Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

admin_submit_ticket.php 14KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375
  1. <?php
  2. /**
  3. *
  4. * This file is part of HESK - PHP Help Desk Software.
  5. *
  6. * (c) Copyright Klemen Stirn. All rights reserved.
  7. * https://www.hesk.com
  8. *
  9. * For the full copyright and license agreement information visit
  10. * https://www.hesk.com/eula.php
  11. *
  12. */
  13. define('IN_SCRIPT', 1);
  14. define('HESK_PATH', '../');
  15. // Get all the required files and functions
  16. require(HESK_PATH . 'hesk_settings.inc.php');
  17. require(HESK_PATH . 'inc/common.inc.php');
  18. require(HESK_PATH . 'inc/admin_functions.inc.php');
  19. hesk_load_database_functions();
  20. require(HESK_PATH . 'inc/email_functions.inc.php');
  21. require(HESK_PATH . 'inc/htmLawed.php');
  22. require(HESK_PATH . 'inc/posting_functions.inc.php');
  23. hesk_session_start();
  24. hesk_dbConnect();
  25. hesk_isLoggedIn();
  26. $modsForHesk_settings = mfh_getSettings();
  27. // We only allow POST requests from the HESK form to this file
  28. if ($_SERVER['REQUEST_METHOD'] != 'POST') {
  29. header('Location: admin_main.php');
  30. exit();
  31. }
  32. // Check for POST requests larger than what the server can handle
  33. if (empty($_POST) && !empty($_SERVER['CONTENT_LENGTH'])) {
  34. hesk_error($hesklang['maxpost']);
  35. }
  36. $hesk_error_buffer = array();
  37. if ($hesk_settings['can_sel_lang']) {
  38. $tmpvar['language'] = hesk_POST('customerLanguage');
  39. }
  40. $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
  41. $email_available = true;
  42. if ($hesk_settings['require_email']) {
  43. $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
  44. } else {
  45. $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
  46. // Not required, but must be valid if it is entered
  47. if ($tmpvar['email'] == '') {
  48. $email_available = false;
  49. if (strlen(hesk_POST('email'))) {
  50. $hesk_error_buffer['email'] = $hesklang['not_valid_email'];
  51. }
  52. }
  53. }
  54. if ($hesk_settings['multi_eml']) {
  55. $tmpvar['email'] = str_replace(';',',', $tmpvar['email']);
  56. }
  57. $tmpvar['category'] = intval(hesk_POST('category')) or $hesk_error_buffer['category'] = $hesklang['sel_app_cat'];
  58. $tmpvar['priority'] = hesk_POST('priority');
  59. $tmpvar['priority'] = strlen($tmpvar['priority']) ? intval($tmpvar['priority']) : -1;
  60. if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3) {
  61. // If we are showing "Click to select" priority needs to be selected
  62. if ($hesk_settings['select_pri']) {
  63. $tmpvar['priority'] = -1;
  64. $hesk_error_buffer['priority'] = $hesklang['select_priority'];
  65. } else {
  66. $tmpvar['priority'] = 3;
  67. }
  68. }
  69. $tmpvar['subject'] = hesk_input( hesk_POST('subject') );
  70. if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
  71. $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
  72. }
  73. $tmpvar['message'] = hesk_input( hesk_POST('message') );
  74. if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
  75. $hesk_error_buffer['message'] = $hesklang['enter_message'];
  76. }
  77. // Is category a valid choice?
  78. if ($tmpvar['category']) {
  79. if ( ! hesk_checkPermission('can_submit_any_cat', 0) && ! hesk_okCategory($tmpvar['category'], 0) ) {
  80. hesk_process_messages($hesklang['noauth_submit'],'new_ticket.php');
  81. }
  82. hesk_verifyCategory(1);
  83. // Is auto-assign of tickets disabled in this category?
