function sendAccessLink()
{
global $ost;
if (!($ticket = $this->getTicket()) || !($email = $ost->getConfig()->getDefaultEmail()) || !($content = Page::lookup(Page::getIdByType('access-link')))) {
return;
}
$vars = array('url' => $ost->getConfig()->getBaseUrl(), 'ticket' => $this->getTicket(), 'user' => $this, 'recipient' => $this);
$msg = $ost->replaceTemplateVariables(array('subj' => $content->getName(), 'body' => $content->getBody()), $vars);
$email->send($this->getEmail(), Format::striptags($msg['subj']), $msg['body']);
}
function save($id, $vars, &$errors)
{
if ($id && !$vars['group_id']) {
$errors['err'] = 'Missing or invalid group ID';
}
if (!$vars['group_name']) {
$errors['group_name'] = 'Group name required';
} elseif (strlen($vars['group_name']) < 5) {
$errors['group_name'] = 'Group name must be at least 5 chars.';
} else {
$sql = 'SELECT group_id FROM ' . GROUP_TABLE . ' WHERE group_name=' . db_input($vars['group_name']);
if ($id) {
$sql .= ' AND group_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['group_name'] = 'Group name already exists';
}
}
if (!$errors) {
$sql = ' SET updated=NOW(), group_name=' . db_input(Format::striptags($vars['group_name'])) . ', group_enabled=' . db_input($vars['group_enabled']) . ', dept_access=' . db_input($vars['depts'] ? implode(',', $vars['depts']) : '') . ', can_create_tickets=' . db_input($vars['can_create_tickets']) . ', can_delete_tickets=' . db_input($vars['can_delete_tickets']) . ', can_edit_tickets=' . db_input($vars['can_edit_tickets']) . ', can_transfer_tickets=' . db_input($vars['can_transfer_tickets']) . ', can_close_tickets=' . db_input($vars['can_close_tickets']) . ', can_ban_emails=' . db_input($vars['can_ban_emails']) . ', can_manage_kb=' . db_input($vars['can_manage_kb']);
//echo $sql;
if ($id) {
$res = db_query('UPDATE ' . GROUP_TABLE . ' ' . $sql . ' WHERE group_id=' . db_input($id));
if (!$res || !db_affected_rows()) {
$errors['err'] = 'Internal error occured';
}
} else {
$res = db_query('INSERT INTO ' . GROUP_TABLE . ' ' . $sql . ',created=NOW()');
if ($res && ($gID = db_insert_id())) {
return $gID;
}
$errors['err'] = 'Unable to create the group. Internal error';
}
}
return $errors ? false : true;
}
function save($id, $vars, &$errors)
{
if ($id && !$vars['group_id']) {
$errors['err'] = 'Falta la ID de Grupo o es invalida.';
}
if (!$vars['group_name']) {
$errors['group_name'] = 'Nombre de grupo requerido';
} elseif (strlen($vars['group_name']) < 5) {
$errors['group_name'] = 'El nombre del grupo debe tener al menos 5 caracteres.';
} else {
$sql = 'SELECT group_id FROM ' . GROUP_TABLE . ' WHERE group_name=' . db_input($vars['group_name']);
if ($id) {
$sql .= ' AND group_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['group_name'] = 'Este nombre de grupo ya existe.';
}
}
if (!$errors) {
$sql = ' SET updated=NOW(), group_name=' . db_input(Format::striptags($vars['group_name'])) . ', group_enabled=' . db_input($vars['group_enabled']) . ', dept_access=' . db_input($vars['depts'] ? implode(',', $vars['depts']) : '') . ', can_create_tickets=' . db_input($vars['can_create_tickets']) . ', can_delete_tickets=' . db_input($vars['can_delete_tickets']) . ', can_edit_tickets=' . db_input($vars['can_edit_tickets']) . ', can_transfer_tickets=' . db_input($vars['can_transfer_tickets']) . ', can_close_tickets=' . db_input($vars['can_close_tickets']) . ', can_ban_emails=' . db_input($vars['can_ban_emails']) . ', can_manage_kb=' . db_input($vars['can_manage_kb']);
//echo $sql;
if ($id) {
$res = db_query('UPDATE ' . GROUP_TABLE . ' ' . $sql . ' WHERE group_id=' . db_input($id));
if (!$res || !db_affected_rows()) {
$errors['err'] = 'Error interno';
}
} else {
$res = db_query('INSERT INTO ' . GROUP_TABLE . ' ' . $sql . ',created=NOW()');
if ($res && ($gID = db_insert_id())) {
return $gID;
}
$errors['err'] = 'No se a podido crear el grupo, Error interno';
}
}
return $errors ? false : true;
}
function save($id, $vars, &$errors)
{
if ($id && !$vars['group_id']) {
$errors['err'] = 'Faltando ou ID de grupo inválido';
}
if (!$vars['group_name']) {
$errors['group_name'] = 'Nome do grupo necessário';
} elseif (strlen($vars['group_name']) < 5) {
$errors['group_name'] = 'Nome do grupo deve ser de pelo menos 5 caracteres.';
} else {
$sql = 'SELECT group_id FROM ' . GROUP_TABLE . ' WHERE group_name=' . db_input($vars['group_name']);
if ($id) {
$sql .= ' AND group_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['group_name'] = 'Nome do grupo já existe';
}
}
if (!$errors) {
$sql = ' SET updated=NOW(), group_name=' . db_input(Format::striptags($vars['group_name'])) . ', group_enabled=' . db_input($vars['group_enabled']) . ', dept_access=' . db_input($vars['depts'] ? implode(',', $vars['depts']) : '') . ', can_create_tickets=' . db_input($vars['can_create_tickets']) . ', can_delete_tickets=' . db_input($vars['can_delete_tickets']) . ', can_edit_tickets=' . db_input($vars['can_edit_tickets']) . ', can_transfer_tickets=' . db_input($vars['can_transfer_tickets']) . ', can_close_tickets=' . db_input($vars['can_close_tickets']) . ', can_ban_emails=' . db_input($vars['can_ban_emails']) . ', can_manage_kb=' . db_input($vars['can_manage_kb']);
//echo $sql;
if ($id) {
$res = db_query('UPDATE ' . GROUP_TABLE . ' ' . $sql . ' WHERE group_id=' . db_input($id));
if (!$res || !db_affected_rows()) {
$errors['err'] = 'Ocorreu um erro interno';
}
} else {
$res = db_query('INSERT INTO ' . GROUP_TABLE . ' ' . $sql . ',created=NOW()');
if ($res && ($gID = db_insert_id())) {
return $gID;
}
$errors['err'] = 'Não foi possível criar grupo. Erro interno.';
}
}
return $errors ? false : true;
}
static function save($id, $vars, &$errors)
{
global $cfg;
if ($id && $id != $_POST['dept_id']) {
$errors['err'] = _('Missing or invalid Dept ID');
}
if (!$_POST['email_id'] || !is_numeric($_POST['email_id'])) {
$errors['email_id'] = _('Dept email required');
}
if (!is_numeric($_POST['tpl_id'])) {
$errors['tpl_id'] = _('Template required');
}
if (!$_POST['dept_name']) {
$errors['dept_name'] = _('Dept name required');
} elseif (strlen($_POST['dept_name']) < 4) {
$errors['dept_name'] = _('Dept name must be at least 4 chars.');
} else {
$sql = 'SELECT dept_id FROM ' . DEPT_TABLE . ' WHERE dept_name=' . db_input($_POST['dept_name']);
if ($id) {
$sql .= ' AND dept_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['dept_name'] = _('Department already exists');
}
}
if ($_POST['ispublic'] && !$_POST['dept_signature']) {
$errors['dept_signature'] = _('Signature required');
}
if (!$_POST['ispublic'] && $_POST['dept_id'] == $cfg->getDefaultDeptId()) {
$errors['ispublic'] = _('Default department can not be private');
}
if (!$errors) {
$sql = ' SET updated=NOW() ' . ',ispublic=' . db_input($_POST['ispublic']) . ',email_id=' . db_input($_POST['email_id']) . ',tpl_id=' . db_input($_POST['tpl_id']) . ',autoresp_email_id=' . db_input($_POST['autoresp_email_id']) . ',manager_id=' . db_input($_POST['manager_id'] ? $_POST['manager_id'] : 0) . ',dept_name=' . db_input(Format::striptags($_POST['dept_name'])) . ',dept_signature=' . db_input(Format::striptags($_POST['dept_signature'])) . ',ticket_auto_response=' . db_input($_POST['ticket_auto_response']) . ',message_auto_response=' . db_input($_POST['message_auto_response']) . ',can_append_signature=' . db_input(isset($_POST['can_append_signature']) ? 1 : 0);
if ($id) {
$sql = 'UPDATE ' . DEPT_TABLE . ' ' . $sql . ' WHERE dept_id=' . db_input($id);
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = _('Unable to update ') . Format::input($_POST['dept_name']) . _(' Dept. Error occured');
}
} else {
$sql = 'INSERT INTO ' . DEPT_TABLE . ' ' . $sql . ',created=NOW()';
if (db_query($sql) && ($deptID = db_insert_id())) {
return $deptID;
}
$errors['err'] = _('Unable to create department. Internal error');
}
}
return $errors ? false : true;
}
function save($id, $vars, &$errors)
{
global $cfg;
//very basic checks
$vars['name'] = Format::striptags(trim($vars['name']));
if ($id && $id != $vars['id']) {
$errors['err'] = 'Internal error. Get technical help.';
}
if (!$vars['email'] || !Validator::is_email($vars['email'])) {
$errors['email'] = 'Valid email required';
} elseif (($eid = Email::getIdByEmail($vars['email'])) && $eid != $id) {
$errors['email'] = 'Email already exits';
} elseif ($cfg && !strcasecmp($cfg->getAdminEmail(), $vars['email'])) {
$errors['email'] = 'Email already used as admin email!';
} elseif (Staff::getIdByEmail($vars['email'])) {
//make sure the email doesn't belong to any of the staff
$errors['email'] = 'Email in-use by a staff member';
}
if (!$vars['name']) {
$errors['name'] = 'Email name required';
}
if ($vars['mail_active'] || $vars['smtp_active'] && $vars['smtp_auth']) {
if (!$vars['userid']) {
$errors['userid'] = 'Username missing';
}
if (!$id && !$vars['passwd']) {
$errors['passwd'] = 'Password required';
}
}
if ($vars['mail_active']) {
//Check pop/imapinfo only when enabled.
if (!function_exists('imap_open')) {
$errors['mail_active'] = 'IMAP doesn\'t exist. PHP must be compiled with IMAP enabled.';
}
if (!$vars['mail_host']) {
$errors['mail_host'] = 'Host name required';
}
if (!$vars['mail_port']) {
$errors['mail_port'] = 'Port required';
}
if (!$vars['mail_protocol']) {
$errors['mail_protocol'] = 'Select protocol';
}
if (!$vars['mail_fetchfreq'] || !is_numeric($vars['mail_fetchfreq'])) {
$errors['mail_fetchfreq'] = 'Fetch interval required';
}
if (!$vars['mail_fetchmax'] || !is_numeric($vars['mail_fetchmax'])) {
$errors['mail_fetchmax'] = 'Maximum emails required';
}
if (!$vars['dept_id'] || !is_numeric($vars['dept_id'])) {
$errors['dept_id'] = 'You must select a Dept.';
}
if (!$vars['priority_id']) {
$errors['priority_id'] = 'You must select a priority';
}
if (!isset($vars['postfetch'])) {
$errors['postfetch'] = 'Indicate what to do with fetched emails';
} elseif (!strcasecmp($vars['postfetch'], 'archive')) {
if (!$vars['mail_archivefolder']) {
$errors['postfetch'] = 'Valid folder required';
}
}
}
if ($vars['smtp_active']) {
if (!$vars['smtp_host']) {
$errors['smtp_host'] = 'Host name required';
}
if (!$vars['smtp_port']) {
$errors['smtp_port'] = 'Port required';
}
}
//abort on errors
if ($errors) {
return false;
}
if (!$errors && ($vars['mail_host'] && $vars['userid'])) {
$sql = 'SELECT email_id FROM ' . EMAIL_TABLE . ' WHERE mail_host=' . db_input($vars['mail_host']) . ' AND userid=' . db_input($vars['userid']);
if ($id) {
$sql .= ' AND email_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['userid'] = $errors['host'] = 'Host/userid combination already in-use.';
}
}
$passwd = $vars['passwd'] ? $vars['passwd'] : $vars['cpasswd'];
if (!$errors && $vars['mail_active']) {
//note: password is unencrypted at this point...MailFetcher expect plain text.
