function updateEmailsSetting($vars, &$errors) { $f = array(); $f['default_email_id'] = array('type' => 'int', 'required' => 1, 'error' => 'Default email required'); $f['alert_email_id'] = array('type' => 'int', 'required' => 1, 'error' => 'Selection required'); $f['admin_email'] = array('type' => 'email', 'required' => 1, 'error' => 'System admin email required'); if ($vars['strip_quoted_reply'] && !$vars['reply_separator']) { $errors['reply_separator'] = 'Reply separator required to strip quoted reply.'; } if ($vars['admin_email'] && Email::getIdByEmail($vars['admin_email'])) { //Make sure admin email is not also a system email. $errors['admin_email'] = 'Email already setup as system email'; } if (!Validator::process($f, $vars, $errors) || $errors) { return false; } $sql = 'UPDATE ' . CONFIG_TABLE . ' SET updated=NOW() ' . ',default_email_id=' . db_input($vars['default_email_id']) . ',alert_email_id=' . db_input($vars['alert_email_id']) . ',default_smtp_id=' . db_input($vars['default_smtp_id']) . ',admin_email=' . db_input($vars['admin_email']) . ',enable_mail_polling=' . db_input(isset($vars['enable_mail_polling']) ? 1 : 0) . ',enable_email_piping=' . db_input(isset($vars['enable_email_piping']) ? 1 : 0) . ',strip_quoted_reply=' . db_input(isset($vars['strip_quoted_reply']) ? 1 : 0) . ',reply_separator=' . db_input($vars['reply_separator']) . ' WHERE id=' . db_input($this->getId()); return db_query($sql); }
function updatePagesSettings($vars, &$errors) { global $ost; $f = array(); $f['landing_page_id'] = array('type' => 'int', 'required' => 1, 'error' => 'required'); $f['offline_page_id'] = array('type' => 'int', 'required' => 1, 'error' => 'required'); $f['thank-you_page_id'] = array('type' => 'int', 'required' => 1, 'error' => 'required'); if ($_FILES['logo']) { $error = false; list($logo) = AttachmentFile::format($_FILES['logo']); if (!$logo) { } elseif ($logo['error']) { $errors['logo'] = $logo['error']; } elseif (!($id = AttachmentFile::uploadLogo($logo, $error))) { $errors['logo'] = sprintf(__('Unable to upload logo image: %s'), $error); } } $company = $ost->company; $company_form = $company->getForm(); $company_form->setSource($_POST); if (!$company_form->isValid()) { $errors += $company_form->errors(); } if (!Validator::process($f, $vars, $errors) || $errors) { return false; } $company_form->save(); if (isset($vars['delete-logo'])) { foreach ($vars['delete-logo'] as $id) { if ($vars['selected-logo'] != $id && ($f = AttachmentFile::lookup($id))) { $f->delete(); } } } return $this->updateAll(array('landing_page_id' => $vars['landing_page_id'], 'offline_page_id' => $vars['offline_page_id'], 'thank-you_page_id' => $vars['thank-you_page_id'], 'client_logo_id' => is_numeric($vars['selected-logo']) && $vars['selected-logo'] ? $vars['selected-logo'] : false, 'staff_logo_id' => is_numeric($vars['selected-logo-scp']) && $vars['selected-logo-scp'] ? $vars['selected-logo-scp'] : false)); }
$msg = 'Ticket assigned successfully to ' . $ticket->getAssignee(); TicketLock::removeStaffLocks($thisstaff->getId(), $ticket->getId()); $ticket = null; } elseif (!$errors['err']) { $errors['err'] = 'Unable to assign the ticket. Correct the errors below and try again.'; } } else { $errors['err'] = $errors['assign'] = 'Action Denied. You are not allowed to assign/reassign tickets.'; } break; case 'postnote': /* Post Internal Note */ $fields = array(); $fields['title'] = array('type' => 'string', 'required' => 1, 'error' => 'Title required'); $fields['internal_note'] = array('type' => 'string', 'required' => 1, 'error' => 'Note message required'); if (!Validator::process($fields, $_POST, $errors) && !$errors['err']) { $errors['err'] = $errors['note'] = 'Missing or invalid data. Correct the error(s) below and try again!'; } if (!$errors && ($noteId = $ticket->postNote($_POST['title'], $_POST['internal_note']))) { $msg = 'Internal note posted successfully'; //Upload attachments IF ANY - TODO: validate attachment types?? if ($_FILES['attachments'] && ($files = Format::files($_FILES['attachments']))) { $ticket->uploadAttachments($files, $noteId, 'N'); } //Set state: Error on state change not critical! if (isset($_POST['note_ticket_state']) && $_POST['note_ticket_state']) { if ($ticket->setState($_POST['note_ticket_state']) && $ticket->reload()) { $msg .= ' and state changed to ' . strtoupper($_POST['note_ticket_state']); if ($ticket->isClosed()) { $ticket = null; }
static function create($vars, &$errors, $origin, $autorespond = true, $alertstaff = true) { global $ost, $cfg, $thisclient, $_FILES; // Don't enforce form validation for email $field_filter = function ($type) use($origin) { return function ($f) use($origin, $type) { // Ultimately, only offer validation errors for web for // non-internal fields. For email, no validation can be // performed. For other origins, validate as usual switch (strtolower($origin)) { case 'email': return false; case 'staff': // Required 'Contact Information' fields aren't required // when staff open tickets return $type != 'user' || in_array($f->get('name'), array('name', 'email')); case 'web': return !$f->get('private'); default: return true; } }; }; $reject_ticket = function ($message) use(&$errors) { global $ost; $errors = array('errno' => 403, 'err' => __('This help desk is for use by authorized users only')); $ost->logWarning(_S('Ticket Denied'), $message, false); return 0; }; Signal::send('ticket.create.before', null, $vars); // Create and verify the dynamic form entry for the new ticket $form = TicketForm::getNewInstance(); $form->setSource($vars); // If submitting via email or api, ensure we have a subject and such if (!in_array(strtolower($origin), array('web', 'staff'))) { foreach ($form->getFields() as $field) { $fname = $field->get('name'); if ($fname && isset($vars[$fname]) && !$field->value) { $field->value = $field->parse($vars[$fname]); } } } if (!$form->isValid($field_filter('ticket'))) { $errors += $form->errors(); } if ($vars['uid']) { $user = User::lookup($vars['uid']); } $id = 0; $fields = array(); $fields['message'] = array('type' => '*', 'required' => 1, 'error' => __('Message content is required')); switch (strtolower($origin)) { case 'web': $fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => __('Select a help topic')); break; case 'staff': $fields['deptId'] = array('type' => 'int', 'required' => 0, 'error' => __('Department selection is required')); $fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => __('Help topic selection is required')); $fields['duedate'] = array('type' => 'date', 'required' => 0, 'error' => __('Invalid date format - must be MM/DD/YY')); case 'api': $fields['source'] = array('type' => 'string', 'required' => 1, 'error' => __('Indicate ticket source')); break; case 'email': $fields['emailId'] = array('type' => 'int', 'required' => 1, 'error' => __('Unknown system email')); break; default: # TODO: Return error message $errors['err'] = $errors['origin'] = __('Invalid ticket origin given'); } if (!Validator::process($fields, $vars, $errors) && !$errors['err']) { $errors['err'] = __('Missing or invalid data - check the errors and try again'); } //Make sure the due date is valid if ($vars['duedate']) { if (!$vars['time'] || strpos($vars['time'], ':') === false) { $errors['time'] = __('Select a time from the list'); } elseif (strtotime($vars['duedate'] . ' ' . $vars['time']) === false) { $errors['duedate'] = __('Invalid due date'); } elseif (strtotime($vars['duedate'] . ' ' . $vars['time']) <= time()) { $errors['duedate'] = __('Due date must be in the future'); } } if (!$errors) { # Perform ticket filter actions on the new ticket arguments $__form = null; if ($vars['topicId']) { if (($__topic = Topic::lookup($vars['topicId'])) && ($__form = $__topic->getForm())) { $__form = $__form->instanciate(); $__form->setSource($vars); } } try { $vars = self::filterTicketData($origin, $vars, array($form, $__form), $user); } catch (RejectedException $ex) { return $reject_ticket(sprintf(_S('Ticket rejected (%s) by filter "%s"'), $ex->vars['email'], $ex->getRejectingFilter()->getName())); } //Make sure the open ticket limit hasn't been reached. (LOOP CONTROL) if ($cfg->getMaxOpenTickets() > 0 && strcasecmp($origin, 'staff') && ($_user = TicketUser::lookupByEmail($vars['email'])) && ($openTickets = $_user->getNumOpenTickets()) && $openTickets >= $cfg->getMaxOpenTickets()) { $errors = array('err' => __("You've reached the maximum open tickets allowed.")); $ost->logWarning(sprintf(_S('Ticket denied - %s'), $vars['email']), sprintf(_S('Max open tickets (%1$d) reached for %2$s'), $cfg->getMaxOpenTickets(), $vars['email']), false); return 0; } // Allow vars to be changed in ticket filter and applied to the user // account created or detected if (!$user && $vars['email']) { $user = User::lookupByEmail($vars['email']); } if (!$user) { // Reject emails if not from registered clients (if // configured) if (strcasecmp($origin, 'email') === 0 && !$cfg->acceptUnregisteredEmail()) { list($mailbox, $domain) = explode('@', $vars['email'], 2); // Users not yet created but linked to an organization // are still acceptable if (!Organization::forDomain($domain)) { return $reject_ticket(sprintf(_S('Ticket rejected (%s) (unregistered client)'), $vars['email'])); } } $user_form = UserForm::getUserForm()->getForm($vars); if (!$user_form->isValid($field_filter('user')) || !($user = User::fromVars($user_form->getClean()))) { $errors['user'] = __('Incomplete client information'); } } } if ($vars['topicId']) { if ($topic = Topic::lookup($vars['topicId'])) { if ($topic_form = $topic->getForm()) { $TF = $topic_form->getForm($vars); $topic_form = $topic_form->instanciate(); $topic_form->setSource($vars); if (!$TF->isValid($field_filter('topic'))) { $errors = array_merge($errors, $TF->errors()); } } } else { $errors['topicId'] = 'Invalid help topic selected'; } } // Any error above is fatal. if ($errors) { return 0; } Signal::send('ticket.create.validated', null, $vars); # Some things will need to be unpacked back into the scope of this # function if (isset($vars['autorespond'])) { $autorespond = $vars['autorespond']; } # Apply filter-specific priority if ($vars['priorityId']) { $form->setAnswer('priority', null, $vars['priorityId']); } // If the filter specifies a help topic which has a form associated, // and there was previously either no help topic set or the help // topic did not have a form, there's no need to add it now as (1) // validation is closed, (2) there may be a form already associated // and filled out from the original help topic, and (3) staff // members can always add more forms now // OK...just do it. $statusId = $vars['statusId']; $deptId = $vars['deptId']; //pre-selected Dept if any. $source = ucfirst($vars['source']); // Apply email settings for emailed tickets. Email settings should // trump help topic settins if the email has an associated help // topic if ($vars['emailId'] && ($email = Email::lookup($vars['emailId']))) { $deptId = $deptId ?: $email->getDeptId(); $priority = $form->getAnswer('priority'); if (!