public function addTicketReply()
{
$tID = (int) $_GET['id'];
$array = array('no', $tID, '');
$mergeID = isset($_POST['mergeid']) ? mswReverseTicketNumber($_POST['mergeid']) : '0';
$newID = $mergeID > 0 ? $mergeID : $tID;
// Are we merging this ticket..
if ($mergeID > 0) {
if (mswRowCount('tickets WHERE `id` = \'' . $mergeID . '\'') > 0) {
// Get original ticket and convert it to a reply..
$OTICKET = mswGetTableData('tickets', 'id', $tID);
// Get new parent data for department..
$MERGER = mswGetTableData('tickets', 'id', $mergeID);
// Account information..
$PORTAL = mswGetTableData('portal', 'id', $MERGER->visitorID);
// Add original ticket as reply..
mysql_query("INSERT INTO `" . DB_PREFIX . "replies` (\n `ts`,\n `ticketID`,\n `comments`,\n `replyType`,\n `replyUser`,\n `isMerged`,\n `ipAddresses` \n ) VALUES (\n UNIX_TIMESTAMP(UTC_TIMESTAMP),\n '{$mergeID}',\n '" . mswSafeImportString($OTICKET->comments) . "',\n 'visitor',\n '{$OTICKET->visitorID}',\n 'yes',\n '{$OTICKET->ipAddresses}' \n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Now remove original ticket
mysql_query("DELETE FROM `" . DB_PREFIX . "tickets` WHERE `id` = '{$tID}'") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Move any replies attached to original ticket to new parent..
// Update timestamp so they fall in line..
mysql_query("UPDATE `" . DB_PREFIX . "replies` SET\n\t `ts` = UNIX_TIMESTAMP(UTC_TIMESTAMP),\n `ticketID` = '{$mergeID}',\n `isMerged` = 'yes'\n WHERE `ticketID` = '{$tID}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Move attachments to new ticket id..
mysql_query("UPDATE `" . DB_PREFIX . "attachments` SET\n `ticketID` = '{$mergeID}',\n `department` = '{$MERGER->department}'\n WHERE `ticketID` = '{$tID}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Move custom field data to new ticket..
mysql_query("UPDATE `" . DB_PREFIX . "ticketfields` SET\n `ticketID` = '{$mergeID}'\n WHERE `ticketID` = '{$tID}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Remove history for old ticket..
mysql_query("DELETE FROM `" . DB_PREFIX . "tickethistory` WHERE `ticketID` = '{$tID}'") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Move any dispute user data to new ticket..
mysql_query("UPDATE `" . DB_PREFIX . "disputes` SET\n `ticketID` = '{$mergeID}'\n WHERE `ticketID` = '{$tID}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Overwrite array..
$array = array('yes', $mergeID, $OTICKET->subject);
}
}
// Add new reply..
mysql_query("INSERT INTO `" . DB_PREFIX . "replies` (\n `ts`,\n `ticketID`,\n `comments`,\n `replyType`,\n `replyUser`,\n `isMerged`,\n `ipAddresses` \n ) VALUES (\n UNIX_TIMESTAMP(UTC_TIMESTAMP),\n '{$newID}',\n '" . mswSafeImportString($_POST['comments']) . "',\n 'admin',\n '{$this->team->id}',\n 'no',\n '" . mswIPAddresses() . "' \n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$newReply = mysql_insert_id();
// Custom field data..
if (!empty($_POST['customField'])) {
// Check to see if any checkboxes arrays are now blank..
// If there are, create empty array to prevent ommission in loop..
if (!empty($_POST['hiddenBoxes'])) {
foreach ($_POST['hiddenBoxes'] as $hb) {
if (!isset($_POST['customField'][$hb])) {
$_POST['customField'][$hb] = array();
}
}
}
foreach ($_POST['customField'] as $k => $v) {
$data = '';
// If value is array, its checkboxes..
if (is_array($v)) {
if (!empty($v)) {
$data = implode('#####', $v);
}
} else {
$data = $v;
}
$k = (int) $k;
// If data exists, update or add entry..
