user.php

jsp程序开发系统

				This protection: 

				a)	another check on autoresponding users. This is useful when the autoresponder 
					changes the email to remove the subject and body but makes the message unique (e.g. with a timestamp on outgoing). This is increasingly common with lines such as Thank you for your email received xxxx.
				b)	Tolerances should be set relativly low to ensure that a user who just sends 5 
					new tickets very rapidly is not penialised.
				c)	The setting of the autoresponder status stops an autoresponder causing the problem.
					The only reason that we should get more emails after that is if someone is on purpose trying to send a lot of emails from one email account. This emails would not be valid (as the user is warned)
			*/

			// 1 hour window
			$time_expire = mktime() - (3600 * 1);

			$result = $db->query_return("
				SELECT COUNT(*) AS total
				FROM ticket
				WHERE userid = '$user[id]'
					AND date_opened > '$time_expire'
			");

			// we have reached the max new tickets, generate error and stop processing
			if ($settings['max_new']) {
				if ($result[total] > $settings['max_new']) {
					log_error('new_user_limit', $message);
					return true;
				}
			}

			// if we have reached warning amount of new tickets, mark as autoresponder and send warning email
			if ($settings['max_new_warning']) {
				if ($result[total] > $settings['max_new_warning']) {
					$db->query("
						UPDATE user SET autoresponds = 1 
						WHERE id = '$user[id]'
					");

					extra_email('too_many_new_tickets', $user);		
				}
			}
		}

		//////////////////////////////////////////////////////////////
		/* 5. CREATE TICKET											*/
		//////////////////////////////////////////////////////////////

		$exp = user_expired($user['id']);
		if (is_array($exp)) {
			log_error('user_expired', $message);
			return true;
		}

		$ref = make_ticket_ref();

		// set a nodisplay if spam or user requires validation
		if (!$nodisplay) {
			if ($is_spam) {
				$nodisplay = 1;
			}
		}

		$authcode = substr(md5(rand(0,100000) . mktime()), 0, 8);

		// ticket query
		$db->query("
			INSERT INTO ticket SET
			subject = '" . mysql_escape_string($subject) . "',
			date_opened = '" . mktime() . "',
			is_open = '1',
			awaiting_tech = '1',
			date_awaiting_toggled = '" . mktime() . "',
			userid = '$user[id]',
			category = '$gateway[category_id]',
			priority = '$gateway[priority_id]',
			tech = '$gateway[tech]',
			gatewayid = '$gateway[id]',
			ref = '$ref',
			authcode = '$authcode',
			nodisplay = '$nodisplay'
		");
		
		$id = $db->last_id();
		ticketlog($id, 'created');

		$ticket = $db->query_return("
			SELECT ticket.*
			FROM ticket 
			WHERE ticket.id = '$id'
		");

		// add the processed message
		$db->query("
			INSERT into ticket_message SET
			message = '" . mysql_escape_string($body) . "',
			ticketid = '$id',
			sourceid = '$sourceid',
			date = '" . mktime() . "',
			striptags = '$striptags',
			userid = '$user[id]'
		");

		$ticket['body'] = $body;
		if ($new_user) {
			$ticket['newuser'] = 1;
			$ticket['username'] = $user['username'];
			$ticket['password'] = $user['password'];
		}

		//////////////////////////////////////////////////////////////
		/* 6. PROCESS ATTACHMENTS									*/
		//////////////////////////////////////////////////////////////

		$email_attachments = process_attachments($message->attachments, $message->embedded, $ticket[id], $user[id]);

		//////////////////////////////////////////////////////////////
		/* 7. SEND EMAIL TO USERS									*/
		//////////////////////////////////////////////////////////////

		// Trim message to be quoted in response e-mail to 16k at most
		$message = substr($body, NULL, 16384);

