function hesk_mergeTickets($merge_these, $merge_into)
{
    global $hesk_settings, $hesklang, $hesk_db_link;
    /* Target ticket must not be in the "merge these" list */
    if (in_array($merge_into, $merge_these)) {
        $merge_these = array_diff($merge_these, array($merge_into));
    }
    /* At least 1 ticket needs to be merged with target ticket */
    if (count($merge_these) < 1) {
        $_SESSION['error'] = $hesklang['merr1'];
        return false;
    }
    /* Make sure target ticket exists */
    $res = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($merge_into) . "' LIMIT 1");
    if (hesk_dbNumRows($res) != 1) {
        $_SESSION['error'] = $hesklang['merr2'];
        return false;
    }
    $ticket = hesk_dbFetchAssoc($res);
    /* Make sure user has access to ticket category */
    if (!hesk_okCategory($ticket['category'], 0)) {
        $_SESSION['error'] = $hesklang['merr3'];
        return false;
    }
    /* Set some variables for later */
    $merge['attachments'] = '';
    $merge['replies'] = array();
    $merge['notes'] = array();
    $sec_worked = 0;
    $history = '';
    $merged = '';
    /* Get messages, replies, notes and attachments of tickets that will be merged */
    foreach ($merge_these as $this_id) {
        /* Validate ID */
        if (is_array($this_id)) {
            continue;
        }
        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
        /* Get required ticket information */
        $res = hesk_dbQuery("SELECT `id`,`trackid`,`category`,`name`,`message`,`dt`,`time_worked`,`attachments` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($this_id) . "' LIMIT 1");
        if (hesk_dbNumRows($res) != 1) {
            continue;
        }
        $row = hesk_dbFetchAssoc($res);
        /* Has this user access to the ticket category? */
        if (!hesk_okCategory($row['category'], 0)) {
            continue;
        }
        /* Insert ticket message as a new reply to target ticket */
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($row['name']) . "','" . hesk_dbEscape($row['message']) . "','" . hesk_dbEscape($row['dt']) . "','" . hesk_dbEscape($row['attachments']) . "')");
        /* Update attachments  */
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` SET `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "' WHERE `ticket_id`='" . hesk_dbEscape($row['trackid']) . "'");
        /* Get old ticket replies and insert them as new replies */
        $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($row['id']) . "' ORDER BY `id` ASC");
        while ($reply = hesk_dbFetchAssoc($res)) {
            hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`,`rating`,`read`) VALUES ('" . intval($ticket['id']) . "','" . hesk_dbEscape($reply['name']) . "','" . hesk_dbEscape($reply['message']) . "','" . hesk_dbEscape($reply['dt']) . "','" . hesk_dbEscape($reply['attachments']) . "','" . intval($reply['staffid']) . "','" . intval($reply['rating']) . "','" . intval($reply['read']) . "')");
        }
        /* Delete replies to the old ticket */
        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($row['id']) . "'");
        /* Get old ticket notes and insert them as new notes */
        $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `ticket`='" . intval($row['id']) . "' ORDER BY `id` ASC");
        while ($note = hesk_dbFetchAssoc($res)) {
            hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` (`ticket`,`who`,`dt`,`message`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . intval($note['who']) . "','" . hesk_dbEscape($note['dt']) . "','" . hesk_dbEscape($note['message']) . "','" . hesk_dbEscape($note['attachments']) . "')");
        }
        /* Delete replies to the old ticket */
        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `ticket`='" . intval($row['id']) . "'");
        /* Delete old ticket */
        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($row['id']) . "'");
        /* Log that ticket has been merged */
        $history .= sprintf($hesklang['thist13'], hesk_date(), $row['trackid'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
        /* Add old ticket ID to target ticket "merged" field */
