2014-03-23 16:03:30 -04:00
< ? php
2016-11-16 21:16:25 -05:00
/**
*
* This file is part of HESK - PHP Help Desk Software .
*
* ( c ) Copyright Klemen Stirn . All rights reserved .
2016-11-18 12:57:17 -05:00
* https :// www . hesk . com
2016-11-16 21:16:25 -05:00
*
* For the full copyright and license agreement information visit
2016-11-18 12:57:17 -05:00
* https :// www . hesk . com / eula . php
2016-11-16 21:16:25 -05:00
*
*/
2015-09-12 00:46:46 -04:00
define ( 'IN_SCRIPT' , 1 );
define ( 'HESK_PATH' , '../' );
2014-03-23 16:03:30 -04:00
// Get all the required files and functions
require ( HESK_PATH . 'hesk_settings.inc.php' );
require ( HESK_PATH . 'inc/common.inc.php' );
require ( HESK_PATH . 'inc/admin_functions.inc.php' );
hesk_load_database_functions ();
require ( HESK_PATH . 'inc/email_functions.inc.php' );
2015-08-02 16:51:24 -04:00
require ( HESK_PATH . 'inc/htmLawed.php' );
2014-03-23 16:03:30 -04:00
require ( HESK_PATH . 'inc/posting_functions.inc.php' );
hesk_session_start ();
hesk_dbConnect ();
hesk_isLoggedIn ();
2015-09-01 12:22:03 -04:00
$modsForHesk_settings = mfh_getSettings ();
2014-03-23 16:03:30 -04:00
// We only allow POST requests from the HESK form to this file
2015-09-12 00:46:46 -04:00
if ( $_SERVER [ 'REQUEST_METHOD' ] != 'POST' ) {
header ( 'Location: admin_main.php' );
exit ();
2014-03-23 16:03:30 -04:00
}
// Check for POST requests larger than what the server can handle
2015-09-12 00:46:46 -04:00
if ( empty ( $_POST ) && ! empty ( $_SERVER [ 'CONTENT_LENGTH' ])) {
hesk_error ( $hesklang [ 'maxpost' ]);
2014-03-23 16:03:30 -04:00
}
$hesk_error_buffer = array ();
2015-01-23 00:14:23 -05:00
if ( $hesk_settings [ 'can_sel_lang' ]) {
$tmpvar [ 'language' ] = hesk_POST ( 'customerLanguage' );
}
2015-09-12 00:46:46 -04:00
$tmpvar [ 'name' ] = hesk_input ( hesk_POST ( 'name' )) or $hesk_error_buffer [ 'name' ] = $hesklang [ 'enter_your_name' ];
2016-10-05 13:29:06 -04:00
$email_available = true ;
if ( $hesk_settings [ 'require_email' ]) {
$tmpvar [ 'email' ] = hesk_validateEmail ( hesk_POST ( 'email' ), 'ERR' , 0 ) or $hesk_error_buffer [ 'email' ] = $hesklang [ 'enter_valid_email' ];
} else {
$tmpvar [ 'email' ] = hesk_validateEmail ( hesk_POST ( 'email' ), 'ERR' , 0 );
// Not required, but must be valid if it is entered
if ( $tmpvar [ 'email' ] == '' ) {
$email_available = false ;
if ( strlen ( hesk_POST ( 'email' ))) {
$hesk_error_buffer [ 'email' ] = $hesklang [ 'not_valid_email' ];
}
}
}
2016-04-30 00:42:56 -04:00
if ( $hesk_settings [ 'multi_eml' ]) {
$tmpvar [ 'email' ] = str_replace ( ';' , ',' , $tmpvar [ 'email' ]);
}
2015-09-12 00:46:46 -04:00
