function reset_user_password($key = null)
{
if (!empty($this->data)) {
$user = $this->Ticket->findUser($this->data['Ticket']['email']);
$hasTicket = $this->Ticket->find('first', array('conditions' => array('Ticket.email' => $user['User']['email'])));
//pr($hasTicket);
//die;
if (!empty($user) && empty($hasTicket)) {
App::import('Helper', 'Time');
$time = new TimeHelper();
$key = Security::hash(String::uuid(), 'sha1', true);
$this->data['Ticket']['key'] = $key;
$this->data['Ticket']['creation_date'] = $time->format('Y-m-d H:i:s', time());
$url = Router::url(array('controller' => 'tickets', 'action' => 'reset_user_password'), true) . '/' . $key;
//pr($url);
//die;
//ko se ticket shrani v bazo se poslje email (email element: lost_password_notification.ctp) useru, ki je ticket odprl
if ($this->Ticket->save($this->data)) {
$this->set('url', $url);
$this->MyEmail->sendResetPasswordEmail($user['User']['email']);
$this->Session->setFlash('notification email has been sent to you with reset data');
}
} elseif (!empty($hasTicket)) {
if ($this->Ticket->checkTicketDateValidity($hasTicket)) {
$this->Session->setFlash('We had already sent you a link to your email address! Go get it, lazy ass!');
} else {
$this->Session->setFlash('Your ticket regarding lost password has been deleted due to expiration! Try submitting again');
}
}
//se prozi kadar user klikne link, ki vsebuje generiran key, v svojem mailu in ga redirecta sem
} elseif (isset($key) && !empty($key)) {
$result = $this->Ticket->find('first', array('conditions' => array('Ticket.key' => $key)));
$this->Ticket->checkTicketDateValidity($result);
if (!empty($result)) {
$user = $this->Ticket->findUser($result['Ticket']['email']);
$this->set('userId', $user['User']['id']);
$this->set('key', $key);
$this->Ticket->delete($result['Ticket']['id']);
//$this->redirect(array('controller' => 'users', 'action' => 'changeUserPassword/uid:'.$user['User']['id']));
}
} else {
$this->Session->setFlash('Please provide your email!');
}
}
function del($ticket = null)
{
$this->garbage();
if ($ticket) {
$ticketObj = new Ticket();
$data = $ticketObj->findByHash($ticket);
if (is_array($data) && is_array($data['Ticket'])) {
return $data = $ticketObj->delete($data['Ticket']['id']);
}
}
return false;
}
function archiveTicket($id)
{
$ticket = new Ticket($id);
$tid = $ticket->getExtId();
// Delete orphan tickets.
$owner = $ticket->getOwner();
if (!$owner) {
$ticket->delete();
return;
}
$o_name = $owner->getName();
$threads = $ticket->getThreadEntries(array('M', 'R', 'N'));
$out = ["id" => $tid, "department" => $ticket->getDeptName(), "subject" => $ticket->getSubject(), "opened" => $ticket->getOpenDate(), "closed" => $ticket->getCloseDate(), "owner" => (isset($o_name->name) ? $o_name->name : '') . " <" . $owner->getEmail() . ">", "thread" => []];
$date = date("Y-m-d", strtotime($out["opened"]));
$path = TICKET_PATH . "/" . $date . "/";
if (!@file_exists($path)) {
@mkdir($path);
}
// Individual messages.
foreach ($threads as $th) {
$out["thread"][] = ["id" => $th["id"], "staff_id" => $th["staff_id"], "thread_type" => $th["thread_type"], "poster" => $th["poster"], "title" => $th["title"], "body" => $th["body"], "created" => $th["created"], "updated" => $th["updated"], "attachments" => intval($th["attachments"])];
// Process attachments.