        $merged .= '#' . $row['trackid'];
        /* Convert old ticket "time worked" to seconds and add to $sec_worked variable */
        list($hr, $min, $sec) = explode(':', $row['time_worked']);
        $sec_worked += (int) $hr * 3600 + (int) $min * 60 + (int) $sec;
    }
    /* Convert seconds to HHH:MM:SS */
    $sec_worked = hesk_getTime('0:' . $sec_worked);
    // Get number of replies
    $total = 0;
    $staffreplies = 0;
    $res = hesk_dbQuery("SELECT COUNT(*) as `cnt`, `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`=" . intval($ticket['id']) . " GROUP BY CASE WHEN `staffid` = 0 THEN 0 ELSE 1 END ASC");
    while ($row = hesk_dbFetchAssoc($res)) {
        $total += $row['cnt'];
        $staffreplies += $row['staffid'] ? $row['cnt'] : 0;
    }
    $replies_sql = " `replies`={$total}, `staffreplies`={$staffreplies} , ";
    // Get first staff reply
    if ($staffreplies) {
        $res = hesk_dbQuery("SELECT `dt`, `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`=" . intval($ticket['id']) . " AND `staffid`>0 ORDER BY `dt` ASC LIMIT 1");
        $reply = hesk_dbFetchAssoc($res);
        $replies_sql .= " `firstreply`='" . hesk_dbEscape($reply['dt']) . "', `firstreplyby`=" . intval($reply['staffid']) . " , ";
    }
    /* Update history (log) and merged IDs of target ticket */
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET {$replies_sql} `time_worked`=ADDTIME(`time_worked`, '" . hesk_dbEscape($sec_worked) . "'), `merged`=CONCAT(`merged`,'" . hesk_dbEscape($merged . '#') . "'), `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `id`='" . intval($merge_into) . "' LIMIT 1");
    return true;
}
Beispiel #2
0
            $_GET['time'] = 3;
            $selected['time'][3] = 'selected="selected"';
    }
}
unset($tmp);
// Start SQL statement for selecting tickets
$sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
// Some default settings
$archive = array(1 => 0, 2 => 0);
$s_my = array(1 => 1, 2 => 1);
$s_ot = array(1 => 1, 2 => 1);
$s_un = array(1 => 1, 2 => 1);
// --> TICKET CATEGORY
$category = intval(hesk_GET('category', 0));
// Make sure user has access to this category
if ($category && hesk_okCategory($category, 0)) {
    $sql .= " `category`='{$category}' ";
} else {
    $sql .= hesk_myCategories();
}
// Show only tagged tickets?
if (!empty($_GET['archive'])) {
    $archive[1] = 1;
    $sql .= " AND `archive`='1' ";
}
// Ticket owner preferences
$fid = 1;
require HESK_PATH . 'inc/assignment_search.inc.php';
// --> TICKET STATUS
$possible_status = array(0 => 'NEW', 1 => 'WAITING REPLY', 2 => 'REPLIED', 3 => 'RESOLVED (CLOSED)', 4 => 'IN PROGRESS', 5 => 'ON HOLD');
$status = $possible_status;
Beispiel #3
0
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
$is_reply = 0;
$tmpvar = array();
/* Get ticket info */
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
    hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
// Demo mode
if (defined('HESK_DEMO')) {
    $ticket['email'] = '*****@*****.**';
}
/* Is this user allowed to view tickets inside this category? */
hesk_okCategory($ticket['category']);
if (hesk_isREQUEST('reply')) {
    $tmpvar['id'] = intval(hesk_REQUEST('reply')) or die($hesklang['id_not_valid']);
    $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='{$tmpvar['id']}' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
        hesk_error($hesklang['id_not_valid']);
    }
    $reply = hesk_dbFetchAssoc($result);
    $ticket['message'] = $reply['message'];
    $is_reply = 1;
}
if (isset($_POST['save'])) {
    /* A security check */
    hesk_token_check('POST');
    $hesk_error_buffer = array();
    if ($is_reply) {
function import_article()
{
    global $hesk_settings, $hesklang, $listBox;
    $_SESSION['hide'] = array('treemenu' => 1, 'new_category' => 1);
    $_SESSION['KB_CATEGORY'] = 1;
    // Get ticket ID
    $trackingID = hesk_cleanID();
    if (empty($trackingID)) {
        return false;
    }
    // Get ticket info
    $res = hesk_dbQuery("SELECT `id`,`category`,`subject`,`message`,`owner` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
    if (hesk_dbNumRows($res) != 1) {
        return false;
    }
    $ticket = hesk_dbFetchAssoc($res);
    // Permission to view this ticket?
