@ -1,7 +1,7 @@
<?php
<?php
/*******************************************************************************
/*******************************************************************************
* Title: Help Desk Software HESK
* Title: Help Desk Software HESK
* Version: 2.5.5 from 5th August 2014
* Version: 2.6.0 beta 1 from 30th December 2014
* Author: Klemen Stirn
* Author: Klemen Stirn
* Website: http://www.hesk.com
* Website: http://www.hesk.com
********************************************************************************
********************************************************************************
@ -83,10 +83,54 @@ $hesk_error_buffer = array();
// Get the message
// Get the message
$message = hesk_input(hesk_POST('message'));
$message = hesk_input(hesk_POST('message'));
// Submit as customer?
$submit_as_customer = isset($_POST['submit_as_customer']) ? true : false;
if (strlen($message))
if (strlen($message))
{
{
// Attach signature to the message?
// Save message for later and ignore the rest?
if ( ! empty($_POST['signature']))
if ( isset($_POST['save_reply']) )
{
// Delete any existing drafts from this owner for this ticket
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])." LIMIT 1");
// Save the message draft
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` (`owner`, `ticket`, `message`) VALUES (".intval($_SESSION['id']).", ".intval($ticket['id']).", '".hesk_dbEscape($message)."')");
/* Set reply submitted message */
$_SESSION['HESK_SUCCESS'] = TRUE;
$_SESSION['HESK_MESSAGE'] = $hesklang['reply_saved'];
/* What to do after reply? */
if ($_SESSION['afterreply'] == 1)
{
header('Location: admin_main.php');
}
elseif ($_SESSION['afterreply'] == 2)
{
/* Get the next open ticket that needs a reply */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('0','".intval($_SESSION['id'])."') AND " . hesk_myCategories() . " AND `status` IN ('0','1') ORDER BY `owner` DESC, `priority` ASC LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
$row = hesk_dbFetchAssoc($res);
$_SESSION['HESK_MESSAGE'] .= '< br / > < br / > '.$hesklang['rssn'];
header('Location: admin_ticket.php?track='.$row['trackid'].'&Refresh='.rand(10000,99999));
}
else
{
header('Location: admin_main.php');
}
}
else
{
header('Location: admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
}
exit();
}
// Attach signature to the message?
if ( ! $submit_as_customer & & ! empty($_POST['signature']))
{
{
$message .= "\n\n" . addslashes($_SESSION['signature']) . "\n";
$message .= "\n\n" . addslashes($_SESSION['signature']) . "\n";
}
}
@ -153,8 +197,15 @@ if ($hesk_settings['attachments']['use'] && !empty($attachments))
}
}
}
}
/* Add reply */
// Add reply
$result = hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($_SESSION['name']))."','".hesk_dbEscape($message)."',NOW(),'".hesk_dbEscape($myattachments)."','".intval($_SESSION['id'])."')");
if ($submit_as_customer)
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($ticket['name']))."','".hesk_dbEscape($message."< br / > < br / > < i > {$hesklang['creb']} {$_SESSION['name']}< / i > ")."',NOW(),'".hesk_dbEscape($myattachments)."')");
}
else
{
hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($_SESSION['name']))."','".hesk_dbEscape($message)."',NOW(),'".hesk_dbEscape($myattachments)."','".intval($_SESSION['id'])."')");
}
/* Track ticket status changes for history */
/* Track ticket status changes for history */
$revision = '';
$revision = '';
@ -189,15 +240,61 @@ $defaultStatusReplyStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClos
$staffClosedCheckboxStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsStaffClosedOption` = 1 LIMIT 1"));
$staffClosedCheckboxStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsStaffClosedOption` = 1 LIMIT 1"));
$lockedTicketStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `LockedTicketStatus` = 1 LIMIT 1"));
$lockedTicketStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `LockedTicketStatus` = 1 LIMIT 1"));
$new_status = empty($_POST['close']) ? $defaultStatusReplyStatus['ID'] : $staffClosedCheckboxStatus['ID'];
// Get new ticket status
$sql_status = '';
/* --> If a ticket is locked keep it closed */
// -> If locked, keep it resolved
if ($ticket['locked'])
if ($ticket['locked'])
{
{
$new_status = $lockedTicketStatus['ID'];
$new_status = $lockedTicketStatus['ID'];
}
}
elseif (isset($_POST['submit_as_status']))
{
$new_status = $_POST['submit_as_status'];
if ($ticket['status'] != $new_status)
{
// Does this status close the ticket?
