diff --git a/admin/oauth_microsoft_mail_callback.php b/admin/oauth_microsoft_mail_callback.php new file mode 100644 index 00000000..88b6a066 --- /dev/null +++ b/admin/oauth_microsoft_mail_callback.php @@ -0,0 +1,103 @@ + $session_state_expires) { + flash_alert("Microsoft OAuth callback validation failed. Please try connecting again.", 'error'); + redirect($settings_mail_path); +} + +if (empty($config_mail_oauth_client_id) || empty($config_mail_oauth_client_secret) || empty($config_mail_oauth_tenant_id)) { + flash_alert("Microsoft OAuth settings are incomplete. Please fill Client ID, Client Secret, and Tenant ID.", 'error'); + redirect($settings_mail_path); +} + +if (defined('BASE_URL') && !empty(BASE_URL)) { + $base_url = rtrim((string) BASE_URL, '/'); +} else { + $base_url = 'https://' . rtrim((string) $config_base_url, '/'); +} + +$redirect_uri = $base_url . '/admin/oauth_microsoft_mail_callback.php'; +$token_url = 'https://login.microsoftonline.com/' . rawurlencode($config_mail_oauth_tenant_id) . '/oauth2/v2.0/token'; +$scope = 'offline_access openid profile https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send'; + +$ch = curl_init($token_url); +curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); +curl_setopt($ch, CURLOPT_POST, true); +curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([ + 'client_id' => $config_mail_oauth_client_id, + 'client_secret' => $config_mail_oauth_client_secret, + 'grant_type' => 'authorization_code', + 'code' => $code, + 'redirect_uri' => $redirect_uri, + 'scope' => $scope, +], '', '&')); +curl_setopt($ch, CURLOPT_TIMEOUT, 20); + +$raw_body = curl_exec($ch); +$curl_err = curl_error($ch); +$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); +curl_close($ch); + +if ($raw_body === false || $http_code < 200 || $http_code >= 300) { + $reason = !empty($curl_err) ? $curl_err : "HTTP $http_code"; + flash_alert("Microsoft OAuth token exchange failed: $reason", 'error'); + redirect($settings_mail_path); +} + +$json = json_decode($raw_body, true); +if (!is_array($json) || empty($json['refresh_token']) || empty($json['access_token'])) { + flash_alert("Microsoft OAuth token exchange failed: refresh token or access token missing.", 'error'); + redirect($settings_mail_path); +} + +$refresh_token = (string) $json['refresh_token']; +$access_token = (string) $json['access_token']; +$expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); + +$refresh_token_esc = mysqli_real_escape_string($mysqli, $refresh_token); +$access_token_esc = mysqli_real_escape_string($mysqli, $access_token); +$expires_at_esc = mysqli_real_escape_string($mysqli, $expires_at); + +mysqli_query($mysqli, "UPDATE settings SET + config_imap_provider = 'microsoft_oauth', + config_smtp_provider = 'microsoft_oauth', + config_mail_oauth_refresh_token = '$refresh_token_esc', + config_mail_oauth_access_token = '$access_token_esc', + config_mail_oauth_access_token_expires_at = '$expires_at_esc' + WHERE company_id = 1 +"); + +logAction("Settings", "Edit", "$session_name completed Microsoft OAuth connect flow for mail settings"); +flash_alert("Microsoft OAuth connected successfully. Token expires at $expires_at."); +redirect($settings_mail_path); diff --git a/admin/post/settings_mail.php b/admin/post/settings_mail.php index 34d9dc0e..bd24ca00 100644 --- a/admin/post/settings_mail.php +++ b/admin/post/settings_mail.php @@ -1,287 +1,582 @@ - $email_from, - 'from_name' => $email_from_name, - 'recipient' => $email_to, - 'recipient_name' => 'Chap', - 'subject' => $subject, - 'body' => $body - ] - ]; - - $mail = addToMailQueue($data); - - if ($mail === true) { - flash_alert("Test email queued! Check Admin > Mail queue"); - } else { - flash_alert("Failed to add test mail to queue", 'error'); - } - - redirect(); - -} - -if (isset($_POST['test_email_imap'])) { - - validateCSRFToken($_POST['csrf_token']); - - $host = $config_imap_host; - $port = (int) $config_imap_port; - $encryption = strtolower(trim($config_imap_encryption)); // e.g. "ssl", "tls", "none" - $username = $config_imap_username; - $password = $config_imap_password; - - // Build remote socket (implicit SSL vs plain TCP) - $transport = 'tcp'; - if ($encryption === 'ssl') { - $transport = 'ssl'; - } - - $remote_socket = $transport . '://' . $host . ':' . $port; - - // Stream context (you can tighten these if you want strict validation) - $contextOptions = []; - if (in_array($encryption, ['ssl', 'tls'], true)) { - $contextOptions['ssl'] = [ - 'verify_peer' => false, - 'verify_peer_name' => false, - 'allow_self_signed' => true, - ]; - } - - $context = stream_context_create($contextOptions); - - try { - $errno = 0; - $errstr = ''; - - // 10-second timeout, adjust as needed - $fp = @stream_socket_client( - $remote_socket, - $errno, - $errstr, - 10, - STREAM_CLIENT_CONNECT, - $context - ); - - if (!$fp) { - throw new Exception("Could not connect to IMAP server: [$errno] $errstr"); - } - - stream_set_timeout($fp, 10); - - // Read server greeting (IMAP servers send something like: * OK Dovecot ready) - $greeting = fgets($fp, 1024); - if ($greeting === false || strpos($greeting, '* OK') !== 0) { - fclose($fp); - throw new Exception("Invalid IMAP greeting: " . trim((string) $greeting)); - } - - // If you really want STARTTLS for "tls" (port 143), you can do it here - if ($encryption === 'tls' && stripos($greeting, 'STARTTLS') !== false) { - // Request STARTTLS - fwrite($fp, "A0001 STARTTLS\r\n"); - $line = fgets($fp, 1024); - if ($line === false || stripos($line, 'A0001 OK') !== 0) { - fclose($fp); - throw new Exception("STARTTLS failed: " . trim((string) $line)); - } - - // Enable crypto on the stream - if (!stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { - fclose($fp); - throw new Exception("Unable to enable TLS encryption on IMAP connection."); - } - } - - // --- Do LOGIN command --- - $tag = 'A0002'; - - // Simple quoting; this may fail with some special chars in username/password. - $loginCmd = sprintf( - "%s LOGIN \"%s\" \"%s\"\r\n", - $tag, - addcslashes($username, "\\\""), - addcslashes($password, "\\\"") - ); - - fwrite($fp, $loginCmd); - - $success = false; - $errorLine = ''; - - while (!feof($fp)) { - $line = fgets($fp, 2048); - if ($line === false) { - break; - } - - // Look for tagged response for our LOGIN - if (strpos($line, $tag . ' ') === 0) { - if (stripos($line, $tag . ' OK') === 0) { - $success = true; - } else { - $errorLine = trim($line); - } - break; - } - } - - // Always logout / close - fwrite($fp, "A0003 LOGOUT\r\n"); - fclose($fp); - - if ($success) { - flash_alert("Connected successfully"); - } else { - if (!$errorLine) { - $errorLine = 'Unknown IMAP authentication error'; - } - throw new Exception($errorLine); - } - - } catch (Exception $e) { - flash_alert("IMAP connection failed: " . htmlspecialchars($e->getMessage()), 'error'); - } - - redirect(); -} + $config_mail_oauth_client_id, + 'response_type' => 'code', + 'redirect_uri' => $redirect_uri, + 'response_mode' => 'query', + 'scope' => $scope, + 'state' => $state, + 'prompt' => 'consent', + ], '', '&', PHP_QUERY_RFC3986); + + logAction("Settings", "Edit", "$session_name started Microsoft OAuth connect flow for mail settings"); + + redirect($authorize_url); +} + +if (isset($_POST['edit_mail_smtp_settings'])) { + + validateCSRFToken($_POST['csrf_token']); + + $config_smtp_provider = sanitizeInput($_POST['config_smtp_provider']); + $config_smtp_host = sanitizeInput($_POST['config_smtp_host']); + $config_smtp_port = intval($_POST['config_smtp_port'] ?? 0); + $config_smtp_encryption = sanitizeInput($_POST['config_smtp_encryption']); + $config_smtp_username = sanitizeInput($_POST['config_smtp_username']); + $config_smtp_password = sanitizeInput($_POST['config_smtp_password']); + + // Shared OAuth fields + $config_mail_oauth_client_id = sanitizeInput($_POST['config_mail_oauth_client_id']); + $config_mail_oauth_client_secret = sanitizeInput($_POST['config_mail_oauth_client_secret']); + $config_mail_oauth_tenant_id = sanitizeInput($_POST['config_mail_oauth_tenant_id']); + $config_mail_oauth_refresh_token = sanitizeInput($_POST['config_mail_oauth_refresh_token']); + $config_mail_oauth_access_token = sanitizeInput($_POST['config_mail_oauth_access_token']); + + mysqli_query($mysqli, " + UPDATE settings SET + config_smtp_provider = '$config_smtp_provider', + config_smtp_host = '$config_smtp_host', + config_smtp_port = $config_smtp_port, + config_smtp_encryption = '$config_smtp_encryption', + config_smtp_username = '$config_smtp_username', + config_smtp_password = '$config_smtp_password', + config_mail_oauth_client_id = '$config_mail_oauth_client_id', + config_mail_oauth_client_secret = '$config_mail_oauth_client_secret', + config_mail_oauth_tenant_id = '$config_mail_oauth_tenant_id', + config_mail_oauth_refresh_token = '$config_mail_oauth_refresh_token', + config_mail_oauth_access_token = '$config_mail_oauth_access_token' + WHERE company_id = 1 + "); + + logAction("Settings", "Edit", "$session_name edited SMTP settings"); + + flash_alert("SMTP Mail Settings updated"); + + redirect(); + +} + +if (isset($_POST['edit_mail_imap_settings'])) { + + validateCSRFToken($_POST['csrf_token']); + + $config_imap_provider = sanitizeInput($_POST['config_imap_provider']); + $config_imap_host = sanitizeInput($_POST['config_imap_host']); + $config_imap_port = intval($_POST['config_imap_port'] ?? 0); + $config_imap_encryption = sanitizeInput($_POST['config_imap_encryption']); + $config_imap_username = sanitizeInput($_POST['config_imap_username']); + $config_imap_password = sanitizeInput($_POST['config_imap_password']); + + // Shared OAuth fields + $config_mail_oauth_client_id = sanitizeInput($_POST['config_mail_oauth_client_id']); + $config_mail_oauth_client_secret = sanitizeInput($_POST['config_mail_oauth_client_secret']); + $config_mail_oauth_tenant_id = sanitizeInput($_POST['config_mail_oauth_tenant_id']); + $config_mail_oauth_refresh_token = sanitizeInput($_POST['config_mail_oauth_refresh_token']); + $config_mail_oauth_access_token = sanitizeInput($_POST['config_mail_oauth_access_token']); + + mysqli_query($mysqli, " + UPDATE settings SET + config_imap_provider = '$config_imap_provider', + config_imap_host = '$config_imap_host', + config_imap_port = $config_imap_port, + config_imap_encryption = '$config_imap_encryption', + config_imap_username = '$config_imap_username', + config_imap_password = '$config_imap_password', + config_mail_oauth_client_id = '$config_mail_oauth_client_id', + config_mail_oauth_client_secret = '$config_mail_oauth_client_secret', + config_mail_oauth_tenant_id = '$config_mail_oauth_tenant_id', + config_mail_oauth_refresh_token = '$config_mail_oauth_refresh_token', + config_mail_oauth_access_token = '$config_mail_oauth_access_token' + WHERE company_id = 1 + "); + + logAction("Settings", "Edit", "$session_name edited IMAP settings"); + + flash_alert("IMAP Mail Settings updated"); + + redirect(); + +} + +if (isset($_POST['edit_mail_from_settings'])) { + + validateCSRFToken($_POST['csrf_token']); + + $config_mail_from_email = sanitizeInput(filter_var($_POST['config_mail_from_email'], FILTER_VALIDATE_EMAIL)); + $config_mail_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_mail_from_name'])); + + $config_invoice_from_email = sanitizeInput(filter_var($_POST['config_invoice_from_email'], FILTER_VALIDATE_EMAIL)); + $config_invoice_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_invoice_from_name'])); + + $config_quote_from_email = sanitizeInput(filter_var($_POST['config_quote_from_email'], FILTER_VALIDATE_EMAIL)); + $config_quote_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_quote_from_name'])); + + $config_ticket_from_email = sanitizeInput(filter_var($_POST['config_ticket_from_email'], FILTER_VALIDATE_EMAIL)); + $config_ticket_from_name = sanitizeInput(preg_replace('/[^a-zA-Z0-9\s]/', '', $_POST['config_ticket_from_name'])); + + mysqli_query($mysqli,"UPDATE settings SET config_mail_from_email = '$config_mail_from_email', config_mail_from_name = '$config_mail_from_name', config_invoice_from_email = '$config_invoice_from_email', config_invoice_from_name = '$config_invoice_from_name', config_quote_from_email = '$config_quote_from_email', config_quote_from_name = '$config_quote_from_name', config_ticket_from_email = '$config_ticket_from_email', config_ticket_from_name = '$config_ticket_from_name' WHERE company_id = 1"); + + logAction("Settings", "Edit", "$session_name edited mail from settings"); + + flash_alert("Mail From Settings updated"); + + redirect(); + +} + +if (isset($_POST['test_email_smtp'])) { + + validateCSRFToken($_POST['csrf_token']); + + $test_email = intval($_POST['test_email']); + + if($test_email == 1) { + $email_from = sanitizeInput($config_mail_from_email); + $email_from_name = sanitizeInput($config_mail_from_name); + } elseif ($test_email == 2) { + $email_from = sanitizeInput($config_invoice_from_email); + $email_from_name = sanitizeInput($config_invoice_from_name); + } elseif ($test_email == 3) { + $email_from = sanitizeInput($config_quote_from_email); + $email_from_name = sanitizeInput($config_quote_from_name); + } else { + $email_from = sanitizeInput($config_ticket_from_email); + $email_from_name = sanitizeInput($config_ticket_from_name); + } + + $email_to = sanitizeInput($_POST['email_to']); + $subject = "Test email from ITFlow"; + $body = "This is a test email from ITFlow. If you are reading this, it worked!"; + + $data = [ + [ + 'from' => $email_from, + 'from_name' => $email_from_name, + 'recipient' => $email_to, + 'recipient_name' => 'Chap', + 'subject' => $subject, + 'body' => $body + ] + ]; + + $mail = addToMailQueue($data); + + if ($mail === true) { + flash_alert("Test email queued! Check Admin > Mail queue"); + } else { + flash_alert("Failed to add test mail to queue", 'error'); + } + + redirect(); + +} + +if (isset($_POST['test_email_imap'])) { + + validateCSRFToken($_POST['csrf_token']); + + $provider = sanitizeInput($config_imap_provider ?? ''); + + $host = $config_imap_host; + $port = (int) $config_imap_port; + $encryption = strtolower(trim($config_imap_encryption)); // e.g. "ssl", "tls", "none" + $username = $config_imap_username; + $password = $config_imap_password; + + // Shared OAuth fields + $config_mail_oauth_client_id = $config_mail_oauth_client_id ?? ''; + $config_mail_oauth_client_secret = $config_mail_oauth_client_secret ?? ''; + $config_mail_oauth_tenant_id = $config_mail_oauth_tenant_id ?? ''; + $config_mail_oauth_refresh_token = $config_mail_oauth_refresh_token ?? ''; + $config_mail_oauth_access_token = $config_mail_oauth_access_token ?? ''; + $config_mail_oauth_access_token_expires_at = $config_mail_oauth_access_token_expires_at ?? ''; + + $is_oauth = ($provider === 'google_oauth' || $provider === 'microsoft_oauth'); + + if ($provider === 'google_oauth') { + if (empty($host)) { + $host = 'imap.gmail.com'; + } + if (empty($port)) { + $port = 993; + } + if (empty($encryption)) { + $encryption = 'ssl'; + } + } elseif ($provider === 'microsoft_oauth') { + if (empty($host)) { + $host = 'outlook.office365.com'; + } + if (empty($port)) { + $port = 993; + } + if (empty($encryption)) { + $encryption = 'ssl'; + } + } + + if (empty($host) || empty($port) || empty($username)) { + flash_alert("IMAP connection failed: Missing host, port, or username.", 'error'); + redirect(); + } + + $token_is_expired = function (?string $expires_at): bool { + if (empty($expires_at)) { + return true; + } + + $ts = strtotime($expires_at); + + if ($ts === false) { + return true; + } + + return ($ts - 60) <= time(); + }; + + $http_form_post = function (string $url, array $fields): array { + $ch = curl_init($url); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields, '', '&')); + curl_setopt($ch, CURLOPT_TIMEOUT, 20); + + $raw = curl_exec($ch); + $err = curl_error($ch); + $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + + curl_close($ch); + + return [ + 'ok' => ($raw !== false && $code >= 200 && $code < 300), + 'body' => $raw, + 'code' => $code, + 'err' => $err, + ]; + }; + + if ($is_oauth) { + if (!empty($config_mail_oauth_access_token) && !$token_is_expired($config_mail_oauth_access_token_expires_at)) { + $password = $config_mail_oauth_access_token; + } else { + if (empty($config_mail_oauth_client_id) || empty($config_mail_oauth_client_secret) || empty($config_mail_oauth_refresh_token)) { + flash_alert("IMAP OAuth failed: Missing OAuth client credentials or refresh token.", 'error'); + redirect(); + } + + if ($provider === 'google_oauth') { + $response = $http_form_post('https://oauth2.googleapis.com/token', [ + 'client_id' => $config_mail_oauth_client_id, + 'client_secret' => $config_mail_oauth_client_secret, + 'refresh_token' => $config_mail_oauth_refresh_token, + 'grant_type' => 'refresh_token', + ]); + } else { + if (empty($config_mail_oauth_tenant_id)) { + flash_alert("IMAP OAuth failed: Microsoft tenant ID is required.", 'error'); + redirect(); + } + + $token_url = MICROSOFT_OAUTH_BASE_URL . rawurlencode($config_mail_oauth_tenant_id) . "/oauth2/v2.0/token"; + $response = $http_form_post($token_url, [ + 'client_id' => $config_mail_oauth_client_id, + 'client_secret' => $config_mail_oauth_client_secret, + 'refresh_token' => $config_mail_oauth_refresh_token, + 'grant_type' => 'refresh_token', + ]); + } + + if (!$response['ok']) { + flash_alert("IMAP OAuth failed: Could not refresh access token.", 'error'); + redirect(); + } + + $json = json_decode($response['body'], true); + if (!is_array($json) || empty($json['access_token'])) { + flash_alert("IMAP OAuth failed: Token response did not include an access token.", 'error'); + redirect(); + } + + $password = $json['access_token']; + $expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); + $refresh_token_to_save = $json['refresh_token'] ?? null; + + $token_esc = mysqli_real_escape_string($mysqli, $password); + $expires_at_esc = mysqli_real_escape_string($mysqli, $expires_at); + + $refresh_sql = ''; + if (!empty($refresh_token_to_save)) { + $refresh_token_esc = mysqli_real_escape_string($mysqli, $refresh_token_to_save); + $refresh_sql = ", config_mail_oauth_refresh_token = '{$refresh_token_esc}'"; + } + + mysqli_query($mysqli, "UPDATE settings SET config_mail_oauth_access_token = '{$token_esc}', config_mail_oauth_access_token_expires_at = '{$expires_at_esc}'{$refresh_sql} WHERE company_id = 1"); + } + } + + // Build remote socket (implicit SSL vs plain TCP) + $transport = 'tcp'; + if ($encryption === 'ssl') { + $transport = 'ssl'; + } + + $remote_socket = $transport . '://' . $host . ':' . $port; + + // Stream context (you can tighten these if you want strict validation) + $context_options = []; + if (in_array($encryption, ['ssl', 'tls'], true)) { + $context_options['ssl'] = [ + 'verify_peer' => false, + 'verify_peer_name' => false, + 'allow_self_signed' => true, + ]; + } + + $context = stream_context_create($context_options); + + try { + $errno = 0; + $errstr = ''; + + // 10-second timeout, adjust as needed + $fp = @stream_socket_client( + $remote_socket, + $errno, + $errstr, + 10, + STREAM_CLIENT_CONNECT, + $context + ); + + if (!$fp) { + throw new Exception("Could not connect to IMAP server: [$errno] $errstr"); + } + + stream_set_timeout($fp, 10); + + // Read server greeting (IMAP servers send something like: * OK Dovecot ready) + $greeting = fgets($fp, 1024); + if ($greeting === false || strpos($greeting, '* OK') !== 0) { + fclose($fp); + throw new Exception("Invalid IMAP greeting: " . trim((string) $greeting)); + } + // If you really want STARTTLS for "tls" (port 143), you can do it here + if ($encryption === 'tls' && stripos($greeting, 'STARTTLS') !== false) { + fwrite($fp, "A0001 STARTTLS\r\n"); + $line = fgets($fp, 1024); + if ($line === false || stripos($line, 'A0001 OK') !== 0) { + fclose($fp); + throw new Exception("STARTTLS failed: " . trim((string) $line)); + } + + if (!stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + fclose($fp); + throw new Exception("Unable to enable TLS encryption on IMAP connection."); + } + } + + $tag = 'A0002'; + + if ($is_oauth) { + $oauth_b64 = base64_encode("user={$username}\x01auth=Bearer {$password}\x01\x01"); + $auth_cmd = sprintf("%s AUTHENTICATE XOAUTH2 %s\r\n", $tag, $oauth_b64); + fwrite($fp, $auth_cmd); + } else { + $login_cmd = sprintf( + "%s LOGIN \"%s\" \"%s\"\r\n", + $tag, + addcslashes($username, "\\\""), + addcslashes($password, "\\\"") + ); + + fwrite($fp, $login_cmd); + } + + $success = false; + $error_line = ''; + + while (!feof($fp)) { + $line = fgets($fp, 2048); + if ($line === false) { + break; + } + + if (strpos($line, $tag . ' ') === 0) { + if (stripos($line, $tag . ' OK') === 0) { + $success = true; + } else { + $error_line = trim($line); + } + break; + } + } + + // Always logout / close + fwrite($fp, "A0003 LOGOUT\r\n"); + fclose($fp); + + if ($success) { + if ($is_oauth) { + flash_alert("Connected successfully using OAuth"); + } else { + flash_alert("Connected successfully"); + } + } else { + if (!$error_line) { + $error_line = 'Unknown IMAP authentication error'; + } + throw new Exception($error_line); + } + + } catch (Exception $e) { + flash_alert("IMAP connection failed: " . htmlspecialchars($e->getMessage()), 'error'); + } + + redirect(); +} + + +if (isset($_POST['test_oauth_token_refresh'])) { + + validateCSRFToken($_POST['csrf_token']); + + $provider = sanitizeInput($_POST['oauth_provider'] ?? ''); + + if ($provider !== 'google_oauth' && $provider !== 'microsoft_oauth') { + flash_alert("OAuth token test failed: unsupported provider.", 'error'); + redirect(); + } + + $oauth_client_id = sanitizeInput($config_mail_oauth_client_id ?? ''); + $oauth_client_secret = sanitizeInput($config_mail_oauth_client_secret ?? ''); + $oauth_tenant_id = sanitizeInput($config_mail_oauth_tenant_id ?? ''); + $oauth_refresh_token = sanitizeInput($config_mail_oauth_refresh_token ?? ''); + + if (empty($oauth_client_id) || empty($oauth_client_secret) || empty($oauth_refresh_token)) { + flash_alert("OAuth token test failed: missing client ID, client secret, or refresh token.", 'error'); + redirect(); + } + + if ($provider === 'microsoft_oauth' && empty($oauth_tenant_id)) { + flash_alert("OAuth token test failed: Microsoft tenant ID is required.", 'error'); + redirect(); + } + + $token_url = 'https://oauth2.googleapis.com/token'; + if ($provider === 'microsoft_oauth') { + $token_url = MICROSOFT_OAUTH_BASE_URL . rawurlencode($oauth_tenant_id) . "/oauth2/v2.0/token"; + } + + $post_fields = http_build_query([ + 'client_id' => $oauth_client_id, + 'client_secret' => $oauth_client_secret, + 'refresh_token' => $oauth_refresh_token, + 'grant_type' => 'refresh_token', + ]); + + $ch = curl_init($token_url); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields); + curl_setopt($ch, CURLOPT_TIMEOUT, 20); + + $raw_body = curl_exec($ch); + $curl_err = curl_error($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + curl_close($ch); + + if ($raw_body === false || $http_code < 200 || $http_code >= 300) { + $err_msg = !empty($curl_err) ? $curl_err : "HTTP $http_code"; + flash_alert("OAuth token test failed: $err_msg", 'error'); + redirect(); + } + + $json = json_decode($raw_body, true); + + if (!is_array($json) || empty($json['access_token'])) { + flash_alert("OAuth token test failed: access token missing in provider response.", 'error'); + redirect(); + } + + $new_access_token = sanitizeInput($json['access_token']); + $new_expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); + $new_refresh_token = !empty($json['refresh_token']) ? sanitizeInput($json['refresh_token']) : ''; + + $new_access_token_esc = mysqli_real_escape_string($mysqli, $new_access_token); + $new_expires_at_esc = mysqli_real_escape_string($mysqli, $new_expires_at); + + $refresh_sql = ''; + if (!empty($new_refresh_token)) { + $new_refresh_token_esc = mysqli_real_escape_string($mysqli, $new_refresh_token); + $refresh_sql = ", config_mail_oauth_refresh_token = '$new_refresh_token_esc'"; + } + + mysqli_query($mysqli, "UPDATE settings SET config_mail_oauth_access_token = '$new_access_token_esc', config_mail_oauth_access_token_expires_at = '$new_expires_at_esc'$refresh_sql WHERE company_id = 1"); + + $provider_label = $provider === 'microsoft_oauth' ? 'Microsoft 365' : 'Google Workspace'; + logAction("Settings", "Edit", "$session_name tested OAuth token refresh for $provider_label mail settings"); + + flash_alert("OAuth token refresh successful for $provider_label. Access token expires at $new_expires_at."); + redirect(); +} diff --git a/admin/settings_mail.php b/admin/settings_mail.php index eb0dee02..923739cd 100644 --- a/admin/settings_mail.php +++ b/admin/settings_mail.php @@ -1,495 +1,590 @@ - - -
-
-

