Add-On Releases - PS - HelpCenter

HelpCenter is the ultimate ticket support system for your vBulletin!

Click Here for vBulletin 3.6 Version

HelpCenter is a support ticket system made for vBulletin. It allows you to manage your members questions much easier, saving you the hassle of going through emails and private messages.

Visit PaulSonny for news, demos, screenshots, and more!

Demo: PaulSonny HelpCenter

Features

If you have any feature requests please make them known at PaulSonny.

* Automatic Template Edits
* Turn HelpCenter ON/OFF and display a custom message.
* Disallow New Tickets to be created and display a custom message.
* Give your Ticket ID's a Prefix.
* Auto Open closed tickets when a new reply is made. (Now an Admin Option)
* Add, Edit and Delete departments via AdminCP, view Tickets within a Department.
* Open/Closed ticket AdminCP Management.
* Make tickets public/private.
* Ticket Priorities. (Low/Medium/High)
* WOL: HelpCenter.
* View Statistics about HelpCenter in the AdminCP.

Installation Instructions

[] Upload all the files from the Upload folder.
[] Import product-helpcenter.xml via the AdminCP.
[] Set Permissions for each usergroup via the AdminCP for HelpCenter.
[] Set Departments up via the AdminCP for HelpCenter.

Footnotes

Please report all bugs, feature requests and comments here.

Version History:

Version 1.00 Beta 1:

Initial version for vBulletin 3.7.

Version 1.00 Beta 2:

Bug Fixes.

Version 1.00 Beta 3:

Database Errors Fixed.
Added Extra Usergroup Permissions.
Ticket Priority Added.
Ticket Number Prefix Added.
Plus Much More...

Version 1.00 Beta 4:

Added Some extra Admin Features.
Fixed some bugs.
Other small features added.

Version 1.00 Beta 4 Security Fix

Cross Site Request Forgery (CSRF) Fixed.

Version 1.00 Beta 5:

Further Enchanged Some Admin Functions.
Enhanced My Tickets Interface.
Paginated Results.
Fixed More bugs, such as Guest Tickets Problem. (Temporary Measure!)
Other small features added.

Version 1.00 Beta 6:

Make tickets public/private.
Tidied up Admin Interface.
Fixed Phrases.
Tidied Up the Code.
It now parses smilies in your tickets. so you get !
Other small features added.

Version 1.00 Release Candidate 1:

Fixed SQL Vunerabilities
Fixed Phrases.
Tidied Up the Code.
Implemented Delete Confirmation Screens.
Improved CSRF Security.

Version 1.00:

Can View HelpCenter Permission Added.
Updated Delete Confirmations.
Fixed No Title Error.
Tidied Up the Code.

Version 1.01:

Minor Template Change for Version.
Standard Editor Error Fixed.
Improved Code Structure for Editors.

Please remember to click Mark As Installed if you use this modification.
If you use this plug-in, and find it useful, please support us by nominating us for Mod Of The Month (MOTM) in the top right corner of this thread, or feel free to donate.

You will get an email when a new version is released.

Thanks, PaulSonny & The Development Team.

[Markus2]

Quote:

Originally Posted by inciarco

I Hope PaulSonny Can Surprise Ur with an Update of this Great Mod.

I Can see on the "helpcenter.php" File that there is Not Use of the Specified Options for "_any_tickets" on the Usergroups so all the "Can" Options "_tickets" are currently Working as the "_any_tickets", and that's Why All UserGroups can Edit, Open, Close, Delete, the Tickets of Other Users even if those Tickets are Private of those Other Users, (Great Bug for an User to be Able to See/Edit/Open/Close the Private Ticket of other User).

I Hope PaulSonny would Include all the Complete Functionallity of the "Can" do Actions on "_any_tickets", because in the Currently Version it isn't Working as I explained.

I Liked a Lot the Mod, but With those Bugs where other Users Can View/Edit/Open/Close/Delete other Users Tickets (Private and Public), the Mod is Un-Workable. (For Now I Have it Installed but Disabled )


My Best Regards PaulSonny, I Hope for a Soon Update of this Mod. :up:

I can't reproduce this. For example my registered test-user can not see the tickets from administrator.

[inciarco]

Quote:

Originally Posted by Markus2

I can't reproduce this. For example my registered test-user can not see the tickets from administrator.

