'); /* Get all the required files and functions */ require(HESK_PATH . 'hesk_settings.inc.php'); require(HESK_PATH . 'inc/common.inc.php'); require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/status_functions.inc.php'); require(HESK_PATH . 'inc/view_attachment_functions.inc.php'); hesk_load_database_functions(); hesk_session_start(); hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ hesk_checkPermission('can_view_tickets'); $modsForHesk_settings = mfh_getSettings(); $can_del_notes = hesk_checkPermission('can_del_notes', 0); $can_reply = hesk_checkPermission('can_reply_tickets', 0); $can_delete = hesk_checkPermission('can_del_tickets', 0); $can_edit = hesk_checkPermission('can_edit_tickets', 0); $can_archive = hesk_checkPermission('can_add_archive', 0); $can_assign_self = hesk_checkPermission('can_assign_self', 0); $can_view_unassigned = hesk_checkPermission('can_view_unassigned', 0); $can_change_cat = hesk_checkPermission('can_change_cat', 0); $can_ban_emails = hesk_checkPermission('can_ban_emails', 0); $can_unban_emails = hesk_checkPermission('can_unban_emails', 0); $can_ban_ips = hesk_checkPermission('can_ban_ips', 0); $can_unban_ips = hesk_checkPermission('can_unban_ips', 0); // Get ticket ID $trackingID = hesk_cleanID() or print_form(); $_SERVER['PHP_SELF'] = 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999); /* We will need timer function */ define('TIMER', 1); /* Get ticket info */ $res = hesk_dbQuery("SELECT `t1`.* , `t2`.name AS `repliername` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); /* Ticket found? */ if (hesk_dbNumRows($res) != 1) { /* Ticket not found, perhaps it was merged with another ticket? */ $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `merged` LIKE '%#" . hesk_dbEscape($trackingID) . "#%' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { /* OK, found in a merged ticket. Get info */ $ticket = hesk_dbFetchAssoc($res); hesk_process_messages(sprintf($hesklang['tme'], $trackingID, $ticket['trackid']), 'NOREDIRECT', 'NOTICE'); $trackingID = $ticket['trackid']; } else { /* Nothing found, error out */ hesk_process_messages($hesklang['ticket_not_found'], 'NOREDIRECT'); print_form(); } } else { /* We have a match, get ticket info */ $ticket = hesk_dbFetchAssoc($res); } /* Permission to view this ticket? */ if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) { hesk_error($hesklang['ycvtao']); } if (!$ticket['owner'] && !$can_view_unassigned) { hesk_error($hesklang['ycovtay']); } /* Set last replier name */ if ($ticket['lastreplier']) { if (empty($ticket['repliername'])) { $ticket['repliername'] = $hesklang['staff']; } } else { $ticket['repliername'] = $ticket['name']; } /* Get category name and ID */ $result = hesk_dbQuery("SELECT `id`, `name`, `manager` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($ticket['category']) . "' LIMIT 1"); /* If this category has been deleted use the default category with ID 1 */ if (hesk_dbNumRows($result) != 1) { $result = hesk_dbQuery("SELECT `id`, `name`, `manager` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='1' LIMIT 1"); } $category = hesk_dbFetchAssoc($result); $managerRS = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` WHERE `id` = ' . intval($_SESSION['id'])); $managerRow = hesk_dbFetchAssoc($managerRS); $isManager = $managerRow['id'] == $category['manager']; if ($isManager) { $can_del_notes = $can_reply = $can_delete = $can_edit = $can_archive = $can_assign_self = $can_view_unassigned = $can_change_cat = true; } /* Is this user allowed to view tickets inside this category? */ hesk_okCategory($category['id']); /* Delete post action */ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check()) { $n = intval(hesk_GET('delete_post')); if ($n) { /* Get last reply ID, we'll need it later */ $res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` DESC LIMIT 1"); $last_reply_id = hesk_dbResult($res, 0, 0); // Was this post submitted by staff and does it have any attachments? $res = hesk_dbQuery("SELECT `dt`, `staffid`, `attachments` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1"); $reply = hesk_dbFetchAssoc($res); // If the reply was by a staff member update the appropriate columns if ($reply['staffid']) { // Is this the only staff reply? Delete "firstreply" and "firstreplyby" columns if ($ticket['staffreplies'] <= 1) { $staffreplies_sql = ' , `firstreply`=NULL, `firstreplyby`=NULL, `staffreplies`=0 '; } // Are we deleting the first staff reply? Update "firstreply" and "firstreplyby" columns elseif ($reply['dt'] == $ticket['firstreply'] && $reply['staffid'] == $ticket['firstreplyby']) { // Get the new first reply info $res = hesk_dbQuery("SELECT `dt`, `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' AND `id`!='" . intval($n) . "' AND `staffid`!