  84. if (empty($hesk_settings['category_data'][$tmpvar['category']]['autoassign'])) {
  85. $hesk_settings['autoassign'] = false;
  86. }
  87. }
  88. // Custom fields
  89. foreach ($hesk_settings['custom_fields'] as $k=>$v) {
  90. if ($v['use'] && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
  91. if ($v['type'] == 'checkbox') {
  92. $tmpvar[$k]='';
  93. if (isset($_POST[$k]) && is_array($_POST[$k])) {
  94. foreach ($_POST[$k] as $myCB) {
  95. $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';;
  96. }
  97. $tmpvar[$k]=substr($tmpvar[$k],0,-6);
  98. } else {
  99. if ($v['req'] == 2) {
  100. $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
  101. }
  102. $_POST[$k] = '';
  103. }
  104. } elseif ($v['type'] == 'date') {
  105. $tmpvar[$k] = hesk_POST($k);
  106. $_SESSION["as_$k"] = '';
  107. if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
  108. $date = strtotime($tmpvar[$k] . ' t00:00:00 UTC');
  109. $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00 UTC') : false;
  110. $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00 UTC') : false;
  111. $_SESSION["as_$k"] = $tmpvar[$k];
  112. if ($dmin && $dmin > $date) {
  113. $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
  114. } elseif ($dmax && $dmax < $date) {
  115. $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
  116. } else {
  117. $tmpvar[$k] = $date;
  118. }
  119. } else {
  120. $tmpvar[$k] = '';
  121. if ($v['req'] == 2) {
  122. $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
  123. }
  124. }
  125. } elseif ($v['type'] == 'email')
  126. {
  127. $tmp = $hesk_settings['multi_eml'];
  128. $hesk_settings['multi_eml'] = $v['value']['multiple'];
  129. $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
  130. $hesk_settings['multi_eml'] = $tmp;
  131. if ($tmpvar[$k] != '') {
  132. $_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
  133. } else {
  134. $_SESSION["as_$k"] = '';
  135. if ($v['req'] == 2) {
  136. $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
  137. }
  138. }
  139. } elseif ($v['req'] == 2) {
  140. $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
  141. if ($tmpvar[$k] == '') {
  142. $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
  143. }
  144. } else {
  145. $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
  146. }
  147. } else {
  148. $tmpvar[$k] = '';
  149. }
  150. }
  151. // Generate tracking ID
  152. $tmpvar['trackid'] = hesk_createID();
  153. // Log who submitted ticket
  154. $tmpvar['openedby'] = $_SESSION['id'];
  155. // Owner
  156. $tmpvar['owner'] = 0;
  157. $autoassign_owner = null;
  158. if (hesk_checkPermission('can_assign_others', 0)) {
  159. $tmpvar['owner'] = intval(hesk_POST('owner'));
  160. // If ID is -1 the ticket will be unassigned
  161. if ($tmpvar['owner'] == -1) {
  162. $tmpvar['owner'] = 0;
  163. } // Automatically assign owner?
  164. elseif ($tmpvar['owner'] == -2 && $hesk_settings['autoassign'] == 1) {
  165. $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
  166. if ($autoassign_owner) {
  167. $tmpvar['owner'] = intval($autoassign_owner['id']);
  168. } else {
  169. $tmpvar['owner'] = 0;
  170. }
  171. } // Check for invalid owner values
  172. elseif ($tmpvar['owner'] < 1) {
  173. $tmpvar['owner'] = 0;
  174. } else {
  175. // Has the new owner access to the selected category?
  176. $res = hesk_dbQuery("SELECT `name`,`isadmin`,`categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='{$tmpvar['owner']}' LIMIT 1");
  177. if (hesk_dbNumRows($res) == 1) {
  178. $row = hesk_dbFetchAssoc($res);
  179. if (!$row['isadmin']) {
  180. $row['categories'] = explode(',', $row['categories']);
  181. if (!in_array($tmpvar['category'], $row['categories'])) {
  182. $_SESSION['isnotice'][] = 'category';
  183. $hesk_error_buffer['owner'] = $hesklang['onasc'];
  184. }
  185. }
  186. } else {
  187. $_SESSION['isnotice'][] = 'category';
  188. $hesk_error_buffer['owner'] = $hesklang['onasc'];
  189. }
  190. }
  191. } elseif (hesk_checkPermission('can_assign_self', 0) && hesk_okCategory($tmpvar['category'], 0) && !empty($_POST['assing_to_self'])) {
  192. $tmpvar['owner'] = intval($_SESSION['id']);
  193. }
  194. // Notify customer of the ticket?
  195. $notify = (!empty($_POST['notify']) && !empty($tmpvar['email'])) ? 1 : 0;
  196. // Show ticket after submission?
  197. $show = !empty($_POST['show']) ? 1 : 0;
  198. // Attachments
  199. if ($hesk_settings['attachments']['use']) {
  200. require_once(HESK_PATH . 'inc/attachments.inc.php');
  201. $attachments = array();
  202. $trackingID = $tmpvar['trackid'];
  203. $use_legacy_attachments = hesk_POST('use-legacy-attachments', 0);
  204. if ($use_legacy_attachments) {
  205. for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
  206. $att = hesk_uploadFile($i);
  207. if ($att !== false && !empty($att)) {
  208. $attachments[$i] = $att;
  209. }
  210. }
  211. } else {
  212. // The user used the new drag-and-drop system.