SMTP Mail Settings (For Sending Email)

-
-
-
- - - -
- -
-
- -
- -
- - Choose your SMTP provider. OAuth options ignore the SMTP password here. - -
- - - -
-
- -
-
- -
- -
-
- -
- -
-
- -
- -
-
- -
- -
-
- -
- -
-
- -
- -
-
- -
- -
-
- -
-
- -
-
- -
- -
- -
-
-
-
- -
- -
- - - -
-
-
- -
-
-

IMAP Mail Settings (For Monitoring Ticket Inbox)

-
-
-
- - -
- -
-
- -
- -
- - Select your mailbox provider. OAuth options ignore the IMAP password here. - -
- - -
- -
-
- -
- -
-
- -
- -
-
- -
- -
- -
-
-
- - - - -
- - - -
-
-
- -
-
-

Mail From Configuration

-
-
-
- - -

Each of the "From Email" Addresses need to be able to send email on behalf of the SMTP user configured above -

System Default
-

(used for system tasks such as sending share links)

-
- -
-
- -
- -
-
- -
- -
-
- -
- -
-
- -
Invoices
-

(used for when invoice emails are sent)

- -
- -
-
- -
- -
-
- -
- -
-
- -
- -
-
- -
Quotes
-

(used for when quote emails are sent)

- -
- -
-
- -
- -
-
- -
- -
-
- -
- -
-
- -
Tickets
-

(used for when tickets are created and emailed to a client)

