');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/status_functions.inc.php');
require(HESK_PATH . 'inc/view_attachment_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
$modsForHesk_settings = mfh_getSettings();
$can_del_notes = hesk_checkPermission('can_del_notes', 0);
$can_reply = hesk_checkPermission('can_reply_tickets', 0);
$can_delete = hesk_checkPermission('can_del_tickets', 0);
$can_edit = hesk_checkPermission('can_edit_tickets', 0);
$can_archive = hesk_checkPermission('can_add_archive', 0);
$can_assign_self = hesk_checkPermission('can_assign_self', 0);
$can_view_unassigned = hesk_checkPermission('can_view_unassigned', 0);
$can_change_cat = hesk_checkPermission('can_change_cat', 0);
$can_ban_emails = hesk_checkPermission('can_ban_emails', 0);
$can_unban_emails = hesk_checkPermission('can_unban_emails', 0);
$can_ban_ips = hesk_checkPermission('can_ban_ips', 0);
$can_unban_ips = hesk_checkPermission('can_unban_ips', 0);
// Get ticket ID
$trackingID = hesk_cleanID() or print_form();
$_SERVER['PHP_SELF'] = 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999);
/* We will need timer function */
define('TIMER', 1);
/* Get ticket info */
$res = hesk_dbQuery("SELECT `t1`.* , `t2`.name AS `repliername` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
/* Ticket found? */
if (hesk_dbNumRows($res) != 1) {
/* Ticket not found, perhaps it was merged with another ticket? */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `merged` LIKE '%#" . hesk_dbEscape($trackingID) . "#%' LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
/* OK, found in a merged ticket. Get info */
$ticket = hesk_dbFetchAssoc($res);
hesk_process_messages(sprintf($hesklang['tme'], $trackingID, $ticket['trackid']), 'NOREDIRECT', 'NOTICE');
$trackingID = $ticket['trackid'];
} else {
/* Nothing found, error out */
hesk_process_messages($hesklang['ticket_not_found'], 'NOREDIRECT');
print_form();
}
} else {
/* We have a match, get ticket info */
$ticket = hesk_dbFetchAssoc($res);
}
/* Permission to view this ticket? */
if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) {
hesk_error($hesklang['ycvtao']);
}
if (!$ticket['owner'] && !$can_view_unassigned) {
hesk_error($hesklang['ycovtay']);
}
/* Set last replier name */
if ($ticket['lastreplier']) {
if (empty($ticket['repliername'])) {
$ticket['repliername'] = $hesklang['staff'];
}
} else {
$ticket['repliername'] = $ticket['name'];
}
/* Get category name and ID */
$result = hesk_dbQuery("SELECT `id`, `name`, `manager` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($ticket['category']) . "' LIMIT 1");
/* If this category has been deleted use the default category with ID 1 */
if (hesk_dbNumRows($result) != 1) {
$result = hesk_dbQuery("SELECT `id`, `name`, `manager` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='1' LIMIT 1");
}
$category = hesk_dbFetchAssoc($result);
$managerRS = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` WHERE `id` = ' . intval($_SESSION['id']));
$managerRow = hesk_dbFetchAssoc($managerRS);
$isManager = $managerRow['id'] == $category['manager'];
if ($isManager) {
$can_del_notes = $can_reply = $can_delete = $can_edit = $can_archive = $can_assign_self = $can_view_unassigned = $can_change_cat = true;
}
/* Is this user allowed to view tickets inside this category? */
hesk_okCategory($category['id']);
/* Delete post action */
if (isset($_GET['delete_post']) && $can_delete && hesk_token_check()) {
$n = intval(hesk_GET('delete_post'));
if ($n) {
/* Get last reply ID, we'll need it later */
$res = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` DESC LIMIT 1");
$last_reply_id = hesk_dbResult($res, 0, 0);
// Was this post submitted by staff and does it have any attachments?