Can't See Them LISTED, but try by Browsing the URL of the Ticket of other User (Private or Public), (very easy because the last Number in the Address is Secuencial), and You'll see that ANY User can Access ANY Other User's Tickets, and also if Options for Edit, Open, Close, Delete, Tickets are Enabled then ANY User can do that to ANY Other User's Tickets; the Options for Usergroups of Edit Tickets and Edit ANY Tickets, are the Same because in the Code there isn't any Usage of the Edit/Open/Close/Delete ANY Ticket but the Code is Currently Designed to use the Edit/Open/Close/Delete Tickets as Edit/Open/Close/Delete ANY Ticket.

If Users are not that Smart they won't be Curious to try and access any other User Ticket, but if they are Malicious (or Smart Enough) they'll Start Seeing Other Users Tickets, simply by Changing the Last Number on the Browser's Address to 1 (ticket 1), 2 (ticket 2), ... x (ticket x), so there is Corrently Not Privacy on the Tickets because the Code is Incomplete.

Review the Code of the File "helpcenter.php" and You'll see that I'm Right.

I Hope PaulSonny would Share with Us a Fixed and Complete Version of that php File that separates those Permissions.

My Best Regards.

[Vaupell]

works 99% only the private ticket isent really that private..
but no complains otherwise.

[inciarco]

Quote:

Originally Posted by Markus2

I can't reproduce this. For example my registered test-user can not see the tickets from administrator.

Also do this Easy Experiment, so that you can Proof that there is Not Currently Use of the Options for Edit/Delete/Open/Close ANY Ticket:

Set for your Test Usergroup, the following Permissions to YES

Can View HelpCenter: YES
Can View Public Tickets: YES
Can Create Tickets: YES
Can Edit Any Ticket: YES
Can Delete Any Ticket: YES
Can Close Any Ticket: YES
Can Open Any Ticket: YES

and the Other Permissions to NO

Can View IP Addresses: NO
Can Manage Tickets: NO
Can Edit Tickets: NO
Can Delete Tickets: NO
Can Close Tickets: NO
Can Open Tickets: NO

With this, if in the Mod were Code for the Can Edit/Delete/Open/Close ANY Ticket, that Usergroup should be Able to Edit/Delete/Open/Close ANY Ticket.

Try and do that !!

You'll see that You'll Get a Message of "You Don't Have Enough Permissions to...", because on the Code of the "helpcenter.php" only the Options of Can Edit/Delete/Open/Close Ticket are being Used as the Permissions to do that with ANY Ticket, so the Code is Currently Incomplete and have that HUGE BUG , (AnyBody can Edit/Delete/Open/Close AnyBody's Tickets), or perhaps on the Attached File PaulSonny forgot to Add the Updated File that Includes the Complete Code.

Now Set:

Can View HelpCenter: YES
Can View Public Tickets: YES
Can Create Tickets: YES
Can Edit Tickets: YES
Can Delete Tickets: YES
Can Close Tickets: YES
Can Open Tickets: YES

Can View IP Addresses: NO
Can Manage Tickets: NO
Can Edit Any Ticket: NO
Can Delete Any Ticket: NO
Can Close Any Ticket: NO
Can Open Any Ticket: NO

And Now go to any Ticket, let's say [YOUR_FORUM_PATH]/helpcenter.php?do=ticket&tid=1 and start changing the Last Number to 2, 3, 4, ... and Any Ticket that you Have, and you'll see that No Matter Public or Private you'll be able to Access the Tickets.

Now let's be Nasty...

Access Any Private Ticket of other User (go to one of your Admins Tickets, see the last Number of that Ticket and change the 1 of the [YOUR_FORUM_PATH]/helpcenter.php?do=ticket&tid=1 on the Test User of the Test Usergroup), and then Select the Edit/Delete/Open/Close Options. Surprise !! You've Just Edited/Deleted/Opened/Closed the Private Ticket of Other User (Admin in this Case).

That's My Exact Point, and that's the Reason Why I Haven't Used this Mod on my Forum Yet, I Have it Installed but Disabled, because with that HUGE BUG there's No Privacy and No Security for the Information that Users Post on their Tickets, so is Not Right to Offer that to them.

I Hope PaulSonny would offer Soon the Solution to that BUG, I think is worth an Urgent Update to this Mod.

My Best Regards.

[Markus2]

Quote:

Originally Posted by inciarco

Can't See Them LISTED, but try by Browsing the URL of the Ticket of other User (Private or Public), (very easy because the last Number in the Address is Secuencial), and You'll see that ANY User can Access ANY Other User's Tickets, and also if Options for Edit, Open, Close, Delete, Tickets are Enabled then ANY User can do that to ANY Other User's Tickets; the Options for Usergroups of Edit Tickets and Edit ANY Tickets, are the Same because in the Code there isn't any Usage of the Edit/Open/Close/Delete ANY Ticket but the Code is Currently Designed to use the Edit/Open/Close/Delete Tickets as Edit/Open/Close/Delete ANY Ticket.