  213. $temp_attachment_ids = hesk_POST_array('attachment-ids');
  214. foreach ($temp_attachment_ids as $temp_attachment_id) {
  215. // Simply get the temp info and move it to the attachments table
  216. $temp_attachment = mfh_getTemporaryAttachment($temp_attachment_id);
  217. $attachments[] = $temp_attachment;
  218. mfh_deleteTemporaryAttachment($temp_attachment_id);
  219. }
  220. }
  221. }
  222. $tmpvar['attachments'] = '';
  223. // If we have any errors lets store info in session to avoid re-typing everything
  224. if (count($hesk_error_buffer) != 0) {
  225. $_SESSION['iserror'] = array_keys($hesk_error_buffer);
  226. $_SESSION['as_name'] = hesk_POST('name');
  227. $_SESSION['as_email'] = hesk_POST('email');
  228. $_SESSION['as_priority'] = $tmpvar['priority'];
  229. $_SESSION['as_subject'] = hesk_POST('subject');
  230. $_SESSION['as_message'] = hesk_POST('message');
  231. $_SESSION['as_owner'] = $tmpvar['owner'];
  232. $_SESSION['as_notify'] = $notify;
  233. $_SESSION['as_show'] = $show;
  234. foreach ($hesk_settings['custom_fields'] as $k => $v) {
  235. if ($v['use'] && ! in_array($v['type'], array('date', 'email'))) {
  236. $_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
  237. }
  238. }
  239. $tmp = '';
  240. foreach ($hesk_error_buffer as $error) {
  241. $tmp .= "<li>$error</li>\n";
  242. }
  243. $hesk_error_buffer = $tmp;
  244. // Remove any successfully uploaded attachments
  245. if ($hesk_settings['attachments']['use']) {
  246. hesk_removeAttachments($attachments);
  247. }
  248. $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
  249. hesk_process_messages($hesk_error_buffer,'new_ticket.php?category='.$tmpvar['category']);
  250. }
  251. if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
  252. foreach ($attachments as $myatt) {
  253. hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
  254. $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . '#' . $myatt['saved_name'] . ',';
  255. }
  256. }
  257. if (!$modsForHesk_settings['rich_text_for_tickets']) {
  258. $tmpvar['message'] = hesk_makeURL($tmpvar['message']);
  259. $tmpvar['message'] = nl2br($tmpvar['message']);
  260. }
  261. // Track who assigned the ticket
  262. if ($tmpvar['owner'] > 0) {
  263. $tmpvar['assignedby'] = !empty($autoassign_owner) ? -1 : $_SESSION['id'];
  264. }
  265. $tmpvar['latitude'] = hesk_POST('latitude', 'E-4');
  266. $tmpvar['longitude'] = hesk_POST('longitude', 'E-4');
  267. $tmpvar['html'] = $modsForHesk_settings['rich_text_for_tickets'];
  268. $tmpvar['due_date'] = hesk_POST('due-date');
  269. // Set user agent and screen res to null
  270. $tmpvar['user_agent'] = NULL;
  271. $tmpvar['screen_resolution_height'] = "NULL";
  272. $tmpvar['screen_resolution_width'] = "NULL";
  273. // Insert ticket to database
  274. $ticket = hesk_newTicket($tmpvar);
  275. mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_created', hesk_date(),
  276. array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'));
  277. if ($autoassign_owner) {
  278. mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_autoassigned', hesk_date(),
  279. array(0 => $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')'));
  280. }
  281. // Notify the customer about the ticket?
  282. if ($notify && $email_available) {
  283. hesk_notifyCustomer($modsForHesk_settings);
  284. }
  285. // If ticket is assigned to someone notify them?
  286. if ($ticket['owner'] && $ticket['owner'] != intval($_SESSION['id'])) {
  287. // If we don't have info from auto-assign get it from database
  288. if (!isset($autoassign_owner['email'])) {
  289. hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you', $modsForHesk_settings);
  290. } else {
  291. hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you', $modsForHesk_settings);
  292. }
  293. } // Ticket unassigned, notify everyone that selected to be notified about unassigned tickets
  294. elseif (!$ticket['owner']) {
  295. hesk_notifyStaff('new_ticket_staff', " `id` != " . intval($_SESSION['id']) . " AND `notify_new_unassigned` = '1' ", $modsForHesk_settings);
  296. }
  297. // Unset temporary variables
  298. unset($tmpvar);
  299. hesk_cleanSessionVars('tmpvar');
  300. hesk_cleanSessionVars('as_name');
  301. hesk_cleanSessionVars('as_email');
  302. hesk_cleanSessionVars('as_category');
  303. hesk_cleanSessionVars('as_priority');
  304. hesk_cleanSessionVars('as_subject');
  305. hesk_cleanSessionVars('as_message');
  306. hesk_cleanSessionVars('as_owner');
  307. hesk_cleanSessionVars('as_notify');
  308. hesk_cleanSessionVars('as_show');
  309. foreach ($hesk_settings['custom_fields'] as $k => $v) {
  310. hesk_cleanSessionVars("as_$k");
  311. }
  312. // If ticket has been assigned to the person submitting it lets show a message saying so
  313. if ($ticket['owner'] && $ticket['owner'] == intval($_SESSION['id'])) {
  314. $hesklang['new_ticket_submitted'] .= '<br />&nbsp;<br />
  315. <span class="glyphicon glyphicon-comment"></span> <b>' . (isset($autoassign_owner) ? $hesklang['taasy'] : $hesklang['tasy']) . '</b>';
  316. }
  317. // Show the ticket or just the success message
  318. if ($show) {
  319. hesk_process_messages($hesklang['new_ticket_submitted'], 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
  320. } else {
  321. hesk_process_messages($hesklang['new_ticket_submitted'] . '. <a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999) . '">' . $hesklang['view_ticket'] . '</a>', 'new_ticket.php', 'SUCCESS');
  322. }