$res = hesk_dbQuery("SELECT `dt`, `staffid`, `attachments` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
$reply = hesk_dbFetchAssoc($res);
// If the reply was by a staff member update the appropriate columns
if ($reply['staffid']) {
// Is this the only staff reply? Delete "firstreply" and "firstreplyby" columns
if ($ticket['staffreplies'] <= 1) {
$staffreplies_sql = ' , `firstreply`=NULL, `firstreplyby`=NULL, `staffreplies`=0 ';
} // Are we deleting the first staff reply? Update "firstreply" and "firstreplyby" columns
elseif ($reply['dt'] == $ticket['firstreply'] && $reply['staffid'] == $ticket['firstreplyby']) {
// Get the new first reply info
$res = hesk_dbQuery("SELECT `dt`, `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' AND `id`!='" . intval($n) . "' AND `staffid`!=0 ORDER BY `id` ASC LIMIT 1");
// Did we find the new first reply?
if (hesk_dbNumRows($res)) {
$firstreply = hesk_dbFetchAssoc($res);
$staffreplies_sql = " , `firstreply`='" . hesk_dbEscape($firstreply['dt']) . "', `firstreplyby`='" . hesk_dbEscape($firstreply['staffid']) . "', `staffreplies`=`staffreplies`-1 ";
} // The count must have been wrong, update it
else {
$staffreplies_sql = ' , `firstreply`=NULL, `firstreplyby`=NULL, `staffreplies`=0 ';
}
} // OK, this is not the first and not the only staff reply, just reduce number
else {
$staffreplies_sql = ' , `staffreplies`=`staffreplies`-1 ';
}
} else {
$staffreplies_sql = '';
}
/* Delete any attachments to this post */
if (strlen($reply['attachments'])) {
$hesk_settings['server_path'] = dirname(dirname(__FILE__));
/* List of attachments */
$att = explode(',', substr($reply['attachments'], 0, -1));
foreach ($att as $myatt) {
list($att_id, $att_name) = explode('#', $myatt);
/* Delete attachment files */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
if (hesk_dbNumRows($res) && $file = hesk_dbFetchAssoc($res)) {
hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
}
/* Delete attachments info from the database */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
}
}
/* Delete this reply */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
/* Reply wasn't deleted */
if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['repl1'], $_SERVER['PHP_SELF']);
} else {
$closed_sql = '';
$changeStatusRs = hesk_dbQuery('SELECT `id`, `LockedTicketStatus`, `IsCustomerReplyStatus`, `IsDefaultStaffReplyStatus`, `IsNewTicketStatus`
FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses`
WHERE `LockedTicketStatus` = 1
OR `IsCustomerReplyStatus` = 1
OR `IsDefaultStaffReplyStatus` = 1
OR `IsNewTicketStatus` = 1');
$lockedTicketStatus = '';
$customerReplyStatus = '';
$defaultStaffReplyStatus = '';
$newTicketStatus = '';
while ($row = hesk_dbFetchAssoc($changeStatusRs)) {
if ($row['LockedTicketStatus']) {
$lockedTicketStatus = $row['id'];
} elseif ($row['IsCustomerReplyStatus']) {
$customerReplyStatus = $row['id'];
} elseif ($row['IsDefaultStaffReplyStatus']) {
$defaultStaffReplyStatus = $row['id'];
} elseif ($row['IsNewTicketStatus']) {
$newTicketStatus = $row['id'];
}
}
/* Reply deleted. Need to update status and last replier? */
$res = hesk_dbQuery("SELECT `dt`, `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` DESC LIMIT 1");
if (hesk_dbNumRows($res)) {
$replier_id = hesk_dbResult($res, 0, 1);
$last_replier = $replier_id ? 1 : 0;
/* Change status? */
$status_sql = '';
if ($last_reply_id == $n) {
$status = $ticket['locked'] ? $lockedTicketStatus : ($last_replier ? $defaultStaffReplyStatus : $customerReplyStatus);
$status_sql = " , `status`='" . intval($status) . "' ";
// Update closedat and closedby columns as required
if ($status == $lockedTicketStatus) {
$closed_sql = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . " ";
}
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='" . intval($replier_id) . "', `replies`=`replies`-1 $status_sql $closed_sql $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
} else {
// Update status, closedat and closedby columns as required
if ($ticket['locked']) {
$status = $lockedTicketStatus;
$closed_sql = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . " ";
} else {
$status = $newTicketStatus;
$closed_sql = " , `closedat`=NULL, `closedby`=NULL ";
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='$status', `replies`=0 $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
}
hesk_process_messages($hesklang['repl'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
} else {
hesk_process_messages($hesklang['repl0'], $_SERVER['PHP_SELF']);
}
}
/* Delete notes action */
if (isset($_GET['delnote']) && hesk_token_check()) {
$n = intval(hesk_GET('delnote'));
if ($n) {
// Get note info
$res = hesk_dbQuery("SELECT `who`, `attachments` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`={$n}");
if (hesk_dbNumRows($res)) {
$note = hesk_dbFetchAssoc($res);
// Permission to delete note?