- -
- -
-
- -
- -
-
- -
- -
-
- -
- -
-
- -
- - - -
-
-
- - - -
-
-

Test Email Sending

-
-
-
- - -
- - -
- -
-
-
-
-
- - - - - -
-
-

Test IMAP Connection

-
-
-
- - -
- -
-
-
-
- - - - - - + +
+
+

SMTP Mail Settings (For Sending Email)

+
+
+
+ + + +
+ +
+
+ +
+ +
+ + Choose your SMTP provider. OAuth options ignore the SMTP password here. + +
+ + + +
+
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+
+ +
+
+ +
+ +
+ +
+
+
+
+ +
+ +
+ + + +
+
+
+ +
+
+

IMAP Mail Settings (For Monitoring Ticket Inbox)

+
+
+
+ + +
+ +
+
+ +
+ +
+ + Select your mailbox provider. OAuth options ignore the IMAP password here. + +
+ + +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+ +
+
+
+ + + + + + +
+ +
+
+ +
+ +
+ +
+
+ + Add this callback URI in Entra App Registration, then click Connect to authorize and store refresh token automatically. + +
+ +
+ + + +
+
+
+ +
+
+

Mail From Configuration

+
+
+
+ + +

Each of the "From Email" Addresses need to be able to send email on behalf of the SMTP user configured above +

System Default
+

(used for system tasks such as sending share links)

+
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
Invoices
+

(used for when invoice emails are sent)

+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
Quotes
+

(used for when quote emails are sent)

+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
Tickets
+

(used for when tickets are created and emailed to a client)

+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ + + +
+
+
+ + + + + +
+
+

Test Email Sending

+
+
+
+ + +
+ + +
+ +
+
+
+
+
+ + + + + + + +
+
+

Test IMAP Connection

+
+
+
+ + +
+ +
+
+
+
+ + + + + + + +
+
+

Test OAuth Token Refresh

+
+
+
+ + + +

+ This validates your refresh token and stores a new access token for + . +

+ + +
+
+
+ + + + + + - if ($d !== false) { - $due = "'" . $d->format('Y-m-d H:i:s') . "'"; // wrap in quotes for SQL - } else { - $due = 'NULL'; // fallback if invalid - } - } - - // Add the primary contact as the ticket contact if "Use primary contact" is checked - if ($use_primary_contact == 1) { - $sql = mysqli_query($mysqli, "SELECT contact_id FROM contacts WHERE contact_client_id = $client_id AND contact_primary = 1"); - $row = mysqli_fetch_assoc($sql); - $contact = intval($row['contact_id']); - } - - // Atomically increment and get the new ticket number - mysqli_query($mysqli, " - UPDATE settings - SET - config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number), - config_ticket_next_number = config_ticket_next_number + 1 - WHERE company_id = 1 - "); - - $ticket_number = mysqli_insert_id($mysqli); - - // Sanitize Config Vars from get_settings.php and Session Vars from check_login.php - $config_ticket_prefix = sanitizeInput($config_ticket_prefix); - $config_ticket_from_name = sanitizeInput($config_ticket_from_name); - $config_ticket_from_email = sanitizeInput($config_ticket_from_email); - $config_base_url = sanitizeInput($config_base_url); - - //Generate a unique URL key for clients to access - $url_key = randomString(32); - - mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Agent', ticket_category = $category_id, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = '$billable', ticket_status = '$ticket_status', ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_vendor_id = $vendor_id, ticket_location_id = $location_id, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_url_key = '$url_key', ticket_due_at = $due, ticket_client_id = $client_id, ticket_invoice_id = 0, ticket_project_id = $project_id"); - - $ticket_id = mysqli_insert_id($mysqli); - - // Add Tasks from Template if Template was selected - if($ticket_template_id) { - // Get Associated Tasks from the ticket template - $sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id"); - - if (mysqli_num_rows($sql_task_templates) > 0) { - while ($row = mysqli_fetch_assoc($sql_task_templates)) { - $task_order = intval($row['task_template_order']); - $task_name = sanitizeInput($row['task_template_name']); - $task_completion_estimate = intval($row['task_template_completion_estimate']); - - mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_order = $task_order, task_completion_estimate = $task_completion_estimate, task_ticket_id = $ticket_id"); - } - } - } - - // Add Watchers - if (isset($_POST['watchers'])) { - foreach ($_POST['watchers'] as $watcher) { - $watcher_email = sanitizeInput($watcher); - mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$watcher_email', watcher_ticket_id = $ticket_id"); - } - } - - // Add Additional Assets - if (isset($_POST['additional_assets'])) { - foreach ($_POST['additional_assets'] as $additional_asset) { - $additional_asset_id = intval($additional_asset); - mysqli_query($mysqli, "INSERT INTO ticket_assets SET ticket_id = $ticket_id, asset_id = $additional_asset_id"); - } - } - - // E-mail client - if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) { - - // Get contact/ticket details - $sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_category, ticket_subject, ticket_details, ticket_priority, ticket_status, ticket_created_by, ticket_assigned_to, ticket_client_id FROM tickets - LEFT JOIN clients ON ticket_client_id = client_id - LEFT JOIN contacts ON ticket_contact_id = contact_id - WHERE ticket_id = $ticket_id"); - $row = mysqli_fetch_assoc($sql); - - $contact_name = sanitizeInput($row['contact_name']); - $contact_email = sanitizeInput($row['contact_email']); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_category = sanitizeInput($row['ticket_category']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']); - $ticket_priority = sanitizeInput($row['ticket_priority']); - $ticket_status = sanitizeInput($row['ticket_status']); - $ticket_status_name = sanitizeInput(getTicketStatusName($row['ticket_status'])); - $client_id = intval($row['ticket_client_id']); - $ticket_created_by = intval($row['ticket_created_by']); - $ticket_assigned_to = intval($row['ticket_assigned_to']); - - // Get Company Phone Number - $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_assoc($sql); - $company_name = sanitizeInput($row['company_name']); - $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); - - // EMAILING - - $subject = "Ticket Created [$ticket_prefix$ticket_number] - $ticket_subject"; - $body = "##- Please type your reply above this line -##

Hello $contact_name,

A ticket regarding \"$ticket_subject\" has been created for you.

--------------------------------
$ticket_details--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: Open
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; - - // Verify contact email is valid - if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { - - - // Email Ticket Contact - // Queue Mail - $data = []; - - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $contact_email, - 'recipient_name' => $contact_name, - 'subject' => $subject, - 'body' => $body - ]; - } - - // Also Email all the watchers - $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); - $body .= "

----------------------------------------
YOU HAVE BEEN ADDED AS A COLLABORATOR FOR THIS TICKET"; - while ($row = mysqli_fetch_assoc($sql_watchers)) { - $watcher_email = sanitizeInput($row['watcher_email']); - - // Queue Mail - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $watcher_email, - 'recipient_name' => $watcher_email, - 'subject' => $subject, - 'body' => $body - ]; - } - addToMailQueue($data); - - // END EMAILING - - } - - // Custom action/notif handler - customAction('ticket_create', $ticket_id); - - logAction("Ticket", "Create", "$session_name created ticket $config_ticket_prefix$ticket_number - $ticket_subject", $client_id, $ticket_id); - - flash_alert("Ticket $config_ticket_prefix$ticket_number created"); - - redirect("ticket.php?client_id=$client_id&ticket_id=$ticket_id"); - -} - -if (isset($_POST['edit_ticket'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_POST['ticket_id']); - $contact_id = intval($_POST['contact']); - $assigned_to = intval($_POST['assigned_to']); - $notify = intval($_POST['contact_notify'] ?? 0); - $category_id = intval($_POST['category']); - $ticket_subject = sanitizeInput($_POST['subject']); - $billable = intval($_POST['billable'] ?? 0); - $ticket_priority = sanitizeInput($_POST['priority']); - $details = mysqli_real_escape_string($mysqli, $_POST['details']); - $vendor_ticket_number = sanitizeInput($_POST['vendor_ticket_number']); - $vendor_id = intval($_POST['vendor']); - $asset_id = intval($_POST['asset']); - $location_id = intval($_POST['location']); - $project_id = intval($_POST['project']); - // Validate/clean due field - $dueInput = $_POST['due'] ?? null; - if ($dueInput === null || trim($dueInput) === '') { - $due = 'NULL'; // prepare as SQL-safe string - } else { - $d = DateTime::createFromFormat('Y-m-d\TH:i', $dueInput); // for - if ($d !== false) { - $due = "'" . $d->format('Y-m-d H:i:s') . "'"; // wrap in quotes for SQL - } else { - $due = 'NULL'; // fallback if invalid - } - } - - mysqli_query($mysqli, "UPDATE tickets SET ticket_category = $category_id, ticket_subject = '$ticket_subject', ticket_priority = '$ticket_priority', ticket_billable = $billable, ticket_details = '$details', ticket_due_at = $due, ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_contact_id = $contact_id, ticket_assigned_to = $assigned_to, ticket_vendor_id = $vendor_id, ticket_location_id = $location_id, ticket_asset_id = $asset_id, ticket_project_id = $project_id WHERE ticket_id = $ticket_id"); - - // Add Additional Assets - if (isset($_POST['additional_assets'])) { - mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id"); - foreach ($_POST['additional_assets'] as $additional_asset) { - $additional_asset_id = intval($additional_asset); - mysqli_query($mysqli, "INSERT INTO ticket_assets SET ticket_id = $ticket_id, asset_id = $additional_asset_id"); - } - } else { - // If no additional assets are provided, delete them all - // This handles cases where the assets input might be cleared or not set at all. - mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id"); - } - - // Get contact/ticket details after update for logging / email purposes - $sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_category, ticket_details, ticket_status_name, ticket_created_by, ticket_assigned_to, ticket_url_key, ticket_client_id FROM tickets - LEFT JOIN clients ON ticket_client_id = client_id - LEFT JOIN contacts ON ticket_contact_id = contact_id - LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id - WHERE ticket_id = $ticket_id - AND ticket_closed_at IS NULL"); - $row = mysqli_fetch_assoc($sql); - - $contact_name = sanitizeInput($row['contact_name']); - $contact_email = sanitizeInput($row['contact_email']); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_category = sanitizeInput($row['ticket_category']); - $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']); - $ticket_status = sanitizeInput($row['ticket_status_name']); - $ticket_created_by = intval($row['ticket_created_by']); - $ticket_assigned_to = intval($row['ticket_assigned_to']); - $url_key = sanitizeInput($row['ticket_url_key']); - $client_id = intval($row['ticket_client_id']); - - // Notify new contact if selected - if ($notify && !empty($config_smtp_host)) { - - // Get Company Name Phone Number and Sanitize for Email Sending - $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_assoc($sql); - $company_name = sanitizeInput($row['company_name']); - $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); - - // Email content - $data = []; // Queue array - - $subject = "Ticket Created - [$ticket_prefix$ticket_number] - $ticket_subject"; - $body = "##- Please type your reply above this line -##

Hello $contact_name,

A ticket regarding \"$ticket_subject\" has been created for you.

--------------------------------
$ticket_details--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; - - - // Only add contact to email queue if email is valid - if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $contact_email, - 'recipient_name' => $contact_name, - 'subject' => $subject, - 'body' => $body - ]; - } - - addToMailQueue($data); - } - - // Custom action/notif handler - customAction('ticket_update', $ticket_id); - - logAction("Ticket", "Edit", "$session_name edited ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - - flash_alert("Ticket $ticket_prefix$ticket_number updated"); - - redirect(); - -} - -if (isset($_POST['edit_ticket_priority'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_POST['ticket_id']); - $priority = sanitizeInput($_POST['priority']); - $client_id = intval($_POST['client_id']); - - // Get ticket details before updating - $sql = mysqli_query($mysqli, "SELECT - ticket_prefix, ticket_number, ticket_priority, ticket_status_name, ticket_client_id - FROM tickets - LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id - WHERE ticket_id = $ticket_id" - ); - $row = mysqli_fetch_assoc($sql); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $original_priority = sanitizeInput($row['ticket_priority']); - $ticket_status = sanitizeInput($row['ticket_status_name']); - $client_id = intval($row['ticket_client_id']); - - mysqli_query($mysqli, "UPDATE tickets SET ticket_priority = '$priority' WHERE ticket_id = $ticket_id"); - - // Update Ticket History - mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status', ticket_history_description = '$session_name changed priority from $original_priority to $priority', ticket_history_ticket_id = $ticket_id"); - - logAction("Ticket", "Edit", "$session_name changed priority from $original_priority to $priority for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - - customAction('ticket_update', $ticket_id); - - flash_alert("Priority updated from $original_priority to $priority"); - - redirect(); - -} - -if (isset($_POST['edit_ticket_contact'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_POST['ticket_id']); - $contact_id = intval($_POST['contact']); - $notify = intval($_POST['contact_notify']) ?? 0; - - // Get Original contact, and ticket details - $sql = mysqli_query($mysqli, "SELECT - contact_name, ticket_prefix, ticket_number, ticket_status_name, ticket_subject, ticket_details, ticket_url_key, ticket_client_id - FROM tickets - LEFT JOIN contacts ON ticket_contact_id = contact_id - LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id - WHERE ticket_id = $ticket_id" - ); - $row = mysqli_fetch_assoc($sql); - - // Original contact - $original_contact_name = !empty($row['contact_name']) ? sanitizeInput($row['contact_name']) : 'No one'; - - // Ticket details - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_status = sanitizeInput($row['ticket_status_name']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']); - $url_key = sanitizeInput($row['ticket_url_key']); - $client_id = intval($row['ticket_client_id']); - - // Update the contact - mysqli_query($mysqli, "UPDATE tickets SET ticket_contact_id = $contact_id WHERE ticket_id = $ticket_id"); - - // Get New contact details - $sql = mysqli_query($mysqli, "SELECT contact_name, contact_email FROM contacts WHERE contact_id = $contact_id"); - $row = mysqli_fetch_assoc($sql); - - $contact_name = !empty($row['contact_name']) ? sanitizeInput($row['contact_name']) : 'No one'; - $contact_email = sanitizeInput($row['contact_email']); - - // Notify new contact (if selected, valid & configured) - if ($notify && filter_var($contact_email, FILTER_VALIDATE_EMAIL) && !empty($config_smtp_host)) { - - // Get Company Phone Number - $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_assoc($sql); - $company_name = sanitizeInput($row['company_name']); - $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); - - $config_ticket_from_email = sanitizeInput($config_ticket_from_email); - $config_ticket_from_name = sanitizeInput($config_ticket_from_name); - - // Email content - $data = []; // Queue array - - $subject = "Ticket Created - [$ticket_prefix$ticket_number] - $ticket_subject"; - $body = "##- Please type your reply above this line -##

Hello $contact_name,

A ticket regarding \"$ticket_subject\" has been created for you.

--------------------------------
$ticket_details--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; - - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $contact_email, - 'recipient_name' => $contact_name, - 'subject' => $subject, - 'body' => $body - ]; - - addToMailQueue($data); - } - - // Custom action/notif handler - customAction('ticket_update', $ticket_id); - - // Update Ticket History - mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status', ticket_history_description = '$session_name changed the contact from $original_contact_name to $contact_name', ticket_history_ticket_id = $ticket_id"); - - logAction("Ticket", "Edit", "$session_name changed the contact from $original_contact_name to $contact_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - - flash_alert("Contact changed from $original_contact_name to $contact_name"); - - redirect(); - -} - -if (isset($_POST['edit_ticket_project'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_POST['ticket_id']); - $project_id = intval($_POST['project']); - - $project_name = sanitizeInput(getFieldById('projects', $project_id, 'project_name')); - $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id')); - $ticket_prefix = sanitizeInput(getFieldById('tickets', $ticket_id, 'ticket_prefix')); - $ticket_number = sanitizeInput(getFieldById('tickets', $ticket_id, 'ticket_number')); - - mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id"); - - logAction("Ticket", "Edit", "$session_name set ticket $ticket_prefix$ticket_number project to $project_name", $client_id, $ticket_id); - - flash_alert("Project changed to $project_name for Ticket $ticket_prefix$ticket_number"); - - redirect(); - -} - -if (isset($_POST['add_ticket_watcher'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_POST['ticket_id']); - $watcher_emails = preg_split("/,| |;/", $_POST['watcher_email']); // Split on comma, semicolon or space, we sanitize later - $notify = intval($_POST['watcher_notify'] ?? 0); - - // Get contact/ticket details - $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_category, ticket_subject, ticket_details, ticket_priority, ticket_status_name, ticket_url_key, ticket_created_by, ticket_assigned_to, ticket_client_id FROM tickets - LEFT JOIN clients ON ticket_client_id = client_id - LEFT JOIN contacts ON ticket_contact_id = contact_id - LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id - WHERE ticket_id = $ticket_id - AND ticket_closed_at IS NULL"); - $row = mysqli_fetch_assoc($sql); - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_category = sanitizeInput($row['ticket_category']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']); - $ticket_priority = sanitizeInput($row['ticket_priority']); - $ticket_status = sanitizeInput($row['ticket_status_name']); - $url_key = sanitizeInput($row['ticket_url_key']); - $client_id = intval($row['ticket_client_id']); - $ticket_created_by = intval($row['ticket_created_by']); - $ticket_assigned_to = intval($row['ticket_assigned_to']); - - // Get Company Phone Number - $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_assoc($sql); - $company_name = sanitizeInput($row['company_name']); - $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); - - // Process each watcher in list - foreach ($watcher_emails as $watcher_email) { - - if (filter_var($watcher_email, FILTER_VALIDATE_EMAIL)) { - - $watcher_email = sanitizeInput($watcher_email); - - mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$watcher_email', watcher_ticket_id = $ticket_id"); - - // Notify watcher - if ($notify && !empty($config_smtp_host)) { - - - - // Email content - $data = []; // Queue array - - $subject = "Ticket Notification - [$ticket_prefix$ticket_number] - $ticket_subject"; - $body = "##- Please type your reply above this line -##

Hello,

You have been added as a collaborator on this ticket regarding \"$ticket_subject\".

--------------------------------
$ticket_details--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status
Guest link: https://$config_base_url/guest/guest_view_ticket.php?ticket_id=$ticket_id&url_key=$url_key

--
$company_name - Support
$config_ticket_from_email
$company_phone"; - - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $watcher_email, - 'recipient_name' => $watcher_email, - 'subject' => $subject, - 'body' => $body - ]; - - addToMailQueue($data); - } - - logAction("Ticket", "Edit", "$session_name added $watcher_email as a watcher for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - } - - } - - flash_alert("Added watcher(s)"); - - redirect(); - -} - -if (isset($_GET['delete_ticket_watcher'])) { - - enforceUserPermission('module_support', 2); - - $watcher_id = intval($_GET['delete_ticket_watcher']); - - // Get ticket / watcher details for logging - $sql = mysqli_query($mysqli, "SELECT watcher_email, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id, ticket_id FROM ticket_watchers - LEFT JOIN tickets ON watcher_ticket_id = ticket_id - LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id - WHERE watcher_id = $watcher_id" - ); - $row = mysqli_fetch_assoc($sql); - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_status_name = sanitizeInput($row['ticket_status_name']); - $watcher_email = sanitizeInput($row['watcher_email']); - $client_id = intval($row['ticket_client_id']); - $ticket_id = intval($row['ticket_id']); - - mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_id = $watcher_id"); - - // History - mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status_name', ticket_history_description = '$session_name removed ticket $watcher_email as a watcher', ticket_history_ticket_id = $ticket_id"); - - logAction("Ticket", "Edit", "$session_name removed $watcher_email as a watcher for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - - flash_alert("Removed ticket watcher $watcher_email", 'error'); - - redirect(); - -} - -if (isset($_GET['delete_ticket_additional_asset'])) { - - enforceUserPermission('module_support', 2); - - $asset_id = intval($_GET['delete_ticket_additional_asset']); - $ticket_id = intval($_GET['ticket_id']); - - // Get ticket / asset details for logging - $sql = mysqli_query($mysqli, "SELECT asset_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM assets - JOIN tickets ON ticket_id = $ticket_id - JOIN ticket_statuses ON ticket_status = ticket_status_id - WHERE asset_id = $asset_id" - ); - $row = mysqli_fetch_assoc($sql); - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_status_name = sanitizeInput($row['ticket_status_name']); - $asset_name = sanitizeInput($row['asset_name']); - $client_id = intval($row['ticket_client_id']); - - mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id AND asset_id = $asset_id"); - - // History - mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status_name', ticket_history_description = '$session_name removed additional asset $asset_name', ticket_history_ticket_id = $ticket_id"); - - logAction("Ticket", "Edit", "$session_name removed asset $asset_name from ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - - flash_alert("Removed asset $asset_name from ticket.", 'error'); - - redirect(); - -} - -if (isset($_POST['edit_ticket_asset'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_POST['ticket_id']); - $asset_id = intval($_POST['asset']); - - mysqli_query($mysqli, "UPDATE tickets SET ticket_asset_id = $asset_id WHERE ticket_id = $ticket_id"); - - // Add Additional Assets - if (isset($_POST['additional_assets'])) { - mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id"); - foreach ($_POST['additional_assets'] as $additional_asset) { - $additional_asset_id = intval($additional_asset); - mysqli_query($mysqli, "INSERT INTO ticket_assets SET ticket_id = $ticket_id, asset_id = $additional_asset_id"); - } - } else { - // If no additional assets are provided, delete them all - // This handles cases where the assets input might be cleared or not set at all. - mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id"); - } - - // Get ticket / asset details for logging - $sql = mysqli_query($mysqli, "SELECT asset_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM assets - LEFT JOIN tickets ON ticket_asset_id = asset_id - LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id - WHERE ticket_id = $ticket_id" - ); - $row = mysqli_fetch_assoc($sql); - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_status_name = sanitizeInput($row['ticket_status_name']); - $asset_name = sanitizeInput($row['asset_name']); - $client_id = intval($row['ticket_client_id']); - - logAction("Ticket", "Edit", "$session_name changed asset to $asset_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - - flash_alert("Ticket $ticket_prefix$ticket_number asset updated to $asset_name"); - - redirect(); - -} - -if (isset($_POST['edit_ticket_vendor'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_POST['ticket_id']); - $vendor_id = intval($_POST['vendor']); - - mysqli_query($mysqli, "UPDATE tickets SET ticket_vendor_id = $vendor_id WHERE ticket_id = $ticket_id"); - - // Get ticket / vendor details for logging - $sql = mysqli_query($mysqli, "SELECT vendor_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM vendors - LEFT JOIN tickets ON ticket_vendor_id = $vendor_id - LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id - WHERE ticket_id = $ticket_id" - ); - $row = mysqli_fetch_assoc($sql); - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_status_name = sanitizeInput($row['ticket_status_name']); - $vendor_name = sanitizeInput($row['vendor_name']); - $client_id = intval($row['ticket_client_id']); - - logAction("Ticket", "Edit", "$session_name set vendor to $vendor_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - - flash_alert("Set vendor to $vendor_name for ticket $ticket_prefix$ticket_number"); - - redirect(); - -} - -if (isset($_POST['assign_ticket'])) { - - enforceUserPermission('module_support', 2); - - // POST variables - $ticket_id = intval($_POST['ticket_id']); - $assigned_to = intval($_POST['assigned_to']); - $ticket_status = intval($_POST['ticket_status']); - - // New > Open as assigned - if ($ticket_status == 1 && $assigned_to !== 0) { - $ticket_status = 2; - } - - // Allow for un-assigning tickets - if ($assigned_to == 0) { - $ticket_reply = "Ticket unassigned."; - $agent_name = "No One"; - } else { - // Get & verify assigned agent details - $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE users.user_id = $assigned_to"); - $agent_details = mysqli_fetch_assoc($agent_details_sql); - - $agent_name = sanitizeInput($agent_details['user_name']); - $agent_email = sanitizeInput($agent_details['user_email']); - $ticket_reply = "Ticket re-assigned to $agent_name."; - - if (!$agent_name) { - flash_alert("Invalid agent!", 'error'); - redirect(); - } - } - - // Get & verify ticket details - $ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_client_id, client_name FROM tickets LEFT JOIN clients ON ticket_client_id = client_id WHERE ticket_id = '$ticket_id' AND ticket_status != 5"); - $ticket_details = mysqli_fetch_assoc($ticket_details_sql); - - $ticket_prefix = sanitizeInput($ticket_details['ticket_prefix']); - $ticket_number = intval($ticket_details['ticket_number']); - $ticket_subject = sanitizeInput($ticket_details['ticket_subject']); - $client_id = intval($ticket_details['ticket_client_id']); - $client_name = sanitizeInput($ticket_details['client_name']); - - if (!$ticket_subject) { - flash_alert("Invalid ticket!", 'error'); - redirect(); - } - - if ($client_id) { - $client_uri = "&client_id=$client_id"; - } else { - $client_uri = ''; - } - - // Update ticket & insert reply - mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = $assigned_to, ticket_status = '$ticket_status' WHERE ticket_id = $ticket_id"); - - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - - logAction("Ticket", "Edit", "$session_name reassigned $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id); - - - // Notification - if ($session_user_id != $assigned_to && $assigned_to != 0) { - - // App Notification - mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = 'Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject has been assigned to you by $session_name', notification_action = '/agent/ticket.php?ticket_id=$ticket_id$client_uri', notification_client_id = $client_id, notification_user_id = $assigned_to"); - - // Email Notification - if (!empty($config_smtp_host)) { - - // Sanitize Config vars from get_settings.php - $config_ticket_from_name = sanitizeInput($config_ticket_from_name); - $config_ticket_from_email = sanitizeInput($config_ticket_from_email); - $company_name = sanitizeInput($session_company_name); - - $subject = "$config_app_name - Ticket $ticket_prefix$ticket_number assigned to you - $ticket_subject"; - $body = "Hi $agent_name,

A ticket has been assigned to you!

Client: $client_name
Ticket Number: $ticket_prefix$ticket_number
Subject: $ticket_subject

