Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

admin_submit_ticket.php 14KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363
  1. <?php
  2. /**
  3. *
  4. * This file is part of HESK - PHP Help Desk Software.
  5. *
  6. * (c) Copyright Klemen Stirn. All rights reserved.
  7. * https://www.hesk.com
  8. *
  9. * For the full copyright and license agreement information visit
  10. * https://www.hesk.com/eula.php
  11. *
  12. */
  13. define('IN_SCRIPT', 1);
  14. define('HESK_PATH', '../');
  15. // Get all the required files and functions
  16. require(HESK_PATH . 'hesk_settings.inc.php');
  17. require(HESK_PATH . 'inc/common.inc.php');
  18. require(HESK_PATH . 'inc/admin_functions.inc.php');
  19. hesk_load_database_functions();
  20. require(HESK_PATH . 'inc/email_functions.inc.php');
  21. require(HESK_PATH . 'inc/htmLawed.php');
  22. require(HESK_PATH . 'inc/posting_functions.inc.php');
  23. hesk_session_start();
  24. hesk_dbConnect();
  25. hesk_isLoggedIn();
  26. $modsForHesk_settings = mfh_getSettings();
  27. // We only allow POST requests from the HESK form to this file
  28. if ($_SERVER['REQUEST_METHOD'] != 'POST') {
  29. header('Location: admin_main.php');
  30. exit();
  31. }
  32. // Check for POST requests larger than what the server can handle
  33. if (empty($_POST) && !empty($_SERVER['CONTENT_LENGTH'])) {
  34. hesk_error($hesklang['maxpost']);
  35. }
  36. $hesk_error_buffer = array();
  37. if ($hesk_settings['can_sel_lang']) {
  38. $tmpvar['language'] = hesk_POST('customerLanguage');
  39. }
  40. $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
  41. $email_available = true;
  42. if ($hesk_settings['require_email']) {
  43. $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
  44. } else {
  45. $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
  46. // Not required, but must be valid if it is entered
  47. if ($tmpvar['email'] == '') {
  48. $email_available = false;
  49. if (strlen(hesk_POST('email'))) {
  50. $hesk_error_buffer['email'] = $hesklang['not_valid_email'];
  51. }
  52. }
  53. }
  54. if ($hesk_settings['multi_eml']) {
  55. $tmpvar['email'] = str_replace(';',',', $tmpvar['email']);
  56. }
  57. $tmpvar['category'] = intval(hesk_POST('category')) or $hesk_error_buffer['category'] = $hesklang['sel_app_cat'];
  58. $tmpvar['priority'] = hesk_POST('priority');
  59. $tmpvar['priority'] = strlen($tmpvar['priority']) ? intval($tmpvar['priority']) : -1;
  60. if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3) {
  61. // If we are showing "Click to select" priority needs to be selected
  62. if ($hesk_settings['select_pri']) {
  63. $tmpvar['priority'] = -1;
  64. $hesk_error_buffer['priority'] = $hesklang['select_priority'];
  65. } else {
  66. $tmpvar['priority'] = 3;
  67. }
  68. }
  69. $tmpvar['subject'] = hesk_input( hesk_POST('subject') );
  70. if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
  71. $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
  72. }
  73. $tmpvar['message'] = hesk_input( hesk_POST('message') );
  74. if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
  75. $hesk_error_buffer['message'] = $hesklang['enter_message'];
  76. }
  77. // Is category a valid choice?
  78. if ($tmpvar['category']) {
  79. if ( ! hesk_checkPermission('can_submit_any_cat', 0) && ! hesk_okCategory($tmpvar['category'], 0) ) {
  80. hesk_process_messages($hesklang['noauth_submit'],'new_ticket.php');
  81. }
  82. hesk_verifyCategory(1);
  83. // Is auto-assign of tickets disabled in this category?