    if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) {
        return false;
    }
    if (!$ticket['owner'] && !hesk_checkPermission('can_view_unassigned', 0)) {
        return false;
    }
    // Is this user allowed to view tickets inside this category?
    if (!hesk_okCategory($ticket['category'], 0)) {
        return false;
    }
    // Set article contents
    if ($hesk_settings['kb_wysiwyg']) {
        // With WYSIWYG editor
        $_SESSION['new_article'] = array('html' => 1, 'subject' => $ticket['subject'], 'content' => hesk_htmlspecialchars($ticket['message']));
    } else {
        // Without WYSIWYG editor *
        $_SESSION['new_article'] = array('html' => 0, 'subject' => $ticket['subject'], 'content' => hesk_msgToPlain($ticket['message']));
    }
    // Get messages from replies to the ticket
    $res = hesk_dbQuery("SELECT `message` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` ASC");
    while ($reply = hesk_dbFetchAssoc($res)) {
        if ($hesk_settings['kb_wysiwyg']) {
            $_SESSION['new_article']['content'] .= "<br /><br />" . hesk_htmlspecialchars($reply['message']);
        } else {
            $_SESSION['new_article']['content'] .= "\n\n" . hesk_msgToPlain($reply['message']);
        }
    }
    hesk_process_messages($hesklang['import'], 'NOREDIRECT', 'NOTICE');
}
        $res = hesk_dbQuery("SELECT `name`,`isadmin`,`categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='{$tmpvar['owner']}' LIMIT 1");
        if (hesk_dbNumRows($res) == 1) {
            $row = hesk_dbFetchAssoc($res);
            if (!$row['isadmin']) {
                $row['categories'] = explode(',', $row['categories']);
                if (!in_array($tmpvar['category'], $row['categories'])) {
                    $_SESSION['isnotice'][] = 'category';
                    $hesk_error_buffer['owner'] = $hesklang['onasc'];
                }
            }
        } else {
            $_SESSION['isnotice'][] = 'category';
            $hesk_error_buffer['owner'] = $hesklang['onasc'];
        }
    }
} elseif (hesk_checkPermission('can_assign_self', 0) && hesk_okCategory($tmpvar['category'], 0) && !empty($_POST['assing_to_self'])) {
    $tmpvar['owner'] = intval($_SESSION['id']);
}
// Notify customer of the ticket?
$notify = !empty($_POST['notify']) ? 1 : 0;
// Show ticket after submission?
$show = !empty($_POST['show']) ? 1 : 0;
// Attachments
if ($hesk_settings['attachments']['use']) {
    require_once HESK_PATH . 'inc/attachments.inc.php';
    $attachments = array();
    $trackingID = $tmpvar['trackid'];
    for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
        $att = hesk_uploadFile($i);
        if ($att !== false && !empty($att)) {
            $attachments[$i] = $att;
Beispiel #6
0
require HESK_PATH . 'inc/admin_functions.inc.php';
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_man_users');
/* Possible user features */
$hesk_settings['features'] = array('can_view_tickets', 'can_reply_tickets', 'can_del_tickets', 'can_edit_tickets', 'can_merge_tickets', 'can_del_notes', 'can_change_cat', 'can_man_kb', 'can_man_users', 'can_man_cat', 'can_man_canned', 'can_man_settings', 'can_add_archive', 'can_assign_self', 'can_assign_others', 'can_view_unassigned', 'can_view_ass_others', 'can_run_reports', 'can_run_reports_full', 'can_export', 'can_view_online');
/* Set default values */
$default_userdata = array('name' => '', 'email' => '', 'user' => '', 'signature' => '', 'isadmin' => 1, 'categories' => array('1'), 'features' => array('can_view_tickets', 'can_reply_tickets', 'can_change_cat', 'can_assign_self', 'can_view_unassigned', 'can_view_online'), 'signature' => '', 'cleanpass' => '');
/* A list of all categories */
$hesk_settings['categories'] = array();