=0 ORDER BY `id` ASC LIMIT 1"); // Did we find the new first reply? if (hesk_dbNumRows($res)) { $firstreply = hesk_dbFetchAssoc($res); $staffreplies_sql = " , `firstreply`='" . hesk_dbEscape($firstreply['dt']) . "', `firstreplyby`='" . hesk_dbEscape($firstreply['staffid']) . "', `staffreplies`=`staffreplies`-1 "; } // The count must have been wrong, update it else { $staffreplies_sql = ' , `firstreply`=NULL, `firstreplyby`=NULL, `staffreplies`=0 '; } } // OK, this is not the first and not the only staff reply, just reduce number else { $staffreplies_sql = ' , `staffreplies`=`staffreplies`-1 '; } } else { $staffreplies_sql = ''; } /* Delete any attachments to this post */ if (strlen($reply['attachments'])) { $hesk_settings['server_path'] = dirname(dirname(__FILE__)); /* List of attachments */ $att = explode(',', substr($reply['attachments'], 0, -1)); foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); /* Delete attachment files */ $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1"); if (hesk_dbNumRows($res) && $file = hesk_dbFetchAssoc($res)) { hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']); } /* Delete attachments info from the database */ hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1"); } } /* Delete this reply */ hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1"); /* Reply wasn't deleted */ if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['repl1'], $_SERVER['PHP_SELF']); } else { $closed_sql = ''; $changeStatusRs = hesk_dbQuery('SELECT `id`, `LockedTicketStatus`, `IsCustomerReplyStatus`, `IsDefaultStaffReplyStatus`, `IsNewTicketStatus` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `LockedTicketStatus` = 1 OR `IsCustomerReplyStatus` = 1 OR `IsDefaultStaffReplyStatus` = 1 OR `IsNewTicketStatus` = 1'); $lockedTicketStatus = ''; $customerReplyStatus = ''; $defaultStaffReplyStatus = ''; $newTicketStatus = ''; while ($row = hesk_dbFetchAssoc($changeStatusRs)) { if ($row['LockedTicketStatus']) { $lockedTicketStatus = $row['id']; } elseif ($row['IsCustomerReplyStatus']) { $customerReplyStatus = $row['id']; } elseif ($row['IsDefaultStaffReplyStatus']) { $defaultStaffReplyStatus = $row['id']; } elseif ($row['IsNewTicketStatus']) { $newTicketStatus = $row['id']; } } /* Reply deleted. Need to update status and last replier? */ $res = hesk_dbQuery("SELECT `dt`, `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` DESC LIMIT 1"); if (hesk_dbNumRows($res)) { $replier_id = hesk_dbResult($res, 0, 1); $last_replier = $replier_id ? 1 : 0; /* Change status? */ $status_sql = ''; if ($last_reply_id == $n) { $status = $ticket['locked'] ? $lockedTicketStatus : ($last_replier ? $defaultStaffReplyStatus : $customerReplyStatus); $status_sql = " , `status`='" . intval($status) . "' "; // Update closedat and closedby columns as required if ($status == $lockedTicketStatus) { $closed_sql = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . " "; } } hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='" . intval($replier_id) . "', `replies`=`replies`-1 $status_sql $closed_sql $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); } else { // Update status, closedat and closedby columns as required if ($ticket['locked']) { $status = $lockedTicketStatus; $closed_sql = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . " "; } else { $status = $newTicketStatus; $closed_sql = " , `closedat`=NULL, `closedby`=NULL "; } hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='$status', `replies`=0 $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); } hesk_process_messages($hesklang['repl'], $_SERVER['PHP_SELF'], 'SUCCESS'); } } else { hesk_process_messages($hesklang['repl0'], $_SERVER['PHP_SELF']); } } /* Delete notes action */ if (isset($_GET['delnote']) && hesk_token_check()) { $n = intval(hesk_GET('delnote')); if ($n) { // Get note info $res = hesk_dbQuery("SELECT `who`, `attachments` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$n}"); if (hesk_dbNumRows($res)) { $note = hesk_dbFetchAssoc($res); // Permission to delete note? if ($can_del_notes || $note['who'] == $_SESSION['id']) { // Delete note hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`='" . intval($n) . "' LIMIT 1"); // Delete attachments if (strlen($note['attachments'])) { $hesk_settings['server_path'] = dirname(dirname(__FILE__)); $attachments = array(); $att = explode(',', substr($note['attachments'], 0, -1)); foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); $attachments[] = intval($att_id); } if (count($attachments)) { $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id` IN (" . implode(',', $attachments) . ") "); while ($file = hesk_dbFetchAssoc($res)) { hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']); } hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id` IN (" . implode(',', $attachments) . ") "); } } } } } header('Location: admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999)); exit(); } /* Add a note action */ if (isset($_POST['notemsg']) && hesk_token_check('POST')) { // Error buffer $hesk_error_buffer = array(); // Get message $msg = hesk_input(hesk_POST('notemsg')); // Get attachments if ($hesk_settings['attachments']['use']) { require(HESK_PATH . 'inc/posting_functions.inc.php'); require(HESK_PATH . 'inc/htmLawed.php'); require(HESK_PATH . 'inc/attachments.inc.php'); $attachments = array(); $use_legacy_attachments = hesk_POST('use-legacy-attachments', 0); if ($use_legacy_attachments) { for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) { $att = hesk_uploadFile($i); if ($att !== false && !empty($att)) { $attachments[$i] = $att; } } } else { // The user used the new drag-and-drop system. $temp_attachment_ids = hesk_POST_array('attachment-ids'); foreach ($temp_attachment_ids as $temp_attachment_id) { // Simply get the temp info and move it to the attachments table $temp_attachment = mfh_getTemporaryAttachment($temp_attachment_id); $attachments[] = $temp_attachment; mfh_deleteTemporaryAttachment($temp_attachment_id); } } } $myattachments = ''; // We need message and/or attachments to accept note if (count($attachments) || strlen($msg) || count($hesk_error_buffer)) { // Any errors? if (count($hesk_error_buffer) != 0) { $_SESSION['note_message'] = hesk_POST('notemsg'); // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use']) { hesk_removeAttachments($attachments); } $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "

$error

\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'] . '

' . $hesk_error_buffer . ''; hesk_process_messages($hesk_error_buffer, 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . rand(10000, 99999)); } // Process attachments if ($hesk_settings['attachments']['use'] && !empty($attachments)) { foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`,`type`) VALUES ('" . hesk_dbEscape($trackingID) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "', '1')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . '#' . $myatt['saved_name'] . ','; } } // Add note to database $msg = nl2br(hesk_makeURL($msg)); hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` (`ticket`,`who`,`dt`,`message`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . intval($_SESSION['id']) . "',NOW(),'" . hesk_dbEscape($msg) . "','" . hesk_dbEscape($myattachments) . "')"); /* Notify assigned staff that a note has been added if needed */ $users = hesk_dbQuery("SELECT `email`, `notify_note` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE (`id`='" . intval($ticket['owner']) . "' OR (`isadmin` = '1' AND `notify_note_unassigned` = '1')) AND `id` <> '" . intval($_SESSION['id']) . "'"); if (hesk_dbNumRows($users) > 0) { // 1. Generate the array with ticket info that can be used in emails $info = array( 'email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $_SESSION['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($msg), 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'attachments' => $myattachments, 'id' => $ticket['id'], ); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); /* Get email functions */ require(HESK_PATH . 'inc/email_functions.inc.php'); /* Format email subject and message for staff */ $subject = hesk_getEmailSubject('new_note', $ticket); $message = hesk_getEmailMessage('new_note', $ticket, $modsForHesk_settings, 1); $htmlMessage = hesk_getHtmlMessage('new_note', $ticket, $modsForHesk_settings, 1); $hasMessage = hesk_doesTemplateHaveTag('new_note', '%%MESSAGE%%', $modsForHesk_settings); /* Send email to staff */ while ($user = hesk_dbFetchAssoc($users)) { hesk_mail($user['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, array(), array(), $hasMessage); } } } header('Location: admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999)); exit(); } /* Update time worked */ if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST')) { $h = intval(hesk_POST('h')); $m = intval(hesk_POST('m')); $s = intval(hesk_POST('s')); /* Get time worked in proper format */ $time_worked = hesk_getTime($h . ':' . $m . ':' . $s); /* Update database */ $revision = sprintf($hesklang['thist14'], hesk_date(), $time_worked, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); /* Show ticket */ hesk_process_messages($hesklang['twu'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); } /* Add child action */ if (($can_reply || $can_edit) && isset($_POST['childTrackingId'])) { //-- Make sure this isn't the same ticket or one of its merged tickets. $mergedTickets = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` WHERE `trackid` = \'' . hesk_dbEscape($trackingID) . '\' AND `merged` LIKE \'%#' . hesk_dbEscape($_POST['childTrackingId']) . '#%\''); if ($_POST['childTrackingId'] == $trackingID || $mergedTickets->num_rows > 0) { hesk_process_messages($hesklang['cannot_link_ticket_to_itself'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999)); } //-- Does the child exist? $existRs = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` WHERE `trackid` = \'' . hesk_dbEscape($_POST['childTrackingId']) . '\''); if ($existRs->num_rows == 0) { //-- Maybe it was merged? $existRs = hesk_dbQuery('SELECT `trackid` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` WHERE `merged` LIKE \'#' . hesk_dbEscape($_POST['childTrackingId']) . '#\''); if ($existRs->num_rows > 0) { //-- Yes, it was merged. Set the child to the "new" ticket; not the merged one. $exist = $existRs->fetch_assoc(); $_POST['childTrackingId'] = $exist['trackid']; } else { hesk_process_messages(sprintf($hesklang['linked_ticket_does_not_exist'], $_POST['childTrackingId']), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999)); } } //-- Check if the ticket is already a child. $childRs = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` WHERE `parent` = ' . $ticket['id'] . ' AND `trackid` = \'' . $_POST['childTrackingId'] . '\''); if ($childRs->num_rows > 0) { hesk_process_messages(sprintf($hesklang['is_already_linked'], $_POST['childTrackingId']), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE'); } hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` SET `parent` = ' . $ticket['id'] . ' WHERE `trackid` = \'' . $_POST['childTrackingId'] . '\''); hesk_process_messages(sprintf($hesklang['link_added'], $_POST['childTrackingId']), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); } /* Delete child action */ if (($can_reply || $can_edit) && isset($_GET['deleteChild'])) { //-- Delete the relationship hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` SET `parent` = NULL WHERE `ID` = ' . hesk_dbEscape($_GET['deleteChild'])); hesk_process_messages($hesklang['ticket_no_longer_linked'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); } elseif (($can_reply || $can_edit) && isset($_GET['deleteParent'])) { //-- Delete the relationship hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` SET `parent` = NULL WHERE `ID` = ' . hesk_dbEscape($ticket['id'])); hesk_process_messages($hesklang['ticket_no_longer_linked'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); } /* Delete attachment action */ if (isset($_GET['delatt']) && hesk_token_check()) { if (!