Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

reply_ticket.php 9.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240
  1. <?php
  2. /**
  3. *
  4. * This file is part of HESK - PHP Help Desk Software.
  5. *
  6. * (c) Copyright Klemen Stirn. All rights reserved.
  7. * https://www.hesk.com
  8. *
  9. * For the full copyright and license agreement information visit
  10. * https://www.hesk.com/eula.php
  11. *
  12. */
  13. define('IN_SCRIPT', 1);
  14. define('HESK_PATH', './');
  15. /* Get all the required files and functions */
  16. require(HESK_PATH . 'hesk_settings.inc.php');
  17. require(HESK_PATH . 'inc/common.inc.php');
  18. // Are we in maintenance mode?
  19. hesk_check_maintenance();
  20. hesk_load_database_functions();
  21. require(HESK_PATH . 'inc/email_functions.inc.php');
  22. require(HESK_PATH . 'inc/posting_functions.inc.php');
  23. require(HESK_PATH . 'inc/htmLawed.php');
  24. // We only allow POST requests to this file
  25. if ($_SERVER['REQUEST_METHOD'] != 'POST') {
  26. header('Location: index.php');
  27. exit();
  28. }
  29. // Check for POST requests larger than what the server can handle
  30. if (empty($_POST) && !empty($_SERVER['CONTENT_LENGTH'])) {
  31. hesk_error($hesklang['maxpost']);
  32. }
  33. hesk_session_start();
  34. /* A security check */
  35. # hesk_token_check('POST');
  36. /* Connect to database */
  37. hesk_dbConnect();
  38. $hesk_error_buffer = array();
  39. // Tracking ID
  40. $trackingID = hesk_cleanID('orig_track') or die($hesklang['int_error'] . ': No orig_track');
  41. // Email required to view ticket?
  42. $my_email = hesk_getCustomerEmail();
  43. // Setup required session vars
  44. $_SESSION['t_track'] = $trackingID;
  45. $_SESSION['t_email'] = $my_email;
  46. // Get message
  47. $message = hesk_input(hesk_POST('message'));
  48. // If the message was entered, further parse it
  49. $modsForHesk_settings = mfh_getSettings();
  50. if (strlen($message)) {
  51. if (!$modsForHesk_settings['rich_text_for_tickets_for_customers']) {
  52. // Make links clickable
  53. $message = hesk_makeURL($message);
  54. // Turn newlines into <br />
  55. $message = nl2br($message);
  56. }
  57. } else {
  58. $hesk_error_buffer[] = $hesklang['enter_message'];
  59. }
  60. /* Attachments */
  61. if ($hesk_settings['attachments']['use']) {
  62. require(HESK_PATH . 'inc/attachments.inc.php');
  63. $attachments = array();
  64. $use_legacy_attachments = hesk_POST('use-legacy-attachments', 0);
  65. if ($use_legacy_attachments) {
  66. for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
  67. $att = hesk_uploadFile($i);
  68. if ($att !== false && !empty($att)) {
  69. $attachments[$i] = $att;
  70. }
  71. }
  72. } else {
  73. // The user used the new drag-and-drop system.
  74. $temp_attachment_ids = hesk_POST_array('attachment-ids');
  75. foreach ($temp_attachment_ids as $temp_attachment_id) {
  76. // Simply get the temp info and move it to the attachments table
  77. $temp_attachment = mfh_getTemporaryAttachment($temp_attachment_id);
  78. $attachments[] = $temp_attachment;
  79. mfh_deleteTemporaryAttachment($temp_attachment_id);
  80. }
  81. }
  82. }
  83. $myattachments = '';
  84. /* Any errors? */
  85. if (count($hesk_error_buffer) != 0) {
  86. $_SESSION['ticket_message'] = hesk_POST('message');
  87. // If this was a reply after re-opening a ticket, force the form at the top
  88. if (hesk_POST('reopen') == 1) {
  89. $_SESSION['force_form_top'] = true;
  90. }
  91. // Remove any successfully uploaded attachments
  92. if ($hesk_settings['attachments']['use']) {
  93. hesk_removeAttachments($attachments);
  94. }
  95. $tmp = '';
  96. foreach ($hesk_error_buffer as $error) {
  97. $tmp .= "<li>$error</li>\n";
  98. }
  99. $hesk_error_buffer = $tmp;
  100. $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
  101. hesk_process_messages($hesk_error_buffer,'ticket.php');
  102. }
  103. // Check if this IP is temporarily locked out
  104. $res = hesk_dbQuery("SELECT `number` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape(hesk_getClientIP())."' AND `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE ) > NOW() LIMIT 1");
  105. if (hesk_dbNumRows($res) == 1) {
  106. if (hesk_dbResult($res) >= $hesk_settings['attempt_limit']) {
  107. unset($_SESSION);
  108. hesk_error(sprintf($hesklang['yhbb'], $hesk_settings['attempt_banmin']), 0);
  109. }
  110. }
  111. /* Get details about the original ticket */
  112. $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='{$trackingID}' LIMIT 1");
  113. if (hesk_dbNumRows($res) != 1) {
  114. hesk_error($hesklang['ticket_not_found']);
  115. }