if ($th["attachments"] != 0) {
$entry = $ticket->getThreadEntry($th['id']);
$attachments = $entry->getAttachments();
foreach ($attachments as $a) {
$file = Attachment::lookup($a["attach_id"])->getFile();
$ext = $ext = strtolower(substr(strrchr($file->getName(), '.'), 1));
$fname = $tid . "_" . $th["id"] . "." . $ext;
@file_put_contents(ATTACHMENT_PATH . "/" . $fname, $file->getData());
}
}
}
// write the ticket to disk
file_put_contents($path . $tid, json_encode($out, JSON_PRETTY_PRINT));
// delete the ticket from the db
$ticket->delete();
}
/**
* Transfer tickets
*
* @param $itemtype type of transfered item
* @param $ID original ID of the ticket
* @param $newID new ID of the ticket
**/
function transferTickets($itemtype, $ID, $newID)
{
global $DB;
$job = new Ticket();
$query = "SELECT *\n FROM `glpi_tickets`\n WHERE `items_id` = '{$ID}'\n AND `itemtype` = '{$itemtype}'";
if ($result = $DB->query($query)) {
if ($DB->numrows($result) != 0) {
switch ($this->options['keep_ticket']) {
// Transfer
case 2:
// Same Item / Copy Item -> update entity
while ($data = $DB->fetch_array($result)) {
$input = $this->transferTicketAdditionalInformations($data);
$input['id'] = $data['id'];
$input['entities_id'] = $this->to;
$input['items_id'] = $newID;
$input['itemtype'] = $itemtype;
$job->update($input);
$this->addToAlreadyTransfer('Ticket', $data['id'], $data['id']);
$this->transferTicketTaskCategory($input['id'], $input['id']);
}
break;
// Clean ref : keep ticket but clean link
// Clean ref : keep ticket but clean link
case 1:
// Same Item / Copy Item : keep and clean ref
while ($data = $DB->fetch_array($result)) {
$job->update(array('id' => $data['id'], 'itemtype' => 0, 'items_id' => 0));
$this->addToAlreadyTransfer('Ticket', $data['id'], $data['id']);
}
break;
// Delete
// Delete
case 0:
// Same item -> delete
if ($ID == $newID) {
while ($data = $DB->fetch_array($result)) {
$job->delete(array('id' => $data['id']));
}
}
// Copy Item : nothing to do
break;
}
}
}
}
$note = _('Ticket flagged as overdue by') . ' ' . $thisuser->getName();
foreach ($_POST['tids'] as $k => $v) {
$t = new Ticket($v);
if ($t && !$t->isoverdue()) {
if ($t->markOverdue()) {
$i++;
$t->logActivity(_('Ticket Marked Overdue'), $note, false, 'System');
}
}
}
$msg = "{$i} " . _("of") . " {$count} " . _("selected tickets marked overdue");
} elseif (isset($_POST['delete'])) {
$i = 0;
foreach ($_POST['tids'] as $k => $v) {
$t = new Ticket($v);
if ($t && @$t->delete()) {
$i++;
}
}
$msg = "{$i} " . _("of") . " {$count} " . _("selected tickets deleted");
}
}
break;
case 'open':
$ticket = null;
//TODO: check if the user is allowed to create a ticket.
if ($ticket = Ticket::create_by_staff($_POST, $errors)) {
$ticket->reload();
$msg = _('Ticket created successfully');
if ($thisuser->canAccessDept($ticket->getDeptId()) || $ticket->getStaffId() == $thisuser->getId()) {
//View the sucker
$track->update($_POST);
Event::log($_POST["id"], "ticket", 4, "tracking", sprintf(__('%s updates an item'), $_SESSION["glpiname"]));
if ($track->can($_POST["id"], READ)) {
$toadd = '';
// Copy solution to KB redirect to KB
if (isset($_POST['_sol_to_kb']) && $_POST['_sol_to_kb']) {
$toadd = "&_sol_to_kb=1";
}
Html::redirect($CFG_GLPI["root_doc"] . "/front/ticket.form.php?id=" . $_POST["id"] . $toadd);
}
Session::addMessageAfterRedirect(__('You have been redirected because you no longer have access to this ticket'), true, ERROR);
Html::redirect($CFG_GLPI["root_doc"] . "/front/ticket.php");
} else {
if (isset($_POST['delete'])) {
