Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

delete_tickets.php 22KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599
  1. <?php
  2. /**
  3. *
  4. * This file is part of HESK - PHP Help Desk Software.
  5. *
  6. * (c) Copyright Klemen Stirn. All rights reserved.
  7. * https://www.hesk.com
  8. *
  9. * For the full copyright and license agreement information visit
  10. * https://www.hesk.com/eula.php
  11. *
  12. */
  13. define('IN_SCRIPT', 1);
  14. define('HESK_PATH', '../');
  15. /* Get all the required files and functions */
  16. require(HESK_PATH . 'hesk_settings.inc.php');
  17. require(HESK_PATH . 'inc/common.inc.php');
  18. require(HESK_PATH . 'inc/admin_functions.inc.php');
  19. hesk_load_database_functions();
  20. hesk_session_start();
  21. hesk_dbConnect();
  22. hesk_isLoggedIn();
  23. $modsForHesk_settings = mfh_getSettings();
  24. /* Set correct return URL */
  25. if (isset($_SERVER['HTTP_REFERER'])) {
  26. $url = hesk_input($_SERVER['HTTP_REFERER']);
  27. $url = str_replace('&amp;', '&', $url);
  28. if ($tmp = strstr($url, 'show_tickets.php')) {
  29. $referer = $tmp;
  30. } elseif ($tmp = strstr($url, 'find_tickets.php')) {
  31. $referer = $tmp;
  32. } elseif ($tmp = strstr($url, 'admin_main.php')) {
  33. $referer = $tmp;
  34. } else {
  35. $referer = 'admin_main.php';
  36. }
  37. } else {
  38. $referer = 'admin_main.php';
  39. }
  40. /* Is this a delete ticket request from within a ticket ("delete" icon)? */
  41. if (isset($_GET['delete_ticket'])) {
  42. /* Check permissions for this feature */
  43. hesk_checkPermission('can_del_tickets');
  44. /* A security check */
  45. hesk_token_check();
  46. // Tracking ID
  47. $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
  48. /* Get ticket info */
  49. $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
  50. if (hesk_dbNumRows($result) != 1) {
  51. hesk_error($hesklang['ticket_not_found']);
  52. }
  53. $ticket = hesk_dbFetchAssoc($result);
  54. /* Is this user allowed to delete tickets inside this category? */
  55. hesk_okCategory($ticket['category']);
  56. hesk_fullyDeleteTicket();
  57. hesk_process_messages(sprintf($hesklang['num_tickets_deleted'], 1), $referer, 'SUCCESS');
  58. }
  59. /* This is a request from ticket list. Must be POST and id must be an array */
  60. if (!isset($_POST['id']) || !is_array($_POST['id'])) {
  61. hesk_process_messages($hesklang['no_selected'], $referer, 'NOTICE');
  62. } /* If not, then needs an action (a) POST variable set */
  63. elseif (!isset($_POST['a'])) {
  64. hesk_process_messages($hesklang['invalid_action'], $referer);
  65. }
  66. $i = 0;
  67. // Possible priorities
  68. $priorities = array(
  69. 'critical' => array('value' => 0, 'lang' => 'critical', 'text' => $hesklang['critical'], 'formatted' => '<font class="critical">' . $hesklang['critical'] . '</font>'),
  70. 'high' => array('value' => 1, 'lang' => 'high', 'text' => $hesklang['high'], 'formatted' => '<font class="important">' . $hesklang['high'] . '</font>'),
  71. 'medium' => array('value' => 2, 'lang' => 'medium', 'text' => $hesklang['medium'], 'formatted' => '<font class="medium">' . $hesklang['medium'] . '</font>'),
  72. 'low' => array('value' => 3, 'lang' => 'low', 'text' => $hesklang['low'], 'formatted' => $hesklang['low']),
  73. );
  74. // Assign tickets to
  75. if ( isset($_POST['assign']) && $_POST['assign'] == $hesklang['assi']) {
  76. if ( ! isset($_POST['owner']) || $_POST['owner'] == '') {
  77. hesk_process_messages($hesklang['assign_no'], $referer, 'NOTICE');
  78. }
  79. $end_message = array();
  80. $num_assigned = 0;
  81. // Permissions
  82. $can_assign_others = hesk_checkPermission('can_assign_others',0);
  83. if ($can_assign_others) {
  84. $can_assign_self = true;
  85. } else {
  86. $can_assign_self = hesk_checkPermission('can_assign_self',0);
  87. }
  88. $owner = intval( hesk_POST('owner') );
  89. if ($owner == -1) {
  90. foreach ($_POST['id'] as $this_id) {
  91. if (is_array($this_id)) {
  92. continue;
  93. }
  94. $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
  95. $res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0, `assignedby`=NULL WHERE `id`={$this_id} LIMIT 1");
  96. mfh_insert_audit_trail_record($this_id, 'TICKET', 'audit_unassigned', hesk_date(), array(0 => $_SESSION['name'].' ('.$_SESSION['user'].')'));
  97. $end_message[] = sprintf($hesklang['assign_2'], $this_id);
  98. $i++;
  99. }
  100. hesk_process_messages($hesklang['assign_1'],$referer,'SUCCESS');
  101. }
