diff --git a/client_tickets.php b/client_tickets.php index 59cb0687..f46a426f 100644 --- a/client_tickets.php +++ b/client_tickets.php @@ -2,7 +2,7 @@ require_once("inc_all_client.php"); if (!empty($_GET['sb'])) { - $sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb'])); + $sb = sanitizeInput($_GET['sb']); } else { $sb = "ticket_number"; } @@ -23,6 +23,7 @@ $sql = mysqli_query( LEFT JOIN users ON ticket_assigned_to = user_id LEFT JOIN assets ON ticket_asset_id = asset_id LEFT JOIN locations ON ticket_location_id = location_id + LEFT JOIN vendors ON ticket_vendor_id = vendor_id WHERE ticket_client_id = $client_id AND (CONCAT(ticket_prefix,ticket_number) LIKE '%$q%' OR ticket_subject LIKE '%$q%' OR ticket_status LIKE '%$q%' OR ticket_priority LIKE '%$q%' OR user_name LIKE '%$q%') ORDER BY $sb $o LIMIT $record_from, $record_to" @@ -34,14 +35,16 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
-

Tickets

+

Tickets

Scheduled Tickets
- +
Scheduled @@ -56,7 +59,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
- +
@@ -65,7 +68,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
- Export + Export
@@ -92,15 +95,15 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); Never

"; @@ -110,7 +113,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); } else { $ticket_updated_at_display = $ticket_updated_at; } - $ticket_closed_at = $row['ticket_closed_at']; + $ticket_closed_at = htmlentities($row['ticket_closed_at']); if ($ticket_status == "Open") { $ticket_status_display = "$ticket_status"; @@ -129,7 +132,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); } else{ $ticket_priority_display = "-"; } - $ticket_assigned_to = $row['ticket_assigned_to']; + $ticket_assigned_to = intval($row['ticket_assigned_to']); if (empty($ticket_assigned_to)) { if ($ticket_status == "Closed") { $ticket_assigned_to_display = "