if ($can_del_notes || $note['who'] == $_SESSION['id']) {
// Delete note
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`='" . intval($n) . "' LIMIT 1");
// Delete attachments
if (strlen($note['attachments'])) {
$hesk_settings['server_path'] = dirname(dirname(__FILE__));
$attachments = array();
$att = explode(',', substr($note['attachments'], 0, -1));
foreach ($att as $myatt) {
list($att_id, $att_name) = explode('#', $myatt);
$attachments[] = intval($att_id);
}
if (count($attachments)) {
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id` IN (" . implode(',', $attachments) . ") ");
while ($file = hesk_dbFetchAssoc($res)) {
hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
}
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id` IN (" . implode(',', $attachments) . ") ");
}
}
}
}
}
header('Location: admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
exit();
}
/* Add a note action */
if (isset($_POST['notemsg']) && hesk_token_check('POST')) {
// Error buffer
$hesk_error_buffer = array();
// Get message
$msg = hesk_input(hesk_POST('notemsg'));
// Get attachments
if ($hesk_settings['attachments']['use']) {
require(HESK_PATH . 'inc/posting_functions.inc.php');
require(HESK_PATH . 'inc/htmLawed.php');
require(HESK_PATH . 'inc/attachments.inc.php');
$attachments = array();
$use_legacy_attachments = hesk_POST('use-legacy-attachments', 0);
if ($use_legacy_attachments) {
for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
$att = hesk_uploadFile($i);
if ($att !== false && !empty($att)) {
$attachments[$i] = $att;
}
}
} else {
// The user used the new drag-and-drop system.
$temp_attachment_ids = hesk_POST_array('attachment-ids');
foreach ($temp_attachment_ids as $temp_attachment_id) {
// Simply get the temp info and move it to the attachments table
$temp_attachment = mfh_getTemporaryAttachment($temp_attachment_id);
$attachments[] = $temp_attachment;
mfh_deleteTemporaryAttachment($temp_attachment_id);
}
}
}
$myattachments = '';
// We need message and/or attachments to accept note
if (count($attachments) || strlen($msg) || count($hesk_error_buffer)) {
// Any errors?
