From 353b082f0c165e9f99782bc30381cbc3b2f59a31 Mon Sep 17 00:00:00 2001 From: johnnyq Date: Tue, 29 Aug 2023 12:56:00 -0400 Subject: [PATCH] Converted Create Ticket Email Notification to the new mail queue system --- post/ticket.php | 48 ++++++++++++++++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 14 deletions(-) diff --git a/post/ticket.php b/post/ticket.php index 13fcd21b..d7bee798 100644 --- a/post/ticket.php +++ b/post/ticket.php @@ -46,43 +46,63 @@ if (isset($_POST['add_ticket'])) { if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) { // Get contact/ticket details - $sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject FROM tickets + $sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets LEFT JOIN clients ON ticket_client_id = client_id LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE ticket_id = $ticket_id"); $row = mysqli_fetch_array($sql); + // Unescaped Content used for email body and subject because it will get escaped as a whole $contact_name = $row['contact_name']; - $contact_email = $row['contact_email']; $ticket_prefix = $row['ticket_prefix']; $ticket_number = intval($row['ticket_number']); $ticket_subject = $row['ticket_subject']; + $ticket_details = $row['ticket_details']; + $client_id = intval($row['ticket_client_id']); + $ticket_created_by = intval($row['ticket_created_by']); + $ticket_assigned_to = intval($row['ticket_assigned_to']); + + // Escaped content used for everything else except email subject and body + $contact_name_escaped = sanitizeInput($row['contact_name']); + $contact_email_escaped = sanitizeInput($row['contact_email']); + $ticket_prefix_escaped = sanitizeInput($row['ticket_prefix']); + $ticket_subject_escaped = sanitizeInput($row['ticket_subject']); + + // Sanitize Config vars from get_settings.php + $config_ticket_from_name_escaped = sanitizeInput($config_ticket_from_name); + $config_ticket_from_email_escaped = sanitizeInput($config_ticket_from_email); $sql = mysqli_query($mysqli,"SELECT company_phone FROM companies WHERE company_id = 1"); $company_phone = formatPhoneNumber($row['company_phone']); // Verify contact email is valid - if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { + if (filter_var($contact_email_escaped, FILTER_VALIDATE_EMAIL)) { - $subject = "Ticket created - [$ticket_prefix$ticket_number] - $ticket_subject"; - $body = "##- Please type your reply above this line -##

Hello, $contact_name

A ticket regarding \"$ticket_subject\" has been created for you.

--------------------------------
$details--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: Open
Portal: https://$config_base_url/portal/ticket.php?id=$id

~
$session_company_name
Support Department
$config_ticket_from_email
$company_phone"; + $subject_escaped = mysqli_escape_string($mysqli, "Ticket created - [$ticket_prefix$ticket_number] - $ticket_subject"); + $body_escaped = mysqli_escape_string($mysqli, "##- Please type your reply above this line -##

Hello, $contact_name

A ticket regarding \"$ticket_subject\" has been created for you.

--------------------------------
$ticket_details--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: Open
Portal: https://$config_base_url/portal/ticket.php?id=$ticket_id

~
$session_company_name
Support Department
$config_ticket_from_email
$company_phone"); - $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port, - $config_ticket_from_email, $config_ticket_from_name, - $contact_email, $contact_name, - $subject, $body); + // Email Ticket Contact + // Queue Mail + mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$contact_email_escaped', email_recipient_name = '$contact_name_escaped', email_from = '$config_ticket_from_email_escaped', email_from_name = '$config_ticket_from_name_escaped', email_subject = '$subject_escaped', email_content = '$body_escaped'"); - if ($mail !== true) { - mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email rearding ticket $config_ticket_prefix$ticket_number - $ticket_subject', notification_client_id = $client_id, notification_user_id = $session_user_id"); - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject relating to ticket $config_ticket_prefix$ticket_number. $mail', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $ticket_id"); - } + // Get Email ID for reference + $email_id = mysqli_insert_id($mysqli); + // Also Email all the watchers + $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); + $body_escaped .= "

----------------------------------------
DO NOT REPLY - YOU ARE RECEIVING THIS EMAIL BECAUSE YOU ARE A WATCHER"; + while ($row = mysqli_fetch_array($sql_watchers)) { + $watcher_email_escaped = sanitizeInput($row['watcher_email']); + + // Queue Mail + mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$watcher_email_escaped', email_recipient_name = '$contact_name_escaped', email_from = '$config_ticket_from_email_escaped', email_from_name = '$config_ticket_from_name_escaped', email_subject = '$subject_escaped', email_content = '$body_escaped'"); + } } } // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = '$session_name created ticket $config_ticket_prefix$ticket_number - $subject', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $ticket_number"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = '$session_name created ticket $config_ticket_prefix_escaped$ticket_number - $ticket_subject_escaped', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $ticket_id"); $_SESSION['alert_message'] = "Ticket $config_ticket_prefix$ticket_number created";