Mods-for-HESK-Netsyms/admin/delete_tickets.php

<?php
/*******************************************************************************
 *  Title: Help Desk Software HESK
 *  Version: 2.6.5 from 28th August 2015
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
 *  COPYRIGHT AND TRADEMARK NOTICE
 *  Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
 *  HESK is a registered trademark of Klemen Stirn.
 *  The HESK may be used and modified free of charge by anyone
 *  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
 *  By using this code you agree to indemnify Klemen Stirn from any
 *  liability that might arise from it's use.
 *  Selling the code for this program, in part or full, without prior
 *  written consent is expressly forbidden.
 *  Using this code, in part or full, to create derivate work,
 *  new scripts or products is expressly forbidden. Obtain permission
 *  before redistributing this software over the Internet or in
 *  any other medium. In all cases copyright and header must remain intact.
 *  This Copyright is in full effect in any country that has International
 *  Trade Agreements with the United States of America or
 *  with the European Union.
 *  Removing any of the copyright notices without purchasing a license
 *  is expressly forbidden. To remove HESK copyright notice you must purchase
 *  a license for this script. For more information on how to obtain
 *  a license please visit the page below:
 *  https://www.hesk.com/buy.php
 *******************************************************************************/

define('IN_SCRIPT', 1);
define('HESK_PATH', '../');

/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_load_database_functions();

hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
$modsForHesk_settings = mfh_getSettings();

/* Set correct return URL */
if (isset($_SERVER['HTTP_REFERER'])) {
    $url = hesk_input($_SERVER['HTTP_REFERER']);
    $url = str_replace('&amp;', '&', $url);
    if ($tmp = strstr($url, 'show_tickets.php')) {
        $referer = $tmp;
    } elseif ($tmp = strstr($url, 'find_tickets.php')) {
        $referer = $tmp;
    } elseif ($tmp = strstr($url, 'admin_main.php')) {
        $referer = $tmp;
    } else {
        $referer = 'admin_main.php';
    }
} else {
    $referer = 'admin_main.php';
}

/* Is this a delete ticket request from within a ticket ("delete" icon)? */
if (isset($_GET['delete_ticket'])) {
    /* Check permissions for this feature */
    hesk_checkPermission('can_del_tickets');

    /* A security check */
    hesk_token_check();

    // Tracking ID
    $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);

    /* Get ticket info */
    $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
        hesk_error($hesklang['ticket_not_found']);
    }
    $ticket = hesk_dbFetchAssoc($result);

    /* Is this user allowed to delete tickets inside this category? */
    hesk_okCategory($ticket['category']);

    hesk_fullyDeleteTicket();

    hesk_process_messages(sprintf($hesklang['num_tickets_deleted'], 1), $referer, 'SUCCESS');
}


/* This is a request from ticket list. Must be POST and id must be an array */
if (!isset($_POST['id']) || !is_array($_POST['id'])) {
    hesk_process_messages($hesklang['no_selected'], $referer, 'NOTICE');
} /* If not, then needs an action (a) POST variable set */
elseif (!isset($_POST['a'])) {
    hesk_process_messages($hesklang['invalid_action'], $referer);
}

$i = 0;

// Possible priorities
$priorities = array(
    'critical' => array('value' => 0, 'text' => $hesklang['critical'], 'formatted' => '<font class="critical">' . $hesklang['critical'] . '</font>'),
    'high' => array('value' => 1, 'text' => $hesklang['high'], 'formatted' => '<font class="important">' . $hesklang['high'] . '</font>'),
    'medium' => array('value' => 2, 'text' => $hesklang['medium'], 'formatted' => '<font class="medium">' . $hesklang['medium'] . '</font>'),
    'low' => array('value' => 3, 'text' => $hesklang['low'], 'formatted' => $hesklang['low']),
);

// Change priority
if (array_key_exists($_POST['a'], $priorities)) {
    // A security check
    hesk_token_check('POST');

    // Priority info
    $priority = $priorities[$_POST['a']];

    foreach ($_POST['id'] as $this_id) {
        if (is_array($this_id)) {
            continue;
        }

        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
        $result = hesk_dbQuery("SELECT `priority`, `category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`={$this_id} LIMIT 1");
        if (hesk_dbNumRows($result) != 1) {
            continue;
        }
        $ticket = hesk_dbFetchAssoc($result);

        if ($ticket['priority'] == $priority['value']) {
            continue;
        }

        hesk_okCategory($ticket['category']);

        $revision = sprintf($hesklang['thist8'], hesk_date(), $priority['formatted'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`={$this_id} LIMIT 1");

        $i++;
    }

    hesk_process_messages($hesklang['pri_set_to'] . ' ' . $priority['formatted'], $referer, 'SUCCESS');
} /* DELETE */
elseif ($_POST['a'] == 'delete') {
    /* Check permissions for this feature */
    hesk_checkPermission('can_del_tickets');

    /* A security check */
    hesk_token_check('POST');

