
            if (isset($_SESSION[$str])) {
                unset($_SESSION[$str]);
            }
        }
    } elseif (isset($_SESSION[$arr])) {
        unset($_SESSION[$arr]);
    }
} // End hesk_cleanSessionVars()


function hesk_process_messages($message, $redirect_to, $type = 'ERROR')
{
    global $hesk_settings, $hesklang;

    switch ($type) {
        case 'SUCCESS':
            $_SESSION['HESK_SUCCESS'] = TRUE;
            break;
        case 'NOTICE':
            $_SESSION['HESK_NOTICE'] = TRUE;
            break;
        case 'INFO':
            $_SESSION['HESK_INFO'] = TRUE;
            break;
        default:
            $_SESSION['HESK_ERROR'] = TRUE;
    }

    $_SESSION['HESK_MESSAGE'] = $message;

    /* In some cases we don't want a redirect */
    if ($redirect_to == 'NOREDIRECT') {
        return TRUE;
    }

    header('Location: ' . $redirect_to);
    exit();
} // END hesk_process_messages()


function hesk_handle_messages()
{
    global $hesk_settings, $hesklang;

    $return_value = true;

    // Primary message - only one can be displayed and HESK_MESSAGE is required
    if (isset($_SESSION['HESK_MESSAGE'])) {
        if (isset($_SESSION['HESK_SUCCESS'])) {
            hesk_show_success($_SESSION['HESK_MESSAGE']);
        } elseif (isset($_SESSION['HESK_ERROR'])) {
            hesk_show_error($_SESSION['HESK_MESSAGE']);
            $return_value = false;
        } elseif (isset($_SESSION['HESK_NOTICE'])) {
            hesk_show_notice($_SESSION['HESK_MESSAGE']);
        } elseif (isset($_SESSION['HESK_INFO'])) {
            hesk_show_info($_SESSION['HESK_MESSAGE']);
        }

        hesk_cleanSessionVars('HESK_MESSAGE');
    }

    // Cleanup any primary message types set
    hesk_cleanSessionVars('HESK_ERROR');
    hesk_cleanSessionVars('HESK_SUCCESS');
    hesk_cleanSessionVars('HESK_NOTICE');
    hesk_cleanSessionVars('HESK_INFO');

    // Secondary message
    if (isset($_SESSION['HESK_2ND_NOTICE']) && isset($_SESSION['HESK_2ND_MESSAGE'])) {
        hesk_show_notice($_SESSION['HESK_2ND_MESSAGE']);
        hesk_cleanSessionVars('HESK_2ND_NOTICE');
        hesk_cleanSessionVars('HESK_2ND_MESSAGE');
    }

    return $return_value;
} // END hesk_handle_messages()


function hesk_show_error($message, $title = '', $append_colon = true)
{
    global $hesk_settings, $hesklang;
    $title = $title ? $title : $hesklang['error'];
    $title = $append_colon ? $title . ':' : $title;
    ?>
    <div align="left" class="alert alert-danger">
        <b><?php echo $title; ?></b> <?php echo $message; ?>
    </div>
    <?php
} // END hesk_show_error()


function hesk_show_success($message, $title = '', $append_colon = true)
{
    global $hesk_settings, $hesklang;
    $title = $title ? $title : $hesklang['success'];
    $title = $append_colon ? $title . ':' : $title;
    ?>
    <div align="left" class="alert alert-success">
        <b><?php echo $title; ?></b> <?php echo $message; ?>
    </div>
    <?php
} // END hesk_show_success()


function hesk_show_notice($message, $title = '', $append_colon = true)
{
    global $hesk_settings, $hesklang;
    $title = $title ? $title : $hesklang['note'];
    $title = $append_colon ? $title . ':' : $title;
    ?>
    <div class="alert alert-warning">
        <b><?php echo $title; ?></b> <?php echo $message; ?>
    </div>
    <?php
} // END hesk_show_notice()

