📄 newticket.php

📁 本代码是为客户联系管理而做的系统
💻 PHP
📖 第 1 页 / 共 2 页
字号:
12 下一页
<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: newticket.php,v $
// | $Date: 2004/02/11 01:28:16 $
// | $Revision: 1.86 $
// +-------------------------------------------------------------+
// | File Details:
// | - New ticket creation page.
// +-------------------------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);

include "./../global.php";

tech_nav('tickets');

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "start";
}

max_limits('tickets');

############################### PROCESS NEW TICKET ###############################

/********************** NEW USER ************************/

if ($_REQUEST['do'] == "new") {
	if ($_REQUEST['new_user'] == 'new') {
		
		if (!$user['p_create_users']) {
			mistake("You don't have permission to create new users.", 1);
		}
		
		$_REQUEST['username'] = trim($_REQUEST['username']);
		$_REQUEST['email'] = trim($_REQUEST['email']);

		// password
		if (!$_REQUEST['password']) { 
			$_REQUEST['password'] = make_pass(8);
			$_REQUEST['password1'] = $_REQUEST['password'];
		} elseif ($_REQUEST['password'] != $_REQUEST['password1']) {
			unset($_REQUEST['password'], $_REQUEST['password1']);
			$error .= "The passwords you have entered do not match.\n";
		}

		// empty email
		if (!validate_email($_REQUEST['email'])) { 
			$error .= "You have not entered a valid email address.\n";
		}

		// empty username
		if (!$_REQUEST['username']) { 
			$newusername = 1;
			$_REQUEST['username'] = make_username($_REQUEST['email']);
		
		// username in use
		} else { 
			$db->query("
				SELECT id 
				FROM user 
				WHERE username = '" . mysql_escape_string($_REQUEST[username]) . "'
			");

			if ($db->num_rows() > 0) {
				$message .= "The username you entered is already in use. Please enter another one.\n";
			}
		}

		// email in use
		$db->query("
			SELECT username, id 
			FROM user 
			WHERE email = '" . mysql_escape_string($_REQUEST[email]) . "'
		");

		if ($db->num_rows() > 0) { 
			$result = $db->row_array();
			$error .= "The email address you entered is already in use by $result[username] (userid $result[id]).\n";
		}

		$db->query("
			SELECT userid 
			FROM user_email 
			WHERE email = '" . mysql_escape_string($_REQUEST['email']) . "'
		");

		if ($db->num_rows() > 0) {
			$error .= "There is already a user with the email address $_REQUEST[user].\n";
		}

		$password_cookie = md5($_REQUEST[password] . uniqid(rand(),1));
		$password_cookie = substr($password_cookie, 0, 8);
		$password_url = md5($password . uniqid(rand(),1) . $session[sessionid]);
		$password_url = substr($password_url, 0, 8);

		$query = "INSERT INTO user SET 
			email = '$_REQUEST[email]',
			password = '$_REQUEST[password]',
			password_cookie = '" . mysql_escape_string($password_cookie) . "',
			password_url = '" . mysql_escape_string($password_url) . "',
			username = '$_REQUEST[username]',
			date_registered = '" . mktime() . "'";

		// get the fields that we are expecting to be created
		$db->query("SELECT * FROM user_def WHERE tech_editable");

		while ($user_fields = $db->row_array()) {
			$data = field_def_val($user_fields, $_REQUEST[userfields][$user_fields[name]], $_REQUEST[userfields]["extra" . $user_fields[name]]);
			$query .= ", $user_fields[name] = '" . mysql_escape_string($_REQUEST["userfields[$user_fields[name]"]) . "'";
		}

		// run the query
		if (!$error) { 
			$db->query($query);
			$userid = $db->last_id();
			$user_details = $db->query_return("SELECT * FROM user WHERE id = '$userid'");
			$user_created = 1;
		}

	/********************** CURRENT USER ************************/
	
	} else {
		
		// from select menu
		if ($_REQUEST['userchoice'] > 0) {
			$user_details = $db->query_return("
				SELECT *
				FROM user
				WHERE id = '$_REQUEST[userchoice]'  
				AND !disabled
			");
		
			if ($db->num_rows() < 1) {
				$error .= "The user you selected was not found or has been disabled.\n";
			}

		// entered username / email address
		} elseif ($_REQUEST['oldusername']) { 
			$user_details = $db->query_return("
				SELECT *
				FROM user 
				WHERE username = '" . mysql_escape_string($_REQUEST['oldusername']) . "' 
					OR email = '" . mysql_escape_string($_REQUEST['oldusername'])  . "' 
				AND !disabled 
				AND email != '' 
				AND username != ''
			");

			if (!$db->num_rows()) {
				$error .= "There was no user found with a username or email address of $_REQUEST[oldusername].\n";
			}
		}
	}

