heskPurify($message_html); $message = convert_html_to_text($message_html); $message = fix_newlines($message); // Prepare plain message for storage as HTML $message = hesk_htmlspecialchars($message); // nl2br done after adding signature } elseif ($hesk_settings['staff_ticket_formatting'] == 0) { $message_html = hesk_makeURL($message_html); $message_html = nl2br($message_html); } // Save message for later and ignore the rest? if ( isset($_POST['save_reply']) ) { // Delete any existing drafts from this owner for this ticket hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])); // Save the message draft hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` (`owner`, `ticket`, `message`, `message_html`) VALUES (".intval($_SESSION['id']).", ".intval($ticket['id']).", '".hesk_dbEscape($message)."', '".hesk_dbEscape($message_html)."')"); /* Set reply submitted message */ $_SESSION['HESK_SUCCESS'] = TRUE; $_SESSION['HESK_MESSAGE'] = $hesklang['reply_saved']; /* What to do after reply? */ if ($_SESSION['afterreply'] == 1) { header('Location: admin_main.php'); } elseif ($_SESSION['afterreply'] == 2) { /* Get the next open ticket that needs a reply */ $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('0','".intval($_SESSION['id'])."') AND " . hesk_myCategories() . " AND `status` IN ('0','1') AND `id` != ".intval($ticket['id']). " ORDER BY `owner` DESC, `priority` ASC LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $row = hesk_dbFetchAssoc($res); $_SESSION['HESK_MESSAGE'] .= '

'.$hesklang['rssn']; header('Location: admin_ticket.php?track='.$row['trackid'].'&Refresh='.rand(10000,99999)); } else { header('Location: admin_main.php'); } } else { header('Location: admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999)); } exit(); } // Attach signature to the message? if ( ! $submit_as_customer && ! empty($_POST['signature']) && strlen($_SESSION['signature'])) { $message .= "\n\n" . addslashes($_SESSION['signature']) . "\n"; // Make signature links clickable $signature = hesk_makeURL($_SESSION['signature']); // Turn newlines into
tags $signature = nl2br($signature); $message_html .= "

" . addslashes($signature) . "
"; } // Make links clickable $message = hesk_makeURL($message); // Turn newlines into
tags $message = nl2br($message); } else { $hesk_error_buffer[] = $hesklang['enter_message']; } /* Attachments */ $use_legacy_attachments = hesk_POST('use-legacy-attachments', 0); if ($hesk_settings['attachments']['use']) { require(HESK_PATH . 'inc/attachments.inc.php'); $attachments = array(); if ($use_legacy_attachments) { for ($i = 1; $i <= $hesk_settings['attachments']['max_number']; $i++) { $att = hesk_uploadFile($i); if ($att !== false && !empty($att)) { $attachments[$i] = $att; } } } else { // The user used the new drag-and-drop system. $temp_attachment_names = hesk_POST_array('attachments'); foreach ($temp_attachment_names as $temp_attachment_name) { $temp_attachment = hesk_getTemporaryAttachment($temp_attachment_name); if ($temp_attachment !== null) { $attachments[] = $temp_attachment; } } } } $myattachments=''; /* Time spent working on ticket */ $time_worked = hesk_getTime(hesk_POST('time_worked')); /* Any errors? */ if (count($hesk_error_buffer)!=0) { $_SESSION['ticket_message'] = hesk_POST('message'); $_SESSION['time_worked'] = $time_worked; // Remove any successfully uploaded attachments if ($hesk_settings['attachments']['use']) { if ($use_legacy_attachments) { hesk_removeAttachments($attachments); } else { $_SESSION['ar_attachments'] = $attachments; } } $tmp = ''; foreach ($hesk_error_buffer as $error) { $tmp .= "

$error

\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'].'

'.$hesk_error_buffer.'

'; hesk_process_messages($hesk_error_buffer,'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999)); } if ($hesk_settings['attachments']['use'] && !empty($attachments)) { // Delete temp attachment records and set the new filename if (!$use_legacy_attachments) { $attachments = hesk_migrateTempAttachments($attachments, $trackingID); } foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .','; } } // Add reply if ($submit_as_customer) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`message_html`,`dt`,`attachments`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($ticket['name']))."','".hesk_dbEscape($message."

{$hesklang['creb']} ".addslashes($_SESSION['name'])."")."','".hesk_dbEscape($message_html."