$fetcher = new MailFetcher($vars['userid'], $passwd, $vars['mail_host'], $vars['mail_port'], $vars['mail_protocol'], $vars['mail_encryption']);
if (!$fetcher->connect()) {
$errors['err'] = 'Invalid login. Check ' . Format::htmlchars($vars['mail_protocol']) . ' settings';
$errors['mail'] = '<br>' . $fetcher->getLastError();
} elseif ($vars['mail_archivefolder'] && !$fetcher->checkMailbox($vars['mail_archivefolder'], true)) {
$errors['postfetch'] = 'Invalid or unknown mail folder! >> ' . $fetcher->getLastError() . '';
if (!$errors['mail']) {
$errors['mail'] = 'Invalid or unknown archive folder!';
}
}
}
if (!$errors && $vars['smtp_active']) {
//Check SMTP login only.
require_once 'Mail.php';
// PEAR Mail package
$smtp = mail::factory('smtp', array('host' => $vars['smtp_host'], 'port' => $vars['smtp_port'], 'auth' => $vars['smtp_auth'] ? true : false, 'username' => $vars['userid'], 'password' => $passwd, 'timeout' => 20, 'debug' => false));
$mail = $smtp->connect();
if (PEAR::isError($mail)) {
$errors['err'] = 'Unable to login. Check SMTP settings.';
$errors['smtp'] = '<br>' . $mail->getMessage();
} else {
$smtp->disconnect();
//Thank you, sir!
}
}
if ($errors) {
return false;
}
//Default to default priority and dept..
if (!$vars['priority_id'] && $cfg) {
$vars['priority_id'] = $cfg->getDefaultPriorityId();
}
if (!$vars['dept_id'] && $cfg) {
$vars['dept_id'] = $cfg->getDefaultDeptId();
}
$sql = 'updated=NOW(),mail_errors=0, mail_lastfetch=NULL' . ',email=' . db_input($vars['email']) . ',name=' . db_input(Format::striptags($vars['name'])) . ',dept_id=' . db_input($vars['dept_id']) . ',priority_id=' . db_input($vars['priority_id']) . ',noautoresp=' . db_input(isset($vars['noautoresp']) ? 1 : 0) . ',userid=' . db_input($vars['userid']) . ',mail_active=' . db_input($vars['mail_active']) . ',mail_host=' . db_input($vars['mail_host']) . ',mail_protocol=' . db_input($vars['mail_protocol'] ? $vars['mail_protocol'] : 'POP') . ',mail_encryption=' . db_input($vars['mail_encryption']) . ',mail_port=' . db_input($vars['mail_port'] ? $vars['mail_port'] : 0) . ',mail_fetchfreq=' . db_input($vars['mail_fetchfreq'] ? $vars['mail_fetchfreq'] : 0) . ',mail_fetchmax=' . db_input($vars['mail_fetchmax'] ? $vars['mail_fetchmax'] : 0) . ',smtp_active=' . db_input($vars['smtp_active']) . ',smtp_host=' . db_input($vars['smtp_host']) . ',smtp_port=' . db_input($vars['smtp_port'] ? $vars['smtp_port'] : 0) . ',smtp_auth=' . db_input($vars['smtp_auth']) . ',smtp_spoofing=' . db_input(isset($vars['smtp_spoofing']) ? 1 : 0) . ',notes=' . db_input($vars['notes']);
//Post fetch email handling...
if ($vars['postfetch'] && !strcasecmp($vars['postfetch'], 'delete')) {
$sql .= ',mail_delete=1,mail_archivefolder=NULL';
} elseif ($vars['postfetch'] && !strcasecmp($vars['postfetch'], 'archive') && $vars['mail_archivefolder']) {
$sql .= ',mail_delete=0,mail_archivefolder=' . db_input($vars['mail_archivefolder']);
} else {
$sql .= ',mail_delete=0,mail_archivefolder=NULL';
}
if ($vars['passwd']) {
//New password - encrypt.
$sql .= ',userpass='******'passwd'], SECRET_SALT));
}
if ($id) {
//update
$sql = 'UPDATE ' . EMAIL_TABLE . ' SET ' . $sql . ' WHERE email_id=' . db_input($id);
if (db_query($sql) && db_affected_rows()) {
return true;
}
$errors['err'] = 'Unable to update email. Internal error occurred';
} else {
$sql = 'INSERT INTO ' . EMAIL_TABLE . ' SET ' . $sql . ',created=NOW()';
if (db_query($sql) && ($id = db_insert_id())) {
return $id;
}
$errors['err'] = 'Unable to add email. Internal error';
}
return false;
}
function save($id, $vars, &$errors)
{
global $cfg;
$tpl = null;
$vars['name'] = Format::striptags(trim($vars['name']));
if ($id && $id != $vars['id']) {
$errors['err'] = 'Internal error. Try again';
}
if (!$vars['name']) {
$errors['name'] = 'Name required';
} elseif (($tid = Template::getIdByName($vars['name'])) && $tid != $id) {
$errors['name'] = 'Template name already exists';
}
if (!$id && (!$vars['tpl_id'] || !($tpl = Template::lookup($vars['tpl_id'])))) {
$errors['tpl_id'] = 'Selection required';
}
if ($errors) {
return false;
}
$sql = ' updated=NOW() ' . ' ,name=' . db_input($vars['name']) . ' ,isactive=' . db_input($vars['isactive']) . ' ,notes=' . db_input($vars['notes']);
if ($id) {
$sql = 'UPDATE ' . EMAIL_TEMPLATE_TABLE . ' SET ' . $sql . ' WHERE tpl_id=' . db_input($id);
if (db_query($sql)) {
return true;
}
$errors['err'] = 'Unable to update the template. Internal error occurred';
} elseif ($tpl && ($info = $tpl->getInfo())) {
$sql = 'INSERT INTO ' . EMAIL_TEMPLATE_TABLE . ' SET ' . $sql . ' ,created=NOW() ' . ' ,cfg_id=' . db_input($cfg->getId()) . ' ,ticket_autoresp_subj=' . db_input($info['ticket_autoresp_subj']) . ' ,ticket_autoresp_body=' . db_input($info['ticket_autoresp_body']) . ' ,ticket_notice_subj=' . db_input($info['ticket_notice_subj']) . ' ,ticket_notice_body=' . db_input($info['ticket_notice_body']) . ' ,ticket_alert_subj=' . db_input($info['ticket_alert_subj']) . ' ,ticket_alert_body=' . db_input($info['ticket_alert_body']) . ' ,message_autoresp_subj=' . db_input($info['message_autoresp_subj']) . ' ,message_autoresp_body=' . db_input($info['message_autoresp_body']) . ' ,message_alert_subj=' . db_input($info['message_alert_subj']) . ' ,message_alert_body=' . db_input($info['message_alert_body']) . ' ,note_alert_subj=' . db_input($info['note_alert_subj']) . ' ,note_alert_body=' . db_input($info['note_alert_body']) . ' ,assigned_alert_subj=' . db_input($info['assigned_alert_subj']) . ' ,assigned_alert_body=' . db_input($info['assigned_alert_body']) . ' ,ticket_overdue_subj=' . db_input($info['ticket_overdue_subj']) . ' ,ticket_overdue_body=' . db_input($info['ticket_overdue_body']) . ' ,ticket_overlimit_subj=' . db_input($info['ticket_overlimit_subj']) . ' ,ticket_overlimit_body=' . db_input($info['ticket_overlimit_body']) . ' ,ticket_reply_subj=' . db_input($info['ticket_reply_subj']) . ' ,ticket_reply_body=' . db_input($info['ticket_reply_body']);
if (db_query($sql) && ($id = db_insert_id())) {
return $id;
}
$errors['err'] = 'Unable to create template. Internal error';
}
return false;
}
function save($id, $vars, &$errors, $validation = false)
{
//Cleanup.
$vars['question'] = Format::striptags(trim($vars['question']));
//validate
if ($id && $id != $vars['id']) {
$errors['err'] = __('Internal error. Try again');
}
if (!$vars['question']) {
$errors['question'] = __('Question required');
} elseif (($qid = self::findIdByQuestion($vars['question'])) && $qid != $id) {
$errors['question'] = __('Question already exists');
}
if (!$vars['category_id'] || !($category = Category::lookup($vars['category_id']))) {
$errors['category_id'] = __('Category is required');
}
if (!$vars['answer']) {
$errors['answer'] = __('FAQ answer is required');
}
if ($errors || $validation) {
return !$errors;
}
//save
$sql = ' updated=NOW() ' . ', question=' . db_input($vars['question']) . ', answer=' . db_input(Format::sanitize($vars['answer'], false)) . ', category_id=' . db_input($vars['category_id']) . ', ispublished=' . db_input(isset($vars['ispublished']) ? $vars['ispublished'] : 0) . ', notes=' . db_input(Format::sanitize($vars['notes']));
if ($id) {
$sql = 'UPDATE ' . FAQ_TABLE . ' SET ' . $sql . ' WHERE faq_id=' . db_input($id);
if (db_query($sql)) {
return true;
}
$errors['err'] = sprintf(__('Unable to update %s.'), __('this FAQ article'));
} else {
$sql = 'INSERT INTO ' . FAQ_TABLE . ' SET ' . $sql . ',created=NOW()';
if (db_query($sql) && ($id = db_insert_id())) {
Signal::send('model.created', FAQ::lookup($id));
return $id;
}
$errors['err'] = sprintf(__('Unable to create %s.'), __('this FAQ article')) . ' ' . __('Internal error occurred');
}
return false;
}
function save($id, $vars, &$errors)
{
global $ost;
$tpl = null;
$vars['name'] = Format::striptags(trim($vars['name']));
if ($id && $id != $vars['tpl_id']) {
$errors['err'] = __('Internal error occurred');
}
if (!$vars['name']) {
$errors['name'] = __('Name is required');
} elseif (($tid = EmailTemplateGroup::getIdByName($vars['name'])) && $tid != $id) {
$errors['name'] = __('Template name already exists');
}
if (!$id && ($vars['tpl_id'] && !($tpl = EmailTemplateGroup::lookup($vars['tpl_id'])))) {
$errors['tpl_id'] = __('Invalid template set specified');
}
if ($errors) {
return false;
}
$sql = ' updated=NOW() ' . ' ,name=' . db_input($vars['name']) . ' ,isactive=' . db_input($vars['isactive']) . ' ,notes=' . db_input(Format::sanitize($vars['notes']));
if ($vars['lang_id']) {
// TODO: Validation of lang_id
$sql .= ',lang=' . db_input($vars['lang_id']);
}
if ($id) {
$sql = 'UPDATE ' . EMAIL_TEMPLATE_GRP_TABLE . ' SET ' . $sql . ' WHERE tpl_id=' . db_input($id);
if (db_query($sql)) {
return true;
}
$errors['err'] = sprintf(__('Unable to update %s.'), __('this template set')) . ' ' . __('Internal error occurred');
} else {
if (isset($vars['id'])) {
$sql .= ', tpl_id=' . db_input($vars['id']);
}
$sql = 'INSERT INTO ' . EMAIL_TEMPLATE_GRP_TABLE . ' SET created=NOW(), ' . $sql;
if (!db_query($sql) || !($new_id = db_insert_id())) {
$errors['err'] = sprintf(__('Unable to create %s.'), __('this template set')) . ' ' . __('Internal error occurred');
return false;
}
if ($tpl && ($info = $tpl->getInfo())) {
$sql = 'INSERT INTO ' . EMAIL_TEMPLATE_TABLE . '
(created, updated, tpl_id, code_name, subject, body)
SELECT NOW() as created, NOW() as updated, ' . db_input($new_id) . ' as tpl_id, code_name, subject, body
FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE tpl_id=' . db_input($tpl->getId());
if (!db_query($sql) || !db_insert_id()) {
return false;
}
}
return $new_id;
}
return false;
}
function sanitize($text, $striptags = false)
{
//balance and neutralize unsafe tags.