$newStatusRs = hesk_dbQuery('SELECT `IsClosed`, `ShortNameContentKey` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `ID` = '.hesk_dbEscape($new_status));
$newStatus = hesk_dbFetchAssoc($newStatusRs);
if ($newStatus['IsClosed'])
{
$revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
$sql_status = " , `closedat`=NOW(), `closedby`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
// Lock the ticket if customers are not allowed to reopen tickets
if ($hesk_settings['custopen'] != 1)
{
$sql_status .= " , `locked`='1' ";
}
} else
{
// Ticket isn't being closed, just add the history to the sql query
$revision = sprintf($hesklang['thist9'],hesk_date(),$hesklang[$newStatus['ShortNameContentKey']],$_SESSION['name'].' ('.$_SESSION['user'].')');
$sql_status = " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
}
}
}
// -> Submit as Customer reply
elseif ($submit_as_customer)
{
//Get the status ID for customer replies
$customerReplyStatusRs = hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsCustomerReplyStatus` = 1 LIMIT 1');
$customerReplyStatus = hesk_dbFetchAssoc($customerReplyStatusRs);
$new_status = $customerReplyStatus['ID'];
}
// -> Default: submit as "Replied by staff"
else
{
//Get the status ID for staff replies
$staffReplyStatusRs = hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsDefaultStaffReplyStatus` = 1 LIMIT 1');
$staffReplyStatus = hesk_dbFetchAssoc($staffReplyStatusRs);
$new_status = $staffReplyStatus['ID'];
}
$sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$new_status}',";
$sql.= $submit_as_customer ? "`lastreplier`='0', `replierid`='0' " : "`lastreplier`='1', `replierid`='".intval($_SESSION['id'])."' ";
$sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$new_status}', `lastreplier`='1', `replierid`='".intval($_SESSION['id'])."' ";
/* Update time_worked or force update lastchange */
/* Update time_worked or force update lastchange */
if ($time_worked == '00:00:00')
if ($time_worked == '00:00:00')
@ -216,19 +313,19 @@ if ( ! empty($_POST['assign_self']) && hesk_checkPermission('can_assign_self',0)
}
}
$sql .= " $priority_sql ";
$sql .= " $priority_sql ";
$sql .= " $sql_status ";
$isNewStatusClosed = empty($_POST['close']) ? $defaultStatusReplyStatus['IsClosed'] : $staffClosedCheckboxStatus['IsClosed'];
if ( ! $ticket['firstreplyby'] )
if ($isNewStatusClosed)
{
{
$revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
$sql .= " , `firstreply`=NOW(), `firstreplyby`=".intval($_SESSION['id'])." ";
$sql .= " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
if ($hesk_settings['custopen'] != 1)
{
$sql .= " , `locked`='1' ";
}
}
}
// Keep track of replies to this ticket for easier reporting
$sql .= " , `replies`=`replies`+1 ";
$sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 ";
// End and execute the query
$sql .= " WHERE `id`='{$replyto}' LIMIT 1";
$sql .= " WHERE `id`='{$replyto}' LIMIT 1";
hesk_dbQuery($sql);
hesk_dbQuery($sql);
unset($sql);
unset($sql);
@ -247,12 +344,13 @@ $info = array(
'trackid' => $ticket['trackid'],
'trackid' => $ticket['trackid'],
'status' => $new_status,
'status' => $new_status,
'name' => $ticket['name'],
'name' => $ticket['name'],
'lastreplier' => $_SESSION['name'],
'lastreplier' => ($submit_as_customer ? $ticket['name'] : $_SESSION['name']) ,
'subject' => $ticket['subject'],
'subject' => $ticket['subject'],
'message' => stripslashes($message),
'message' => stripslashes($message),
'attachments' => $myattachments,
'attachments' => $myattachments,
'dt' => hesk_date($ticket['dt'], true),
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'id' => $ticket['id'],
);
);
// 2. Add custom fields to the array
// 2. Add custom fields to the array
@ -264,19 +362,26 @@ foreach ($hesk_settings['custom_fields'] as $k => $v)
// 3. Make sure all values are properly formatted for email
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
$ticket = hesk_ticketToPlain($info, 1, 0);
// Notify the customer
// Notify the assigned staff?
if ( ! isset($_POST['no_notify']) || intval( hesk_POST('no_notify') ) != 1)
if ($submit_as_customer)
{
if ($ticket['owner'] & & $ticket['owner'] != $_SESSION['id'])
{
hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
}
}
// Notify customer?
elseif ( ! isset($_POST['no_notify']) || intval( hesk_POST('no_notify') ) != 1)
{
{
hesk_notifyCustomer('new_reply_by_staff');
hesk_notifyCustomer('new_reply_by_staff');
}
}
// Delete any existing drafts from this owner for this ticket
hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])." LIMIT 1");
/* Set reply submitted message */
/* Set reply submitted message */
$_SESSION['HESK_SUCCESS'] = TRUE;
$_SESSION['HESK_SUCCESS'] = TRUE;
$_SESSION['HESK_MESSAGE'] = $hesklang['reply_submitted'];
$_SESSION['HESK_MESSAGE'] = $hesklang['reply_submitted'];
if (!empty($_POST['close']))
{
$_SESSION['HESK_MESSAGE'] .= '< br / > < br / > '.$hesklang['ticket_marked'].' < span class = "resolved" > '.$hesklang['closed'].'< / span > ';
}
/* What to do after reply? */
/* What to do after reply? */
if ($_SESSION['afterreply'] == 1)
if ($_SESSION['afterreply'] == 1)