} else {
$errors['err'] = $errors['assign'] = 'Action Denied. You are not allowed to assign/reassign tickets.';
}
break;
case 'postnote':
/* Post Internal Note */
$fields = array();
$fields['title'] = array('type' => 'string', 'required' => 1, 'error' => 'Title required');
$fields['internal_note'] = array('type' => 'string', 'required' => 1, 'error' => 'Note message required');
if (!Validator::process($fields, $_POST, $errors) && !$errors['err']) {
$errors['err'] = $errors['note'] = 'Missing or invalid data. Correct the error(s) below and try again!';
}
if (!$errors && ($noteId = $ticket->postNote($_POST['title'], $_POST['internal_note']))) {
$msg = 'Internal note posted successfully';
//Upload attachments IF ANY - TODO: validate attachment types??
if ($_FILES['attachments'] && ($files = Format::files($_FILES['attachments']))) {
$ticket->uploadAttachments($files, $noteId, 'N');
}
//Set state: Error on state change not critical!
if (isset($_POST['note_ticket_state']) && $_POST['note_ticket_state']) {
if ($ticket->setState($_POST['note_ticket_state']) && $ticket->reload()) {
$msg .= ' and state changed to ' . strtoupper($_POST['note_ticket_state']);
if ($ticket->isClosed()) {
$ticket = null;
}
//Going back to main listing.
}
}
} elseif (!$errors['note']) {
$errors['note'] = 'Error(s) occurred. Unable to post the note.';
}
//Just Making sure we don't accept crap...only topicId is expected.
if ($thisclient) {
$_POST['name'] = $thisclient->getName();
$_POST['email'] = $thisclient->getEmail();
} elseif ($cfg->isCaptchaEnabled()) {
if (!$_POST['captcha']) {
$errors['captcha'] = 'Enter text shown on the image';
} elseif (strcmp($_SESSION['captcha'], md5($_POST['captcha']))) {
$errors['captcha'] = 'Invalid - try again!';
}
}
//Ticket::create...checks for errors..
if ($ticket = Ticket::create($_POST, $errors, SOURCE)) {
$msg = 'Support ticket request created';
//Upload attachments...
if ($cfg->allowOnlineAttachments() && $_FILES['attachments'] && ($files = Format::files($_FILES['attachments']))) {
$ost->validateFileUploads($files);
//Validator sets errors - if any.
$ticket->uploadAttachments($files, $ticket->getLastMsgId(), 'M');
}
//Logged in...simply view the newly created ticket.
if ($thisclient && $thisclient->isValid()) {
if (!$cfg->showRelatedTickets()) {
$_SESSION['_client']['key'] = $ticket->getExtId();
}
//Resetting login Key to the current ticket!
session_write_close();
session_regenerate_id();
@header('Location: tickets.php?id=' . $ticket->getExtId());
}
//Thank the user and promise speedy resolution!
function add($vars, &$errors)
{
if (!($id = self::create($vars, $errors))) {
return false;
}
if ($faq = self::lookup($id)) {
$faq->updateTopics($vars['topics']);
if ($_FILES['attachments'] && ($files = Format::files($_FILES['attachments']))) {
$faq->uploadAttachments($files);
}
$faq->reload();
}
return $faq;
}
function postReply($vars, $files, $errors, $alert = true)
{
global $thisstaff, $cfg;
if (!$thisstaff || !$thisstaff->isStaff() || !$cfg) {
return 0;
}
if (!$vars['msgId']) {
$errors['msgId'] = 'Missing messageId - internal error';
}
if (!$vars['response']) {
$errors['response'] = 'Resonse message required';
}
if ($errors) {
return 0;
}
$sql = 'INSERT INTO ' . TICKET_RESPONSE_TABLE . ' SET created=NOW() ' . ' ,ticket_id=' . db_input($this->getId()) . ' ,msg_id=' . db_input($vars['msgId']) . ' ,response=' . db_input(Format::striptags($vars['response'])) . ' ,staff_id=' . db_input($thisstaff->getId()) . ' ,staff_name=' . db_input($thisstaff->getName()) . ' ,ip_address=' . db_input($thisstaff->getIP());
if (!db_query($sql) || !($respId = db_insert_id())) {
return false;
}
//Set status - if checked.
if (isset($vars['reply_ticket_status']) && $vars['reply_ticket_status']) {
$this->setStatus($vars['reply_ticket_status']);
}
/* We can NOT recover from attachment related failures at this point */
//upload files.
$attachments = $uploads = array();
//Web based upload..
if ($files && is_array($files) && ($files = Format::files($files))) {
$attachments = array_merge($attachments, $files);
}
//Canned attachments...
if ($vars['cannedattachments'] && is_array($vars['cannedattachments'])) {
$attachments = array_merge($attachments, $vars['cannedattachments']);
}
//Upload attachments -ids used on outgoing emails are returned.
if ($attachments) {
$uploads = $this->uploadAttachments($attachments, $respId, 'R');
}
$this->onResponse();
//do house cleaning..
$this->reload();
$dept = $this->getDept();
/* email the user?? - if disabled - the bail out */
if (!$alert) {
return $respId;
}
if (!($tpl = $dept->getTemplate())) {
$tpl = $cfg->getDefaultTemplate();
}
if (!($email = $cfg->getAlertEmail())) {
$email = $cfg->getDefaultEmail();
}
if ($tpl && ($msg = $tpl->getReplyMsgTemplate()) && $email) {
$body = $this->replaceTemplateVars($msg['body']);
$subj = $this->replaceTemplateVars($msg['subj']);
$body = str_replace('%response', $vars['response'], $body);
if ($vars['signature'] == 'mine') {
$signature = $thisstaff->getSignature();
} elseif ($vars['signature'] == 'dept' && $dept && $dept->isPublic()) {
$signature = $dept->getSignature();
} else {
$signature = '';
}
$body = str_replace("%signature", $signature, $body);
if ($cfg->stripQuotedReply() && ($tag = $cfg->getReplySeparator())) {
$body = "\n{$tag}\n\n" . $body;
}
//Set attachments if emailing.
$attachments = $cfg->emailAttachments() && $uploads ? $this->getAttachments($respId, 'R') : array();
//TODO: setup 5 param (options... e.g mid trackable on replies)
$email->send($this->getEmail(), $subj, $body, $attachments);
}
return $respId;
}
}
}
//Process post...depends on $ticket object above.
if ($_POST && is_object($ticket) && $ticket->getId()) {
$errors = array();
switch (strtolower($_POST['a'])) {
case 'reply':
if (!$ticket->checkClientAccess($thisclient)) {
//double check perm again!
$errors['err'] = 'Access Denied. Possibly invalid ticket ID';
}
if (!$_POST['message']) {
$errors['message'] = 'Message required';
}
//check attachment..if any is set
$files = $cfg->allowOnlineAttachments() && $_FILES['attachments'] ? Format::files($_FILES['attachments']) : array();
if ($files) {
foreach ($files as $file) {
if (!$file['name']) {
continue;
}
if (!$cfg->canUploadFileType($file['name'])) {
$errors['attachment'] = 'Invalid file type [ ' . $file['name'] . ' ]';
} elseif ($file['size'] > $cfg->getMaxFileSize()) {
$errors['attachment'] = 'File ' . $file['name'] . 'is too big. Max ' . $cfg->getMaxFileSize() . ' bytes allowed';
}
}
}
if (!$errors) {
//Everything checked out...do the magic.
if ($msgid = $ticket->postMessage($_POST['message'], 'Web')) {
}
//Upload NEW attachments IF ANY - TODO: validate attachment types??
if ($_FILES['attachments'] && ($files = Format::files($_FILES['attachments']))) {
$canned->uploadAttachments($files);
}
$canned->reload();
} elseif (!$errors['err']) {
$errors['err'] = 'Error updating canned reply. Try again!';
}
break;
case 'create':
if ($id = Canned::create($_POST, $_FILES['attachments'], $errors)) {
$msg = 'Canned response added successfully';
$_REQUEST['a'] = null;
//Upload attachments
if ($_FILES['attachments'] && ($c = Canned::lookup($id)) && ($files = Format::files($_FILES['attachments']))) {
$c->uploadAttachments($files);
}
} elseif (!$errors['err']) {
$errors['err'] = 'Unable to add canned response. Correct error(s) below and try again.';
}
break;
case 'mass_process':
if (!$_POST['ids'] || !is_array($_POST['ids']) || !count($_POST['ids'])) {
$errors['err'] = 'You must select at least one canned response';
} else {
$count = count($_POST['ids']);
if ($_POST['enable']) {
$sql = 'UPDATE ' . CANNED_TABLE . ' SET isenabled=1 WHERE canned_id IN (' . implode(',', $_POST['ids']) . ')';
if (db_query($sql) && ($num = db_affected_rows())) {
if ($num == $count) {