  84. if (empty($hesk_settings['category_data'][$tmpvar['category']]['autoassign'])) {
  85. $hesk_settings['autoassign'] = false;
  86. }
  87. }
  88. // Custom fields
  89. foreach ($hesk_settings['custom_fields'] as $k=>$v) {
  90. if ($v['use'] && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
  91. if ($v['type'] == 'checkbox') {
  92. $tmpvar[$k]='';
  93. if (isset($_POST[$k]) && is_array($_POST[$k])) {
  94. foreach ($_POST[$k] as $myCB) {
  95. $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';;
  96. }
  97. $tmpvar[$k]=substr($tmpvar[$k],0,-6);
  98. } else {
  99. if ($v['req'] == 2) {
  100. $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
  101. }
  102. $_POST[$k] = '';
  103. }
  104. } elseif ($v['type'] == 'date') {
  105. $tmpvar[$k] = hesk_POST($k);
  106. $_SESSION["as_$k"] = '';
  107. if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
  108. $date = strtotime($tmpvar[$k] . ' t00:00:00 UTC');
  109. $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00 UTC') : false;
  110. $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00 UTC') : false;
  111. $_SESSION["as_$k"] = $tmpvar[$k];
  112. if ($dmin && $dmin > $date) {
  113. $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
  114. } elseif ($dmax && $dmax < $date) {
  115. $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
  116. } else {
  117. $tmpvar[$k] = $date;
  118. }
  119. } else {
  120. $tmpvar[$k] = '';
  121. if ($v['req'] == 2) {
  122. $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
  123. }
  124. }
  125. } elseif ($v['type'] == 'email')
  126. {
  127. $tmp = $hesk_settings['multi_eml'];
  128. $hesk_settings['multi_eml'] = $v['value']['multiple'];
  129. $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
  130. $hesk_settings['multi_eml'] = $tmp;
  131. if ($tmpvar[$k] != '') {
  132. $_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
  133. } else {
  134. $_SESSION["as_$k"] = '';
  135. if ($v['req'] == 2) {
  136. $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
  137. }
  138. }
  139. } elseif ($v['req'] == 2) {
  140. $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
  141. if ($tmpvar[$k] == '') {
  142. $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
  143. }
  144. } else {
  145. $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
  146. }
  147. } else {
  148. $tmpvar[$k] = '';
  149. }
  150. }
  151. // Generate tracking ID
  152. $tmpvar['trackid'] = hesk_createID();
  153. // Log who submitted ticket
  154. $tmpvar['history'] = sprintf($hesklang['thist7'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
  155. $tmpvar['openedby'] = $_SESSION['id'];
  156. // Owner
  157. $tmpvar['owner'] = 0;
  158. if (hesk_checkPermission('can_assign_others', 0)) {
  159. $tmpvar['owner'] = intval(hesk_POST('owner'));
  160. // If ID is -1 the ticket will be unassigned
  161. if ($tmpvar['owner'] == -1) {
  162. $tmpvar['owner'] = 0;
  163. } // Automatically assign owner?
  164. elseif ($tmpvar['owner'] == -2 && $hesk_settings['autoassign'] == 1) {
  165. $autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
  166. if ($autoassign_owner) {
  167. $tmpvar['owner'] = intval($autoassign_owner['id']);
  168. $tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
  169. } else {
  170. $tmpvar['owner'] = 0;
  171. }
  172. } // Check for invalid owner values
  173. elseif ($tmpvar['owner'] < 1) {
  174. $tmpvar['owner'] = 0;
  175. } else {
  176. // Has the new owner access to the selected category?
  177. $res = hesk_dbQuery("SELECT `name`,`isadmin`,`categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='{$tmpvar['owner']}' LIMIT 1");
  178. if (hesk_dbNumRows($res) == 1) {
  179. $row = hesk_dbFetchAssoc($res);
  180. if (!$row['isadmin']) {
  181. $row['categories'] = explode(',', $row['categories']);
  182. if (!in_array($tmpvar['category'], $row['categories'])) {
  183. $_SESSION['isnotice'][] = 'category';
  184. $hesk_error_buffer['owner'] = $hesklang['onasc'];
  185. }
  186. }
  187. } else {
  188. $_SESSION['isnotice'][] = 'category';
  189. $hesk_error_buffer['owner'] = $hesklang['onasc'];
  190. }
  191. }
  192. } elseif (hesk_checkPermission('can_assign_self', 0) && hesk_okCategory($tmpvar['category'], 0) && !empty($_POST['assing_to_self'])) {
  193. $tmpvar['owner'] = intval($_SESSION['id']);
  194. }
  195. // Notify customer of the ticket?
  196. $notify = (!empty($_POST['notify']) && !empty($tmpvar['email'])) ? 1 : 0;
  197. // Show ticket after submission?
  198. $show = !empty($_POST['show']) ? 1 : 0;
  199. // Attachments
  200. if ($hesk_settings['attachments']['use']) {
  201. require_once(HESK_PATH . 'inc/attachments.inc.php');
  202. $attachments = array();
  203. $trackingID = $tmpvar['trackid'];
  204. $use_legacy_attachments = hesk_POST('use-legacy-attachments', 0);
  205. if ($use_legacy_attachments) {
  206. for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) {
  207. $att = hesk_uploadFile($i);
  208. if ($att !== false && !empty($att)) {
  209. $attachments[$i] = $att;
  210. }
  211. }
  212. } else {
  213. // The user used the new drag-and-drop system.