    // Will we need ticket notifications?
    if ($hesk_settings['notify_closed']) {
        require(HESK_PATH . 'inc/email_functions.inc.php');
    }

    $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');

    foreach ($_POST['id'] as $this_id) {
        if (is_array($this_id)) {
            continue;
        }

        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
        $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($this_id) . "' LIMIT 1");
        if (hesk_dbNumRows($result) != 1) {
            continue;
        }
        $ticket = hesk_dbFetchAssoc($result);

        hesk_okCategory($ticket['category']);

        hesk_fullyDeleteTicket();
        $i++;
    }

    hesk_process_messages(sprintf($hesklang['num_tickets_deleted'], $i), $referer, 'SUCCESS');
} /* MERGE TICKETS */
elseif ($_POST['a'] == 'merge') {
    /* Check permissions for this feature */
    hesk_checkPermission('can_merge_tickets');

    /* A security check */
    hesk_token_check('POST');

    /* Sort IDs, tickets will be merged to the lowest ID */
    sort($_POST['id'], SORT_NUMERIC);

    /* Select lowest ID as the target ticket */
    $merge_into = array_shift($_POST['id']);

    /* Merge tickets or throw an error */
    if (hesk_mergeTickets($_POST['id'], $merge_into)) {
        hesk_process_messages($hesklang['merged'], $referer, 'SUCCESS');
    } else {
        $hesklang['merge_err'] .= ' ' . $_SESSION['error'];
        hesk_cleanSessionVars($_SESSION['error']);
        hesk_process_messages($hesklang['merge_err'], $referer);
    }
} /* TAG/UNTAG TICKETS */
elseif ($_POST['a'] == 'tag' || $_POST['a'] == 'untag') {
    /* Check permissions for this feature */
    hesk_checkPermission('can_add_archive');

    /* A security check */
    hesk_token_check('POST');

    if ($_POST['a'] == 'tag') {
        $archived = 1;
        $action = $hesklang['num_tickets_tag'];
    } else {
        $archived = 0;
        $action = $hesklang['num_tickets_untag'];
    }

    foreach ($_POST['id'] as $this_id) {
        if (is_array($this_id)) {
            continue;
        }

        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
        $result = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($this_id) . "' LIMIT 1");
        if (hesk_dbNumRows($result) != 1) {
            continue;
        }
        $ticket = hesk_dbFetchAssoc($result);

        hesk_okCategory($ticket['category']);

        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `archive`='$archived' WHERE `id`='" . intval($this_id) . "' LIMIT 1");
        $i++;
    }

    hesk_process_messages(sprintf($action, $i), $referer, 'SUCCESS');
} /* JUST CLOSE */
else {
    /* Check permissions for this feature */
    hesk_checkPermission('can_view_tickets');
    hesk_checkPermission('can_reply_tickets');

    /* A security check */
    hesk_token_check('POST');
    require(HESK_PATH . 'inc/email_functions.inc.php');

    $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');

    foreach ($_POST['id'] as $this_id) {
        if (is_array($this_id)) {
            continue;
        }

        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);

        $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($this_id) . "' LIMIT 1");
        $ticket = hesk_dbFetchAssoc($result);

        hesk_okCategory($ticket['category']);

        $closedStatusRS = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsStaffClosedOption` = 1");
        $closedStatus = hesk_dbFetchAssoc($closedStatusRS);

        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($this_id) . "' LIMIT 1");
        $i++;

        // Notify customer of closed ticket?
        if ($hesk_settings['notify_closed']) {
            $ticket['dt'] = hesk_date($ticket['dt'], true);
            $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
            $ticket = hesk_ticketToPlain($ticket, 1, 0);
            hesk_notifyCustomer($modsForHesk_settings, 'ticket_closed');
        }
    }

    hesk_process_messages(sprintf($hesklang['num_tickets_closed'], $i), $referer, 'SUCCESS');
}


/*** START FUNCTIONS ***/


function hesk_fullyDeleteTicket()
{
    global $hesk_settings, $hesklang, $ticket;

    /* Delete attachment files */
    $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");
    if (hesk_dbNumRows($res)) {
        $hesk_settings['server_path'] = dirname(dirname(__FILE__));

        while ($file = hesk_dbFetchAssoc($res)) {
            hesk_unlink($hesk_settings['server_path'] . '/' . $hesk_settings['attach_dir'] . '/' . $file['saved_name']);
        }
    }

    /* Delete attachments info from the database */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `ticket_id`='" . hesk_dbEscape($ticket['trackid']) . "'");

    /* Delete the ticket */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id`='" . intval($ticket['id']) . "'");

    /* Delete replies to the ticket */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `replyto`='" . intval($ticket['id']) . "'");

    /* Delete ticket notes */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `ticket`='" . intval($ticket['id']) . "'");

    /* Delete ticket reply drafts */
    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `ticket`=" . intval($ticket['id']));

    return true;
}

?>