$priority || !$priority->getIdValue()) { $form->setAnswer('priority', null, $email->getPriorityId()); } if ($autorespond) { $autorespond = $email->autoRespond(); } if (!isset($topic) && ($T = $email->getTopic()) && $T->isActive()) { $topic = $T; } $email = null; $source = 'Email'; } if (!isset($topic)) { // This may return NULL, no big deal $topic = $cfg->getDefaultTopic(); } // Intenal mapping magic...see if we need to override anything if (isset($topic)) { $deptId = $deptId ?: $topic->getDeptId(); $statusId = $statusId ?: $topic->getStatusId(); $priority = $form->getAnswer('priority'); if (!$priority || !$priority->getIdValue()) { $form->setAnswer('priority', null, $topic->getPriorityId()); } if ($autorespond) { $autorespond = $topic->autoRespond(); } //Auto assignment. if (!isset($vars['staffId']) && $topic->getStaffId()) { $vars['staffId'] = $topic->getStaffId(); } elseif (!isset($vars['teamId']) && $topic->getTeamId()) { $vars['teamId'] = $topic->getTeamId(); } //set default sla. if (isset($vars['slaId'])) { $vars['slaId'] = $vars['slaId'] ?: $cfg->getDefaultSLAId(); } elseif ($topic && $topic->getSLAId()) { $vars['slaId'] = $topic->getSLAId(); } } // Auto assignment to organization account manager if (($org = $user->getOrganization()) && $org->autoAssignAccountManager() && ($code = $org->getAccountManagerId())) { if (!isset($vars['staffId']) && $code[0] == 's') { $vars['staffId'] = substr($code, 1); } elseif (!isset($vars['teamId']) && $code[0] == 't') { $vars['teamId'] = substr($code, 1); } } // Last minute checks $priority = $form->getAnswer('priority'); if (!$priority || !$priority->getIdValue()) { $form->setAnswer('priority', null, $cfg->getDefaultPriorityId()); } $deptId = $deptId ?: $cfg->getDefaultDeptId(); $statusId = $statusId ?: $cfg->getDefaultTicketStatusId(); $topicId = isset($topic) ? $topic->getId() : 0; $ipaddress = $vars['ip'] ?: $_SERVER['REMOTE_ADDR']; $source = $source ?: 'Web'; //We are ready son...hold on to the rails. $number = $topic ? $topic->getNewTicketNumber() : $cfg->getNewTicketNumber(); $sql = 'INSERT INTO ' . TICKET_TABLE . ' SET created=NOW() ' . ' ,lastmessage= NOW()' . ' ,user_id=' . db_input($user->getId()) . ' ,`number`=' . db_input($number) . ' ,dept_id=' . db_input($deptId) . ' ,topic_id=' . db_input($topicId) . ' ,ip_address=' . db_input($ipaddress) . ' ,source=' . db_input($source); if (isset($vars['emailId']) && $vars['emailId']) { $sql .= ', email_id=' . db_input($vars['emailId']); } //Make sure the origin is staff - avoid firebug hack! if ($vars['duedate'] && !strcasecmp($origin, 'staff')) { $sql .= ' ,duedate=' . db_input(date('Y-m-d G:i', Misc::dbtime($vars['duedate'] . ' ' . $vars['time']))); } if (!db_query($sql) || !($id = db_insert_id()) || !($ticket = Ticket::lookup($id))) { return null; } /* -------------------- POST CREATE ------------------------ */ // Save the (common) dynamic form $form->setTicketId($id); $form->save(); // Save the form data from the help-topic form, if any if ($topic_form) { $topic_form->setTicketId($id); $topic_form->save(); } $ticket->loadDynamicData(); $dept = $ticket->getDept(); // Add organizational collaborators if ($org && $org->autoAddCollabs()) { $pris = $org->autoAddPrimaryContactsAsCollabs(); $members = $org->autoAddMembersAsCollabs(); $settings = array('isactive' => true); $collabs = array(); foreach ($org->allMembers() as $u) { if ($members || $pris && $u->isPrimaryContact()) { if ($c = $ticket->addCollaborator($u, $settings, $errors)) { $collabs[] = (string) $c; } } } //TODO: Can collaborators add others? if ($collabs) { //TODO: Change EndUser to name of user. $ticket->logNote(sprintf(_S('Collaborators for %s organization added'), $org->getName()), implode("<br>", $collabs), $org->getName(), false); } } //post the message. $vars['title'] = $vars['subject']; //Use the initial subject as title of the post. $vars['userId'] = $ticket->getUserId(); $message = $ticket->postMessage($vars, $origin, false); // Configure service-level-agreement for this ticket $ticket->selectSLAId($vars['slaId']); // Assign ticket to staff or team (new ticket by staff) if ($vars['assignId']) { $ticket->assign($vars['assignId'], $vars['note']); } else { // Auto assign staff or team - auto assignment based on filter // rules. Both team and staff can be assigned if ($vars['staffId']) { $ticket->assignToStaff($vars['staffId'], _S('Auto Assignment')); } if ($vars['teamId']) { // No team alert if also assigned to an individual agent $ticket->assignToTeam($vars['teamId'], _S('Auto Assignment'), !$vars['staffId']); } } // Apply requested status — this should be done AFTER assignment, // because if it is requested to be closed, it should not cause the // ticket to be reopened for assignment. if ($statusId) { $ticket->setStatus($statusId, false, false); } /********** double check auto-response ************/ //Override auto responder if the FROM email is one of the internal emails...loop control. if ($autorespond && Email::getIdByEmail($ticket->getEmail())) { $autorespond = false; } # Messages that are clearly auto-responses from email systems should # not have a return 'ping' message if (isset($vars['flags']) && $vars['flags']['bounce']) { $autorespond = false; } if ($autorespond && $message->isAutoReply()) { $autorespond = false; } //post canned auto-response IF any (disables new ticket auto-response). if ($vars['cannedResponseId'] && $ticket->postCannedReply($vars['cannedResponseId'], $message->getId(), $autorespond)) { $ticket->markUnAnswered(); //Leave the ticket as unanswred. $autorespond = false; } //Check department's auto response settings // XXX: Dept. setting doesn't affect canned responses. if ($autorespond && $dept && !$dept->autoRespONNewTicket()) { $autorespond = false; } //Don't send alerts to staff when the message is a bounce // this is necessary to avoid possible loop (especially on new ticket) if ($alertstaff && $message->isBounce()) { $alertstaff = false; } /***** See if we need to send some alerts ****/ $ticket->onNewTicket($message, $autorespond, $alertstaff); /************ check if the user JUST reached the max. open tickets limit **********/ if ($cfg->getMaxOpenTickets() > 0 && ($user = $ticket->getOwner()) && $user->getNumOpenTickets() == $cfg->getMaxOpenTickets()) { $ticket->onOpenLimit($autorespond && strcasecmp($origin, 'staff')); } /* Start tracking ticket lifecycle events */ $ticket->logEvent('created'); // Fire post-create signal (for extra email sending, searching) Signal::send('model.created', $ticket); /* Phew! ... time for tea (KETEPA) */ return $ticket; }
function create($vars, &$errors, $origin, $autorespond = true, $alertstaff = true) { global $cfg, $thisclient, $_FILES; //Make sure the email is not banned if ($vars['email'] && EmailFilter::isBanned($vars['email'])) { $errors['err'] = 'Ticket denied. Error #403'; Sys::log(LOG_WARNING, 'Ticket denied', 'Banned email - ' . $vars['email']); return 0; } $id = 0; $fields = array(); $fields['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required'); $fields['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required'); $fields['subject'] = array('type' => 'string', 'required' => 1, 'error' => 'Subject required'); $fields['message'] = array('type' => 'text', 'required' => 1, 'error' => 'Message required'); switch (strtolower($origin)) { case 'web': $fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => 'Select help topic'); break; case 'staff': $fields['deptId'] = array('type' => 'int', 'required' => 1, 'error' => 'Dept. required'); $fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => 'Topic required'); $fields['duedate'] = array('type' => 'date', 'required' => 0, 'error' => 'Invalid date - must be MM/DD/YY'); case 'api': $fields['source'] = array('type' => 'string', 'required' => 1, 'error' => 'Indicate source'); break; case 'email': $fields['emailId'] = array('type' => 'int', 'required' => 1, 'error' => 'Email unknown'); break; default: # TODO: Return error message $errors['origin'] = 'Invalid origin given'; } $fields['pri'] = array('type' => 'int', 'required' => 0, 'error' => 'Invalid Priority'); $fields['phone'] = array('type' => 'phone', 'required' => 0, 'error' => 'Valid phone # required'); if (!Validator::process($fields, $vars, $errors) && !$errors['err']) { $errors['err'] = 'Missing or invalid data - check the errors and try again'; } //Make sure phone extension is valid if ($vars['phone_ext']) { if (!is_numeric($vars['phone_ext']) && !$errors['phone']) { $errors['phone'] = 'Invalid phone ext.'; } elseif (!$vars['phone']) { //make sure they just didn't enter ext without phone # XXX: reconsider allowing! $errors['phone'] = 'Phone number required'; } } //Make sure the due date is valid if ($vars['duedate']) { if (!$vars['time'] || strpos($vars['time'], ':') === false) { $errors['time'] = 'Select time'; } elseif (strtotime($vars['duedate'] . ' ' . $vars['time']) === false) { $errors['duedate'] = 'Invalid duedate'; } elseif (strtotime($vars['duedate'] . ' ' . $vars['time']) <= time()) { $errors['duedate'] = 'Due date must be in the future'; } } //check attachment..if any is set ...only set on webbased tickets.. //XXX:?? Create ticket anyway and simply drop the attachments?? We're already doing so with emails. if ($_FILES['attachment']['name'] && $cfg->allowOnlineAttachments()) { if (!$cfg->canUploadFileType($_FILES['attachment']['name'])) { $errors['attachment'] = 'Invalid file type [ ' . Format::htmlchars($_FILES['attachment']['name']) . ' ]'; } elseif ($_FILES['attachment']['size'] > $cfg->getMaxFileSize()) { $errors['attachment'] = 'File is too big. Max ' . $cfg->getMaxFileSize() . ' bytes allowed'; } } # Perform email filter actions on the new ticket arguments XXX: Move filter to the top and check for reject... if (!