https://$config_base_url/agent/ticket.php?ticket_id=$ticket_id$client_uri

Thanks,
$session_name
$company_name"; - - // Email Ticket Agent - // Queue Mail - $data = [ - [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $agent_email, - 'recipient_name' => $agent_name, - 'subject' => $subject, - 'body' => $body, - ] - ]; - addToMailQueue($data); - } - } - - customAction('ticket_assign', $ticket_id); - - flash_alert("Ticket $ticket_prefix$ticket_number assigned to $agent_name"); - - redirect(); - -} - -if (isset($_GET['delete_ticket'])) { - - validateCSRFToken($_GET['csrf_token']); - - enforceUserPermission('module_support', 3); - - $ticket_id = intval($_GET['delete_ticket']); - - // Get Ticket and Client ID for logging and alert message - $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_status, ticket_closed_at, ticket_client_id FROM tickets WHERE ticket_id = $ticket_id"); - $row = mysqli_fetch_assoc($sql); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = sanitizeInput($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $ticket_status = sanitizeInput($row['ticket_status']); - $ticket_closed_at = sanitizeInput($row['ticket_closed_at']); - $client_id = intval($row['ticket_client_id']); - - if (empty($ticket_closed_at)) { - mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id"); - - // Delete all ticket replies - mysqli_query($mysqli, "DELETE FROM ticket_replies WHERE ticket_reply_ticket_id = $ticket_id"); - - // Delete all ticket views - mysqli_query($mysqli, "DELETE FROM ticket_views WHERE view_ticket_id = $ticket_id"); - - // Delete ticket watchers - mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); - - // Delete Ticket Attachements - mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id"); - removeDirectory("../uploads/tickets/$ticket_id"); - - // No Need to delete ticket assets as this is cascadely deleted via the database. - - logAction("Ticket", "Delete", "$session_name deleted $ticket_prefix$ticket_number along with all replies", $client_id); - - flash_alert("Ticket $ticket_prefix$ticket_number along with all replies deleted", 'error'); - - customAction('ticket_delete', $ticket_id); - - redirect("tickets.php"); - } - -} - -if (isset($_POST['bulk_delete_tickets'])) { - - validateCSRFToken($_POST['csrf_token']); - - enforceUserPermission('module_support', 3); - - if (isset($_POST['ticket_ids'])) { - - $count = count($_POST['ticket_ids']); - - // Cycle through array and delete each recurring scheduled ticket - foreach ($_POST['ticket_ids'] as $ticket_id) { - - $ticket_id = intval($ticket_id); - mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id"); - - // Delete all ticket replies - mysqli_query($mysqli, "DELETE FROM ticket_replies WHERE ticket_reply_ticket_id = $ticket_id"); - - // Delete all ticket views - mysqli_query($mysqli, "DELETE FROM ticket_views WHERE view_ticket_id = $ticket_id"); - - // Delete ticket watchers - mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); - - // Delete Ticket Attachements - mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id"); - removeDirectory("../uploads/tickets/$ticket_id"); - - // No Need to delete ticket assets as this is cascadely deleted via the database. - - logAction("Ticket", "Delete", "$session_name deleted ticket", 0, $ticket_id); - - } - - logAction("Ticket", "Bulk Delete", "$session_name deleted $count ticket(s)"); - - flash_alert("Deleted $count ticket(s)", 'error'); - } - - redirect(); - -} - -if (isset($_POST['bulk_assign_ticket'])) { - - enforceUserPermission('module_support', 2); - - // POST variables - $assign_to = intval($_POST['assign_to']); - - // Get a Ticket Count - $ticket_count = count($_POST['ticket_ids']); - - // Assign Tech to Selected Tickets - if (!empty($_POST['ticket_ids'])) { - foreach ($_POST['ticket_ids'] as $ticket_id) { - $ticket_id = intval($ticket_id); - - $sql = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id WHERE ticket_id = $ticket_id"); - $row = mysqli_fetch_assoc($sql); - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_status = intval($row['ticket_status']); - $ticket_name = sanitizeInput($row['ticket_name']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $client_id = intval($row['ticket_client_id']); - - if ($ticket_status == 1 && $assigned_to !== 0) { - $ticket_status = 2; - } - - // Allow for un-assigning tickets - if ($assign_to == 0) { - $ticket_reply = "Ticket unassigned, pending re-assignment."; - $agent_name = "No One"; - } else { - // Get & verify assigned agent details - $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assign_to"); - $agent_details = mysqli_fetch_assoc($agent_details_sql); - - $agent_name = sanitizeInput($agent_details['user_name']); - $agent_email = sanitizeInput($agent_details['user_email']); - $ticket_reply = "Ticket re-assigned to $agent_name."; - - if (!$agent_name) { - flash_alert("Invalid agent!", 'error'); - redirect(); - } - } - - // Update ticket & insert reply - mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = $assign_to, ticket_status = $ticket_status WHERE ticket_id = $ticket_id"); - - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - - logAction("Ticket", "Edit", "$session_name reassigned ticket $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id); - - customAction('ticket_assign', $ticket_id); - - $tickets_assigned_body .= "$ticket_prefix$ticket_number - $ticket_subject
"; - } // End For Each Ticket ID Loop - - // Notification - if ($session_user_id != $assign_to && $assign_to != 0) { - - // App Notification - mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$ticket_count Tickets have been assigned to you by $session_name', notification_action = 'tickets.php?status=Open&assigned=$assign_to', notification_client_id = $client_id, notification_user_id = $assign_to"); - - // Agent Email Notification - if (!empty($config_smtp_host)) { - - // Sanitize Config vars from get_settings.php - $config_ticket_from_name = sanitizeInput($config_ticket_from_name); - $config_ticket_from_email = sanitizeInput($config_ticket_from_email); - $company_name = sanitizeInput($session_company_name); - - $subject = "$config_app_name - $ticket_count tickets have been assigned to you"; - $body = "Hi $agent_name,

$session_name assigned $ticket_count tickets to you!

$tickets_assigned_body
Thanks,
$session_name
$company_name"; - - // Email Ticket Agent - // Queue Mail - $data = [ - [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $agent_email, - 'recipient_name' => $agent_name, - 'subject' => $subject, - 'body' => $body, - ] - ]; - addToMailQueue($data); - } - } - } - - flash_alert("You assigned $ticket_count Tickets to $agent_name"); - - redirect(); - -} - -if (isset($_POST['bulk_edit_ticket_priority'])) { - - enforceUserPermission('module_support', 2); - - // POST variables - $priority = sanitizeInput($_POST['bulk_priority']); - - // Assign Tech to Selected Tickets - if (isset($_POST['ticket_ids'])) { - - // Get a Ticket Count - $ticket_count = count($_POST['ticket_ids']); - - foreach ($_POST['ticket_ids'] as $ticket_id) { - $ticket_id = intval($ticket_id); - - $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); - $row = mysqli_fetch_assoc($sql); - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $original_ticket_priority = sanitizeInput($row['ticket_priority']); - $client_id = intval($row['ticket_client_id']); - - // Update ticket & insert reply - mysqli_query($mysqli, "UPDATE tickets SET ticket_priority = '$priority' WHERE ticket_id = $ticket_id"); - - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$session_name updated the priority from $current_ticket_priority to $priority', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - - logAction("Ticket", "Edit", "$session_name updated the priority on ticket $ticket_prefix$ticket_number - $ticket_subject from $original_ticket_priority to $priority", $client_id, $ticket_id); - - customAction('ticket_update', $ticket_id); - } // End For Each Ticket ID Loop - - logAction("Ticket", " Bulk Edit", "$session_name updated the priority on $ticket_count"); - - flash_alert("You updated the priority for $ticket_count Tickets to $priority"); - } - - redirect(); - -} - -if (isset($_POST['bulk_edit_ticket_category'])) { - - enforceUserPermission('module_support', 2); - - // POST variables - $category_id = intval($_POST['bulk_category']); - - // Assign Tech to Selected Tickets - if (isset($_POST['ticket_ids'])) { - - // Get a Ticket Count - $ticket_count = count($_POST['ticket_ids']); - - foreach ($_POST['ticket_ids'] as $ticket_id) { - $ticket_id = intval($ticket_id); - - $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, category_name, ticket_client_id FROM tickets LEFT JOIN categories ON ticket_category = category_id WHERE ticket_id = $ticket_id"); - $row = mysqli_fetch_assoc($sql); - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $previous_ticket_category_name = sanitizeInput($row['category_name']); - $client_id = intval($row['ticket_client_id']); - - // Get Category Name - $category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name')); - - // Update ticket - mysqli_query($mysqli, "UPDATE tickets SET ticket_category = '$category_id' WHERE ticket_id = $ticket_id"); - - logAction("Ticket", "Edit", "$session_name updated the category on ticket $ticket_prefix$ticket_number - $ticket_subject from $previous_category_name to $category_name", $client_id, $ticket_id); - - customAction('ticket_update', $ticket_id); - } // End For Each Ticket ID Loop - - logAction("Ticket", " Bulk Edit", "$session_name updated the category to $category_name on $ticket_count"); - - flash_alert("Category set to $category_name for $ticket_count Tickets"); - } - - redirect(); - -} - -if (isset($_POST['bulk_merge_tickets'])) { - - enforceUserPermission('module_support', 2); - - $merge_into_ticket_number = intval($_POST['merge_into_ticket_number']); // Parent ticket *number* - $merge_comment = sanitizeInput($_POST['merge_comment']); // Merge comment - $ticket_reply_type = 'Internal'; // Default all replies to internal - - // NEW PARENT ticket details - // Get merge into ticket id (as it may differ from the number) - $sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_number = $merge_into_ticket_number"); - if (mysqli_num_rows($sql) == 0) { - flash_alert("Cannot merge into that ticket.", 'error'); - redirect(); - } - $merge_row = mysqli_fetch_assoc($sql); - $merge_into_ticket_id = intval($merge_row['ticket_id']); // Parent ticket ID - - // Update & Close the selected tickets - if (isset($_POST['ticket_ids'])) { - - $ticket_count = count($_POST['ticket_ids']); // Get a ticket count - - foreach ($_POST['ticket_ids'] as $ticket_id) { - $ticket_id = intval($ticket_id); - - if ($ticket_id !== $merge_into_ticket_id) { - - $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); - $row = mysqli_fetch_assoc($sql); - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']); - $current_ticket_priority = sanitizeInput($row['ticket_priority']); - $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']); - $client_id = intval($row['ticket_client_id']); - - // Update current ticket - if (empty($ticket_first_response_at)) { - mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id"); - } - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number bulk merged into $ticket_prefix$merge_into_ticket_number. Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '5', ticket_resolved_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli)); - - // Update new parent ticket - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was bulk merged into this ticket with comment: $merge_comment.

$ticket_subject
$ticket_details', ticket_reply_time_worked = '00:01:00', ticket_reply_type = 'Internal', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $merge_into_ticket_id"); - - logAction("Ticket", "Merged", "$session_name Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number", $client_id, $ticket_id); - - // Custom action/notif handler - customAction('ticket_merge', $ticket_id); - - } - } // End For Each Ticket ID Loop - - mysqli_query($mysqli, "UPDATE tickets SET ticket_updated_at = NOW() WHERE ticket_id = $merge_into_ticket_id"); - - flash_alert("$ticket_count tickets merged into $ticket_prefix$merge_into_ticket_number"); - - } - - redirect(); - -} - -if (isset($_POST['bulk_resolve_tickets'])) { - - enforceUserPermission('module_support', 2); - - // POST variables - $details = mysqli_escape_string($mysqli, $_POST['bulk_details']); - $ticket_reply_time_worked = sanitizeInput($_POST['time']); - $private_note = intval($_POST['bulk_private_note']); - if ($private_note == 1) { - $ticket_reply_type = 'Internal'; - } else { - $ticket_reply_type = 'Public'; - } - - // Resolve Selected Tickets - if (isset($_POST['ticket_ids'])) { - - // Intitialze the counts before the loop - $ticket_count = 0; - $skipped_count = 0; - - foreach ($_POST['ticket_ids'] as $ticket_id) { - $ticket_id = intval($ticket_id); - - // Check to make sure Tasks are complete before resolving - $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('task_id') AS num FROM tasks WHERE task_completed_at IS NULL AND task_ticket_id = $ticket_id")); - $num_of_open_tasks = $row['num']; - - if ($num_of_open_tasks == 0) { - // Count the Ticket Loop - $ticket_count++; - - $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); - $row = mysqli_fetch_assoc($sql); - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $current_ticket_priority = sanitizeInput($row['ticket_priority']); - $url_key = sanitizeInput($row['ticket_url_key']); - $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']); - $client_id = intval($row['ticket_client_id']); - - // Mark FR time if required - if (empty($ticket_first_response_at)) { - mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id"); - } - - // Update ticket & insert reply - mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 4, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id"); - - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$details', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - - logAction("Ticket", "Resolve", "$session_name resolved $ticket_prefix$ticket_number - $ticket_subject", $client_id, $ticket_id); - - customAction('ticket_resolve', $ticket_id); - - // Client notification email - if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1 && $private_note == 0) { - - // Get Contact details - $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email FROM tickets - LEFT JOIN contacts ON ticket_contact_id = contact_id - WHERE ticket_id = $ticket_id - "); - $row = mysqli_fetch_assoc($ticket_sql); - - $contact_name = sanitizeInput($row['contact_name']); - $contact_email = sanitizeInput($row['contact_email']); - - // Sanitize Config vars from get_settings.php - $from_name = sanitizeInput($config_ticket_from_name); - $from_email = sanitizeInput($config_ticket_from_email); - $base_url = sanitizeInput($config_base_url); - - // Get Company Info - $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_assoc($sql); - $company_name = sanitizeInput($row['company_name']); - $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); - - // EMAIL - $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)"; - $body = "##- Please type your reply above this line -##

Hello $contact_name,

Your ticket regarding \"$ticket_subject\" has been marked as solved and is pending closure.

$details

If your request/issue is resolved, you can simply ignore this email. If you need further assistance, please reply or re-open to let us know!

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Portal: https://$base_url/client/ticket.php?id=$ticket_id

--
$company_name - Support
$config_ticket_from_email
$company_phone"; - - // Check email valid - if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { - - $data = []; - - // Email Ticket Contact - // Queue Mail - - $data[] = [ - 'from' => $from_email, - 'from_name' => $from_name, - 'recipient' => $contact_email, - 'recipient_name' => $contact_name, - 'subject' => $subject, - 'body' => $body - ]; - } - - // Also Email all the watchers - $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); - $body .= "

----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET"; - while ($row = mysqli_fetch_assoc($sql_watchers)) { - $watcher_email = sanitizeInput($row['watcher_email']); - - // Queue Mail - $data[] = [ - 'from' => $from_email, - 'from_name' => $from_name, - 'recipient' => $watcher_email, - 'recipient_name' => $watcher_email, - 'subject' => $subject, - 'body' => $body - ]; - } - addToMailQueue($data); - } // End Mail IF - } else { - $skipped_count++; - } // End Task Check - } // End Loop - } // End Array Empty Check - - flash_alert("Resolved $ticket_count Tickets"); - - if ($skipped_count > 0) { - flash_alert("Resolved $ticket_count Tickets $skipped_count ticket(s) could not be resolved because they have open tasks.", 'info'); - } - - redirect(); - -} - -if (isset($_POST['bulk_ticket_reply'])) { - - enforceUserPermission('module_support', 2); - - // POST variables - $ticket_reply = mysqli_escape_string($mysqli, $_POST['bulk_reply_details']); - $ticket_status = intval($_POST['bulk_status']); - $ticket_reply_time_worked = sanitizeInput($_POST['time']); - $private_note = intval($_POST['bulk_private_reply']); - if ($private_note == 1) { - $ticket_reply_type = 'Internal'; - } else { - $ticket_reply_type = 'Public'; - } - - // Loop Through Tickets and Add Reply along with Email notifications - if (isset($_POST['ticket_ids'])) { - - // Get a Ticket Count - $ticket_count = count($_POST['ticket_ids']); - - foreach ($_POST['ticket_ids'] as $ticket_id) { - $ticket_id = intval($ticket_id); - - $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); - $row = mysqli_fetch_assoc($sql); - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $current_ticket_priority = sanitizeInput($row['ticket_priority']); - $url_key = sanitizeInput($row['ticket_url_key']); - $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']); - $client_id = intval($row['ticket_client_id']); - - if ($client_id) { - $client_uri = "&client_id=$client_id"; - } else { - $client_uri = ''; - } - - // Mark FR time if required - if (empty($ticket_first_response_at)) { - mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id"); - } - - // Add reply - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - - $ticket_reply_id = mysqli_insert_id($mysqli); - - // Update Ticket Status - mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '$ticket_status' WHERE ticket_id = $ticket_id"); - - logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id); - - // Custom action/notif handler - if ($ticket_reply_type == 'Internal') { - customAction('ticket_reply_agent_internal', $ticket_id); - } else { - customAction('reply_reply_agent_public', $ticket_id); - } - - // Resolve the ticket, if set - if ($ticket_status == 4) { - mysqli_query($mysqli, "UPDATE tickets SET ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id"); - - // Logging - logAction("Ticket", "Resolved", "$session_name resolved Ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); - - customAction('ticket_resolve', $ticket_id); - } - - // Get Contact Details - $sql = mysqli_query( - $mysqli, - "SELECT contact_name, contact_email, ticket_created_by, ticket_assigned_to - FROM tickets - LEFT JOIN contacts ON ticket_contact_id = contact_id - WHERE ticket_id = $ticket_id" - ); - - $row = mysqli_fetch_assoc($sql); - - $contact_name = sanitizeInput($row['contact_name']); - $contact_email = sanitizeInput($row['contact_email']); - $ticket_created_by = intval($row['ticket_created_by']); - $ticket_assigned_to = intval($row['ticket_assigned_to']); - - // Sanitize Config vars from get_settings.php - $from_name = sanitizeInput($config_ticket_from_name); - $from_email = sanitizeInput($config_ticket_from_email); - $base_url = sanitizeInput($config_base_url); - - $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_assoc($sql); - $company_name = sanitizeInput($row['company_name']); - $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); - - // Send e-mail to client if public update & email is set up - if ($private_note == 0 && !empty($config_smtp_host)) { - - $subject = "Ticket update - [$ticket_prefix$ticket_number] - $ticket_subject"; - $body = "##- Please type your reply above this line -##

Hello $contact_name,

Your ticket regarding $ticket_subject has been updated.