	/******************** TICKET CHECKS ******************/
	
	if (!$error) {	// errors from user checks
		
		if (!$_REQUEST['usermessage'] AND !$_REQUEST['reply']) { // check message
			$error .= "You have not entered either a user message or a tech message for this ticket.\n";
		}
		if (!$_REQUEST['subject']) { // check subject
			$error .= "You have not entered a subject for this ticket.\n";
		}
		if (!$_REQUEST['ticket_category']) { // check category
			$error .= "You have not entered a category for this ticket.\n";
		}
	}
	
	/******************** CREATE TICKET ******************/
	// errors from user / ticket checks
	if (!$error) { 

		if ($_REQUEST['set_awaiting_user']) {
			$await = 0;
		} else {
			$await = 1;
		}

		$authcode = substr(md5(rand(0,100000) . mktime()), 0, 8);

		$subject = xss_check($_REQUEST['subject'], 'user');

		if (!$_REQUEST['close_ticket']) {
			$open = 1;
		}

		$query = "INSERT INTO ticket SET 
			category = '" . mysql_escape_string($_REQUEST[ticket_category]) . "',
			priority = '" . mysql_escape_string($_REQUEST[priority]) . "',
			subject = '" . mysql_escape_string($subject) . "',
			userid = '$user_details[id]',
			is_open = '$open',
			awaiting_tech = '$await',
			date_awaiting_toggled = '" . mktime() . "',
			date_opened = '" . mktime() . "',
			date_lastreply_tech = '" . mktime() . "',
			date_lastreply = '" . mktime() . "',
			ref = '" . make_ticket_ref() . "', 
			authcode = '$authcode', ";

		if(!$open) {
			$query .= "date_closed = unix_timestamp(), ";
		}

		if ($_REQUEST['tech']) {
			$query .= "tech = '$_REQUEST[tech]' ";
		} elseif ($cat_data['auto_assign_tech']) {
			$query .= "tech = '$cat_data[auto_assign_tech]' ";
		} else {
			$query .= "tech = 0 ";
		}

		$db->query("select * from ticket_def");
		while ($ticket_fields = $db->row_array()) {
			$data = field_def_val($ticket_fields, $_REQUEST[ticket_fields][$ticket_fields[name]], $_REQUEST[ticket_fields]["extra" . $ticket_fields[name]]);
			$query .= ", $ticket_fields[name] = '" . mysql_escape_string($data) . "' ";
		}

		// add new thread to database and get back id
		$db->query($query);
		$id = $db->last_id();

		// Add an entry to the ticket log
		ticketlog($id, 'created');
		if (!$open) {
			ticketlog($id, 'close');
		}

		/////////////////////// ADD MESSAGES TO DATABASE ///////////////////////
		
		if ($_REQUEST['usermessage']) {
		
			$usermessage = xss_check($_REQUEST['usermessage'], 'user');

			$db->query("INSERT INTO ticket_message SET
				message = '" . mysql_escape_string($usermessage) . "',
				ticketid = '$id',
				userid = '$user_details[id]',
				date = '" . mktime() . "'
			");
		}

		if ($_REQUEST['reply']) {

			$reply = xss_check($_REQUEST['reply'], 'user');

			$db->query("INSERT INTO ticket_message SET
				message = '" . mysql_escape_string($reply) . "',
				ticketid = '$id',
				techid = '$user[id]',
				date = '" . mktime() . "'
			");
		}

		$ticket = $db->query_return("SELECT * FROM ticket WHERE id = '$id'");
	
		$added = array();
		if (is_array($_FILES)) {
			foreach ($_FILES AS $key => $var) {
				
				// if email later
				if ($_FILES[$key][name] != '') { 

					// if email later
					 if (validate_attachment($error, $key)) { // add attachment
						$attach = add_attachment($key);

						$db->query("INSERT INTO ticket_attachments SET
							blobid = '$attach[blobid]',
							filename = '" . mysql_escape_string($attach[name]) . "',
							filesize = '" . mysql_escape_string($attach[size]) . "',
							extension = '" . mysql_escape_string($attach[extension]) . "',
							timestamp = '" . mktime() . "',
							toemail = '" . iff($_REQUEST['email'], 1, 0) . "',
							techid = '$user[id]',
							ticketid = '$id'
						");

						$newid = $db->last_id();
						$attach['id'] = $newid;
						$i++;
						$added[] = $attach;
						ticketlog($id, 'add_attach', $newid, $newid, $attach[name]);
					
					 } else {
						 $errors .= $error;
					}
				}
			}
		}

		$ticket['usermessage'] = $_REQUEST['usermessage'];
		$ticket['techmessage'] = $_REQUEST['reply'];
		$ticket['message'] = "User's Message:\n$_REQUEST[usermessage]\n\nTech Response:\n$_REQUEST[reply]\n";

		$db->query("
			REPLACE INTO tech_start_tickets 
			SET techid = '$user[id]', 
			userid = '$user_details[id]'
		");

		if ($_REQUEST['email_user'] AND !$await) {
			notify_user('new_tech', $ticket, $user_details, array($_REQUEST[usermessage], $_REQUEST[reply]), $added);
12 下一页
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -