From 9ca1bcffb114da35da9f9a62ca37c73b8f2cbfb2 Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Tue, 25 Oct 2016 13:08:37 -0400 Subject: [PATCH] Update submit_ticket --- submit_ticket.php | 153 +++++++++++++++++++++++++++++++++------------- 1 file changed, 109 insertions(+), 44 deletions(-) diff --git a/submit_ticket.php b/submit_ticket.php index 7e6f5e45..81cea406 100644 --- a/submit_ticket.php +++ b/submit_ticket.php @@ -150,24 +150,46 @@ if ($hesk_settings['secimg_use'] && !isset($_SESSION['img_verified'])) { } $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name']; -$tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email']; + +$email_available = true; + +if ($hesk_settings['require_email']) { + $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email']; +} else { + $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0); + + // Not required, but must be valid if it is entered + if ($tmpvar['email'] == '') { + $email_available = false; + + if (strlen(hesk_POST('email'))) { + $hesk_error_buffer['email'] = $hesklang['not_valid_email']; + } + + // No need to confirm the email + $hesk_settings['confirm_email'] = 0; + $_POST['email2'] = ''; + $_SESSION['c_email'] = ''; + $_SESSION['c_email2'] = ''; + } +} if ($hesk_settings['confirm_email']) { $tmpvar['email2'] = hesk_validateEmail(hesk_POST('email2'), 'ERR', 0) or $hesk_error_buffer['email2'] = $hesklang['confemail2']; // Anything entered as email confirmation? - if (strlen($tmpvar['email2'])) { + if ($tmpvar['email2'] != '') { // Do we have multiple emails? if ($hesk_settings['multi_eml']) { $tmpvar['email'] = str_replace(';', ',', $tmpvar['email']); $tmpvar['email2'] = str_replace(';', ',', $tmpvar['email2']); if (count(array_diff(explode(',', strtolower($tmpvar['email'])), explode(',', strtolower($tmpvar['email2'])))) == 0) { - $_SESSION['c_email2'] = $_POST['email2']; + $_SESSION['c_email2'] = hesk_POST('email2'); } } // Single email address match elseif (!$hesk_settings['multi_eml'] && strtolower($tmpvar['email']) == strtolower($tmpvar['email2'])) { - $_SESSION['c_email2'] = $_POST['email2']; + $_SESSION['c_email2'] = hesk_POST('email2'); } else { // Invalid match $tmpvar['email2'] = ''; @@ -177,7 +199,7 @@ if ($hesk_settings['confirm_email']) { $hesk_error_buffer['email2'] = $hesklang['confemaile']; } } else { - $_SESSION['c_email2'] = $_POST['email2']; + $_SESSION['c_email2'] = hesk_POST('email2'); } } @@ -207,8 +229,25 @@ else { } } -$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject']; -$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer['message'] = $hesklang['enter_message'];; +if ($hesk_settings['require_subject'] == -1) { + $tmpvar['subject'] = ''; +} else { + $tmpvar['subject'] = hesk_input( hesk_POST('subject') ); + + if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') { + $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject']; + } +} + +if ($hesk_settings['require_message'] == -1) { + $tmpvar['message'] = ''; +} else { + $tmpvar['message'] = hesk_input( hesk_POST('message') ); + + if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') { + $hesk_error_buffer['message'] = $hesklang['enter_message']; + } +} // Is category a valid choice? if ($tmpvar['category']) { @@ -222,46 +261,72 @@ if ($tmpvar['category']) { // Custom fields $modsForHesk_settings = mfh_getSettings(); -foreach ($hesk_settings['custom_fields'] as $k => $v) { - if ($v['use']) { - if ($modsForHesk_settings['custom_field_setting']) { - $v['name'] = $hesklang[$v['name']]; - } +foreach ($hesk_settings['custom_fields'] as $k=>$v) { + if ($v['use']==1 && hesk_is_custom_field_in_category($k, $tmpvar['category'])) { + if ($v['type'] == 'checkbox') { + $tmpvar[$k]=''; - if ($v['type'] == 'checkbox' || $v['type'] == 'multiselect') { - $tmpvar[$k] = ''; - - if (isset($_POST[$k])) { - if (is_array($_POST[$k])) { - foreach ($_POST[$k] as $myCB) { - $tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '
';; - } - $tmpvar[$k] = substr($tmpvar[$k], 0, -6); + if (isset($_POST[$k]) && is_array($_POST[$k])) { + foreach ($_POST[$k] as $myCB) { + $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '
';; } + + $tmpvar[$k]=substr($tmpvar[$k],0,-6); } else { if ($v['req']) { - $hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name']; + $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name']; } $_POST[$k] = ''; } - $_SESSION["c_$k"] = hesk_POST_array($k); - } elseif ($v['req']) { - $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k)))); - $_SESSION["c_$k"] = hesk_POST($k); - if (!strlen($tmpvar[$k])) { - $hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name']; - } + $_SESSION["c_$k"]=hesk_POST_array($k); + } elseif ($v['type'] == 'date') { + $tmpvar[$k] = hesk_POST($k); + $_SESSION["c_$k"] = ''; - if ($v['type'] == 'date') { - $tmpvar[$k] = strtotime($_POST[$k]); - } - } else { - if ($v['type'] == 'date' && $_POST[$k] != '') { - $tmpvar[$k] = strtotime($_POST[$k]); + if (preg_match("/^[0-9]{2}\/[0-9]{2}\/[0-9]{4}$/", $tmpvar[$k])) { + $date = strtotime($tmpvar[$k] . ' t00:00:00'); + $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false; + $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false; + + $_SESSION["c_$k"] = $tmpvar[$k]; + + if ($dmin && $dmin > $date) { + $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format'])); + } elseif ($dmax && $dmax < $date) { + $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format'])); + } else { + $tmpvar[$k] = $date; + } } else { - $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k)))); + if ($v['req']) { + $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name']; + } } + } elseif ($v['type'] == 'email') { + $tmp = $hesk_settings['multi_eml']; + $hesk_settings['multi_eml'] = $v['value']['multiple']; + $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0); + $hesk_settings['multi_eml'] = $tmp; + + if ($tmpvar[$k] != '') { + $_SESSION["c_$k"] = hesk_input($tmpvar[$k]); + } else { + $_SESSION["c_$k"] = ''; + + if ($v['req']) { + $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']); + } + } + } elseif ($v['req']) { + $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) ))); + if ($tmpvar[$k] == '') { + $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name']; + } + $_SESSION["c_$k"]=hesk_POST($k); + } else { + $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) ))); + $_SESSION["c_$k"]=hesk_POST($k); } } else { $tmpvar[$k] = ''; @@ -269,13 +334,13 @@ foreach ($hesk_settings['custom_fields'] as $k => $v) { } // Check bans -if (!isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) { +if ($email_available && ! isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) { hesk_error($hesklang['baned_e']); } // Check maximum open tickets limit $below_limit = true; -if ($hesk_settings['max_open'] && !isset($hesk_error_buffer['email'])) { +if ($email_available && $hesk_settings['max_open'] && ! isset($hesk_error_buffer['email'])) { $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN (SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsClosed` = 0) AND " . hesk_dbFormatEmail($tmpvar['email'])); $num = hesk_dbResult($res); @@ -327,7 +392,6 @@ if (count($hesk_error_buffer)) { $_SESSION['c_name'] = hesk_POST('name'); $_SESSION['c_email'] = hesk_POST('email'); - $_SESSION['c_category'] = hesk_POST('category'); $_SESSION['c_priority'] = hesk_POST('priority'); $_SESSION['c_subject'] = hesk_POST('subject'); $_SESSION['c_message'] = hesk_POST('message'); @@ -343,7 +407,7 @@ if (count($hesk_error_buffer)) { } $hesk_error_buffer = $hesklang['pcer'] . '