$res = hesk_dbQuery('SELECT `id`,`name` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` ORDER BY `cat_order` ASC');
while ($row = hesk_dbFetchAssoc($res)) {
    if (hesk_okCategory($row['id'], 0)) {
        $hesk_settings['categories'][$row['id']] = $row['name'];
    }
}
/* Non-admin users may not create users with more permissions than they have */
if (!$_SESSION['isadmin']) {
    /* Can't create admin users */
    $_POST['isadmin'] = 0;
    /* Can only add features he/she has access to */
    $hesk_settings['features'] = array_intersect(explode(',', $_SESSION['heskprivileges']), $hesk_settings['features']);
    /* Can user modify auto-assign setting? */
    if ($hesk_settings['autoassign'] && (!hesk_checkPermission('can_assign_self', 0) || !hesk_checkPermission('can_assign_others', 0))) {
        $hesk_settings['autoassign'] = 0;
    }
}
/* Use any set values, default otherwise */
Beispiel #7
0
if ($ticket['lastreplier']) {
    if (empty($ticket['repliername'])) {
        $ticket['repliername'] = $hesklang['staff'];
    }
} else {
    $ticket['repliername'] = $ticket['name'];
}
/* Get category name and ID */
$result = hesk_dbQuery("SELECT `id`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($ticket['category']) . "' LIMIT 1");
/* If this category has been deleted use the default category with ID 1 */
if (hesk_dbNumRows($result) != 1) {
    $result = hesk_dbQuery("SELECT `id`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='1' LIMIT 1");
}
$category = hesk_dbFetchAssoc($result);
/* Is this user allowed to view tickets inside this category? */
hesk_okCategory($category['id']);
/* Delete post action */
if (isset($_GET['delete_post']) && $can_delete && hesk_token_check()) {
    $n = intval(hesk_GET('delete_post'));
    if ($n) {
        /* Get last reply ID, we'll need it later */
        $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` DESC LIMIT 1");
        $last_reply_id = hesk_dbResult($res, 0, 0);
        // Was this post submitted by staff and does it have any attachments?
        $res = hesk_dbQuery("SELECT `dt`, `staffid`, `attachments` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
        $reply = hesk_dbFetchAssoc($res);
        // If the reply was by a staff member update the appropriate columns
        if ($reply['staffid']) {
            // Is this the only staff reply? Delete "firstreply" and "firstreplyby" columns
            if ($ticket['staffreplies'] <= 1) {
                $staffreplies_sql = ' , `firstreply`=NULL, `firstreplyby`=NULL, `staffreplies`=0 ';
Beispiel #8
0
}
$ticket = hesk_dbFetchAssoc($res);
/* Log that ticket is being moved */
$history = sprintf($hesklang['thist1'], hesk_date(), $row['name'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
/* Is the ticket assigned to someone? If yes, check that the user has access to category or change to unassigned */
$need_to_reassign = 0;
if ($ticket['owner']) {
    if ($ticket['owner'] == $_SESSION['id'] && !$category_ok) {
        $need_to_reassign = 1;
    } else {
        $res = hesk_dbQuery("SELECT `isadmin`,`categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($ticket['owner']) . "' LIMIT 1");
        if (hesk_dbNumRows($res) != 1) {
            $need_to_reassign = 1;
        } else {
            $tmp = hesk_dbFetchAssoc($res);
            if (!hesk_okCategory($category, 0, $tmp['isadmin'], explode(',', $tmp['categories']))) {
                $need_to_reassign = 1;
            }
        }
    }
}
/* Reassign automatically if possible */
if ($need_to_reassign || !$ticket['owner']) {
    $need_to_reassign = 1;
    $autoassign_owner = hesk_autoAssignTicket($category);
    if ($autoassign_owner) {
        $ticket['owner'] = $autoassign_owner['id'];
        $history .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
    } else {
        $ticket['owner'] = 0;
    }