<?php
#$Id: tickets.inc.php,v 1.6 2004/12/17 04:11:39 ryan Exp $
require_once("includes/text.inc.php");
class ticketsModule {
function ticketsModule($parent){
$this->action = $_GET['action'];
$this->core = $parent->core;
$this->textArray = $parent->textArray;
$this->user_id = $parent->user_id;
$this->templates = $this->core->templates;
list($admin) = $this->core->db->fetch_row($this->core->db->query("select tickets from users where user_id = '$this->user_id'"));
$this->admin = $admin;
if ($this->core->db->dbCall("tickets") != 1){ $this->body = $this->textArray['Tickets are currently offline']; }
else if (!$_COOKIE[PXL]){ $this->body = $this->core->login(0, "tickets.php"); }
else if ($this->admin == 0){ $this->body = $this->textArray['Unauthorized']; }
else {
switch($this->action){
case create:
$this->title = $this->textArray['Create Ticket'];
$this->createTicket();
break;
case modify:
$this->title = $this->textArray['Modify Ticket'];
$this->modifyTicket();
break;
case delete:
$this->deleteTicket();
break;
case comment:
$this->title = $this->textArray['Add Comment'];
$this->addComment();
break;
case deleteComment:
$this->deleteComment();
break;
case search:
$this->title = $this->textArray['Ticket Search'];
$this->ticketSearch();
break;
case view:
$this->title = $this->textArray['View Ticket'];
$this->viewTicket();
break;
default:
$this->title = $this->textArray['Tickets'];
$this->ticketsHome();
}
}
}
function viewTicket(){
if (!$_GET[ticket_id]){ die("Failed to Initialize Ticket Module"); }
list($cc) = $this->core->db->fetch_row($this->core->db->query("select count(*) from tickets where ticket_id = '$_GET[ticket_id]'"));
if ($cc == 0){ $this->body = $this->textArray['Unknown Ticket ID']; }
else {
$dateFormat = $this->core->db->dbCall("dateFormat") . " H:i";
$sql = "select c.ticket_cat_name, p.pri_name, s.status_name, t.opened_date, t.closed_date, t.ticket_subject, t.ticket_issue, concat(u.first_name, ' ', u.last_name) as open, concat(u1.first_name, ' ', u1.last_name) as assign, t.all_search from tickets t, tickets_cat c, pri p, status s, users u, users u1 where t.ticket_id = '$_GET[ticket_id]' and u.user_id = t.opened_by and u1.user_id = t.assigned_to and t.ticket_cat_id = c.ticket_cat_id and t.pri_id = p.pri_id and s.status_id = t.status_id";
list($cat, $pri, $status, $opened, $closed, $subject, $issue, $open, $assign, $search) = $this->core->db->fetch_row($this->core->db->query($sql));
$opened = date($dateFormat, $this->core->global->getTime($opened));
$result = $this->core->db->query("select concat(u.first_name, ' ', u.last_name) as name from users u, tickets_notify n, tickets t where n.ticket_id = '$_GET[ticket_id]' and u.user_id = n.user_id and u.user_id != t.assigned_to and u.user_id != t.opened_by and t.ticket_id = '$_GET[ticket_id]' order by name") or die(mysql_error());
while(list($name) = $this->core->db->fetch_row($result)){
$notify .= $name . ", ";
}
$filter = array("No", "Yes");
$text = "<table border=0 cellpadding=2 cellspacing=2 id=box>";
$text .= "<tr><td id=boxCell-bold width=150>" . $this->textArray['Ticket Category'] . " : </td><td id=boxCell>$cat</td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Priority'] . " : </td><td id=boxCell>$pri</td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Status'] . " : </td><td id=boxCell>$status</td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Opened By'] . " : </td><td id=boxCell>$open</td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Assigned'] . " : </td><td id=boxCell>$assign</td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Opened Date'] . " : </td><td id=boxCell>$opened</td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Allow All Search'] . " : </td><td id=boxCell>" . $this->textArray[$filter[$search]] . "</td></tr>";
if ($closed != 0){
$closed = date($dateFormat, $this->core->global->getTime($closed));
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Closed Date'] . " : </td><td id=boxCell>$closed</td></tr>";
}
if ($notify){
$notify = substr($notify, 0, -2);
