From aed9fda0aa7b8b829ba974adbd751674ceecec49 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Wed, 16 May 2018 19:02:29 -0400
Subject: [PATCH] Initial commit of these 3 files for now

---
 admin/anonymize_ticket.php    | 43 ++++++++++++++++
 admin/export_ticket.php       | 54 ++++++++++++++++++++
 inc/privacy_functions.inc.php | 92 +++++++++++++++++++++++++++++++++++
 3 files changed, 189 insertions(+)
 create mode 100644 admin/anonymize_ticket.php
 create mode 100644 admin/export_ticket.php
 create mode 100644 inc/privacy_functions.inc.php

diff --git a/admin/anonymize_ticket.php b/admin/anonymize_ticket.php
new file mode 100644
index 00000000..e1577070
--- /dev/null
+++ b/admin/anonymize_ticket.php
@@ -0,0 +1,43 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/privacy_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+// Check permissions for this feature
+hesk_checkPermission('can_privacy');
+
+// A security check
+hesk_token_check();
+
+// Tracking ID
+$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
+
+// Anonymize the ticket and redirect back
+if (hesk_anonymizeTicket(0, $trackingID))
+{
+    hesk_process_messages($hesklang['success_anon'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
+}
+
+hesk_error($hesklang['no_permission']);
diff --git a/admin/export_ticket.php b/admin/export_ticket.php
new file mode 100644
index 00000000..de770fbd
--- /dev/null
+++ b/admin/export_ticket.php
@@ -0,0 +1,54 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/privacy_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+// Check permissions for this feature
+hesk_checkPermission('can_export');
+
+// A security check
+hesk_token_check();
+
+// Tracking ID
+$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
+
+// Generate SQL for the ticket, make sure the user has access to it
+$sql = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' AND ";
+$sql .= hesk_myCategories();
+$sql .= " AND " . hesk_myOwnership();
+$sql .= " LIMIT 1";
+
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+require_once(HESK_PATH . 'inc/statuses.inc.php');
+require(HESK_PATH . 'inc/export_functions.inc.php');
+
+list($success_msg, $tickets_exported) = hesk_export_to_XML($sql, true);
+
+if ($tickets_exported == 1)
+{
+    hesk_process_messages($success_msg,'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
+}
+
+hesk_error($hesklang['n2ex']);
diff --git a/inc/privacy_functions.inc.php b/inc/privacy_functions.inc.php
new file mode 100644
index 00000000..b39fe807
--- /dev/null
+++ b/inc/privacy_functions.inc.php
@@ -0,0 +1,92 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * https://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * https://www.hesk.com/eula.php
+ *
+ */
+
+/* Check if this is a valid include */
+if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
+
+
+/*** FUNCTIONS ***/
+
+
+function hesk_anonymizeTicket($id, $trackingID = null, $have_ticket = false)
+{
+	global $hesk_settings, $hesklang;
+
+    // Do we already have ticket info?
+    if ($have_ticket)
+    {
+        global $ticket;
+    }
+    else
+    {
+        // Get ticket info by tracking or numerical ID
+        if ($trackingID !== null)
+        {
+            $res = hesk_dbQuery("SELECT `id`, `trackid`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' AND ".hesk_myOwnership());
+        }
+        else
+        {
+    	    $res = hesk_dbQuery("SELECT `id`, `trackid`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`=".intval($id)." AND ".hesk_myOwnership());
+        }
+        if ( ! hesk_dbNumRows($res))
+        {
+            return false;
+        }
+        $ticket = hesk_dbFetchAssoc($res);
+    }
+
+    // Delete attachment files
+	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `ticket_id`='".hesk_dbEscape($ticket['trackid'])."'");
+    if (hesk_dbNumRows($res))
+    {
+    	$hesk_settings['server_path'] = dirname(dirname(__FILE__));
+
+    	while ($file = hesk_dbFetchAssoc($res))
+        {
+        	hesk_unlink($hesk_settings['server_path'].'/'.$hesk_settings['attach_dir'].'/'.$file['saved_name']);
+        }
+    }
+
+    // Delete attachments info from the database
+	hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `ticket_id`='".hesk_dbEscape($ticket['trackid'])."'");
+
+    // Anonymize ticket
+    $sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET
+    `name`    = '".hesk_dbEscape($hesklang['anon_name'])."',
+    `email`   = '".hesk_dbEscape($hesklang['anon_email'])."',
+    `subject` = '".hesk_dbEscape($hesklang['anon_subject'])."',
+    `message` = '".hesk_dbEscape($hesklang['anon_message'])."',
+    `ip`      = '".hesk_dbEscape($hesklang['anon_IP'])."',
+    ";
+    for($i=1; $i<=50; $i++)
+    {
+        $sql .= "`custom{$i}` = '',";
+    }
+    $sql .= "
+    attachments='',
+    `history`=REPLACE(`history`, ' ".hesk_dbEscape(addslashes($ticket['name']))."</li>', ' ".hesk_dbEscape($hesklang['anon_name'])."</li>'),
+    `history`=CONCAT(`history`,'".hesk_dbEscape(sprintf($hesklang['thist18'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')'))."')
+    WHERE `id`='".intval($ticket['id'])."'";
+	hesk_dbQuery($sql);
+
+    // Anonymize replies
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `name` = '".hesk_dbEscape($hesklang['anon_name'])."', `message` = '".hesk_dbEscape($hesklang['anon_message'])."', attachments='' WHERE `replyto`='".intval($ticket['id'])."'");
+
+    // Delete ticket notes
+	hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($ticket['id'])."'");
+
+	// Delete ticket reply drafts
+	hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `ticket`=".intval($ticket['id']));
+
+    return true;
+} // END hesk_anonymizeTicket()