diff --git a/admin/admin_settings.php b/admin/admin_settings.php index e8ef90bc..0bbb5655 100644 --- a/admin/admin_settings.php +++ b/admin/admin_settings.php @@ -47,8 +47,6 @@ require(HESK_PATH . 'inc/common.inc.php'); $hesk_settings['language'] = $hesk_settings['language_default']; require(HESK_PATH . 'inc/admin_functions.inc.php'); require(HESK_PATH . 'inc/mail_functions.inc.php'); -// Load custom fields -require_once(HESK_PATH . 'inc/custom_fields.inc.php'); hesk_load_database_functions(); hesk_session_start(); @@ -59,6 +57,9 @@ hesk_isLoggedIn(); hesk_checkPermission('can_man_settings'); +// Load custom fields +require_once(HESK_PATH . 'inc/custom_fields.inc.php'); + // Test languages function if (isset($_GET['test_languages'])) { hesk_testLanguage(0); diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php index 9a434e44..4b7e3081 100644 --- a/admin/admin_ticket.php +++ b/admin/admin_ticket.php @@ -73,6 +73,9 @@ $trackingID = hesk_cleanID() or print_form(); // Load custom fields require_once(HESK_PATH . 'inc/custom_fields.inc.php'); +// Load statuses +//require_once(HESK_PATH . 'inc/statuses.inc.php'); + $_SERVER['PHP_SELF'] = 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999); /* We will need timer function */ @@ -132,7 +135,20 @@ $managerRS = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_p $managerRow = hesk_dbFetchAssoc($managerRS); $isManager = $managerRow['id'] == $category['manager']; if ($isManager) { - $can_del_notes = $can_reply = $can_delete = $can_edit = $can_archive = $can_assign_self = $can_view_unassigned = $can_change_cat = true; + $can_del_notes = + $can_reply = + $can_delete = + $can_edit = + $can_archive = + $can_assign_self = + $can_view_unassigned = + $can_change_own_cat = + $can_change_cat = + $can_ban_emails = + $can_unban_emails = + $can_ban_ips = + $can_unban_ips = + $can_resolve = true; } /* Is this user allowed to view tickets inside this category? */ @@ -192,12 +208,12 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check()) { } /* Delete attachments info from the database */ - hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1"); + hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "'"); } } /* Delete this reply */ - hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1"); + hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "'"); /* Reply wasn't deleted */ if (hesk_dbAffectedRows() != 1) { @@ -244,7 +260,7 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check()) { } } - hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='" . intval($replier_id) . "', `replies`=`replies`-1 $status_sql $closed_sql $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); + hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='" . intval($replier_id) . "', `replies`=`replies`-1 $status_sql $closed_sql $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "'"); } else { // Update status, closedat and closedby columns as required if ($ticket['locked']) { @@ -255,7 +271,7 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check()) { $closed_sql = " , `closedat`=NULL, `closedby`=NULL "; } - hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='$status', `replies`=0 $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); + hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='$status', `replies`=0 $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "'"); } hesk_process_messages($hesklang['repl'], $_SERVER['PHP_SELF'], 'SUCCESS'); @@ -278,7 +294,7 @@ if (isset($_GET['delnote']) && hesk_token_check()) { // Permission to delete note? if ($can_del_notes || $note['who'] == $_SESSION['id']) { // Delete note - hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`='" . intval($n) . "' LIMIT 1"); + hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`='" . intval($n) . "'"); // Delete attachments if (strlen($note['attachments'])) { @@ -440,7 +456,7 @@ if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST[' /* Update database */ $revision = sprintf($hesklang['thist14'], hesk_date(), $time_worked, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); - hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"); + hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'"); /* Show ticket */ hesk_process_messages($hesklang['twu'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); @@ -530,15 +546,14 @@ if (isset($_GET['delatt']) && hesk_token_check()) { /* Update ticket or reply in the database */ $revision = sprintf($hesklang['thist12'], hesk_date(), $att['real_name'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'); if ($reply) { - hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($reply) . "' LIMIT 1"); - hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`='" . intval($reply) . "' LIMIT 1"); - hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); + hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($reply) . "'"); + hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "'"); } elseif ($note) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`={$note} LIMIT 1"); - hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`={$note} LIMIT 1"); + hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`={$note}"); } else { - hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); - hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",',''), `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1"); + hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($ticket['id']) . "'"); + hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",',''), `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "'"); } hesk_process_messages($hesklang['kb_att_rem'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS'); @@ -558,7 +573,11 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php'); /* List of categories */ $orderBy = $modsForHesk_settings['category_order_column']; -$result = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `usage` <> 2 ORDER BY `" . $orderBy . "` ASC"); +if ($can_change_cat) { + $result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `usage` <> 2 ORDER BY `cat_order` ASC"); +} else { + $result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `usage` <> 2 AND ".hesk_myCategories('id')." ORDER BY `cat_order` ASC"); +} $categories_options = ''; while ($row = hesk_dbFetchAssoc($result)) { $selected = ''; @@ -638,6 +657,17 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); $v) { + if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category']) ) { + switch ($v['type']) { + case 'date': + $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']); + break; + } + } + } ?>