if (count($hesk_error_buffer) != 0) {
$_SESSION['note_message'] = hesk_POST('notemsg');
// Remove any successfully uploaded attachments
if ($hesk_settings['attachments']['use']) {
hesk_removeAttachments($attachments);
}
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "
$error\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '
' . $hesk_error_buffer . '
';
hesk_process_messages($hesk_error_buffer, 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . rand(10000, 99999));
}
// Process attachments
if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
foreach ($attachments as $myatt) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`,`type`) VALUES ('" . hesk_dbEscape($trackingID) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "', '1')");
$myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . '#' . $myatt['saved_name'] . ',';
}
}
// Add note to database
$msg = nl2br(hesk_makeURL($msg));
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` (`ticket`,`who`,`dt`,`message`,`attachments`) VALUES ('" . intval($ticket['id']) . "','" . intval($_SESSION['id']) . "',NOW(),'" . hesk_dbEscape($msg) . "','" . hesk_dbEscape($myattachments) . "')");
/* Notify assigned staff that a note has been added if needed */
$users = hesk_dbQuery("SELECT `email`, `notify_note` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE (`id`='" . intval($ticket['owner']) . "' OR (`isadmin` = '1' AND `notify_note_unassigned` = '1')) AND `id` <> '" . intval($_SESSION['id']) . "'");
if (hesk_dbNumRows($users) > 0) {
// 1. Generate the array with ticket info that can be used in emails
$info = array(
'email' => $ticket['email'],
'category' => $ticket['category'],
'priority' => $ticket['priority'],
'owner' => $ticket['owner'],
'trackid' => $ticket['trackid'],
'status' => $ticket['status'],
'name' => $_SESSION['name'],
'lastreplier' => $ticket['lastreplier'],
'subject' => $ticket['subject'],
'message' => stripslashes($msg),
'dt' => hesk_date($ticket['dt'], true),
'lastchange' => hesk_date($ticket['lastchange'], true),
'attachments' => $myattachments,
'id' => $ticket['id'],
);
// 2. Add custom fields to the array
foreach ($hesk_settings['custom_fields'] as $k => $v) {
$info[$k] = $v['use'] ? $ticket[$k] : '';
}
// 3. Make sure all values are properly formatted for email
$ticket = hesk_ticketToPlain($info, 1, 0);
/* Get email functions */
require(HESK_PATH . 'inc/email_functions.inc.php');
/* Format email subject and message for staff */
$subject = hesk_getEmailSubject('new_note', $ticket);
$message = hesk_getEmailMessage('new_note', $ticket, $modsForHesk_settings, 1);
$htmlMessage = hesk_getHtmlMessage('new_note', $ticket, $modsForHesk_settings, 1);
$hasMessage = hesk_doesTemplateHaveTag('new_note', '%%MESSAGE%%', $modsForHesk_settings);
/* Send email to staff */
while ($user = hesk_dbFetchAssoc($users)) {
hesk_mail($user['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, array(), array(), $hasMessage);
}
}
}
header('Location: admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
exit();
}
/* Update time worked */
if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST')) {
$h = intval(hesk_POST('h'));
$m = intval(hesk_POST('m'));
$s = intval(hesk_POST('s'));
/* Get time worked in proper format */
$time_worked = hesk_getTime($h . ':' . $m . ':' . $s);
/* Update database */
$revision = sprintf($hesklang['thist14'], hesk_date(), $time_worked, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
/* Show ticket */
hesk_process_messages($hesklang['twu'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
/* Add child action */
if (($can_reply || $can_edit) && isset($_POST['childTrackingId'])) {
//-- Make sure this isn't the same ticket or one of its merged tickets.
$mergedTickets = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` WHERE `trackid` =
\'' . hesk_dbEscape($trackingID) . '\' AND `merged` LIKE \'%#' . hesk_dbEscape($_POST['childTrackingId']) . '#%\'');
if ($_POST['childTrackingId'] == $trackingID || $mergedTickets->num_rows > 0) {
hesk_process_messages($hesklang['cannot_link_ticket_to_itself'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
}
//-- Does the child exist?
$existRs = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` WHERE `trackid` = \'' . hesk_dbEscape($_POST['childTrackingId']) . '\'');
if ($existRs->num_rows == 0) {
//-- Maybe it was merged?
$existRs = hesk_dbQuery('SELECT `trackid` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` WHERE `merged` LIKE \'#' . hesk_dbEscape($_POST['childTrackingId']) . '#\'');
if ($existRs->num_rows > 0) {
//-- Yes, it was merged. Set the child to the "new" ticket; not the merged one.
$exist = $existRs->fetch_assoc();
$_POST['childTrackingId'] = $exist['trackid'];
} else {
hesk_process_messages(sprintf($hesklang['linked_ticket_does_not_exist'], $_POST['childTrackingId']), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
}
}
//-- Check if the ticket is already a child.