'; - hesk_process_messages($hesk_error_buffer, 'index.php?a=add'); + hesk_process_messages($hesk_error_buffer, 'index.php?a=add&category='.$tmpvar['category']); } if (!$modsForHesk_settings['rich_text_for_tickets_for_customers']) { @@ -389,7 +453,7 @@ $tmpvar['user_agent'] = $_SERVER['HTTP_USER_AGENT']; // Should the helpdesk validate emails? $createTicket = true; -if ($modsForHesk_settings['customer_email_verification_required']) { +if ($modsForHesk_settings['customer_email_verification_required'] && $email_available) { $verifiedEmailSql = "SELECT `Email` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "verified_emails` WHERE `Email` = '" . hesk_dbEscape($tmpvar['email']) . "'"; $verifiedEmailRS = hesk_dbQuery($verifiedEmailSql); if ($verifiedEmailRS->num_rows == 0) { @@ -414,7 +478,7 @@ if ($createTicket) { $ticket = hesk_newTicket($tmpvar); // Notify the customer - if ($hesk_settings['notify_new']) { + if ($hesk_settings['notify_new'] && $email_available) { hesk_notifyCustomer($modsForHesk_settings); } @@ -434,7 +498,7 @@ $_SESSION['already_submitted'] = 1; // Need email to view ticket? If yes, remember it by default if ($hesk_settings['email_view_ticket']) { - setcookie('hesk_myemail', $tmpvar['email'], strtotime('+1 year')); + hesk_setcookie('hesk_myemail', $tmpvar['email'], strtotime('+1 year')); } // Unset temporary variables @@ -466,7 +530,8 @@ require_once(HESK_PATH . 'inc/header.inc.php'); $hesklang['ticket_submitted'] . '

' . $hesklang['ticket_submitted_success'] . ': ' . $ticket['trackid'] . '

' . - ($hesk_settings['notify_new'] && $hesk_settings['spam_notice'] ? $hesklang['spam_inbox'] . '

' : '') . + ( ! $email_available ? $hesklang['write_down'] . '

' : '') . + ($email_available && $hesk_settings['notify_new'] && $hesk_settings['spam_notice'] ? $hesklang['spam_inbox'] . '

' : '') . '' . $hesklang['view_your_ticket'] . '' ); } else {