array('value' => 0, 'text' => $hesklang['critical'], 'formatted' => ''.$hesklang['critical'].''), 'high' => array('value' => 1, 'text' => $hesklang['high'], 'formatted' => ''.$hesklang['high'].''), 'medium' => array('value' => 2, 'text' => $hesklang['medium'], 'formatted' => ''.$hesklang['medium'].''), 'low' => array('value' => 3, 'text' => $hesklang['low'], 'formatted' => $hesklang['low']), ); // Change priority if ( array_key_exists($_POST['a'], $priorities) ) { // A security check hesk_token_check('POST'); // Priority info $priority = $priorities[$_POST['a']]; foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); $result = hesk_dbQuery("SELECT `priority`, `category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`={$this_id} LIMIT 1"); if (hesk_dbNumRows($result) != 1) { continue; } $ticket = hesk_dbFetchAssoc($result); if ($ticket['priority'] == $priority['value']) { continue; } hesk_okCategory($ticket['category']); $revision = sprintf($hesklang['thist8'],hesk_date(),$priority['formatted'],$_SESSION['name'].' ('.$_SESSION['user'].')'); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`={$this_id} LIMIT 1"); $i++; } hesk_process_messages($hesklang['pri_set_to'].' '.$priority['formatted'],$referer,'SUCCESS'); } /* DELETE */ elseif ($_POST['a']=='delete') { /* Check permissions for this feature */ hesk_checkPermission('can_del_tickets'); /* A security check */ hesk_token_check('POST'); // Will we need ticket notifications? if ($hesk_settings['notify_closed']) { require(HESK_PATH . 'inc/email_functions.inc.php'); } $revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')'); foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { continue; } $ticket = hesk_dbFetchAssoc($result); hesk_okCategory($ticket['category']); hesk_fullyDeleteTicket(); $i++; } hesk_process_messages(sprintf($hesklang['num_tickets_deleted'],$i),$referer,'SUCCESS'); } /* MERGE TICKETS */ elseif ($_POST['a']=='merge') { /* Check permissions for this feature */ hesk_checkPermission('can_merge_tickets'); /* A security check */ hesk_token_check('POST'); /* Sort IDs, tickets will be merged to the lowest ID */ sort($_POST['id'], SORT_NUMERIC); /* Select lowest ID as the target ticket */ $merge_into = array_shift($_POST['id']); /* Merge tickets or throw an error */ if ( hesk_mergeTickets( $_POST['id'] , $merge_into ) ) { hesk_process_messages($hesklang['merged'],$referer,'SUCCESS'); } else { $hesklang['merge_err'] .= ' ' . $_SESSION['error']; hesk_cleanSessionVars($_SESSION['error']); hesk_process_messages($hesklang['merge_err'],$referer); } } /* TAG/UNTAG TICKETS */ elseif ($_POST['a']=='tag' || $_POST['a']=='untag') { /* Check permissions for this feature */ hesk_checkPermission('can_add_archive'); /* A security check */ hesk_token_check('POST'); if ($_POST['a']=='tag') { $archived = 1; $action = $hesklang['num_tickets_tag']; } else { $archived = 0; $action = $hesklang['num_tickets_untag']; } foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1"); if (hesk_dbNumRows($result) != 1) { continue; } $ticket = hesk_dbFetchAssoc($result); hesk_okCategory($ticket['category']); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `archive`='$archived' WHERE `id`='".intval($this_id)."' LIMIT 1"); $i++; } hesk_process_messages(sprintf($action,$i),$referer,'SUCCESS'); } /* JUST CLOSE */ else { /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); hesk_checkPermission('can_reply_tickets'); /* A security check */ hesk_token_check('POST'); require(HESK_PATH . 'inc/email_functions.inc.php'); $revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')'); foreach ($_POST['id'] as $this_id) { if ( is_array($this_id) ) { continue; } $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']); $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1"); $ticket = hesk_dbFetchAssoc($result); hesk_okCategory($ticket['category']); $closedStatusRS = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsStaffClosedOption` = 1"); $closedStatus = hesk_dbFetchAssoc($closedStatusRS); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='".$closedStatus['ID']."', `closedat`=NOW(), `closedby`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($this_id)."' LIMIT 1"); $i++; // Notify customer of closed ticket? if ($hesk_settings['notify_closed']) { $ticket['dt'] = hesk_date($ticket['dt'], true); $ticket['lastchange'] = hesk_date($ticket['lastchange'], true); $ticket = hesk_ticketToPlain($ticket, 1, 0); hesk_notifyCustomer('ticket_closed'); } } hesk_process_messages(sprintf($hesklang['num_tickets_closed'],$i),$referer,'SUCCESS'); } /*** START FUNCTIONS ***/ function hesk_fullyDeleteTicket() { global $hesk_settings, $hesklang, $ticket; /* Delete attachment files */ $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `ticket_id`='".hesk_dbEscape($ticket['trackid'])."'"); if (hesk_dbNumRows($res)) { $hesk_settings['server_path'] = dirname(dirname(__FILE__)); while ($file = hesk_dbFetchAssoc($res)) { hesk_unlink($hesk_settings['server_path'].'/'.$hesk_settings['attach_dir'].'/'.$file['saved_name']); } } /* Delete attachments info from the database */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `ticket_id`='".hesk_dbEscape($ticket['trackid'])."'"); /* Delete the ticket */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($ticket['id'])."'"); /* Delete replies to the ticket */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."'"); /* Delete ticket notes */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($ticket['id'])."'"); /* Delete ticket reply drafts */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `ticket`=".intval($ticket['id'])); return true; } ?>