$error\n"; } $hesk_error_buffer = $tmp; $hesk_error_buffer = $hesklang['pcer'].'

'; hesk_process_messages($hesk_error_buffer,'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999)); } // Process attachments if ($hesk_settings['attachments']['use'] && ! empty($attachments) ) { if (!$use_legacy_attachments) { $attachments = hesk_migrateTempAttachments($attachments, $trackingID); } foreach ($attachments as $myatt) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`,`type`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."', '1')"); $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .','; } } // Add note to database $msg = nl2br(hesk_makeURL($msg)); hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`,`attachments`) VALUES ('".intval($ticket['id'])."','".intval($_SESSION['id'])."',NOW(),'".hesk_dbEscape($msg)."','".hesk_dbEscape($myattachments)."')"); // Update time worked if ($hesk_settings['time_worked'] && ($time_worked = hesk_getTime(hesk_POST('time_worked_notes'))) && $time_worked != '00:00:00') { $parts = explode(':', $ticket['time_worked']); $seconds = ($parts[0] * 3600) + ($parts[1] * 60) + $parts[2]; $parts = explode(':', $time_worked); $seconds += ($parts[0] * 3600) + ($parts[1] * 60) + $parts[2]; require(HESK_PATH . 'inc/reporting_functions.inc.php'); $ticket['time_worked'] = hesk_SecondsToHHMMSS($seconds); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `time_worked` = ADDTIME(`time_worked`,'" . hesk_dbEscape($time_worked) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'"); } /* Notify assigned staff that a note has been added if needed */ if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id']) { $res = hesk_dbQuery("SELECT `email` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($ticket['owner'])."' AND `notify_note`='1' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $owner = hesk_dbFetchAssoc($res); // 1. Generate the array with ticket info that can be used in emails $info = array( 'email' => $ticket['email'], 'category' => $ticket['category'], 'priority' => $ticket['priority'], 'owner' => $ticket['owner'], 'trackid' => $ticket['trackid'], 'status' => $ticket['status'], 'name' => $_SESSION['name'], 'subject' => $ticket['subject'], 'message' => stripslashes($msg), 'dt' => hesk_date($ticket['dt'], true), 'lastchange' => hesk_date($ticket['lastchange'], true), 'attachments' => $myattachments, 'due_date' => hesk_format_due_date($ticket['due_date']), 'id' => $ticket['id'], 'time_worked' => $ticket['time_worked'], 'last_reply_by' => $ticket['repliername'], ); // 2. Add custom fields to the array foreach ($hesk_settings['custom_fields'] as $k => $v) { $info[$k] = $v['use'] ? $ticket[$k] : ''; } // 3. Add HTML message to the array $info['message_html'] = $info['message']; // 4. Make sure all values are properly formatted for email $ticket = hesk_ticketToPlain($info, 1, 0); /* Get email functions */ require(HESK_PATH . 'inc/email_functions.inc.php'); /* Format email subject and message for staff */ $subject = hesk_getEmailSubject('new_note',$ticket); list($message, $html_message) = hesk_getEmailMessage('new_note',$ticket,1); /* Send email to staff */ hesk_mail($owner['email'], $subject, $message, $html_message); } } } header('Location: admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); exit(); } /* Update time worked */ if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST')) { $h = intval( hesk_POST('h') ); $m = intval( hesk_POST('m') ); $s = intval( hesk_POST('s') ); /* Get time worked in proper format */ $time_worked = hesk_getTime($h . ':' . $m . ':' . $s); /* Update database */ $revision = sprintf($hesklang['thist14'],hesk_date(),$time_worked,addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'"); /* Show ticket */ hesk_process_messages($hesklang['twu'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } /* Update due date */ if (isset($_POST['action']) && $_POST['action'] == 'due_date' && hesk_token_check('POST')) { // Check permission if ( ! $can_due_date) { hesk_process_messages($hesklang['can_due_date_e'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'ERROR'); } $new_due_date = hesk_POST('new-due-date'); $sql_overdue_email = ''; if ($new_due_date == '') { $formatted_date = false; $revision = sprintf($hesklang['thist20'], hesk_date(), addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); } else { $date = hesk_datepicker_get_date($new_due_date); if ($date === false) { hesk_process_messages($hesklang['invalid_due_date'], 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } $formatted_date = $date->format('Y-m-d'); $revision = sprintf($hesklang['thist19'], hesk_date(), $formatted_date, addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); // If this is a future date, we'll reset the $current_date = new DateTime(); if ($date > $current_date) { $sql_overdue_email = '`overdue_email_sent`=0,'; } } hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `due_date` = " . ($formatted_date === false ? 'NULL' : "'".hesk_dbEscape($formatted_date)."'") . ", {$sql_overdue_email} `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND (`due_date` IS " . ($formatted_date === false ? 'NOT NULL' : "NULL OR `due_date` != '".hesk_dbEscape($formatted_date)."'") . ")"); /* Show ticket */ hesk_process_messages($hesklang['due_date_updated'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } /* Delete attachment action */ if (isset($_GET['delatt']) && hesk_token_check()) { if ( ! $can_delete || ! $can_edit) { hesk_process_messages($hesklang['no_permission'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } $att_id = intval( hesk_GET('delatt') ) or hesk_error($hesklang['inv_att_id']); $reply = intval( hesk_GET('reply', 0) ); if ($reply < 1) { $reply = 0; } $note = intval( hesk_GET('note', 0) ); if ($note < 1) { $note = 0; } /* Get attachment info */ $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { hesk_process_messages($hesklang['id_not_valid'].' (att_id)','admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } $att = hesk_dbFetchAssoc($res); /* Is ticket ID valid for this attachment? */ if ($att['ticket_id'] != $trackingID) { hesk_process_messages($hesklang['trackID_not_found'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999)); } /* Delete file from server */ hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$att['saved_name']); /* Delete attachment from database */ hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."'"); /* Update ticket or reply in the database */ $revision = sprintf($hesklang['thist12'],hesk_date(),$att['real_name'],addslashes($_SESSION['name']).' ('.$_SESSION['user'].')'); if ($reply) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",','') WHERE `id`='".intval($reply)."'"); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($ticket['id'])."'"); } elseif ($note) { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",','') WHERE `id`={$note}"); } else { hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",',''), `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($ticket['id'])."'"); } hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS'); } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* List of categories */ if ($can_change_cat) { $result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` ASC"); } else { $result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE ".hesk_myCategories('id')." ORDER BY `cat_order` ASC"); } $categories_options=''; while ($row=hesk_dbFetchAssoc($result)) { $categories_options.=''; } /* List of users */ $admins = array(); $result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC"); while ($row=hesk_dbFetchAssoc($result)) { /* Is this an administrator? */ if ($row['isadmin']) { $admins[$row['id']]=$row['name']; continue; } /* Not admin, is user allowed to view tickets? */ if (strpos($row['heskprivileges'], 'can_view_tickets') !== false) { /* Is user allowed to access this category? */ $cat=substr($row['categories'], 0); $row['categories']=explode(',',$cat); if (in_array($ticket['category'],$row['categories'])) { $admins[$row['id']]=$row['name']; continue; } } } /* Get replies */ if ($ticket['replies']) { $reply = ''; $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` " . ($hesk_settings['new_top'] ? 'DESC' : 'ASC') ); } else { $reply = false; } // Demo mode if ( defined('HESK_DEMO') ) { $ticket['email'] = 'hidden@demo.com'; $ticket['ip'] = '127.0.0.1'; } /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* This will handle error, success and notice messages */ hesk_handle_messages(); // Prepare special custom fields foreach ($hesk_settings['custom_fields'] as $k=>$v) { if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category']) ) { switch ($v['type']) { case 'date': $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']); break; } } } /* Do we need or have any canned responses? */ $can_options = hesk_printCanned(); $options = array( 0 => '', 1 => '', 2 => '', 3 => '' ); ?>
>

