Netsyms
/
Mods-for-HESK-Netsyms
2
0
Разклонения 0
Код Задачи 0 Заявки за сливане 0 Версии 56 Уики Activity
Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2319 Ревизии
6 Клонове
9.5MB
Клон: master
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от 'master'
${ noResults }
Mods-for-HESK-Netsyms/reply_ticket.php

241 lines
9.2KB
Директен файл Постоянна връзка Blame История 

  1. <?php

  2. /**

  3.  *

  4.  * This file is part of HESK - PHP Help Desk Software.

  5.  *

  6.  * (c) Copyright Klemen Stirn. All rights reserved.

  7.  * https://www.hesk.com

  8.  *

  9.  * For the full copyright and license agreement information visit

  10.  * https://www.hesk.com/eula.php

  11.  *

  12.  */

  13. 

  14. define('IN_SCRIPT', 1);

  15. define('HESK_PATH', './');

  16. 

  17. /* Get all the required files and functions */

  18. require(HESK_PATH . 'hesk_settings.inc.php');

  19. require(HESK_PATH . 'inc/common.inc.php');

  20. 

  21. // Are we in maintenance mode?

  22. hesk_check_maintenance();

  23. 

  24. hesk_load_database_functions();

  25. require(HESK_PATH . 'inc/email_functions.inc.php');

  26. require(HESK_PATH . 'inc/posting_functions.inc.php');

  27. require(HESK_PATH . 'inc/htmLawed.php');

  28. 

  29. // We only allow POST requests to this file

  30. if ($_SERVER['REQUEST_METHOD'] != 'POST') {

  31.     header('Location: index.php');

  32.     exit();

  33. }

  34. 

  35. // Check for POST requests larger than what the server can handle

  36. if (empty($_POST) && !empty($_SERVER['CONTENT_LENGTH'])) {

  37.     hesk_error($hesklang['maxpost']);

  38. }

  39. 

  40. hesk_session_start();

  41. 

  42. /* A security check */

  43. # hesk_token_check('POST');

  44. 

  45. 

  46. /* Connect to database */

  47. hesk_dbConnect();

  48. $hesk_error_buffer = array();

  49. 

  50. // Tracking ID

  51. $trackingID = hesk_cleanID('orig_track') or die($hesklang['int_error'] . ': No orig_track');

  52. 

  53. // Email required to view ticket?

  54. $my_email = hesk_getCustomerEmail();

  55. 

  56. // Setup required session vars

  57. $_SESSION['t_track'] = $trackingID;

  58. $_SESSION['t_email'] = $my_email;

  59. 

  60. // Get message

  61. $message = hesk_input(hesk_POST('message'));

  62. 

  63. // If the message was entered, further parse it

  64. $modsForHesk_settings = mfh_getSettings();

  65. if (strlen($message)) {

  66.     if (!$modsForHesk_settings['rich_text_for_tickets_for_customers']) {

  67.         // Make links clickable

  68.         $message = hesk_makeURL($message);

  69. 

  70.         // Turn newlines into <br />

  71.         $message = nl2br($message);

  72.     }

  73. } else {

  74.     $hesk_error_buffer[] = $hesklang['enter_message'];

  75. }

  76. 

  77. /* Attachments */

  78. if ($hesk_settings['attachments']['use']) {

  79.     require(HESK_PATH . 'inc/attachments.inc.php');

  80.     $attachments = array();

  81. 

  82.     $use_legacy_attachments = hesk_POST('use-legacy-attachments', 0);

  83.     if ($use_legacy_attachments) {

  84.         for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {

  85.             $att = hesk_uploadFile($i);

  86.             if ($att !== false && !empty($att)) {

  87.                 $attachments[$i] = $att;

  88.             }

  89.         }

  90.     } else {

  91.         // The user used the new drag-and-drop system.

  92.         $temp_attachment_ids = hesk_POST_array('attachment-ids');

  93.         foreach ($temp_attachment_ids as $temp_attachment_id) {

  94.             // Simply get the temp info and move it to the attachments table

  95.             $temp_attachment = mfh_getTemporaryAttachment($temp_attachment_id);

  96.             $attachments[] = $temp_attachment;

  97.             mfh_deleteTemporaryAttachment($temp_attachment_id);

  98.         }

  99.     }

  100. }

  101. $myattachments = '';

  102. 

  103. /* Any errors? */

  104. if (count($hesk_error_buffer) != 0) {

  105.     $_SESSION['ticket_message'] = hesk_POST('message');

  106. 

  107.     // If this was a reply after re-opening a ticket, force the form at the top

  108.     if (hesk_POST('reopen') == 1) {

  109.         $_SESSION['force_form_top'] = true;

  110.     }

  111. 

  112.     // Remove any successfully uploaded attachments

  113.     if ($hesk_settings['attachments']['use']) {

  114.         hesk_removeAttachments($attachments);

  115.     }

  116. 

  117.     $tmp = '';

  118.     foreach ($hesk_error_buffer as $error) {

  119.         $tmp .= "<li>$error</li>\n";

  120.     }

  121.     $hesk_error_buffer = $tmp;

  122. 

  123.     $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';

  124.     hesk_process_messages($hesk_error_buffer,'ticket.php');

  125. }

  126. 

  127. // Check if this IP is temporarily locked out

  128. $res = hesk_dbQuery("SELECT `number` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape(hesk_getClientIP())."' AND `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE ) > NOW() LIMIT 1");

  129. if (hesk_dbNumRows($res) == 1) {

  130.     if (hesk_dbResult($res) >= $hesk_settings['attempt_limit']) {

  131.         unset($_SESSION);

  132.         hesk_error(sprintf($hesklang['yhbb'], $hesk_settings['attempt_banmin']), 0);

  133.     }

  134. }

  135. 

