view.php

jsp程序开发系统

<?php

// +-------------------------------------------------------------+
// | DeskPRO v[2.0.1_Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN Team
// +-------------------------------------------------------------+
// | $RCSfile: view.php,v $
// | $Date: 2004/02/11 20:32:12 $
// | $Revision: 1.34 $
// +-------------------------------------------------------------+
// | File Details:
// | - Ticket detailed view page.
// +-------------------------------------------------------------+

error_reporting(E_ALL & ~E_NOTICE);
require_once('./global.php');
//Nullify WTN-WDYL Team

$template_cache = templatecache('VIEW_main,VIEW_print,HF_footer,HF_header');

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "view";
}

// globalise variables
$global = array	(
			array('ticketref')
);
rg($global);

############################### SET UP PERMISSIONS ###############################

// check ticket ref
if (!$ticketref) {
	error("error_noticket");
}

// either should be logged in or have encrypted password
if (!$_REQUEST['pass']) {
	// check user
	check_user();
} else {

	$user = $db->query_return("
		SELECT * FROM user 
		WHERE password_url = '" . mysql_escape_string($_REQUEST['pass']) . "'
	");

	// check they have a correct ticketid (this is like the test on username)
	$db->query("SELECT userid FROM ticket WHERE userid = '$user[id]'");

	// if the above query matched we have a valid user. Update session and send cookies
	if ($db->num_rows()) {

		$session = update_session('user', $user[id]);
		$session = update_session('language', $user[language]);
		dp_setcookie('dp_user_sessionid', $session[sessionid]);

	} else {
	// ticket does not exist or not owned by the user with the url_password submitted
		unset($user);
		check_user();
	}

}

############################### CATEGORY / PRIORITY INFORMATION ###############################

// categories
$category_cache = user_category_array('view');

// priorities
$priority_cache = user_priority_array('view');

############################### TICKET DATA ###############################

if ($_REQUEST['do'] == "view") {

	$ticket = $db->query_return("
		SELECT ticket.*, tech.username AS techusername
		FROM ticket
		LEFT JOIN tech ON (ticket.tech = tech.id)
		WHERE	ticket.ref = '" . addslashes($ticketref) . "'
	");

	if (!$db->num_rows()) {

		$ticket = $db->query_return("
			SELECT * 
			FROM ticket_merge 
			WHERE old_ref = '" . addslashes($ticketref) . "'
		");

		if ($ticket['new_id']) {
			
			$ticket = $db->query_return("
				SELECT ticket.*, tech.username AS techusername
				FROM ticket
				LEFT JOIN tech ON (ticket.tech = tech.id)
				WHERE	ticket.ref = '$ticket[new_id]'
			");

		} else {
			error('error_noticket');
		}
	}

	if ($ticket['userid'] != $session['userid']) {
		error('error_noticket_permission');
	}

############################### TICKET PROCESSING ###############################

	$ticket['date_opened'] = our_date($ticket['date_opened'], 'day');
	$closed = $ticket['date_closed'];
	$ticket['date_closed'] = our_date($closed, 'day');
	$ticket['date_closed_full'] = our_date($closed, 'full');
	$ticket['category'] = $category_cache[$ticket['category']];
	$ticket['priority'] = $priority_cache[$ticket['priority']];

	// get field data
	$db->query("
		SELECT * from ticket_def 
		WHERE user_viewable
		ORDER by displayorder
	");
	
	while ($result = $db->row_array()) {

		if ($result[user_editable] == 1) {	// used for ticket editing
			$user_editable = 1;
		}

		unset($name, $description, $html);

		$tmp = unserialize($result[display_name]);
		$name = $tmp[$session[language]];

		$html = field_display($result, $ticket[$result[name]], 1);
			
		// two arrays, one for loop and one to allow custom form design
		$custom[] = array(
			'name' => $name,
			'description' => $description,
			'html' => $html
		);

		${$result[name]} = array(
			'name' => $name,
			'description' => $description,
			'html' => $result[html]
		);
	}

	// check ticket is editable
	if ($settings[category_user_viewable] AND $settings[category_user_editable]) {
		$user_editable = 1;
	}

	if (!$settings[priority_disable] AND $settings[priority_user_viewable] AND $settings[priority_user_editable]) {
		$user_editable = 1;
	}

############################### GET ATTACHMENTS ###############################

	// get the attachments
	$db->query("SELECT filesize, ticket_attachments.id, filename, tech.username as tech, user.email as usermail
				FROM ticket_attachments
				LEFT JOIN tech ON ticket_attachments.techid = tech.id
				LEFT JOIN user ON ticket_attachments.userid = user.id
				WHERE ticketid = '$ticket[id]'
	");

	while ($result = $db->row_array()) {
		if ($result['tech']) {
			$who = $result['tech'];
		} elseif ($result['usermail']) {
			$who = $result['usermail'];
		} else { 
			// This shouldn't happen, but is a good safeguard.
			$who = "<I>Unknown</I>";
		}

		$attachment[] = array(
			'filesize' => number_format($result['filesize'] / 1024, 2),
			'id' => $result['id'],
			'filename' => $result['filename'],
			'who' => $who
		);
	}

############################### GET TICKET MESSAGES ###############################

	$db->query("
		SELECT ticket_message.*, tech.username AS techusername, tech.signature
		FROM ticket_message
		LEFT JOIN tech ON (ticket_message.techid = tech.id)
		WHERE ticket_message.ticketid = '$ticket[id]' AND
			(ticket_message.techid OR ticket_message.userid)
		ORDER BY id
	");

	$i = 0;
	while ($result = $db->row_array()) {
		$i++;
		
		$result[message] = trim($result[message]);
		$reply[] = array(
			'id' => $result[id],
			'number' => $i,
			'signature' => dp_code($result[signature]),
			'message' => iff($_REQUEST['print'] == 1, wordwrap($result[message]), dp_code($result[message])),
			'userid' => $result[userid],
			'date' => our_date($result[date], 'full'),
			'techid' => $result[techid],
			'techusername' => $result[techusername]
		);
	}

############################### DISPLAY PAGE ###############################

	// printable version
	if ($_REQUEST['print'] == 1) {
		eval(makeeval('echo', 'VIEW_print'));
	} else {
		eval(makeeval('header', 'HF_header'));
		eval(makeeval('footer', 'HF_footer'));
		eval(makeeval('echo', 'VIEW_main'));
	}
}

?>