$errors && ($ef = new EmailFilter($vars))) { $ef->apply($vars); } # Some things will need to be unpacked back into the scope of this # function if (isset($vars['autorespond'])) { $autorespond = $vars['autorespond']; } //check ticket limits..if limit set is >0 //TODO: Base ticket limits on SLA... XXX: move it elsewhere?? if ($vars['email'] && !$errors && $cfg->getMaxOpenTickets() > 0 && strcasecmp($origin, 'staff')) { $openTickets = Ticket::getOpenTicketsByEmail($vars['email']); if ($openTickets >= $cfg->getMaxOpenTickets()) { $errors['err'] = "You've reached the maximum open tickets allowed."; //Send the notice only once (when the limit is reached) incase of autoresponders at client end. if ($cfg->getMaxOpenTickets() == $openTickets && $cfg->sendOverlimitNotice()) { if ($vars['deptId']) { $dept = Dept::lookup($vars['deptId']); } if (!$dept || !($tpl = $dept->getTemplate())) { $tpl = $cfg->getDefaultTemplate(); } if (!$dept || !($email = $dept->getAutoRespEmail())) { $email = $cfg->getDefaultEmail(); } if ($tpl && ($msg = $tpl->getOverlimitMsgTemplate()) && $email) { $body = str_replace('%name', $vars['name'], $msg['body']); $body = str_replace('%email', $vars['email'], $msg['body']); $body = str_replace('%url', $cfg->getBaseUrl(), $body); $body = str_replace('%signature', $dept && $dept->isPublic() ? $dept->getSignature() : '', $body); $email->send($vars['email'], $msg['subj'], $body); } //Log + Alert admin...this might be spammy (no option to disable)...but it is helpful..I think. $msg = 'Support ticket request denied for ' . $vars['email'] . "\n" . 'Open ticket:' . $openTickets . "\n" . 'Max Allowed:' . $cfg->getMaxOpenTickets() . "\n\nNotice only sent once"; Sys::log(LOG_CRIT, 'Overlimit Notice', $msg); } } } //Any error above is fatal. if ($errors) { return 0; } // OK...just do it. $deptId = $vars['deptId']; //pre-selected Dept if any. $priorityId = $vars['pri']; $source = ucfirst($vars['source']); $topic = NULL; // Intenal mapping magic...see if we need to overwrite anything if (isset($vars['topicId']) && ($topic = Topic::lookup($vars['topicId']))) { //Ticket created via web by user/or staff $deptId = $deptId ? $deptId : $topic->getDeptId(); $priorityId = $priorityId ? $priorityId : $topic->getPriorityId(); if ($autorespond) { $autorespond = $topic->autoRespond(); } $source = $vars['source'] ? $vars['source'] : 'Web'; } elseif ($vars['emailId'] && !$vars['deptId'] && ($email = Email::lookup($vars['emailId']))) { //Emailed Tickets $deptId = $email->getDeptId(); $priorityId = $priorityId ? $priorityId : $email->getPriorityId(); if ($autorespond) { $autorespond = $email->autoRespond(); } $email = null; $source = 'Email'; } elseif ($vars['deptId']) { //Opened by staff. $deptId = $vars['deptId']; $source = ucfirst($vars['source']); } //Last minute checks $priorityId = $priorityId ? $priorityId : $cfg->getDefaultPriorityId(); $deptId = $deptId ? $deptId : $cfg->getDefaultDeptId(); $topicId = $vars['topicId'] ? $vars['topicId'] : 0; $ipaddress = $vars['ip'] ? $vars['ip'] : $_SERVER['REMOTE_ADDR']; //We are ready son...hold on to the rails. $extId = Ticket::genExtRandID(); $sql = 'INSERT INTO ' . TICKET_TABLE . ' SET created=NOW() ' . ' ,lastmessage= NOW()' . ' ,ticketID=' . db_input($extId) . ' ,dept_id=' . db_input($deptId) . ' ,topic_id=' . db_input($topicId) . ' ,priority_id=' . db_input($priorityId) . ' ,email=' . db_input($vars['email']) . ' ,name=' . db_input(Format::striptags($vars['name'])) . ' ,subject=' . db_input(Format::striptags($vars['subject'])) . ' ,phone="' . db_input($vars['phone'], false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext'] ? $vars['phone_ext'] : '') . ' ,ip_address=' . db_input($ipaddress) . ' ,source=' . db_input($source); //Make sure the origin is staff - avoid firebug hack! if ($vars['duedate'] && !strcasecmp($origin, 'staff')) { $sql .= ' ,duedate=' . db_input(date('Y-m-d G:i', Misc::dbtime($vars['duedate'] . ' ' . $vars['time']))); } if (!db_query($sql) || !($id = db_insert_id()) || !($ticket = Ticket::lookup($id))) { return null; } /* -------------------- POST CREATE ------------------------ */ $dept = $ticket->getDept(); if (!$cfg->useRandomIds()) { //Sequential ticketIDs support really..really suck arse. $extId = $id; //To make things really easy we are going to use autoincrement ticket_id. db_query('UPDATE ' . TICKET_TABLE . ' SET ticketID=' . db_input($extId) . ' WHERE ticket_id=' . $id . ' LIMIT 1'); //TODO: RETHING what happens if this fails?? [At the moment on failure random ID is used...making stuff usable] } //post the message. $msgid = $ticket->postMessage($vars['message'], $source, $vars['mid'], $vars['header'], true); //TODO: recover from postMessage error?? //Upload attachments...web based. - XXX: Assumes user uploaded attachments!! XXX: move it to client interface. if ($_FILES['attachment']['name'] && $cfg->allowOnlineAttachments() && $msgid) { if (!$cfg->allowAttachmentsOnlogin() || $cfg->allowAttachmentsOnlogin() && ($thisuser && $thisuser->isValid())) { $ticket->uploadAttachment($_FILES['attachment'], $msgid, 'M'); } } // Configure service-level-agreement for this ticket $ticket->selectSLAId($vars['slaId']); //Auto assign staff or team - auto assignment based on filter rules. if ($vars['staffId'] && !$vars['assignId']) { $ticket->assignToStaff($vars['staffId'], 'auto-assignment'); } if ($vars['teamId'] && !$vars['assignId']) { $ticket->assignToTeam($vars['teamId'], 'auto-assignment'); } /********** double check auto-response ************/ //Overwrite auto responder if the FROM email is one of the internal emails...loop control. if ($autorespond && Email::getIdByEmail($ticket->getEmail())) { $autorespond = false; } if ($autorespond && $dept && !$dept->autoRespONNewTicket()) { $autorespond = false; } # Messages that are clearly auto-responses from email systems should # not have a return 'ping' message if ($autorespond && $vars['header'] && EmailFilter::isAutoResponse(Mail_Parse::splitHeaders($vars['header']))) { $autorespond = false; } //Don't auto respond to mailer daemons. if ($autorespond && (strpos(strtolower($vars['email']), 'mailer-daemon@') !== false || strpos(strtolower($vars['email']), 'postmaster@') !== false)) { $autorespond = false; } /***** See if we need to send some alerts ****/ $ticket->onNewTicket($vars['message'], $autorespond, $alertstaff); return $ticket; }
function create($vars, &$errors, $origin, $autorespond = true, $alertstaff = true) { global $cfg, $thisclient, $_FILES; //Check for 403 if ($vars['email'] && Validator::is_email($vars['email'])) { //Make sure the email address is not banned if (EmailFilter::isBanned($vars['email'])) { $errors['err'] = 'Ticket denied. Error #403'; Sys::log(LOG_WARNING, 'Ticket denied', 'Banned email - ' . $vars['email']); return 0; } //Make sure the open ticket limit hasn't been reached. (LOOP CONTROL) if ($cfg->getMaxOpenTickets() > 0 && strcasecmp($origin, 'staff') && ($client = Client::lookupByEmail($vars['email'])) && ($openTickets = $client->getNumOpenTickets()) && $opentickets >= $cfg->getMaxOpenTickets()) { $errors['err'] = "You've reached the maximum open tickets allowed."; Sys::log(LOG_WARNING, 'Ticket denied -' . $vars['email'], sprintf('Max open tickets (%d) reached for %s ', $cfg->getMaxOpenTickets(), $vars['email'])); return 0; } } // Make sure email contents should not be rejected if (($email_filter = new EmailFilter($vars)) && ($filter = $email_filter->shouldReject())) { $errors['err'] = 'Ticket denied. Error #403'; Sys::log(LOG_WARNING, 'Ticket denied', sprintf('Banned email - %s by filter "%s"', $vars['email'], $filter->getName())); return 0; } $id = 0; $fields = array(); $fields['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required'); $fields['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required'); $fields['subject'] = array('type' => 'string', 'required' => 1, 'error' => 'Subject required'); $fields['message'] = array('type' => 'text', 'required' => 1, 'error' => 'Message required'); switch (strtolower($origin)) { case 'web': $fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => 'Select help topic'); break; case 'staff': $fields['deptId'] = array('type' => 'int', 'required' => 1, 'error' => 'Dept. required'); $fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => 'Topic required'); $fields['duedate'] = array('type' => 'date', 'required' => 0, 'error' => 'Invalid date - must be MM/DD/YY'); case 'api': $fields['source'] = array('type' => 'string', 'required' => 1, 'error' => 'Indicate source'); break; case 'email': $fields['emailId'] = array('type' => 'int', 'required' => 1, 'error' => 'Email unknown'); break; default: # TODO: Return error message $errors['err'] = $errors['origin'] = 'Invalid origin given'; } $fields['priorityId'] = array('type' => 'int', 'required' => 0, 'error' => 'Invalid Priority'); $fields['phone'] = array('type' => 'phone', 'required' => 0, 'error' => 'Valid phone # required'); if (!Validator::process($fields, $vars, $errors) && !$errors['err']) { $errors['err'] = 'Missing or invalid data - check the errors and try again'; } //Make sure phone extension is valid if ($vars['phone_ext']) { if (!is_numeric($vars['phone_ext']) && !$errors['phone']) { $errors['phone'] = 'Invalid phone ext.'; } elseif (!$vars['phone']) { //make sure they just didn't enter ext without phone # XXX: reconsider allowing! $errors['phone'] = 'Phone number required'; } } //Make sure the due date is valid if ($vars['duedate']) { if (!$vars['time'] || strpos($vars['time'], ':') === false) { $errors['time'] = 'Select time'; } elseif (strtotime($vars['duedate'] . ' ' . $vars['time']) === false) { $errors['duedate'] = 'Invalid duedate'; } elseif (strtotime($vars['duedate'] . ' ' . $vars['time']) <= time()) { $errors['duedate'] = 'Due date must be in the future'; } } # Perform email filter actions on the new ticket arguments XXX: Move filter to the top and check for reject... if (!$errors && $email_filter) { $email_filter->apply($vars); } # Some things will need to be unpacked back into the scope of this # function if (isset($vars['autorespond'])) { $autorespond = $vars['autorespond']; } //Any error above is fatal. if ($errors) { return 0; } // OK...just do it. $deptId = $vars['deptId']; //pre-selected Dept if any. $priorityId = $vars['priorityId']; $source = ucfirst($vars['source']); $topic = NULL; // Intenal mapping magic...see if we need to overwrite anything if (isset($vars['topicId']) && ($topic = Topic::lookup($vars['topicId']))) { //Ticket created via web by user/or staff $deptId = $deptId ? $deptId : $topic->getDeptId(); $priorityId = $priorityId ? $priorityId : $topic->getPriorityId(); if ($autorespond) { $autorespond = $topic->autoRespond(); } $source = $vars['source'] ? $vars['source'] : 'Web'; } elseif ($vars['emailId'] && !