Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

find_tickets.php 11KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279
  1. <?php
  2. /**
  3. *
  4. * This file is part of HESK - PHP Help Desk Software.
  5. *
  6. * (c) Copyright Klemen Stirn. All rights reserved.
  7. * https://www.hesk.com
  8. *
  9. * For the full copyright and license agreement information visit
  10. * https://www.hesk.com/eula.php
  11. *
  12. */
  13. define('IN_SCRIPT', 1);
  14. define('HESK_PATH', '../');
  15. define('PAGE_TITLE', 'ADMIN_HOME');
  16. define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
  17. /* Get all the required files and functions */
  18. require(HESK_PATH . 'hesk_settings.inc.php');
  19. require(HESK_PATH . 'inc/common.inc.php');
  20. require(HESK_PATH . 'inc/admin_functions.inc.php');
  21. require(HESK_PATH . 'inc/status_functions.inc.php');
  22. require(HESK_PATH . 'inc/mail_functions.inc.php');
  23. hesk_load_database_functions();
  24. hesk_session_start();
  25. hesk_dbConnect();
  26. hesk_isLoggedIn();
  27. define('CALENDAR', 1);
  28. $_SESSION['hide']['ticket_list'] = true;
  29. /* Check permissions for this feature */
  30. hesk_checkPermission('can_view_tickets');
  31. $_SERVER['PHP_SELF'] = './admin_main.php';
  32. // Load custom fields
  33. require_once(HESK_PATH . 'inc/custom_fields.inc.php');
  34. /* Print header */
  35. require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
  36. /* Print admin navigation */
  37. require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
  38. // This SQL code will be used to retrieve results
  39. $sql_final = "SELECT
  40. `id`,
  41. `trackid`,
  42. `name`,
  43. `email`,
  44. `category`,
  45. `priority`,
  46. `subject`,
  47. LEFT(`message`, 400) AS `message`,
  48. `dt`,
  49. `lastchange`,
  50. `firstreply`,
  51. `closedat`,
  52. `status`,
  53. `openedby`,
  54. `firstreplyby`,
  55. `closedby`,
  56. `replies`,
  57. `staffreplies`,
  58. `owner`,
  59. `time_worked`,
  60. `lastreplier`,
  61. `replierid`,
  62. `archive`,
  63. `locked`,
  64. `merged`
  65. ";
  66. foreach ($hesk_settings['custom_fields'] as $k => $v) {
  67. if ($v['use']) {
  68. $sql_final .= ", `" . $k . "`";
  69. }
  70. }
  71. $sql_final .= " FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
  72. // This code will be used to count number of results
  73. $sql_count = "SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
  74. // This is common SQL for both queries
  75. $sql = "";
  76. // Some default settings
  77. $archive = array(1 => 0, 2 => 0);
  78. $s_my = array(1 => 1, 2 => 1);
  79. $s_ot = array(1 => 1, 2 => 1);
  80. $s_un = array(1 => 1, 2 => 1);
  81. // --> TICKET CATEGORY
  82. $category = intval(hesk_GET('category', 0));
  83. // Make sure user has access to this category
  84. if ($category && hesk_okCategory($category, 0)) {
  85. $sql .= " `category`='{$category}' ";
  86. } // No category selected, show only allowed categories
  87. else {
  88. $sql .= hesk_myCategories();
  89. }
  90. // Show only tagged tickets?
  91. if (!empty($_GET['archive'])) {
  92. $archive[2] = 1;
  93. $sql .= " AND `archive`='1' ";
  94. }
  95. // Ticket owner preferences
  96. $fid = 2;
  97. require(HESK_PATH . 'inc/assignment_search.inc.php');
  98. $hesk_error_buffer = '';
  99. $no_query = 0;
  100. // Search query
  101. $q = stripslashes(hesk_input(hesk_GET('q', '')));
  102. // No query entered?
  103. if (!strlen($q)) {
  104. $hesk_error_buffer .= $hesklang['fsq'];
  105. $no_query = 1;
  106. }
  107. // What field are we searching in
  108. $what = hesk_GET('what', '') or $hesk_error_buffer .= '<br />' . $hesklang['wsel'];
  109. // Sequential ID supported?