  102. $res = hesk_dbQuery("SELECT `id`,`user`,`name`,`email`,`isadmin`,`categories`,`notify_assigned` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$owner}' LIMIT 1");
  103. $owner_data = hesk_dbFetchAssoc($res);
  104. if (!$owner_data['isadmin']) {
  105. $owner_data['categories']=explode(',',$owner_data['categories']);
  106. }
  107. require(HESK_PATH . 'inc/email_functions.inc.php');
  108. foreach ($_POST['id'] as $this_id) {
  109. if (is_array($this_id)) {
  110. continue;
  111. }
  112. $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
  113. $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`={$this_id} LIMIT 1");
  114. if (hesk_dbNumRows($result) != 1) {
  115. continue;
  116. }
  117. $ticket = hesk_dbFetchAssoc($result);
  118. if ($ticket['owner'] == $owner) {
  119. $end_message[] = sprintf($hesklang['assign_3'], $ticket['trackid'], $owner_data['name']);
  120. $i++;
  121. continue;
  122. }
  123. if ($owner_data['isadmin'] || in_array($ticket['category'],$owner_data['categories'])) {
  124. hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`={$owner}, `assignedby`=".intval($_SESSION['id'])." WHERE `id`={$this_id} LIMIT 1");
  125. mfh_insert_audit_trail_record($this_id, 'TICKET', 'audit_assigned', hesk_date(), array(0 => $_SESSION['name'].' ('.$_SESSION['user'].')',
  126. 1 => $owner_data['name'].' ('.$owner_data['user'].')'));
  127. $end_message[] = sprintf($hesklang['assign_4'], $ticket['trackid'], $owner_data['name']);
  128. $num_assigned++;
  129. $ticket['owner'] = $owner;
  130. /* --> Prepare message */
  131. // 1. Generate the array with ticket info that can be used in emails
  132. $info = array(
  133. 'email' => $ticket['email'],
  134. 'category' => $ticket['category'],
  135. 'priority' => $ticket['priority'],
  136. 'owner' => $ticket['owner'],
  137. 'trackid' => $ticket['trackid'],
  138. 'status' => $ticket['status'],
  139. 'name' => $ticket['name'],
  140. 'subject' => $ticket['subject'],
  141. 'message' => $ticket['message'],
  142. 'attachments' => $ticket['attachments'],
  143. 'dt' => hesk_date($ticket['dt'], true),
  144. 'lastchange' => hesk_date($ticket['lastchange'], true),
  145. 'id' => $ticket['id'],
  146. 'time_worked' => $ticket['time_worked'],
  147. 'last_reply_by' => hesk_getReplierName($ticket),
  148. );
  149. // 2. Add custom fields to the array
  150. foreach ($hesk_settings['custom_fields'] as $k => $v) {
  151. $info[$k] = $v['use'] ? $ticket[$k] : '';
  152. }
  153. // 3. Make sure all values are properly formatted for email
  154. $ticket = hesk_ticketToPlain($info, 1, 0);
  155. /* Notify the new owner? */
  156. if ($ticket['owner'] != intval($_SESSION['id'])) {
  157. hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you', $modsForHesk_settings);
  158. }
  159. } else {
  160. $end_message[] = sprintf($hesklang['assign_5'], $ticket['trackid'], $owner_data['name']);
  161. }
  162. $i++;
  163. }
  164. hesk_process_messages(sprintf($hesklang['assign_log'], $num_assigned, ($i - $num_assigned), implode("\n", $end_message)),$referer,($num_assigned == 0) ? 'ERROR' : ($num_assigned < $i ? 'NOTICE' : 'SUCCESS'));
  165. }
  166. // Change priority
  167. if (array_key_exists($_POST['a'], $priorities)) {
  168. // A security check
  169. hesk_token_check('POST');
  170. // Priority info
  171. $priority = $priorities[$_POST['a']];
  172. foreach ($_POST['id'] as $this_id) {
  173. if (is_array($this_id)) {
  174. continue;
  175. }
  176. $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
  177. $result = hesk_dbQuery("SELECT `priority`, `category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`={$this_id} LIMIT 1");
  178. if (hesk_dbNumRows($result) != 1) {
  179. continue;
  180. }
  181. $ticket = hesk_dbFetchAssoc($result);
  182. if ($ticket['priority'] == $priority['value']) {
  183. continue;
  184. }
  185. hesk_okCategory($ticket['category']);
  186. hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}' WHERE `id`={$this_id}");
  187. mfh_insert_audit_trail_record($this_id, 'TICKET', 'audit_priority', hesk_date(),
  188. array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
  189. 1 => $priority['lang']));
  190. $i++;
  191. }
  192. hesk_process_messages($hesklang['pri_set_to'] . ' ' . $priority['formatted'], $referer, 'SUCCESS');
  193. } /* DELETE */
  194. elseif ($_POST['a'] == 'delete') {
  195. /* Check permissions for this feature */
  196. hesk_checkPermission('can_del_tickets');
  197. /* A security check */
  198. hesk_token_check('POST');
  199. // Will we need ticket notifications?