$vars['deptId'] && ($email = Email::lookup($vars['emailId']))) { //Emailed Tickets $deptId = $email->getDeptId(); $priorityId = $priorityId ? $priorityId : $email->getPriorityId(); if ($autorespond) { $autorespond = $email->autoRespond(); } $email = null; $source = 'Email'; } elseif ($vars['deptId']) { //Opened by staff. $deptId = $vars['deptId']; $source = ucfirst($vars['source']); } //Last minute checks $priorityId = $priorityId ? $priorityId : $cfg->getDefaultPriorityId(); $deptId = $deptId ? $deptId : $cfg->getDefaultDeptId(); $topicId = $vars['topicId'] ? $vars['topicId'] : 0; $ipaddress = $vars['ip'] ? $vars['ip'] : $_SERVER['REMOTE_ADDR']; //We are ready son...hold on to the rails. $extId = Ticket::genExtRandID(); $sql = 'INSERT INTO ' . TICKET_TABLE . ' SET created=NOW() ' . ' ,lastmessage= NOW()' . ' ,ticketID=' . db_input($extId) . ' ,dept_id=' . db_input($deptId) . ' ,topic_id=' . db_input($topicId) . ' ,priority_id=' . db_input($priorityId) . ' ,email=' . db_input($vars['email']) . ' ,name=' . db_input(Format::striptags($vars['name'])) . ' ,subject=' . db_input(Format::striptags($vars['subject'])) . ' ,phone="' . db_input($vars['phone'], false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext'] ? $vars['phone_ext'] : '') . ' ,ip_address=' . db_input($ipaddress) . ' ,source=' . db_input($source); //Make sure the origin is staff - avoid firebug hack! if ($vars['duedate'] && !strcasecmp($origin, 'staff')) { $sql .= ' ,duedate=' . db_input(date('Y-m-d G:i', Misc::dbtime($vars['duedate'] . ' ' . $vars['time']))); } if (!db_query($sql) || !($id = db_insert_id()) || !($ticket = Ticket::lookup($id))) { return null; } /* -------------------- POST CREATE ------------------------ */ $dept = $ticket->getDept(); if (!$cfg->useRandomIds()) { //Sequential ticketIDs support really..really suck arse. $extId = $id; //To make things really easy we are going to use autoincrement ticket_id. db_query('UPDATE ' . TICKET_TABLE . ' SET ticketID=' . db_input($extId) . ' WHERE ticket_id=' . $id . ' LIMIT 1'); //TODO: RETHING what happens if this fails?? [At the moment on failure random ID is used...making stuff usable] } //post the message. $msgid = $ticket->postMessage($vars['message'], $source, $vars['mid'], $vars['header'], true); // Configure service-level-agreement for this ticket $ticket->selectSLAId($vars['slaId']); //Auto assign staff or team - auto assignment based on filter rules. if ($vars['staffId'] && !$vars['assignId']) { $ticket->assignToStaff($vars['staffId'], 'auto-assignment'); } if ($vars['teamId'] && !$vars['assignId']) { $ticket->assignToTeam($vars['teamId'], 'auto-assignment'); } /********** double check auto-response ************/ //Overwrite auto responder if the FROM email is one of the internal emails...loop control. if ($autorespond && Email::getIdByEmail($ticket->getEmail())) { $autorespond = false; } if ($autorespond && $dept && !$dept->autoRespONNewTicket()) { $autorespond = false; } # Messages that are clearly auto-responses from email systems should # not have a return 'ping' message if ($autorespond && $vars['header'] && EmailFilter::isAutoResponse(Mail_Parse::splitHeaders($vars['header']))) { $autorespond = false; } //Don't auto respond to mailer daemons. if ($autorespond && (strpos(strtolower($vars['email']), 'mailer-daemon@') !== false || strpos(strtolower($vars['email']), 'postmaster@') !== false)) { $autorespond = false; } /***** See if we need to send some alerts ****/ $ticket->onNewTicket($vars['message'], $autorespond, $alertstaff); /************ check if the user JUST reached the max. open tickets limit **********/ if ($cfg->getMaxOpenTickets() > 0 && ($client = $ticket->getClient()) && $client->getNumOpenTickets() == $cfg->getMaxOpenTickets()) { $ticket->onOpenLimit($autorespond && strcasecmp($origin, 'staff')); } /* Phew! ... time for tea (KETEPA) */ return $ticket; }
function install($vars) { $this->errors=$f=array(); $f['name'] = array('type'=>'string', 'required'=>1, 'error'=>__('Name required')); $f['email'] = array('type'=>'email', 'required'=>1, 'error'=>__('Valid email required')); $f['fname'] = array('type'=>'string', 'required'=>1, 'error'=>__('First name required')); $f['lname'] = array('type'=>'string', 'required'=>1, 'error'=>__('Last name required')); $f['admin_email'] = array('type'=>'email', 'required'=>1, 'error'=>__('Valid email required')); $f['username'] = array('type'=>'username', 'required'=>1, 'error'=>__('Username required')); $f['passwd'] = array('type'=>'password', 'required'=>1, 'error'=>__('Password required')); $f['passwd2'] = array('type'=>'password', 'required'=>1, 'error'=>__('Confirm Password')); $f['prefix'] = array('type'=>'string', 'required'=>1, 'error'=>__('Table prefix required')); $f['dbhost'] = array('type'=>'string', 'required'=>1, 'error'=>__('Host name required')); $f['dbname'] = array('type'=>'string', 'required'=>1, 'error'=>__('Database name required')); $f['dbuser'] = array('type'=>'string', 'required'=>1, 'error'=>__('Username required')); $f['dbpass'] = array('type'=>'string', 'required'=>1, 'error'=>__('Password required')); $vars = array_map('trim', $vars); if(!Validator::process($f,$vars,$this->errors) && !$this->errors['err']) $this->errors['err']=__('Missing or invalid data - correct the errors and try again.'); //Staff's email can't be same as system emails. if($vars['admin_email'] && $vars['email'] && !strcasecmp($vars['admin_email'],$vars['email'])) $this->errors['admin_email']=__('Conflicts with system email above'); //Admin's pass confirmation. if(!$this->errors && strcasecmp($vars['passwd'],$vars['passwd2'])) $this->errors['passwd2']=__('Password(s) do not match'); //Check table prefix underscore required at the end! if($vars['prefix'] && substr($vars['prefix'], -1)!='_') $this->errors['prefix']=__('Bad prefix. Must have underscore (_) at the end. e.g \'ost_\''); //Make sure admin username is not very predictable. XXX: feels dirty but necessary if(!$this->errors['username'] && in_array(strtolower($vars['username']),array('admin','admins','username','osticket'))) $this->errors['username']=__('Bad username'); // Support port number specified in the hostname with a colon (:) list($host, $port) = explode(':', $vars['dbhost']); if ($port && is_numeric($port) && ($port < 1 || $port > 65535)) $this->errors['db'] = __('Invalid database port number'); //MYSQL: Connect to the DB and check the version & database (create database if it doesn't exist!) if(!$this->errors) { if(!db_connect($vars['dbhost'],$vars['dbuser'],$vars['dbpass'])) $this->errors['db']=sprintf(__('Unable to connect to MySQL server: %s'), db_connect_error()); elseif(explode('.', db_version()) < explode('.', $this->getMySQLVersion())) $this->errors['db']=sprintf(__('osTicket requires MySQL %s or later!'),$this->getMySQLVersion()); elseif(!db_select_database($vars['dbname']) && !db_create_database($vars['dbname'])) { $this->errors['dbname']=__("Database doesn't exist"); $this->errors['db']=__('Unable to create the database.'); } elseif(!db_select_database($vars['dbname'])) { $this->errors['dbname']=__('Unable to select the database'); } else { //Abort if we have another installation (or table) with same prefix. $sql = 'SELECT * FROM `'.$vars['prefix'].'config` LIMIT 1'; if(db_query($sql, false)) { $this->errors['err'] = __('We have a problem - another installation with same table prefix exists!'); $this->errors['prefix'] = __('Prefix already in-use'); } else { //Try changing charset and collation of the DB - no bigie if we fail. db_query('ALTER DATABASE '.$vars['dbname'].' DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci', false); } } } //bailout on errors. if($this->errors) return false; /*************** We're ready to install ************************/ define('ADMIN_EMAIL',$vars['admin_email']); //Needed to report SQL errors during install. define('TABLE_PREFIX',$vars['prefix']); //Table prefix Bootstrap::defineTables(TABLE_PREFIX); Bootstrap::loadCode(); $debug = true; // Change it to false to squelch SQL errors. //Last minute checks. if(!file_exists($this->getConfigFile()) || !($configFile=file_get_contents($this->getConfigFile()))) $this->errors['err']=__('Unable to read config file. Permission denied! (#2)'); elseif(!($fp = @fopen($this->getConfigFile(),'r+'))) $this->errors['err']=__('Unable to open config file for writing. Permission denied! (#3)'); else { $streams = DatabaseMigrater::getUpgradeStreams(INCLUDE_DIR.'upgrader/streams/'); foreach ($streams as $stream=>$signature) { $schemaFile = INC_DIR."streams/$stream/install-mysql.sql"; if (!file_exists($schemaFile) || !($fp2 = fopen($schemaFile, 'rb'))) $this->errors['err'] = sprintf( __('%s: Internal Error - please make sure your download is the latest (#1)'), $stream); elseif ( // TODO: Make the hash algo configurable in the streams // configuration ( core : md5 ) !($hash = md5(fread($fp2, filesize($schemaFile)))) || strcasecmp($signature, $hash)) $this->errors['err'] = sprintf( __('%s: Unknown or invalid schema signature (%s .. %s)'), $stream, $signature, $hash); elseif (!$this->load_sql_file($schemaFile, $vars['prefix'], true, $debug)) $this->errors['err'] = sprintf( __('%s: Error parsing SQL schema! Get help from developers (#4)'), $stream); } } if(!$this->errors) { // TODO: Use language selected from install worksheet $i18n = new Internationalization($vars['lang_id']); $i18n->loadDefaultData(); Signal::send('system.install', $this); $sql='SELECT `id` FROM '.TABLE_PREFIX.'sla ORDER BY `id` LIMIT 1'; $sla_id_1 = db_result(db_query($sql, false)); $sql='SELECT `dept_id` FROM '.TABLE_PREFIX.'department ORDER BY `dept_id` LIMIT 1'; $dept_id_1 = db_result(db_query($sql, false)); $sql='SELECT `tpl_id` FROM '.TABLE_PREFIX.'email_template_group ORDER BY `tpl_id` LIMIT 1'; $template_id_1 = db_result(db_query($sql, false)); $sql='SELECT `group_id` FROM '.TABLE_PREFIX.'groups ORDER BY `group_id` LIMIT 1'; $group_id_1 = db_result(db_query($sql, false)); $sql='SELECT `value` FROM '.TABLE_PREFIX.'config WHERE namespace=\'core\' and `key`=\'default_timezone_id\' LIMIT 1'; $default_timezone = db_result(db_query($sql, false)); //Create admin user. $sql='INSERT INTO '.TABLE_PREFIX.'staff SET created=NOW() ' .", isactive=1, isadmin=1, group_id='$group_id_1', dept_id='$dept_id_1'" .", timezone_id='$default_timezone', max_page_size=25" .', email='.db_input($vars['admin_email']) .', firstname='.db_input($vars['fname']) .', lastname='.db_input($vars['lname']) .', username='******'username']) .', passwd='.db_input(Passwd::hash($vars['passwd'])); if(!db_query($sql, false) || !