$can_delete || !$can_edit) { hesk_process_messages($hesklang['no_permission'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999)); } $att_id = intval(hesk_GET('delatt')) or hesk_error($hesklang['inv_att_id']); $reply = intval(hesk_GET('reply', 0)); if ($reply < 1) { $reply = 0; } $note = intval(hesk_GET('note', 0)); if ($note < 1) { $note = 0; } /* Get attachment info */ $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { hesk_process_messages($hesklang['id_not_valid'] . ' (att_id)', 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999)); } $att = hesk_dbFetchAssoc($res); /* Is ticket ID valid for this attachment? */ if ($att['ticket_id'] != $trackingID) { hesk_process_messages($hesklang['trackID_not_found'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999)); } /* Delete file from server */ hesk_unlink(HESK_PATH . $hesk_settings['attach_dir'] . '/' . $att['saved_name']); /* Delete attachment from database */ hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "'"); /* Update ticket or reply in the database */ $revision = sprintf($hesklang['thist12'], hesk_date(), $att['real_name'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); if ($reply) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($reply) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`='" . intval($reply) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); } elseif ($note) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`={$note} LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`={$note} LIMIT 1"); } else { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",',''), `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); } hesk_process_messages($hesklang['kb_att_rem'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); } //-- Update location action if (isset($_POST['latitude']) && isset($_POST['longitude'])) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `latitude` = '" . hesk_dbEscape($_POST['latitude']) . "', `longitude` = '" . hesk_dbEscape($_POST['longitude']) . "' WHERE `ID` = " . intval($ticket['id'])); //redirect hesk_process_messages($hesklang['ticket_location_updated'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); } /* Print header */ require_once(HESK_PATH . 'inc/headerAdmin.inc.php'); /* List of categories */ $orderBy = $modsForHesk_settings['category_order_column']; $result = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `usage` <> 2 ORDER BY `" . $orderBy . "` ASC"); $categories_options = ''; while ($row = hesk_dbFetchAssoc($result)) { $selected = ''; if ($row['id'] == $ticket['category']) { $selected = 'selected'; } $categories_options .= ''; } /* List of users */ $admins = array(); $result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1' ORDER BY `name` ASC"); while ($row = hesk_dbFetchAssoc($result)) { /* Is this an administrator? */ if ($row['isadmin']) { $admins[$row['id']] = $row['name']; continue; } /* Not admin, is user allowed to view tickets? */ if (strpos($row['heskprivileges'], 'can_view_tickets') !== false) { /* Is user allowed to access this category? */ $cat = substr($row['categories'], 0); $row['categories'] = explode(',', $cat); if (in_array($ticket['category'], $row['categories'])) { $admins[$row['id']] = $row['name']; continue; } } } /* Get replies */ if ($ticket['replies']) { $reply = ''; $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` " . ($hesk_settings['new_top'] ? 'DESC' : 'ASC')); } else { $reply = false; } // Demo mode if (defined('HESK_DEMO')) { $ticket['email'] = 'hidden@demo.com'; $ticket['ip'] = '127.0.0.1'; } // If an email address is tied to this ticket, check if there are any others $recentTickets = NULL; if ($ticket['email'] != '') { $recentTicketsSql = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `email` = '" . hesk_dbEscape($ticket['email']) . "' AND `trackid` <> '" . hesk_dbEscape($trackingID) . "' ORDER BY `lastchange` DESC LIMIT 5"); while ($recentRow = hesk_dbFetchAssoc($recentTicketsSql)) { if ($recentTickets === NULL) { $recentTickets = array(); } array_push($recentTickets, $recentRow); } if ($recentTickets !== NULL) { $recentTicketsWithStatuses = array(); foreach ($recentTickets as $recentTicket) { $newRecentTicket = $recentTicket; $thisTicketStatusRS = hesk_dbQuery("SELECT `ID`, `TextColor` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `ID` = " . intval($recentTicket['status'])); $theStatusRow = hesk_dbFetchAssoc($thisTicketStatusRS); $newRecentTicket['statusText'] = mfh_getDisplayTextForStatusId($theStatusRow['ID']); $newRecentTicket['statusColor'] = $theStatusRow['TextColor']; array_push($recentTicketsWithStatuses, $newRecentTicket); } $recentTickets = $recentTicketsWithStatuses; } } /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); ?>