--------------------------------
$ticket_reply
--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status_name
Portal: View ticket

--
$company_name - Support
$from_email
$company_phone"; - - if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { - - $data = []; - - // Email Ticket Contact - // Queue Mail - $data[] = [ - 'from' => $from_email, - 'from_name' => $from_name, - 'recipient' => $contact_email, - 'recipient_name' => $contact_name, - 'subject' => $subject, - 'body' => $body - ]; - - } - - // Also Email all the watchers - $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); - $body .= "

----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET"; - while ($row = mysqli_fetch_assoc($sql_watchers)) { - $watcher_email = sanitizeInput($row['watcher_email']); - - // Queue Mail - $data[] = [ - 'from' => $from_email, - 'from_name' => $from_name, - 'recipient' => $watcher_email, - 'recipient_name' => $watcher_email, - 'subject' => $subject, - 'body' => $body - ]; - } - addToMailQueue($data); - } //End Mail IF - - // Notification for assigned ticket user - if ($session_user_id != $ticket_assigned_to && $ticket_assigned_to != 0) { - - mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name updated Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject that is assigned to you', notification_action = '/agent/ticket.php?ticket_id=$ticket_id$client_uri', notification_client_id = $client_id, notification_user_id = $ticket_assigned_to"); - } - - // Notification for user that opened the ticket - if ($session_user_id != $ticket_created_by && $ticket_created_by != 0) { - - mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name updated Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject that you opened', notification_action = '/agent/ticket.php?ticket_id=$ticket_id$client_uri', notification_client_id = $client_id, notification_user_id = $ticket_created_by"); - } - } // End Ticket Lopp - - } - - flash_alert("Updated $ticket_count tickets"); - - redirect(); - -} - - -// Currently not UI Frontend for this -if (isset($_POST['bulk_add_ticket_project'])) { - - enforceUserPermission('module_support', 2); - - // POST variables - $project_id = intval($_POST['project_id']); - - // Get Project Name - $sql = mysqli_query($mysqli, "SELECT project_name FROM projects WHERE project_id = $project_id"); - $row = mysqli_fetch_assoc($sql); - $project_name = sanitizeInput($row['project_name']); - - // Assign Project to Selected Tickets - if (isset($_POST['ticket_ids'])) { - - // Get a Ticket Count - $ticket_count = count($_POST['ticket_ids']); - - foreach ($_POST['ticket_ids'] as $ticket_id) { - $ticket_id = intval($ticket_id); - - $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); - $row = mysqli_fetch_assoc($sql); - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $current_ticket_priority = sanitizeInput($row['ticket_priority']); - $client_id = intval($row['ticket_client_id']); - - // Update ticket & insert reply - mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id"); - - logAction("Ticket", "Reply", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $ticket_id); - - - } // End For Each Ticket ID Loop - - flash_alert("$ticket_count Tickets added to Project $project_name"); - - } - - redirect(); - -} - -if (isset($_POST['bulk_add_asset_ticket'])) { - - validateCSRFToken($_POST['csrf_token']); - - enforceUserPermission('module_support', 2); - - $assigned_to = intval($_POST['bulk_assigned_to']); - if ($assigned_to == 0) { - $ticket_status = 1; - } else { - $ticket_status = 2; - } - $subject = sanitizeInput($_POST['bulk_subject']); - $priority = sanitizeInput($_POST['bulk_priority']); - $category_id = intval($_POST['bulk_category']); - $details = mysqli_real_escape_string($mysqli, $_POST['bulk_details']); - $project_id = intval($_POST['bulk_project']); - $use_primary_contact = intval($_POST['use_primary_contact']); - $ticket_template_id = intval($_POST['bulk_ticket_template_id']); - $billable = intval($_POST['bulk_billable'] ?? 0); - - // Check to see if adding a ticket by template - if($ticket_template_id) { - $sql = mysqli_query($mysqli, "SELECT * FROM ticket_templates WHERE ticket_template_id = $ticket_template_id"); - $row = mysqli_fetch_assoc($sql); - - // Override Template Subject - if(empty($subject)) { - $subject = sanitizeInput($row['ticket_template_subject']); - } - $details = mysqli_escape_string($mysqli, $row['ticket_template_details']); - - // Get Associated Tasks from the ticket template - $sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id"); - - } - - // Create ticket for each selected asset - if (isset($_POST['asset_ids'])) { - - // Get a Asset Count - $asset_count = count($_POST['asset_ids']); - - foreach ($_POST['asset_ids'] as $asset_id) { - $asset_id = intval($asset_id); - - $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id"); - $row = mysqli_fetch_assoc($sql); - - $asset_name = sanitizeInput($row['asset_name']); - $client_id = intval($row['asset_client_id']); - - $subject_asset_prepended = "$asset_name - $subject"; - - // Atomically increment and get the new ticket number - mysqli_query($mysqli, " - UPDATE settings - SET - config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number), - config_ticket_next_number = config_ticket_next_number + 1 - WHERE company_id = 1 - "); - - $ticket_number = mysqli_insert_id($mysqli); - - // Sanitize Config Vars from get_settings.php and Session Vars from check_login.php - $config_ticket_prefix = sanitizeInput($config_ticket_prefix); - $config_ticket_from_name = sanitizeInput($config_ticket_from_name); - $config_ticket_from_email = sanitizeInput($config_ticket_from_email); - $config_base_url = sanitizeInput($config_base_url); - - //Generate a unique URL key for clients to access - $url_key = randomString(32); - - mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject_asset_prepended', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id"); - - $ticket_id = mysqli_insert_id($mysqli); - - // Add Tasks - if (!empty($_POST['tasks'])) { - foreach ($_POST['tasks'] as $task) { - $task_name = sanitizeInput($task); - // Check that task_name is not-empty (For some reason the !empty on the array doesnt work here like in watchers) - if (!empty($task_name)) { - mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_ticket_id = $ticket_id"); - } - } - } - - // Add Tasks from Template if Template was selected - if($ticket_template_id) { - if (mysqli_num_rows($sql_task_templates) > 0) { - while ($row = mysqli_fetch_assoc($sql_task_templates)) { - $task_order = intval($row['task_template_order']); - $task_name = sanitizeInput($row['task_template_name']); - - mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_order = $task_order, task_ticket_id = $ticket_id"); - } - } - } - - // Custom action/notif handler - customAction('ticket_create', $ticket_id); - } - - logAction("Ticket", "Bulk Create", "$session_name created $asset_count tickets for $asset_count"); - - flash_alert("You created $asset_count tickets for the selected assets"); - - } - - redirect(); - -} - -if (isset($_POST['add_ticket_reply'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_POST['ticket_id']); - $ticket_reply = $_POST['ticket_reply']; // Reply is SQL escaped below - $ticket_status = intval($_POST['status']); - $client_id = intval($_POST['client_id']); - - // Time tracking, inputs & combine into string - $hours = intval($_POST['hours']); - $minutes = intval($_POST['minutes']); - $seconds = intval($_POST['seconds']); - $ticket_reply_time_worked = sanitizeInput(sprintf("%02d:%02d:%02d", $hours, $minutes, $seconds)); - - // Defaults - $send_email = 0; - $ticket_reply_id = 0; - if ($_POST['public_reply_type'] == 1 ){ - $ticket_reply_type = 'Public'; - } elseif ($_POST['public_reply_type'] == 2 ) { - $ticket_reply_type = 'Public'; - $send_email = 1; - } else { - $ticket_reply_type = 'Internal'; - } - // Add Signature to the end of the ticket reply if not Internal and if there is reply - if ($ticket_reply !== '' && $ticket_reply_type !== 'Internal' && $send_email == 1) { - $ticket_reply .= getFieldById('user_settings',$session_user_id,'user_config_signature', 'raw'); - } - - $ticket_reply = mysqli_escape_string($mysqli, $ticket_reply); // SQL Escape Ticket Reply - - // Update Ticket Status & updated at (in case status didn't change) - mysqli_query($mysqli, "UPDATE tickets SET ticket_status = $ticket_status, ticket_updated_at = NOW() WHERE ticket_id = $ticket_id"); - - // Resolve the ticket, if set - if ($ticket_status == 4) { - mysqli_query($mysqli, "UPDATE tickets SET ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id"); - - logAction("Ticket", "Resolved", "$session_name resolved Ticket ticket ID $ticket_id", $client_id, $ticket_id); - } - - // Process reply actions, if we have a reply to work with (e.g. we're not just editing the status) - if (!empty($ticket_reply)) { - - // Add reply - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - - $ticket_reply_id = mysqli_insert_id($mysqli); - - // Get Ticket Details - $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status, ticket_status_name, ticket_url_key, ticket_first_response_at, ticket_created_by, ticket_assigned_to, ticket_client_id - FROM tickets - LEFT JOIN clients ON ticket_client_id = client_id - LEFT JOIN contacts ON ticket_contact_id = contact_id - LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id - WHERE ticket_id = $ticket_id - "); - - $row = mysqli_fetch_assoc($ticket_sql); - - $contact_name = sanitizeInput($row['contact_name']); - $contact_email = sanitizeInput($row['contact_email']); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $ticket_status = intval($row['ticket_status']); - $ticket_status_name = sanitizeInput($row['ticket_status_name']); - $url_key = sanitizeInput($row['ticket_url_key']); - $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']); - $ticket_created_by = intval($row['ticket_created_by']); - $ticket_assigned_to = intval($row['ticket_assigned_to']); - $client_id = intval($row['ticket_client_id']); - - if ($client_id) { - $client_uri = "&client_id=$client_id"; - } else { - $client_uri = ''; - } - - // Sanitize Config vars from get_settings.php - $config_ticket_from_name = sanitizeInput($config_ticket_from_name); - $config_ticket_from_email = sanitizeInput($config_ticket_from_email); - $config_base_url = sanitizeInput($config_base_url); - - $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_assoc($sql); - $company_name = sanitizeInput($row['company_name']); - $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); - - // Send e-mail to client if public update & email is set up - if ($ticket_reply_type == 'Public' && $send_email == 1 && !empty($config_smtp_host)) { - - // Slightly different email subject/text depending on if this update set auto-close - - if ($ticket_status == 4) { - // Resolved - $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)"; - $body = "##- Please type your reply above this line -##

Hello $contact_name,

Your ticket regarding $ticket_subject has been marked as solved and is pending closure.

--------------------------------
$ticket_reply
--------------------------------

If your request/issue is resolved, you can simply ignore this email. If you need further assistance, please reply or re-open to let us know!

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status_name
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; - } else { - // Anything else - $subject = "Ticket update - [$ticket_prefix$ticket_number] - $ticket_subject"; - $body = "##- Please type your reply above this line -##

Hello $contact_name,

Your ticket regarding $ticket_subject has been updated.

--------------------------------
$ticket_reply
--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status_name
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; - } - - if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { - - $data = []; - - // Email Ticket Contact - // Queue Mail - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $contact_email, - 'recipient_name' => $contact_name, - 'subject' => $subject, - 'body' => $body - ]; - } - - // Also Email all the watchers - $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); - $body .= "

----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET"; - while ($row = mysqli_fetch_assoc($sql_watchers)) { - $watcher_email = sanitizeInput($row['watcher_email']); - - // Queue Mail - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $watcher_email, - 'recipient_name' => $watcher_email, - 'subject' => $subject, - 'body' => $body - ]; - } - addToMailQueue($data); - - } - //End Mail IF - - // Notification for assigned ticket user - if ($session_user_id != $ticket_assigned_to && $ticket_assigned_to != 0) { - mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name updated Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject that is assigned to you', notification_action = '/agent/ticket.php?ticket_id=$ticket_id$client_uri', notification_client_id = $client_id, notification_user_id = $ticket_assigned_to"); - } - - // Notification for user that opened the ticket - if ($session_user_id != $ticket_created_by && $ticket_created_by != 0) { - mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name updated Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject that you opened', notification_action = '/agent/ticket.php?ticket_id=$ticket_id$client_uri', notification_client_id = $client_id, notification_user_id = $ticket_created_by"); - } - - // Handle first response - if (empty($ticket_first_response_at) && $ticket_reply_type == 'Public') { - mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id"); - } - - // Custom action/notif handler - if ($ticket_reply_type == 'Internal') { - customAction('ticket_reply_agent_internal', $ticket_id); - } else { - customAction('reply_reply_agent_public', $ticket_id); - } - - flash_alert("Ticket $ticket_prefix$ticket_number has been updated with your reply and was $ticket_reply_type"); - - } else { - flash_alert("Ticket updated"); - } - - logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id); - - redirect(); - -} - -if (isset($_POST['edit_ticket_reply'])) { - - enforceUserPermission('module_support', 2); - - $ticket_reply_id = intval($_POST['ticket_reply_id']); - $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']); - $ticket_reply_type = sanitizeInput($_POST['ticket_reply_type']); - $ticket_reply_time_worked = sanitizeInput($_POST['time']); - - $client_id = intval($_POST['client_id']); - - mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_type != 'Client'") or die(mysqli_error($mysqli)); - - logAction("Ticket", "Reply", "$session_name edited ticket_reply", $client_id, $ticket_reply_id); - - flash_alert("Ticket reply updated"); - - redirect(); - -} - -if (isset($_POST['redact_ticket_reply'])) { - - enforceUserPermission('module_support', 2); - - $ticket_reply_id = intval($_POST['ticket_reply_id']); - $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']); - - $client_id = intval($_POST['client_id']); - - mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id"); - - logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id); - - flash_alert("Ticket reply redacted"); - - redirect(); - -} - -if (isset($_GET['archive_ticket_reply'])) { - - enforceUserPermission('module_support', 2); - - $ticket_reply_id = intval($_GET['archive_ticket_reply']); - - mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_archived_at = NOW() WHERE ticket_reply_id = $ticket_reply_id"); - - logAction("Ticket Reply", "Archive", "$session_name archived ticket_reply", 0, $ticket_reply_id); - - flash_alert("Ticket reply archived", 'error'); - - redirect(); - -} - -if (isset($_POST['merge_ticket'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_POST['ticket_id']); // Child ticket ID to be closed - $merge_into_ticket_number = intval($_POST['merge_into_ticket_number']); // Parent ticket *number* - $merge_comment = sanitizeInput($_POST['merge_comment']); // Merge comment - $move_replies = intval($_POST['merge_move_replies']); // Whether to move replies to the new parent ticket - $ticket_reply_type = 'Internal'; // Default all replies to internal - - // Get current ticket details - $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets WHERE ticket_id = $ticket_id"); - if (mysqli_num_rows($sql) == 0) { - flash_alert("No ticket with that ID found.", 'error'); - redirect(); - } - // CURRENT ticket details - $row = mysqli_fetch_assoc($sql); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']); - $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']); - - // NEW PARENT ticket details - // Get merge into ticket id (as it may differ from the number) - $sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_client_id FROM tickets WHERE ticket_number = $merge_into_ticket_number"); - if (mysqli_num_rows($sql) == 0) { - flash_alert("Cannot merge into that ticket.", 'error'); - redirect(); - } - $merge_row = mysqli_fetch_assoc($sql); - $merge_into_ticket_id = intval($merge_row['ticket_id']); - $client_id = intval($merge_row['ticket_client_id']); - if ($client_id) { - $has_client = "&client_id=$client_id"; - } else { - $has_client = ""; - } - // Sanity check - if ($ticket_number == $merge_into_ticket_number) { - flash_alert("Cannot merge into the same ticket.", 'error'); - redirect(); - } - - // Move ticket replies from child > parent - if ($move_replies) { - mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_ticket_id = $merge_into_ticket_id WHERE ticket_reply_ticket_id = $ticket_id"); - } - - // Update current ticket - if (empty($ticket_first_response_at)) { - mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id"); - } - - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number merged into $ticket_prefix$merge_into_ticket_number. Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - - mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '5', ticket_resolved_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli)); - - //Update new parent ticket - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was merged into this ticket with comment: $merge_comment.

$ticket_subject
$ticket_details', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $merge_into_ticket_id"); - - mysqli_query($mysqli, "UPDATE tickets SET ticket_updated_at = NOW() WHERE ticket_id = $merge_into_ticket_id"); - - logAction("Ticket", "Merged", "$session_name Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number"); - - customAction('ticket_merge', $ticket_id); - - flash_alert("Ticket merged into $ticket_prefix$merge_into_ticket_number"); - - redirect("ticket.php?ticket_id=$merge_into_ticket_id$has_client"); - -} - -if (isset($_POST['change_client_ticket'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_POST['ticket_id']); - $client_id = intval($_POST['new_client_id']); - $contact_id = intval($_POST['new_contact_id']); - - // Set any/all existing replies to internal - mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_type = 'Internal' WHERE ticket_reply_ticket_id = $ticket_id"); - - // Update ticket client & contact - mysqli_query($mysqli, "UPDATE tickets SET ticket_client_id = $client_id, ticket_contact_id = $contact_id WHERE ticket_id = $ticket_id LIMIT 1"); - - logAction("Ticket", "Change", "$session_name changed ticket client", $client_id, $ticket_id); - - customAction('ticket_update', $ticket_id); - - flash_alert("Ticket client updated"); - - redirect(); - -} - -if (isset($_GET['resolve_ticket'])) { - - validateCSRFToken($_GET['csrf_token']); - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_GET['resolve_ticket']); - - $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); - $row = mysqli_fetch_assoc($sql); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']); - - // Mark FR - if (empty($ticket_first_response_at)) { - mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id"); - } - - // Resolve - mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 4, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id"); - - logAction("Ticket", "Resolved", "$session_name resolved ticket $ticket_prefix$ticket_number (ID: $ticket_id)", 0, $ticket_id); - - customAction('ticket_resolve', $ticket_id); - - // Client notification email - if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) { - - // Get details - $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status_name, ticket_assigned_to, ticket_url_key, ticket_client_id FROM tickets - LEFT JOIN clients ON ticket_client_id = client_id - LEFT JOIN contacts ON ticket_contact_id = contact_id - LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id - WHERE ticket_id = $ticket_id - "); - $row = mysqli_fetch_assoc($ticket_sql); - - $contact_name = sanitizeInput($row['contact_name']); - $contact_email = sanitizeInput($row['contact_email']); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $client_id = intval($row['ticket_client_id']); - $ticket_assigned_to = intval($row['ticket_assigned_to']); - $ticket_status = sanitizeInput($row['ticket_status_name']); - $url_key = sanitizeInput($row['ticket_url_key']); - - // Sanitize Config vars from get_settings.php - $config_ticket_from_name = sanitizeInput($config_ticket_from_name); - $config_ticket_from_email = sanitizeInput($config_ticket_from_email); - $config_base_url = sanitizeInput($config_base_url); - - // Get Company Info - $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_assoc($sql); - $company_name = sanitizeInput($row['company_name']); - $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); - - // EMAIL - $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)"; - $body = "##- Please type your reply above this line -##

Hello $contact_name,

Your ticket regarding $ticket_subject has been marked as solved and is pending closure.

If your request/issue is resolved, you can simply ignore this email. If you need further assistance, please reply or re-open to let us know!

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; - - // Check email valid - if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { - - $data = []; - - // Email Ticket Contact - // Queue Mail - - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $contact_email, - 'recipient_name' => $contact_name, - 'subject' => $subject, - 'body' => $body - ]; - } - - // Also Email all the watchers - $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); - $body .= "

----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET"; - while ($row = mysqli_fetch_assoc($sql_watchers)) { - $watcher_email = sanitizeInput($row['watcher_email']); - - // Queue Mail - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $watcher_email, - 'recipient_name' => $watcher_email, - 'subject' => $subject, - 'body' => $body - ]; - } - addToMailQueue($data); - } - //End Mail IF - - flash_alert("Ticket resolved"); - - redirect(); - -} - -if (isset($_GET['close_ticket'])) { - - validateCSRFToken($_GET['csrf_token']); - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_GET['close_ticket']); - - mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 5, ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli)); - - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - - logAction("Ticket", "Closed", "$session_name closed ticket ID $ticket_id", 0, $ticket_id); - - customAction('ticket_close', $ticket_id); - - // Client notification email - if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) { - - // Get details - $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_url_key FROM tickets - LEFT JOIN clients ON ticket_client_id = client_id - LEFT JOIN contacts ON ticket_contact_id = contact_id - WHERE ticket_id = $ticket_id - "); - $row = mysqli_fetch_assoc($ticket_sql); - - $contact_name = sanitizeInput($row['contact_name']); - $contact_email = sanitizeInput($row['contact_email']); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $url_key = sanitizeInput($row['ticket_url_key']); - - // Sanitize Config vars from get_settings.php - $config_ticket_from_name = sanitizeInput($config_ticket_from_name); - $config_ticket_from_email = sanitizeInput($config_ticket_from_email); - $config_base_url = sanitizeInput($config_base_url); - - // Get Company Info - $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); - $row = mysqli_fetch_assoc($sql); - $company_name = sanitizeInput($row['company_name']); - $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); - - // EMAIL - $subject = "Ticket closed - [$ticket_prefix$ticket_number] - $ticket_subject | (do not reply)"; - $body = "Hello $contact_name,

Your ticket regarding \"$ticket_subject\" has been closed.

We hope the request/issue was resolved to your satisfaction, please provide your feedback here.
If you need further assistance, please raise a new ticket using the below details. Please do not reply to this email.

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Portal: https://$config_base_url/client/ticket.php?id=$ticket_id

--
$company_name - Support
$config_ticket_from_email
$company_phone"; - - // Check email valid - if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { - - $data = []; - - // Email Ticket Contact - // Queue Mail - - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $contact_email, - 'recipient_name' => $contact_name, - 'subject' => $subject, - 'body' => $body - ]; - } - - // Also Email all the watchers - $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); - $body .= "