($uid=db_insert_id())) $this->errors['err']=__('Unable to create admin user (#6)'); } if(!$this->errors) { //Create default emails! $email = $vars['email']; list(,$domain)=explode('@',$vars['email']); $sql='INSERT INTO '.TABLE_PREFIX.'email (`name`,`email`,`created`,`updated`) VALUES ' ." ('Support','$email',NOW(),NOW())" .",('osTicket Alerts','alerts@$domain',NOW(),NOW())" .",('','noreply@$domain',NOW(),NOW())"; $support_email_id = db_query($sql, false) ? db_insert_id() : 0; $sql='SELECT `email_id` FROM '.TABLE_PREFIX."email WHERE `email`='alerts@$domain' LIMIT 1"; $alert_email_id = db_result(db_query($sql, false)); //Create config settings---default settings! $defaults = array( 'default_email_id'=>$support_email_id, 'alert_email_id'=>$alert_email_id, 'default_dept_id'=>$dept_id_1, 'default_sla_id'=>$sla_id_1, 'default_template_id'=>$template_id_1, 'admin_email'=>$vars['admin_email'], 'schema_signature'=>$streams['core'], 'helpdesk_url'=>URL, 'helpdesk_title'=>$vars['name']); $config = new Config('core'); if (!$config->updateAll($defaults)) $this->errors['err']=__('Unable to create config settings').' (#7)'; // Set company name require_once(INCLUDE_DIR.'class.company.php'); $company = new Company(); $company->getForm()->setAnswer('name', $vars['name']); $company->getForm()->save(); foreach ($streams as $stream=>$signature) { if ($stream != 'core') { $config = new Config($stream); if (!$config->update('schema_signature', $signature)) $this->errors['err']=__('Unable to create config settings').' (#8)'; } } } if($this->errors) return false; //Abort on internal errors. //Rewrite the config file - MUST be done last to allow for installer recovery. $configFile= str_replace("define('OSTINSTALLED',FALSE);","define('OSTINSTALLED',TRUE);",$configFile); $configFile= str_replace('%ADMIN-EMAIL',$vars['admin_email'],$configFile); $configFile= str_replace('%CONFIG-DBHOST',$vars['dbhost'],$configFile); $configFile= str_replace('%CONFIG-DBNAME',$vars['dbname'],$configFile); $configFile= str_replace('%CONFIG-DBUSER',$vars['dbuser'],$configFile); $configFile= str_replace('%CONFIG-DBPASS',$vars['dbpass'],$configFile); $configFile= str_replace('%CONFIG-PREFIX',$vars['prefix'],$configFile); $configFile= str_replace('%CONFIG-SIRI',Misc::randCode(32),$configFile); if(!$fp || !ftruncate($fp,0) || !fwrite($fp,$configFile)) { $this->errors['err']=__('Unable to write to config file. Permission denied! (#5)'); return false; } @fclose($fp); /************* Make the system happy ***********************/ $sql='UPDATE '.TABLE_PREFIX."email SET dept_id=$dept_id_1"; db_query($sql, false); global $cfg; $cfg = new OsticketConfig(); //Create a ticket to make the system warm and happy. $errors = array(); $ticket_vars = $i18n->getTemplate('templates/ticket/installed.yaml') ->getData(); $ticket = Ticket::create($ticket_vars, $errors, 'api', false, false); if ($ticket && ($org = Organization::objects()->order_by('id')->one())) { $user=User::lookup($ticket->getOwnerId()); $user->setOrganization($org); } //TODO: create another personalized ticket and assign to admin?? //Log a message. $msg=__("Congratulations osTicket basic installation completed!\n\nThank you for choosing osTicket!"); $sql='INSERT INTO '.TABLE_PREFIX.'syslog SET created=NOW(), updated=NOW(), log_type="Debug" ' .', title="osTicket installed!"' .', log='.db_input($msg) .', ip_address='.db_input($_SERVER['REMOTE_ADDR']); db_query($sql, false); return true; }
static function create($vars, &$errors, $origin, $autorespond = true, $alertstaff = true) { global $ost, $cfg, $thisclient, $_FILES; // Don't enforce form validation for email $field_filter = function ($type) use($origin) { return function ($f) use($origin, $type) { // Ultimately, only offer validation errors for web for // non-internal fields. For email, no validation can be // performed. For other origins, validate as usual switch (strtolower($origin)) { case 'email': return false; case 'staff': // Required 'Contact Information' fields aren't required // when staff open tickets return $type != 'user' || in_array($f->get('name'), array('name', 'email')); case 'web': return !$f->get('private'); default: return true; } }; }; $reject_ticket = function ($message) use(&$errors) { global $ost; $errors = array('errno' => 403, 'err' => __('This help desk is for use by authorized users only')); $ost->logWarning(_S('Ticket Denied'), $message, false); return 0; }; Signal::send('ticket.create.before', null, $vars); // Create and verify the dynamic form entry for the new ticket $form = TicketForm::getNewInstance(); $form->setSource($vars); // If submitting via email or api, ensure we have a subject and such if (!in_array(strtolower($origin), array('web', 'staff'))) { foreach ($form->getFields() as $field) { $fname = $field->get('name'); if ($fname && isset($vars[$fname]) && !$field->value) { $field->value = $field->parse($vars[$fname]); } } } if (!$form->isValid($field_filter('ticket'))) { $errors += $form->errors(); } /*INICIO Creado por Anthony Parisi 2016-02-01 Con las siguientes lineas de código, se crea el ticket mediante la API.*/ if (!in_array(strtolower($origin), array('web', 'staff'))) { $errors = array(); } /* FIN */ if ($vars['uid']) { $user = User::lookup($vars['uid']); } $id = 0; $fields = array(); $fields['message'] = array('type' => '*', 'required' => 1, 'error' => __('Message content is required')); switch (strtolower($origin)) { case 'web': $fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => __('Select a help topic')); break; case 'staff': $fields['deptId'] = array('type' => 'int', 'required' => 0, 'error' => __('Department selection is required')); $fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => __('Help topic selection is required')); $fields['duedate'] = array('type' => 'date', 'required' => 0, 'error' => __('Invalid date format - must be MM/DD/YY')); case 'api': $fields['source'] = array('type' => 'string', 'required' => 1, 'error' => __('Indicate ticket source')); break; case 'email': $fields['emailId'] = array('type' => 'int', 'required' => 1, 'error' => __('Unknown system email')); break; default: # TODO: Return error message $errors['err'] = $errors['origin'] = __('Invalid ticket origin given'); } if (!Validator::process($fields, $vars, $errors) && !$errors['err']) { $errors['err'] = __('Missing or invalid data - check the errors and try again'); } //Make sure the due date is valid if ($vars['duedate']) { if (!$vars['time'] || strpos($vars['time'], ':') === false) { $errors['time'] = __('Select a time from the list'); } elseif (strtotime($vars['duedate'] . ' ' . $vars['time']) === false) { $errors['duedate'] = __('Invalid due date'); } elseif (strtotime($vars['duedate'] . ' ' . $vars['time']) <= time()) { $errors['duedate'] = __('Due date must be in the future'); } } if (!$errors) { # Perform ticket filter actions on the new ticket arguments $__form = null; if ($vars['topicId']) { if (($__topic = Topic::lookup($vars['topicId'])) && ($__form = $__topic->getForm())) { $__form = $__form->instanciate(); $__form->setSource($vars); } } try { $vars = self::filterTicketData($origin, $vars, array($form, $__form), $user); } catch (RejectedException $ex) { return $reject_ticket(sprintf(_S('Ticket rejected (%s) by filter "%s"'), $ex->vars['email'], $ex->getRejectingFilter()->getName())); } //Make sure the open ticket limit hasn't been reached. (LOOP CONTROL) if ($cfg->getMaxOpenTickets() > 0 && strcasecmp($origin, 'staff') && ($_user = TicketUser::lookupByEmail($vars['email'])) && ($openTickets = $_user->getNumOpenTickets()) && $openTickets >= $cfg->getMaxOpenTickets()) { $errors = array('err' => __("You've reached the maximum open tickets allowed.")); $ost->logWarning(sprintf(_S('Ticket denied - %s'), $vars['email']), sprintf(_S('Max open tickets (%1$d) reached for %2$s'), $cfg->getMaxOpenTickets(), $vars['email']), false); return 0; } // Allow vars to be changed in ticket filter and applied to the user // account created or detected if (!$user && $vars['email']) { $user = User::lookupByEmail($vars['email']); } if (!$user) { // Reject emails if not from registered clients (if // configured) if (strcasecmp($origin, 'email') === 0 && !$cfg->acceptUnregisteredEmail()) { list($mailbox, $domain) = explode('@', $vars['email'], 2); // Users not yet created but linked to an organization // are still acceptable if (!Organization::forDomain($domain)) { return $reject_ticket(sprintf(_S('Ticket rejected (%s) (unregistered client)'), $vars['email'])); } } $user_form = UserForm::getUserForm()->getForm($vars); if (!$user_form->isValid($field_filter('user')) || !($user = User::fromVars($user_form->getClean()))) { $errors['user'] = __('Incomplete client information'); } } } if ($vars['topicId']) { if ($topic = Topic::lookup($vars['topicId'])) { if ($topic_form = $topic->getForm()) { $TF = $topic_form->getForm($vars); $topic_form = $topic_form->instanciate(); $topic_form->setSource($vars); if (!$TF->isValid($field_filter('topic'))) { $errors = array_merge($errors, $TF->errors()); } } } else { $errors['topicId'] = 'Invalid help topic selected'; } } // Any error above is fatal. if ($errors) { return 0; } Signal::send('ticket.create.validated', null, $vars); # Some things will need to be unpacked back into the scope of this # function if (isset($vars['autorespond'])) { $autorespond = $vars['autorespond']; } # Apply filter-specific priority if ($vars['priorityId']) { $form->setAnswer('priority', null, $vars['priorityId']); } // If the filter specifies a help topic which has a form associated, // and there was previously either no help topic set or the help // topic did not have a form, there's no need to add it now as (1) // validation is closed, (2) there may be a form already associated // and filled out from the original help topic, and (3) staff // members can always add more forms now // OK...just do it. $statusId = $vars['statusId']; $deptId = $vars['deptId']; //pre-selected Dept if any. $source = ucfirst($vars['source']); // Apply email settings for emailed tickets. Email settings should // trump help topic settins if the email has an associated help // topic if ($vars['emailId'] && ($email = Email::lookup($vars['emailId']))) { $deptId = $deptId ?: $email->getDeptId(); $priority = $form->getAnswer('priority'); if (!