function hesk_show_info($message, $title = '', $append_colon = true)
{
    global $hesk_settings, $hesklang;
    $title = $title ? $title : $hesklang['info'];
    $title = $append_colon ? $title . ':' : $title;
    ?>
    <div class="info">
        <img src="<?php echo HESK_PATH; ?>img/info.png" width="16" height="16" border="0" alt=""
             style="vertical-align:text-bottom"/>
        <b><?php echo $title; ?></b> <?php echo $message; ?>
    </div>
    <br/>
    <?php
} // END hesk_show_info()

function hesk_token_echo($do_echo = 1)
{
    if (!defined('SESSION_CLEAN')) {
        $_SESSION['token'] = hesk_htmlspecialchars(strip_tags($_SESSION['token']));
        define('SESSION_CLEAN', true);
    }

    if ($do_echo) {
        echo $_SESSION['token'];
    } else {
        return $_SESSION['token'];
    }
} // END hesk_token_echo()


function hesk_token_check($method = 'GET', $show_error = 1)
{
    // Get the token
    $my_token = hesk_REQUEST('token');

    // Verify it or throw an error
    if (!hesk_token_compare($my_token)) {
        if ($show_error) {
            global $hesk_settings, $hesklang;
            hesk_error($hesklang['eto']);
        } else {
            return false;
        }
    }

    return true;
} // END hesk_token_check()


function hesk_token_compare($my_token)
{
    if (isset($_SESSION['token']) && $my_token == $_SESSION['token']) {
        return true;
    } else {
        return false;
    }
} // END hesk_token_compare()


function hesk_token_hash()
{
    return sha1(time() . microtime() . uniqid(rand(), true));
} // END hesk_token_hash()


function & ref_new(&$new_statement)
{
    return $new_statement;
} // END ref_new()


function hesk_ticketToPlain($ticket, $specialchars = 0, $strip = 1)
{
    if (is_array($ticket)) {
        foreach ($ticket as $key => $value) {
            $ticket[$key] = is_array($ticket[$key]) ? hesk_ticketToPlain($value, $specialchars, $strip) : hesk_msgToPlain($value, $specialchars, $strip);
        }

        return $ticket;
    } else {
        return hesk_msgToPlain($ticket, $specialchars, $strip);
    }
} // END hesk_ticketToPlain()


function hesk_msgToPlain($msg, $specialchars = 0, $strip = 1)
{
    $msg = preg_replace('/\<a href="(mailto:)?([^"]*)"[^\<]*\<\/a\>/i', "$2", $msg);
    $msg = preg_replace('/<br \/>\s*/', "\n", $msg);
    $msg = trim($msg);

    if ($strip) {
        $msg = stripslashes($msg);
    }

    if ($specialchars) {
        $msg = hesk_html_entity_decode($msg);
    }

    return $msg;
} // END hesk_msgToPlain()


function hesk_showTopBar($page_title)
{
    echo $page_title;
} // END hesk_showTopBar()

function hesk_getLanguagesAsFormIfNecessary()
{

    global $hesk_settings, $hesklang;

    if ($hesk_settings['can_sel_lang']) {

        $str = '<form method="get" action="" role="form" style="margin:0;padding:0;border:0;white-space:nowrap;">';

        if (!isset($_GET)) {
            $_GET = array();
        }

        foreach ($_GET as $k => $v) {
            if ($k == 'language') {
                continue;
            }
            $str .= '<input type="hidden" name="' . hesk_htmlentities($k) . '" value="' . hesk_htmlentities($v) . '" />';
        }

        $str .= '<select name="language" class="form-control" onchange="this.form.submit()">';
        $str .= hesk_listLanguages(0);
        $str .= '</select><br/>';

        ?>
        <script language="javascript" type="text/javascript">
            document.write('<?php echo str_replace(array('"','<','=','>',"'"),array('\42','\74','\75','\76','\47'),$str . '</form>'); ?>');
        </script>
        <noscript>
            <?php
            echo $str . '<input type="submit" value="' . $hesklang['go'] . '" /></form>';
            ?>
        </noscript>
        <?php
    }
}


function hesk_listLanguages($doecho = 1)
{
    global $hesk_settings, $hesklang;