Not Assigned

"; @@ -139,7 +142,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); } else { $ticket_assigned_to_display = htmlentities($row['user_name']); } - $contact_id = $row['contact_id']; + $contact_id = intval($row['contact_id']); $contact_name = htmlentities($row['contact_name']); if (empty($contact_name)) { $contact_display = "-"; @@ -152,6 +155,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()")); $contact_extension = htmlentities($row['contact_extension']); $contact_mobile = formatPhoneNumber($row['contact_mobile']); + $asset_id = intval($row['asset_id']); + $vendor_id = intval($row['vendor_id']); + ?> diff --git a/ticket.php b/ticket.php index 76b1f8c2..c06d440b 100644 --- a/ticket.php +++ b/ticket.php @@ -29,13 +29,13 @@ if (isset($_GET['ticket_id'])) { $client_type = htmlentities($row['client_type']); $client_website = htmlentities($row['client_website']); - $client_net_terms = htmlentities($row['client_net_terms']); + $client_net_terms = intval($row['client_net_terms']); if ($client_net_terms == 0) { $client_net_terms = $config_default_net_terms; } $ticket_prefix = htmlentities($row['ticket_prefix']); - $ticket_number = htmlentities($row['ticket_number']); + $ticket_number = intval($row['ticket_number']); $ticket_category = htmlentities($row['ticket_category']); $ticket_subject = htmlentities($row['ticket_subject']); $ticket_details = $row['ticket_details']; @@ -73,12 +73,6 @@ if (isset($_GET['ticket_id'])) { $ticket_assigned_to_display = htmlentities($row['user_name']); } - //Ticket Created By - $ticket_created_by = intval($row['ticket_created_by']); - $ticket_created_by_sql = mysqli_query($mysqli, "SELECT user_name FROM users WHERE user_id = $ticket_created_by"); - $row = mysqli_fetch_array($ticket_created_by_sql); - $ticket_created_by_display = htmlentities($row['user_name']); - $contact_id = intval($row['contact_id']); $contact_name = htmlentities($row['contact_name']); $contact_title = htmlentities($row['contact_title']); @@ -87,21 +81,6 @@ if (isset($_GET['ticket_id'])) { $contact_extension = htmlentities($row['contact_extension']); $contact_mobile = formatPhoneNumber($row['contact_mobile']); - if ($contact_id) { - //Get Contact Ticket Stats - $ticket_related_open = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS ticket_related_open FROM tickets WHERE ticket_status != 'Closed' AND ticket_contact_id = $contact_id "); - $row = mysqli_fetch_array($ticket_related_open); - $ticket_related_open = intval($row['ticket_related_open']); - - $ticket_related_closed = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS ticket_related_closed FROM tickets WHERE ticket_status = 'Closed' AND ticket_contact_id = $contact_id "); - $row = mysqli_fetch_array($ticket_related_closed); - $ticket_related_closed = intval($row['ticket_related_closed']); - - $ticket_related_total = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS ticket_related_total FROM tickets WHERE ticket_contact_id = $contact_id "); - $row = mysqli_fetch_array($ticket_related_total); - $ticket_related_total = intval($row['ticket_related_total']); - } - $asset_id = intval($row['asset_id']); $asset_ip = htmlentities($row['asset_ip']); $asset_name = htmlentities($row['asset_name']); @@ -133,6 +112,27 @@ if (isset($_GET['ticket_id'])) { $location_zip = htmlentities($row['location_zip']); $location_phone = formatPhoneNumber($row['location_phone']); + //Ticket Created By + $ticket_created_by = intval($row['ticket_created_by']); + $ticket_created_by_sql = mysqli_query($mysqli, "SELECT user_name FROM users WHERE user_id = $ticket_created_by"); + $row = mysqli_fetch_array($ticket_created_by_sql); + $ticket_created_by_display = htmlentities($row['user_name']); + + if ($contact_id) { + //Get Contact Ticket Stats + $ticket_related_open = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS ticket_related_open FROM tickets WHERE ticket_status != 'Closed' AND ticket_contact_id = $contact_id "); + $row = mysqli_fetch_array($ticket_related_open); + $ticket_related_open = intval($row['ticket_related_open']); + + $ticket_related_closed = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS ticket_related_closed FROM tickets WHERE ticket_status = 'Closed' AND ticket_contact_id = $contact_id "); + $row = mysqli_fetch_array($ticket_related_closed); + $ticket_related_closed = intval($row['ticket_related_closed']); + + $ticket_related_total = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS ticket_related_total FROM tickets WHERE ticket_contact_id = $contact_id "); + $row = mysqli_fetch_array($ticket_related_total); + $ticket_related_total = intval($row['ticket_related_total']); + } + //Get Total Ticket Time $ticket_total_reply_time = mysqli_query($mysqli, "SELECT SEC_TO_TIME(SUM(TIME_TO_SEC(ticket_reply_time_worked))) AS ticket_total_reply_time FROM ticket_replies WHERE ticket_reply_archived_at IS NULL AND ticket_reply_ticket_id = $ticket_id"); $row = mysqli_fetch_array($ticket_total_reply_time); diff --git a/ticket_edit_modal.php b/ticket_edit_modal.php index c165f84c..61f3559f 100644 --- a/ticket_edit_modal.php +++ b/ticket_edit_modal.php @@ -140,7 +140,7 @@ $asset_id_select = intval($row['asset_id']); $asset_name_select = htmlentities($row['asset_name']); ?> - + - + None '$item_created_at' OR tax_archived_at IS NULL) AND company_id = $session_company_id ORDER BY tax_name ASC"); + $taxes_sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE tax_archived_at IS NULL AND company_id = $session_company_id ORDER BY tax_name ASC"); while ($row = mysqli_fetch_array($taxes_sql)) { $tax_id_select = intval($row['tax_id']); $tax_name = htmlentities($row['tax_name']); $tax_percent = floatval($row['tax_percent']); ?> - +