Example #1
0
 public function addTicketReply()
 {
     $tID = (int) $_GET['id'];
     $array = array('no', $tID, '');
     $mergeID = isset($_POST['mergeid']) ? mswReverseTicketNumber($_POST['mergeid']) : '0';
     $newID = $mergeID > 0 ? $mergeID : $tID;
     // Are we merging this ticket..
     if ($mergeID > 0) {
         if (mswRowCount('tickets WHERE `id` = \'' . $mergeID . '\'') > 0) {
             // Get original ticket and convert it to a reply..
             $OTICKET = mswGetTableData('tickets', 'id', $tID);
             // Get new parent data for department..
             $MERGER = mswGetTableData('tickets', 'id', $mergeID);
             // Account information..
             $PORTAL = mswGetTableData('portal', 'id', $MERGER->visitorID);
             // Add original ticket as reply..
             mysql_query("INSERT INTO `" . DB_PREFIX . "replies` (\n      `ts`,\n      `ticketID`,\n      `comments`,\n      `replyType`,\n      `replyUser`,\n      `isMerged`,\n      `ipAddresses` \n      ) VALUES (\n      UNIX_TIMESTAMP(UTC_TIMESTAMP),\n      '{$mergeID}',\n      '" . mswSafeImportString($OTICKET->comments) . "',\n      'visitor',\n      '{$OTICKET->visitorID}',\n      'yes',\n      '{$OTICKET->ipAddresses}' \n      )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
             // Now remove original ticket
             mysql_query("DELETE FROM `" . DB_PREFIX . "tickets` WHERE `id` = '{$tID}'") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
             // Move any replies attached to original ticket to new parent..
             // Update timestamp so they fall in line..
             mysql_query("UPDATE `" . DB_PREFIX . "replies` SET\n\t  `ts`              = UNIX_TIMESTAMP(UTC_TIMESTAMP),\n      `ticketID`        = '{$mergeID}',\n      `isMerged`        = 'yes'\n      WHERE `ticketID`  = '{$tID}'\n      ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
             // Move attachments to new ticket id..
             mysql_query("UPDATE `" . DB_PREFIX . "attachments` SET\n      `ticketID`        = '{$mergeID}',\n      `department`      = '{$MERGER->department}'\n      WHERE `ticketID`  = '{$tID}'\n      ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
             // Move custom field data to new ticket..
             mysql_query("UPDATE `" . DB_PREFIX . "ticketfields` SET\n      `ticketID`        = '{$mergeID}'\n      WHERE `ticketID`  = '{$tID}'\n      ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
             // Remove history for old ticket..
             mysql_query("DELETE FROM `" . DB_PREFIX . "tickethistory` WHERE `ticketID` = '{$tID}'") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
             // Move any dispute user data to new ticket..
             mysql_query("UPDATE `" . DB_PREFIX . "disputes` SET\n      `ticketID`        = '{$mergeID}'\n      WHERE `ticketID`  = '{$tID}'\n      ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
             // Overwrite array..
             $array = array('yes', $mergeID, $OTICKET->subject);
         }
     }
     // Add new reply..
     mysql_query("INSERT INTO `" . DB_PREFIX . "replies` (\n  `ts`,\n  `ticketID`,\n  `comments`,\n  `replyType`,\n  `replyUser`,\n  `isMerged`,\n  `ipAddresses` \n  ) VALUES (\n  UNIX_TIMESTAMP(UTC_TIMESTAMP),\n  '{$newID}',\n  '" . mswSafeImportString($_POST['comments']) . "',\n  'admin',\n  '{$this->team->id}',\n  'no',\n  '" . mswIPAddresses() . "' \n  )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
     $newReply = mysql_insert_id();
     // Custom field data..
     if (!empty($_POST['customField'])) {
         // Check to see if any checkboxes arrays are now blank..
         // If there are, create empty array to prevent ommission in loop..
         if (!empty($_POST['hiddenBoxes'])) {
             foreach ($_POST['hiddenBoxes'] as $hb) {
                 if (!isset($_POST['customField'][$hb])) {
                     $_POST['customField'][$hb] = array();
                 }
             }
         }
         foreach ($_POST['customField'] as $k => $v) {
             $data = '';
             // If value is array, its checkboxes..
             if (is_array($v)) {
                 if (!empty($v)) {
                     $data = implode('#####', $v);
                 }
             } else {
                 $data = $v;
             }
             $k = (int) $k;
             // If data exists, update or add entry..