		/* send email if:
			i) set up for this gateway account
			ii) the user does not autorespond
			iii) there is not something about the specific email that makes us want to not autorespond
		*/
		if ($gateway['auto_new'] AND !$user['autoresponds'] AND !$no_autoresponse) {
			notify_user('new_user', $ticket, $user, $message, $email_attachments, $gateway[id], $extra_mail_info);
		}

		//////////////////////////////////////////////////////////////
		/* 8. SEND EMAL TO TECHS									*/
		//////////////////////////////////////////////////////////////

		notify_technicians('new', $ticket, $user, $message, $email_attachments, $gateway[id], $extra_mail_info);
		
		return true;
		
	} 

#############################################################################################
							  // TICKET REPLY //

	if ($do == 'reply') {

		//////////////////////////////////////////////////////////////
		/* 3. PROCESS / ERROR CHECKING								*/
		//////////////////////////////////////////////////////////////

		// check ticket auth is correct
		if ($ticket['authcode'] != $ticketauth) {
			log_error('bad_auth', $message);
			return true;
		}

		// check ticket is open
		if ($ticket[is_open] == "0" AND !$settings['gateway_ticket_reopen']) {
			log_error('ticket_closed', $message);
			return true;
		}

		//////////////////////////////////////////////////////////////
		/* 4. GET USER DATA											*/
		//////////////////////////////////////////////////////////////

		// check the user hastn't been deleted
		$user = $db->query_return("
			SELECT * FROM user 
			WHERE id = '$ticket[userid]'
		");

		if (!$db->num_rows()) {
			log_error('no_user', $message);
			return true;
		}
		$user['email'] = $email['from'];

		//////////////////////////////////////////////////////////////
		/* 5. AUTORESPONSE PROTECTION */
		//////////////////////////////////////////////////////////////

		/* 
			-	check for too many replies to the ticket in unit time.
					i) firstly we email the user and stop autoresponding
					ii) we stop processing the emails at all

			This protection:

			a)	An autoresponder that changes the message will be stopped once the limits are reached. Note 	that the limit is reset if a tech replies so that a quick conversation is possible
		*/

		// 1 hour
		$auto_time = mktime() - (3600 * 1);
	
		$result = $db->query_return(
			"SELECT COUNT(*) AS total FROM ticket_message
			WHERE ticketid = '$ticket[id]'
			AND date > $auto_time
			AND date > $ticket[date_lastreply_tech]
		");

		// we have reached the max new replies to tickets, generate error and stop processing
		if ($settings['max_reply']) {
			if ($result[total] > $settings['max_reply']) {
				log_error('autoresponder_reply', $message);
				return true;
			}
		}

		// if we have reached warning amount number of ticket replies, mark as autoresponder and send warning email
		if ($settings['max_reply_warning']) {
			if ($result[total] > $settings['max_reply_warning']) {

				$db->query("
					UPDATE user SET autoresponds = 1 
					WHERE id = '$user[id]'
				");

				extra_email('too_many_replies', $user);
			}
		}

		//////////////////////////////////////////////////////////////
		/* 6. IF SET BY ADMIN, ATTEMPT TO IGNORE PREVIOUS QUOTED REPLIES */
		//////////////////////////////////////////////////////////////

		if ($settings['gateway_reply_cut']) {

			$gateway_cut = $db->query_return_array("SELECT text FROM template_words WHERE wordref = 'gateway_reply_cut'");
		
			if (!is_array($gateway_cut)) {
				$gateway_cut = array();
			}

			foreach ($gateway_cut AS $var) {

				if (trim($var) != '') {

					// position of the start of the quote
					$end = strpos($body, $var['text']);

					if ($end) {
						// We do $end - 3 here because "usually" mail clients do quotes like this:
						// > original message
						// That's a quote marker, a space, then the text. We want to kill those two
						// characters, plus the newline preceeding them. This has a slight chance of
						// deleting the last character in the reply if the quote isn't shown by two
						// characters, or if it's otherwise malformed.