If Users are not that Smart they won't be Curious to try and access any other User Ticket, but if they are Malicious (or Smart Enough) they'll Start Seeing Other Users Tickets, simply by Changing the Last Number on the Browser's Address to 1 (ticket 1), 2 (ticket 2), ... x (ticket x), so there is Corrently Not Privacy on the Tickets because the Code is Incomplete.

Review the Code of the File "helpcenter.php" and You'll see that I'm Right.

I Hope PaulSonny would Share with Us a Fixed and Complete Version of that php File that separates those Permissions.

My Best Regards.

Yes, you're right. I hope, PaulSonny reads these posts. This is a serious bug.

[Vaupell]

tested this with a normal user i cannot edit tickets when i change the url

i can reply with a new msg and i can attach stuff
but i cannot edit existing threads in the tickets.

But if im on any moderator,supmod or admin i can edit them all.

Feel free to test, the first 3 tickets are tests
user :

Code:

 vbetest

pass :

Code:

 test

that user is a normal "registered" usergroup with wery limited forum acces
but got acces to helpcenter.



Ewen if i try to enter the Closeticket or editticket in the url
helpcenter.php?do=closeticket&tid=3 It just says you dont have acces
helpcenter.php?do=editticket&tid=3 It just says you dont have acces

as im concerned it works fine, only two problems
- private tickets ARE NOT PRIVATE.
- anyone can reply to tickets.

[inciarco]

Quote:

Originally Posted by Vaupell

tested this with a normal user i cannot edit tickets when i change the url

i can reply with a new msg and i can attach stuff
but i cannot edit existing threads in the tickets.

But if im on any moderator,supmod or admin i can edit them all.

Feel free to test, the first 3 tickets are tests
user :

Code:

 vbetest

pass :

Code:

 test

that user is a normal "registered" usergroup with wery limited forum acces
but got acces to helpcenter.



Ewen if i try to enter the Closeticket or editticket in the url
helpcenter.php?do=closeticket&tid=3 It just says you dont have acces
helpcenter.php?do=editticket&tid=3 It just says you dont have acces

as im concerned it works fine, only two problems
- private tickets ARE NOT PRIVATE.
- anyone can reply to tickets.

You Haven't Set Premissions for that Test Usergroup to Edit/Open/Close/Delete Tickets, that's why they can't do those Actions Not Even with Their Own Tickets. (I've done the Exercise with a Test User http://www.evisystems.org/forums/hel...o=ticket&tid=4 and that's why the Dropdown Menu that Shoul Appear at the Right of the Ticket doesn't Appear.

Do the Exercise EXACTLY as I Wrote in my Message, setting the Permissions EXACTLY as I've Described, do the Exercise, and You'll see yourself Editing/Deleting/Closing/Opening the Tickets of Any Other User (Even Admins).

I Keep my Conclusions as I mentioned them in my Last Reply, a HUGE BUG and Privacy Problem with the Ticket Info of other Users (Anybody can Edit/Delete/Open/Close Anybodies's Tickets if you set to YES the Options to Edit/Delete/Open/Close Tickets, Not ANY Ticket, just Tickets, because the ANY Tickets Function is Not in Use and the Edit/Delete/Open/Close Tickets is Working as ANY Tickets).

(Read my Other Posts in this Thread, I Reported that Bug many Months Ago but only in my Last Post I decided to Describe the Exact Process so that Anybody can Test and Know Exactly the Problem).

Other BUG, (but that would be workable if the other Bug weren't Happening) is that if you Set to YES the Permissions to Edit/Delete/Open/Close Tickets, you'll see the Dropdown Menu for those Options in ALL Tickets, and this should only be Displayed in the Tickets you can Perform Actions With.

My Best Regards.

[Vaupell]

no ofcourse not, i would never let the user themself allowed to edit the original ticket.

this is a ticket not a thread. been working as a supported for a it company we have a
similar system, except its 100% private but the original post is not editable.
only by mod or admin.

Like i have, i as admin or moderator is the ONLY one to edit/open/close threads.
would be unresponsible to let users do that themself, then its not a ticket system
then its just a forum board.

[freewilley]

I was looking for this! thank you so much!

[nhlchuck]

Can anyone help with this error during the product import

"A conflict was detected in the bitfields. You cannot continue with the installation of this product until this has been fixed. The conflicts found were:

* Bitfield Collision: canalwayspostmessage = canpostnonmembergroup"