$tmpvar [ 'category' ] = intval ( hesk_POST ( 'category' )) or $hesk_error_buffer [ 'category' ] = $hesklang [ 'sel_app_cat' ];
2015-01-10 23:58:31 -05:00
$tmpvar [ 'priority' ] = hesk_POST ( 'priority' );
$tmpvar [ 'priority' ] = strlen ( $tmpvar [ 'priority' ]) ? intval ( $tmpvar [ 'priority' ]) : - 1 ;
2014-03-23 16:03:30 -04:00
2015-09-12 00:46:46 -04:00
if ( $tmpvar [ 'priority' ] < 0 || $tmpvar [ 'priority' ] > 3 ) {
2015-01-10 23:58:31 -05:00
// If we are showing "Click to select" priority needs to be selected
2015-09-12 00:46:46 -04:00
if ( $hesk_settings [ 'select_pri' ]) {
2015-01-10 23:58:31 -05:00
$tmpvar [ 'priority' ] = - 1 ;
$hesk_error_buffer [ 'priority' ] = $hesklang [ 'select_priority' ];
2015-09-12 00:46:46 -04:00
} else {
2015-01-10 23:58:31 -05:00
$tmpvar [ 'priority' ] = 3 ;
}
2014-03-23 16:03:30 -04:00
}
2016-10-05 13:29:06 -04:00
$tmpvar [ 'subject' ] = hesk_input ( hesk_POST ( 'subject' ) );
if ( $hesk_settings [ 'require_subject' ] == 1 && $tmpvar [ 'subject' ] == '' ) {
$hesk_error_buffer [ 'subject' ] = $hesklang [ 'enter_ticket_subject' ];
}
$tmpvar [ 'message' ] = hesk_input ( hesk_POST ( 'message' ) );
if ( $hesk_settings [ 'require_message' ] == 1 && $tmpvar [ 'message' ] == '' ) {
$hesk_error_buffer [ 'message' ] = $hesklang [ 'enter_message' ];
}
2014-03-23 16:03:30 -04:00
// Is category a valid choice?
2015-09-12 00:46:46 -04:00
if ( $tmpvar [ 'category' ]) {
2016-10-05 13:29:06 -04:00
if ( ! hesk_checkPermission ( 'can_submit_any_cat' , 0 ) && ! hesk_okCategory ( $tmpvar [ 'category' ], 0 ) ) {
hesk_process_messages ( $hesklang [ 'noauth_submit' ], 'new_ticket.php' );
}
2015-09-12 00:46:46 -04:00
hesk_verifyCategory ( 1 );
// Is auto-assign of tickets disabled in this category?
if ( empty ( $hesk_settings [ 'category_data' ][ $tmpvar [ 'category' ]][ 'autoassign' ])) {
$hesk_settings [ 'autoassign' ] = false ;
}
2014-03-23 16:03:30 -04:00
}
// Custom fields
2016-10-05 13:29:06 -04:00
foreach ( $hesk_settings [ 'custom_fields' ] as $k => $v ) {
if ( $v [ 'use' ] && hesk_is_custom_field_in_category ( $k , $tmpvar [ 'category' ])) {
if ( $v [ 'type' ] == 'checkbox' ) {
$tmpvar [ $k ] = '' ;
if ( isset ( $_POST [ $k ]) && is_array ( $_POST [ $k ])) {
foreach ( $_POST [ $k ] as $myCB ) {
$tmpvar [ $k ] .= ( is_array ( $myCB ) ? '' : hesk_input ( $myCB ) ) . '<br />' ;;
}
$tmpvar [ $k ] = substr ( $tmpvar [ $k ], 0 , - 6 );
} else {
if ( $v [ 'req' ] == 2 ) {
$hesk_error_buffer [ $k ] = $hesklang [ 'fill_all' ] . ': ' . $v [ 'name' ];
}
$_POST [ $k ] = '' ;
}
} elseif ( $v [ 'type' ] == 'date' ) {
$tmpvar [ $k ] = hesk_POST ( $k );
$_SESSION [ " as_ $k " ] = '' ;
2016-11-07 17:41:35 -05:00
if ( preg_match ( " /^[0-9] { 4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1]) $ / " , $tmpvar [ $k ])) {