$track->check($_POST['id'], DELETE);
if ($track->delete($_POST)) {
Event::log($_POST["id"], "ticket", 4, "tracking", sprintf(__('%s deletes an item'), $_SESSION["glpiname"]));
}
$track->redirectToList();
} else {
if (isset($_POST['purge'])) {
$track->check($_POST['id'], PURGE);
if ($track->delete($_POST, 1)) {
Event::log($_POST["id"], "ticket", 4, "tracking", sprintf(__('%s purges an item'), $_SESSION["glpiname"]));
}
$track->redirectToList();
} else {
if (isset($_POST["restore"])) {
$track->check($_POST['id'], DELETE);
if ($track->restore($_POST)) {
Event::log($_POST["id"], "ticket", 4, "tracking", sprintf(__('%s restores an item'), $_SESSION["glpiname"]));
/**
* Delete ticket
* @param int $idTicket Id of ticket to delete
* @return int <0 if KO, >0 if OK
*/
public static function DeleteTicket($idTicket = 0)
{
global $db;
$object = new Ticket($db);
$db->begin;
$res = $object->delete($idTicket);
if ($res == 1) {
$reslines = DeleteTicketLines($id);
if ($reslines == 1) {
$db->commit();
} else {
$db->rollback();
$res = -1;
}
} else {
$db->rollback;
}
return $res;
}
$track->update($_POST);
Event::log($_POST["id"], "ticket", 4, "tracking", $_SESSION["glpiname"] . " " . $LANG['log'][21]);
// Copy solution to KB redirect to KB
if (isset($_POST['_sol_to_kb']) && $_POST['_sol_to_kb']) {
glpi_header($CFG_GLPI["root_doc"] . "/front/knowbaseitem.form.php?id=new&tickets_id=" . $_POST["id"]);
} else {
if ($track->can($_POST["id"], 'r')) {
glpi_header($CFG_GLPI["root_doc"] . "/front/ticket.form.php?id=" . $_POST["id"]);
}
addMessageAfterRedirect($LANG['job'][26], true, ERROR);
glpi_header($CFG_GLPI["root_doc"] . "/front/ticket.php");
}
} else {
if (isset($_POST['delete'])) {
$track->check($_POST['id'], 'd');
$track->delete($_POST);
Event::log($_POST["id"], "ticket", 4, "tracking", $_SESSION["glpiname"] . " " . $LANG['log'][22]);
$track->redirectToList();
/*
} else if (isset($_POST['add']) || isset($_POST['add_close']) || isset($_POST['add_reopen'])) {
checkSeveralRightsOr(array('add_followups' => '1',
'global_add_followups' => '1',
'show_assign_ticket' => '1'));
$newID = $fup->add($_POST);
Event::log($_POST["tickets_id"], "ticket", 4, "tracking",
$_SESSION["glpiname"]." ".$LANG['log'][20]." $newID.");
glpi_header($CFG_GLPI["root_doc"]."/front/ticket.form.php?id=".
$_POST["tickets_id"]."&glpi_tab=1&itemtype=Ticket");
*/
} else {
if (isset($_POST['sla_delete'])) {
/**
* Clean data in the tables which have linked the deleted item
* Clear 1/N Relation
*
* @return nothing
**/
function cleanRelationData()
{
global $DB, $CFG_GLPI;
$RELATION = getDbRelations();
if (isset($RELATION[$this->getTable()])) {
$newval = isset($this->input['_replace_by']) ? $this->input['_replace_by'] : 0;
foreach ($RELATION[$this->getTable()] as $tablename => $field) {
if ($tablename[0] != '_') {
if (!is_array($field)) {
$query = "UPDATE `{$tablename}`\n SET `{$field}` = '{$newval}'\n WHERE `{$field}` = '" . $this->fields['id'] . "'";
$DB->query($query);
} else {
foreach ($field as $f) {
$query = "UPDATE `{$tablename}`\n SET `{$f}` = '{$newval}'\n WHERE `{$f}` = '" . $this->fields['id'] . "'";
$DB->query($query);
}
}
}
}
}
// Clean ticket open against the item
if (in_array($this->getType(), $CFG_GLPI["ticket_types"])) {
$job = new Ticket();
$query = "SELECT *\n FROM `glpi_tickets`\n WHERE `items_id` = '" . $this->fields['id'] . "'\n AND `itemtype`='" . $this->getType() . "'";
$result = $DB->query($query);
if ($DB->numrows($result)) {
while ($data = $DB->fetch_array($result)) {
if ($CFG_GLPI["keep_tickets_on_delete"] == 1) {