  200. if ($hesk_settings['notify_closed']) {
  201. require(HESK_PATH . 'inc/email_functions.inc.php');
  202. }
  203. foreach ($_POST['id'] as $this_id) {
  204. if (is_array($this_id)) {
  205. continue;
  206. }
  207. $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
  208. $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($this_id) . "' LIMIT 1");
  209. if (hesk_dbNumRows($result) != 1) {
  210. continue;
  211. }
  212. $ticket = hesk_dbFetchAssoc($result);
  213. hesk_okCategory($ticket['category']);
  214. hesk_fullyDeleteTicket();
  215. $i++;
  216. }
  217. hesk_process_messages(sprintf($hesklang['num_tickets_deleted'], $i), $referer, 'SUCCESS');
  218. } /* MERGE TICKETS */
  219. elseif ($_POST['a'] == 'merge') {
  220. /* Check permissions for this feature */
  221. hesk_checkPermission('can_merge_tickets');
  222. /* A security check */
  223. hesk_token_check('POST');
  224. /* Sort IDs, tickets will be merged to the lowest ID */
  225. sort($_POST['id'], SORT_NUMERIC);
  226. /* Select lowest ID as the target ticket */
  227. $merge_into = array_shift($_POST['id']);
  228. /* Merge tickets or throw an error */
  229. if (hesk_mergeTickets($_POST['id'], $merge_into)) {
  230. hesk_process_messages($hesklang['merged'], $referer, 'SUCCESS');
  231. } else {
  232. $hesklang['merge_err'] .= ' ' . $_SESSION['error'];
  233. hesk_cleanSessionVars($_SESSION['error']);
  234. hesk_process_messages($hesklang['merge_err'], $referer);
  235. }
  236. } /* TAG/UNTAG TICKETS */
  237. elseif ($_POST['a'] == 'tag' || $_POST['a'] == 'untag') {
  238. /* Check permissions for this feature */
  239. hesk_checkPermission('can_add_archive');
  240. /* A security check */
  241. hesk_token_check('POST');
  242. if ($_POST['a'] == 'tag') {
  243. $archived = 1;
  244. $action = $hesklang['num_tickets_tag'];
  245. } else {
  246. $archived = 0;
  247. $action = $hesklang['num_tickets_untag'];
  248. }
  249. foreach ($_POST['id'] as $this_id) {
  250. if (is_array($this_id)) {
  251. continue;
  252. }
  253. $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
  254. $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($this_id) . "' LIMIT 1");
  255. if (hesk_dbNumRows($result) != 1) {
  256. continue;
  257. }
  258. $ticket = hesk_dbFetchAssoc($result);
  259. hesk_okCategory($ticket['category']);
  260. hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `archive`='$archived' WHERE `id`='" . intval($this_id) . "'");
  261. $i++;
  262. }
  263. hesk_process_messages(sprintf($action, $i), $referer, 'SUCCESS');
  264. }
  265. /* EXPORT */
  266. elseif ($_POST['a']=='export') {
  267. /* Check permissions for this feature */
  268. hesk_checkPermission('can_export');
  269. /* A security check */
  270. hesk_token_check('POST');
  271. $ids_to_export = array();
  272. foreach ($_POST['id'] as $this_id) {
  273. if ( is_array($this_id) ) {
  274. continue;
  275. }
  276. $ids_to_export[] = intval($this_id) or hesk_error($hesklang['id_not_valid']);
  277. $i++;
  278. }
  279. if ($i < 1) {
  280. hesk_process_messages($hesklang['no_selected'], $referer, 'NOTICE');
  281. }
  282. // Start SQL statement for selecting tickets
  283. $sql = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id` IN (".implode(',', $ids_to_export).") ";
  284. $sql .= " AND " . hesk_myCategories();
  285. $sql .= " AND " . hesk_myOwnership();
  286. require_once(HESK_PATH . 'inc/custom_fields.inc.php');
  287. require(HESK_PATH . 'inc/export_functions.inc.php');
  288. list($success_msg, $tickets_exported) = hesk_export_to_XML($sql, true);
  289. if ($tickets_exported > 0) {
  290. hesk_process_messages($success_msg,$referer,'SUCCESS');
  291. } else {
  292. hesk_process_messages($hesklang['n2ex'],$referer,'NOTICE');
  293. }
  294. }
  295. /* ANONYMIZE */