						$body = substr($body, 0, ($end - 3));

						if (trim($body == '')) {
							log_error('no_message', $message);
							return true;
						}
					}
				}
			}
		}

		//////////////////////////////////////////////////////////////
		/* 5. AUTORESPONSE PROTECTION */
		//////////////////////////////////////////////////////////////

		/* 
			-	check for identical message to the ticket in the last hour (with the identical message being 	the last one in the ticket, so we can allow for two "Yes" replies for example. This has to be 	done after "cutting" of any extra quoted content
					i) the email is error logged

			These protections:

			a)	catch autoresponders that send identical emails, once one autoresponse has been added, the 2nd 	one would be ignored if it was identical
		*/

		// 1 hour
		$auto_time = mktime() - (3600 * 1);

		// duplication check
		$db->query("SELECT ticket_message.id
				FROM ticket_message
				WHERE ticket_message.userid = $user[id]
				AND ticket_message.date > '$time_expire'
				AND date > '$ticket[date_lastreply_tech]'
		");

		while ($result = $db->row_array()) {
			if ($result[message] == $body) {
				log_error('duplicate_message', $message);
				return true;
			}
		}

		//////////////////////////////////////////////////////////////
		/* 7. ADD REPLY TO TICKET								*/
		//////////////////////////////////////////////////////////////

		// add the new post to database
		$db->query("INSERT into ticket_message SET
			message = '" . mysql_escape_string($body) . "',
			ticketid = '$ticket[id]',
			striptags = '$striptags',
			sourceid = '$sourceid',
			date = '" . mktime() . "',
			userid = '$ticket[userid]'
		");

		$ticket['body'] = $body;

		ticketlog($ticket['id'], 'user_replied'); 

		//////////////////////////////////////////////////////////////
		/* 8. UPDATE TICKET											*/
		//////////////////////////////////////////////////////////////

		$db->query("
			UPDATE ticket SET
			awaiting_tech = '1',
			date_awaiting_toggled = '" . mktime() . "',
			is_open = '1',
			date_lastreply = '" . mktime() . "'
			WHERE id = $ticket[id]
		");

		//////////////////////////////////////////////////////////////
		/* 9. PROCESS ATTACHMENTS									*/
		//////////////////////////////////////////////////////////////

		$email_attachments = process_attachments($message->attachments, $message->embedded, $ticket[id], $user[id]);
		// Trim message to be quoted in return e-mail to 16k at most
		$message = substr($body, NULL, 16384);

		//////////////////////////////////////////////////////////////
		/* 10. SEND EMAIL TO USERS									*/
		//////////////////////////////////////////////////////////////

		if ($gateway[auto_reply] AND !$user[autoresponds] AND !$no_autoresponse) {
			notify_user('reply_user', $ticket, $user, $message, '', $gateway[id], $extra_mail_info);
		}
		//////////////////////////////////////////////////////////////
		/* 11. SEND EMAIL TO TECHS									*/
		//////////////////////////////////////////////////////////////
		notify_technicians('reply', $ticket, $user, $message, $email_attachments, $gateway[id], $extra_mail_info);
		
	} 

	return true;
}

/*
	Function specific to user.php that gets ticket details from a 
	ticket ref
*/

function get_ticket_from_ref($ref) {

	global $db;
	if (is_int($ref)) {
		$field = 'ticket.id';
	} else {
		$field = 'ticket.ref';
	}

	$ticket = $db->query_return("
		SELECT 
			ticket.*, ticket_pri.id AS priority_id, ticket_pri.name AS priority_name, 
			ticket_cat.id AS category_id, ticket_cat.name AS category_name, 
			tech.id AS tech_id, tech.email AS tech_email
		FROM ticket
		LEFT JOIN ticket_pri ON (ticket.priority = ticket_pri.id)
		LEFT JOIN ticket_cat ON (ticket.category = ticket_cat.id)
		LEFT JOIN tech ON (ticket.tech = tech.id)
		WHERE $field = '" . addslashes($ref) . "'
	");

	if ($db->num_rows()) {
		return $ticket;
	} else {
		return null;
	}
}
?>