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Notify List'] . " : </td><td id=boxCell>$notify</td></tr>";
}
$text .= "<tr><td id=boxCell colspan=2> </td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Subject'] . " : </td><td id=boxCell>$subject</td></tr>";
$text .= "<tr><td id=boxCell colspan=2>" . $issue . "</td></tr>";
$text .= "</table>";
if ($this->admin == 3){
$key = $this->core->key;
$text .= "<br><br><table border=0 cellpadding=2 cellspacing=2 id=box>";
$text .= "<tr><td id=boxCell>";
$text .= "<input type=button value='" . $this->textArray['Modify Ticket'] . "' onclick=goToURL('tickets.php?action=modify&ticket_id=$_GET[ticket_id]')> ";
$text .= "<input type=button value='" . $this->textArray['Delete Ticket'] . "' onclick=confirmDelete('tickets.php?action=delete&ticket_id=$_GET[ticket_id]&auth=$key')>";
$text .= "</td></tr></table>";
}
$text .= "<br><br>";
$title = $this->textArray['View Ticket'];
$insert = $text;
include("$this->templates/files/box.tpl.php");
$text .= $this->viewComments($key);
$this->body = $text;
}
}
function viewComments($key){
$dateFormat = $this->core->db->dbCall("dateFormat") . " H:i";
list($assign, $open, $pri, $status, $search) = $this->core->db->fetch_row($this->core->db->query("select assigned_to, opened_by, pri_id, status_id, all_search from tickets where ticket_id = '$_GET[ticket_id]'"));
$text = "<table border=0 cellpadding=2 cellspacing=2 id=box>";
if ($this->user_id == $assign || $this->user_id = $open || $this->admin == 3){
$text .= "<tr><td id=boxCell><input type=button value='" . $this->textArray['Add Comment'] . "' onClick=displaySubs('tickets')></td></tr>";
$text .= "<tr><td id=boxCell>";
$text .= "<div id=\"tickets\" style=\"display:none;\">";
$text .= "<form method=post action=tickets.php?action=comment>";
$text .= "<input type=hidden name=ticket_id value=$_GET[ticket_id]>";
$text .= "<table border=0 cellpadding=2 cellspacing=2 id=box-400>";
$text .= "<tr><td id=boxTitleLeft colspan=2>" . $this->textArray['Add Comment'] . "</td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Priority'] . " : </td><td id=boxCell>" . $this->createDropDown("pri_id", $pri) . " </td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Status'] . " : </td><td id=boxCell>" . $this->createDropDown("status_id", $status) . " </td></tr>";
if ($this->admin == 3 || $this->user_id == $assign){ $text .= "<tr><td id=boxCell-bold>" . $this->textArray['Allow All Search'] . " : </td><td id=boxCell>" . $this->createDropDown("all_search", $search) . " </td></tr>"; }
if ($this->admin == 3){
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Assigned'] . " : </td><td id=boxCell>" . $this->createUserList("assign", $assign) . " </td></tr>";
}
else { $text .= "<input type=hidden name=assign value=$assign>"; }
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Comment'] . " : </td><td id=boxCell><textarea name=comment rows=12 cols=43></textarea> </td></tr>";
$text .= "<tr><td id=boxCell colspan=2 align=center><input type=submit value='" . $this->textArray['Add Comment'] . "'></form></td></tr>";
$text .= "</table>";
$text .= "</div></td></tr>";
}
$text .= "</table>";
require_once("includes/formscript.inc.php");
$text .= $formScript;
$result = $this->core->db->query("select c.ticket_comment_id, c.date, concat(u.first_name, ' ', u.last_name), c.comment from tickets_comments c, users u where u.user_id = c.user_id and c.ticket_id = '$_GET[ticket_id]' order by c.date asc");
while(list($comment_id, $date, $user, $comment) = $this->core->db->fetch_row($result)){
$text .= "<br>";
$text .= "<table border=0 cellpadding=2 cellspacing=0 id=box-invis width=95%>";
$text .= "<tr><td id=boxTitleLeft>$user - <span id=smallText>" . date($dateFormat, $this->core->global->getTime($date)) . "</span></td></tr>";
$text .= "<tr><td id=boxCell>" . $comment . "</td></tr>";
if ($this->admin == 3){ $text .= "<tr><td id=boxCell><a class=links href=javascript:confirmDelete('tickets.php?action=deleteComment&auth=$key&comment_id=$comment_id&ticket_id=$_GET[ticket_id]')>" . $this->textArray['Delete Comment'] . "</a></td></tr>"; }