  296. elseif ($_POST['a']=='anonymize') {
  297. /* Check permissions for this feature */
  298. hesk_checkPermission('can_privacy');
  299. /* A security check */
  300. hesk_token_check('POST');
  301. require(HESK_PATH . 'inc/privacy_functions.inc.php');
  302. foreach ($_POST['id'] as $this_id) {
  303. if (is_array($this_id)) {
  304. continue;
  305. }
  306. $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
  307. $result = hesk_dbQuery("SELECT `id`,`trackid`,`name`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' AND ".hesk_myOwnership()." LIMIT 1");
  308. if (hesk_dbNumRows($result) != 1) {
  309. continue;
  310. }
  311. $ticket = hesk_dbFetchAssoc($result);
  312. hesk_okCategory($ticket['category']);
  313. hesk_anonymizeTicket(null, null, true);
  314. $i++;
  315. }
  316. hesk_process_messages(sprintf($hesklang['num_tickets_anon'],$i),$referer,'SUCCESS');
  317. }
  318. /* PRINT */
  319. elseif ($_POST['a']=='print') {
  320. /* Check permissions for this feature */
  321. hesk_checkPermission('can_view_tickets');
  322. /* A security check */
  323. hesk_token_check('POST');
  324. // Load custom fields
  325. require_once(HESK_PATH . 'inc/custom_fields.inc.php');
  326. // List of staff
  327. if (!isset($admins)) {
  328. $admins = array();
  329. $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `id` ASC");
  330. while ($row=hesk_dbFetchAssoc($res2)) {
  331. $admins[$row['id']]=$row['name'];
  332. }
  333. }
  334. // List of categories
  335. $hesk_settings['categories'] = array();
  336. $res2 = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` WHERE ' . hesk_myCategories('id') . ' ORDER BY `cat_order` ASC');
  337. while ($row=hesk_dbFetchAssoc($res2)) {
  338. $hesk_settings['categories'][$row['id']] = $row['name'];
  339. }
  340. // Print page head
  341. header('Content-Type: text/html; charset=utf-8');
  342. ?>
  343. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
  344. <html>
  345. <head>
  346. <title><?php echo $hesk_settings['hesk_title']; ?></title>
  347. <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $hesklang['ENCODING']; ?>">
  348. <style type="text/css">
  349. body, table, td, p {
  350. color : black;
  351. font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
  352. font-size : <?php echo $hesk_settings['print_font_size']; ?>px;
  353. }
  354. table {
  355. border-collapse:collapse;
  356. }
  357. hr {
  358. border: 0;
  359. color: #9e9e9e;
  360. background-color: #9e9e9e;
  361. height: 1px;
  362. width: 100%;
  363. text-align: left;
  364. }
  365. </style>
  366. </head>
  367. <body onload="window.print()">
  368. <?php
  369. // Loop through ticket IDs and print them
  370. foreach ($_POST['id'] as $this_id) {
  371. if (is_array($this_id)) {
  372. continue;
  373. }
  374. $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
  375. $result = hesk_dbQuery("SELECT `t1`.* , `ticketStatus`.`IsClosed` AS `isClosed`, `ticketStatus`.`Key` AS `statusKey`, `t2`.name AS `repliername`
  376. FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id`
  377. INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` AS `ticketStatus` ON `t1`.`status` = `ticketStatus`.`ID`
  378. WHERE `t1`.`id`='{$this_id}' LIMIT 1");
  379. if (hesk_dbNumRows($result) != 1) {
  380. continue;
  381. }
  382. $ticket = hesk_dbFetchAssoc($result);
  383. // Check that we have proper permissions to view this ticket
  384. hesk_okCategory($ticket['category']);
  385. $can_view_ass_by = hesk_checkPermission('can_view_ass_by', 0);
  386. $can_view_unassigned = hesk_checkPermission('can_view_unassigned',0);
  387. if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'] && ! hesk_checkPermission('can_view_ass_others',0)) {
  388. // Maybe this user is allowed to view tickets he/she assigned?