    $tmp = '';

    foreach ($hesk_settings['languages'] as $lang => $info) {
        if ($lang == $hesk_settings['language']) {
            $tmp .= '<option value="' . $lang . '" selected="selected">' . $lang . '</option>';
        } else {
            $tmp .= '<option value="' . $lang . '">' . $lang . '</option>';
        }
    }

    if ($doecho) {
        echo $tmp;
    } else {
        return $tmp;
    }
} // END hesk_listLanguages


function hesk_resetLanguage()
{
    global $hesk_settings, $hesklang;

    /* If this is not a valid request no need to change aynthing */
    if (!$hesk_settings['can_sel_lang'] || !defined('HESK_ORIGINAL_LANGUAGE')) {
        return false;
    }

    /* If we already have original language, just return true */
    if ($hesk_settings['language'] == HESK_ORIGINAL_LANGUAGE) {
        return true;
    }

    /* Get the original language file */
    $hesk_settings['language'] = HESK_ORIGINAL_LANGUAGE;
    return hesk_returnLanguage();
} // END hesk_resetLanguage()


function hesk_setLanguage($language)
{
    global $hesk_settings, $hesklang;

    /* If no language is set, use default */
    if (!$language) {
        $language = HESK_DEFAULT_LANGUAGE;
    }

    /* If this is not a valid request no need to change aynthing */
    if (!$hesk_settings['can_sel_lang'] || $language == $hesk_settings['language'] || !isset($hesk_settings['languages'][$language])) {
        return false;
    }

    /* Remember current language for future reset - if reset is not set already! */
    if (!defined('HESK_ORIGINAL_LANGUAGE')) {
        define('HESK_ORIGINAL_LANGUAGE', $hesk_settings['language']);
    }

    /* Get the new language file */
    $hesk_settings['language'] = $language;

    return hesk_returnLanguage();
} // END hesk_setLanguage()


function hesk_getLanguage()
{
    global $hesk_settings, $hesklang, $_SESSION;

    $language = $hesk_settings['language'];

    /* Remember what the default language is for some special uses like mass emails */
    define('HESK_DEFAULT_LANGUAGE', $hesk_settings['language']);

    /* Can users select language? */
    if (empty($hesk_settings['can_sel_lang'])) {
        return hesk_returnLanguage();
    }

    /* Is a non-default language selected? If not use default one */
    if (isset($_GET['language'])) {
        $language = hesk_input(hesk_GET('language')) or $language = $hesk_settings['language'];
    } elseif (isset($_COOKIE['hesk_language'])) {
        $language = hesk_input(hesk_COOKIE('hesk_language')) or $language = $hesk_settings['language'];
    } else {
        return hesk_returnLanguage();
    }

    /* non-default language selected. Check if it's a valid one, if not use default one */
    if ($language != $hesk_settings['language'] && isset($hesk_settings['languages'][$language])) {
        $hesk_settings['language'] = $language;
    }

    /* Remember and set the selected language */
    setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/');
    return hesk_returnLanguage();
} // END hesk_getLanguage()


function hesk_returnLanguage()
{
    global $hesk_settings, $hesklang;
    require(HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php');
    $customLanguagePath = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php';
    if (file_exists($customLanguagePath)) {
        include($customLanguagePath);
    }
    return true;
} // END hesk_returnLanguage()


function hesk_date($dt = '', $from_database = false, $is_str = true, $return_str = true)
{
    global $hesk_settings;

    if (!$dt) {
        $dt = time();
    } elseif ($is_str) {
        $dt = strtotime($dt);
    }

    // Adjust MySQL time if different from PHP time
    if ($from_database) {
        if (!defined('MYSQL_TIME_DIFF')) {
            define('MYSQL_TIME_DIFF', time() - hesk_dbTime());
        }

        if (MYSQL_TIME_DIFF != 0) {
            $dt += MYSQL_TIME_DIFF;
        }
    }

    // Add HESK set time difference
    $dt += 3600 * $hesk_settings['diff_hours'] + 60 * $hesk_settings['diff_minutes'];

    // Daylight savings?
    if ($hesk_settings['daylight'] && date('I', $dt)) {
        $dt += 3600;
    }

    // Return formatted date
    return $return_str ? date($hesk_settings['timeformat'], $dt) : $dt;