  
>
»

' : ''; $att = explode(',', substr($note['attachments'], 0, -1) ); $num = count($att); foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); // Can edit and delete note (attachments)? if ($can_del_notes || $note['who'] == $_SESSION['id']) { // If this is the last attachment and no message, show "delete ticket" link if ($num == 1 && strlen($note['message']) == 0) { echo ' »'; } // Show "delete attachment" link else { echo ' »'; } } echo ' '.$att_name.'
'; } } ?>

'; ?>

:
  • :
  • :
  • '; if ( $email_id = hesk_isBannedEmail($ticket['email']) ) { if ($can_unban_emails) { echo ' '.$hesklang['unban_email'].' '; } else { echo $hesklang['eisban']; } } else { echo ' '.$hesklang['savebanemail'].' '; } echo ''; } // Format IP for lookup if ($ticket['ip'] != '' && $ticket['ip'] != 'Unknown' && $ticket['ip'] != $hesklang['unknown']) { echo '
  • '; if ($can_ban_ips) { if ( $ip_id = hesk_isBannedIP($ticket['ip']) ) { if ($can_unban_ips) { echo ' '.$hesklang['unban_ip'].' '; } else { echo $hesklang['ipisban']; } } else { echo ' '.$hesklang['savebanip'].' '; } } echo '
    • '; } ?>
$v) { if ($v['use'] && $v['place']==0 && hesk_is_custom_field_in_category($k, $ticket['category']) ) { switch ($v['type']) { case 'email': $ticket[$k] = ''.$ticket[$k].''; break; } echo '
'.$v['name:'].' '.$ticket[$k].'
'; } } if ($ticket['message_html'] != '') { ?>