$job->update(array('id' => $data["id"], 'items_id' => 0, 'itemtype' => ''));
} else {
$job->delete(array("id" => $data["id"]));
}
}
}
}
}
/**
* @group api
*
* This function test https://github.com/glpi-project/glpi/issues/1103
* A post-only user could retrieve tickets of others users when requesting itemtype
* without first letter in uppercase
**/
public function testgetItemsForPostonly()
{
// init session for postonly
$res = $this->doHttpRequest('GET', 'initSession/', ['auth' => ['post-only', 'postonly']]);
$body = $res->getBody();
$data = json_decode($body, true);
// create a ticket for another user (glpi - super-admin)
$ticket = new Ticket();
$tickets_id = $ticket->add(array('name' => 'test post-only', 'content' => 'test post-only', '_users_id_requester' => 2));
// try to access this ticket with post-only
try {
$res = $this->doHttpRequest('GET', "ticket/{$tickets_id}", ['headers' => ['Session-Token' => $data['session_token']]]);
$this->assertGreaterThanOrEqual(400, $res->getStatusCode());
} catch (ClientException $e) {
$response = $e->getResponse();
$this->assertEquals(401, $this->last_error->getStatusCode());
}
// try to access ticket list (we should get empty return)
$res = $this->doHttpRequest('GET', 'ticket/', ['headers' => ['Session-Token' => $data['session_token']]]);
$this->assertNotEquals(null, $res, $this->last_error);
$this->assertEquals(200, $res->getStatusCode());
$body = $res->getBody();
$data = json_decode($body, true);
$this->assertEquals(0, count($data));
// delete ticket
$ticket->delete(array('id' => $tickets_id), true);
}
/**
* Clean data in the tables which have linked the deleted item
* Clear 1/N Relation
*
* @return nothing
**/
function cleanRelationData()
{
global $DB, $CFG_GLPI;
$RELATION = getDbRelations();
if (isset($RELATION[$this->getTable()])) {
$newval = isset($this->input['_replace_by']) ? $this->input['_replace_by'] : 0;
foreach ($RELATION[$this->getTable()] as $tablename => $field) {
if ($tablename[0] != '_') {
$itemtype = getItemTypeForTable($tablename);
// Code factorization : we transform the singleton to an array
if (!is_array($field)) {
$field = array($field);
}
foreach ($field as $f) {
foreach ($DB->request($tablename, array($f => $this->getID())) as $data) {
// Be carefull : we must use getIndexName because self::update rely on that !
if ($object = getItemForItemtype($itemtype)) {
$idName = $object->getIndexName();
// And we must ensure that the index name is not the same as the field
// we try to modify. Otherwise we will loose this element because all
// will be set to $newval ...
if ($idName != $f) {
$object->update(array($idName => $data[$idName], $f => $newval, '_disablenotif' => true));
// Disable notifs
}
}
}
}
}
}
}
// Clean ticket open against the item
if (in_array($this->getType(), $CFG_GLPI["ticket_types"])) {
$job = new Ticket();
$itemsticket = new Item_Ticket();
$query = "SELECT *\n FROM `glpi_items_tickets`\n WHERE `items_id` = '" . $this->fields['id'] . "'\n AND `itemtype`='" . $this->getType() . "'";
$result = $DB->query($query);
if ($DB->numrows($result)) {
while ($data = $DB->fetch_assoc($result)) {
$cnt = countElementsInTable('glpi_items_tickets', "`tickets_id`='" . $data['tickets_id'] . "'");
$job->getFromDB($data['tickets_id']);
if ($cnt == 1) {
if ($CFG_GLPI["keep_tickets_on_delete"] == 1) {
$itemsticket->delete(array("id" => $data["id"]));
} else {
$job->delete(array("id" => $data["tickets_id"]));
}
} else {
$itemsticket->delete(array("id" => $data["id"]));
}
}
}
}
}
public function destroy_ticket()
{
