verifyResponse(hesk_getClientIP(), hesk_POST("g-recaptcha-response") ); } if ($resp != null && $resp->success) { $_SESSION['img_a_verified']=true; } else { $hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error']; } } // Using PHP generated image else { $mysecnum = intval( hesk_POST('mysecnum', 0) ); if ( empty($mysecnum) ) { $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss']; } else { require(HESK_PATH . 'inc/secimg.inc.php'); $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']); if ( isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum']) ) { $_SESSION['img_a_verified'] = true; } else { $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng']; } } } } /* Any missing fields? */ if (count($hesk_error_buffer)!=0) { $_SESSION['a_iserror'] = array_keys($hesk_error_buffer); $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "
  • $error
    • \n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'].'

    '; hesk_process_messages($hesk_error_buffer,'NOREDIRECT'); print_login(); exit(); } elseif (isset($_SESSION['img_a_verified'])) { unset($_SESSION['img_a_verified']); } /* User entered all required info, now lets limit brute force attempts */ hesk_limitBfAttempts(); $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `user` = '".hesk_dbEscape($user)."' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_session_stop(); $_SESSION['a_iserror'] = array('user','pass'); hesk_process_messages($hesklang['wrong_user'],'NOREDIRECT'); print_login(); exit(); } $res=hesk_dbFetchAssoc($result); foreach ($res as $k=>$v) { $_SESSION[$k]=$v; } /* Check password */ if (hesk_Pass2Hash($pass) != $_SESSION['pass']) { hesk_session_stop(); $_SESSION['a_iserror'] = array('pass'); hesk_process_messages($hesklang['wrong_pass'],'NOREDIRECT'); print_login(); exit(); } $pass_enc = hesk_Pass2Hash($_SESSION['pass'].hesk_mb_strtolower($user).$_SESSION['pass']); /* Check if default password */ if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') { hesk_process_messages($hesklang['chdp'],'NOREDIRECT','NOTICE'); } // Set a tag that will be used to expire sessions after username or password change $_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']); // We don't need the password hash anymore unset($_SESSION['pass']); /* Login successful, clean brute force attempts */ hesk_cleanBfAttempts(); /* Regenerate session ID (security) */ hesk_session_regenerate_id(); /* Remember username? */ if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') { hesk_setcookie('hesk_username', "$user", strtotime('+1 year')); hesk_setcookie('hesk_p', "$pass_enc", strtotime('+1 year')); } elseif ( hesk_POST('remember_user') == 'JUSTUSER') { hesk_setcookie('hesk_username', "$user", strtotime('+1 year')); hesk_setcookie('hesk_p', ''); } else { // Expire cookie if set otherwise hesk_setcookie('hesk_username', ''); hesk_setcookie('hesk_p', ''); } /* Close any old tickets here so Cron jobs aren't necessary */ if ($hesk_settings['autoclose']) { $revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']); $dt = date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400); // Notify customer of closed ticket? if ($hesk_settings['notify_closed']) { // Get list of tickets $result = hesk_dbQuery("SELECT * FROM `".$hesk_settings['db_pfix']."tickets` WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' "); if (hesk_dbNumRows($result) > 0) { global $ticket; // Load required functions? if ( ! function_exists('hesk_notifyCustomer') ) { require(HESK_PATH . 'inc/email_functions.inc.php'); } while ($ticket = hesk_dbFetchAssoc($result)) { $ticket['dt'] = hesk_date($ticket['dt'], true); $ticket['lastchange'] = hesk_date($ticket['lastchange'], true); $ticket = hesk_ticketToPlain($ticket, 1, 0); hesk_notifyCustomer('ticket_closed'); } } } // Update ticket statuses and history in database hesk_dbQuery("UPDATE `".$hesk_settings['db_pfix']."tickets` SET `status`='3', `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' "); } /* Redirect to the destination page */ header('Location: ' . hesk_verifyGoto() ); exit(); } // End do_login() function print_login() { global $hesk_settings, $hesklang; // Tell header to load reCaptcha API if needed if ($hesk_settings['recaptcha_use']) { define('RECAPTCHA',1); } $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['admin_login']; require_once(HESK_PATH . 'inc/header.inc.php'); if ( hesk_isREQUEST('notice') ) { hesk_process_messages($hesklang['session_expired'],'NOREDIRECT'); } if (!isset($_SESSION['a_iserror'])) { $_SESSION['a_iserror'] = array(); } $login_wrapper = true; ?>
    Hesk

    '; $res = hesk_dbQuery('SELECT `user` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `user` ASC'); while ($row=hesk_dbFetchAssoc($res)) { $sel = (hesk_mb_strtolower($savedUser) == hesk_mb_strtolower($row['user'])) ? 'selected="selected"' : ''; echo ''; } echo ''; } else { echo ''; } ?>
    >
    '.$hesklang['sec_img'].' '. ' '. '

    '; } ?>
    >
    >
    >
    />
    '; } ?>