- '.$hesk_error_buffer[0].'
- '.$hesk_error_buffer[1].'
';
hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
print_form();
}
}
elseif ( empty($trackingID) || ( $hesk_settings['email_view_ticket'] && empty($my_email) ) )
{
print_form();
}
/* Connect to database */
hesk_dbConnect();
/* Limit brute force attempts */
hesk_limitBfAttempts();
// Load custom fields
require_once(HESK_PATH . 'inc/custom_fields.inc.php');
// Load statuses
require_once(HESK_PATH . 'inc/statuses.inc.php');
/* Get ticket info */
$res = hesk_dbQuery( "SELECT `t1`.* , `t2`.name AS `repliername` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` AS `t1` LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."users` AS `t2` ON `t1`.`replierid` = `t2`.`id` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
/* Ticket found? */
if (hesk_dbNumRows($res) != 1)
{
/* Ticket not found, perhaps it was merged with another ticket? */
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `merged` LIKE '%#".hesk_dbEscape($trackingID)."#%' LIMIT 1");
if (hesk_dbNumRows($res) == 1)
{
/* OK, found in a merged ticket. Get info */
$ticket = hesk_dbFetchAssoc($res);
/* If we require e-mail to view tickets check if it matches the one from merged ticket */
if ( hesk_verifyEmailMatch($ticket['trackid'], $my_email, $ticket['email'], 0) )
{
hesk_process_messages( sprintf($hesklang['tme'], $trackingID, $ticket['trackid']) ,'NOREDIRECT','NOTICE');
$trackingID = $ticket['trackid'];
}
else
{
hesk_process_messages( sprintf($hesklang['tme1'], $trackingID, $ticket['trackid']) . '
' . sprintf($hesklang['tme2'], $ticket['trackid']) ,'NOREDIRECT','NOTICE');
$trackingID = $ticket['trackid'];
print_form();
}
}
else
{
/* Nothing found, error out */
hesk_process_messages($hesklang['ticket_not_found'],'NOREDIRECT');
print_form();
}
}
else
{
/* We have a match, get ticket info */
$ticket = hesk_dbFetchAssoc($res);
/* If we require e-mail to view tickets check if it matches the one in database */
hesk_verifyEmailMatch($trackingID, $my_email, $ticket['email']);
}
/* Ticket exists, clean brute force attempts */
hesk_cleanBfAttempts();
/* Remember email address? */
if ($is_form)
{
if ($do_remember)
{
hesk_setcookie('hesk_myemail', $my_email, strtotime('+1 year'));
}
elseif ( isset($_COOKIE['hesk_myemail']) )
{
hesk_setcookie('hesk_myemail', '');
}
}
/* Set last replier name */
if ($ticket['lastreplier'])
{
if (empty($ticket['repliername']))
{
$ticket['repliername'] = $hesklang['staff'];
}
}
else
{
$ticket['repliername'] = $ticket['name'];
}
// If IP is unknown (tickets via email pipe/pop3 fetching) assume current visitor IP as customer IP
if ($ticket['ip'] == '' || $ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown'])
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `ip` = '".hesk_dbEscape(hesk_getClientIP())."' WHERE `id`=".intval($ticket['id']));
}
/* Get category name and ID */
$result = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1");
/* If this category has been deleted use the default category with ID 1 */
if (hesk_dbNumRows($result) != 1)
{
$result = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1");
}
$category = hesk_dbFetchAssoc($result);
/* Get replies */
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` ".($hesk_settings['new_top'] ? 'DESC' : 'ASC') );
$replies = hesk_dbNumRows($result);
$repliesArray = array();
$unread_replies = array();
while ($row = hesk_dbFetchAssoc($result)) {
if ($row['staffid'] && !$row['read'])
{
$unread_replies[] = $row['id'];
}
$repliesArray[] = $row;
}
/* If needed update unread replies as read for staff to know */
if (count($unread_replies))
{
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `read` = '1' WHERE `id` IN ('".implode("','", $unread_replies)."')");
}
// Demo mode
if ( defined('HESK_DEMO') )
{
$ticket['email'] = 'hidden@demo.com';
}
$messages = hesk_get_messages();
$custom_fields_before_message = array();
$custom_fields_after_message = array();
foreach ($hesk_settings['custom_fields'] as $k=>$v) {
if ($v['use']==1 && hesk_is_custom_field_in_category($k, $ticket['category']))
{
$custom_field = array(
'name' => $v['name'],
'name:' => $v['name:'],
'value' => $ticket[$k],
'type' => $v['type']
);
if ($v['type'] == 'date') {
$custom_field['date_format'] = $v['value']['date_format'];
}
if ($v['place'] == 1) {
$custom_fields_after_message[] = $custom_field;
} else {
$custom_fields_before_message[] = $custom_field;
}
}
}
$hesk_settings['render_template'](TEMPLATE_PATH . 'customer/view-ticket/view-ticket.php', array(
'messages' => $messages,
'ticketJustReopened' => isset($_SESSION['force_form_top']),
'ticket' => $ticket,
'trackingID' => $trackingID,
'numberOfReplies' => $replies,
'replies' => $repliesArray,
'category' => $category,
'email' => $my_email,
'customFieldsBeforeMessage' => $custom_fields_before_message,
'customFieldsAfterMessage' => $custom_fields_after_message
));
unset($_SESSION['force_form_top']);
/* Clear unneeded session variables */
hesk_cleanSessionVars('ticket_message');
/*** START FUNCTIONS ***/
function print_form()
{
global $hesk_settings, $hesklang;
global $hesk_error_buffer, $my_email, $trackingID, $do_remember, $display;
/* Print header */
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['view_ticket'];
$messages = hesk_get_messages();
$hesk_settings['render_template'](TEMPLATE_PATH . 'customer/view-ticket/form.php', array(
'messages' => $messages,
'trackingId' => $trackingID,
'email' => $my_email,
'rememberEmail' => $do_remember,
'displayForgotTrackingIdForm' => !empty($_GET['forgot']),
'submittedForgotTrackingIdForm' => $display === 'block'
));
exit();
} // End print_form()