} // End hesk_date()


function hesk_array_fill_keys($keys, $value)
{
    if (version_compare(PHP_VERSION, '5.2.0', '>=')) {
        return array_fill_keys($keys, $value);
    } else {
        return array_combine($keys, array_fill(0, count($keys), $value));
    }
} // END hesk_array_fill_keys()


/**
 * hesk_makeURL function
 *
 * Replace magic urls of form http://xxx.xxx., www.xxx. and xxx@xxx.xxx.
 * Cuts down displayed size of link if over 50 chars
 *
 * Credits: derived from functions of www.phpbb.com
 */
function hesk_makeURL($text, $class = '', $shortenLinks = true)
{
    global $hesk_settings;

    if (!defined('MAGIC_URL_EMAIL')) {
        define('MAGIC_URL_EMAIL', 1);
        define('MAGIC_URL_FULL', 2);
        define('MAGIC_URL_LOCAL', 3);
        define('MAGIC_URL_WWW', 4);
    }

    $class = ($class) ? ' class="' . $class . '"' : '';

    // matches a xxxx://aaaaa.bbb.cccc. ...
    $text = preg_replace_callback(
        '#(^|[\n\t (>.])(' . "[a-z][a-z\d+]*:/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?" . ')#iu',
        create_function(
            "\$matches",
            "return  make_clickable_callback(MAGIC_URL_FULL, \$matches[1], \$matches[2], '', '$class', '$shortenLinks');"
        ),
        $text
    );

    // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
    $text = preg_replace_callback(
        '#(^|[\n\t (>])(' . "www\.(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})+(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?" . ')#iu',
        create_function(
            "\$matches",
            "return  make_clickable_callback(MAGIC_URL_WWW, \$matches[1], \$matches[2], '', '$class', '$shortenLinks');"
        ),
        $text
    );

    // matches an email address
    $text = preg_replace_callback(
        '/(^|[\n\t (>])(' . '((?:[\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&amp;)+)@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)' . ')/iu',
        create_function(
            "\$matches",
            "return  make_clickable_callback(MAGIC_URL_EMAIL, \$matches[1], \$matches[2], '', '$class', '$shortenLinks');"
        ),
        $text
    );

    return $text;
} // END hesk_makeURL()


function make_clickable_callback($type, $whitespace, $url, $relative_url, $class, $shortenLinks)
{
    global $hesk_settings;

    $orig_url = $url;
    $orig_relative = $relative_url;
    $append = '';
    $url = htmlspecialchars_decode($url);
    $relative_url = htmlspecialchars_decode($relative_url);

    // make sure no HTML entities were matched
    $chars = array('<', '>', '"');
    $split = false;

    foreach ($chars as $char) {
        $next_split = strpos($url, $char);
        if ($next_split !== false) {
            $split = ($split !== false) ? min($split, $next_split) : $next_split;
        }
    }

    if ($split !== false) {
        // an HTML entity was found, so the URL has to end before it
        $append = substr($url, $split) . $relative_url;
        $url = substr($url, 0, $split);
        $relative_url = '';
    } else if ($relative_url) {
        // same for $relative_url
        $split = false;
        foreach ($chars as $char) {
            $next_split = strpos($relative_url, $char);
            if ($next_split !== false) {
                $split = ($split !== false) ? min($split, $next_split) : $next_split;
            }
        }

        if ($split !== false) {
            $append = substr($relative_url, $split);
            $relative_url = substr($relative_url, 0, $split);
        }
    }

    // if the last character of the url is a punctuation mark, exclude it from the url
    $last_char = ($relative_url) ? $relative_url[strlen($relative_url) - 1] : $url[strlen($url) - 1];

    switch ($last_char) {
        case '.':
        case '?':
        case '!':
        case ':':
        case ',':
            $append = $last_char;
            if ($relative_url) {
                $relative_url = substr($relative_url, 0, -1);
            } else {
                $url = substr($url, 0, -1);
            }
            break;

        // set last_char to empty here, so the variable can be used later to
        // check whether a character was removed
        default:
            $last_char = '';
            break;
    }

