'".intval($_SESSION['id'])."'"); if (hesk_dbNumRows($users) > 0) { // 1. Generate the array with ticket info that can be used in emails $info = array( 'email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $_SESSION['name'], 'lastreplier' => $ticket['lastreplier'], 'subject' => $ticket['subject'], 'message' => stripslashes($msg), 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), ); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); /* Get email functions */ require(HESK_PATH . 'inc/email_functions.inc.php'); /* Format email subject and message for staff */ $subject = hesk_getEmailSubject('new_note',$ticket); $message = hesk_getEmailMessage('new_note',$ticket,1); /* Send email to staff */ while ($user = hesk_dbFetchAssoc($users)) { hesk_mail($user['email'], $subject, $message); } } } header('Location: admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); exit(); } /* Update time worked */ if ( ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST')) { $h = intval( hesk_POST('h') ); $m = intval( hesk_POST('m') ); $s = intval( hesk_POST('s') ); /* Get time worked in proper format */ $time_worked = hesk_getTime($h . ':' . $m . ':' . $s); /* Update database */ $revision = sprintf($hesklang['thist14'],hesk_date(),$time_worked,$_SESSION['name'].' ('.$_SESSION['user'].')'); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); /* Show ticket */ hesk_process_messages($hesklang['twu'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } /* Add child action */ if (($can_reply || $can_edit) && isset($_POST['childTrackingId'])) { //-- Make sure this isn't the same ticket or one of its merged tickets. $mergedTickets = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'tickets` WHERE `trackid` = \''.hesk_dbEscape($trackingID).'\' AND `merged` LIKE \'%#'.hesk_dbEscape($_POST['childTrackingId']).'#%\''); if ($_POST['childTrackingId'] == $trackingID || $mergedTickets->num_rows > 0) { hesk_process_messages($hesklang['child_is_itself'], 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } //-- Does the child exist? $existRs = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'tickets` WHERE `trackid` = \''.hesk_dbEscape($_POST['childTrackingId']).'\''); if ($existRs->num_rows == 0) { //-- Maybe it was merged? $existRs = hesk_dbQuery('SELECT `trackid` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'tickets` WHERE `merged` LIKE \'#'.hesk_dbEscape($_POST['childTrackingId']).'#\''); if ($existRs->num_rows > 0) { //-- Yes, it was merged. Set the child to the "new" ticket; not the merged one. $exist = $existRs->fetch_assoc(); $_POST['childTrackingId'] = $exist['trackid']; } else { hesk_process_messages(sprintf($hesklang['child_does_not_exist'], $_POST['childTrackingId']), 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } } //-- Check if the ticket is already a child. $childRs = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'tickets` WHERE `parent` = '.$ticket['id'].' AND `trackid` = \''.$_POST['childTrackingId'].'\''); if ($childRs->num_rows > 0) { hesk_process_messages(sprintf($hesklang['is_child_already'], $_POST['childTrackingId']), 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999), 'NOTICE'); } hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'tickets` SET `parent` = '.$ticket['id'].' WHERE `trackid` = \''.$_POST['childTrackingId'].'\''); hesk_process_messages(sprintf($hesklang['child_added'], $_POST['childTrackingId']), 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999), 'SUCCESS'); } /* Delete child action */ if (($can_reply || $can_edit) && isset($_GET['deleteChild'])) { //-- Delete the relationship hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'tickets` SET `parent` = NULL WHERE `ID` = '.hesk_dbEscape($_GET['deleteChild'])); hesk_process_messages($hesklang['relationship_deleted'], 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999), 'SUCCESS'); } elseif (($can_reply || $can_edit) && isset($_GET['deleteParent'])) { //-- Delete the relationship hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'tickets` SET `parent` = NULL WHERE `ID` = '.hesk_dbEscape($ticket['id'])); hesk_process_messages($hesklang['relationship_deleted'], 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999), 'SUCCESS'); } /* Delete attachment action */ if (isset($_GET['delatt']) && hesk_token_check()) { if ( ! $can_delete || ! $can_edit) { hesk_process_messages($hesklang['no_permission'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } $att_id = intval( hesk_GET('delatt') ) or hesk_error($hesklang['inv_att_id']); $reply = intval( hesk_GET('reply', 0) ); if ($reply < 1) { $reply = 0; } /* Get attachment info */ $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { hesk_process_messages($hesklang['id_not_valid'].' (att_id)','admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } $att = hesk_dbFetchAssoc($res); /* Is ticket ID valid for this attachment? */ if ($att['ticket_id'] != $trackingID) { hesk_process_messages($hesklang['trackID_not_found'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } /* Delete file from server */ hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$att['saved_name']); /* Delete attachment from database */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."'"); /* Update ticket or reply in the database */ $revision = sprintf($hesklang['thist12'],hesk_date(),$att['real_name'],$_SESSION['name'].' ('.