  116. $ticket = hesk_dbFetchAssoc($res);
  117. /* If we require e-mail to view tickets check if it matches the one in database */
  118. hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']);
  119. /* Ticket locked? */
  120. if ($ticket['locked']) {
  121. hesk_process_messages($hesklang['tislock2'],'ticket.php');
  122. exit();
  123. }
  124. // Prevent flooding ticket replies
  125. $res = hesk_dbQuery("SELECT `staffid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='{$ticket['id']}' AND `dt` > DATE_SUB(NOW(), INTERVAL 10 MINUTE) ORDER BY `id` ASC");
  126. if (hesk_dbNumRows($res) > 0) {
  127. $sequential_customer_replies = 0;
  128. while ($tmp = hesk_dbFetchAssoc($res)) {
  129. $sequential_customer_replies = $tmp['staffid'] ? 0 : $sequential_customer_replies + 1;
  130. }
  131. if ($sequential_customer_replies > 10) {
  132. hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` (`ip`, `number`) VALUES ('".hesk_dbEscape(hesk_getClientIP())."', ".intval($hesk_settings['attempt_limit'] + 1).")");
  133. hesk_error(sprintf($hesklang['yhbr'], $hesk_settings['attempt_banmin']), 0);
  134. }
  135. }
  136. /* Insert attachments */
  137. if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
  138. foreach ($attachments as $myatt) {
  139. hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('{$trackingID}','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
  140. $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] . '#' . $myatt['saved_name'] . ',';
  141. }
  142. }
  143. // If staff hasn't replied yet, don't change the status; otherwise set it to the status for customer replies.
  144. $rs = hesk_dbQuery("SELECT `Closable` from `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `ID` = " . intval($ticket['status']));
  145. $is_status_changable = hesk_dbFetchAssoc($rs);
  146. if ($is_status_changable['Closable'] == 'yes' || $is_status_changable['Closable'] == 'conly') {
  147. $customerReplyStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsCustomerReplyStatus` = 1';
  148. $defaultNewTicketStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1';
  149. $newStatusRs = hesk_dbQuery($customerReplyStatusQuery);
  150. $newStatus = hesk_dbFetchAssoc($newStatusRs);
  151. $defaultNewTicketStatusRs = hesk_dbQuery($defaultNewTicketStatusQuery);
  152. $defaultNewTicketStatus = hesk_dbFetchAssoc($defaultNewTicketStatusRs);
  153. $ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];
  154. }
  155. /* Update ticket as necessary */
  156. $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}'");
  157. // Insert reply into database
  158. $modsForHesk_settings = mfh_getSettings();
  159. $html = $modsForHesk_settings['rich_text_for_tickets_for_customers'];
  160. hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`, `html`) VALUES ({$ticket['id']},'" . hesk_dbEscape($ticket['name']) . "','" . hesk_dbEscape($message) . "',NOW(),'" . hesk_dbEscape($myattachments) . "','" . $html . "')");
  161. /*** Need to notify any staff? ***/
  162. // --> Prepare reply message
  163. // 1. Generate the array with ticket info that can be used in emails
  164. $info = array(
  165. 'email' => $ticket['email'],
  166. 'category' => $ticket['category'],
  167. 'priority' => $ticket['priority'],
  168. 'owner' => $ticket['owner'],
  169. 'trackid' => $ticket['trackid'],
  170. 'status' => $ticket['status'],
  171. 'name' => $ticket['name'],
  172. 'subject' => $ticket['subject'],
  173. 'message' => stripslashes($message),
  174. 'attachments' => $myattachments,
  175. 'dt' => hesk_date($ticket['dt'], true),
  176. 'lastchange' => hesk_date($ticket['lastchange'], true),
  177. 'id' => $ticket['id'],
  178. 'time_worked' => $ticket['time_worked'],
  179. 'last_reply_by' => $ticket['name'],
  180. );
  181. // 2. Add custom fields to the array
  182. foreach ($hesk_settings['custom_fields'] as $k => $v) {
  183. $info[$k] = $v['use'] ? $ticket[$k] : '';
  184. }
  185. // 3. Make sure all values are properly formatted for email
  186. $ticket = hesk_ticketToPlain($info, 1, 0);
  187. // --> If ticket is assigned just notify the owner
  188. if ($ticket['owner']) {
  189. hesk_notifyAssignedStaff(false, 'new_reply_by_customer', $modsForHesk_settings, 'notify_reply_my');
  190. } // --> No owner assigned, find and notify appropriate staff
  191. else {
  192. hesk_notifyStaff('new_reply_by_customer', "`notify_reply_unassigned`='1'", $modsForHesk_settings);
  193. }
  194. /* Clear unneeded session variables */
  195. hesk_cleanSessionVars('ticket_message');
  196. /* Show the ticket and the success message */
  197. hesk_process_messages($hesklang['reply_submitted_success'],'ticket.php','SUCCESS');
  198. exit();