2017-04-10 13:04:11 -04:00
$date = strtotime ( $tmpvar [ $k ] . ' t00:00:00 UTC' );
$dmin = strlen ( $v [ 'value' ][ 'dmin' ]) ? strtotime ( $v [ 'value' ][ 'dmin' ] . ' t00:00:00 UTC' ) : false ;
$dmax = strlen ( $v [ 'value' ][ 'dmax' ]) ? strtotime ( $v [ 'value' ][ 'dmax' ] . ' t00:00:00 UTC' ) : false ;
2016-10-05 13:29:06 -04:00
$_SESSION [ " as_ $k " ] = $tmpvar [ $k ];
if ( $dmin && $dmin > $date ) {
$hesk_error_buffer [ $k ] = sprintf ( $hesklang [ 'd_emin' ], $v [ 'name' ], hesk_custom_date_display_format ( $dmin , $v [ 'value' ][ 'date_format' ]));
} elseif ( $dmax && $dmax < $date ) {
$hesk_error_buffer [ $k ] = sprintf ( $hesklang [ 'd_emax' ], $v [ 'name' ], hesk_custom_date_display_format ( $dmax , $v [ 'value' ][ 'date_format' ]));
} else {
$tmpvar [ $k ] = $date ;
}
} else {
$tmpvar [ $k ] = '' ;
if ( $v [ 'req' ] == 2 ) {
$hesk_error_buffer [ $k ] = $hesklang [ 'fill_all' ] . ': ' . $v [ 'name' ];
}
}
} elseif ( $v [ 'type' ] == 'email' )
{
$tmp = $hesk_settings [ 'multi_eml' ];
$hesk_settings [ 'multi_eml' ] = $v [ 'value' ][ 'multiple' ];
$tmpvar [ $k ] = hesk_validateEmail ( hesk_POST ( $k ), 'ERR' , 0 );
$hesk_settings [ 'multi_eml' ] = $tmp ;
if ( $tmpvar [ $k ] != '' ) {
$_SESSION [ " as_ $k " ] = hesk_input ( $tmpvar [ $k ]);
} else {
$_SESSION [ " as_ $k " ] = '' ;
if ( $v [ 'req' ] == 2 ) {
$hesk_error_buffer [ $k ] = $v [ 'value' ][ 'multiple' ] ? sprintf ( $hesklang [ 'cf_noem' ], $v [ 'name' ]) : sprintf ( $hesklang [ 'cf_noe' ], $v [ 'name' ]);
}
}
} elseif ( $v [ 'req' ] == 2 ) {
$tmpvar [ $k ] = hesk_makeURL ( nl2br ( hesk_input ( hesk_POST ( $k ) )));
if ( $tmpvar [ $k ] == '' ) {
$hesk_error_buffer [ $k ] = $hesklang [ 'fill_all' ] . ': ' . $v [ 'name' ];
2015-09-12 00:46:46 -04:00
}
} else {
2016-10-05 13:29:06 -04:00
$tmpvar [ $k ] = hesk_makeURL ( nl2br ( hesk_input ( hesk_POST ( $k ))));
2014-03-23 16:03:30 -04:00
}
2015-09-12 00:46:46 -04:00
} else {
$tmpvar [ $k ] = '' ;
2014-03-23 16:03:30 -04:00
}
}
// Generate tracking ID
$tmpvar [ 'trackid' ] = hesk_createID ();
// Log who submitted ticket
2015-09-12 00:46:46 -04:00
$tmpvar [ 'history' ] = sprintf ( $hesklang [ 'thist7' ], hesk_date (), $_SESSION [ 'name' ] . ' (' . $_SESSION [ 'user' ] . ')' );
2015-01-10 23:58:31 -05:00
$tmpvar [ 'openedby' ] = $_SESSION [ 'id' ];
2014-03-23 16:03:30 -04:00
// Owner
$tmpvar [ 'owner' ] = 0 ;
2015-09-12 00:46:46 -04:00
if ( hesk_checkPermission ( 'can_assign_others' , 0 )) {
$tmpvar [ 'owner' ] = intval ( hesk_POST ( 'owner' ));
// If ID is -1 the ticket will be unassigned
if ( $tmpvar [ 'owner' ] == - 1 ) {
$tmpvar [ 'owner' ] = 0 ;
} // Automatically assign owner?
elseif ( $tmpvar [ 'owner' ] == - 2 && $hesk_settings [ 'autoassign' ] == 1 ) {
$autoassign_owner = hesk_autoAssignTicket ( $tmpvar [ 'category' ]);
if ( $autoassign_owner ) {
$tmpvar [ 'owner' ] = intval ( $autoassign_owner [ 'id' ]);
$tmpvar [ 'history' ] .= sprintf ( $hesklang [ 'thist10' ], hesk_date (), $autoassign_owner [ 'name' ] . ' (' . $autoassign_owner [ 'user' ] . ')' );
} else {
$tmpvar [ 'owner' ] = 0 ;
}
} // Check for invalid owner values
elseif ( $tmpvar [ 'owner' ] < 1 ) {
$tmpvar [ 'owner' ] = 0 ;
} else {
// Has the new owner access to the selected category?
$res = hesk_dbQuery ( " SELECT `name`,`isadmin`,`categories` FROM ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " users` WHERE `id`=' { $tmpvar [ 'owner' ] } ' LIMIT 1 " );
if ( hesk_dbNumRows ( $res ) == 1 ) {
$row = hesk_dbFetchAssoc ( $res );
if ( ! $row [ 'isadmin' ]) {
$row [ 'categories' ] = explode ( ',' , $row [ 'categories' ]);
if ( ! in_array ( $tmpvar [ 'category' ], $row [ 'categories' ])) {
$_SESSION [ 'isnotice' ][] = 'category' ;
$hesk_error_buffer [ 'owner' ] = $hesklang [ 'onasc' ];
}
}
} else {
$_SESSION [ 'isnotice' ][] = 'category' ;
$hesk_error_buffer [ 'owner' ] = $hesklang [ 'onasc' ];
2014-03-23 16:03:30 -04:00
}
}
2015-09-12 00:46:46 -04:00
} elseif ( hesk_checkPermission ( 'can_assign_self' , 0 ) && hesk_okCategory ( $tmpvar [ 'category' ], 0 ) && ! empty ( $_POST [ 'assing_to_self' ])) {
$tmpvar [ 'owner' ] = intval ( $_SESSION [ 'id' ]);
2014-03-23 16:03:30 -04:00
}
// Notify customer of the ticket?
2015-09-12 00:46:46 -04:00
$notify = ( ! empty ( $_POST [ 'notify' ]) && ! empty ( $tmpvar [ 'email' ])) ? 1 : 0 ;
2014-03-23 16:03:30 -04:00
// Show ticket after submission?
2015-09-12 00:46:46 -04:00
$show = ! empty ( $_POST [ 'show' ]) ? 1 : 0 ;
2014-03-23 16:03:30 -04:00
// Attachments
2015-09-12 00:46:46 -04:00
if ( $hesk_settings [ 'attachments' ][ 'use' ]) {
2014-03-23 16:03:30 -04:00
require_once ( HESK_PATH . 'inc/attachments.inc.php' );
$attachments = array ();
2015-09-12 00:46:46 -04:00
$trackingID = $tmpvar [ 'trackid' ];
2015-12-27 22:20:25 -05:00
$use_legacy_attachments = hesk_POST ( 'use-legacy-attachments' , 0 );
if ( $use_legacy_attachments ) {
for ( $i = 1 ; $i <= $hesk_settings [ 'attachments' ][ 'max_number' ]; $i ++ ) {
$att = hesk_uploadFile ( $i );
if ( $att !== false && ! empty ( $att )) {
$attachments [ $i ] = $att ;
}
}
} else {
// The user used the new drag-and-drop system.