if (!isset($_POST['ticket_id'])) {
error(__("Error"), __("No ticket ID specified.", "progress"));
}
$ticket = new Ticket($_POST['ticket_id']);
if ($ticket->no_results) {
error(__("Error"), __("Invalid ticket ID specified.", "progress"));
}
if (!$ticket->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this ticket.", "progress"));
}
Ticket::delete($ticket->id);
Flash::notice(__("Ticket deleted.", "progress"), $ticket->milestone->url());
}
/**
* method Delete()
* Delete a record
*/
function Delete($param)
{
try {
$key = $param['key'];
// get the parameter $key
TTransaction::open('atividade');
// open a transaction with database
$object = new Ticket($key, FALSE);
// instantiates the Active Record
$object->delete();
// deletes the object from the database
TTransaction::close();
// close the transaction
$this->onReload($param);
// reload the listing
new TMessage('info', TAdiantiCoreTranslator::translate('Record deleted'));
// success message
} catch (Exception $e) {
new TMessage('error', '<b>Error</b> ' . $e->getMessage());
// shows the exception error message
TTransaction::rollback();
// undo all pending operations
}
}
$i=0;
$note='Ticket flagged as overdue by '.$thisuser->getName();
foreach($_POST['tids'] as $k=>$v) {
$t = new Ticket($v);
if($t && !$t->isoverdue())
if($t->markOverdue()) {
$i++;
$t->logActivity('Ticket Marked Overdue',$note,false,'System');
}
}
$msg="$i of $count selected tickets marked overdue";
}elseif(isset($_POST['delete'])){
$i=0;
foreach($_POST['tids'] as $k=>$v) {
$t = new Ticket($v);
if($t && @$t->delete()) $i++;
}
$msg="$i of $count selected tickets deleted";
}
}
break;
case 'open':
$ticket=null;
//TODO: check if the user is allowed to create a ticet.
if(($ticket=Ticket::create_by_staff($_POST,$errors))) {
$ticket->reload();
$msg='Ticket created successfully';
if($thisuser->canAccessDept($ticket->getDeptId()) || $ticket->getStaffId()==$thisuser->getId()) {
//View the sucker
$page='viewticket.inc.php';
}else {
/**
* Create a close cash in database
* @param data array of data ($user id, amount real, teoric and dif)
* @return int <0 if KO, >0 if OK
*/
function Create($data)
{
global $db, $conf, $mysoc;
$error = 0;
// Clean parameters
dol_syslog("CloseCash::Create user="******"INSERT INTO " . MAIN_DB_PREFIX . "pos_control_cash (";
$sql .= " entity";
$sql .= ", ref";
$sql .= ", fk_cash";
$sql .= ", fk_user";
$sql .= ", amount_real";
$sql .= ", amount_teor";
$sql .= ", amount_diff";
$sql .= ", type_control";
$sql .= ", date_c";
$sql .= ")";
$sql .= " VALUES (";
$sql .= $conf->entity;
$sql .= ", '" . $this->getNextNumRef($mysoc) . "'";
$sql .= ", '" . $this->terminal . "'";
$sql .= ", " . $data['userid'];
$sql .= ", " . $data['amount_reel'];
$sql .= ", " . $data['amount_teoric'];
$sql .= ", " . $data['amount_diff'];
$sql .= ", " . $data['type_control'];
$sql .= ", " . $db->idate($now);
$sql .= ")";
dol_syslog("CloseCash::Create sql=" . $sql);
$resql = $this->db->query($sql);
if ($resql) {
$closeid = $this->db->last_insert_id(MAIN_DB_PREFIX . "pos_control_cash");
$this->db->commit();
if ($data['type_control'] == 1) {
dol_include_once("/pos/class/ticket.class.php");
$this->setTicketClosedbyCash($closeid, $date_close);
$this->setFactureClosedbyCash($closeid);
$ticket = new Ticket($this->db);
$res = $ticket->delete();
if (!$res) {
$error++;
}
}
} else {
$error++;
$this->error = $this->db->error();
dol_syslog("CloseCash::create error " . $this->error . " sql=" . $sql, LOG_ERR);
$this->db->rollback();
}
if ($error > 0) {
return $error;
} else {
return $closeid;
}
}
