reply.php

jsp程序开发系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: reply.php,v $
// | $Date: 2004/02/10 01:34:25 $
// | $Revision: 1.26 $
// +-------------------------------------------------------------+
// | File Details:
// | - Ticket reply pages.
// +-------------------------------------------------------------+

error_reporting(E_ALL & ~E_NOTICE);
require_once('./global.php');
//Nullify WTN-WDYL Team


// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "view";
}

// globalise variables
$global = array	(
			array('ticketref')
);
rg($global);

############################### PERMISSIONS AND VALIDATION ###############################

// check ticket ref
if (!$ticketref) {
	error("error_noticket");
}

check_user();

$ticket = $db->query_return("
	SELECT ticket.*, ticket_cat.name AS category, ticket_pri.name AS priority
	FROM ticket
	LEFT JOIN ticket_cat ON (ticket.category = ticket_cat.id)
	LEFT JOIN ticket_pri ON (ticket.priority = ticket_pri.id)
	WHERE	ticket.ref = '" . addslashes($ticketref) . "' AND
				ticket.userid = '$session[userid]'
");

if (!$db->num_rows()) {
	$ticket = $db->query_return("SELECT * FROM ticket_merge WHERE old_ref = '" . addslashes($ticketref) . "'");
	if ($ticket['new_id']) {
		$ticket = $db->query_return("
			SELECT ticket.*, ticket_cat.name AS category, ticket_pri.name AS priority
			FROM ticket
			LEFT JOIN ticket_cat ON (ticket.category = ticket_cat.id)
			LEFT JOIN ticket_pri ON (ticket.priority = ticket_pri.id)
			WHERE	ticket.ref = '$ticket[new_ref]' AND
						ticket.userid = '$session[userid]'
		");
	} else {
		error('error_noticket');
	}
}

if ($ticket[is_open] == "0" AND !$settings[user_reopen]) {
	error("error_ticket_closed");
}

// check that the post box is not too large (should be preveented by js validation)
if (strlen($_REQUEST[reply]) > $settings[max_size]) {
	error("NEW_message_large");
}

if (trim($_REQUEST[reply]) == "") {
	jump("view.php?ticketref=$ticketref", 'redirect_empty');
}

// check not double post in last 5 minutes
$time = mktime() - 60 * 5;
$db->query("SELECT message FROM ticket_message WHERE ticketid = '$ticket[id]' AND date > '$time'");
while ($result = $db->row_array()) {
	if ($result[message] == $_REQUEST[reply]) {
		jump("view.php?ticketref=$ticketref", "redirect_reply_ticket");
	}
}

############################### ADD / UPDATE TO DATABASE ###############################

$db->query("
	INSERT into ticket_message SET
		message = '".mysql_escape_string($_REQUEST[reply])."',
		ticketid = '$ticket[id]',
		userid = '$session[userid]',
		date = '" . mktime() . "',
		ipaddress =	'" . mysql_escape_string($ipaddress) . "'
");

$ticket['respid'] = $db->last_id();

$db->query("
	UPDATE ticket SET
		awaiting_tech = '1',
		date_awaiting_toggled = '" . mktime() . "',
		is_open = 1,
		date_lastreply = '" . mktime() . "'
	WHERE id = '$ticket[id]'
");

ticketlog($ticket[id], 'user_replied');

############################### ATTACHMENT ###############################

// attachment during this upload
$attachment = validate_attachment($attachment_error);

// attachment error type
if ($attachmenterror) {
	if ($error == 1) {
		$attachment_no_big = 1;
	} elseif ($attachment_error == 2) {
		$attachment_no_filetype = 1;
	} else {
		$attachment_no = 1;
	}
}

// add attachment
if ($attachment) {
	$attach = add_attachment();
		
	$db->query("INSERT INTO ticket_attachments SET
		blobid = '$attach[blobid]',
		filename = '" . mysql_escape_string($attach[name]) . "',
		filesize = '" . mysql_escape_string($attach[size]) . "',
		extension = '" . mysql_escape_string($attach[extension]) . "',
		ticketid = '" . mysql_escape_string($ticket[id]) . "',
		timestamp = '" . mktime() . "'" .
		iff($user['id'], ", userid = '$user[id]'")
	);

	$id = $db->last_id();

	$attach['id'] = $id;	// to link to an attachment for those techs that don't want to download it
	$email_attachment[] = $attach;

}

############################### SEND EMAILS ###############################

notify_user('reply_user', $ticket, $user, $_REQUEST[reply], $email_attachment);
notify_technicians('reply', $ticket, $user, $_REQUEST[reply], $email_attachment);

############################### REDIRECT ###############################

jump("view.php?ticketref=$ticketref", "redirect_reply_ticket");