$childRs = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` WHERE `parent` = ' . $ticket['id'] . ' AND `trackid` = \'' . $_POST['childTrackingId'] . '\'');
if ($childRs->num_rows > 0) {
hesk_process_messages(sprintf($hesklang['is_already_linked'], $_POST['childTrackingId']), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'NOTICE');
}
hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` SET `parent` = ' . $ticket['id'] . ' WHERE `trackid` = \'' . $_POST['childTrackingId'] . '\'');
hesk_process_messages(sprintf($hesklang['link_added'], $_POST['childTrackingId']), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
/* Delete child action */
if (($can_reply || $can_edit) && isset($_GET['deleteChild'])) {
//-- Delete the relationship
hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` SET `parent` = NULL WHERE `ID` = ' . hesk_dbEscape($_GET['deleteChild']));
hesk_process_messages($hesklang['ticket_no_longer_linked'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
} elseif (($can_reply || $can_edit) && isset($_GET['deleteParent'])) {
//-- Delete the relationship
hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` SET `parent` = NULL WHERE `ID` = ' . hesk_dbEscape($ticket['id']));
hesk_process_messages($hesklang['ticket_no_longer_linked'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
/* Delete attachment action */
if (isset($_GET['delatt']) && hesk_token_check()) {
if (!$can_delete || !$can_edit) {
hesk_process_messages($hesklang['no_permission'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
}
$att_id = intval(hesk_GET('delatt')) or hesk_error($hesklang['inv_att_id']);
$reply = intval(hesk_GET('reply', 0));
if ($reply < 1) {
$reply = 0;
}
$note = intval(hesk_GET('note', 0));
if ($note < 1) {
$note = 0;
}
/* Get attachment info */
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
if (hesk_dbNumRows($res) != 1) {
hesk_process_messages($hesklang['id_not_valid'] . ' (att_id)', 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
}
$att = hesk_dbFetchAssoc($res);
/* Is ticket ID valid for this attachment? */
if ($att['ticket_id'] != $trackingID) {
hesk_process_messages($hesklang['trackID_not_found'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999));
}
/* Delete file from server */
hesk_unlink(HESK_PATH . $hesk_settings['attach_dir'] . '/' . $att['saved_name']);
/* Delete attachment from database */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "'");
/* Update ticket or reply in the database */
$revision = sprintf($hesklang['thist12'], hesk_date(), $att['real_name'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
if ($reply) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($reply) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`='" . intval($reply) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
} elseif ($note) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`={$note} LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`={$note} LIMIT 1");
} else {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",',''), `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
}
hesk_process_messages($hesklang['kb_att_rem'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
//-- Update location action
if (isset($_POST['latitude']) && isset($_POST['longitude'])) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `latitude` = '" . hesk_dbEscape($_POST['latitude']) . "',
`longitude` = '" . hesk_dbEscape($_POST['longitude']) . "' WHERE `ID` = " . intval($ticket['id']));
//redirect
