<?php
##################################################################
# Karnaf HelpDesk System - Copyright (C) 2001-2015 Kobi Shmueli. #
# See the LICENSE file for more information. #
##################################################################
$title = "New Ticket";
require_once("karnaf_header.php");
show_title("New Ticket");
if(IsKarnafOperSession()) $isoper = 1;
else $isoper = 0;
if(isset($_POST['cat3'])) {
if($isoper) $uip = $_POST['uip'];
else $uip = get_session_ip();
$randstr = RandomNumber(10);
$priority = 0;
$rep_u = "";
/* It would make sense to have the helpdesk team get tickets by default (unless the category assigns them to another team) */
$rep_g = KARNAF_DEFAULT_GROUP;
$query = squery("SELECT id,name,default_group,default_priority FROM karnaf_cat3 WHERE id=%d", $_POST['cat3']);
if($result = sql_fetch_array($query)) {
if(!empty($result['default_group'])) $rep_g = $result['default_group'];
$priority = (int)$result['default_priority'];
$cat3_id = $result['id'];
}
sql_free_result($query);
if(!isset($cat3_id)) $error = "Invalid category provided, please try again!";
if(isset($_POST['uphone'])) $uphone = fix_html($_POST['uphone']);
else $uphone = "";
$upriority = (int)$_POST['upriority'];
if($upriority < $priority) $priority = $upriority;
} else {
require_once "karnaf_header.php";
}
$id = $_GET['id'];
if (empty($id) || !is_numeric($id)) {
safe_die("Invalid Ticket ID!");
}
if (isset($_GET['code']) && !empty($_GET['code'])) {
$randcode = $_GET['code'];
} else {
$randcode = 0;
}
if (!isset($_GET['ajax'])) {
show_title("Ticket #" . $id);
}
if (IsKarnafOperSession()) {
$isoper = 1;
} else {
$isoper = 0;
}
$isadmin = 0;
$query = squery("SELECT t.id,t.randcode,t.status,t.title,t.description,t.unick,t.ufullname,t.uemail,t.uphone,t.uip,t.rep_u,\nt.rep_g,t.open_time,t.opened_by,t.is_real,t.is_private,t.email_upd,t.memo_upd,c1.name AS cat1_name,c2.name AS cat2_name,c3.name AS \ncat3_name,s.status_name,up.priority_name AS upriority,sp.priority_name AS priority,c3.extra,t.ext1,t.ext2,t.ext3,t.merged_to,t.cc,\ng.private_actions,t.lastupd_time \nFROM (karnaf_tickets AS t INNER JOIN karnaf_cat3 AS c3 ON c3.id=t.cat3_id INNER JOIN karnaf_cat2 AS c2 ON c2.id=c3.parent \nINNER JOIN karnaf_cat1 AS c1 ON c1.id=c2.parent INNER JOIN karnaf_statuses AS s ON s.status_id=t.status INNER JOIN karnaf_priorities AS up ON \nup.priority_id=t.upriority INNER JOIN karnaf_priorities AS sp ON sp.priority_id=t.priority LEFT JOIN groups AS g ON g.name=t.rep_g) WHERE t.id=%d", $id);
if ($result = sql_fetch_array($query)) {
if (!$isoper && $randcode != $result['randcode'] && ($nick != $result['unick'] || $nick == "Guest" || $a_regtime > (int) $result['open_time'])) {
AccessDenied("You must provide the ticket verification code to view this page.");
}
if (isset($_POST['reply_text']) && !empty($_POST['reply_text']) && $result['status'] != 0) {
squery("INSERT INTO karnaf_replies(tid,reply,r_by,r_time,r_from,ip) VALUES(%d,'%s','%s',%d,'%s','%s')", $id, $_POST['reply_text'], $nick, time(), $nick, get_session_ip());
if ((int) $result['status'] == 2) {
squery("UPDATE karnaf_tickets SET status=1,lastupd_time=%d WHERE id=%d AND status=2", time(), $id);
send_memo($result['rep_u'], "User has replied to ticket #" . $result['id'] . ". For more information visit: " . KARNAF_URL . "/edit.php?id=" . $result['id']);
# See the LICENSE file for more information. #
##################################################################
require_once "../ktools.php";
check_auth();
$id = $_GET['id'];
if (empty($id) || !is_numeric($id)) {
safe_die("Invalid Ticket ID!");
}
if (isset($_GET['code']) && !empty($_GET['code'])) {
$randcode = $_GET['code'];
} else {
$randcode = 0;
}
$query = squery("SELECT unick,randcode,open_time FROM karnaf_tickets WHERE id=%d", $id);
if ($result = sql_fetch_array($query)) {
if (!IsKarnafOperSession() && $randcode != $result['randcode'] && ($nick != $result['unick'] || $nick == "Guest" || $a_regtime > (int) $result['open_time'])) {
AccessDenied("You must provide the ticket verification code to view this page.");
}
if (isset($_GET['download'])) {
$download = $_GET['download'];
} else {
$download = 0;
}
$query2 = squery("SELECT file_name,file_type,file_size FROM karnaf_files WHERE id=%d AND tid=%d", $download, $id);
if (!$query2) {
safe_die("Error: can't find file!");
}
$result2 = sql_fetch_array($query2);
if (!$result2) {
safe_die("Error: can't find file!");
}