$text = Format::safe_html($text);
$text = self::localizeInlineImages($text);
//If requested - strip tags with decoding disabled.
return $striptags ? Format::striptags($text, false) : $text;
}
function save($id, $vars, &$errors)
{
if ($id && $vars['id'] != $id) {
$errors['err'] = __('Missing or invalid group ID');
}
if (!$vars['name']) {
$errors['name'] = __('Group name required');
} elseif (strlen($vars['name']) < 3) {
$errors['name'] = __('Group name must be at least 3 chars.');
} elseif (($gid = Group::getIdByName($vars['name'])) && $gid != $id) {
$errors['name'] = __('Group name already exists');
}
if ($errors) {
return false;
}
$sql = ' SET updated=NOW() ' . ', group_name=' . db_input(Format::striptags($vars['name'])) . ', group_enabled=' . db_input($vars['isactive']) . ', can_create_tickets=' . db_input($vars['can_create_tickets']) . ', can_delete_tickets=' . db_input($vars['can_delete_tickets']) . ', can_edit_tickets=' . db_input($vars['can_edit_tickets']) . ', can_assign_tickets=' . db_input($vars['can_assign_tickets']) . ', can_transfer_tickets=' . db_input($vars['can_transfer_tickets']) . ', can_close_tickets=' . db_input($vars['can_close_tickets']) . ', can_ban_emails=' . db_input($vars['can_ban_emails']) . ', can_manage_premade=' . db_input($vars['can_manage_premade']) . ', can_manage_faq=' . db_input($vars['can_manage_faq']) . ', can_post_ticket_reply=' . db_input($vars['can_post_ticket_reply']) . ', can_view_staff_stats=' . db_input($vars['can_view_staff_stats']) . ', notes=' . db_input(Format::sanitize($vars['notes']));
if ($id) {
$sql = 'UPDATE ' . GROUP_TABLE . ' ' . $sql . ' WHERE group_id=' . db_input($id);
if ($res = db_query($sql)) {
return true;
}
$errors['err'] = sprintf(__('Unable to update %s.'), __('this group')) . ' ' . __('Internal error occurred');
} else {
$sql = 'INSERT INTO ' . GROUP_TABLE . ' ' . $sql . ',created=NOW()';
if (($res = db_query($sql)) && ($id = db_insert_id())) {
return $id;
}
$errors['err'] = sprintf(__('Unable to create %s.'), __('this group')) . ' ' . __('Internal error occurred');
}
return false;
}
function searchable($value)
{
$value = preg_replace(array('`<br(\\s*)?/?>`i', '`</div>`i'), "\n", $value);
$value = Format::htmldecode(Format::striptags($value));
return Format::searchable($value);
}
$errors['lastname'] = 'Last name required';
}
if (!$_POST['email'] || !Validator::is_email($_POST['email'])) {
$errors['email'] = 'Valid email required';
}
if ($_POST['phone'] && !Validator::is_phone($_POST['phone'])) {
$errors['phone'] = 'Enter a valid number';
}
if ($_POST['mobile'] && !Validator::is_phone($_POST['mobile'])) {
$errors['mobile'] = 'Enter a valid number';
}
if ($_POST['phone_ext'] && !is_numeric($_POST['phone_ext'])) {
$errors['phone_ext'] = 'Invalid ext.';
}
if (!$errors) {
$sql = 'UPDATE ' . STAFF_TABLE . ' SET updated=NOW() ' . ',firstname=' . db_input(Format::striptags($_POST['firstname'])) . ',lastname=' . db_input(Format::striptags($_POST['lastname'])) . ',email=' . db_input($_POST['email']) . ',phone="' . db_input($_POST['phone'], false) . '"' . ',phone_ext=' . db_input($_POST['phone_ext']) . ',mobile="' . db_input($_POST['mobile'], false) . '"' . ',signature=' . db_input(Format::striptags($_POST['signature'])) . ' WHERE staff_id=' . db_input($thisuser->getId());
if (db_query($sql) && db_affected_rows()) {
$msg = 'Profile Updated Successfully';
} else {
$errors['err'] = 'Error(s) occured. Profile NOT updated';
}
} else {
$errors['err'] = 'Error(s) below occured. Try again';
}
break;
default:
$errors['err'] = 'Uknown action';
}
//Reload user info if no errors.
if (!$errors) {
$thisuser->reload();
function create($vars, &$errors, $origin, $autorespond = true, $alertstaff = true)
{
global $cfg, $thisclient, $_FILES;
//Make sure the email is not banned
if ($vars['email'] && EmailFilter::isBanned($vars['email'])) {
$errors['err'] = 'Ticket denied. Error #403';
Sys::log(LOG_WARNING, 'Ticket denied', 'Banned email - ' . $vars['email']);
return 0;
}
$id = 0;
$fields = array();
$fields['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required');
$fields['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$fields['subject'] = array('type' => 'string', 'required' => 1, 'error' => 'Subject required');
$fields['message'] = array('type' => 'text', 'required' => 1, 'error' => 'Message required');
switch (strtolower($origin)) {
case 'web':
$fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => 'Select help topic');
break;
case 'staff':
$fields['deptId'] = array('type' => 'int', 'required' => 1, 'error' => 'Dept. required');
$fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => 'Topic required');
$fields['duedate'] = array('type' => 'date', 'required' => 0, 'error' => 'Invalid date - must be MM/DD/YY');
case 'api':
$fields['source'] = array('type' => 'string', 'required' => 1, 'error' => 'Indicate source');
break;
case 'email':
$fields['emailId'] = array('type' => 'int', 'required' => 1, 'error' => 'Email unknown');
break;
default:
# TODO: Return error message
$errors['origin'] = 'Invalid origin given';
}
$fields['pri'] = array('type' => 'int', 'required' => 0, 'error' => 'Invalid Priority');
$fields['phone'] = array('type' => 'phone', 'required' => 0, 'error' => 'Valid phone # required');
if (!Validator::process($fields, $vars, $errors) && !$errors['err']) {
$errors['err'] = 'Missing or invalid data - check the errors and try again';
}
//Make sure phone extension is valid
if ($vars['phone_ext']) {
if (!is_numeric($vars['phone_ext']) && !$errors['phone']) {
$errors['phone'] = 'Invalid phone ext.';
} elseif (!$vars['phone']) {
//make sure they just didn't enter ext without phone # XXX: reconsider allowing!
$errors['phone'] = 'Phone number required';
}
}
//Make sure the due date is valid
if ($vars['duedate']) {
if (!$vars['time'] || strpos($vars['time'], ':') === false) {
$errors['time'] = 'Select time';
} elseif (strtotime($vars['duedate'] . ' ' . $vars['time']) === false) {
$errors['duedate'] = 'Invalid duedate';
} elseif (strtotime($vars['duedate'] . ' ' . $vars['time']) <= time()) {
$errors['duedate'] = 'Due date must be in the future';
}
}
//check attachment..if any is set ...only set on webbased tickets..
//XXX:?? Create ticket anyway and simply drop the attachments?? We're already doing so with emails.
if ($_FILES['attachment']['name'] && $cfg->allowOnlineAttachments()) {
if (!$cfg->canUploadFileType($_FILES['attachment']['name'])) {
$errors['attachment'] = 'Invalid file type [ ' . Format::htmlchars($_FILES['attachment']['name']) . ' ]';
} elseif ($_FILES['attachment']['size'] > $cfg->getMaxFileSize()) {
$errors['attachment'] = 'File is too big. Max ' . $cfg->getMaxFileSize() . ' bytes allowed';
}
}
# Perform email filter actions on the new ticket arguments XXX: Move filter to the top and check for reject...
if (!$errors && ($ef = new EmailFilter($vars))) {
$ef->apply($vars);
}
# Some things will need to be unpacked back into the scope of this
# function
if (isset($vars['autorespond'])) {
$autorespond = $vars['autorespond'];
}
//check ticket limits..if limit set is >0
//TODO: Base ticket limits on SLA... XXX: move it elsewhere??
if ($vars['email'] && !$errors && $cfg->getMaxOpenTickets() > 0 && strcasecmp($origin, 'staff')) {
$openTickets = Ticket::getOpenTicketsByEmail($vars['email']);
if ($openTickets >= $cfg->getMaxOpenTickets()) {
$errors['err'] = "You've reached the maximum open tickets allowed.";
//Send the notice only once (when the limit is reached) incase of autoresponders at client end.
if ($cfg->getMaxOpenTickets() == $openTickets && $cfg->sendOverlimitNotice()) {
if ($vars['deptId']) {
$dept = Dept::lookup($vars['deptId']);
}
if (!$dept || !($tpl = $dept->getTemplate())) {
$tpl = $cfg->getDefaultTemplate();
}
if (!$dept || !($email = $dept->getAutoRespEmail())) {
$email = $cfg->getDefaultEmail();
}
if ($tpl && ($msg = $tpl->getOverlimitMsgTemplate()) && $email) {
$body = str_replace('%name', $vars['name'], $msg['body']);
$body = str_replace('%email', $vars['email'], $msg['body']);
$body = str_replace('%url', $cfg->getBaseUrl(), $body);
$body = str_replace('%signature', $dept && $dept->isPublic() ? $dept->getSignature() : '', $body);
$email->send($vars['email'], $msg['subj'], $body);
}
//Log + Alert admin...this might be spammy (no option to disable)...but it is helpful..I think.
$msg = 'Support ticket request denied for ' . $vars['email'] . "\n" . 'Open ticket:' . $openTickets . "\n" . 'Max Allowed:' . $cfg->getMaxOpenTickets() . "\n\nNotice only sent once";
Sys::log(LOG_CRIT, 'Overlimit Notice', $msg);
}
}
}
//Any error above is fatal.
if ($errors) {
return 0;
}
// OK...just do it.
$deptId = $vars['deptId'];
//pre-selected Dept if any.
