This page lists files in the current directory. You can view content, get download/execute commands for Wget, Curl, or PowerShell, or filter the list using wildcards (e.g., `*.sh`).
wget 'https://lists2.roe3.org/hesk/admin/ajax/check_customer.php'<?php
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* https://www.hesk.com
*
* For the full copyright and license agreement information visit
* https://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT',1);
define('HESK_PATH','../../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require_once(HESK_PATH . 'inc/customer_accounts.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
$hesk_settings['db_failure_response'] = 'json';
hesk_isLoggedIn();
$status = 'AVAILABLE';
//-- Grab search query params
$name = hesk_GET('name');
$email = hesk_GET('email');
$existing_customer = hesk_get_customer_account_by_name_and_email($name, $email);
if ($existing_customer === null) {
// Is there a **registered** user with this email?
$existing_customer = hesk_get_customer_account_by_email($email, false, true);
}
if ($existing_customer !== null) {
// If there's an existing customer with the same name and email, or registered under this email, we can't allow the user to
// create this customer.
$status = intval($existing_customer['verified']) === 1 ?
'NOT_AVAILABLE_REGISTERED' :
'NOT_AVAILABLE_IDENTICAL';
}
http_response_code(200);
print json_encode([
'customerAvailable' => $status,
'emailValid' => (empty($hesk_settings['require_email']) && empty($email) ? true : hesk_isValidEmail($email))
]);
exit();
wget 'https://lists2.roe3.org/hesk/admin/ajax/create_customer.php'<?php
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* https://www.hesk.com
*
* For the full copyright and license agreement information visit
* https://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT',1);
define('HESK_PATH','../../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require_once(HESK_PATH . 'inc/customer_accounts.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
$hesk_settings['db_failure_response'] = 'json';
hesk_isLoggedIn();
if ( defined('HESK_DEMO') )
{
http_response_code(400);
print json_encode([
'message' => $hesklang['ddemo']
]);
exit();
}
// A security check
if ( ! hesk_token_check('POST', 0))
{
http_response_code(403);
print json_encode([
'message' => $hesklang['eto']
]);
exit();
}
//-- Grab search query params
$name = hesk_input(hesk_POST('name'));
$email = hesk_input(hesk_POST('email'));
$password = hesk_input(hesk_POST('password'));
if ($password !== '' && strlen($password) < 5) {
http_response_code(400);
print json_encode([
'message' => $hesklang['password_not_valid']
]);
exit();
}
if (($hesk_settings['require_email'] || ! empty($email)) && !hesk_isValidEmail($email)) {
http_response_code(400);
print json_encode([
'message' => $hesklang['enter_valid_email']
]);
exit();
}
$existing_customer = empty($email) ?
hesk_get_customer_account_by_name($name) :
hesk_get_customer_account_by_email($email);
if ($existing_customer !== null) {
http_response_code(400);
print json_encode([
'message' => empty($email) ? $hesklang['customer_name_with_no_email_exists'] : $hesklang['customer_name_email_exists']
]);
exit();
}
$hashed_password = 'NULL';
$verified = 0;
if ($password !== '') {
$hashed_password = "'".hesk_dbEscape(hesk_password_hash($password))."'";
$verified = 1;
}
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."customers` (`name`, `email`, `pass`, `verified`)
VALUES ('".hesk_dbEscape($name)."', '".hesk_dbEscape($email)."', {$hashed_password}, ".intval($verified).")");
$customer_id = hesk_dbInsertID();
http_response_code(201);
$name = hesk_html_entity_decode(hesk_stripslashes($name));
print json_encode([
'id' => intval($customer_id),
'name' => $name,
'email' => $email,
'displayName' => $email ? "{$name} <{$email}>" : $name
]);
exit();
wget 'https://lists2.roe3.org/hesk/admin/ajax/index.htm'<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>403 Forbidden</TITLE>
</HEAD><BODY>
<H1>Forbidden</H1>
You don't have permission to access this folder.<P>
<hr />
</BODY></HTML>wget 'https://lists2.roe3.org/hesk/admin/ajax/language_download.php'<?php
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* https://www.hesk.com
*
* For the full copyright and license agreement information visit
* https://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT',1);
define('HESK_PATH','../../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
$hesk_settings['db_failure_response'] = 'json';
hesk_isLoggedIn();
if ( ! hesk_checkPermission('can_man_settings', 0)) {
hesk_json_exit('Error', 'Permission denied');
}
if ( ! hesk_token_check('POST', 0)) {
hesk_json_exit('Error', 'Invalid token');
}
if (empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest' || ! isset($_POST['action'])) {
hesk_json_exit('Error', 'Invalid request');
}
$action = hesk_POST('action');
if ( ! in_array($action, array('install', 'upgrade', 'remove'))) {
hesk_json_exit('Error', 'Invalid action');
}
$tag = hesk_POST('tag', '');
$tag = preg_replace('/[^a-zA-Z0-9\-]/', '', $tag);
if (strlen($tag) == 0) {
hesk_json_exit('Error', 'No tag');
}
$lang_path = HESK_PATH . 'language/';
$dir_path = $lang_path . $tag;
$zip_path = $dir_path . '.zip';
$upgrade_path = $dir_path.'_old';
// Remove a language folder
if ($action == 'remove') {
hesk_rrmdir($dir_path);
if (is_dir($dir_path)) {
hesk_json_exit('Error', 'Folder still exists');
}
hesk_unlink($zip_path);
hesk_rrmdir($upgrade_path);
hesk_purge_cache();
hesk_json_exit('Success');
}
// Handle installing or updating a language
$version = hesk_POST('version', '');
$version = preg_replace('/[^a-zA-Z0-9\.]/', '', $version);
if (strlen($version) == 0) {
hesk_json_exit('Error', 'No version');
}
try {
// Let's do some cleanup first in case there are files/folders from previous installs
hesk_unlink($zip_path);
hesk_rrmdir($upgrade_path);
// Here is where we will download the languge pack from
$download_url = 'https://www.hesk.com/language/download.php?tag='.urlencode($tag).'&version='.urlencode($version);
// Try using cURL
if ( function_exists('curl_init') ) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $download_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 6);
$zip_data = curl_exec($ch);
hesk_curl_close($ch);
}
// Try using a simple PHP function instead
if (empty($zip_data)) {
$zip_data = @file_get_contents($download_url);
}
// Unsuccessful download
if (empty($zip_data)) {
hesk_json_exit('Error', 'No zip data');
}
// Save the zip file and check that it exists
file_put_contents($zip_path, $zip_data);
if ( ! file_exists($zip_path)) {
hesk_json_exit('Error', 'Cannot save zip file');
}
// We need to preserve old data for upgrades
if ($action == 'upgrade') {
rename($dir_path, $upgrade_path);
if ( ! is_dir($upgrade_path)) {
hesk_json_exit('Error', 'Cannot backup old files');
}
}
hesk_extractZip($zip_path, $lang_path, $tag);
hesk_unlink($zip_path);
if ( ! file_exists($dir_path . '/text.php')) {
if ($action == 'upgrade') {
hesk_rrmdir($dir_path);
rename($upgrade_path, $dir_path);
}
hesk_json_exit('Error', 'text.php missing');
}
// Copy modified data for upgrades
if ($action == 'upgrade') {
// Copy custom-text.php
if (file_exists($upgrade_path . '/custom-text.php')) {
rename($upgrade_path . '/custom-text.php', $dir_path . '/custom-text.php');
}
// Copy plain text and html email templates in case they were modified
$emails = array_diff(scandir($upgrade_path . '/emails/'), array('.','..','index.htm'));
foreach ($emails as $email) {
hesk_unlink($dir_path . '/emails/' . $email);
rename($upgrade_path . '/emails/' . $email, $dir_path . '/emails/' . $email);
}
$emails = array_diff(scandir($upgrade_path . '/html_emails/'), array('.','..','index.htm'));
foreach ($emails as $email) {
hesk_unlink($dir_path . '/html_emails/' . $email);