  214. $temp_attachment_ids = hesk_POST_array('attachment-ids');
  215. foreach ($temp_attachment_ids as $temp_attachment_id) {
  216. // Simply get the temp info and move it to the attachments table
  217. $temp_attachment = mfh_getTemporaryAttachment($temp_attachment_id);
  218. $attachments[] = $temp_attachment;
  219. mfh_deleteTemporaryAttachment($temp_attachment_id);
  220. }
  221. }
  222. }
  223. $tmpvar['attachments'] = '';
  224. // If we have any errors lets store info in session to avoid re-typing everything
  225. if (count($hesk_error_buffer) != 0) {
  226. $_SESSION['iserror'] = array_keys($hesk_error_buffer);
  227. $_SESSION['as_name'] = hesk_POST('name');
  228. $_SESSION['as_email'] = hesk_POST('email');
  229. $_SESSION['as_priority'] = $tmpvar['priority'];
  230. $_SESSION['as_subject'] = hesk_POST('subject');
  231. $_SESSION['as_message'] = hesk_POST('message');
  232. $_SESSION['as_owner'] = $tmpvar['owner'];
  233. $_SESSION['as_notify'] = $notify;
  234. $_SESSION['as_show'] = $show;
  235. foreach ($hesk_settings['custom_fields'] as $k => $v) {
  236. if ($v['use'] && ! in_array($v['type'], array('date', 'email'))) {
  237. $_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
  238. }
  239. }
  240. $tmp = '';
  241. foreach ($hesk_error_buffer as $error) {
  242. $tmp .= "<li>$error</li>\n";
  243. }
  244. $hesk_error_buffer = $tmp;
  245. // Remove any successfully uploaded attachments
  246. if ($hesk_settings['attachments']['use']) {
  247. hesk_removeAttachments($attachments);
  248. }
  249. $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
  250. hesk_process_messages($hesk_error_buffer,'new_ticket.php?category='.$tmpvar['category']);
  251. }
  252. if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
  253. foreach ($attachments as $myatt) {
  254. hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('" . hesk_dbEscape($tmpvar['trackid']) . "','" . hesk_dbEscape($myatt['saved_name']) . "','" . hesk_dbEscape($myatt['real_name']) . "','" . intval($myatt['size']) . "')");
  255. $tmpvar['attachments'] .= hesk_dbInsertID() . '#' . $myatt['real_name'] . '#' . $myatt['saved_name'] . ',';
  256. }
  257. }
  258. if (!$modsForHesk_settings['rich_text_for_tickets']) {
  259. $tmpvar['message'] = hesk_makeURL($tmpvar['message']);
  260. $tmpvar['message'] = nl2br($tmpvar['message']);
  261. }
  262. $tmpvar['latitude'] = hesk_POST('latitude', 'E-4');
  263. $tmpvar['longitude'] = hesk_POST('longitude', 'E-4');
  264. $tmpvar['html'] = $modsForHesk_settings['rich_text_for_tickets'];
  265. $tmpvar['due_date'] = hesk_POST('due-date');
  266. // Set user agent and screen res to null
  267. $tmpvar['user_agent'] = NULL;
  268. $tmpvar['screen_resolution_height'] = "NULL";
  269. $tmpvar['screen_resolution_width'] = "NULL";
  270. // Insert ticket to database
  271. $ticket = hesk_newTicket($tmpvar);
  272. // Notify the customer about the ticket?
  273. if ($notify && $email_available) {
  274. hesk_notifyCustomer($modsForHesk_settings);
  275. }
  276. // If ticket is assigned to someone notify them?
  277. if ($ticket['owner'] && $ticket['owner'] != intval($_SESSION['id'])) {
  278. // If we don't have info from auto-assign get it from database
  279. if (!isset($autoassign_owner['email'])) {
  280. hesk_notifyAssignedStaff(false, 'ticket_assigned_to_you', $modsForHesk_settings);
  281. } else {
  282. hesk_notifyAssignedStaff($autoassign_owner, 'ticket_assigned_to_you', $modsForHesk_settings);
  283. }
  284. } // Ticket unassigned, notify everyone that selected to be notified about unassigned tickets
  285. elseif (!$ticket['owner']) {
  286. hesk_notifyStaff('new_ticket_staff', " `id` != " . intval($_SESSION['id']) . " AND `notify_new_unassigned` = '1' ", $modsForHesk_settings);
  287. }
  288. // Unset temporary variables
  289. unset($tmpvar);
  290. hesk_cleanSessionVars('tmpvar');
  291. hesk_cleanSessionVars('as_name');
  292. hesk_cleanSessionVars('as_email');
  293. hesk_cleanSessionVars('as_category');
  294. hesk_cleanSessionVars('as_priority');
  295. hesk_cleanSessionVars('as_subject');
  296. hesk_cleanSessionVars('as_message');
  297. hesk_cleanSessionVars('as_owner');
  298. hesk_cleanSessionVars('as_notify');
  299. hesk_cleanSessionVars('as_show');
  300. foreach ($hesk_settings['custom_fields'] as $k => $v) {
  301. hesk_cleanSessionVars("as_$k");
  302. }
  303. // If ticket has been assigned to the person submitting it lets show a message saying so
  304. if ($ticket['owner'] && $ticket['owner'] == intval($_SESSION['id'])) {
  305. $hesklang['new_ticket_submitted'] .= '<br />&nbsp;<br />
  306. <span class="glyphicon glyphicon-comment"></span> <b>' . (isset($autoassign_owner) ? $hesklang['taasy'] : $hesklang['tasy']) . '</b>';
  307. }
  308. // Show the ticket or just the success message
  309. if ($show) {
  310. hesk_process_messages($hesklang['new_ticket_submitted'], 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
  311. } else {
  312. hesk_process_messages($hesklang['new_ticket_submitted'] . '. <a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999) . '">' . $hesklang['view_ticket'] . '</a>', 'new_ticket.php', 'SUCCESS');
  313. }