$priorityId = $vars['pri'];
$source = ucfirst($vars['source']);
$topic = NULL;
// Intenal mapping magic...see if we need to overwrite anything
if (isset($vars['topicId']) && ($topic = Topic::lookup($vars['topicId']))) {
//Ticket created via web by user/or staff
$deptId = $deptId ? $deptId : $topic->getDeptId();
$priorityId = $priorityId ? $priorityId : $topic->getPriorityId();
if ($autorespond) {
$autorespond = $topic->autoRespond();
}
$source = $vars['source'] ? $vars['source'] : 'Web';
} elseif ($vars['emailId'] && !$vars['deptId'] && ($email = Email::lookup($vars['emailId']))) {
//Emailed Tickets
$deptId = $email->getDeptId();
$priorityId = $priorityId ? $priorityId : $email->getPriorityId();
if ($autorespond) {
$autorespond = $email->autoRespond();
}
$email = null;
$source = 'Email';
} elseif ($vars['deptId']) {
//Opened by staff.
$deptId = $vars['deptId'];
$source = ucfirst($vars['source']);
}
//Last minute checks
$priorityId = $priorityId ? $priorityId : $cfg->getDefaultPriorityId();
$deptId = $deptId ? $deptId : $cfg->getDefaultDeptId();
$topicId = $vars['topicId'] ? $vars['topicId'] : 0;
$ipaddress = $vars['ip'] ? $vars['ip'] : $_SERVER['REMOTE_ADDR'];
//We are ready son...hold on to the rails.
$extId = Ticket::genExtRandID();
$sql = 'INSERT INTO ' . TICKET_TABLE . ' SET created=NOW() ' . ' ,lastmessage= NOW()' . ' ,ticketID=' . db_input($extId) . ' ,dept_id=' . db_input($deptId) . ' ,topic_id=' . db_input($topicId) . ' ,priority_id=' . db_input($priorityId) . ' ,email=' . db_input($vars['email']) . ' ,name=' . db_input(Format::striptags($vars['name'])) . ' ,subject=' . db_input(Format::striptags($vars['subject'])) . ' ,phone="' . db_input($vars['phone'], false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext'] ? $vars['phone_ext'] : '') . ' ,ip_address=' . db_input($ipaddress) . ' ,source=' . db_input($source);
//Make sure the origin is staff - avoid firebug hack!
if ($vars['duedate'] && !strcasecmp($origin, 'staff')) {
$sql .= ' ,duedate=' . db_input(date('Y-m-d G:i', Misc::dbtime($vars['duedate'] . ' ' . $vars['time'])));
}
if (!db_query($sql) || !($id = db_insert_id()) || !($ticket = Ticket::lookup($id))) {
return null;
}
/* -------------------- POST CREATE ------------------------ */
$dept = $ticket->getDept();
if (!$cfg->useRandomIds()) {
//Sequential ticketIDs support really..really suck arse.
$extId = $id;
//To make things really easy we are going to use autoincrement ticket_id.
db_query('UPDATE ' . TICKET_TABLE . ' SET ticketID=' . db_input($extId) . ' WHERE ticket_id=' . $id . ' LIMIT 1');
//TODO: RETHING what happens if this fails?? [At the moment on failure random ID is used...making stuff usable]
}
//post the message.
$msgid = $ticket->postMessage($vars['message'], $source, $vars['mid'], $vars['header'], true);
//TODO: recover from postMessage error??
//Upload attachments...web based. - XXX: Assumes user uploaded attachments!! XXX: move it to client interface.
if ($_FILES['attachment']['name'] && $cfg->allowOnlineAttachments() && $msgid) {
if (!$cfg->allowAttachmentsOnlogin() || $cfg->allowAttachmentsOnlogin() && ($thisuser && $thisuser->isValid())) {
$ticket->uploadAttachment($_FILES['attachment'], $msgid, 'M');
}
}
// Configure service-level-agreement for this ticket
$ticket->selectSLAId($vars['slaId']);
//Auto assign staff or team - auto assignment based on filter rules.
if ($vars['staffId'] && !$vars['assignId']) {
$ticket->assignToStaff($vars['staffId'], 'auto-assignment');
}
if ($vars['teamId'] && !$vars['assignId']) {
$ticket->assignToTeam($vars['teamId'], 'auto-assignment');
}
/********** double check auto-response ************/
//Overwrite auto responder if the FROM email is one of the internal emails...loop control.
if ($autorespond && Email::getIdByEmail($ticket->getEmail())) {
$autorespond = false;
}
if ($autorespond && $dept && !$dept->autoRespONNewTicket()) {
$autorespond = false;
}
# Messages that are clearly auto-responses from email systems should
# not have a return 'ping' message
if ($autorespond && $vars['header'] && EmailFilter::isAutoResponse(Mail_Parse::splitHeaders($vars['header']))) {
$autorespond = false;
}
//Don't auto respond to mailer daemons.
if ($autorespond && (strpos(strtolower($vars['email']), 'mailer-daemon@') !== false || strpos(strtolower($vars['email']), 'postmaster@') !== false)) {
$autorespond = false;
}
/***** See if we need to send some alerts ****/
$ticket->onNewTicket($vars['message'], $autorespond, $alertstaff);
return $ticket;
}
function clean(&$what)
{
if (isset($what['topic'])) {
$what['topic'] = Format::striptags(trim($what['topic']));
}
}
function save($id, $vars, &$errors)
{
$vars['username'] = Format::striptags($vars['username']);
$vars['firstname'] = Format::striptags($vars['firstname']);
$vars['lastname'] = Format::striptags($vars['lastname']);
if ($id && $id != $vars['id']) {
$errors['err'] = __('Internal Error');
}
if (!$vars['firstname']) {
$errors['firstname'] = __('First name required');
}
if (!$vars['lastname']) {
$errors['lastname'] = __('Last name required');
}
$error = '';
if (!$vars['username'] || !Validator::is_username($vars['username'], $error)) {
$errors['username'] = $error ? $error : __('Username is required');
} elseif (($uid = Staff::getIdByUsername($vars['username'])) && $uid != $id) {
$errors['username'] = __('Username already in use');
}
if (!$vars['email'] || !Validator::is_valid_email($vars['email'])) {
$errors['email'] = __('Valid email is required');
} elseif (Email::getIdByEmail($vars['email'])) {
$errors['email'] = __('Already in use system email');
} elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $id) {
$errors['email'] = __('Email already in use by another agent');
}
if ($vars['phone'] && !Validator::is_phone($vars['phone'])) {
$errors['phone'] = __('Valid phone number is required');
}
if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) {
$errors['mobile'] = __('Valid phone number is required');
}
if ($vars['passwd1'] || $vars['passwd2'] || !$id) {
if ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) {
$errors['passwd2'] = __('Passwords do not match');
} elseif ($vars['backend'] != 'local' || $vars['welcome_email']) {
// Password can be omitted
} elseif (!$vars['passwd1'] && !$id) {
$errors['passwd1'] = __('Temporary password is required');
$errors['temppasswd'] = __('Required');
} elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) {
$errors['passwd1'] = __('Password must be at least 6 characters');
}
}
if (!$vars['dept_id']) {
$errors['dept_id'] = __('Department is required');
}
if (!$vars['group_id']) {
$errors['group_id'] = __('Group is required');
}
if (!$vars['timezone_id']) {
$errors['timezone_id'] = __('Time zone selection is required');
}
// Ensure we will still have an administrator with access
if ($vars['isadmin'] !== '1' || $vars['isactive'] !== '1') {
$sql = 'select count(*), max(staff_id) from ' . STAFF_TABLE . ' WHERE isadmin=1 and isactive=1';
if (($res = db_query($sql)) && (list($count, $sid) = db_fetch_row($res))) {
if ($count == 1 && $sid == $id) {
$errors['isadmin'] = __('Cowardly refusing to remove or lock out the only active administrator');
}
}
}
if ($errors) {
return false;
}
$sql = 'SET updated=NOW() ' . ' ,isadmin=' . db_input($vars['isadmin']) . ' ,isactive=' . db_input($vars['isactive']) . ' ,isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ' ,onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ' ,assigned_only=' . db_input(isset($vars['assigned_only']) ? 1 : 0) . ' ,dept_id=' . db_input($vars['dept_id']) . ' ,group_id=' . db_input($vars['group_id']) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,username='******'username']) . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,backend=' . db_input($vars['backend']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,notes=' . db_input(Format::sanitize($vars['notes']));
if ($vars['passwd1']) {
$sql .= ' ,passwd=' . db_input(Passwd::hash($vars['passwd1']));
if (isset($vars['change_passwd'])) {
$sql .= ' ,change_passwd=1';
}
} elseif (!isset($vars['change_passwd'])) {
$sql .= ' ,change_passwd=0';
}
if ($id) {
$sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id);
if (db_query($sql) && db_affected_rows()) {
return true;
}
$errors['err'] = sprintf(__('Unable to update %s.'), __('this agent')) . ' ' . __('Internal error occurred');
} else {
$sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ', created=NOW()';
if (db_query($sql) && ($uid = db_insert_id())) {
return $uid;
}
$errors['err'] = sprintf(__('Unable to create %s.'), __('this agent')) . ' ' . __('Internal error occurred');
}
return false;
}
function save($id, $vars, &$errors)
{
global $cfg;
$vars['topic'] = Format::striptags(trim($vars['topic']));
if ($id && $id != $vars['id']) {
$errors['err'] = __('Internal error occurred');
}
if (!$vars['topic']) {
$errors['topic'] = __('Help topic name is required');
} elseif (strlen($vars['topic']) < 5) {
$errors['topic'] = __('Topic is too short. Five characters minimum');
} elseif (($tid = self::getIdByName($vars['topic'], $vars['topic_pid'])) && $tid != $id) {
$errors['topic'] = __('Topic already exists');
}
if (!is_numeric($vars['dept_id'])) {
$errors['dept_id'] = __('Department selection is required');
}
if ($vars['custom-numbers'] && !preg_match('`(?!<\\\\)#`', $vars['number_format'])) {
$errors['number_format'] = 'Ticket number format requires at least one hash character (#)';
}
if ($errors) {
return false;
}
foreach (array('sla_id', 'form_id', 'page_id', 'topic_pid') as $f) {
if (!isset($vars[$f])) {
$vars[$f] = 0;
}
}
$sql = ' updated=NOW() ' . ',topic=' . db_input($vars['topic']) . ',topic_pid=' . db_input($vars['topic_pid']) . ',dept_id=' . db_input($vars['dept_id']) . ',priority_id=' . db_input($vars['priority_id']) . ',status_id=' . db_input($vars['status_id']) . ',sla_id=' . db_input($vars['sla_id']) . ',form_id=' . db_input($vars['form_id']) . ',page_id=' . db_input($vars['page_id']) . ',isactive=' . db_input($vars['isactive']) . ',ispublic=' . db_input($vars['ispublic']) . ',sequence_id=' . db_input($vars['custom-numbers'] ? $vars['sequence_id'] : 0) . ',number_format=' . db_input($vars['custom-numbers'] ? $vars['number_format'] : '') . ',flags=' . db_input($vars['custom-numbers'] ? self::FLAG_CUSTOM_NUMBERS : 0) . ',noautoresp=' . db_input(isset($vars['noautoresp']) && $vars['noautoresp'] ? 1 : 0) . ',notes=' . db_input(Format::sanitize($vars['notes']));
//Auto assign ID is overloaded...
if ($vars['assign'] && $vars['assign'][0] == 's') {
$sql .= ',team_id=0, staff_id=' . db_input(preg_replace("/[^0-9]/", "", $vars['assign']));
} elseif ($vars['assign'] && $vars['assign'][0] == 't') {
$sql .= ',staff_id=0, team_id=' . db_input(preg_replace("/[^0-9]/", "", $vars['assign']));
} else {
$sql .= ',staff_id=0, team_id=0 ';
}
//no auto-assignment!