' . $tmp; ?>
' . $hesklang['asss'] . '' : $hesklang['unas']); ?>
fetch_assoc(); echo ' '; echo ' ' . $parent['trackid'] . ''; } //-- Check if any tickets have a parent set to this tracking ID $hasRows = false; $childrenRS = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` WHERE `parent` = ' . hesk_dbEscape($ticket['id'])); while ($row = $childrenRS->fetch_assoc()) { $hasRows = true; echo ' '; echo ' ' . $row['trackid'] . ''; echo '
'; } if (!$hasRows && $ticket['parent'] == null) { echo $hesklang['none']; } ?>

' . $hesklang['add_ticket'] . ''; ?>
' . $recentTicket['trackid'] . ''; ?>

'; } if ($ticket['locked']) { echo ' '; } if ($modsForHesk_settings['display_user_agent_information'] && $ticket['user_agent'] !== NULL && $ticket['screen_resolution_height'] !== NULL && $ticket['screen_resolution_height'] != 0 && $ticket['screen_resolution_width'] !== NULL && $ticket['screen_resolution_width'] != 0 ): ?>

' . $hesklang[$key] . '

'; endif; ?>

fetch_assoc(); $isTicketClosed = $isTicketClosedRow['IsClosed']; $isClosable = $isTicketClosedRow['Closable'] == 'yes' || $isTicketClosedRow['Closable'] == 'sonly'; echo '