hesk_process_messages($hesklang['ticket_location_updated'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* List of categories */
$orderBy = $modsForHesk_settings['category_order_column'];
$result = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `usage` <> 2 ORDER BY `" . $orderBy . "` ASC");
$categories_options = '';
while ($row = hesk_dbFetchAssoc($result)) {
$selected = '';
if ($row['id'] == $ticket['category']) {
$selected = 'selected';
}
$categories_options .= '';
}
/* List of users */
$admins = array();
$result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1' ORDER BY `name` ASC");
while ($row = hesk_dbFetchAssoc($result)) {
/* Is this an administrator? */
if ($row['isadmin']) {
$admins[$row['id']] = $row['name'];
continue;
}
/* Not admin, is user allowed to view tickets? */
if (strpos($row['heskprivileges'], 'can_view_tickets') !== false) {
/* Is user allowed to access this category? */
$cat = substr($row['categories'], 0);
$row['categories'] = explode(',', $cat);
if (in_array($ticket['category'], $row['categories'])) {
$admins[$row['id']] = $row['name'];
continue;
}
}
}
/* Get replies */
if ($ticket['replies']) {
$reply = '';
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "' ORDER BY `id` " . ($hesk_settings['new_top'] ? 'DESC' : 'ASC'));
} else {
$reply = false;
}
// Demo mode
if (defined('HESK_DEMO')) {
$ticket['email'] = 'hidden@demo.com';
$ticket['ip'] = '127.0.0.1';
}
// If an email address is tied to this ticket, check if there are any others
$recentTickets = NULL;
if ($ticket['email'] != '') {
$recentTicketsSql = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets`
WHERE `email` = '" . hesk_dbEscape($ticket['email']) . "' AND `trackid` <> '" . hesk_dbEscape($trackingID) . "' ORDER BY `lastchange` DESC LIMIT 5");
while ($recentRow = hesk_dbFetchAssoc($recentTicketsSql)) {
if ($recentTickets === NULL) {
$recentTickets = array();
}
array_push($recentTickets, $recentRow);
}
if ($recentTickets !== NULL) {
$recentTicketsWithStatuses = array();
foreach ($recentTickets as $recentTicket) {
$newRecentTicket = $recentTicket;
$thisTicketStatusRS = hesk_dbQuery("SELECT `ID`, `TextColor` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `ID` = " . intval($recentTicket['status']));
$theStatusRow = hesk_dbFetchAssoc($thisTicketStatusRS);
$newRecentTicket['statusText'] = mfh_getDisplayTextForStatusId($theStatusRow['ID']);
$newRecentTicket['statusColor'] = $theStatusRow['TextColor'];
array_push($recentTicketsWithStatuses, $newRecentTicket);
}
$recentTickets = $recentTicketsWithStatuses;
}
}
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
-
' . $tmp; ?>
-
-
-
' . $hesklang['asss'] . '' : $hesklang['unas']);
?>
-
-
-
-
-
-
fetch_assoc();
echo '
';
echo ' ' . $parent['trackid'] . '';
}
//-- Check if any tickets have a parent set to this tracking ID
$hasRows = false;
$childrenRS = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets`
WHERE `parent` = ' . hesk_dbEscape($ticket['id']));
while ($row = $childrenRS->fetch_assoc()) {
$hasRows = true;
echo '
';
echo ' ' . $row['trackid'] . '';
echo '
';
}
if (!$hasRows && $ticket['parent'] == null) {
echo $hesklang['none'];
}
?>
' . $hesklang['add_ticket'] . ''; ?>
-
' . $recentTicket['trackid'] . ''; ?>
';
}
if ($ticket['locked']) {
echo ' ';
}
if ($modsForHesk_settings['display_user_agent_information']
&& $ticket['user_agent'] !== NULL
&& $ticket['screen_resolution_height'] !== NULL
&& $ticket['screen_resolution_height'] != 0
&& $ticket['screen_resolution_width'] !== NULL