$rv = false;
if ($id) {
$sql = 'UPDATE ' . TOPIC_TABLE . ' SET ' . $sql . ' WHERE topic_id=' . db_input($id);
if (!($rv = db_query($sql))) {
$errors['err'] = sprintf(__('Unable to update %s.'), __('this help topic')) . ' ' . __('Internal error occurred');
}
} else {
if (isset($vars['topic_id'])) {
$sql .= ', topic_id=' . db_input($vars['topic_id']);
}
// If in manual sort mode, place the new item directly below the
// parent item
if ($vars['topic_pid'] && $cfg && $cfg->getTopicSortMode() != 'a') {
$sql .= ', `sort`=' . db_input(db_result(db_query('SELECT COALESCE(`sort`,0)+1 FROM ' . TOPIC_TABLE . ' WHERE `topic_id`=' . db_input($vars['topic_pid']))));
}
$sql = 'INSERT INTO ' . TOPIC_TABLE . ' SET ' . $sql . ',created=NOW()';
if (db_query($sql) && ($id = db_insert_id())) {
$rv = $id;
} else {
$errors['err'] = sprintf(__('Unable to create %s.'), __('this help topic')) . ' ' . __('Internal error occurred');
}
}
if (!$cfg || $cfg->getTopicSortMode() == 'a') {
static::updateSortOrder();
}
return $rv;
}
function save($id, $vars, &$errors)
{
include_once INCLUDE_DIR . 'class.dept.php';
if ($id && $id != $vars['staff_id']) {
$errors['err'] = 'Internal Error';
}
if (!$vars['firstname'] || !$vars['lastname']) {
$errors['name'] = 'First and last name required';
}
if (!$vars['username'] || strlen($vars['username']) < 3) {
$errors['username'] = '******';
} else {
//check if the username is already in-use.
$sql = 'SELECT staff_id FROM ' . STAFF_TABLE . ' WHERE username='******'username']);
if ($id) {
$sql .= ' AND staff_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['username'] = '******';
}
}
if (!$vars['email'] || !Validator::is_email($vars['email'])) {
$errors['email'] = 'Valid email required';
} elseif (Email::getIdByEmail($vars['email'])) {
$errors['email'] = 'Already in-use system email';
}
if ($vars['phone'] && !Validator::is_phone($vars['phone'])) {
$errors['phone'] = 'Valid number required';
}
if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) {
$errors['mobile'] = 'Valid number required';
}
if ($vars['npassword'] || $vars['vpassword'] || !$id) {
if (!$vars['npassword'] && !$id) {
$errors['npassword'] = '******';
} elseif ($vars['npassword'] && strcmp($vars['npassword'], $vars['vpassword'])) {
$errors['vpassword'] = '******';
} elseif ($vars['npassword'] && strlen($vars['npassword']) < 6) {
$errors['npassword'] = '******';
}
}
if (!$vars['dept_id']) {
$errors['dept'] = 'Department required';
}
if (!$vars['group_id']) {
$errors['group'] = 'Group required';
}
if (!$errors) {
$sql = ' SET updated=NOW() ' . ',isadmin=' . db_input($vars['isadmin']) . ',isactive=' . db_input($vars['isactive']) . ',new_tkt_not=' . db_input($vars['new_tkt_not']) . ',close_tkt_not=' . db_input($vars['close_tkt_not']) . ',isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ',onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ',dept_id=' . db_input($vars['dept_id']) . ',group_id=' . db_input($vars['group_id']) . ',username='******'username'])) . ',firstname=' . db_input(Format::striptags($vars['firstname'])) . ',lastname=' . db_input(Format::striptags($vars['lastname'])) . ',email=' . db_input($vars['email']) . ',phone="' . db_input($vars['phone'], false) . '"' . ',phone_ext=' . db_input($vars['phone_ext']) . ',mobile="' . db_input($vars['mobile'], false) . '"' . ',signature=' . db_input(Format::striptags($vars['signature']));
if ($vars['npassword']) {
$sql .= ',passwd=' . db_input(md5($vars['npassword']));
}
if (isset($vars['resetpasswd'])) {
$sql .= ',change_passwd=1';
}
if ($id) {
$sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id);
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = 'Unable to update the user. Internal error occured';
}
} else {
$sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ',created=NOW()';
if (db_query($sql) && ($uID = db_insert_id())) {
return $uID;
}
$errors['err'] = 'Unable to create user. Internal error';
}
}
return $errors ? false : true;
}
function save($id, $vars, &$errors)
{
global $cfg;
//very basic checks
if ($id && $id != $vars['email_id']) {
$errors['err'] = 'Internal error.';
}
if (!$vars['email'] || !Validator::is_email($vars['email'])) {
$errors['email'] = 'Valid email required';
} elseif (($eid = Email::getIdByEmail($vars['email'])) && $eid != $id) {
$errors['email'] = 'Email already exits';
} elseif (!strcasecmp($cfg->getAdminEmail(), $vars['email'])) {
$errors['email'] = 'Email already used as admin email!';
} else {
//make sure the email doesn't belong to any of the staff
$sql = 'SELECT staff_id FROM ' . STAFF_TABLE . ' WHERE email=' . db_input($vars['email']);
if (($res = db_query($sql)) && db_num_rows($res)) {
$errors['email'] = 'Email in-use by a staff member';
}
}
if (!$vars['dept_id'] || !is_numeric($vars['dept_id'])) {
$errors['dept_id'] = 'You must select a Dept.';
}
if (!$vars['priority_id']) {
$errors['priority_id'] = 'You must select a priority';
}
if ($vars['mail_active'] || $vars['smtp_active'] && $vars['smtp_auth']) {
if (!$vars['userid']) {
$errors['userid'] = 'Username missing';
}
if (!$vars['userpass']) {
$errors['userpass'] = '******';
}
}
if ($vars['mail_active']) {
//Check pop/imapinfo only when enabled.
if (!function_exists('imap_open')) {
$errors['mail_active'] = 'IMAP doesn\'t exist. PHP must be compiled with IMAP enabled.';
}
if (!$vars['mail_host']) {
$errors['mail_host'] = 'Host name required';
}
if (!$vars['mail_port']) {
$errors['mail_port'] = 'Port required';
}
if (!$vars['mail_protocol']) {
$errors['mail_protocol'] = 'Select protocol';
}
if (!$vars['mail_fetchfreq'] || !is_numeric($vars['mail_fetchfreq'])) {
$errors['mail_fetchfreq'] = 'Fetch interval required';
}
if (!$vars['mail_fetchmax'] || !is_numeric($vars['mail_fetchmax'])) {
$errors['mail_fetchmax'] = 'Maximum emails required';
}
}
if ($vars['smtp_active']) {
if (!$vars['smtp_host']) {
$errors['smtp_host'] = 'Host name required';
}
if (!$vars['smtp_port']) {
$errors['smtp_port'] = 'Port required';
}
}
if (!$errors && ($vars['mail_host'] && $vars['userid'])) {
$sql = 'SELECT email_id FROM ' . EMAIL_TABLE . ' WHERE mail_host=' . db_input($vars['mail_host']) . ' AND userid=' . db_input($vars['userid']);
if ($id) {
$sql .= ' AND email_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['userid'] = $errors['host'] = 'Another department using host/username combination.';
}
}
if (!$errors && $vars['mail_active']) {
//note: password is unencrypted at this point...MailFetcher expect plain text.
$fetcher = new MailFetcher($vars['userid'], $vars['userpass'], $vars['mail_host'], $vars['mail_port'], $vars['mail_protocol'], $vars['mail_encryption']);
if (!$fetcher->connect()) {
$errors['userpass'] = '******' . $vars['mail_protocol'] . ' settings';
$errors['mail'] = '<br>' . $fetcher->getLastError();
}
}
if (!$errors && $vars['smtp_active']) {
//Check SMTP login only.
require_once 'Mail.php';
// PEAR Mail package
$smtp = mail::factory('smtp', array('host' => $vars['smtp_host'], 'port' => $vars['smtp_port'], 'auth' => $vars['smtp_auth'] ? true : false, 'username' => $vars['userid'], 'password' => $vars['userpass'], 'timeout' => 20, 'debug' => false));
$mail = $smtp->connect();
if (PEAR::isError($mail)) {
$errors['userpass'] = '******';
$errors['smtp'] = '<br>' . $mail->getMessage();
} else {
$smtp->disconnect();
//Thank you, sir!
}
}
if (!$errors) {
$sql = 'updated=NOW(),mail_errors=0, mail_lastfetch=NULL' . ',email=' . db_input($vars['email']) . ',name=' . db_input(Format::striptags($vars['name'])) . ',dept_id=' . db_input($vars['dept_id']) . ',priority_id=' . db_input($vars['priority_id']) . ',noautoresp=' . db_input(isset($vars['noautoresp']) ? 1 : 0) . ',userid=' . db_input($vars['userid']) . ',userpass='******'userpass'], SECRET_SALT)) . ',mail_active=' . db_input($vars['mail_active']) . ',mail_host=' . db_input($vars['mail_host']) . ',mail_protocol=' . db_input($vars['mail_protocol'] ? $vars['mail_protocol'] : 'POP') . ',mail_encryption=' . db_input($vars['mail_encryption']) . ',mail_port=' . db_input($vars['mail_port'] ? $vars['mail_port'] : 0) . ',mail_fetchfreq=' . db_input($vars['mail_fetchfreq'] ? $vars['mail_fetchfreq'] : 0) . ',mail_fetchmax=' . db_input($vars['mail_fetchmax'] ? $vars['mail_fetchmax'] : 0) . ',mail_delete=' . db_input(isset($vars['mail_delete']) ? $vars['mail_delete'] : 0) . ',smtp_active=' . db_input($vars['smtp_active']) . ',smtp_host=' . db_input($vars['smtp_host']) . ',smtp_port=' . db_input($vars['smtp_port'] ? $vars['smtp_port'] : 0) . ',smtp_auth=' . db_input($vars['smtp_auth']);
if ($id) {
//update
$sql = 'UPDATE ' . EMAIL_TABLE . ' SET ' . $sql . ' WHERE email_id=' . db_input($id);
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = 'Unable to update email. Internal error occured';
}
} else {
$sql = 'INSERT INTO ' . EMAIL_TABLE . ' SET ' . $sql . ',created=NOW()';
if (!db_query($sql) or !($emailID = db_insert_id())) {
$errors['err'] = 'Unable to add email. Internal error';
} else {
return $emailID;
}
//newly created email.
}
} else {
$errors['err'] = 'Error(s) Occured. Try again';
}
return $errors ? FALSE : TRUE;
}
function save($id, $vars, &$errors)
{
if ($id && $id != $vars['topic_id']) {
$errors['err'] = _('Internal error. Try again');
}
if (!$vars['topic']) {
$errors['topic'] = _('Help topic required');
} elseif (strlen($vars['topic']) < 5) {
$errors['topic'] = _('Topic is too short. 5 chars minimum');
} else {
$sql = 'SELECT topic_id FROM ' . TOPIC_TABLE . ' WHERE topic=' . db_input(Format::striptags($vars['topic']));
if ($id) {
$sql .= ' AND topic_id!=' . db_input($id);
}
if (($res = db_query($sql)) && db_num_rows($res)) {
$errors['topic'] = _('Topic already exists');
}
}
if (!$vars['dept_id']) {
$errors['dept_id'] = _('You must select a department');
}
if (!$vars['priority_id']) {
$errors['priority_id'] = _('You must select a priority');
}
if (!$errors) {
$sql = 'updated=NOW(),topic=' . db_input(Format::striptags($vars['topic'])) . ',isactive=' . db_input($vars['isactive']) . ',priority_id=' . db_input($vars['priority_id']) . ',dept_id=' . db_input($vars['dept_id']) . ',autoassign_id=' . db_input($vars['autoassign_id']) . ',noautoresp=' . db_input(isset($vars['noautoresp']) ? 1 : 0);
if ($id) {
$sql = 'UPDATE ' . TOPIC_TABLE . ' SET ' . $sql . ' WHERE topic_id=' . db_input($id);
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = _('Unable to update topic. Internal error occured');
}
} else {
$sql = 'INSERT INTO ' . TOPIC_TABLE . ' SET ' . $sql . ',created=NOW()';
if (!db_query($sql) or !($topicID = db_insert_id())) {
$errors['err'] = _('Unable to create the topic. Internal error');
} else {
return $topicID;
}
}
}
return $errors ? false : true;
}
function save($id, $vars, &$errors, $allowempty = false)
{
//Cleanup.
