Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

find_tickets.php 12KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285
  1. <?php
  2. /**
  3. *
  4. * This file is part of HESK - PHP Help Desk Software.
  5. *
  6. * (c) Copyright Klemen Stirn. All rights reserved.
  7. * https://www.hesk.com
  8. *
  9. * For the full copyright and license agreement information visit
  10. * https://www.hesk.com/eula.php
  11. *
  12. */
  13. define('IN_SCRIPT', 1);
  14. define('HESK_PATH', '../');
  15. define('PAGE_TITLE', 'ADMIN_HOME');
  16. define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
  17. /* Get all the required files and functions */
  18. require(HESK_PATH . 'hesk_settings.inc.php');
  19. require(HESK_PATH . 'inc/common.inc.php');
  20. require(HESK_PATH . 'inc/admin_functions.inc.php');
  21. require(HESK_PATH . 'inc/status_functions.inc.php');
  22. require(HESK_PATH . 'inc/mail_functions.inc.php');
  23. hesk_load_database_functions();
  24. hesk_session_start();
  25. hesk_dbConnect();
  26. hesk_isLoggedIn();
  27. define('CALENDAR', 1);
  28. $_SESSION['hide']['ticket_list'] = true;
  29. /* Check permissions for this feature */
  30. hesk_checkPermission('can_view_tickets');
  31. $_SERVER['PHP_SELF'] = './admin_main.php';
  32. // Load custom fields
  33. require_once(HESK_PATH . 'inc/custom_fields.inc.php');
  34. /* Print header */
  35. require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
  36. /* Print admin navigation */
  37. require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
  38. // This SQL code will be used to retrieve results
  39. $sql_final = "SELECT
  40. `id`,
  41. `trackid`,
  42. `name`,
  43. `email`,
  44. `category`,
  45. `priority`,
  46. `subject`,
  47. LEFT(`message`, 400) AS `message`,
  48. `dt`,
  49. `lastchange`,
  50. `firstreply`,
  51. `closedat`,
  52. `status`,
  53. `openedby`,
  54. `firstreplyby`,
  55. `closedby`,
  56. `replies`,
  57. `staffreplies`,
  58. `owner`,
  59. `time_worked`,
  60. `lastreplier`,
  61. `replierid`,
  62. `archive`,
  63. `locked`,
  64. `merged`
  65. ";
  66. foreach ($hesk_settings['custom_fields'] as $k => $v) {
  67. if ($v['use']) {
  68. $sql_final .= ", `" . $k . "`";
  69. }
  70. }
  71. $sql_final .= " FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
  72. // This code will be used to count number of results
  73. $sql_count = "SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
  74. // This is common SQL for both queries
  75. $sql = "";
  76. // Some default settings
  77. $archive = array(1 => 0, 2 => 0);
  78. $s_my = array(1 => 1, 2 => 1);
  79. $s_ot = array(1 => 1, 2 => 1);
  80. $s_un = array(1 => 1, 2 => 1);
  81. // --> TICKET CATEGORY
  82. $category = intval(hesk_GET('category', 0));
  83. // Make sure user has access to this category
  84. if ($category && hesk_okCategory($category, 0)) {
  85. $sql .= " `category`='{$category}' ";
  86. } // No category selected, show only allowed categories
  87. else {
  88. $sql .= hesk_myCategories();
  89. }
  90. // Show only tagged tickets?
  91. if (!empty($_GET['archive'])) {
  92. $archive[2] = 1;
  93. $sql .= " AND `archive`='1' ";
  94. }
  95. // Ticket owner preferences
  96. $fid = 2;
  97. require(HESK_PATH . 'inc/assignment_search.inc.php');
  98. $hesk_error_buffer = '';
  99. $no_query = 0;
  100. // Search query
  101. $q = stripslashes(hesk_input(hesk_GET('q', '')));
  102. // No query entered?
  103. if (!strlen($q)) {
  104. $hesk_error_buffer .= $hesklang['fsq'];
  105. $no_query = 1;
  106. }
  107. // What field are we searching in
  108. $what = hesk_GET('what', '') or $hesk_error_buffer .= '<br />' . $hesklang['wsel'];
  109. // Sequential ID supported?