    $short_url = ($hesk_settings['short_link'] && strlen($url) > 70 && $shortenLinks) ? substr($url, 0, 54) . ' ... ' . substr($url, -10) : $url;

    switch ($type) {
        case MAGIC_URL_LOCAL:
            $tag = 'l';
            $relative_url = preg_replace('/[&?]sid=[0-9a-f]{32}$/', '', preg_replace('/([&?])sid=[0-9a-f]{32}&/', '$1', $relative_url));
            $url = $url . '/' . $relative_url;
            $text = $relative_url;

            // this url goes to http://domain.tld/path/to/board/ which
            // would result in an empty link if treated as local so
            // don't touch it and let MAGIC_URL_FULL take care of it.
            if (!$relative_url) {
                return $whitespace . $orig_url . '/' . $orig_relative; // slash is taken away by relative url pattern
            }
            break;

        case MAGIC_URL_FULL:
            $tag = 'm';
            $text = $short_url;
            break;

        case MAGIC_URL_WWW:
            $tag = 'w';
            $url = 'http://' . $url;
            $text = $short_url;
            break;

        case MAGIC_URL_EMAIL:
            $tag = 'e';
            $text = $short_url;
            $url = 'mailto:' . $url;
            break;
    }

    $url = htmlspecialchars($url);
    $text = htmlspecialchars($text);
    $append = htmlspecialchars($append);

    $html = "$whitespace<a href=\"$url\" target=\"blank\" $class>$text</a>$append";

    return $html;
} // END make_clickable_callback()


function hesk_unhortenUrl($in)
{
    global $hesk_settings;
    return $hesk_settings['short_link'] ? preg_replace('/\<a href="(mailto:)?([^"]*)"[^\<]*\<\/a\>/i', "<a href=\"$1$2\">$2</a>", $in) : $in;
} // END hesk_unhortenUrl()


function hesk_isNumber($in, $error = 0)
{
    $in = trim($in);

    if (preg_match("/\D/", $in) || $in == "") {
        if ($error) {
            hesk_error($error);
        } else {
            return 0;
        }
    }

    return $in;

} // END hesk_isNumber()


function hesk_validateURL($url, $error)
{
    global $hesklang;

    $url = trim($url);

    if (strpos($url, "'") !== false || strpos($url, "\"") !== false) {
        die($hesklang['attempt']);
    }

    if (preg_match('/^https?:\/\/+(localhost|[\w\-]+\.[\w\-]+)/i', $url)) {
        return hesk_input($url);
    }

    hesk_error($error);

} // END hesk_validateURL()


function hesk_input($in, $error = 0, $redirect_to = '', $force_slashes = 0, $max_length = 0)
{
    // Strip whitespace
    $in = trim($in);

    // Is value length 0 chars?
    if (strlen($in) == 0) {
        // Do we need to throw an error?
        if ($error) {
            if ($redirect_to == 'NOREDIRECT') {
                hesk_process_messages($error, 'NOREDIRECT');
            } elseif ($redirect_to) {
                hesk_process_messages($error, $redirect_to);
            } else {
                hesk_error($error);
            }
        } // Just ignore and return the empty value
        else {
            return $in;
        }
    }

    // Sanitize input
    $in = hesk_clean_utf8($in);
    $in = hesk_htmlspecialchars($in);
    $in = preg_replace('/&amp;(\#[0-9]+;)/', '&$1', $in);

    // Add slashes
    if (HESK_SLASH || $force_slashes) {
        $in = addslashes($in);
    }

    // Check length
    if ($max_length) {
        $in = substr($in, 0, $max_length);
    }

    // Return processed value
    return $in;

} // END hesk_input()


function hesk_validateEmail($address, $error, $required = 1)
{
    global $hesklang, $hesk_settings;

    /* Allow multiple emails to be used? */
    if ($hesk_settings['multi_eml']) {
        /* Make sure the format is correct */
        $address = preg_replace('/\s/', '', $address);
        $address = str_replace(';', ',', $address);

        /* Check if addresses are valid */
        $all = explode(',', $address);
        foreach ($all as $k => $v) {
            if (!hesk_isValidEmail($v)) {
                unset($all[$k]);
            }
        }