$vars['name'] = Format::striptags(trim($vars['name']));
//validate
if ($id && $id != $vars['id']) {
$errors['err'] = __('Internal error. Try again');
}
if (!$vars['type']) {
$errors['type'] = __('Type is required');
}
if (!$vars['name']) {
$errors['name'] = __('Name is required');
} elseif (($pid = self::getIdByName($vars['name'])) && $pid != $id) {
$errors['name'] = __('Name already exists');
}
if (!$vars['body'] && !$allowempty) {
$errors['body'] = __('Page body is required');
}
if ($errors) {
return false;
}
//save
$sql = ' updated=NOW() ' . ', `type`=' . db_input($vars['type']) . ', name=' . db_input($vars['name']) . ', body=' . db_input(Format::sanitize($vars['body'])) . ', isactive=' . db_input($vars['isactive'] ? 1 : 0) . ', notes=' . db_input(Format::sanitize($vars['notes']));
if ($id) {
$sql = 'UPDATE ' . PAGE_TABLE . ' SET ' . $sql . ' WHERE id=' . db_input($id);
if (db_query($sql)) {
return true;
}
$errors['err'] = sprintf(__('Unable to update %s.'), __('this site page'));
} else {
$sql = 'INSERT INTO ' . PAGE_TABLE . ' SET ' . $sql . ', created=NOW()';
if (!db_query($sql) || !($id = db_insert_id())) {
$errors['err'] = sprintf(__('Unable to create %s.'), __('this site page')) . ' ' . __('Internal error occurred');
return false;
}
$sql = 'UPDATE ' . PAGE_TABLE . ' SET `content_id`=`id`' . ' WHERE id=' . db_input($id);
if (!db_query($sql)) {
return false;
}
return $id;
}
return false;
}
function save($id, $vars, &$errors)
{
if ($id && $id != $vars['client_id']) {
$errors['err'] = _('Internal Error');
}
// Check email.
if (!$vars['client_email'] || !Validator::is_email($vars['client_email'])) {
$errors['email'] = _('Valid email required');
} elseif (Email::getIdByEmail($vars['client_email'])) {
$errors['email'] = _('Already in-use system email');
} else {
//check if the email is already in-use.
$sql = 'SELECT client_id FROM ' . CLIENT_TABLE . ' WHERE client_email=' . db_input($vars['client_email']);
if ($id) {
$sql .= ' AND client_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['email'] = _('Already in-use email');
}
}
if ($vars['client_phone'] && !Validator::is_phone($vars['client_phone'])) {
$errors['phone'] = _('Valid number required');
}
if ($vars['client_mobile'] && !Validator::is_phone($vars['client_mobile'])) {
$errors['mobile'] = _('Valid number required');
}
// Check passwords
if ($vars['npassword'] || $vars['vpassword'] || !$id) {
if (!$vars['npassword'] && !$id) {
$errors['npassword'] = _('Password required');
} elseif ($vars['npassword'] && strcmp($vars['npassword'], $vars['vpassword'])) {
$errors['vpassword'] = _('Password(s) do not match');
} elseif ($vars['npassword'] && strlen($vars['npassword']) < 6) {
$errors['npassword'] = _('Must be at least 6 characters');
} elseif ($vars['npassword'] && strlen($vars['npassword']) > 128) {
$errors['npassword'] = _('Password too long');
}
}
if (!$errors) {
$sql = ' SET client_isactive=' . db_input($vars['client_isactive']) . ',client_email=' . db_input(Format::striptags($vars['client_email'])) . ',client_firstname=' . db_input(Format::striptags($vars['client_firstname'])) . ',client_lastname=' . db_input(Format::striptags($vars['client_lastname'])) . ',client_organization=' . db_input(Format::striptags($vars['client_organization'])) . ',client_phone="' . db_input($vars['client_phone'], false) . '"' . ',client_mobile="' . db_input($vars['client_mobile'], false) . '"';
if ($vars['npassword']) {
$hash = PhpassHashedPass::hash($vars['npassword']);
$sql .= ',client_password='******'UPDATE ' . CLIENT_TABLE . ' ' . $sql . ' WHERE client_id=' . db_input($id);
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = _('Unable to update the user. Internal error occured');
}
if ($vars['old_client_email'] != $vars['client_email']) {
// Email changed? Update the tickets!
$sql = 'UPDATE ' . TICKET_TABLE . ' SET email=' . db_input(Format::striptags($vars['client_email'])) . ' WHERE email=' . db_input($vars['old_client_email']);
if (!db_query($sql)) {
$errors['err'] = _('Unable to update the user. Internal error occured');
}
//TODO: reverse the previous db operation!
}
} else {
$sql = 'INSERT INTO ' . CLIENT_TABLE . ' ' . $sql . ',client_created=NOW()';
if (db_query($sql) && ($uID = db_insert_id())) {
return $uID;
}
$errors['err'] = _('Unable to create user. Internal error');
}
}
return $errors ? false : true;
}
function save($id, $vars, &$errors)
{
global $cfg;
if ($id && $id != $vars['id']) {
$errors['err'] = __('Missing or invalid Dept ID (internal error).');
}
if (!$vars['name']) {
$errors['name'] = __('Name required');
} elseif (strlen($vars['name']) < 4) {
$errors['name'] = __('Name is too short.');
} elseif (($did = Dept::getIdByName($vars['name'])) && $did != $id) {
$errors['name'] = __('Department already exists');
}
if (!$vars['ispublic'] && $cfg && $vars['id'] == $cfg->getDefaultDeptId()) {
$errors['ispublic'] = __('System default department cannot be private');
}
if ($errors) {
return false;
}
$sql = 'SET updated=NOW() ' . ' ,ispublic=' . db_input(isset($vars['ispublic']) ? $vars['ispublic'] : 0) . ' ,email_id=' . db_input(isset($vars['email_id']) ? $vars['email_id'] : 0) . ' ,tpl_id=' . db_input(isset($vars['tpl_id']) ? $vars['tpl_id'] : 0) . ' ,sla_id=' . db_input(isset($vars['sla_id']) ? $vars['sla_id'] : 0) . ' ,autoresp_email_id=' . db_input(isset($vars['autoresp_email_id']) ? $vars['autoresp_email_id'] : 0) . ' ,manager_id=' . db_input($vars['manager_id'] ? $vars['manager_id'] : 0) . ' ,dept_name=' . db_input(Format::striptags($vars['name'])) . ' ,dept_signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,group_membership=' . db_input($vars['group_membership']) . ' ,ticket_auto_response=' . db_input(isset($vars['ticket_auto_response']) ? $vars['ticket_auto_response'] : 1) . ' ,message_auto_response=' . db_input(isset($vars['message_auto_response']) ? $vars['message_auto_response'] : 1);
if ($id) {
$sql = 'UPDATE ' . DEPT_TABLE . ' ' . $sql . ' WHERE dept_id=' . db_input($id);
if (db_query($sql) && db_affected_rows()) {
return true;
}
$errors['err'] = sprintf(__('Unable to update %s.'), __('this department')) . ' ' . __('Internal error occurred');
} else {
if (isset($vars['id'])) {
$sql .= ', dept_id=' . db_input($vars['id']);
}
$sql = 'INSERT INTO ' . DEPT_TABLE . ' ' . $sql . ',created=NOW()';
if (db_query($sql) && ($id = db_insert_id())) {
return $id;
}
$errors['err'] = sprintf(__('Unable to create %s.'), __('this department')) . ' ' . __('Internal error occurred');
}
return false;
}
function save($id, $vars, &$errors, $validation = false)
{
//Cleanup.
$vars['question'] = Format::striptags(trim($vars['question']));
//validate
if ($id && $id != $vars['id']) {
$errors['err'] = 'Internal error. Try again';
}
if (!$vars['question']) {
$errors['question'] = 'Question required';
} elseif (($qid = self::findIdByQuestion($vars['question'])) && $qid != $id) {
$errors['question'] = 'Question already exists';
}
if (!$vars['category_id'] || !($category = Category::lookup($vars['category_id']))) {
$errors['category_id'] = 'Category is required';
}
if (!$vars['answer']) {
$errors['answer'] = 'FAQ answer is required';
}
if ($errors || $validation) {
return !$errors;
}
//save
$sql = ' updated=NOW() ' . ', question=' . db_input($vars['question']) . ', answer=' . db_input(Format::safe_html($vars['answer'])) . ', category_id=' . db_input($vars['category_id']) . ', ispublished=' . db_input(isset($vars['ispublished']) ? $vars['ispublished'] : 0) . ', notes=' . db_input($vars['notes']);
if ($id) {
$sql = 'UPDATE ' . FAQ_TABLE . ' SET ' . $sql . ' WHERE faq_id=' . db_input($id);
if (db_query($sql)) {
return true;
}
$errors['err'] = 'Unable to update FAQ.';
} else {
$sql = 'INSERT INTO ' . FAQ_TABLE . ' SET ' . $sql . ',created=NOW()';
if (db_query($sql) && ($id = db_insert_id())) {
return $id;
}
$errors['err'] = 'Unable to create FAQ. Internal error';
}
return false;
}
function save($id, $vars, &$errors)
{
include_once INCLUDE_DIR . 'class.dept.php';
if ($id && $id != $vars['staff_id']) {
$errors['err'] = 'Error Interno';
}
if (!$vars['firstname'] || !$vars['lastname']) {
$errors['name'] = 'Nombre y apellidos requerido';
}
if (!$vars['username'] || strlen($vars['username']) < 3) {
$errors['username'] = '******';
} else {
//check if the username is already in-use.
