From 32743e629d80dda2c29e6b695cac7d9bfc210cc1 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Tue, 14 Feb 2023 14:36:56 -0500
Subject: [PATCH] Fix issue when updating contact notes via contact details it
 overwrite every contacts notes more logging and alerting

---
 ajax.php                    |  2 +-
 post.php                    | 14 ++++++++++----
 ticket.php                  |  1 +
 ticket_reply_edit_modal.php |  1 +
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/ajax.php b/ajax.php
index 2e8610c0..c8b54fd5 100644
--- a/ajax.php
+++ b/ajax.php
@@ -170,7 +170,7 @@ if (isset($_POST['contact_set_notes'])) {
     $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes'])));
 
     // Update notes
-    mysqli_query($mysqli, "UPDATE contacts SET contact_notes = '$notes' WHERE contact_id = contact_id");
+    mysqli_query($mysqli, "UPDATE contacts SET contact_notes = '$notes' WHERE contact_id = $contact_id");
 
     // Logging
     mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = '$session_name modified contact notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
diff --git a/post.php b/post.php
index ae19164b..f4fcf281 100644
--- a/post.php
+++ b/post.php
@@ -6650,6 +6650,8 @@ if(isset($_POST['add_ticket_reply'])){
     $ticket_status = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['status'])));
     $ticket_reply_time_worked = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['time'])));
 
+    $client_id = intval($_POST['client_id']);
+
     if(isset($_POST['public_reply_type'])){
         $ticket_reply_type = 'Public';
     } else {
@@ -6753,12 +6755,14 @@ if(isset($_POST['edit_ticket_reply'])){
     $ticket_reply = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['ticket_reply']))));
     $ticket_reply_time_worked = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['time'])));
 
+    $client_id = intval($_POST['client_id']);
+
     mysqli_query($mysqli,"UPDATE ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_time_worked = '$ticket_reply_time_worked' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_type != 'Client' AND company_id = $session_company_id") or die(mysqli_error($mysqli));
 
     //Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket Update Modify', log_action = 'Modify', log_description = '$ticket_update_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket Reply', log_action = 'Modify', log_description = '$session_name modified ticket reply', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $ticket_reply_id, company_id = $session_company_id");
 
-    $_SESSION['alert_message'] = "Ticket update modified";
+    $_SESSION['alert_message'] = "Ticket reply updated";
 
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 
@@ -6773,9 +6777,10 @@ if(isset($_GET['archive_ticket_reply'])){
     mysqli_query($mysqli,"UPDATE ticket_replies SET ticket_reply_archived_at = NOW() WHERE ticket_reply_id = $ticket_reply_id AND company_id = $session_company_id");
 
     //Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket Update', log_action = 'Archive', log_description = '$ticket_update_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket Reply', log_action = 'Archive', log_description = '$session_name arhived ticket reply', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $ticket_reply_id, company_id = $session_company_id");
 
-    $_SESSION['alert_message'] = "Ticket update archived";
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "Ticket reply archived";
 
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 
@@ -6830,6 +6835,7 @@ if(isset($_POST['merge_ticket'])){
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Merged', log_description = 'Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
 
     $_SESSION['alert_message'] = "Ticket merged into $ticket_prefix$merge_into_ticket_number.";
+    
     header("Location: " . $_SERVER["HTTP_REFERER"]);
 
 }
diff --git a/ticket.php b/ticket.php
index bad563ce..bace5515 100644
--- a/ticket.php
+++ b/ticket.php
@@ -251,6 +251,7 @@ if (isset($_GET['ticket_id'])) {
                 <?php if ($ticket_status != "Closed") { ?>
                     <form class="mb-3" action="post.php" method="post" autocomplete="off">
                         <input type="hidden" name="ticket_id" id="ticket_id" value="<?php echo $ticket_id; ?>">
+                        <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
                         <div class="form-group">
                             <textarea class="form-control summernote" name="ticket_reply" required></textarea>
                         </div>
diff --git a/ticket_reply_edit_modal.php b/ticket_reply_edit_modal.php
index 1d9dd6fd..bf4c7e6d 100644
--- a/ticket_reply_edit_modal.php
+++ b/ticket_reply_edit_modal.php
@@ -9,6 +9,7 @@
             </div>
             <form action="post.php" method="post" autocomplete="off">
                 <input type="hidden" name="ticket_reply_id" value="<?php echo $ticket_reply_id; ?>">
+                <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
 
                 <div class="modal-body bg-white">