@@ -1030,15 +1060,19 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); '; + if ( ! $ticket['owner']) + { + echo ''; + } + echo ''; } else { echo '

'; echo isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] : - ($can_assign_self ? $hesklang['unas'] . ' [' . $hesklang['asss'] . ']' : $hesklang['unas']); + ($can_assign_self ? $hesklang['unas'] . ' [' . $hesklang['asss'] . ']' : $hesklang['unas']); echo '

'; } - echo ''; echo '

' . $hesklang['category'] . '

'; - if ($can_change_cat) { + if (strlen($categories_options) && ($can_change_cat || $can_change_own_cat)) { echo '
@@ -1253,7 +1287,7 @@ require_once(HESK_PATH . 'inc/footer.inc.php'); function hesk_getAdminButtons($category_id) { - global $hesk_settings, $hesklang, $modsForHesk_settings, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $isManager; + global $hesk_settings, $hesklang, $modsForHesk_settings, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $can_resolve, $isManager; $options = ''; @@ -1424,7 +1458,7 @@ function hesk_getAdminButtons($category_id) $isClosable = $isTicketClosedRow['Closable'] == 'yes' || $isTicketClosedRow['Closable'] == 'sonly'; $mgr = $isManager ? '&isManager=1' : ''; - if ($isTicketClosed == 0 && $isClosable) // Ticket is still open + if ($isTicketClosed == 0 && $isClosable && $can_resolve) // Ticket is still open { $dropdown .= '
  • ' . $hesklang['close_action'] . '
    • '; @@ -1434,7 +1468,7 @@ function hesk_getAdminButtons($category_id) } /* Lock ticket button */ - if ($can_edit) { + if ($can_resolve) { $template = '
  • %s
    • '; $dropdown .= $ticket['locked'] ? sprintf($template, 0, 'unlock', $hesklang['tul']) @@ -1575,7 +1609,7 @@ function mfh_print_message() {
    $v) { - if ($v['use'] && $v['place'] == 0) { + if ($v['use'] && $v['place'] == 0 && hesk_is_custom_field_in_category($k, $ticket['category'])) { if ($modsForHesk_settings['custom_field_setting']) { $v['name'] = $hesklang[$v['name']]; } @@ -1584,12 +1618,15 @@ function mfh_print_message() { if ($v['type'] == 'date' && !empty($ticket[$k])) { $dt = hesk_date($ticket[$k], false, false); echo '
    ' . hesk_dateToString($dt, 0) . '
    '; + } elseif ($v['type'] == 'email') { + echo '
    '.$ticket[$k].'
    '; } else { echo '
    ' . $ticket[$k] . '
    '; } echo ''; } } + if ($ticket['message'] != '') { ?>
    @@ -1604,8 +1641,9 @@ function mfh_print_message() {
    $v) { - if ($v['use'] && $v['place']) { + if ($v['use'] && $v['place'] && hesk_is_custom_field_in_category($k, $ticket['category'])) { if ($modsForHesk_settings['custom_field_setting']) { $v['name'] = $hesklang[$v['name']]; } @@ -1614,6 +1652,8 @@ function mfh_print_message() { if ($v['type'] == 'date' && !empty($ticket[$k])) { $dt = hesk_date($ticket[$k], false, false); echo '
    ' . hesk_dateToString($dt, 0) . '
    '; + } elseif ($v['type'] == 'email') { + echo '
    '.$ticket[$k].'
    '; } else { echo '
    ' . $ticket[$k] . '
    '; } @@ -1751,6 +1791,13 @@ function hesk_printTicketReplies() function hesk_printReplyForm() { global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self, $isManager, $modsForHesk_settings; + + // Force assigning a ticket before allowing to reply? + if ($hesk_settings['require_owner'] && ! $ticket['owner']) + { + hesk_show_notice($hesklang['atbr'].($can_assign_self ? '

    '.$hesklang['attm'].'' : ''), $hesklang['owneed']); + return ''; + } ?>