  136. /* Get details about the original ticket */

  137. $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='{$trackingID}' LIMIT 1");

  138. if (hesk_dbNumRows($res) != 1) {

  139.     hesk_error($hesklang['ticket_not_found']);

  140. }

  141. $ticket = hesk_dbFetchAssoc($res);

  142. 

  143. /* If we require e-mail to view tickets check if it matches the one in database */

  144. hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']);

  145. 

  146. /* Ticket locked? */

  147. if ($ticket['locked']) {

  148.     hesk_process_messages($hesklang['tislock2'],'ticket.php');

  149.     exit();

  150. }

  151. 

  152. // Prevent flooding ticket replies

  153. $res = hesk_dbQuery("SELECT `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='{$ticket['id']}' AND `dt` > DATE_SUB(NOW(), INTERVAL 10 MINUTE) ORDER BY `id` ASC");

  154. if (hesk_dbNumRows($res) > 0) {

  155.     $sequential_customer_replies = 0;

  156.     while ($tmp = hesk_dbFetchAssoc($res)) {

  157.         $sequential_customer_replies = $tmp['staffid'] ? 0 : $sequential_customer_replies + 1;

  158.     }

  159.     if ($sequential_customer_replies > 10) {

  160.         hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` (`ip`, `number`) VALUES ('".hesk_dbEscape(hesk_getClientIP())."', ".intval($hesk_settings['attempt_limit'] + 1).")");

  161.         hesk_error(sprintf($hesklang['yhbr'], $hesk_settings['attempt_banmin']), 0);

  162.     }

  163. }

  164. 

  165. /* Insert attachments */

  166. if ($hesk_settings['attachments']['use'] && !empty($attachments)) {

  167.     foreach ($attachments as $myatt) {

  168.         hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('{$trackingID}','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");

  169.         $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . '#' . $myatt['saved_name'] . ',';

  170.     }

  171. }

  172. 

  173. // If staff hasn't replied yet, don't change the status; otherwise set it to the status for customer replies.

  174. $rs = hesk_dbQuery("SELECT `Closable` from `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `ID` = " . intval($ticket['status']));

  175. $is_status_changable = hesk_dbFetchAssoc($rs);

  176. if ($is_status_changable['Closable'] == 'yes' || $is_status_changable['Closable'] == 'conly') {

  177.     $customerReplyStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsCustomerReplyStatus` = 1';

  178.     $defaultNewTicketStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1';

  179.     $newStatusRs = hesk_dbQuery($customerReplyStatusQuery);

  180.     $newStatus = hesk_dbFetchAssoc($newStatusRs);

  181.     $defaultNewTicketStatusRs = hesk_dbQuery($defaultNewTicketStatusQuery);

  182.     $defaultNewTicketStatus = hesk_dbFetchAssoc($defaultNewTicketStatusRs);

  183. 

  184.     $ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];

  185. }

  186. 

  187. /* Update ticket as necessary */

  188. $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}'");

  189. 

  190. // Insert reply into database

  191. $modsForHesk_settings = mfh_getSettings();

  192. $html = $modsForHesk_settings['rich_text_for_tickets_for_customers'];

  193. hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`, `html`) VALUES ({$ticket['id']},'" . hesk_dbEscape($ticket['name']) . "','" . hesk_dbEscape($message) . "',NOW(),'" . hesk_dbEscape($myattachments) . "','" . $html . "')");

  194. 

  195. 

  196. /*** Need to notify any staff? ***/

  197. 

  198. // --> Prepare reply message

  199. 

  200. // 1. Generate the array with ticket info that can be used in emails

  201. $info = array(

  202.     'email' => $ticket['email'],

  203.     'category' => $ticket['category'],

  204.     'priority' => $ticket['priority'],

  205.     'owner' => $ticket['owner'],

  206.     'trackid' => $ticket['trackid'],

  207.     'status' => $ticket['status'],

  208.     'name' => $ticket['name'],

  209.     'subject' => $ticket['subject'],

  210.     'message' => stripslashes($message),

  211.     'attachments' => $myattachments,

  212.     'dt' => hesk_date($ticket['dt'], true),

  213.     'lastchange' => hesk_date($ticket['lastchange'], true),

  214.     'id' => $ticket['id'],

  215.     'time_worked'   => $ticket['time_worked'],

  216.     'last_reply_by' => $ticket['name'],

  217. );

  218. 

  219. // 2. Add custom fields to the array

  220. foreach ($hesk_settings['custom_fields'] as $k => $v) {

  221.     $info[$k] = $v['use'] ? $ticket[$k] : '';

  222. }

  223. 

  224. // 3. Make sure all values are properly formatted for email

  225. $ticket = hesk_ticketToPlain($info, 1, 0);

  226. 

  227. // --> If ticket is assigned just notify the owner

  228. if ($ticket['owner']) {

  229.     hesk_notifyAssignedStaff(false, 'new_reply_by_customer', $modsForHesk_settings, 'notify_reply_my');

  230. } // --> No owner assigned, find and notify appropriate staff

  231. else {

  232.     hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'", $modsForHesk_settings);

  233. }

  234. 

  235. /* Clear unneeded session variables */

  236. hesk_cleanSessionVars('ticket_message');

  237. 

  238. /* Show the ticket and the success message */

  239. hesk_process_messages($hesklang['reply_submitted_success'],'ticket.php','SUCCESS');

  240. exit();