'; $mgr = $isManager ? '&isManager=1' : ''; if ($isTicketClosed == 0 && $isClosable) // Ticket is still open { echo ' ' . $hesklang['close_action'] . ''; } elseif ($isTicketClosed == 1) { echo ' ' . $hesklang['open_action'] . ''; } $strippedName = strip_tags($ticket['name']); $strippedEmail = strip_tags($ticket['email']); $linkText = 'new_ticket.php?name=' . $strippedName . '&email=' . $strippedEmail . '&catid=' . $category['id'] . '&priority=' . $ticket['priority']; foreach ($hesk_settings['custom_fields'] as $k => $v) { if ($v['use'] == 1) { if ($v['type'] == 'checkbox') { $value = str_replace('
', '-CHECKBOX-', $ticket[$k]); } else { $value = $ticket[$k]; } $strippedCustomField = strip_tags($value); $linkText .= '&c_' . $k . '=' . $strippedCustomField; } } echo ' ' . $hesklang['create_based_on_contact'] . ' '; echo '

'; ?>

$hesklang['critical'], 1 => $hesklang['high'], 2 => $hesklang['medium'], 3 => $hesklang['low'] ); $options = array(); for ($i = 0; $i < 4; $i++) { $selected = $ticket['priority'] == $i ? 'selected' : ''; array_push($options, ''); } echo '

'; } elseif ($ticket['priority'] == 1) { echo 'highPriority">'; } else { echo 'medLowPriority">'; } echo '

' . $hesklang['priority'] . '

'; echo '

' . $hesklang['status'] . '

'; $status_options = array(); $results = mfh_getAllStatuses(); foreach ($results as $row) { $selected = $ticket['status'] == $row['ID'] ? 'selected' : ''; $status_options[$row['ID']] = ''; } echo '

'; echo '

' . $hesklang['owner'] . '

'; if (hesk_checkPermission('can_assign_others', 0) || $isManager) { echo '

'; } else { echo '

'; echo isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] : ($can_assign_self ? $hesklang['unas'] . ' [' . $hesklang['asss'] . ']' : $hesklang['unas']); echo '

'; } echo '

'; echo '

' . $hesklang['category'] . '

'; if ($can_change_cat) { echo ' '; } else { echo '

' . $category['name'] . '

'; } echo '

'; ?>

' : ''; $att = explode(',', substr($note['attachments'], 0, -1)); $num = count($att); foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); // Can edit and delete note (attachments)? if ($can_del_notes || $note['who'] == $_SESSION['id']) { // If this is the last attachment and no message, show "delete ticket" link if ($num == 1 && strlen($note['message']) == 0) { echo ' '; } // Show "delete attachment" link else { echo ' '; } } echo ' ' . $att_name . '
'; } } ?>

'; } ?>

'; } else { echo ''; } } else { echo ' '; } } ?>

: '; } else { echo ''; } } else { echo ' '; } } echo '' . $ticket['ip'] . ''; } ?>

: $v) { if ($v['use'] && $v['place'] == 0) { if ($modsForHesk_settings['custom_field_setting']) { $v['name'] = $hesklang[$v['name']]; } echo '

' . $v['name'] . ': '; if ($v['type'] == 'date' && !empty($ticket[$k])) { $dt = date('Y-m-d h:i:s', $ticket[$k]); echo hesk_dateToString($dt, 0); } else { echo $ticket[$k]; } echo '

'; } } ?>

$v) { if ($v['use'] && $v['place']) { if ($modsForHesk_settings['custom_field_setting']) { $v['name'] = $hesklang[$v['name']]; } echo '

' . $v['name'] . ': '; if ($v['type'] == 'date' && !empty($ticket[$k])) { $dt = date('Y-m-d h:i:s', $ticket[$k]); echo hesk_dateToString($dt, 0); } else { echo $ticket[$k]; } echo '

'; } } /* Attachments */ mfh_listAttachments($ticket['attachments'], 0, true); // Show suggested KB articles if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && strlen($ticket['articles'])) { $suggested = array(); $suggested_list = ''; // Get article info from the database $articles = hesk_dbQuery("SELECT `id`,`subject` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `id` IN (" . preg_replace('/[^0-9\,]/', '', $ticket['articles']) . ")"); while ($article = hesk_dbFetchAssoc($articles)) { $suggested[$article['id']] = '' . $article['subject'] . '
'; } // Loop through the IDs to preserve the order they were suggested in $articles = explode(',', $ticket['articles']); foreach ($articles as $article) { if (isset($suggested[$article])) { $suggested_list .= $suggested[$article]; } } // Finally print suggested articles if (strlen($suggested_list)) { $suggested_list = '

