From 0914716b8ef3c0b8671c7bfbf630d61a8e4852b7 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Mon, 31 Mar 2025 18:42:56 -0400
Subject: [PATCH] Allow user to redact client replied tickets

---
 ajax/ajax_ticket_reply_redact.php |  9 +--------
 post/user/ticket.php              | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/ajax/ajax_ticket_reply_redact.php b/ajax/ajax_ticket_reply_redact.php
index e38c2bf1..4766ad55 100644
--- a/ajax/ajax_ticket_reply_redact.php
+++ b/ajax/ajax_ticket_reply_redact.php
@@ -11,9 +11,6 @@ $sql = mysqli_query($mysqli, "SELECT * FROM ticket_replies
 );
 
 $row = mysqli_fetch_array($sql);
-$ticket_reply_type = nullable_htmlentities($row['ticket_reply_type']);
-$ticket_reply_time_worked = date_create($row['ticket_reply_time_worked']);
-$ticket_reply_time_worked_formatted = date_format($ticket_reply_time_worked, 'H:i:s');
 $ticket_reply = nullable_htmlentities($row['ticket_reply']);
 $client_id = intval($row['ticket_client_id']);
 
@@ -31,10 +28,6 @@ ob_start();
 <form action="post.php" method="post" autocomplete="off">
     <input type="hidden" name="ticket_reply_id" value="<?php echo $ticket_reply_id; ?>">
     <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
-    <input type="hidden" name="ticket_reply_type" value="<?php echo $ticket_reply_type; ?>">
-    <?php if (!empty($ticket_reply_time_worked)) { ?>
-    <input type="hidden" name="time" value="<?php echo $ticket_reply_time_worked_formatted; ?>">
-    <?php } ?>
 
     <div class="modal-body bg-white">
 
@@ -44,7 +37,7 @@ ob_start();
 
     </div>
     <div class="modal-footer bg-white">
-        <button type="submit" name="edit_ticket_reply" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
+        <button type="submit" name="redact_ticket_reply" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
         <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
     </div>
 </form>
diff --git a/post/user/ticket.php b/post/user/ticket.php
index 81bfdd6a..41d31701 100644
--- a/post/user/ticket.php
+++ b/post/user/ticket.php
@@ -1572,6 +1572,25 @@ if (isset($_POST['edit_ticket_reply'])) {
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
 
+if (isset($_POST['redact_ticket_reply'])) {
+
+    enforceUserPermission('module_support', 2);
+
+    $ticket_reply_id = intval($_POST['ticket_reply_id']);
+    $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
+
+    $client_id = intval($_POST['client_id']);
+
+    mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id");
+
+    // Logging
+    logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id);
+
+    $_SESSION['alert_message'] = "Ticket reply redacted";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
 if (isset($_GET['archive_ticket_reply'])) {
 
     enforceUserPermission('module_support', 2);