$text .= "</table>";
}
$title = $this->textArray['Comments'];
$insert = $text;
include("$this->templates/files/box.tpl.php");
return $text;
}
function createUserList($name, $default=''){
if ($name == "assign"){
$result = $this->core->db->query("select user_id, concat(first_name, ' ', last_name) from users where tickets > '1' order by username");
if ($default == ''){ list($default) = $this->core->db->fetch_row($this->core->db->query("select trend_id from tickets_trend where user_id = '$this->user_id' and item_trend = 'assign' order by count desc limit 0,1")); }
$text = "<select name=assign>";
while(list($user_id, $username) = $this->core->db->fetch_row($result)){
if ($user_id == $default){ $s = "selected"; }
else { $s = ''; }
$text .= "<option value=$user_id $s>$username</option>";
}
$text .= "</select>";
}
else {
if ($default == ''){ $default = array(); }
$result = $this->core->db->query("select user_id, username from users where tickets > '1' and user_id != '$this->user_id' order by username");
$text = "<select name=notify[] size=10 multiple>";
while(list($user_id, $username) = $this->core->db->fetch_row($result)){
if (in_array($user_id, $default)){ $s = "selected"; }
else { $s = ''; }
$text .= "<option value=$user_id $s>$username</option>";
}
$text .= "</select>";
if (!$s){ $text = ''; }
}
return $text;
}
function createDropDown($name, $default=''){
$text = "<select name=$name>";
switch($name){
case ticket_cat_id:
$sql = "select ticket_cat_id, ticket_cat_name from tickets_cat order by ticket_cat_name";
break;
case pri_id:
$sql = "select pri_id, pri_name from pri order by pri_id";
break;
case status_id:
$sql = "select status_id, status_name from status where status_id in ('2', '4', '8') order by status_name";
break;
default:
break;
}
if ($default == ''){ list($default) = $this->core->db->fetch_row($this->core->db->query("select trend_id from tickets_trend where user_id = '$this->user_id' and item_trend = '$name' order by count desc limit 0,1")); }
if ($sql){
$result = $this->core->db->query($sql);
while(list($id, $n) = $this->core->db->fetch_row($result)){
if ($id == $default){ $s = "selected"; }
else { $s = '' ; }
$text .= "<option value=$id $s>$n</option>";
}
}
else {
$ch = array("No", "Yes");
foreach(array_keys($ch) as $c){
if ($c == $default){ $s = "selected"; }
else { $s = ''; }
$text .= "<option value=$c $s>" . $this->textArray[$ch[$c]] . "</option>";
}
}
$text .= "</select>";
return $text;
}
function ticketTrend($trend_name, $trend_id){
list($count) = $this->core->db->fetch_row($this->core->db->query("select count(*) from tickets_trend where item_trend = '$trend_name' and trend_id = '$trend_id' and user_id = '$this->user_id'"));
if ($count == 1){
$this->core->db->query("update tickets_trend set count = count + 1 where user_id = '$this->user_id' and item_trend = '$trend_name' and trend_id = '$trend_id'");
}
else {
$this->core->db->query("insert into tickets_trend values ('$trend_name', '$trend_id', '$this->user_id', '1')");
}
}
function createTicket(){
if ($_POST[confirm] == 1){
if ($this->admin == 2){ $assign = $this->user_id; }
else if ($this->admin == 1){ $assgin = $this->core->db->dbCall("default_ticket_user"); }
else { $assign = $_POST[assign]; }
$subject = $this->core->global->convertText($_POST[subject], 1);
$issue = $this->core->global->convertHTML($_POST[issue], 1);
$date = $this->core->global->getTime(time(),1);
$this->core->db->query("insert into tickets values ('', '$_POST[ticket_cat_id]', '$_POST[pri_id]', '8', '$date', '', '$subject', '$issue', '$this->user_id', '$assign', 0)");
$ticket_id = $this->core->db->insert_id();
$this->ticketTrend("pri_id", $_POST[pri_id]);
$this->ticketTrend("assign", $assign);
$this->ticketTrend("ticket_cat_id", $_POST[ticket_cat_id]);
$notify = $_POST[notify];
$notify[] = $this->user_id;
$notify[] = $assign;
$this->ticketNotify($ticket_id, $notify, $this->textArray['Ticket Created']);
header("Location: tickets.php?action=view&ticket_id=$ticket_id");
}
else {
$text = "<table border=0 cellpadding=2 cellspacing=2 id=box>";