  110. if ($what == 'seqid' && !$hesk_settings['sequential']) {
  111. $what = 'trackid';
  112. }
  113. // Setup SQL based on searching preferences
  114. if (!$no_query) {
  115. $sql .= " AND ";
  116. switch ($what) {
  117. case 'trackid':
  118. $sql .= " ( `trackid` = '" . hesk_dbEscape($q) . "' OR `merged` LIKE '%#" . hesk_dbEscape($q) . "#%' ) ";
  119. break;
  120. case 'name':
  121. $sql .= "`name` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "' ";
  122. break;
  123. case 'email':
  124. $sql .= "`email` LIKE '%" . hesk_dbEscape($q) . "%' ";
  125. break;
  126. case 'subject':
  127. $sql .= "`subject` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "' ";
  128. break;
  129. case 'message':
  130. $sql .= " ( `message` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "'
  131. OR
  132. `id` IN (
  133. SELECT DISTINCT `replyto`
  134. FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies`
  135. WHERE `message` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "' )
  136. )
  137. ";
  138. break;
  139. case 'seqid':
  140. $sql .= "`id` = '" . intval($q) . "' ";
  141. break;
  142. case 'notes':
  143. $sql .= "`id` IN (
  144. SELECT DISTINCT `ticket`
  145. FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes`
  146. WHERE `message` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "' )
  147. ";
  148. break;
  149. default:
  150. if (isset($hesk_settings['custom_fields'][$what]) && $hesk_settings['custom_fields'][$what]['use']) {
  151. $sql .= "`" . hesk_dbEscape($what) . "` LIKE '%" . hesk_dbEscape($q) . "%' COLLATE '" . hesk_dbCollate() . "' ";
  152. } else {
  153. $hesk_error_buffer .= '<br />' . $hesklang['invalid_search'];
  154. }
  155. }
  156. }
  157. // Owner
  158. if ($tmp = intval(hesk_GET('owner', 0))) {
  159. $sql .= " AND `owner`={$tmp} ";
  160. $owner_input = $tmp;
  161. $hesk_error_buffer = str_replace($hesklang['fsq'], '', $hesk_error_buffer);
  162. } else {
  163. $owner_input = 0;
  164. }
  165. /* Date */
  166. /* -> Now process the date value */
  167. $dt = preg_replace('/[^0-9]/', '', hesk_GET('dt'));
  168. if (strlen($dt) == 8) {
  169. $date = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
  170. $date_input = $date;
  171. /* This search is valid even if no query is entered */
  172. if ($no_query) {
  173. $hesk_error_buffer = str_replace($hesklang['fsq'], '', $hesk_error_buffer);
  174. }
  175. $sql .= " AND `dt` BETWEEN '{$date} 00:00:00' AND '{$date} 23:59:59' ";
  176. } else {
  177. $date = '';
  178. $date_input = '';
  179. }
  180. /* Any errors? */
  181. if (strlen($hesk_error_buffer)) {
  182. hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
  183. }
  184. # echo "$sql<br/>";
  185. // That's all the SQL we need for count
  186. $sql_count .= $sql;
  187. $sql = $sql_final . $sql;
  188. /* Prepare variables used in search and forms */
  189. require_once(HESK_PATH . 'inc/prepare_ticket_search.inc.php');
  190. ?>
  191. <div class="content-wrapper">
  192. <section class="content">
  193. <div class="box">
  194. <div class="box-header with-border">
  195. <h1 class="box-title">
  196. <?php echo $hesklang['tickets']; ?>
  197. </h1>
  198. <div class="box-tools pull-right">
  199. <button type="button" class="btn btn-box-tool" data-widget="collapse">
  200. <i class="fa fa-minus"></i>
  201. </button>
  202. </div>
  203. </div>
  204. <div class="box-body">
  205. <?php $handle = hesk_handle_messages(); ?>
  206. <div class="row">
  207. <div class="col-xs-6 text-left">
  208. <div class="checkbox">
  209. <label>
  210. <input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
  211. <?php echo $hesklang['arp']; ?>
  212. <span id="timer"></span>
  213. </label>
  214. </div>
  215. <script type="text/javascript">heskCheckReloading();</script>
  216. </div>
  217. <div class="col-xs-6 text-right">
  218. <a href="new_ticket.php" class="btn btn-success">
  219. <span class="glyphicon glyphicon-plus-sign"></span>
  220. <?php echo $hesklang['nti']; ?>
  221. </a>
  222. </div>
  223. </div>
  224. <?php
  225. if ($handle !== FALSE) {
  226. $href = 'find_tickets.php';
  227. require_once(HESK_PATH . 'inc/ticket_list.inc.php');
  228. echo '<br>';
  229. }
  230. /* Clean unneeded session variables */
  231. hesk_cleanSessionVars('hide');
  232. /* Show the search form */
  233. require_once(HESK_PATH . 'inc/show_search_form.inc.php');
  234. ?>
  235. </div>
  236. </div>
  237. </section>
  238. </div>
  239. <?php
  240. /* Print footer */
  241. require_once(HESK_PATH . 'inc/footer.inc.php');
  242. exit();