$temp_attachment_ids = hesk_POST_array ( 'attachment-ids' );
foreach ( $temp_attachment_ids as $temp_attachment_id ) {
// Simply get the temp info and move it to the attachments table
$temp_attachment = mfh_getTemporaryAttachment ( $temp_attachment_id );
$attachments [] = $temp_attachment ;
mfh_deleteTemporaryAttachment ( $temp_attachment_id );
2014-03-23 16:03:30 -04:00
}
}
}
$tmpvar [ 'attachments' ] = '' ;
// If we have any errors lets store info in session to avoid re-typing everything
2015-09-12 00:46:46 -04:00
if ( count ( $hesk_error_buffer ) != 0 ) {
$_SESSION [ 'iserror' ] = array_keys ( $hesk_error_buffer );
2014-03-23 16:03:30 -04:00
2015-09-12 00:46:46 -04:00
$_SESSION [ 'as_name' ] = hesk_POST ( 'name' );
$_SESSION [ 'as_email' ] = hesk_POST ( 'email' );
2015-01-10 23:58:31 -05:00
$_SESSION [ 'as_priority' ] = $tmpvar [ 'priority' ];
2015-09-12 00:46:46 -04:00
$_SESSION [ 'as_subject' ] = hesk_POST ( 'subject' );
$_SESSION [ 'as_message' ] = hesk_POST ( 'message' );
$_SESSION [ 'as_owner' ] = $tmpvar [ 'owner' ];
$_SESSION [ 'as_notify' ] = $notify ;
$_SESSION [ 'as_show' ] = $show ;
foreach ( $hesk_settings [ 'custom_fields' ] as $k => $v ) {
2016-10-05 13:29:06 -04:00
if ( $v [ 'use' ] && ! in_array ( $v [ 'type' ], array ( 'date' , 'email' ))) {
2015-01-10 23:58:31 -05:00
$_SESSION [ " as_ $k " ] = ( $v [ 'type' ] == 'checkbox' ) ? hesk_POST_array ( $k ) : hesk_POST ( $k );
2015-09-12 00:46:46 -04:00
}
}
2014-03-23 16:03:30 -04:00
$tmp = '' ;
2015-09-12 00:46:46 -04:00
foreach ( $hesk_error_buffer as $error ) {
2014-03-23 16:03:30 -04:00
$tmp .= " <li> $error </li> \n " ;
}
$hesk_error_buffer = $tmp ;
2015-09-12 00:46:46 -04:00
// Remove any successfully uploaded attachments
if ( $hesk_settings [ 'attachments' ][ 'use' ]) {
hesk_removeAttachments ( $attachments );
}
2014-03-23 16:03:30 -04:00
2015-09-12 00:46:46 -04:00
$hesk_error_buffer = $hesklang [ 'pcer' ] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>' ;
2016-10-05 13:29:06 -04:00
hesk_process_messages ( $hesk_error_buffer , 'new_ticket.php?category=' . $tmpvar [ 'category' ]);
2014-03-23 16:03:30 -04:00
}
2015-09-12 00:46:46 -04:00
if ( $hesk_settings [ 'attachments' ][ 'use' ] && ! empty ( $attachments )) {
foreach ( $attachments as $myatt ) {
hesk_dbQuery ( " INSERT INTO ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " attachments` (`ticket_id`,`saved_name`,`real_name`,`size`) VALUES (' " . hesk_dbEscape ( $tmpvar [ 'trackid' ]) . " ',' " . hesk_dbEscape ( $myatt [ 'saved_name' ]) . " ',' " . hesk_dbEscape ( $myatt [ 'real_name' ]) . " ',' " . intval ( $myatt [ 'size' ]) . " ') " );
$tmpvar [ 'attachments' ] .= hesk_dbInsertID () . '#' . $myatt [ 'real_name' ] . '#' . $myatt [ 'saved_name' ] . ',' ;
2014-03-23 16:03:30 -04:00
}
}
2015-07-09 22:13:16 -04:00
if ( ! $modsForHesk_settings [ 'rich_text_for_tickets' ]) {
2015-09-12 00:46:46 -04:00
$tmpvar [ 'message' ] = hesk_makeURL ( $tmpvar [ 'message' ]);
$tmpvar [ 'message' ] = nl2br ( $tmpvar [ 'message' ]);
2015-07-09 22:13:16 -04:00
}
2014-03-23 16:03:30 -04:00
2015-05-26 22:04:05 -04:00
$tmpvar [ 'latitude' ] = hesk_POST ( 'latitude' , 'E-4' );
$tmpvar [ 'longitude' ] = hesk_POST ( 'longitude' , 'E-4' );
2015-08-19 07:46:52 -04:00
$tmpvar [ 'html' ] = $modsForHesk_settings [ 'rich_text_for_tickets' ];
2016-04-24 15:26:38 -04:00
$tmpvar [ 'due_date' ] = hesk_POST ( 'due-date' );
2015-08-19 07:46:52 -04:00
2015-09-06 18:34:58 -04:00
// Set user agent and screen res to null
$tmpvar [ 'user_agent' ] = NULL ;
2015-10-22 13:26:36 -04:00
$tmpvar [ 'screen_resolution_height' ] = " NULL " ;
$tmpvar [ 'screen_resolution_width' ] = " NULL " ;
2015-09-06 18:34:58 -04:00
2014-03-23 16:03:30 -04:00
// Insert ticket to database
$ticket = hesk_newTicket ( $tmpvar );
// Notify the customer about the ticket?