$_SESSION['user'].')'); if ($reply) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",','') WHERE `id`='".intval($reply)."' LIMIT 1"); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($ticket['id'])."' LIMIT 1"); } else { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",',''), `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($ticket['id'])."' LIMIT 1"); } hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } /* Delete note attachment option */ if (isset($_GET['delete-note-att']) && hesk_token_check()) { if ( ! $can_delete || ! $can_edit) { hesk_process_messages($hesklang['no_permission'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } $att_id = intval( hesk_GET('delete-note-att') ) or hesk_error($hesklang['inv_att_id']); $reply = intval( hesk_GET('reply', 0) ); if ($reply < 1) { $reply = 0; } /* Get attachment info */ $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { hesk_process_messages($hesklang['id_not_valid'].' (att_id)','admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } $att = hesk_dbFetchAssoc($res); /* Is note ID valid for this attachment? */ if (!isset($_GET['note_id']) || $att['note_id'] != $_GET['note_id']) { hesk_process_messages($hesklang['trackID_not_found'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } /* Delete file from server */ hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$att['saved_name']); /* Delete attachment from database */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."'"); hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } if (isset($_POST['note_message'])) { $n = $_POST['note_id']; if ($can_del_notes) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` SET `edit_date` = NOW(), `message` = '".hesk_dbEscape($_POST['note_message'])."', `number_of_edits` = `number_of_edits` + 1 WHERE `id`='".intval($n)."' LIMIT 1"); } else { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` SET `edit_date` = NOW(), `message` = '".hesk_dbEscape($_POST['note_message'])."', `number_of_edits` = `number_of_edits` + 1 WHERE `id`='".intval($n)."' AND `who`='".intval($_SESSION['id'])."' LIMIT 1"); } hesk_process_messages($hesklang['note_edit_successful'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } /* Print header */ require_once(HESK_PATH . 'inc/headerAdmin.inc.php'); /* List of categories */ $result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` ASC"); $categories_options=''; while ($row=hesk_dbFetchAssoc($result)) { $selected = ''; if ($row['id'] == $ticket['category']) {$selected='selected';} $categories_options.=''; } /* List of users */ $admins = array(); $result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `active` = '1' ORDER BY `id` ASC"); while ($row=hesk_dbFetchAssoc($result)) { /* Is this an administrator? */ if ($row['isadmin']) { $admins[$row['id']]=$row['name']; continue; } /* Not admin, is user allowed to view tickets? */ if (strpos($row['heskprivileges'], 'can_view_tickets') !== false) { /* Is user allowed to access this category? */ $cat=substr($row['categories'], 0); $row['categories']=explode(',',$cat); if (in_array($ticket['category'],$row['categories'])) { $admins[$row['id']]=$row['name']; continue; } } } /* Get replies */ $reply = ''; $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` " . ($hesk_settings['new_top'] ? 'DESC' : 'ASC') ); $replies = hesk_dbNumRows($result); // Demo mode if ( defined('HESK_DEMO') ) { $ticket['email'] = 'hidden@demo.com'; $ticket['ip'] = '127.0.0.1'; } /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); ?>
fetch_assoc(); echo ' '; echo ' '.$parent['trackid'].''; } else { echo $hesklang['none']; } ?>
fetch_assoc()) {
$hasRows = true;
echo '
';
echo ' '.$row['trackid'].'';
echo '
';
}
if (!$hasRows) {
echo $hesklang['none'];
}
?>
'.$hesklang['add_child'].''; ?>
'.$hesklang['priority'].'
'; echo ''.$hesklang['status'].'
'; $status_options = array(); $results = hesk_dbQuery("SELECT `ID`, `ShortNameContentKey` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses`"); while ($row = $results->fetch_assoc()) { $selected = $ticket['status'] == $row['ID'] ? 'selected' : ''; $status_options[$row['ID']] = ''; } echo ''.$hesklang['owner'].'
'; if (hesk_checkPermission('can_assign_others',0)) { echo''.$hesklang['category'].'
'; if ($can_change_cat) { echo ' '; } else { echo ''.$category['name'].'
'; } echo '
:
$v)
{
if ($v['use'] && $v['place']==0)
{
echo '
'.$v['name'].': '.$ticket[$k].'
'; } } ?>:
'.$v['name'].': '.$ticket[$k].'
'; } } /* Attachments */ hesk_listAttachments($ticket['attachments'], $i); ?>
:
:
'.$hesklang['rh'].'
'; } } /* Show "unread reply" message? */ if ($reply['staffid'] && ! $reply['read']) { echo ''.$hesklang['unread'].'
'; } ?>