$priority || !$priority->getIdValue()) { $form->setAnswer('priority', null, $email->getPriorityId()); } if ($autorespond) { $autorespond = $email->autoRespond(); } if (!isset($topic) && ($T = $email->getTopic()) && $T->isActive()) { $topic = $T; } $email = null; $source = 'Email'; } if (!isset($topic)) { // This may return NULL, no big deal $topic = $cfg->getDefaultTopic(); } // Intenal mapping magic...see if we need to override anything if (isset($topic)) { $deptId = $deptId ?: $topic->getDeptId(); $statusId = $statusId ?: $topic->getStatusId(); $priority = $form->getAnswer('priority'); if (!$priority || !$priority->getIdValue()) { $form->setAnswer('priority', null, $topic->getPriorityId()); } if ($autorespond) { $autorespond = $topic->autoRespond(); } //Auto assignment. if (!isset($vars['staffId']) && $topic->getStaffId()) { $vars['staffId'] = $topic->getStaffId(); } elseif (!isset($vars['teamId']) && $topic->getTeamId()) { $vars['teamId'] = $topic->getTeamId(); } //set default sla. if (isset($vars['slaId'])) { $vars['slaId'] = $vars['slaId'] ?: $cfg->getDefaultSLAId(); } elseif ($topic && $topic->getSLAId()) { $vars['slaId'] = $topic->getSLAId(); } } // Auto assignment to organization account manager if (($org = $user->getOrganization()) && $org->autoAssignAccountManager() && ($code = $org->getAccountManagerId())) { if (!isset($vars['staffId']) && $code[0] == 's') { $vars['staffId'] = substr($code, 1); } elseif (!isset($vars['teamId']) && $code[0] == 't') { $vars['teamId'] = substr($code, 1); } } // Last minute checks $priority = $form->getAnswer('priority'); if (!$priority || !$priority->getIdValue()) { $form->setAnswer('priority', null, $cfg->getDefaultPriorityId()); } $deptId = $deptId ?: $cfg->getDefaultDeptId(); $statusId = $statusId ?: $cfg->getDefaultTicketStatusId(); $topicId = isset($topic) ? $topic->getId() : 0; $ipaddress = $vars['ip'] ?: $_SERVER['REMOTE_ADDR']; $source = $source ?: 'Web'; //We are ready son...hold on to the rails. $number = $topic ? $topic->getNewTicketNumber() : $cfg->getNewTicketNumber(); $sql = 'INSERT INTO ' . TICKET_TABLE . ' SET created=NOW() ' . ' ,lastmessage= NOW()' . ' ,user_id=' . db_input($user->getId()) . ' ,`number`=' . db_input($number) . ' ,dept_id=' . db_input($deptId) . ' ,topic_id=' . db_input($topicId) . ' ,ip_address=' . db_input($ipaddress) . ' ,source=' . db_input($source); if (isset($vars['emailId']) && $vars['emailId']) { $sql .= ', email_id=' . db_input($vars['emailId']); } //Make sure the origin is staff - avoid firebug hack! if ($vars['duedate'] && !strcasecmp($origin, 'staff')) { $sql .= ' ,duedate=' . db_input(date('Y-m-d G:i', Misc::dbtime($vars['duedate'] . ' ' . $vars['time']))); } if (!db_query($sql) || !($id = db_insert_id()) || !($ticket = Ticket::lookup($id))) { return null; } /* -------------------- POST CREATE ------------------------ */ // Save the (common) dynamic form $form->setTicketId($id); $form->save(); // Save the form data from the help-topic form, if any if ($topic_form) { $topic_form->setTicketId($id); $topic_form->save(); } $ticket->loadDynamicData(); $dept = $ticket->getDept(); // Add organizational collaborators if ($org && $org->autoAddCollabs()) { $pris = $org->autoAddPrimaryContactsAsCollabs(); $members = $org->autoAddMembersAsCollabs(); $settings = array('isactive' => true); $collabs = array(); foreach ($org->allMembers() as $u) { if ($members || $pris && $u->isPrimaryContact()) { if ($c = $ticket->addCollaborator($u, $settings, $errors)) { $collabs[] = (string) $c; } } } //TODO: Can collaborators add others? if ($collabs) { //TODO: Change EndUser to name of user. $ticket->logNote(sprintf(_S('Collaborators for %s organization added'), $org->getName()), implode("<br>", $collabs), $org->getName(), false); } } //post the message. $vars['title'] = $vars['subject']; //Use the initial subject as title of the post. $vars['userId'] = $ticket->getUserId(); $message = $ticket->postMessage($vars, $origin, false); // Configure service-level-agreement for this ticket $ticket->selectSLAId($vars['slaId']); // Assign ticket to staff or team (new ticket by staff) if ($vars['assignId']) { $ticket->assign($vars['assignId'], $vars['note']); } else { // Auto assign staff or team - auto assignment based on filter // rules. Both team and staff can be assigned if ($vars['staffId']) { $ticket->assignToStaff($vars['staffId'], _S('Auto Assignment')); } if ($vars['teamId']) { // No team alert if also assigned to an individual agent $ticket->assignToTeam($vars['teamId'], _S('Auto Assignment'), !$vars['staffId']); } } // Apply requested status — this should be done AFTER assignment, // because if it is requested to be closed, it should not cause the // ticket to be reopened for assignment. if ($statusId) { $ticket->setStatus($statusId, false, false); } /********** double check auto-response ************/ //Override auto responder if the FROM email is one of the internal emails...loop control. if ($autorespond && Email::getIdByEmail($ticket->getEmail())) { $autorespond = false; } # Messages that are clearly auto-responses from email systems should # not have a return 'ping' message if (isset($vars['flags']) && $vars['flags']['bounce']) { $autorespond = false; } if ($autorespond && $message->isAutoReply()) { $autorespond = false; } //post canned auto-response IF any (disables new ticket auto-response). if ($vars['cannedResponseId'] && $ticket->postCannedReply($vars['cannedResponseId'], $message->getId(), $autorespond)) { $ticket->markUnAnswered(); //Leave the ticket as unanswred. $autorespond = false; } //Check department's auto response settings // XXX: Dept. setting doesn't affect canned responses. if ($autorespond && $dept && !$dept->autoRespONNewTicket()) { $autorespond = false; } //Don't send alerts to staff when the message is a bounce // this is necessary to avoid possible loop (especially on new ticket) if ($alertstaff && $message->isBounce()) { $alertstaff = false; } /***** See if we need to send some alerts ****/ $ticket->onNewTicket($message, $autorespond, $alertstaff); /************ check if the user JUST reached the max. open tickets limit **********/ if ($cfg->getMaxOpenTickets() > 0 && ($user = $ticket->getOwner()) && $user->getNumOpenTickets() == $cfg->getMaxOpenTickets()) { $ticket->onOpenLimit($autorespond && strcasecmp($origin, 'staff')); } /* Start tracking ticket lifecycle events */ $ticket->logEvent('created'); // Fire post-create signal (for extra email sending, searching) Signal::send('model.created', $ticket); /*INICIO Anthony Parisi 2016-02-05 Con las siguientes lineas de código, se actualizan los campos de Detalle de su Solicitud en las tablas descritas en la Sentencia SQL*/ if (!in_array(strtolower($origin), array('web', 'staff'))) { //echo "<pre>"; //var_dump($vars); //die($vars['valores']); foreach ($ticket as $key => $value) { if ($key == "id") { $ticket_idAPI = $value; } if ($key == "last_message") { $last_message = $value; $datos = explode("\n", $last_message); $nombre = $vars['name']; $correo = $vars['email']; $telefono = $vars['phone']; $valores = $vars['valores']; $adicional = explode("%%", $valores); //die($adicional[4]); /*$nombre = ucwords(strtolower(substr($datos[0], 20, strlen($datos[0])-21))); $correo = strtolower(substr($datos[1], 20, strlen($datos[1])-21)); $telefono = substr($datos[2], 22, strlen($datos[2])-23); $i = 5; $mensaje = ""; while(strpos($datos[$i], "------------------------------------------------------") === false){ $mensaje .= $datos[$i]; $i++; } for($i=5;$i < (count($datos)-6);$i++){ if(strpos($datos[$i], "TIPO DE PASAJE: ") > -1) $pasaje = substr($datos[$i], 28, strlen($datos[$i])-29); elseif(strpos($datos[$i], "CIUDAD DE ORIGEN: ") > -1) $origen = substr($datos[$i], 18, strlen($datos[$i])-19); elseif(strpos($datos[$i], "CIUDAD DE DESTINO: ") > -1) $destino = substr($datos[$i], 21, strlen($datos[$i])-22); elseif(strpos($datos[$i], "FECHA DE SALIDA: ") > -1) $salida = substr($datos[$i], 17, strlen($datos[$i])-18); elseif(strpos($datos[$i], "FECHA DE REGRESO: ") > -1) $regreso = substr($datos[$i], 20, strlen($datos[$i])-21); elseif(strpos($datos[$i], "CLASE: ") > -1) $clase = substr($datos[$i], 19, strlen($datos[$i])-20); elseif(strpos($datos[$i], "AEROL") > -1) $aerolinea = substr($datos[$i], 14, strlen($datos[$i])-15); } $adultos = substr($datos[count($datos)-5], 9, strlen($datos[count($datos)-5])-10); $mayores = substr($datos[count($datos)-4], 11, strlen($datos[count($datos)-4])-12); $ninos = substr($datos[count($datos)-3], 9, strlen($datos[count($datos)-3])-10); $bebes = substr($datos[count($datos)-2], 8, strlen($datos[count($datos)-2])-9);*/ } } $detail = '{"88":"Cotizacion PopPup"}'; $mysqli = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME); $mysqli->query("UPDATE `ost_form_entry_values` SET `value` = '{$detail}' WHERE field_id = '20' AND `entry_id` = (SELECT id FROM ost_form_entry WHERE object_id = '{$ticket_idAPI}' AND object_type = 'T');"); $mysqli->query("INSERT INTO `ost_ticket__cdata` SET `subject`='88', `ticket_id`= '{$ticket_idAPI}' ON DUPLICATE KEY UPDATE `subject`='88';"); $sqlUser = $mysqli->query("SELECT id FROM ost_user WHERE id = '" . $user->getId() . "' AND `org_id` = 30 LIMIT 1;"); $rowUser = mysqli_num_rows($sqlUser); if ($rowUser <= 0) { $mysqli->query("UPDATE ost_user SET `org_id` = 30, `updated` = NOW() WHERE id = " . $user->getId() . " LIMIT 1;"); } $mysqli->query("INSERT INTO \n `ost_cotizaciones` (\n `ticket_id`, \n `nombre`, \n `correo`, \n `telefono`, \n `mensaje`, \n `tipo_vuelo`, \n `origen`, \n `destino`, \n `salida`, \n `regreso`, \n `clase`, \n `aerolinea`, \n `adultos`, \n `mayores`, \n `ninos`, \n `bebe`) \n VALUES (\n '{$ticket_idAPI}', \n '{$nombre}', \n '{$correo}', \n '{$telefono}', \n '{$adicional['0']}', \n '{$adicional['1']}', \n '{$adicional['2']}', \n '{$adicional['3']}', \n '{$adicional['4']}', \n '{$adicional['5']}', \n '{$adicional['6']}', \n '{$adicional['7']}', \n '{$adicional['8']}', \n '{$adicional['9']}', \n '{$adicional['10']}', \n '{$adicional['11']}');"); } /* FIN */ /* Phew! ... time for tea (KETEPA) */ return $ticket; }