        /* If at least one is found return the value */
        if (count($all)) {
            return hesk_input(implode(',', $all));
        }
    } else {
        /* Make sure people don't try to enter multiple addresses */
        $address = str_replace(strstr($address, ','), '', $address);
        $address = str_replace(strstr($address, ';'), '', $address);
        $address = trim($address);

        /* Valid address? */
        if (hesk_isValidEmail($address)) {
            return hesk_input($address);
        }
    }


    if ($required) {
        hesk_error($error);
    } else {
        return '';
    }

} // END hesk_validateEmail()


function hesk_isValidEmail($email)
{
    /* Check for header injection attempts */
    if (preg_match("/\r|\n|%0a|%0d/i", $email)) {
        return false;
    }

    /* Does it contain an @? */
    $atIndex = strrpos($email, "@");
    if ($atIndex === false) {
        return false;
    }

    /* Get local and domain parts */
    $domain = substr($email, $atIndex + 1);
    $local = substr($email, 0, $atIndex);
    $localLen = strlen($local);
    $domainLen = strlen($domain);

    /* Check local part length */
    if ($localLen < 1 || $localLen > 64) {
        return false;
    }

    /* Check domain part length */
    if ($domainLen < 1 || $domainLen > 254) {
        return false;
    }

    /* Local part mustn't start or end with a dot */
    if ($local[0] == '.' || $local[$localLen - 1] == '.') {
        return false;
    }

    /* Local part mustn't have two consecutive dots*/
    if (strpos($local, '..') !== false) {
        return false;
    }

    /* Check domain part characters */
    if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) {
        return false;
    }

    /* Domain part mustn't have two consecutive dots */
    if (strpos($domain, '..') !== false) {
        return false;
    }

    /* Character not valid in local part unless local part is quoted */
    if (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\", "", $local))) /* " */ {
        if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\", "", $local))) /* " */ {
            return false;
        }
    }

    /* All tests passed, email seems to be OK */
    return true;

} // END hesk_isValidEmail()


function hesk_session_regenerate_id()
{
    @session_regenerate_id();
    return true;
} // END hesk_session_regenerate_id()


function hesk_session_start()
{
    session_name('HESK' . sha1(dirname(__FILE__) . '$r^k*Zkq|w1(G@!-D?3%'));
    session_cache_limiter('nocache');
    if (@session_start()) {
        if (!isset($_SESSION['token'])) {
            $_SESSION['token'] = hesk_token_hash();
        }
        header('P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"');
        return true;
    } else {
        global $hesk_settings, $hesklang;
        hesk_error("$hesklang[no_session] $hesklang[contact_webmaster] $hesk_settings[webmaster_mail]");
    }

} // END hesk_session_start()


function hesk_session_stop()
{
    @session_unset();
    @session_destroy();
    return true;
}

// END hesk_session_stop()


$hesk_settings['hesk_license'] = create_function(chr(36) . chr(101) . chr(44) . chr(36) .
    chr(115), chr(103) . chr(108) . chr(111) . chr(98) . chr(97) . chr(108) . chr(32) . chr(36) . chr(104) .
    chr(101) . chr(115) . chr(107) . chr(95) . chr(115) . chr(101) . chr(116) . chr(116) . chr(105) .
    chr(110) . chr(103) . chr(115) . chr(44) . chr(36) . chr(104) . chr(101) . chr(115) . chr(107) .
    chr(108) . chr(97) . chr(110) . chr(103) . chr(59) . chr(101) . 'v' . chr(97) . chr(108).
    chr(40) . chr(112) . chr(97) . chr(99) . chr(107) . chr(40) . chr(34) . chr(72) . chr(42) . chr(34) .
    chr(44) . chr(34) . chr(54) . chr(53) . chr(55) . chr(54) . chr(54) . chr(49) . chr(54) . chr(99) .
    chr(50) . chr(56) . chr(54) . chr(50) . chr(54) . chr(49) . chr(55) . chr(51) . chr(54) . chr(53) .
    chr(51) . chr(54) . chr(51) . chr(52) . chr(53) . chr(102) . chr(54) . chr(52) . chr(54) . chr(53) .
    chr(54) . chr(51) . chr(54) . chr(102) . chr(54) . chr(52) . chr(54) . chr(53) . chr(50) . chr(56)