{$hesklang['creb']} ".addslashes($_SESSION['name'])."")."',NOW(),'".hesk_dbEscape($myattachments)."')"); } else { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`message_html`,`dt`,`attachments`,`staffid`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($_SESSION['name']))."','".hesk_dbEscape($message)."','".hesk_dbEscape($message_html)."',NOW(),'".hesk_dbEscape($myattachments)."','".intval($_SESSION['id'])."')"); } /* Track ticket status changes for history */ $revision = ''; /* Change the status of priority? */ if ( ! empty($_POST['set_priority']) ) { $priority = intval( hesk_POST('priority') ); if ($priority < 0 || $priority > 3) { hesk_error($hesklang['select_priority']); } $options = array( 0 => $hesklang['critical'], 1 => $hesklang['high'], 2 => $hesklang['medium'], 3 => $hesklang['low'] ); $revision = sprintf($hesklang['thist8'],hesk_date(),$options[$priority],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); $priority_sql = ",`priority`='$priority', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') "; } else { $priority_sql = ""; } // Get new ticket status $sql_status = ''; // -> If locked, keep it resolved if ($ticket['locked']) { $new_status = 3; } // -> Submit as Customer reply elseif ($submit_as_customer) { $new_status = 1; if ($ticket['status'] != $new_status) { $revision = sprintf($hesklang['thist9'],hesk_date(),$hesklang['wait_reply'],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); $sql_status = " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') "; } } // -> Submitted with a status change? else { $submit_as_status = false; foreach ($hesk_settings['statuses'] as $id => $data) { if ( ! isset($_POST['submit_as-' . $id])) { continue; } // "Resolved" status needs special care if ($id == 3) { // Permission to resolve? if ( ! hesk_checkPermission('can_resolve', 0)) { break; } // Update "Closed at" $sql_status .= " , `closedat`=NOW(), `closedby`=".intval($_SESSION['id'])." "; // Lock the ticket if customers are not allowed to reopen tickets if ($hesk_settings['custopen'] != 1) { $sql_status .= " , `locked`='1' "; } } // Set the new status and log revision if modified $new_status = $id; if ($ticket['status'] != $new_status && $new_status != 2) { $revision = sprintf($hesklang['thist9'],hesk_date(),addslashes($data['name']),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); $sql_status .= " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') "; } $submit_as_status = true; break; } // Default: submit as "Replied by staff" if ( ! $submit_as_status) { $new_status = 2; } } $sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$new_status}',"; $sql.= $submit_as_customer ? "`lastreplier`='0', `replierid`='0' " : "`lastreplier`='1', `replierid`='".intval($_SESSION['id'])."' "; /* Update time_worked or force update lastchange */ if ($time_worked == '00:00:00') { $sql .= ", `lastchange` = NOW() "; } else { $parts = explode(':', $ticket['time_worked']); $seconds = ($parts[0] * 3600) + ($parts[1] * 60) + $parts[2]; $parts = explode(':', $time_worked); $seconds += ($parts[0] * 3600) + ($parts[1] * 60) + $parts[2]; require(HESK_PATH . 'inc/reporting_functions.inc.php'); $ticket['time_worked'] = hesk_SecondsToHHMMSS($seconds); $sql .= ",`time_worked` = ADDTIME(`time_worked`,'" . hesk_dbEscape($time_worked) . "') "; } if ( ! empty($_POST['assign_self']) && hesk_checkPermission('can_assign_self',0)) { $revision = sprintf($hesklang['thist2'],hesk_date(),addslashes($_SESSION['name']).' ('.$_SESSION['user'].')',addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); $sql .= " , `owner`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') "; } // If ticket is re-opened, clear "closed at" and "closed by" if ($ticket['status'] == 3 && $new_status != 3) { $sql .= ' , `closedat`=NULL, `closedby`=NULL '; } $sql .= " $priority_sql "; $sql .= " $sql_status "; // Is this the first staff reply? Log it for reporting if ( ! $ticket['firstreplyby'] ) { $sql .= " , `firstreply`=NOW(), `firstreplyby`=".intval($_SESSION['id'])." "; } // Keep track of replies to this ticket for easier reporting $sql .= " , `replies`=`replies`+1 "; $sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 "; // End and execute the query $sql .= " WHERE `id`='{$replyto}'"; hesk_dbQuery($sql); unset($sql); /* Update number of replies in the users table */ hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `replies`=`replies`+1 WHERE `id`='".intval($_SESSION['id'])."'"); // --> Prepare reply message // 1. Generate the array with ticket info that can be used in emails $info = array( 'email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $new_status, 'name' => $ticket['name'], 'subject' => $ticket['subject'], 'message' => stripslashes($message), 'attachments' => $myattachments, 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'due_date' => hesk_format_due_date($ticket['due_date']), 'id' => $ticket['id'], 'language' => $ticket['language'], 'time_worked' => $ticket['time_worked'], 'last_reply_by' => ($submit_as_customer ? $ticket['name'] : $_SESSION['name']), ); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Add HTML message to the array if (isset($message_html)) { $info['message_html'] = stripslashes($message_html); } else { $info['message_html'] = $info['message']; } // 4. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); // Notify the assigned staff? if ($submit_as_customer) { if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id']) { hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my'); } } // Notify customer? elseif ( ! isset($_POST['no_notify']) || intval( hesk_POST('no_notify') ) != 1) { hesk_notifyCustomer('new_reply_by_staff'); } // Delete any existing drafts from this owner for this ticket hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])); /* Set reply submitted message */ $_SESSION['HESK_SUCCESS'] = TRUE; $_SESSION['HESK_MESSAGE'] = $hesklang['reply_submitted']; /* What to do after reply? */ if ($_SESSION['afterreply'] == 1) { header('Location: admin_main.php'); } elseif ($_SESSION['afterreply'] == 2) { /* Get the next open ticket that needs a reply */ $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('0','".intval($_SESSION['id'])."') AND " . hesk_myCategories() . " AND `status` IN ('0','1') ORDER BY `owner` DESC, `priority` ASC LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $row = hesk_dbFetchAssoc($res); $_SESSION['HESK_MESSAGE'] .= '

'.$hesklang['rssn']; header('Location: admin_ticket.php?track='.$row['trackid'].'&Refresh='.rand(10000,99999)); } else { header('Location: admin_main.php'); } } else { header('Location: admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999)); } exit(); ?>