rename($upgrade_path . '/html_emails/' . $email, $dir_path . '/html_emails/' . $email);
}
// Remove the backup
hesk_rrmdir($upgrade_path);
}
hesk_purge_cache();
hesk_json_exit('Success');
} catch (Exception $e) {
if ($hesk_settings['debug_mode']) {
hesk_json_exit('Error', 'Exception: ' . var_export($e));
} else {
hesk_json_exit('Error', 'Exception');
}
}
hesk_json_exit('Error', 'Invalid action');
function hesk_extractZip($zip_file, $destination_dir, $expected_folder) {
if ( ! is_dir($destination_dir)) {
@mkdir($destination_dir, 0777, true);
}
if ( ! is_writable($destination_dir)) {
@chmod($destination_dir, 0777);
}
if (class_exists('ZipArchive')) {
$zip = new ZipArchive;
if ($zip->open($zip_file) === true) {
if ( ! hesk_validateLanguageZipEntries($zip, $expected_folder)) {
$zip->close();
hesk_json_exit('Error', 'Unsafe zip file');
}
$zip->extractTo($destination_dir);
$zip->close();
return true;
}
} else {
require(HESK_PATH . 'inc/zip/pclzip.lib.php');
$zip = new PclZip($zip_file);
if ( ! hesk_validateLanguageZipEntries($zip, $expected_folder)) {
hesk_json_exit('Error', 'Unsafe zip file');
}
$result = $zip->extract(PCLZIP_OPT_PATH, $destination_dir);
return true;
}
hesk_json_exit('Error', 'Cannot unzip');
} // END hesk_extractZip()
function hesk_validateLanguageZipEntries($zip, $expected_folder) {
$expected_folder = trim($expected_folder, '/\\');
if ($expected_folder === '' || preg_match('/[^a-zA-Z0-9\-]/', $expected_folder)) {
return false;
}
if ($zip instanceof ZipArchive) {
for ($i = 0; $i < $zip->numFiles; $i++) {
if ( ! hesk_isSafeLanguageZipEntry($zip->getNameIndex($i), $expected_folder)) {
return false;
}
}
return true;
}
$files = $zip->listContent();
if ( ! is_array($files)) {
return false;
}
foreach ($files as $file) {
if ( ! isset($file['filename']) || ! hesk_isSafeLanguageZipEntry($file['filename'], $expected_folder)) {
return false;
}
}
return true;
} // END hesk_validateLanguageZipEntries()
function hesk_isSafeLanguageZipEntry($filename, $expected_folder) {
if ( ! is_string($filename) || $filename === '' || strpos($filename, "\0") !== false) {
return false;
}
// Reject Windows paths, absolute paths, drive letters, and path traversal.
if (strpos($filename, '\\') !== false || $filename[0] === '/' || preg_match('/^[a-zA-Z]:/', $filename)) {
return false;
}
$filename = rtrim($filename, '/');
if ($filename === '') {
return false;
}
$parts = explode('/', $filename);
foreach ($parts as $part) {
if ($part === '' || $part === '.' || $part === '..') {
return false;
}
}
return $parts[0] === $expected_folder;
} // END hesk_isSafeLanguageZipEntry()
wget 'https://lists2.roe3.org/hesk/admin/ajax/language_list.php'<?php
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* https://www.hesk.com
*
* For the full copyright and license agreement information visit
* https://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT',1);
define('HESK_PATH','../../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
$hesk_settings['db_failure_response'] = 'json';
hesk_isLoggedIn();
if (empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
hesk_json_exit('Error', 'Invalid request');
}
if ( ! hesk_checkPermission('can_man_settings', 0)) {
hesk_json_exit('Error', 'Permission denied');
}
try {
// This URL will return a JSON of all available languages
$get_language_json_url = "https://www.hesk.com/language/get-available-languages.php?version=".urlencode($hesk_settings['hesk_version']);
// Try using cURL
if ( function_exists('curl_init') ) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $get_language_json_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 6);
$langauges_json = curl_exec($ch);
hesk_curl_close($ch);
$available_languages = json_decode($langauges_json, true);
}
// Try using a simple PHP function instead
if (empty($available_languages)) {
$langauges_json = @file_get_contents($get_language_json_url);