$sql = 'SELECT staff_id FROM ' . STAFF_TABLE . ' WHERE username='******'username']);
if ($id) {
$sql .= ' AND staff_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['username'] = '******';
}
}
if (!$vars['email'] || !Validator::is_email($vars['email'])) {
$errors['email'] = 'Se requiere email Valido';
} elseif (Email::getIdByEmail($vars['email'])) {
$errors['email'] = 'Este Email ya se esta usando como Email del sistema';
}
if ($vars['phone'] && !Validator::is_phone($vars['phone'])) {
$errors['phone'] = 'Numero de teláfono requerido';
}
if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) {
$errors['mobile'] = 'Numero de movil Requerido';
}
if ($vars['npassword'] || $vars['vpassword'] || !$id) {
if (!$vars['npassword'] && !$id) {
$errors['npassword'] = '******';
} elseif ($vars['npassword'] && strcmp($vars['npassword'], $vars['vpassword'])) {
$errors['vpassword'] = '******';
} elseif ($vars['npassword'] && strlen($vars['npassword']) < 6) {
$errors['npassword'] = '******';
}
}
if (!$vars['dept_id']) {
$errors['dept'] = 'Departamento requerido';
}
if (!$vars['group_id']) {
$errors['group'] = 'Grupo requerido';
}
if (!$errors) {
$sql = ' SET updated=NOW() ' . ',isadmin=' . db_input($vars['isadmin']) . ',isactive=' . db_input($vars['isactive']) . ',isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ',onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ',dept_id=' . db_input($vars['dept_id']) . ',group_id=' . db_input($vars['group_id']) . ',username='******'username'])) . ',firstname=' . db_input(Format::striptags($vars['firstname'])) . ',lastname=' . db_input(Format::striptags($vars['lastname'])) . ',email=' . db_input($vars['email']) . ',phone="' . db_input($vars['phone'], false) . '"' . ',phone_ext=' . db_input($vars['phone_ext']) . ',mobile="' . db_input($vars['mobile'], false) . '"' . ',signature=' . db_input(Format::striptags($vars['signature']));
if ($vars['npassword']) {
$sql .= ',passwd=' . db_input(md5($vars['npassword']));
}
if (isset($vars['resetpasswd'])) {
$sql .= ',change_passwd=1';
}
if ($id) {
$sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id);
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = 'No se puede actualizar el usuario. Error interno';
}
} else {
$sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ',created=NOW()';
if (db_query($sql) && ($uID = db_insert_id())) {
return $uID;
}
$errors['err'] = 'No se puede crear el usuario. Error interno';
}
}
return $errors ? false : true;
}
function save($id, $vars, &$errors)
{
$vars['username'] = Format::striptags($vars['username']);
$vars['firstname'] = Format::striptags($vars['firstname']);
$vars['lastname'] = Format::striptags($vars['lastname']);
if ($id && $id != $vars['id']) {
$errors['err'] = 'Internal Error';
}
if (!$vars['firstname']) {
$errors['firstname'] = 'First name required';
}
if (!$vars['lastname']) {
$errors['lastname'] = 'Last name required';
}
$error = '';
if (!$vars['username'] || !Validator::is_username($vars['username'], $error)) {
$errors['username'] = $error ? $error : 'Username required';
} elseif (($uid = Staff::getIdByUsername($vars['username'])) && $uid != $id) {
$errors['username'] = '******';
}
if (!$vars['email'] || !Validator::is_email($vars['email'])) {
$errors['email'] = 'Valid email required';
} elseif (Email::getIdByEmail($vars['email'])) {
$errors['email'] = 'Already in-use system email';
} elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $id) {
$errors['email'] = 'Email already in use by another staff member';
}
if ($vars['phone'] && !Validator::is_phone($vars['phone'])) {
$errors['phone'] = 'Valid number required';
}
if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) {
$errors['mobile'] = 'Valid number required';
}
if ($vars['passwd1'] || $vars['passwd2'] || !$id) {
if ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) {
$errors['passwd2'] = 'Password(s) do not match';
} elseif ($vars['backend'] != 'local' || $vars['welcome_email']) {
// Password can be omitted
} elseif (!$vars['passwd1'] && !$id) {
$errors['passwd1'] = 'Temp. password required';
$errors['temppasswd'] = 'Required';
} elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) {
$errors['passwd1'] = 'Must be at least 6 characters';
}
}
if (!$vars['dept_id']) {
$errors['dept_id'] = 'Department required';
}
if (!$vars['group_id']) {
$errors['group_id'] = 'Group required';
}
if (!$vars['timezone_id']) {
$errors['timezone_id'] = 'Time zone required';
}
if ($errors) {
return false;
}
$sql = 'SET updated=NOW() ' . ' ,isadmin=' . db_input($vars['isadmin']) . ' ,isactive=' . db_input($vars['isactive']) . ' ,isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ' ,onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ' ,assigned_only=' . db_input(isset($vars['assigned_only']) ? 1 : 0) . ' ,dept_id=' . db_input($vars['dept_id']) . ' ,group_id=' . db_input($vars['group_id']) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,username='******'username']) . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,backend=' . db_input($vars['backend']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,notes=' . db_input(Format::sanitize($vars['notes']));
if ($vars['passwd1']) {
$sql .= ' ,passwd=' . db_input(Passwd::hash($vars['passwd1']));
if (isset($vars['change_passwd'])) {
$sql .= ' ,change_passwd=1';
}
} elseif (!isset($vars['change_passwd'])) {
$sql .= ' ,change_passwd=0';
}
if ($id) {
$sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id);
if (db_query($sql) && db_affected_rows()) {
return true;
}
$errors['err'] = 'Unable to update the user. Internal error occurred';
} else {
$sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ', created=NOW()';
if (db_query($sql) && ($uid = db_insert_id())) {
return $uid;
}
$errors['err'] = 'Unable to create user. Internal error';
}
return false;
}
function getBody()
{
$body = '';
if (!($body = $this->getPart($this->struct, 'text/plain'))) {
if ($body = $this->getPart($this->struct, 'text/html')) {
//Cleanup the html.
$body = str_replace("</DIV><DIV>", "\n", $body);
$body = str_replace(array("<br>", "<br />", "<BR>", "<BR />"), "\n", $body);
$body = Format::striptags($body);
}
}
return $body;
}
function save($id, $vars, &$errors, $validation = false)
{
//Cleanup.
$vars['name'] = Format::striptags(trim($vars['name']));
//validate
if ($id && $id != $vars['id']) {
$errors['err'] = 'Internal error. Try again';
}
if (!$vars['name']) {
$errors['name'] = 'Category name is required';
} elseif (strlen($vars['name']) < 3) {
$errors['name'] = 'Name is too short. 3 chars minimum';
} elseif (($cid = self::findIdByName($vars['name'])) && $cid != $id) {
$errors['name'] = 'Category already exists';
}
if (!$vars['description']) {
$errors['description'] = 'Category description is required';
}
if ($errors) {
return false;
}
/* validation only */
if ($validation) {
return true;
}
//save
$sql = ' updated=NOW() ' . ',ispublic=' . db_input(isset($vars['ispublic']) ? $vars['ispublic'] : 0) . ',name=' . db_input($vars['name']) . ',description=' . db_input(Format::safe_html($vars['description'])) . ',notes=' . db_input($vars['notes']);
if ($id) {
$sql = 'UPDATE ' . FAQ_CATEGORY_TABLE . ' SET ' . $sql . ' WHERE category_id=' . db_input($id);
if (db_query($sql)) {
return true;
}
$errors['err'] = 'Unable to update FAQ category.';
} else {
$sql = 'INSERT INTO ' . FAQ_CATEGORY_TABLE . ' SET ' . $sql . ',created=NOW()';
if (db_query($sql) && ($id = db_insert_id())) {
return $id;
}
$errors['err'] = 'Unable to create FAQ category. Internal error';
}
return false;
}
function create($var, &$errors)
{
global $cfg;
if (!$var['name']) {
$errors['name'] = 'required';
} elseif (!$errors && Template::getIdByName($var['name'])) {
$errors['name'] = _('Name already in use');
}
if (!$var['copy_template']) {
$errors['copy_template'] = 'required';
} else {
if (!$errors) {
$template = new Template($var['copy_template'], $cfg->getId());
if (!is_object($template) || !$template->getId()) {
$errors['copy_template'] = _('Unknown template');
}
}
}
$id = 0;
if (!$errors && ($info = $template->getInfo())) {
$sql = 'INSERT INTO ' . EMAIL_TEMPLATE_TABLE . ' SET updated=NOW(), created=NOW() ' . ',cfg_id=' . db_input($cfg->getId()) . ',name=' . db_input(Format::striptags($var['name'])) . ',notes=' . db_input('New template: copy of ' . $info['name']) . ',ticket_autoresp_subj=' . db_input(Format::striptags($info['ticket_autoresp_subj'])) . ',ticket_autoresp_body=' . db_input(Format::striptags($info['ticket_autoresp_body'])) . ',message_autoresp_subj=' . db_input(Format::striptags($info['message_autoresp_subj'])) . ',message_autoresp_body=' . db_input(Format::striptags($info['message_autoresp_body'])) . ',ticket_notice_subj=' . db_input(Format::striptags($info['ticket_notice_subj'])) . ',ticket_notice_body=' . db_input(Format::striptags($info['ticket_notice_body'])) . ',ticket_alert_subj=' . db_input(Format::striptags($info['ticket_alert_subj'])) . ',ticket_alert_body=' . db_input(Format::striptags($info['ticket_alert_body'])) . ',message_alert_subj=' . db_input(Format::striptags($info['message_alert_subj'])) . ',message_alert_body=' . db_input(Format::striptags($info['message_alert_body'])) . ',note_alert_subj=' . db_input(Format::striptags($info['note_alert_subj'])) . ',note_alert_body=' . db_input(Format::striptags($info['note_alert_body'])) . ',assigned_alert_subj=' . db_input(Format::striptags($info['assigned_alert_subj'])) . ',assigned_alert_body=' . db_input(Format::striptags($info['assigned_alert_body'])) . ',ticket_overdue_subj=' . db_input(Format::striptags($info['ticket_overdue_subj'])) . ',ticket_overdue_body=' . db_input(Format::striptags($info['ticket_overdue_body'])) . ',ticket_overlimit_subj=' . db_input(Format::striptags($info['ticket_overlimit_subj'])) . ',ticket_overlimit_body=' . db_input(Format::striptags($info['ticket_overlimit_body'])) . ',ticket_reply_subj=' . db_input(Format::striptags($info['ticket_reply_subj'])) . ',ticket_reply_body=' . db_input(Format::striptags($info['ticket_reply_body']));
//echo $sql;
if (!db_query($sql) || !($id = db_insert_id())) {
$errors['err'] = _('Unable to create the template. Internal error occured');
}
}
return $id;
}
function create($var, &$errors, $origin, $autorespond = true, $alertstaff = true)
{
global $cfg, $thisclient, $_FILES;
/* Coders never code so fully and joyfully as when they do it for free - Peter Rotich */
$id = 0;
$fields = array();
$fields['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required');
$fields['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$fields['subject'] = array('type' => 'string', 'required' => 1, 'error' => 'Subject required');
$fields['message'] = array('type' => 'text', 'required' => 1, 'error' => 'Message required');
if (strcasecmp($origin, 'web') == 0) {
//Help topic only applicable on web tickets.
$fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => 'Select help topic');
} elseif (strcasecmp($origin, 'staff') == 0) {
//tickets created by staff...e.g on callins.
$fields['deptId'] = array('type' => 'int', 'required' => 1, 'error' => 'Dept. required');
$fields['source'] = array('type' => 'string', 'required' => 1, 'error' => 'Indicate source');
$fields['duedate'] = array('type' => 'date', 'required' => 0, 'error' => 'Invalid date - must be MM/DD/YY');
} else {
//Incoming emails
$fields['emailId'] = array('type' => 'int', 'required' => 1, 'error' => 'Email unknown');
}
$fields['pri'] = array('type' => 'int', 'required' => 0, 'error' => 'Invalid Priority');
$fields['phone'] = array('type' => 'phone', 'required' => 0, 'error' => 'Valid phone # required');
$validate = new Validator($fields);
if (!$validate->validate($var)) {
$errors = array_merge($errors, $validate->errors());
}
//Make sure the email is not banned
if (!$errors && BanList::isbanned($var['email'])) {
$errors['err'] = 'Ticket denied. Error #403';
//We don't want to tell the user the real reason...Psssst.
Sys::log(LOG_WARNING, 'Ticket denied', 'Banned email - ' . $var['email']);
//We need to let admin know which email got banned.