function install($vars) { $this->errors = $f = array(); $f['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required'); $f['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required'); $f['fname'] = array('type' => 'string', 'required' => 1, 'error' => 'First name required'); $f['lname'] = array('type' => 'string', 'required' => 1, 'error' => 'Last name required'); $f['admin_email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required'); $f['username'] = array('type' => 'username', 'required' => 1, 'error' => 'Username required'); $f['passwd'] = array('type' => 'password', 'required' => 1, 'error' => 'Password required'); $f['passwd2'] = array('type' => 'string', 'required' => 1, 'error' => 'Confirm password'); $f['prefix'] = array('type' => 'string', 'required' => 1, 'error' => 'Table prefix required'); $f['dbhost'] = array('type' => 'string', 'required' => 1, 'error' => 'Hostname required'); $f['dbname'] = array('type' => 'string', 'required' => 1, 'error' => 'Database name required'); $f['dbuser'] = array('type' => 'string', 'required' => 1, 'error' => 'Username required'); $f['dbpass'] = array('type' => 'string', 'required' => 1, 'error' => 'password required'); if (!Validator::process($f, $vars, $this->errors) && !$this->errors['err']) { $this->errors['err'] = 'Missing or invalid data - correct the errors and try again.'; } //Staff's email can't be same as system emails. if ($vars['admin_email'] && $vars['email'] && !strcasecmp($vars['admin_email'], $vars['email'])) { $this->errors['admin_email'] = 'Conflicts with system email above'; } //Admin's pass confirmation. if (!$this->errors && strcasecmp($vars['passwd'], $vars['passwd2'])) { $this->errors['passwd2'] = 'passwords to not match!'; } //Check table prefix underscore required at the end! if ($vars['prefix'] && substr($vars['prefix'], -1) != '_') { $this->errors['prefix'] = 'Bad prefix. Must have underscore (_) at the end. e.g \'ost_\''; } //Make sure admin username is not very predictable. XXX: feels dirty but necessary if (!$this->errors['username'] && in_array(strtolower($vars['username']), array('admin', 'admins', 'username', 'osticket'))) { $this->errors['username'] = '******'; } // Support port number specified in the hostname with a colon (:) list($host, $port) = explode(':', $vars['dbhost']); if ($port && is_numeric($port) && ($port < 1 || $port > 65535)) { $this->errors['db'] = 'Invalid database port number'; } //MYSQL: Connect to the DB and check the version & database (create database if it doesn't exist!) if (!$this->errors) { if (!db_connect($vars['dbhost'], $vars['dbuser'], $vars['dbpass'])) { $this->errors['db'] = 'Unable to connect to MySQL server. ' . db_connect_error(); } elseif (explode('.', db_version()) < explode('.', $this->getMySQLVersion())) { $this->errors['db'] = sprintf('osTicket requires MySQL %s or better!', $this->getMySQLVersion()); } elseif (!db_select_database($vars['dbname']) && !db_create_database($vars['dbname'])) { $this->errors['dbname'] = 'Database doesn\'t exist'; $this->errors['db'] = 'Unable to create the database.'; } elseif (!db_select_database($vars['dbname'])) { $this->errors['dbname'] = 'Unable to select the database'; } else { //Abort if we have another installation (or table) with same prefix. $sql = 'SELECT * FROM `' . $vars['prefix'] . 'config` LIMIT 1'; if (db_query($sql, false)) { $this->errors['err'] = 'We have a problem - another installation with same table prefix exists!'; $this->errors['prefix'] = 'Prefix already in-use'; } else { //Try changing charset and collation of the DB - no bigie if we fail. db_query('ALTER DATABASE ' . $vars['dbname'] . ' DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci', false); } } } //bailout on errors. if ($this->errors) { return false; } /*************** We're ready to install ************************/ define('ADMIN_EMAIL', $vars['admin_email']); //Needed to report SQL errors during install. define('PREFIX', $vars['prefix']); //Table prefix $debug = true; // Change it to false to squelch SQL errors. //Last minute checks. if (!file_exists($this->getConfigFile()) || !($configFile = file_get_contents($this->getConfigFile()))) { $this->errors['err'] = 'Unable to read config file. Permission denied! (#2)'; } elseif (!($fp = @fopen($this->getConfigFile(), 'r+'))) { $this->errors['err'] = 'Unable to open config file for writing. Permission denied! (#3)'; } else { $streams = DatabaseMigrater::getUpgradeStreams(INCLUDE_DIR . 'upgrader/streams/'); foreach ($streams as $stream => $signature) { $schemaFile = INC_DIR . "streams/{$stream}/install-mysql.sql"; if (!file_exists($schemaFile) || !($fp2 = fopen($schemaFile, 'rb'))) { $this->errors['err'] = $stream . ': Internal Error - please make sure your download is the latest (#1)'; } elseif (!($hash = md5(fread($fp2, filesize($schemaFile)))) || strcasecmp($signature, $hash)) { $this->errors['err'] = $stream . ': Unknown or invalid schema signature (' . $signature . ' .. ' . $hash . ')'; } elseif (!$this->load_sql_file($schemaFile, $vars['prefix'], true, $debug)) { $this->errors['err'] = $stream . ': Error parsing SQL schema! Get help from developers (#4)'; } } } $sql = 'SELECT `id` FROM ' . PREFIX . 'sla ORDER BY `id` LIMIT 1'; $sla_id_1 = db_result(db_query($sql, false), 0); $sql = 'SELECT `dept_id` FROM ' . PREFIX . 'department ORDER BY `dept_id` LIMIT 1'; $dept_id_1 = db_result(db_query($sql, false), 0); $sql = 'SELECT `tpl_id` FROM ' . PREFIX . 'email_template_group ORDER BY `tpl_id` LIMIT 1'; $template_id_1 = db_result(db_query($sql, false), 0); $sql = 'SELECT `group_id` FROM ' . PREFIX . 'groups ORDER BY `group_id` LIMIT 1'; $group_id_1 = db_result(db_query($sql, false), 0); $sql = 'SELECT `id` FROM ' . PREFIX . 'timezone WHERE offset=-5.0 LIMIT 1'; $eastern_timezone = db_result(db_query($sql, false), 0); if (!$this->errors) { //Create admin user. $sql = 'INSERT INTO ' . PREFIX . 'staff SET created=NOW() ' . ", isactive=1, isadmin=1, group_id={$group_id_1}, dept_id={$dept_id_1}" . ", timezone_id={$eastern_timezone}, max_page_size=25" . ', email=' . db_input($vars['admin_email']) . ', firstname=' . db_input($vars['fname']) . ', lastname=' . db_input($vars['lname']) . ', username='******'username']) . ', passwd=' . db_input(Passwd::hash($vars['passwd'])); if (!db_query($sql, false) || !($uid = db_insert_id())) { $this->errors['err'] = 'Unable to create admin user (#6)'; } } if (!$this->errors) { //Create default emails! $email = $vars['email']; list(, $domain) = explode('@', $vars['email']); $sql = 'INSERT INTO ' . PREFIX . 'email (`name`,`email`,`created`,`updated`) VALUES ' . " ('Support','{$email}',NOW(),NOW())" . ",('osTicket Alerts','alerts@{$domain}',NOW(),NOW())" . ",('','noreply@{$domain}',NOW(),NOW())"; $support_email_id = db_query($sql, false) ? db_insert_id() : 0; $sql = 'SELECT `email_id` FROM ' . PREFIX . "email WHERE `email`='alerts@{$domain}' LIMIT 1"; $alert_email_id = db_result(db_query($sql, false), 0); //Create config settings---default settings! //XXX: rename ostversion helpdesk_* ?? // XXX: Some of this can go to the core install file $defaults = array('isonline' => '0', 'default_email_id' => $support_email_id, 'alert_email_id' => $alert_email_id, 'default_dept_id' => $dept_id_1, 'default_sla_id' => $sla_id_1, 'default_timezone_id' => $eastern_timezone, 'default_template_id' => $template_id_1, 'admin_email' => db_input($vars['admin_email']), 'schema_signature' => db_input($streams['core']), 'helpdesk_url' => db_input(URL), 'helpdesk_title' => db_input($vars['name'])); foreach ($defaults as $key => $value) { $sql = 'UPDATE ' . PREFIX . 'config SET updated=NOW(), value=' . $value . ' WHERE namespace="core" AND `key`=' . db_input($key); if (!db_query($sql, false)) { $this->errors['err'] = 'Unable to create config settings (#7)'; } } foreach ($streams as $stream => $signature) { if ($stream != 'core') { $sql = 'INSERT INTO ' . PREFIX . 'config (`namespace`, `key`, `value`, `updated`) ' . 'VALUES (' . db_input($stream) . ', ' . db_input('schema_signature') . ', ' . db_input($signature) . ', NOW())'; if (!db_query($sql, false)) { $this->errors['err'] = 'Unable to create config settings (#7)'; } } } } if ($this->errors) { return false; } //Abort on internal errors. //Rewrite the config file - MUST be done last to allow for installer recovery. $configFile = str_replace("define('OSTINSTALLED',FALSE);", "define('OSTINSTALLED',TRUE);", $configFile); $configFile = str_replace('%ADMIN-EMAIL', $vars['admin_email'], $configFile); $configFile = str_replace('%CONFIG-DBHOST', $vars['dbhost'], $configFile); $configFile = str_replace('%CONFIG-DBNAME', $vars['dbname'], $configFile); $configFile = str_replace('%CONFIG-DBUSER', $vars['dbuser'], $configFile); $configFile = str_replace('%CONFIG-DBPASS', $vars['dbpass'], $configFile); $configFile = str_replace('%CONFIG-PREFIX', $vars['prefix'], $configFile); $configFile = str_replace('%CONFIG-SIRI', Misc::randCode(32), $configFile); if (!$fp || !ftruncate($fp, 0) || !fwrite($fp, $configFile)) { $this->errors['err'] = 'Unable to write to config file. Permission denied! (#5)'; return false; } @fclose($fp); /************* Make the system happy ***********************/ $sql = 'UPDATE ' . PREFIX . "email SET dept_id={$dept_id_1}"; db_query($sql, false); $sql = 'UPDATE ' . PREFIX . "department SET email_id={$support_email_id}" . ", autoresp_email_id={$support_email_id}"; db_query($sql, false); //Create a ticket to make the system warm and happy. $sql = 'INSERT INTO ' . PREFIX . 'ticket SET created=NOW(), status="open", source="Web" ' . " ,priority_id=0, dept_id={$dept_id_1}, topic_id=0 " . ' ,ticketID=' . db_input(Misc::randNumber(6)) . ' ,email="*****@*****.**" ' . ' ,name="osTicket Support" ' . ' ,subject="osTicket Installed!"'; if (db_query($sql, false) && ($tid = db_insert_id())) { if (!($msg = file_get_contents(INC_DIR . 'msg/installed.txt'))) { $msg = 'Congratulations and Thank you for choosing osTicket!'; } $sql = 'INSERT INTO ' . PREFIX . 'ticket_thread SET created=NOW()' . ', source="Web" ' . ', thread_type="M" ' . ', ticket_id=' . db_input($tid) . ', title=' . db_input('osTicket Installed') . ', body=' . db_input($msg); db_query($sql, false); } //TODO: create another personalized ticket and assign to admin?? //Log a message. $msg = "Congratulations osTicket basic installation completed!\n\nThank you for choosing osTicket!"; $sql = 'INSERT INTO ' . PREFIX . 'syslog SET created=NOW(), updated=NOW(), log_type="Debug" ' . ', title="osTicket installed!"' . ', log=' . db_input($msg) . ', ip_address=' . db_input($_SERVER['REMOTE_ADDR']); db_query($sql, false); return true; }