$text .= "<form method=post action=tickets.php?action=create onsubmit=\"return validateForm(this)\">";
$text .= "<input type=hidden name=confirm value=1>";
require_once("includes/formscript.inc.php");
$text .= $formScript;
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Ticket Category'] . " : </td><td id=boxCell>" . $this->createDropDown("ticket_cat_id") . " </td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Priority'] . " : </td><td id=boxCell>" . $this->createDropDown("pri_id") . " </td></tr>";
if ($this->admin == 3){
//$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Status'] . " : </td><td id=boxCell>" . $this->createDropDown("status_id") . " </td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Assigned'] . " : </td><td id=boxCell>" . $this->createUserList("assign") . " </td></tr>";
}
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Subject'] . " : </td><td id=boxCell><input type=text size=40 name=subject value=''></td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Issue'] . " : </td><td id=boxCell><textarea name=issue rows=12 cols=43></textarea> </td></tr>";
$notify = $this->createUserList("notify");
if ($notify != ''){ $text .= "<tr><td id=boxCell-bold>" . $this->textArray['Notify List'] . " : </td><td id=boxCell>$notify</td></tr>"; }
$text .= "<tr><td id=boxCell-center colspan=2><input type=submit value='" . $this->textArray['Create Ticket'] . "'></form></td></tr>";
$text .= "</table>";
$text .= "<script Language=JavaScript>";
$text .= "function validateForm(theForm)";
$text .= "{";
$text .= " if (!validRequired(theForm.issue,'" . $this->textArray['Issue'] . "'))";
$text .= " return false;";
$text .= " if (!validRequired(theForm.subject,'" . $this->textArray['Subject'] . "'))";
$text .= " return false;";
$text .= " return true;";
$text .= "}";
$text .= "</script>";
$title = $this->textArray['Create Ticket'];
$insert = $text;
include("$this->templates/files/box.tpl.php");
$this->body = $text;
}
}
function modifyTicket(){
if ($_POST[confirm] == 1){
if ($this->admin == 2){ $assign = $this->user_id; }
else if ($this->admin == 1){ $assgin = $this->core->db->dbCall("default_ticket_user"); }
else { $assign = $_POST[assign]; }
$subject = $this->core->global->convertText($_POST[subject], 1);
$issue = $this->core->global->convertHTML($_POST[issue], 1);
if ($_POST[status_id] == 4){
$date = $this->core->global->getTime(time(), 1);
$this->core->db->query("update tickets set closed_date = '$date', all_search = '$_POST[all_search]' where ticket_id = '$_POST[ticket_id]'");
}
$this->core->db->query("update tickets set all_search = '$_POST[all_search]', ticket_cat_id = '$_POST[ticket_cat_id]', pri_id = '$_POST[pri_id]', status_id = '$_POST[status_id]', ticket_subject = '$subject', ticket_issue = '$issue', assigned_to = '$assign' where ticket_id = '$_POST[ticket_id]'") or die(mysql_error());
$notify = $_POST[notify];
$notify[] = $this->user_id;
$notify[] = $assign;
$this->ticketNotify($ticket_id, $notify, "modify");
header("Location: tickets.php?action=view&ticket_id=$_POST[ticket_id]");
}
else {
$row = $this->core->db->fetch_array($this->core->db->query("select * from tickets where ticket_id = '$_GET[ticket_id]'"));
$notify = array();
$result = $this->core->db->query("select user_id from tickets_notify where ticket_id = '$_GET[ticket_id]'");
while(list($u) = $this->core->db->fetch_row($result)){
$notify[] = $u;
}
$text = "<table border=0 cellpadding=2 cellspacing=2 id=box>";
$text .= "<form method=post action=tickets.php?action=modify onsubmit=\"return validateForm(this)\">";
$text .= "<input type=hidden name=confirm value=1>";
$text .= "<input type=hidden name=ticket_id value=$_GET[ticket_id]>";
require_once("includes/formscript.inc.php");
$text .= $formScript;
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Ticket Category'] . " : </td><td id=boxCell>" . $this->createDropDown("ticket_cat_id", $row[ticket_cat_id]) . " </td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Priority'] . " : </td><td id=boxCell>" . $this->createDropDown("pri_id", $row[pri_id]) . " </td></tr>";
if ($this->admin == 3){
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Allow All Search'] . " : </td><td id=boxCell>" . $this->createDropDown("all_search", $row[all_search]) . " </td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Status'] . " : </td><td id=boxCell>" . $this->createDropDown("status_id", $row[status_id]) . " </td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Assigned'] . " : </td><td id=boxCell>" . $this->createUserList("assign", $row[assigned_to]) . " </td></tr>";
}
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Subject'] . " : </td><td id=boxCell><input type=text size=40 name=subject value=\"$row[ticket_subject]\"></td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Issue'] . " : </td><td id=boxCell><textarea name=issue rows=12 cols=43>" . $this->core->global->convertHTML($row[ticket_issue]) . "</textarea> </td></tr>";
$text .= "<tr><td id=boxCell-bold>" . $this->textArray['Notify List'] . " : </td><td id=boxCell>" . $this->createUserList("notify", $notify) . " </td></tr>";
$text .= "<tr><td id=boxCell-center colspan=2><input type=submit value='" . $this->textArray['Modify Ticket'] . "'></form></td></tr>";
$text .= "</table>";
$text .= "<script Language=JavaScript>";
$text .= "function validateForm(theForm)";
$text .= "{";
$text .= " if (!validRequired(theForm.issue,'" . $this->textArray['Issue'] . "'))";
$text .= " return false;";
$text .= " if (!validRequired(theForm.subject,'" . $this->textArray['Subject'] . "'))";
$text .= " return false;";
$text .= " return true;";
$text .= "}";
$text .= "</script>";
$title = $this->textArray['Modify Ticket'];
$insert = $text;
include("$this->templates/files/box.tpl.php");
$this->body = $text;
}
}
function deleteTicket(){
list($auth_key) = $this->core->db->fetch_row($this->core->db->query("select auth_key from users where sess = '$_COOKIE[PXL]'"));
print($auth_key . "<br>" . $_GET[auth]);
if ($_GET[auth] != $auth_key || !$_GET[auth] || $this->admin != 3){ DIE("HACK ATTEMPT"); }
$hold = array();
$result = $this->core->db->query("select user_id from tickets_notify where ticket_id = '$_GET[ticket_id]'");
while(list($user_id) = $this->core->db->fetch_row($result)){
$hold[] = $user_id;
}
$this->ticketNotify($_GET[ticket_id], $hold, "delete");
$this->core->db->query("delete from tickets_comments where ticket_id = '$_GET[ticket_id]'");
$this->core->db->query("delete from tickets where ticket_id = '$_GET[ticket_id]'");
$this->core->db->query("delete from tickets_notify where ticket_id = '$_GET[ticket_id]'");
header("Location: tickets.php?code=d");
}
function ticketNotify($ticket_id, $notify, $action){
$siteName = $this->core->db->dbCall("siteName");
$email = $this->core->db->dbCall("webmasterEmail");
$url = $this->core->db->dbCall("siteURL");
$headers = "From: $siteName " . $this->textArray['Tickets'] . " <$email> \r\n";
$headers .= "X-Sender: <$email>\r\n";
$headers .= "X-Mailer: PHP\r\n";
$headers .= "X-Priority: 3\r\n";
$headers .= "Reply-To: $email\r\n";
$hold = array();
foreach($notify as $n){
list($count) = $this->core->db->fetch_row($this->core->db->query("select count(*) from tickets_notify where ticket_id = '$ticket_id' and user_id = '$n'"));
if ($count == 0){
if (!in_array($n, $hold)){
$this->core->db->query("insert into tickets_notify values ('$n', '$ticket_id')");
$hold[] = $n;
}
}
else {
if (!in_array($n, $hold)){ $hold[] = $n; }
}
}
$result = $this->core->db->query("select user_id from tickets_notify where ticket_id = '$ticket_id'");
while(list($user_id) = $this->core->db->fetch_row($result)){
if (!in_array($user_id, $hold)){
$this->core->db->query("delete from tickets_notify where ticket_id = '$ticket_id' and user_id = '$user_id'");
}
}
if ($action == "create"){
$subject = $siteName . " " . $this->textArray['Ticket Created'];
$message = $siteURL . "/tickets.php?action=view&ticket_id=$ticket_id";
}
else if ($action == "delete"){
$subject = $siteName . " " . $this->textArray['Ticket Deleted'];
$message = $ticket_id . " " . $this->textArray['Ticket Deleted'];
}
else if ($action == "comment"){
$subject = $siteName . " " . $this->textArray['Ticket Comment Added'];
$message = $siteURL . "/tickets.php?action=view&ticket_id=$ticket_id";
}
foreach($hold as $h){
list($email) = $this->core->db->fetch_row($this->core->db->query("select email from users where user_id = '$h'"));
$this->core->global->xMail($email, $subject, $message, $headers);
}
}
function addComment(){
list($assign, $open) = $this->core->db->fetch_row($this->core->db->query("select assigned_to, opened_by from tickets where ticket_id = '$_POST[ticket_id]'"));
if ($this->user_id == $assign || $this->user_id == $open || $this->admin == 3){
$this->core->db->query("update tickets set assigned_to = '$_POST[assign]', status_id = '$_POST[status_id]', pri_id = '$_POST[pri_id]' where ticket_id = '$_POST[ticket_id]'");
$date = $this->core->global->getTime(time(), 1);
if ($_POST[status_id] == 4){
$this->core->db->query("update tickets set closed_date = '$date', all_search = '$_POST[all_search]' where ticket_id = '$_POST[ticket_id]'");
}
$comment = $this->core->global->convertHTML($_POST[comment], 1);
$this->core->db->query("insert into tickets_comments values ('', '$_POST[ticket_id]', '$date', '$this->user_id', '$comment')");
$hold = array();
$result = $this->core->db->query("select user_id from tickets_notify where ticket_id = '$_GET[ticket_id]'");
while(list($user_id) = $this->core->db->fetch_row($result)){
$hold[] = $user_id;
}
$this->ticketNotify($_POST[ticket_id], $hold, "comment");
}
header("Location: tickets.php?action=view&ticket_id=$_POST[ticket_id]");
}
function deleteComment(){
list($auth_key) = $this->core->db->fetch_row($this->core->db->query("select auth_key from users where sess = '$_COOKIE[PXL]'"));
if ($_GET[auth] != $auth_key || !$_GET[auth] || $this->admin != 3){ DIE("HACK ATTEMPT"); }
$this->core->db->query("delete from tickets_comments where ticket_comment_id = '$_GET[comment_id]'") or die(mysql_error());
header("Location: tickets.php?action=view&ticket_id=$_GET[ticket_id]");
}
function ticketsHome(){
$text .= "<table border=0 cellpadding=2 cellspacing=0 id=box>";
$text .= "<tr>";
$text .= "<td id=boxCell-bold>" . $this->textArray['ID'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Priority'] . "</td>";
//$text .= "<td id=boxCell-bold>" . $this->textArray['Status'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Opened Date'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Opened By'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Subject'] . "</td>";
$text .= "</tr>";
$dateFormat = $this->core->db->dbCall("dateFormat") . " H:i";
$result = $this->core->db->query("select t.ticket_id, p.pri_name, s.status_name, t.opened_date, concat(u.first_name, ' ', u.last_name), t.ticket_subject from tickets t, pri p, status s, users u where u.user_id = t.opened_by and t.assigned_to = '$this->user_id' and s.status_id = t.status_id and t.status_id in ('2','8') and p.pri_id = t.pri_id order by t.pri_id, t.opened_date") or die(mysql_error());
$x=0;
while(list($id, $pri, $status, $date, $user, $subject) = $this->core->db->fetch_row($result)){
if ($x == 0){ $class = "boxCell"; $x++; }
else { $class = "boxCell-alt"; $x=0; }
$text .= "<tr>";
$text .= "<td id=$class><a href=tickets.php?action=view&ticket_id=$id class=links>$id</a></td>";
$text .= "<td id=$class>$pri</td>";
$text .= "<td id=$class>" . date($dateFormat, $this->core->global->getTime($date)) . "</td>";
$text .= "<td id=$class>$user</td>";
$text .= "<td id=$class>$subject</td>";
$text .= "</tr>";
}
$text .= "</table>";
$title = $this->textArray['Tickets Assigned To Me'];
$insert = $text;
include("$this->templates/files/box.tpl.php");
$hold = $text;
$text = "<br>";
$text .= "<table border=0 cellpadding=2 cellspacing=0 id=box>";
$text .= "<tr>";
$text .= "<td id=boxCell-bold>" . $this->textArray['ID'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Priority'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Opened Date'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Assigned To'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Subject'] . "</td>";
$text .= "</tr>";