}
if (!$errors && $thisclient && strcasecmp($thisclient->getEmail(), $var['email'])) {
$errors['email'] = 'Email mismatch.';
}
//Make sure phone extension is valid
if ($var['phone_ext']) {
if (!is_numeric($var['phone_ext']) && !$errors['phone']) {
$errors['phone'] = 'Invalid phone ext.';
} elseif (!$var['phone']) {
//make sure they just didn't enter ext without phone #
$errors['phone'] = 'Phone number required';
}
}
//Make sure the due date is valid
if ($var['duedate']) {
if (!$var['time'] || strpos($var['time'], ':') === false) {
$errors['time'] = 'Select time';
} elseif (strtotime($var['duedate'] . ' ' . $var['time']) === false) {
$errors['duedate'] = 'Invalid duedate';
} elseif (strtotime($var['duedate'] . ' ' . $var['time']) <= time()) {
$errors['duedate'] = 'Due date must be in the future';
}
}
//check attachment..if any is set ...only set on webbased tickets..
if ($_FILES['attachment']['name'] && $cfg->allowOnlineAttachments()) {
if (!$cfg->canUploadFileType($_FILES['attachment']['name'])) {
$errors['attachment'] = 'Invalid file type [ ' . Format::htmlchars($_FILES['attachment']['name']) . ' ]';
} elseif ($_FILES['attachment']['size'] > $cfg->getMaxFileSize()) {
$errors['attachment'] = 'File is too big. Max ' . $cfg->getMaxFileSize() . ' bytes allowed';
}
}
//check ticket limits..if limit set is >0
//TODO: Base ticket limits on SLA...
if ($var['email'] && !$errors && $cfg->getMaxOpenTickets() > 0 && strcasecmp($origin, 'staff')) {
$openTickets = Ticket::getOpenTicketsByEmail($var['email']);
if ($openTickets >= $cfg->getMaxOpenTickets()) {
$errors['err'] = "You've reached the maximum open tickets allowed.";
//Send the notice only once (when the limit is reached) incase of autoresponders at client end.
if ($cfg->getMaxOpenTickets() == $openTickets && $cfg->sendOverlimitNotice()) {
if ($var['deptId']) {
$dept = new Dept($var['deptId']);
}
if (!$dept || !($tplId = $dept->getTemplateId())) {
$tplId = $cfg->getDefaultTemplateId();
}
$sql = 'SELECT ticket_overlimit_subj,ticket_overlimit_body FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE cfg_id=' . db_input($cfg->getId()) . ' AND tpl_id=' . db_input($tplId);
$resp = db_query($sql);
if (db_num_rows($resp) && (list($subj, $body) = db_fetch_row($resp))) {
$body = str_replace("%name", $var['name'], $body);
$body = str_replace("%email", $var['email'], $body);
$body = str_replace("%url", $cfg->getBaseUrl(), $body);
$body = str_replace('%signature', $dept && $dept->isPublic() ? $dept->getSignature() : '', $body);
if (!$dept || !($email = $dept->getAutoRespEmail())) {
$email = $cfg->getDefaultEmail();
}
if ($email) {
$email->send($var['email'], $subj, $body);
}
}
//Alert admin...this might be spammy (no option to disable)...but it is helpful..I think.
$msg = 'Support ticket request denied for ' . $var['email'] . "\n" . 'Open ticket:' . $openTickets . "\n" . 'Max Allowed:' . $cfg->getMaxOpenTickets() . "\n\nNotice only sent once";
Sys::alertAdmin('Overlimit Notice', $msg);
}
}
}
//Any error above is fatal.
if ($errors) {
return 0;
}
// OK...just do it.
$deptId = $var['deptId'];
//pre-selected Dept if any.
$priorityId = $var['pri'];
$source = ucfirst($var['source']);
$topic = NULL;
// Intenal mapping magic...see if we need to overwrite anything
if (isset($var['topicId'])) {
//Ticket created via web by user/or staff
if ($var['topicId'] && ($topic = new Topic($var['topicId'])) && $topic->getId()) {
$deptId = $deptId ? $deptId : $topic->getDeptId();
$priorityId = $priorityId ? $priorityId : $topic->getPriorityId();
$topicDesc = $topic->getName();
if ($autorespond) {
$autorespond = $topic->autoRespond();
}
}
$source = $var['source'] ? $var['source'] : 'Web';
} elseif ($var['emailId'] && !$var['deptId']) {
//Emailed Tickets
$email = new Email($var['emailId']);
if ($email && $email->getId()) {
$deptId = $email->getDeptId();
$priorityId = $priorityId ? $priorityId : $email->getPriorityId();
if ($autorespond) {
$autorespond = $email->autoRespond();
}
}
$email = null;
$source = 'Email';
} elseif ($var['deptId']) {
//Opened by staff.
$deptId = $var['deptId'];
$source = ucfirst($var['source']);
}
//Don't auto respond to mailer daemons.
if (strpos(strtolower($var['email']), 'mailer-daemon@') !== false || strpos(strtolower($var['email']), 'postmaster@') !== false) {
$autorespond = false;
}
//Last minute checks
$priorityId = $priorityId ? $priorityId : $cfg->getDefaultPriorityId();
$deptId = $deptId ? $deptId : $cfg->getDefaultDeptId();
$topicId = $var['topicId'] ? $var['topicId'] : 0;
$ipaddress = $var['ip'] ? $var['ip'] : $_SERVER['REMOTE_ADDR'];
//We are ready son...hold on to the rails.
$extId = Ticket::genExtRandID();
$sql = 'INSERT INTO ' . TICKET_TABLE . ' SET created=NOW() ' . ',ticketID=' . db_input($extId) . ',dept_id=' . db_input($deptId) . ',topic_id=' . db_input($topicId) . ',priority_id=' . db_input($priorityId) . ',email=' . db_input($var['email']) . ',name=' . db_input(Format::striptags($var['name'])) . ',subject=' . db_input(Format::striptags($var['subject'])) . ',helptopic=' . db_input(Format::striptags($topicDesc)) . ',phone="' . db_input($var['phone'], false) . '"' . ',phone_ext=' . db_input($var['phone_ext'] ? $var['phone_ext'] : '') . ',ip_address=' . db_input($ipaddress) . ',source=' . db_input($source);
//Make sure the origin is staff - avoid firebug hack!
if ($var['duedate'] && !strcasecmp($origin, 'staff')) {
$sql .= ',duedate=' . db_input(date('Y-m-d G:i', Misc::dbtime($var['duedate'] . ' ' . $var['time'])));
}
//echo $sql;
$ticket = null;
//return $ticket;
if (db_query($sql) && ($id = db_insert_id())) {
if (!$cfg->useRandomIds()) {
//Sequential ticketIDs support really..really suck arse.
$extId = $id;
//To make things really easy we are going to use autoincrement ticket_id.
db_query('UPDATE ' . TICKET_TABLE . ' SET ticketID=' . db_input($extId) . ' WHERE ticket_id=' . $id);
//TODO: RETHING what happens if this fails?? [At the moment on failure random ID is used...making stuff usable]
}
//Load newly created ticket.
$ticket = new Ticket($id);
//post the message.
$msgid = $ticket->postMessage($var['message'], $source, $var['mid'], $var['header'], true);
//TODO: recover from postMessage error??
//Upload attachments...web based.
if ($_FILES['attachment']['name'] && $cfg->allowOnlineAttachments() && $msgid) {
if (!$cfg->allowAttachmentsOnlogin() || $cfg->allowAttachmentsOnlogin() && ($thisclient && $thisclient->isValid())) {
$ticket->uploadAttachment($_FILES['attachment'], $msgid, 'M');
//TODO: recover from upload issues?
}
}
$dept = $ticket->getDept();
if (!$dept || !($tplId = $dept->getTemplateId())) {
$tplId = $cfg->getDefaultTemplateId();
}
//Overwrite auto responder if the FROM email is one of the internal emails...loop control.
if ($autorespond && Email::getIdByEmail($ticket->getEmail())) {
$autorespond = false;
}
//SEND OUT NEW TICKET AUTORESP && ALERTS.
//New Ticket AutoResponse..
if ($autorespond && $cfg->autoRespONNewTicket() && $dept->autoRespONNewTicket()) {
$sql = 'SELECT ticket_autoresp_subj,ticket_autoresp_body FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE cfg_id=' . db_input($cfg->getId()) . ' AND tpl_id=' . db_input($tplId);
if (($resp = db_query($sql)) && db_num_rows($resp) && (list($subj, $body) = db_fetch_row($resp))) {
$body = $ticket->replaceTemplateVars($body);
$subj = $ticket->replaceTemplateVars($subj);
$body = str_replace('%message', $var['issue'] ? $var['issue'] : $var['message'], $body);
$body = str_replace('%signature', $dept && $dept->isPublic() ? $dept->getSignature() : '', $body);
if (!$dept || !($email = $dept->getAutoRespEmail())) {
$email = $cfg->getDefaultEmail();
}
if ($email) {
//Reply separator tag.
if ($cfg->stripQuotedReply() && ($tag = $cfg->getReplySeparator())) {
$body = "\n{$tag}\n\n" . $body;
}
$email->send($ticket->getEmail(), $subj, $body);
}
} else {
Sys::log(LOG_WARNING, 'Template Fetch Error', "Unable to fetch autoresponse template #{$tplId}");
}
}
//If enabled...send alert to staff (New Ticket Alert)
if ($alertstaff && $cfg->alertONNewTicket() && is_object($ticket)) {
$sql = 'SELECT ticket_alert_subj,ticket_alert_body FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE cfg_id=' . db_input($cfg->getId()) . ' AND tpl_id=' . db_input($tplId);
if (($resp = db_query($sql)) && db_num_rows($resp) && (list($subj, $body) = db_fetch_row($resp))) {
$body = $ticket->replaceTemplateVars($body);
$subj = $ticket->replaceTemplateVars($subj);
$body = str_replace('%message', $var['issue'] ? $var['issue'] : $var['message'], $body);
if (!($email = $cfg->getAlertEmail())) {
$email = $cfg->getDefaultEmail();
}
if ($email && $email->getId()) {
$sentlist = array();
//Admin Alert.
if ($cfg->alertAdminONNewTicket()) {
$alert = str_replace("%staff", 'Admin', $body);
$email->send($cfg->getAdminEmail(), $subj, $alert);
$sentlist[] = $cfg->getAdminEmail();
}
//get the list
$recipients = array();
//Dept. Manager
if ($cfg->alertDeptManagerONNewTicket()) {
$recipients[] = $dept->getManager();
}
//Staff members
if ($cfg->alertDeptMembersONNewTicket()) {
$sql = 'SELECT staff_id FROM ' . STAFF_TABLE . ' WHERE onvacation=0 AND dept_id=' . db_input($dept->getId());
if (($users = db_query($sql)) && db_num_rows($users)) {
while (list($id) = db_fetch_row($users)) {
$recipients[] = new Staff($id);
}
}
}
foreach ($recipients as $k => $staff) {
if (!$staff || !is_object($staff) || !$staff->isAvailable()) {
continue;
}
if (in_array($staff->getEmail(), $sentlist)) {
continue;
}
//avoid duplicate emails.
$alert = str_replace("%staff", $staff->getFirstName(), $body);
$email->send($staff->getEmail(), $subj, $alert);
$sentlist[] = $staff->getEmail();
}
}
} else {
Sys::log(LOG_WARNING, 'Template Fetch Error', "Unable to fetch 'new ticket' alert template #{$tplId}");
}
}
}
return $ticket;
}