function install($vars) { $this->errors = $f = array(); $f['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required'); $f['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required'); $f['fname'] = array('type' => 'string', 'required' => 1, 'error' => 'First name required'); $f['lname'] = array('type' => 'string', 'required' => 1, 'error' => 'Last name required'); $f['admin_email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required'); $f['username'] = array('type' => 'username', 'required' => 1, 'error' => 'Username required'); $f['passwd'] = array('type' => 'password', 'required' => 1, 'error' => 'Password required'); $f['passwd2'] = array('type' => 'string', 'required' => 1, 'error' => 'Confirm password'); $f['prefix'] = array('type' => 'string', 'required' => 1, 'error' => 'Table prefix required'); $f['dbhost'] = array('type' => 'string', 'required' => 1, 'error' => 'Hostname required'); $f['dbname'] = array('type' => 'string', 'required' => 1, 'error' => 'Database name required'); $f['dbuser'] = array('type' => 'string', 'required' => 1, 'error' => 'Username required'); $f['dbpass'] = array('type' => 'string', 'required' => 1, 'error' => 'password required'); if (!Validator::process($f, $vars, $this->errors) && !$this->errors['err']) { $this->errors['err'] = 'Missing or invalid data - correct the errors and try again.'; } //Staff's email can't be same as system emails. if ($vars['admin_email'] && $vars['email'] && !strcasecmp($vars['admin_email'], $vars['email'])) { $this->errors['admin_email'] = 'Conflicts with system email above'; } //Admin's pass confirmation. if (!$this->errors && strcasecmp($vars['passwd'], $vars['passwd2'])) { $this->errors['passwd2'] = 'passwords to not match!'; } //Check table prefix underscore required at the end! if ($vars['prefix'] && substr($vars['prefix'], -1) != '_') { $this->errors['prefix'] = 'Bad prefix. Must have underscore (_) at the end. e.g \'ost_\''; } //Make sure admin username is not very predictable. XXX: feels dirty but necessary if (!$this->errors['username'] && in_array(strtolower($vars['username']), array('admin', 'admins', 'username', 'osticket'))) { $this->errors['username'] = '******'; } //MYSQL: Connect to the DB and check the version & database (create database if it doesn't exist!) if (!$this->errors) { if (!db_connect($vars['dbhost'], $vars['dbuser'], $vars['dbpass'])) { $this->errors['db'] = 'Unable to connect to MySQL server. Possibly invalid login info.'; } elseif (db_version() < $this->getMySQLVersion()) { $this->errors['db'] = sprintf('osTicket requires MySQL %s or better!', $this->getMySQLVersion()); } elseif (!db_select_database($vars['dbname']) && !db_create_database($vars['dbname'])) { $this->errors['dbname'] = 'Database doesn\'t exist'; $this->errors['db'] = 'Unable to create the database.'; } elseif (!db_select_database($vars['dbname'])) { $this->errors['dbname'] = 'Unable to select the database'; } } //bailout on errors. if ($this->errors) { return false; } /*************** We're ready to install ************************/ define('ADMIN_EMAIL', $vars['admin_email']); //Needed to report SQL errors during install. define('PREFIX', $vars['prefix']); //Table prefix $schemaFile = INC_DIR . 'sql/osTicket-mysql.sql'; //DB dump. $debug = true; //XXX:Change it to true to show SQL errors. //Last minute checks. if (!file_exists($schemaFile)) { $this->errors['err'] = 'Internal Error - please make sure your download is the latest (#1)'; } elseif (!($signature = trim(file_get_contents("{$schemaFile}.md5"))) || strcasecmp($signature, md5_file($schemaFile))) { $this->errors['err'] = 'Unknown or invalid schema signature (' . $signature . ' .. ' . md5_file($schemaFile) . ')'; } elseif (!file_exists($this->getConfigFile()) || !($configFile = file_get_contents($this->getConfigFile()))) { $this->errors['err'] = 'Unable to read config file. Permission denied! (#2)'; } elseif (!($fp = @fopen($this->getConfigFile(), 'r+'))) { $this->errors['err'] = 'Unable to open config file for writing. Permission denied! (#3)'; } elseif (!$this->load_sql_file($schemaFile, $vars['prefix'], true, $debug)) { $this->errors['err'] = 'Error parsing SQL schema! Get help from developers (#4)'; } if (!$this->errors) { //Create admin user. $sql = 'INSERT INTO ' . PREFIX . 'staff SET created=NOW() ' . ', isactive=1, isadmin=1, group_id=1, dept_id=1, timezone_id=8, max_page_size=25 ' . ', email=' . db_input($_POST['admin_email']) . ', firstname=' . db_input($vars['fname']) . ', lastname=' . db_input($vars['lname']) . ', username='******'username']) . ', passwd=' . db_input(Passwd::hash($vars['passwd'])); if (!mysql_query($sql) || !($uid = mysql_insert_id())) { $this->errors['err'] = 'Unable to create admin user (#6)'; } } if (!$this->errors) { //Create config settings---default settings! //XXX: rename ostversion helpdesk_* ?? $sql = 'INSERT INTO ' . PREFIX . 'config SET updated=NOW(), isonline=0 ' . ', default_email_id=1, alert_email_id=2, default_dept_id=1 ' . ', default_sla_id=1, default_timezone_id=8, default_template_id=1 ' . ', admin_email=' . db_input($vars['admin_email']) . ', schema_signature=' . db_input($signature) . ', helpdesk_url=' . db_input(URL) . ', helpdesk_title=' . db_input($vars['name']); if (!mysql_query($sql) || !($cid = mysql_insert_id())) { $this->errors['err'] = 'Unable to create config settings (#7)'; } } if ($this->errors) { return false; } //Abort on internal errors. //Rewrite the config file - MUST be done last to allow for installer recovery. $configFile = str_replace("define('OSTINSTALLED',FALSE);", "define('OSTINSTALLED',TRUE);", $configFile); $configFile = str_replace('%ADMIN-EMAIL', $vars['admin_email'], $configFile); $configFile = str_replace('%CONFIG-DBHOST', $vars['dbhost'], $configFile); $configFile = str_replace('%CONFIG-DBNAME', $vars['dbname'], $configFile); $configFile = str_replace('%CONFIG-DBUSER', $vars['dbuser'], $configFile); $configFile = str_replace('%CONFIG-DBPASS', $vars['dbpass'], $configFile); $configFile = str_replace('%CONFIG-PREFIX', $vars['prefix'], $configFile); $configFile = str_replace('%CONFIG-SIRI', Misc::randcode(32), $configFile); if (!$fp || !ftruncate($fp, 0) || !fwrite($fp, $configFile)) { $this->errors['err'] = 'Unable to write to config file. Permission denied! (#5)'; return false; } @fclose($fp); /************* Make the system happy ***********************/ //Create default emails! $email = $vars['email']; list(, $domain) = explode('@', $vars['email']); $sql = 'INSERT INTO ' . PREFIX . 'email (`email_id`, `dept_id`, `name`,`email`,`created`,`updated`) VALUES ' . " (1,1,'Support','{$email}',NOW(),NOW())" . ",(2,1,'osTicket Alerts','alerts@{$domain}',NOW(),NOW())" . ",(3,1,'','noreply@{$domain}',NOW(),NOW())"; @mysql_query($sql); //Create a ticket to make the system warm and happy. $sql = 'INSERT INTO ' . PREFIX . 'ticket SET created=NOW(), status="open", source="Web" ' . ' ,priority_id=2, dept_id=1, topic_id=1 ' . ' ,ticketID=' . db_input(Misc::randNumber(6)) . ' ,email="*****@*****.**" ' . ' ,name="osTicket Support" ' . ' ,subject="osTicket Installed!"'; if (mysql_query($sql) && ($tid = mysql_insert_id())) { if (!($msg = file_get_contents(INC_DIR . 'msg/installed.txt'))) { $msg = 'Congratulations and Thank you for choosing osTicket!'; } $sql = 'INSERT INTO ' . PREFIX . 'ticket_thread SET created=NOW()' . ', source="Web" ' . ', thread_type="M" ' . ', ticket_id=' . db_input($tid) . ', title=' . db_input('osTicket Installed') . ', body=' . db_input($msg); @mysql_query($sql); } //TODO: create another personalized ticket and assign to admin?? //Log a message. $msg = "Congratulations osTicket basic installation completed!\n\nThank you for choosing osTicket!"; $sql = 'INSERT INTO ' . PREFIX . 'syslog SET created=NOW(), updated=NOW(), log_type="Debug" ' . ', title="osTicket installed!"' . ', log=' . db_input($msg) . ', ip_address=' . db_input($_SERVER['REMOTE_ADDR']); @mysql_query($sql); return true; }
<?php require_once '../../../config.php'; require_once WB_PATH . '/framework/functions.php'; require_once WB_PATH . '/modules/admin.php'; require_once WB_PATH . '/modules/foldergallery/info.php'; require_once WB_PATH . '/modules/foldergallery/scripts/functions.php'; require_once WB_PATH . '/modules/foldergallery/admin/scripts/backend.functions.php'; require_once WB_PATH . '/modules/foldergallery/class/validator.php'; // Validate Data $v = new Validator(); $v->setData($_POST); $v->setKeys(array('section_id' => 'integer', 'page_id' => 'integer', 'cat_parent' => 'string', 'folder_name' => 'string', 'cat_title' => 'string', 'cat_desc' => 'string')); $v->process(); $request = $v->getValidData(); // This is used to prevent SQL attacks $request['cat_parent'] = $admin->add_slashes($request['cat_parent']); $request['folder_name'] = $v->getSaveFilename($request['folder_name']); $request['cat_title'] = $admin->add_slashes($request['cat_title']); $request['cat_desc'] = $admin->add_slashes($request['cat_desc']); // Get the settings for this section $settings = getSettings($section_id); // Check if Parent Directory exists if ($request['cat_parent'] == '/') { $request['cat_parent'] = ''; } $parent_dir = WB_PATH . $settings['root_dir'] . $request['cat_parent']; if (!is_dir($parent_dir)) { die('A Error occured during creating a new directory!'); } // Check if new Directory does not allready exist
function updatePagesSettings($vars, &$errors) { $f = array(); $f['landing_page_id'] = array('type' => 'int', 'required' => 1, 'error' => 'required'); $f['offline_page_id'] = array('type' => 'int', 'required' => 1, 'error' => 'required'); $f['thank-you_page_id'] = array('type' => 'int', 'required' => 1, 'error' => 'required'); if ($_FILES['logo']) { $error = false; list($logo) = AttachmentFile::format($_FILES['logo']); if (!$logo) { } elseif ($logo['error']) { $errors['logo'] = $logo['error']; } elseif (!($id = AttachmentFile::uploadLogo($logo, $error))) { $errors['logo'] = 'Unable to upload logo image. ' . $error; } } if (!Validator::process($f, $vars, $errors) || $errors) { return false; } if (isset($vars['delete-logo'])) { foreach ($vars['delete-logo'] as $id) { if ($vars['selected-logo'] != $id && ($f = AttachmentFile::lookup($id))) { $f->delete(); } } } return $this->updateAll(array('landing_page_id' => $vars['landing_page_id'], 'offline_page_id' => $vars['offline_page_id'], 'thank-you_page_id' => $vars['thank-you_page_id'], 'client_logo_id' => is_numeric($vars['selected-logo']) && $vars['selected-logo'] ? $vars['selected-logo'] : false)); }