ticketreply.php

jsp程序开发系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: ticketreply.php,v $
// | $Date: 2004/02/10 01:34:31 $
// | $Revision: 1.45 $
// +-------------------------------------------------------------+
// | File Details:
// | - Ticket reply handler.
// +-------------------------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);

// start file
require("./../global.php");

// globalise variables
$global = array	(
			array('id')			// ticketid
);
rg($global);

$ticket = $db->query_return("SELECT * FROM ticket WHERE id = '$id'");
$now = time();

// check ticket exists
if ($db->num_rows() < 0) {
	mistake('The ticket does not exist');
}

if (trim($_REQUEST['reply']) == '') {
	mistake('You did not enter any message');
}

################## ADDING A NOTE ##################

if ($_REQUEST['is_note'] == '1') {

	// no permission to reply
	if (!(p_ticket('edit'))) {
		nopermission('reply to this ticket');
	}

	// update ownership
	if ($_REQUEST['ownership']) {
		
		$db->query("SELECT tech FROM ticket WHERE id = '$id'");
		$tlog = $db->row_array();
		if ($tlog['tech'] != $user['id']) {
			ticketlog($ticket['id'], 'tech', $tlog['tech'], $user['id']);
		}

		$db->query("UPDATE ticket SET tech = '$user[id]' WHERE id = '$id'");
	}

	$reply = xss_check($_REQUEST['reply'], 'tech');

	$db->query("INSERT INTO ticket_notes SET
			date = '" . mktime() . "',
			techid = '$user[id]',
			ticketid = '$id',
			note = '" . mysql_escape_string($reply) . "'
	");
	
	ticketlog($id, 'note', 0, 0, NULL, mysql_escape_string($_REQUEST['reply']), NULL);

	if ((int)$_REQUEST['searchid'] AND (int)$_REQUEST['num']) {
		jump("load_results.php?id=$id&searchid=$_REQUEST[searchid]&advance=1&num=".($_REQUEST['num'])."\" target=\"footer", 'Note added to ticket');
	} else {
		jump("ticketview.php?id=$id", 'Note added to ticket');
	}
}

################## REPLY TO TICKET ##################

if ($_REQUEST['is_note'] != '1') {
	// closed ticket
	if ($ticket[is_open] == '0') {
		mistake('You can not reply to a closed ticket');
	}

	// no permission to reply
	if (!(p_ticket('edit'))) {
		nopermission('reply to this ticket');
	}

	if (!(trim($_REQUEST['reply']))) {
		mistake('A blank reply was submitted; please fill in a message and resubmit.');
	}

	// Check for duplicates

	$reply = xss_check($_REQUEST['reply'], 'tech');

	$db->query("SELECT id FROM ticket_message WHERE
		ticketid = '$id' AND
		message = '" . mysql_escape_string($reply) . "' AND
		techid = '$user[id]' AND
		date > '" . (mktime() - (60 * 10)) . "'
	");

	if ($db->num_rows()) {
		mistake('Duplicate reply; this reply has already been submitted recently.');
	}

	// add ticket message
	$db->query("INSERT INTO ticket_message SET
		ticketid = '$id',
		message = '" . mysql_escape_string($reply) . "',
		date = '" . mktime() . "',
		techid = '$user[id]'
	");

	// update ticket
	if ($_REQUEST['ownership']) {
		$db->query("SELECT tech FROM ticket WHERE id = '$id'");
		$tlog = $db->row_array();
		if ($tlog['tech'] != $user['id']) {
			ticketlog($ticket['id'], 'tech', $tlog['tech'], $user['id']);
		}
	}

	$now_ = mktime();
	$db->query("UPDATE ticket SET
		date_lastreply_tech = '$now_', " .
		iff($_REQUEST['awaitinguser'], " awaiting_tech = '0', date_awaiting_toggled = '" . mktime() . "', ") . 
		iff($_REQUEST['ownership'], " tech = '$user[id]', ") . 
		iff($_REQUEST['close'], " is_open = '0', date_closed = '$now_', ") . "
		lock_techid = '0',
		is_locked = '0',
		date_locked = '0'
		WHERE id = '$id'
	");

	ticketlog($ticket[id], 'tech_replied');

	if ($_REQUEST['awaitinguser']) {
		ticketlog($ticket[id], 'awaiting_user');
	}

	if ($_REQUEST['close']) {
		ticketlog($ticket[id], 'close');
	}

	// get attachments
	$db->query("SELECT ticket_attachments.*, blobs.blobdata
				FROM ticket_attachments
				LEFT JOIN blobs ON (ticket_attachments.blobid = blobs.id)
				WHERE ticketid = '$id' AND
				toemail
			");

	while ($result = $db->row_array()) {
		$didattachments = 1;
		$attachments[] = array(
			'data' => $result[blobdata], 
			'name' => $result[filename], 
			'extension' => $result[extension]
		);
	}

	// log billing entry (if applicable)

	if ($settings['default_billable']) {
		$billable = 1;
	} else {
		$billable = 0;
	}
	
	if (!$_REQUEST['ignorebilling']) {
		if ($_REQUEST['charge'] OR $_REQUEST['hours'] OR $_REQUEST['minutes'] OR $_REQUEST['seconds']) {