&& $ticket['screen_resolution_width'] != 0
):
?>
' . $hesklang[$key] . '';
endif;
?>
fetch_assoc();
$isTicketClosed = $isTicketClosedRow['IsClosed'];
$isClosable = $isTicketClosedRow['Closable'] == 'yes' || $isTicketClosedRow['Closable'] == 'sonly';
echo '
';
$mgr = $isManager ? '&isManager=1' : '';
if ($isTicketClosed == 0 && $isClosable) // Ticket is still open
{
echo '
' . $hesklang['close_action'] . '';
} elseif ($isTicketClosed == 1) {
echo '
' . $hesklang['open_action'] . '';
}
$strippedName = strip_tags($ticket['name']);
$strippedEmail = strip_tags($ticket['email']);
$linkText = 'new_ticket.php?name=' . $strippedName . '&email=' . $strippedEmail . '&catid=' . $category['id'] . '&priority=' . $ticket['priority'];
foreach ($hesk_settings['custom_fields'] as $k => $v) {
if ($v['use'] == 1) {
if ($v['type'] == 'checkbox') {
$value = str_replace('
', '-CHECKBOX-', $ticket[$k]);
} else {
$value = $ticket[$k];
}
$strippedCustomField = strip_tags($value);
$linkText .= '&c_' . $k . '=' . $strippedCustomField;
}
}
echo '
' . $hesklang['create_based_on_contact'] . '
';
echo '
';
?>
$hesklang['critical'],
1 => $hesklang['high'],
2 => $hesklang['medium'],
3 => $hesklang['low']
);
$options = array();
for ($i = 0; $i < 4; $i++) {
$selected = $ticket['priority'] == $i ? 'selected' : '';
array_push($options, '
');
}
echo '
';
} elseif ($ticket['priority'] == 1) {
echo 'highPriority">';
} else {
echo 'medLowPriority">';
}
echo '
' . $hesklang['priority'] . '
';
echo '
';
echo '
' . $hesklang['status'] . '
';
$status_options = array();
$results = mfh_getAllStatuses();
foreach ($results as $row) {
$selected = $ticket['status'] == $row['ID'] ? 'selected' : '';
$status_options[$row['ID']] = '
';
}
echo '
';
echo '
' . $hesklang['owner'] . '
';
if (hesk_checkPermission('can_assign_others', 0) || $isManager) {
echo '
';
echo '
' . $hesklang['category'] . '
';
if ($can_change_cat) {
echo '
';
} else {
echo '
' . $category['name'] . '
';
}
echo '
';
?>
-
' : '';
$att = explode(',', substr($note['attachments'], 0, -1));
$num = count($att);
foreach ($att as $myatt) {
list($att_id, $att_name) = explode('#', $myatt);
// Can edit and delete note (attachments)?
if ($can_del_notes || $note['who'] == $_SESSION['id']) {
// If this is the last attachment and no message, show "delete ticket" link
if ($num == 1 && strlen($note['message']) == 0) {
echo '
';
} // Show "delete attachment" link
else {
echo '
';
}
}
echo '
' . $att_name . '
';
}
}
?>
';
}
?>
';
} else {
echo '
';
}
} else {
echo '
';
}
}
?>
:
$v) {
if ($v['use'] && $v['place'] == 0) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
echo '
' . $v['name'] . ': ';
if ($v['type'] == 'date' && !empty($ticket[$k])) {
$dt = date('Y-m-d h:i:s', $ticket[$k]);
echo hesk_dateToString($dt, 0);
} else {
echo $ticket[$k];
}
echo '
';
}
}
?>
$v) {
if ($v['use'] && $v['place']) {
if ($modsForHesk_settings['custom_field_setting']) {
$v['name'] = $hesklang[$v['name']];
}
echo '
' . $v['name'] . ': ';
if ($v['type'] == 'date' && !empty($ticket[$k])) {
$dt = date('Y-m-d h:i:s', $ticket[$k]);
echo hesk_dateToString($dt, 0);
} else {
echo $ticket[$k];
}
echo '
';
}
}
/* Attachments */
mfh_listAttachments($ticket['attachments'], 0, true);
// Show suggested KB articles
if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && strlen($ticket['articles'])) {
$suggested = array();
$suggested_list = '';
// Get article info from the database
$articles = hesk_dbQuery("SELECT `id`,`subject` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` WHERE `id` IN (" . preg_replace('/[^0-9\,]/', '', $ticket['articles']) . ")");