// If blank or 'nothing-selected', delete if exists..
if ($data != '' && $data != 'nothing-selected') {
if (mswRowCount('ticketfields WHERE `ticketID` = \'' . $newID . '\' AND `fieldID` = \'' . $k . '\' AND `replyID` = \'' . $newReply . '\'') > 0) {
mysql_query("UPDATE `" . DB_PREFIX . "ticketfields` SET\n `fieldData` = '" . mswSafeImportString($data) . "'\n WHERE `ticketID` = '{$newID}'\n AND `fieldID` = '{$k}'\n AND `replyID` = '{$newReply}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
} else {
mysql_query("INSERT INTO `" . DB_PREFIX . "ticketfields` (\n `fieldData`,`ticketID`,`fieldID`,`replyID`\n ) VALUES (\n '" . mswSafeImportString($data) . "','{$newID}','{$k}','{$newReply}'\n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
}
} else {
mysql_query("DELETE FROM `" . DB_PREFIX . "ticketfields`\n WHERE `ticketID` = '{$newID}'\n AND `fieldID` = '{$k}'\n AND `replyID` = '{$newReply}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
if (mswRowCount('ticketfields') == 0) {
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "ticketfields`");
}
}
}
}
// Update ticket status..
$status = in_array($_POST['status'], array('close', 'open', 'closed', 'submit_report')) ? $_POST['status'] : 'open';
mysql_query("UPDATE `" . DB_PREFIX . "tickets` SET\n `lastrevision` = UNIX_TIMESTAMP(UTC_TIMESTAMP),\n `ticketStatus` = '{$status}',\n `replyStatus` = 'visitor'\n WHERE `id` = '{$newID}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// If specified, add reply as standard response..
if ($_POST['response']) {
// Add response..
$dept = empty($_POST['dept']) ? implode(',', $_POST['deptall']) : implode(',', $_POST['dept']);
mysql_query("INSERT INTO `" . DB_PREFIX . "responses` (\n `ts`,\n `title`,\n `answer`,\n `departments`\n ) VALUES (\n UNIX_TIMESTAMP(UTC_TIMESTAMP),\n '" . mswSafeImportString($_POST['response']) . "',\n '" . mswSafeImportString($_POST['comments']) . "',\n '" . mswSafeImportString($dept) . "'\n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Rebuild sequence..
include_once PATH . 'control/classes/class.responses.php';
$MSSTR = new standardResponses();
$MSSTR->rebuildSequence();
}
$array[] = $newReply;
return $array;
}
}
$filters = array();
$searchParams = '';
$s = '';
$countedRows = 0;
$area = empty($_GET['area']) ? array('tickets', 'disputes') : $_GET['area'];
include PATH . 'templates/system/tickets/global/order-by.php';
if (isset($_GET['keys'])) {
// Filters..
if ($_GET['keys']) {
$_GET['keys'] = mswSafeImportString(strtolower($_GET['keys']));
// Hash will cause search to fail for ticket number, so lets remove it..
if (substr($_GET['keys'], 0, 1) == '#') {
$_GET['keys'] = substr($_GET['keys'], 1);
}
$filters[0] = (int) $_GET['keys'] > 0 ? "`" . DB_PREFIX . "tickets`.`id` = '" . mswReverseTicketNumber($_GET['keys']) . "'" : "LOWER(`" . DB_PREFIX . "portal`.`name`) LIKE '%" . $_GET['keys'] . "%' OR LOWER(`" . DB_PREFIX . "tickets`.`subject`) LIKE '%" . $_GET['keys'] . "%' OR LOWER(`" . DB_PREFIX . "tickets`.`ticketNotes`) LIKE '%" . $_GET['keys'] . "%' OR LOWER(`email`) LIKE '%" . $_GET['keys'] . "%' OR LOWER(`comments`) LIKE '%" . $_GET['keys'] . "%'";
// Are we also searching responses?
if (isset($_GET['responses']) && !is_numeric($_GET['keys'])) {
$ticketIDs = array();
$q = mysql_query("SELECT `ticketID` FROM `" . DB_PREFIX . "replies`\n\t WHERE LOWER(`comments`) LIKE '%" . $_GET['keys'] . "%'\n\t\t GROUP BY `ticketID`\n\t\t ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
while ($RP = mysql_fetch_object($q)) {
$ticketIDs[] = $RP->ticketID;
}
if (!empty($ticketIDs)) {
$filters[0] = $filters[0] . ' OR `' . DB_PREFIX . 'tickets`.`id` IN(' . implode(',', $ticketIDs) . ')';
}
}
}
if (isset($_GET['priority']) && in_array($_GET['priority'], $levelPrKeys)) {
$filters[] = "`priority` = '{$_GET['priority']}'";
}
public function getTicketID($subject, $email)
{
$ticketid = 0;
if (preg_match("[[#][0-9]{1,12}]", $subject, $regs)) {
$ticketid = mswReverseTicketNumber(trim(preg_replace('/[^0-9]/', '', $regs[0])));
$PORTAL = mswGetTableData('portal', 'email', mswSafeImportString($email), '', '`id`');
if (isset($PORTAL->id) && mswRowCount('tickets WHERE `id` = \'' . (int) $ticketid . '\' AND `visitorID` = \'' . $PORTAL->id . '\' AND `spamFlag` = \'no\'') > 0) {
return array('yes', $ticketid);
}
}
return array('no', 0);
}
// Add entry log..
if ($USER->enableLog == 'yes') {
$MSUSERS->log($USER);
}
// Set session..
$_SESSION[md5(SECRET_KEY) . '_ms_mail'] = $USER->email;
$_SESSION[md5(SECRET_KEY) . '_ms_key'] = $USER->accpass;
// Set cookie..
if (isset($_POST['cookie']) && COOKIE_NAME) {
if (COOKIE_SSL && mswDetectSSLConnection() == 'yes' || !COOKIE_SSL) {
@setcookie(md5(SECRET_KEY) . '_msc_mail', $USER->email, time() + 60 * 60 * 24 * COOKIE_EXPIRY_DAYS);
@setcookie(md5(SECRET_KEY) . '_msc_key', $USER->accpass, time() + 60 * 60 * 24 * COOKIE_EXPIRY_DAYS);
}
}
if (isset($_SESSION[md5(SECRET_KEY) . 'thisTicket'])) {
$thisTicket = mswReverseTicketNumber($_SESSION[md5(SECRET_KEY) . 'thisTicket']);
$SUPTICK = mswGetTableData('tickets', 'id', $thisTicket);
unset($_SESSION[md5(SECRET_KEY) . 'thisTicket']);
$userAccess = explode('|', $USER->pageAccess);
if ($SUPTICK->assignedto == 'waiting' && (in_array('assign', $userAccess) || $USER->id == 1)) {
header("Location: index.php?p=assign");
} elseif ($SUPTICK->assignedto == 'waiting' && !in_array('assign', $userAccess)) {
header("Location: index.php");
} else {
header("Location: index.php?p=view-" . (isset($SUPTICK->isDisputed) && $SUPTICK->isDisputed == 'yes' ? 'dispute' : 'ticket') . "&id=" . $thisTicket);
}
} else {
// Do we have any unread messages?
// If yes, do we redirect to mailbox?
if ($USER->mailbox == 'yes' && $USER->mailScreen == 'yes') {
if (mswRowCount('mailassoc WHERE `staffID` = \'' . $USER->id . '\' AND `folder` = \'inbox\' AND `status` = \'unread\'') > 0) {