  110. if ($what == 'seqid' && !$hesk_settings['sequential']) {
  111. $what = 'trackid';
  112. }
  113. // Setup SQL based on searching preferences
  114. if (!$no_query) {
  115. $sql .= " AND ";
  116. switch ($what) {
  117. case 'trackid':
  118. $sql .= " ( `trackid` = '" . hesk_dbEscape($q) . "' OR `merged` LIKE '%#" . hesk_dbEscape($q) . "#%' ) ";
  119. break;
  120. case 'name':
  121. $sql .= "`name` LIKE '%".hesk_dbEscape( hesk_dbLike($q) )."%' COLLATE '" . hesk_dbCollate() . "' ";
  122. break;
  123. case 'email':
  124. $sql .= "`email` LIKE '%" . hesk_dbEscape($q) . "%' ";
  125. break;
  126. case 'subject':
  127. $sql .= "`subject` LIKE '%".hesk_dbEscape( hesk_dbLike($q) )."%' COLLATE '" . hesk_dbCollate() . "' ";
  128. break;
  129. case 'message':
  130. $sql .= " ( `message` LIKE '%".hesk_dbEscape( hesk_dbLike($q) )."%' COLLATE '" . hesk_dbCollate() . "'
  131. OR
  132. `id` IN (
  133. SELECT DISTINCT `replyto`
  134. FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies`
  135. WHERE `message` LIKE '%".hesk_dbEscape( hesk_dbLike($q) )."%' COLLATE '" . hesk_dbCollate() . "' )
  136. )
  137. ";
  138. break;
  139. case 'seqid':
  140. $sql .= "`id` = '" . intval($q) . "' ";
  141. break;
  142. case 'notes':
  143. $sql .= "`id` IN (
  144. SELECT DISTINCT `ticket`
  145. FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes`
  146. WHERE `message` LIKE '%".hesk_dbEscape( hesk_dbLike($q) )."%' COLLATE '" . hesk_dbCollate() . "' )
  147. ";
  148. break;
  149. case 'ip':
  150. $sql .= "`ip` LIKE '".preg_replace('/[^0-9\.\%]/', '', $q)."' ";
  151. break;
  152. default:
  153. if (isset($hesk_settings['custom_fields'][$what]) && $hesk_settings['custom_fields'][$what]['use']) {
  154. $sql .= "`" . hesk_dbEscape($what) . "` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "' ";
  155. } else {
  156. $hesk_error_buffer .= '<br />' . $hesklang['invalid_search'];
  157. }
  158. }
  159. }
  160. // Owner
  161. if ($tmp = intval(hesk_GET('owner', 0))) {
  162. $sql .= " AND `owner`={$tmp} ";
  163. $owner_input = $tmp;
  164. $hesk_error_buffer = str_replace($hesklang['fsq'], '', $hesk_error_buffer);
  165. } else {
  166. $owner_input = 0;
  167. }
  168. /* Date */
  169. /* -> Now process the date value */
  170. $dt = preg_replace('/[^0-9]/', '', hesk_GET('dt'));
  171. if (strlen($dt) == 8) {
  172. $date = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
  173. $date_input = $date;
  174. /* This search is valid even if no query is entered */
  175. if ($no_query) {
  176. $hesk_error_buffer = str_replace($hesklang['fsq'], '', $hesk_error_buffer);
  177. }
  178. $sql .= " AND `dt` BETWEEN '{$date} 00:00:00' AND '{$date} 23:59:59' ";
  179. } else {
  180. $date = '';
  181. $date_input = '';
  182. }
  183. /* Any errors? */
  184. if (strlen($hesk_error_buffer)) {
  185. hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
  186. }
  187. # echo "$sql<br/>";
  188. // That's all the SQL we need for count
  189. $sql_count .= $sql;
  190. $sql = $sql_final . $sql;
  191. // Strip extra slashes
  192. $q = stripslashes($q);
  193. /* Prepare variables used in search and forms */
  194. require_once(HESK_PATH . 'inc/prepare_ticket_search.inc.php');
  195. ?>
  196. <div class="content-wrapper">
  197. <section class="content">
  198. <div class="box">
  199. <div class="box-header with-border">
  200. <h1 class="box-title">
  201. <?php echo $hesklang['tickets']; ?>
  202. </h1>
  203. <div class="box-tools pull-right">
  204. <button type="button" class="btn btn-box-tool" data-widget="collapse">
  205. <i class="fa fa-minus"></i>
  206. </button>
  207. </div>
  208. </div>
  209. <div class="box-body">
  210. <?php $handle = hesk_handle_messages(); ?>
  211. <div class="row">
  212. <div class="col-xs-6 text-left">
  213. <div class="checkbox">
  214. <label>
  215. <input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
  216. <?php echo $hesklang['arp']; ?>
  217. <span id="timer"></span>
  218. </label>
  219. </div>
  220. <script type="text/javascript">heskCheckReloading();</script>
  221. </div>
  222. <div class="col-xs-6 text-right">
  223. <a href="new_ticket.php" class="btn btn-success">
  224. <span class="glyphicon glyphicon-plus-sign"></span>
  225. <?php echo $hesklang['nti']; ?>
  226. </a>
  227. </div>
  228. </div>
  229. <?php
  230. if ($handle !== FALSE) {
  231. $href = 'find_tickets.php';
  232. require_once(HESK_PATH . 'inc/ticket_list.inc.php');
  233. echo '<br>';
  234. }
  235. /* Clean unneeded session variables */
  236. hesk_cleanSessionVars('hide');
  237. /* Show the search form */
  238. require_once(HESK_PATH . 'inc/show_search_form.inc.php');
  239. ?>
  240. </div>
  241. </div>
  242. </section>
  243. </div>
  244. <?php
  245. /* Print footer */
  246. require_once(HESK_PATH . 'inc/footer.inc.php');
  247. exit();