2016-10-05 13:29:06 -04:00
if ( $notify && $email_available ) {
2015-09-12 00:46:46 -04:00
hesk_notifyCustomer ( $modsForHesk_settings );
2014-03-23 16:03:30 -04:00
}
// If ticket is assigned to someone notify them?
2015-09-12 00:46:46 -04:00
if ( $ticket [ 'owner' ] && $ticket [ 'owner' ] != intval ( $_SESSION [ 'id' ])) {
// If we don't have info from auto-assign get it from database
if ( ! isset ( $autoassign_owner [ 'email' ])) {
hesk_notifyAssignedStaff ( false , 'ticket_assigned_to_you' , $modsForHesk_settings );
} else {
hesk_notifyAssignedStaff ( $autoassign_owner , 'ticket_assigned_to_you' , $modsForHesk_settings );
2014-03-23 16:03:30 -04:00
}
2015-09-12 00:46:46 -04:00
} // Ticket unassigned, notify everyone that selected to be notified about unassigned tickets
elseif ( ! $ticket [ 'owner' ]) {
hesk_notifyStaff ( 'new_ticket_staff' , " `id` != " . intval ( $_SESSION [ 'id' ]) . " AND `notify_new_unassigned` = '1' " , $modsForHesk_settings );
2014-03-23 16:03:30 -04:00
}
// Unset temporary variables
unset ( $tmpvar );
hesk_cleanSessionVars ( 'tmpvar' );
hesk_cleanSessionVars ( 'as_name' );
hesk_cleanSessionVars ( 'as_email' );
hesk_cleanSessionVars ( 'as_category' );
hesk_cleanSessionVars ( 'as_priority' );
hesk_cleanSessionVars ( 'as_subject' );
hesk_cleanSessionVars ( 'as_message' );
hesk_cleanSessionVars ( 'as_owner' );
hesk_cleanSessionVars ( 'as_notify' );
hesk_cleanSessionVars ( 'as_show' );
2015-09-12 00:46:46 -04:00
foreach ( $hesk_settings [ 'custom_fields' ] as $k => $v ) {
2016-10-26 13:31:21 -04:00
hesk_cleanSessionVars ( " as_ $k " );
2014-03-23 16:03:30 -04:00
}
// If ticket has been assigned to the person submitting it lets show a message saying so
2015-09-12 00:46:46 -04:00
if ( $ticket [ 'owner' ] && $ticket [ 'owner' ] == intval ( $_SESSION [ 'id' ])) {
$hesklang [ 'new_ticket_submitted' ] .= ' < br />& nbsp ; < br />
2014-03-23 16:03:30 -04:00
< span class = " glyphicon glyphicon-comment " ></ span > < b > ' . (isset($autoassign_owner) ? $hesklang[' taasy '] : $hesklang[' tasy ']) . ' </ b > ' ;
}
// Show the ticket or just the success message
2015-09-12 00:46:46 -04:00
if ( $show ) {
hesk_process_messages ( $hesklang [ 'new_ticket_submitted' ], 'admin_ticket.php?track=' . $ticket [ 'trackid' ] . '&Refresh=' . mt_rand ( 10000 , 99999 ), 'SUCCESS' );
} else {
hesk_process_messages ( $hesklang [ 'new_ticket_submitted' ] . '. <a href="admin_ticket.php?track=' . $ticket [ 'trackid' ] . '&Refresh=' . mt_rand ( 10000 , 99999 ) . '">' . $hesklang [ 'view_ticket' ] . '</a>' , 'new_ticket.php' , 'SUCCESS' );
2016-10-05 13:29:06 -04:00
}