             // If blank or 'nothing-selected', delete if exists..
             if ($data != '' && $data != 'nothing-selected') {
                 if (mswRowCount('ticketfields WHERE `ticketID`  = \'' . $newID . '\' AND `fieldID` = \'' . $k . '\' AND `replyID` = \'' . $newReply . '\'') > 0) {
                     mysql_query("UPDATE `" . DB_PREFIX . "ticketfields` SET\n          `fieldData`       = '" . mswSafeImportString($data) . "'\n          WHERE `ticketID`  = '{$newID}'\n          AND `fieldID`     = '{$k}'\n          AND `replyID`     = '{$newReply}'\n          ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
                 } else {
                     mysql_query("INSERT INTO `" . DB_PREFIX . "ticketfields` (\n          `fieldData`,`ticketID`,`fieldID`,`replyID`\n          ) VALUES (\n          '" . mswSafeImportString($data) . "','{$newID}','{$k}','{$newReply}'\n          )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
                 }
             } else {
                 mysql_query("DELETE FROM `" . DB_PREFIX . "ticketfields`\n        WHERE `ticketID`  = '{$newID}'\n        AND `fieldID`     = '{$k}'\n        AND `replyID`     = '{$newReply}'\n        ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
                 if (mswRowCount('ticketfields') == 0) {
                     @mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "ticketfields`");
                 }
             }
         }
     }
     // Update ticket status..
     $status = in_array($_POST['status'], array('close', 'open', 'closed', 'submit_report')) ? $_POST['status'] : 'open';
     mysql_query("UPDATE `" . DB_PREFIX . "tickets` SET\n  `lastrevision`  = UNIX_TIMESTAMP(UTC_TIMESTAMP),\n  `ticketStatus`  = '{$status}',\n  `replyStatus`   = 'visitor'\n  WHERE `id`      = '{$newID}'\n  ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
     // If specified, add reply as standard response..
     if ($_POST['response']) {
         // Add response..
         $dept = empty($_POST['dept']) ? implode(',', $_POST['deptall']) : implode(',', $_POST['dept']);
         mysql_query("INSERT INTO `" . DB_PREFIX . "responses` (\n    `ts`,\n    `title`,\n    `answer`,\n    `departments`\n    ) VALUES (\n    UNIX_TIMESTAMP(UTC_TIMESTAMP),\n    '" . mswSafeImportString($_POST['response']) . "',\n    '" . mswSafeImportString($_POST['comments']) . "',\n    '" . mswSafeImportString($dept) . "'\n    )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
         // Rebuild sequence..
         include_once PATH . 'control/classes/class.responses.php';
         $MSSTR = new standardResponses();
         $MSSTR->rebuildSequence();
     }
     $array[] = $newReply;
     return $array;
 }
Example #2
0
}
$filters = array();
$searchParams = '';
$s = '';
$countedRows = 0;
$area = empty($_GET['area']) ? array('tickets', 'disputes') : $_GET['area'];
include PATH . 'templates/system/tickets/global/order-by.php';
if (isset($_GET['keys'])) {
    // Filters..
    if ($_GET['keys']) {
        $_GET['keys'] = mswSafeImportString(strtolower($_GET['keys']));
        // Hash will cause search to fail for ticket number, so lets remove it..
        if (substr($_GET['keys'], 0, 1) == '#') {
            $_GET['keys'] = substr($_GET['keys'], 1);
        }
        $filters[0] = (int) $_GET['keys'] > 0 ? "`" . DB_PREFIX . "tickets`.`id` = '" . mswReverseTicketNumber($_GET['keys']) . "'" : "LOWER(`" . DB_PREFIX . "portal`.`name`) LIKE '%" . $_GET['keys'] . "%' OR LOWER(`" . DB_PREFIX . "tickets`.`subject`) LIKE '%" . $_GET['keys'] . "%' OR LOWER(`" . DB_PREFIX . "tickets`.`ticketNotes`) LIKE '%" . $_GET['keys'] . "%' OR LOWER(`email`) LIKE '%" . $_GET['keys'] . "%' OR LOWER(`comments`) LIKE '%" . $_GET['keys'] . "%'";
        // Are we also searching responses?
        if (isset($_GET['responses']) && !is_numeric($_GET['keys'])) {
            $ticketIDs = array();
            $q = mysql_query("SELECT `ticketID` FROM `" . DB_PREFIX . "replies`\n\t               WHERE LOWER(`comments`) LIKE '%" . $_GET['keys'] . "%'\n\t\t           GROUP BY `ticketID`\n\t\t           ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
            while ($RP = mysql_fetch_object($q)) {
                $ticketIDs[] = $RP->ticketID;
            }
            if (!empty($ticketIDs)) {
                $filters[0] = $filters[0] . ' OR `' . DB_PREFIX . 'tickets`.`id` IN(' . implode(',', $ticketIDs) . ')';
            }
        }
    }
    if (isset($_GET['priority']) && in_array($_GET['priority'], $levelPrKeys)) {
        $filters[] = "`priority` = '{$_GET['priority']}'";
    }
Example #3
0
 public function getTicketID($subject, $email)
 {
     $ticketid = 0;
     if (preg_match("[[#][0-9]{1,12}]", $subject, $regs)) {
         $ticketid = mswReverseTicketNumber(trim(preg_replace('/[^0-9]/', '', $regs[0])));
         $PORTAL = mswGetTableData('portal', 'email', mswSafeImportString($email), '', '`id`');
         if (isset($PORTAL->id) && mswRowCount('tickets WHERE `id` = \'' . (int) $ticketid . '\' AND `visitorID` = \'' . $PORTAL->id . '\' AND `spamFlag` = \'no\'') > 0) {
             return array('yes', $ticketid);
         }
     }
     return array('no', 0);
 }
Example #4
0
 // Add entry log..
 if ($USER->enableLog == 'yes') {
     $MSUSERS->log($USER);
 }
 // Set session..
 $_SESSION[md5(SECRET_KEY) . '_ms_mail'] = $USER->email;
 $_SESSION[md5(SECRET_KEY) . '_ms_key'] = $USER->accpass;
 // Set cookie..
 if (isset($_POST['cookie']) && COOKIE_NAME) {
     if (COOKIE_SSL && mswDetectSSLConnection() == 'yes' || !COOKIE_SSL) {
         @setcookie(md5(SECRET_KEY) . '_msc_mail', $USER->email, time() + 60 * 60 * 24 * COOKIE_EXPIRY_DAYS);
         @setcookie(md5(SECRET_KEY) . '_msc_key', $USER->accpass, time() + 60 * 60 * 24 * COOKIE_EXPIRY_DAYS);
     }
 }
 if (isset($_SESSION[md5(SECRET_KEY) . 'thisTicket'])) {
     $thisTicket = mswReverseTicketNumber($_SESSION[md5(SECRET_KEY) . 'thisTicket']);
     $SUPTICK = mswGetTableData('tickets', 'id', $thisTicket);
     unset($_SESSION[md5(SECRET_KEY) . 'thisTicket']);
     $userAccess = explode('|', $USER->pageAccess);
     if ($SUPTICK->assignedto == 'waiting' && (in_array('assign', $userAccess) || $USER->id == 1)) {
         header("Location: index.php?p=assign");
     } elseif ($SUPTICK->assignedto == 'waiting' && !in_array('assign', $userAccess)) {
         header("Location: index.php");
     } else {
         header("Location: index.php?p=view-" . (isset($SUPTICK->isDisputed) && $SUPTICK->isDisputed == 'yes' ? 'dispute' : 'ticket') . "&id=" . $thisTicket);
     }
 } else {
     // Do we have any unread messages?
     // If yes, do we redirect to mailbox?
     if ($USER->mailbox == 'yes' && $USER->mailScreen == 'yes') {
         if (mswRowCount('mailassoc WHERE `staffID` = \'' . $USER->id . '\' AND `folder` = \'inbox\' AND `status` = \'unread\'') > 0) {