' . $hesklang['taws'] . '
' . $suggested_list . ' '; echo $_SESSION['show_suggested'] ? $suggested_list : '' . $hesklang['sska'] . ''; } } ?>

'; /* Style and mousover/mousout */ $tmp = $white ? 'White' : 'Blue'; $style = 'class="option' . $tmp . 'OFF" onmouseover="this.className=\'option' . $tmp . 'ON\'" onmouseout="this.className=\'option' . $tmp . 'OFF\'"'; /* Lock ticket button */ if ( /* ! $reply && */ $can_edit ) { if ($ticket['locked']) { $des = $hesklang['tul'] . ' - ' . $hesklang['isloc']; $options .= ' ' . $hesklang['tul'] . ' '; } else { $des = $hesklang['tlo'] . ' - ' . $hesklang['isloc']; $options .= ' ' . $hesklang['tlo'] . ' '; } } /* Tag ticket button */ if ( /* ! $reply && */ $can_archive ) { if ($ticket['archive']) { $options .= '' . $hesklang['remove_archive'] . ' '; } else { $options .= ' ' . $hesklang['add_archive'] . ' '; } } /* Import to knowledgebase button */ if ($hesk_settings['kb_enable'] && hesk_checkPermission('can_man_kb', 0)) { $options .= ' ' . $hesklang['import_kb'] . ' '; } /* Print ticket button */ $options .= ' ' . $hesklang['printer_friendly'] . ' '; /* Edit post */ if ($can_edit) { $tmp = $reply ? '&reply=' . $reply['id'] : ''; $mgr = $isManager ? '&isManager=true' : ''; $options .= ' ' . $hesklang['edtt'] . ' '; } /* Delete ticket */ if ($can_delete) { if ($reply) { $url = 'admin_ticket.php'; $tmp = 'delete_post=' . $reply['id']; $img = 'delete.png'; $txt = $hesklang['delt']; } else { $url = 'delete_tickets.php'; $tmp = 'delete_ticket=1'; $img = 'delete_ticket.png'; $txt = $hesklang['dele']; } $options .= ' ' . $txt . ' '; } /* Return generated HTML */ $options .= ''; return $options; } // END hesk_getAdminButtons() function hesk_getAdminButtonsInTicket($reply = 0, $white = 1) { global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $isManager; $options = '

'; /* Style and mousover/mousout */ $tmp = $white ? 'White' : 'Blue'; $style = 'class="option' . $tmp . 'OFF" onmouseover="this.className=\'option' . $tmp . 'ON\'" onmouseout="this.className=\'option' . $tmp . 'OFF\'"'; /* Edit post */ if ($can_edit) { $tmp = $reply ? '&reply=' . $reply['id'] : ''; $mgr = $isManager ? '&isManager=true' : ''; $options .= ' ' . $hesklang['edtt'] . ' '; } /* Delete ticket */ if ($can_delete) { if ($reply) { $url = 'admin_ticket.php'; $tmp = 'delete_post=' . $reply['id']; $img = 'delete.png'; $txt = $hesklang['delt']; } else { $url = 'delete_tickets.php'; $tmp = 'delete_ticket=1'; $img = 'delete_ticket.png'; $txt = $hesklang['dele']; } $options .= ' ' . $txt . ' '; } /* Return generated HTML */ $options .= '

'; return $options; } // END hesk_getAdminButtonsInTicket() function print_form() { global $hesk_settings, $hesklang; global $trackingID; /* Print header */ require_once(HESK_PATH . 'inc/headerAdmin.inc.php'); /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* This will handle error, success and notice messages */ hesk_handle_messages(); ?>

' . $hesklang['rnh'] . '

'; } elseif ($reply['rating'] == 5) { echo '

' . $hesklang['rh'] . '

'; } } /* Show "unread reply" message? */ if ($reply['staffid'] && !$reply['read']) { echo '

' . $hesklang['unread'] . '

'; } ?>

' . $hesklang['asss2'] . '
'; } else { echo ' ' . $hesklang['asss2'] . '
'; } } ?>

()
>

'; } ?>