$dateFormat = $this->core->db->dbCall("dateFormat") . " H:i";
$result = $this->core->db->query("select t.ticket_id, p.pri_name, s.status_name, t.opened_date, concat(u.first_name, ' ', u.last_name), t.ticket_subject from tickets t, pri p, status s, users u where u.user_id = t.opened_by and t.opened_by = '$this->user_id' and s.status_id = t.status_id and t.status_id in ('2','8') and p.pri_id = t.pri_id order by t.pri_id, t.opened_date") or die(mysql_error());
$x=0;
while(list($id, $pri, $status, $date, $user, $subject) = $this->core->db->fetch_row($result)){
if ($x == 0){ $class = "boxCell"; $x++; }
else { $class = "boxCell-alt"; $x=0; }
$text .= "<tr>";
$text .= "<td id=$class><a href=tickets.php?action=view&ticket_id=$id class=links>$id</a></td>";
$text .= "<td id=$class>$pri</td>";
$text .= "<td id=$class>" . date($dateFormat, $this->core->global->getTime($date)) . "</td>";
$text .= "<td id=$class>$user</td>";
$text .= "<td id=$class>$subject</td>";
$text .= "</tr>";
}
$text .= "</table><br>";
$title = $this->textArray['Tickets Opened By Me'];
$insert = $text;
include("$this->templates/files/box.tpl.php");
$text = $hold . $text;
$this->body = $text;
}
function ticketSearch(){
if ($_POST[confirm] == 1){
$search = trim(rtrim($_POST[search]));
list($count) = $this->core->db->fetch_row($this->core->db->query("select count(*) from tickets where ticket_id = '$search'"));
if ($count != 0){
header("Location: tickets.php?action=view&ticket_id=$search");
}
else {
$text = "<table border=0 cellpadding=2 cellspacing=0 id=box>";
$text .= "<tr>";
$text .= "<td id=boxCell-bold>" . $this->textArray['ID'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Priority'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Status'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Opened Date'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Opened By'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Assigned To'] . "</td>";
$text .= "<td id=boxCell-bold>" . $this->textArray['Subject'] . "</td>";
$text .= "</tr>";
$dateFormat = $this->core->db->dbCall("dateFormat") . " H:i";
if ($this->admin < 2){ $and = "and (t.assigned_to = '$this->user_id' or t.all_search = '1') "; }
$search = "%" . $search . "%";
$result = $this->core->db->query("select t.ticket_id, p.pri_name, s.status_name, t.opened_date, concat(u.first_name, ' ', u.last_name), t.ticket_subject, concat(u1.first_name, ' ', u1.last_name) from users u1, tickets t, pri p, status s, users u where u.user_id = t.opened_by and s.status_id = t.status_id and p.pri_id = t.pri_id and (t.ticket_subject like '$search' or t.ticket_issue like '$search') and u1.user_id = t.assigned_to $and order by t.ticket_id") or die(mysql_error());
$x=0;
while(list($id, $pri, $status, $date, $open, $subject, $assign) = $this->core->db->fetch_row($result)){
if ($x == 0){ $class = "boxCell"; $x++; }
else { $class = "boxCell-alt"; $x=0; }
$text .= "<tr>";
$text .= "<td id=$class><a href=tickets.php?action=view&ticket_id=$id class=links>$id</a></td>";
$text .= "<td id=$class>$pri</td>";
$text .= "<td id=$class>$status</td>";
$text .= "<td id=$class>" . date($dateFormat, $this->core->global->getTime($date)) . "</td>";
$text .= "<td id=$class>$open</td>";
$text .= "<td id=$class>$assign</td>";
$text .= "<td id=$class>$subject</td>";
$text .= "</tr>";
}
$text .= "</table><br>";
$title = $this->textArray['Search Results'];
$insert = $text;
include("$this->templates/files/box.tpl.php");
$this->body = $text;
}
}
else {
$text = "<br><table cellpadding=2 cellspacing=0 id=box-400>";
$text .= "<form method=post action=tickets.php?action=search>";
$text .= "<input type=hidden name=confirm value=1>";
$text .= "<tr><td id=boxCell-center>" . $this->textArray['Ticket ID or Keywords'] . " : <input type=text size=30 name=search></td></tr>";
$text .= "<tr><td id=boxCell-center><input type=submit value='" . $this->textArray['Search'] . "' class=submit></form></td></tr></table><br>";
$title = $this->textArray['Ticket Search'];
$insert = $text;
include("$this->templates/files/box.tpl.php");
$this->body = $text;
}
}
}