while ($article = hesk_dbFetchAssoc($articles)) {
$suggested[$article['id']] = '
' . $article['subject'] . '';
}
// Loop through the IDs to preserve the order they were suggested in
$articles = explode(',', $ticket['articles']);
foreach ($articles as $article) {
if (isset($suggested[$article])) {
$suggested_list .= $suggested[$article];
}
}
// Finally print suggested articles
if (strlen($suggested_list)) {
$suggested_list = '
' . $hesklang['taws'] . '' . $suggested_list . ' ';
echo $_SESSION['show_suggested'] ? $suggested_list : '
' . $hesklang['sska'] . '' . $suggested_list . '';
}
}
?>
';
/* Style and mousover/mousout */
$tmp = $white ? 'White' : 'Blue';
$style = 'class="option' . $tmp . 'OFF" onmouseover="this.className=\'option' . $tmp . 'ON\'" onmouseout="this.className=\'option' . $tmp . 'OFF\'"';
/* Lock ticket button */
if ( /* ! $reply && */
$can_edit
) {
if ($ticket['locked']) {
$des = $hesklang['tul'] . ' - ' . $hesklang['isloc'];
$options .= ' ' . $hesklang['tul'] . ' ';
} else {
$des = $hesklang['tlo'] . ' - ' . $hesklang['isloc'];
$options .= ' ' . $hesklang['tlo'] . ' ';
}
}
/* Tag ticket button */
if ( /* ! $reply && */
$can_archive
) {
if ($ticket['archive']) {
$options .= '' . $hesklang['remove_archive'] . ' ';
} else {
$options .= ' ' . $hesklang['add_archive'] . ' ';
}
}
/* Import to knowledgebase button */
if ($hesk_settings['kb_enable'] && hesk_checkPermission('can_man_kb', 0)) {
$options .= ' ' . $hesklang['import_kb'] . ' ';
}
/* Print ticket button */
$options .= ' ' . $hesklang['printer_friendly'] . ' ';
/* Edit post */
if ($can_edit) {
$tmp = $reply ? '&reply=' . $reply['id'] : '';
$mgr = $isManager ? '&isManager=true' : '';
$options .= ' ' . $hesklang['edtt'] . ' ';
}
/* Delete ticket */
if ($can_delete) {
if ($reply) {
$url = 'admin_ticket.php';
$tmp = 'delete_post=' . $reply['id'];
$img = 'delete.png';
$txt = $hesklang['delt'];
} else {
$url = 'delete_tickets.php';
$tmp = 'delete_ticket=1';
$img = 'delete_ticket.png';
$txt = $hesklang['dele'];
}
$options .= ' ' . $txt . ' ';
}
/* Return generated HTML */
$options .= '';
return $options;
} // END hesk_getAdminButtons()
function hesk_getAdminButtonsInTicket($reply = 0, $white = 1)
{
global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $isManager;
$options = '';
/* Style and mousover/mousout */
$tmp = $white ? 'White' : 'Blue';
$style = 'class="option' . $tmp . 'OFF" onmouseover="this.className=\'option' . $tmp . 'ON\'" onmouseout="this.className=\'option' . $tmp . 'OFF\'"';
/* Edit post */
if ($can_edit) {
$tmp = $reply ? '&reply=' . $reply['id'] : '';
$mgr = $isManager ? '&isManager=true' : '';
$options .= '
' . $hesklang['edtt'] . ' ';
}
/* Delete ticket */
if ($can_delete) {
if ($reply) {
$url = 'admin_ticket.php';
$tmp = 'delete_post=' . $reply['id'];
$img = 'delete.png';
$txt = $hesklang['delt'];
} else {
$url = 'delete_tickets.php';
$tmp = 'delete_ticket=1';
$img = 'delete_ticket.png';
$txt = $hesklang['dele'];
}
$options .= '
' . $txt . ' ';
}
/* Return generated HTML */
$options .= '
';
return $options;
} // END hesk_getAdminButtonsInTicket()
function print_form()
{
global $hesk_settings, $hesklang;
global $trackingID;
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>
' . $hesklang['rnh'] . '';
} elseif ($reply['rating'] == 5) {
echo '
' . $hesklang['rh'] . '
';
}
}
/* Show "unread reply" message? */
if ($reply['staffid'] && !$reply['read']) {
echo '
' . $hesklang['unread'] . '
';
}
?>