  389. if ( ! $can_view_ass_by || $ticket['assignedby'] != $_SESSION['id']) {
  390. hesk_error($hesklang['ycvtao']);
  391. }
  392. }
  393. if (!$ticket['owner'] && ! $can_view_unassigned) {
  394. hesk_error($hesklang['ycovtay']);
  395. }
  396. // All good, continue...
  397. $category['name'] = isset($hesk_settings['categories'][$ticket['category']]) ? $hesk_settings['categories'][$ticket['category']] : $hesklang['catd'];
  398. // Get replies
  399. $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='{$ticket['id']}' ORDER BY `id` ASC");
  400. $replies = hesk_dbNumRows($res);
  401. // Print ticket
  402. require(HESK_PATH . 'inc/print_template.inc.php');
  403. flush();
  404. }
  405. ?>
  406. </body>
  407. </html>
  408. <?php
  409. exit();
  410. }
  411. /* JUST CLOSE */
  412. else {
  413. /* Check permissions for this feature */
  414. hesk_checkPermission('can_view_tickets');
  415. hesk_checkPermission('can_reply_tickets');
  416. hesk_checkPermission('can_resolve');
  417. /* A security check */
  418. hesk_token_check('POST');
  419. require(HESK_PATH . 'inc/email_functions.inc.php');
  420. foreach ($_POST['id'] as $this_id) {
  421. if (is_array($this_id)) {
  422. continue;
  423. }
  424. $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
  425. $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($this_id) . "' LIMIT 1");
  426. $ticket = hesk_dbFetchAssoc($result);
  427. hesk_okCategory($ticket['category']);
  428. $closedStatusRS = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsStaffClosedOption` = 1");
  429. $closedStatus = hesk_dbFetchAssoc($closedStatusRS);
  430. hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . " WHERE `id`='" . intval($this_id) . "'");
  431. mfh_insert_audit_trail_record($this_id, 'TICKET', 'audit_closed', hesk_date(),
  432. array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'));
  433. $i++;
  434. // Notify customer of closed ticket?
  435. if ($hesk_settings['notify_closed']) {
  436. $ticket['dt'] = hesk_date($ticket['dt'], true);
  437. $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
  438. $ticket = hesk_ticketToPlain($ticket, 1, 0);
  439. hesk_notifyCustomer($modsForHesk_settings, 'ticket_closed');
  440. }
  441. }
  442. hesk_process_messages(sprintf($hesklang['num_tickets_closed'], $i), $referer, 'SUCCESS');
  443. }
  444. /*** START FUNCTIONS ***/
  445. function hesk_fullyDeleteTicket()
  446. {
  447. global $hesk_settings, $hesklang, $ticket;
  448. /* Delete attachment files */
  449. $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
  450. if (hesk_dbNumRows($res)) {
  451. $hesk_settings['server_path'] = dirname(dirname(__FILE__));
  452. while ($file = hesk_dbFetchAssoc($res)) {
  453. hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
  454. }
  455. }
  456. /* Delete attachments info from the database */
  457. hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
  458. /* Delete the ticket */
  459. hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($ticket['id']) . "'");
  460. /* Delete replies to the ticket */
  461. hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "'");
  462. /* Delete ticket notes */
  463. hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `ticket`='" . intval($ticket['id']) . "'");
  464. /* Delete audit trail records */
  465. hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "audit_trail_to_replacement_values`
  466. WHERE `audit_trail_id` IN (
  467. SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "audit_trail`
  468. WHERE `entity_type` = 'TICKET' AND `entity_id` = " . intval($ticket['id']) . ")");
  469. hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "audit_trail` WHERE `entity_type`='TICKET'
  470. AND `entity_id` = " . intval($ticket['id']));
  471. /* Delete ticket reply drafts */
  472. hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `ticket`=" . intval($ticket['id']));
  473. return true;
  474. }
  475. ?>