$v) { if ($v['use'] && $v['place'] && hesk_is_custom_field_in_category($k, $ticket['category']) ) { switch ($v['type']) { case 'email': $ticket[$k] = ''.$ticket[$k].''; break; } echo '
'.$v['name:'].' '.$ticket[$k].'
'; } } /* Print attachments */ hesk_listAttachments($ticket['attachments'], 0 , $i); // Show suggested KB articles if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && ! empty($ticket['articles']) ) { $suggested = array(); $suggested_list = ''; // Get article info from the database $articles = hesk_dbQuery("SELECT `id`,`subject` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id` IN (".preg_replace('/[^0-9\,]/', '', $ticket['articles']).")"); while ($article=hesk_dbFetchAssoc($articles)) { $suggested[$article['id']] = ''.$article['subject'].''; } // Loop through the IDs to preserve the order they were suggested in $articles = explode(',', $ticket['articles']); foreach ($articles as $article) { if ( isset($suggested[$article]) ) { $suggested_list .= $suggested[$article]; } } // Finally print suggested articles if ( strlen($suggested_list) ) { ?>
'.$hesklang['sska'].' '; } ?>
»

' : ''; $att = explode(',', substr($note['attachments'], 0, -1) ); $num = count($att); foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); // Can edit and delete note (attachments)? if ($can_del_notes || $note['who'] == $_SESSION['id']) { // If this is the last attachment and no message, show "delete ticket" link if ($num == 1 && strlen($note['message']) == 0) { echo ' »'; } // Show "delete attachment" link else { echo ' »'; } } echo ' '.$att_name.'
'; } } ?>

'; ?>
 
'.$hesklang['open_action'].']'; } } elseif ($can_resolve) { $status_action = '['.$hesklang['close_action'].']'; } ?>
>
 
'; } ?>
'.$admins[$ticket['owner']].'' : ''.$hesklang['unas'].''; ?>
 
'.$hesklang['asss'].']'; ?>

:
:
:
:
:
:
:
' . $ticket['time_worked'] . '
'; } ?>
".$ticket['id']." AND `email` <> '' AND ".hesk_dbFormatEmail($first_email)." ORDER BY `lastchange` DESC LIMIT " . ($show_previous_tickets+1)); $past_num = hesk_dbNumRows($res); ?>

0) echo 'style="display:block"'; ?>> $show_previous_tickets) { hesk_dbFreeResult($res); break; } ?>
0 && $i > $show_previous_tickets) { echo '
'.$hesklang['all_previous'].''; } elseif ($past_num == 0) { echo sprintf($hesklang['no_previous'], hesk_htmlspecialchars($first_email)); } ?>
', $ticket['history'], -1); ?>