			$time = ((int)$_REQUEST['hours'] * 3600) + ((int)$_REQUEST['minutes'] * 60) + (int)$_REQUEST['seconds'];
			if ($_REQUEST['charge']) {
				$charge = mysql_escape_string($_REQUEST['charge']);
			}

			if ($time OR ($_REQUEST['charge'] > 0)) {

				$db->query("INSERT INTO user_bill (userid, techid, ticketid, time, paid, billable, charge, stamp)
					VALUES ('$_REQUEST[userid]', '$user[id]', '$id', '$time', '0', '$billable', '$charge', '$now')");

				$details = array(
					'charge' => $_REQUEST['charge'],
					'time' => $time,
					'billable' => $billable,
					'paid' => 0
				);

				ticketlog($ticket['id'], 'billing_added', NULL, NULL, NULL, NULL, serialize($details));

			}
		}
	}

	// email the user
	if ($_REQUEST['emailuser']) {
		$user_data = $db->query_return("SELECT * FROM user WHERE id = '$ticket[userid]'");
		notify_user('reply_tech', $ticket, $user_data, $_REQUEST['reply'], $attachments);
	}

	if ($_REQUEST['mail_cc'] OR $_REQUEST['mail_digest']) {

		$mailother = split(',',$_REQUEST['cc']);

		if ($_REQUEST['mail_digest']) { // Generate the digest, put it in $message
			$db->query("SELECT id, username FROM user");

			while ($userdat = $db->row_array()) {
				$users[$userdat['id']] = $userdat['username'];
			}

			$db->query("SELECT id, username FROM tech");

			while ($techdat = $db->row_array()) {
				$techs[$techdat['id']] = $techdat['username'];
			}

			$db->query("SELECT id, message, date, techid, userid 
				FROM ticket_message WHERE ticketid = '$id' ORDER BY date");

			while ($messagedat = $db->row_array()) {

				if ($messagedat[userid]) {
					$origin = "user '" . $users[$messagedat[userid]] . "'";
				} else {
					$origin = "tech '" . $techs[$messagedat[techid]] . "'";
				}

				$digest .= "From $origin:\n--- " . our_date($messagedat[date],'full') . " ---\n$messagedat[message]\n\n";
			}
		}

		$pri = $db->query_return("
			SELECT ticket_pri.name 
			FROM ticket, 
				ticket_pri 
			WHERE ticket.id = '$id'
				AND ticket.priority = ticket_pri.id");
		
		$cat = $db->query_return("
			SELECT ticket_cat.name 
			FROM ticket, 
				ticket_cat 
			WHERE ticket.id = '$id'
				AND ticket.category = ticket_cat.id");
		
		$tech_email = $user['email'];
		$reply = $_REQUEST['reply'];

		if ($_REQUEST['mail_cc']) {
			eval(makeemaileval('cc_message', 'BODY_cc', $subject, $ticket));
		}

		if ($_REQUEST['mail_digest']) {
			eval(makeemaileval('digest_message', 'TECHBODY_digest', $subject, $ticket));
		}

		foreach ($mailother AS $key => $val) {

			if (validate_email($val)) {
				if ($_REQUEST['mail_cc']) {
					$ccs[] = $val;
					dp_mail($val, "CC'd response -- Ticket #$ticket[id] -- $subject", $cc_message);
				}

				if ($_REQUEST['mail_digest']) {
					$digests[] = $val;
					dp_mail($val, "Digest -- Ticket #$ticket[id] -- $subject", $digest_message);
				}
			}
		}

		if ($_REQUEST['mail_cc']) {
			$ccs = serialize($ccs);
			ticketlog($id, 'cc', NULL, NULL, "Subject: CC'd response -- Ticket #$ticket[id] -- $subject", NULL, $ccs);
		}

		if ($_REQUEST['mail_digest']) {
			$digests = serialize($digests);
			ticketlog($id, 'digest', NULL, NULL, "Subject: Digest -- Ticket #$ticket[id] -- $subject", NULL, $digests);
		}
	}

	// don't send attachments again
	if ($didattachments) {
		$db->query("UPDATE ticket_attachments SET 
					toemail = 0
					WHERE ticketid = '$id' AND
					toemail
			");
	}

	if ((int)$_REQUEST['searchid'] AND (int)$_REQUEST['num']) {

		jump("load_results.php?id=$id&searchid=$_REQUEST[searchid]&advance=1&num=".($_REQUEST['num'])."\" target=\"footer", 'Reply sent');

	} elseif ($_REQUEST['makefaq']) {

		$answer = $_REQUEST['reply'];
		$question = $db->query_return("SELECT message FROM ticket_message WHERE ticketid = '$ticket[id]' ORDER BY date LIMIT 1");
		$question = $question['message'];
		$title = $db->query_return("SELECT subject FROM ticket WHERE id = '$ticket[id]'");
		$title = $title['subject'];
		jump("../faq/view.php?do=add&title=$title&question=$question&answer=$answer", 'Ticket Created. Redirecting you to the FAQ article addition page.');

	} else {

		jump("ticketview.php?id=$id", 'Reply sent');

	}
}