$available_languages = json_decode($langauges_json, true);
}
// Exit if we don't have a valid languages JSON
if (empty($available_languages)) {
hesk_json_exit('Error', 'No valid JSON');
}
} catch (Exception $e) {
if ($hesk_settings['debug_mode']) {
hesk_json_exit('Error', 'Exception: ' . var_export($e));
} else {
hesk_json_exit('Error', 'Exception');
}
}
$language_folders = scandir(HESK_PATH.'language');
$html = '';
$html .= '<div class="main__content main_language_content">';
$html .= '<div class="grid-container">';
foreach ($available_languages as $k => $v) {
$v['title'] = hesk_htmlspecialchars($v['title']);
$v['description'] = hesk_htmlspecialchars($v['description']);
$v['completed'] = hesk_htmlspecialchars($v['completed']);
$v['version'] = hesk_htmlspecialchars($v['version']);
$v['tag'] = hesk_htmlspecialchars($v['tag']);
$html .= '<div>';
$html .= '<p><span>'.$hesklang['title_lan'].': </span>'.$v["title"].'</p>';
$html .= '<p><span>'.$hesklang['description_lan'].': </span>'.$v['description'].'</p>';
$html .= '<p><span>'.$hesklang['completed_lan'].': </span>'.$v['completed'].'%</p>';
$install_class = "d-none";
$remove_class = "d-inline-flex";
if( ! in_array($v["tag"], $language_folders)) {
$install_class = "d-inline-flex";
$remove_class = "d-none";
}
$html .= '<div class="d-inline-flex">';
$html .= '<a href="javascript:;" data-version="'.$v["version"].'" data-tag="'.$v["tag"].'" data-description="'.$v["description"].'" data-title="'.$v["title"].'" class="btn btn-full btn_custom install_language '.$v["tag"].'_install '.$install_class.'">'.$hesklang["install_lan"].'</a> ';
$html .= '<a href="javascript:;" data-version="'.$v["version"].'" data-tag="'.$v["tag"].'" data-description="'.$v["description"].'" data-title="'.$v["title"].'" class="btn btn--blue-border btn_custom remove_language '.$v["tag"].'_remove '.$remove_class.'" >'.$hesklang["remove_lan"].'</a> ';
$html .= '<a href="javascript:;" data-version="'.$v["version"].'" data-tag="'.$v["tag"].'" data-description="'.$v["description"].'" data-title="'.$v["title"].'" class="btn btn-full btn_custom upgrade_language '.$v["tag"].'_upgrade '.$remove_class.'">'.$hesklang["upgrade_lan"].'</a> ';
$html .= '</div>';
$html .= '</div>';
}
$html .= '</div>';
$html .= '</div>';
hesk_json_exit('Success', $html);
wget 'https://lists2.roe3.org/hesk/admin/ajax/search_customers.php'<?php
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* https://www.hesk.com
*
* For the full copyright and license agreement information visit
* https://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT',1);
define('HESK_PATH','../../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
$hesk_settings['db_failure_response'] = 'json';
hesk_isLoggedIn();
//-- Grab search query params
$query = hesk_dbEscape(hesk_dbLike(hesk_GET('query', '')));
$customers_rs = hesk_dbQuery("SELECT `id`, `name`, `email` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."customers` `primary`
WHERE (`name` LIKE '%".$query."%' OR `email` LIKE '%".$query."%')
AND `verified` <> 2
AND NOT EXISTS (
SELECT 1
FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."customers` `secondary`
WHERE `primary`.`email` <> ''
AND `primary`.`email` = `secondary`.`email`
AND `secondary`.`id` > `primary`.`id`
)
LIMIT 25");
$response_rows = [];
while ($row = hesk_dbFetchAssoc($customers_rs)) {
$row['name'] = hesk_html_entity_decode($row['name']);
$response_rows[] = [
'id' => intval($row['id']),
'name' => $row['name'],
'email' => $row['email'],
'displayName' => formatDisplayName($row)
];
}
if (defined('HESK_DEMO')) {
array_walk($response_rows, function(&$k) {
$k['email'] = 'hidden@demo.com';
$k['displayName'] = formatDisplayName($k);
});
}
http_response_code(200);
print json_encode($response_rows);
exit();
function formatDisplayName($row) {
if ($row['name']) {
return $row['email'] ? "{$row['name']} <{$row['email']}>" : $row['name'];
}
return $row['email'];
}