', '', $history_piece); $date_and_contents = explode(' | ', $history_piece); if ( ! isset($date_and_contents[1])) { $date_and_contents[1] = $date_and_contents[0]; $date_and_contents[0] = ''; } ?>
'; foreach ($att as $myatt) { list($att_id, $att_name) = explode('#', $myatt); /* Can edit and delete tickets? */ if ($can_edit && $can_delete) { echo ' »'; } echo ' '.$att_name.'
'; } echo ''; return true; } // End hesk_listAttachments() function hesk_getAdminButtons($isReply=0,$white=1) { global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $can_resolve, $can_privacy, $can_export; $buttons = array(); // Edit if ($can_edit) { $tmp = $isReply ? '&reply='.$reply['id'] : ''; if ($isReply) { $buttons['more']['edit'] = ' '.$hesklang['btn_edit'].' '; } else { $buttons[] = ' '.$hesklang['btn_edit'].' '; } } if (!$isReply) { // Print ticket button $buttons[] = ' '.$hesklang['btn_print'].' '; } // Lock ticket button if (!$isReply && $can_resolve) { if ($ticket['locked']) { $des = $hesklang['tul'] . ' - ' . $hesklang['isloc']; $buttons['more'][] = ' '.$hesklang['btn_unlock'].' '; } else { $des = $hesklang['tlo'] . ' - ' . $hesklang['isloc']; $buttons['more'][] = ' '.$hesklang['btn_lock'].' '; } } // Tag ticket button if (!$isReply && $can_archive) { if ($ticket['archive']) { $buttons['more'][] = ' '.$hesklang['btn_untag'].' '; } else { $buttons['more'][] = ' '.$hesklang['btn_tag'].' '; } } // Resend email notification button if (!$ticket['anonymized']) { $buttons['more'][] = ' '.$hesklang['btn_resend'].' '; } // Import to knowledgebase button if (!$isReply && $hesk_settings['kb_enable'] && hesk_checkPermission('can_man_kb',0) && !$ticket['anonymized']) { $buttons['more'][] = ' '.$hesklang['btn_import_kb'].' '; } // Export ticket if (!$isReply && $can_export && !$ticket['anonymized']) { $buttons['more'][] = ' '.$hesklang['btn_export'].' '; } // Anonymize ticket if (!$isReply && $can_privacy) { $modal_id = hesk_generate_delete_modal($hesklang['confirm_anony'], $hesklang['privacy_anon_info'], 'anonymize_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999).'&token='.hesk_token_echo(0), $hesklang['confirm']); $buttons['more'][] = ' '.$hesklang['btn_anony'].' '; } // Delete ticket or reply if ($can_delete) { if ($isReply) { $url = 'admin_ticket.php'; $tmp = 'delete_post='.$reply['id']; $txt = $hesklang['btn_delr']; $modal_text = $hesklang['confirm_delete_reply']; } else { $url = 'delete_tickets.php'; $tmp = 'delete_ticket=1'; $txt = $hesklang['btn_delt']; $modal_text = $hesklang['confirm_delete_ticket']; } $modal_id = hesk_generate_delete_modal($hesklang['confirm_deletion'], $modal_text, $url.'?track='.$trackingID.'&'.$tmp.'&Refresh='.mt_rand(10000,99999).'&token='.hesk_token_echo(0)); $buttons['more'][] = ' '.$txt.' '; } // Format and return the HTML for buttons $button_code = ''; foreach ($buttons as $button) { if (is_array($button)) { $more_class = $isReply ? 'more ' : ''; $label = ' '; if ($isReply) { $label = ' '; } $button_code .= '
'; if (isset($button['edit'])) { $button_code .= $button['edit']; unset($button['edit']); } $button_code .= $label.'
'; } else { $button_code .= $button; } } $button_code .= ''; return $button_code; } // END hesk_getAdminButtons() function print_form() { global $hesk_settings, $hesklang; global $trackingID; /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); ?>

0) { if ($hesk_settings['new_top']) { if ($i >= $hesk_settings['hide_replies']) { $collapsed_replies[] = $reply; } else { $displayed_replies[] = $reply; } } else { if ($i < ($ticket['replies'] - $hesk_settings['hide_replies'])) { $collapsed_replies[] = $reply; } else { $displayed_replies[] = $reply; } } // Never, always show all replies } else { $displayed_replies[] = $reply; } $i++; } $start_previous_replies = true; for ($j = 0; $j < count($collapsed_replies) && $hesk_settings['new_top'] == 0; $j++) { $reply = $collapsed_replies[$j]; if ($start_previous_replies): $start_previous_replies = false; ?>
»

' . $hesklang['rnh'] . '

'; } elseif ($reply['rating'] == 5) { echo '

' . $hesklang['rh'] . '

'; } } /* Show "unread reply" message? */ if ($reply['staffid'] && !$reply['read']) { echo '

' . $hesklang['unread'] . '

'; } ?>
'; } } for ($j = 0; $j < count($displayed_replies); $j++) { $reply = $displayed_replies[$j]; ?>
»

'.$hesklang['rnh'].'

'; } elseif ($reply['rating']==5) { echo '

'.$hesklang['rh'].'

'; } } /* Show "unread reply" message? */ if ($reply['staffid'] && ! $reply['read']) { echo '

'.$hesklang['unread'].'

'; } ?>
»

' . $hesklang['rnh'] . '

'; } elseif ($reply['rating'] == 5) { echo '

' . $hesklang['rh'] . '

'; } } /* Show "unread reply" message? */ if ($reply['staffid'] && !$reply['read']) { echo '

' . $hesklang['unread'] . '

'; } ?>
'; } } return $i; } // End hesk_printTicketReplies() function hesk_printReplyForm() { global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self, $can_resolve; // Force assigning a ticket before allowing to reply? if ($hesk_settings['require_owner'] && ! $ticket['owner']) { hesk_show_notice($hesklang['atbr'].($can_assign_self ? '

'.$hesklang['attm'].'' : ''), $hesklang['owneed']); return ''; } ?>
'; ?>
'; if (empty($ticket['owner'])) { echo ''; } else { echo ''; } echo ''; echo ''; } ?>
>