----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET"; - while ($row = mysqli_fetch_assoc($sql_watchers)) { - $watcher_email = sanitizeInput($row['watcher_email']); - - // Queue Mail - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $watcher_email, - 'recipient_name' => $watcher_email, - 'subject' => $subject, - 'body' => $body - ]; - } - addToMailQueue($data); - } - //End Mail IF - - flash_alert("Ticket Closed, this cannot not be reopened but you may start another one"); - - redirect(); - -} - -if (isset($_GET['reopen_ticket'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_GET['reopen_ticket']); - - mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 2, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id"); - - logAction("Ticket", "Reopened", "$session_name reopened ticket ID $ticket_id", 0, $ticket_id); - - customAction('ticket_update', $ticket_id); - - flash_alert("Ticket re-opened"); - - redirect(); - -} - -if (isset($_POST['add_invoice_from_ticket'])) { - - enforceUserPermission('module_support', 2); - enforceUserPermission('module_sales', 2); - - $invoice_id = intval($_POST['invoice_id']); - $ticket_id = intval($_POST['ticket_id']); - $date = sanitizeInput($_POST['date']); - $category = intval($_POST['category']); - $scope = sanitizeInput($_POST['scope']); - - $sql = mysqli_query( - $mysqli, - "SELECT * FROM tickets - LEFT JOIN clients ON ticket_client_id = client_id - LEFT JOIN contacts ON ticket_contact_id = contact_id - LEFT JOIN assets ON ticket_asset_id = asset_id - LEFT JOIN locations ON ticket_location_id = location_id - WHERE ticket_id = $ticket_id" - ); - - $row = mysqli_fetch_assoc($sql); - $client_id = intval($row['client_id']); - $client_net_terms = intval($row['client_net_terms']); - if ($client_net_terms == 0) { - $client_net_terms = $config_default_net_terms; - } - - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_category = sanitizeInput($row['ticket_category']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $ticket_created_at = sanitizeInput($row['ticket_created_at']); - $ticket_updated_at = sanitizeInput($row['ticket_updated_at']); - $ticket_closed_at = sanitizeInput($row['ticket_closed_at']); - - $contact_id = intval($row['contact_id']); - $contact_name = sanitizeInput($row['contact_name']); - $contact_email = sanitizeInput($row['contact_email']); - - $asset_id = intval($row['asset_id']); - - $location_name = sanitizeInput($row['location_name']); - - if ($invoice_id == 0) { - - $invoice_prefix = sanitizeInput($config_invoice_prefix); - - // Atomically increment and get the new invoice number - mysqli_query($mysqli, " - UPDATE settings - SET - config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number), - config_invoice_next_number = config_invoice_next_number + 1 - WHERE company_id = 1 - "); - - $invoice_number = mysqli_insert_id($mysqli); - - //Generate a unique URL key for clients to access - $url_key = randomString(32); - - mysqli_query($mysqli, "INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_currency_code = '$session_company_currency', invoice_category_id = $category, invoice_status = 'Draft', invoice_url_key = '$url_key', invoice_client_id = $client_id"); - $invoice_id = mysqli_insert_id($mysqli); - } else { - $sql_invoice = mysqli_query($mysqli, "SELECT invoice_prefix, invoice_number FROM invoices WHERE invoice_id = $invoice_id"); - $row = mysqli_fetch_assoc($sql_invoice); - $invoice_prefix = sanitizeInput($row['invoice_prefix']); - $invoice_number = intval($row['invoice_number']); - } - - //Add Item - $item_name = sanitizeInput($_POST['item_name']); - $item_description = sanitizeInput($_POST['item_description']); - $qty = floatval($_POST['qty']); - $price = floatval($_POST['price']); - $tax_id = intval($_POST['tax_id']); - - $subtotal = $price * $qty; - - if ($tax_id > 0) { - $sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE tax_id = $tax_id"); - $row = mysqli_fetch_assoc($sql); - $tax_percent = floatval($row['tax_percent']); - $tax_amount = $subtotal * $tax_percent / 100; - } else { - $tax_amount = 0; - } - - $total = $subtotal + $tax_amount; - - mysqli_query($mysqli, "INSERT INTO invoice_items SET item_name = '$item_name', item_description = '$item_description', item_quantity = $qty, item_price = $price, item_subtotal = $subtotal, item_tax = $tax_amount, item_total = $total, item_order = 1, item_tax_id = $tax_id, item_invoice_id = $invoice_id"); - - //Update Invoice Balances - - $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = $invoice_id"); - $row = mysqli_fetch_assoc($sql); - - $new_invoice_amount = floatval($row['invoice_amount']) + $total; - - mysqli_query($mysqli, "UPDATE invoices SET invoice_amount = $new_invoice_amount WHERE invoice_id = $invoice_id"); - - mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Draft', history_description = 'Invoice created from Ticket $ticket_prefix$ticket_number', history_invoice_id = $invoice_id"); - - // Add internal note to ticket, and link to invoice in database - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Created invoice $config_invoice_prefix$invoice_number for this ticket.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - - mysqli_query($mysqli, "UPDATE tickets SET ticket_invoice_id = $invoice_id WHERE ticket_id = $ticket_id"); - - logAction("Invoice", "Create", "$session_name created invoice $invoice_prefix$invoice_number from Ticket $ticket_prefix$ticket_number", $client_id, $invoice_id); - - flash_alert("Invoice $invoice_prefix$invoice_number created from ticket"); - - redirect("invoice.php?invoice_id=$invoice_id"); - -} - -if (isset($_POST['export_tickets_csv'])) { - - enforceUserPermission('module_support', 2); - - if ($_POST['client_id']) { - $client_id = intval($_POST['client_id']); - $client_query = "WHERE ticket_client_id = $client_id"; - $client_name = getFieldById('clients', $client_id, 'client_name'); - $file_name_prepend = "$client_name-"; - } else { - $client_query = ''; - $client_name = ''; - $file_name_prepend = "$session_company_name-"; - } - - $sql = mysqli_query( - $mysqli, - "SELECT * FROM tickets - LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id - $client_query ORDER BY ticket_number ASC" - ); - - if ($sql->num_rows > 0) { - $delimiter = ","; - $enclosure = '"'; - $escape = '\\'; // backslash - $filename = sanitize_filename($file_name_prepend . "Tickets-" . date('Y-m-d_H-i-s') . ".csv"); - - //create a file pointer - $f = fopen('php://memory', 'w'); - - //set column headers - $fields = array('Ticket Number', 'Priority', 'Status', 'Subject', 'Date Opened', 'Date Resolved', 'Date Closed'); - fputcsv($f, $fields, $delimiter, $enclosure, $escape); - - //output each row of the data, format line as csv and write to file pointer - while ($row = $sql->fetch_assoc()) { - $lineData = array($config_ticket_prefix . $row['ticket_number'], $row['ticket_priority'], $row['ticket_status_name'], $row['ticket_subject'], $row['ticket_created_at'], $row['ticket_resolved_at'], $row['ticket_closed_at']); - fputcsv($f, $lineData, $delimiter, $enclosure, $escape); - } - - //move back to beginning of file - fseek($f, 0); - - //set headers to download file rather than displayed - header('Content-Type: text/csv'); - header('Content-Disposition: attachment; filename="' . $filename . '";'); - - //output all remaining data on a file pointer - fpassthru($f); - } - exit; - -} - -if (isset($_POST['edit_ticket_billable_status'])) { - - enforceUserPermission('module_support', 2); - enforceUserPermission('module_sales', 2); - - $ticket_id = intval($_POST['ticket_id']); - $billable_status = intval($_POST['billable_status']); - if ($billable_status == 0 ) { - $billable_wording = "Not"; - } - - // Get ticket details for logging - $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_client_id FROM tickets WHERE ticket_id = $ticket_id"); - $row = mysqli_fetch_assoc($sql); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $client_id = intval($row['ticket_client_id']); - - mysqli_query($mysqli,"UPDATE tickets SET ticket_billable = $billable_status WHERE ticket_id = $ticket_id"); - - logAction("Ticket", "Edit", "$session_name marked ticket $ticket_prefix$ticket_number as $billable_wording Billable", $client_id, $ticket_id); - - flash_alert("Ticket marked $billable_wording Billable"); - - redirect(); - -} - -if (isset($_POST['edit_ticket_schedule'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_POST['ticket_id']); - $onsite = intval($_POST['onsite']); - $schedule = sanitizeInput($_POST['scheduled_date_time']); - $ticket_link = "client/ticket.php?id=$ticket_id"; - $full_ticket_url = "https://$config_base_url/client/ticket.php?id=$ticket_id"; - $ticket_link_html = "$ticket_link"; - - mysqli_query($mysqli,"UPDATE tickets - SET ticket_schedule = '$schedule', ticket_onsite = $onsite - WHERE ticket_id = $ticket_id" - ); - - - // Check for other conflicting scheduled items based on 2 hr window - //TODO make this configurable - $start = date('Y-m-d H:i:s', strtotime($schedule) - 7200); - $end = date('Y-m-d H:i:s', strtotime($schedule) + 7200); - $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_schedule BETWEEN '$start' AND '$end' AND ticket_id != $ticket_id"); - if (mysqli_num_rows($sql) > 0) { - $conflicting_tickets = []; - while ($row = mysqli_fetch_assoc($sql)) { - $conflicting_tickets[] = $row['ticket_id'] . " - " . $row['ticket_subject'] . " @ " . $row['ticket_schedule']; - } - } - $sql = mysqli_query($mysqli, "SELECT * FROM tickets - LEFT JOIN clients ON ticket_client_id = client_id - LEFT JOIN contacts ON ticket_contact_id = contact_id - LEFT JOIN locations on contact_location_id = location_id - LEFT JOIN users ON ticket_assigned_to = user_id - WHERE ticket_id = $ticket_id - "); - - $row = mysqli_fetch_assoc($sql); - - $client_id = intval($row['ticket_client_id']); - $client_name = sanitizeInput($row['client_name']); - $ticket_details = sanitizeInput($row['ticket_details']); - $contact_name = sanitizeInput($row['contact_name']); - $contact_email = sanitizeInput($row['contact_email']); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $user_name = sanitizeInput($row['user_name']); - $user_email = sanitizeInput($row['user_email']); - $cal_subject = $ticket_number . ": " . $client_name . " - " . $ticket_subject; - $ticket_details_truncated = substr($ticket_details, 0, 100); - $cal_description = $ticket_details_truncated . " - " . $full_ticket_url; - $cal_location = sanitizeInput($row["location_address"]); - $email_datetime = date('l, F j, Y \a\t g:ia', strtotime($schedule)); - - if ($client_id) { - $client_uri = "&client_id=$client_id"; - } else { - $client_uri = ''; - } - - // Sanitize Config Vars - $config_ticket_from_email = sanitizeInput($config_ticket_from_email); - $config_ticket_from_name = sanitizeInput($config_ticket_from_name); - $session_company_name = sanitizeInput($session_company_name); - - - /// Create iCal event - $cal_str = createiCalStr($schedule, $cal_subject, $cal_description, $cal_location); - - // Notify the agent of the scheduled work - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $user_email, - 'recipient_name' => $user_name, - 'subject' => "Ticket Scheduled - [$ticket_prefix$ticket_number] - $ticket_subject", - 'body' => "Hello, " . $user_name . "

The ticket regarding $ticket_subject has been scheduled for $email_datetime.

--------------------------------
$ticket_link
--------------------------------

Please do not reply to this email.

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Portal: https://$config_base_url/agent/ticket.php?ticket_id=$ticket_id$client_uri

~
$session_company_name
Support Department
$config_ticket_from_email", - 'cal_str' => $cal_str - ]; - - if ($config_ticket_client_general_notifications) { - // Notify the ticket contact of the scheduled work - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $contact_email, - 'recipient_name' => $contact_name, - 'subject' => "Ticket Scheduled - [$ticket_prefix$ticket_number] - $ticket_subject", - 'body' => mysqli_escape_string($mysqli, "
- Hello, $contact_name -
- Your ticket regarding $ticket_subject has been scheduled for $email_datetime. -

- Access your ticket here -

- Please do not reply to this email. -

- Ticket: $ticket_prefix$ticket_number
- Subject: $ticket_subject
-

-
- ~
- $session_company_name
- Support Department
- $config_ticket_from_email
-
-
- This is an automated message. Please do not reply directly to this email. -
"), - 'cal_str' => $cal_str - ]; - - // Notify the watchers of the scheduled work - $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); - - while ($row = mysqli_fetch_assoc($sql_watchers)) { - $watcher_email = sanitizeInput($row['watcher_email']); - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $watcher_email, - 'recipient_name' => $watcher_email, - 'subject' => "Ticket Scheduled - [$ticket_prefix$ticket_number] - $ticket_subject", - 'body' => mysqli_escape_string($mysqli, nullable_htmlentities("
- Hello, -
- The ticket regarding $ticket_subject has been scheduled for $email_datetime. -

- $ticket_link -

- Please do not reply to this email. -

- Ticket: $ticket_prefix$ticket_number
- Subject: $ticket_subject
- Portal: Access the ticket here -

-
- ~
- $session_company_name
- Support Department
- $config_ticket_from_email
-
-
- This is an automated message. Please do not reply directly to this email. -
")), - 'cal_str' => $cal_str - ]; - } - } - - // Send - $response = addToMailQueue($data); - - // Update ticket reply - $ticket_reply_note = "Ticket scheduled for $email_datetime " . (boolval($onsite) ? '(onsite).' : '(remote).'); - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - - logAction("Ticket", "Edit", "$session_name edited ticket schedule", $client_id, $ticket_id); - - customAction('ticket_schedule', $ticket_id); - - if (empty($conflicting_tickets)) { - flash_alert("Ticket scheduled for $email_datetime"); - redirect(); - } else { - $_SESSION['alert_type'] = "error"; - flash_alert("Ticket scheduled for $email_datetime. Yet there are conflicting tickets scheduled for the same time:
" . implode(",
", $conflicting_tickets), 'error'); - redirect("calendar.php"); - } - -} - -if (isset($_GET['cancel_ticket_schedule'])) { - - enforceUserPermission('module_support', 2); - - $ticket_id = intval($_GET['cancel_ticket_schedule']); - - $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); - $row = mysqli_fetch_assoc($sql); - - $client_id = intval($row['ticket_client_id']); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $ticket_schedule = sanitizeInput($row['ticket_schedule']); - $ticket_cal_str = sanitizeInput($row['ticket_cal_str']); - - if ($client_id) { - $client_uri = "&client_id=$client_id"; - } else { - $client_uri = ''; - } - - mysqli_query($mysqli, "UPDATE tickets SET ticket_schedule = NULL WHERE ticket_id = $ticket_id"); - - // Sanitize Config Vars - $config_ticket_from_email = sanitizeInput($config_ticket_from_email); - $config_ticket_from_name = sanitizeInput($config_ticket_from_name); - $session_company_name = sanitizeInput($session_company_name); - - //Create iCal event - $cal_str = createiCalStrCancel($ticket_cal_str); - - //Send emails - - $sql = mysqli_query($mysqli, "SELECT * FROM tickets - LEFT JOIN clients ON ticket_client_id = client_id - LEFT JOIN contacts ON ticket_contact_id = contact_id - LEFT JOIN locations on contact_location_id = location_id - LEFT JOIN users ON ticket_assigned_to = user_id - WHERE ticket_id = $ticket_id - "); - $row = mysqli_fetch_assoc($sql); - - $client_id = intval($row['ticket_client_id']); - $client_name = sanitizeInput($row['client_name']); - $ticket_details = sanitizeInput($row['ticket_details']); - $contact_name = sanitizeInput($row['contact_name']); - $contact_email = sanitizeInput($row['contact_email']); - $ticket_prefix = sanitizeInput($row['ticket_prefix']); - $ticket_number = intval($row['ticket_number']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $user_name = sanitizeInput($row['user_name']); - $user_email = sanitizeInput($row['user_email']); - - // Notify the agent of the cancellation - $data[] = [ - // User Email - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $user_email, - 'recipient_name' => $user_name, - 'subject' => "Ticket Schedule Cancelled - [$ticket_prefix$ticket_number] - $ticket_subject", - 'body' => "Hello, " . $user_name . "

Scheduled work for the ticket regarding $ticket_subject has been cancelled.

--------------------------------
$ticket_link
--------------------------------

Please do not reply to this email.

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Portal: https://$config_base_url/agent/ticket.php?id=$ticket_id&client_id=$client_id

~
$session_company_name
Support Department
$config_ticket_from_email", - 'cal_str' => $cal_str - ]; - - if ($config_ticket_client_general_notifications) { - // Notify the ticket contact of the cancellation - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $contact_email, - 'recipient_name' => $contact_name, - 'subject' => "Ticket Schedule Cancelled - [$ticket_prefix$ticket_number] - $ticket_subject", - 'body' => mysqli_escape_string($mysqli, "
- Hello, $contact_name -
- Scheduled work for your ticket regarding $ticket_subject has been cancelled. -

- Access your ticket here -

- Please do not reply to this email. -

- Ticket: $ticket_prefix$ticket_number
- Subject: $ticket_subject
-

-
- ~
- $session_company_name
- Support Department
- $config_ticket_from_email
-
-
- This is an automated message. Please do not reply directly to this email. -
"), - 'cal_str' => $cal_str - ]; - - // Notify the watchers of the cancellation - $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); - while ($row = mysqli_fetch_assoc($sql_watchers)) { - $watcher_email = sanitizeInput($row['watcher_email']); - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $watcher_email, - 'recipient_name' => $watcher_email, - 'subject' => "Ticket Schedule Cancelled - [$ticket_prefix$ticket_number] - $ticket_subject", - 'body' => mysqli_escape_string($mysqli, nullable_htmlentities("
- Hello, -
- Scheduled work for the ticket regarding $ticket_subject has been cancelled. -

- $ticket_link -

- Please do not reply to this email. -

- Ticket: $ticket_prefix$ticket_number
- Subject: $ticket_subject
- Portal: Access the ticket here -

-
- ~
- $session_company_name
- Support Department
- $config_ticket_from_email
-
-
- This is an automated message. Please do not reply directly to this email. -
")), - 'cal_str' => $cal_str - ]; - } - } - - // Send email(s) - addToMailQueue($data); - - // Update ticket reply - $ticket_reply_note = "Ticket schedule cancelled."; - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); - - logAction("Ticket", "Edit", "$session_name cancelled ticket schedule", $client_id, $ticket_id); - - customAction('ticket_unschedule', $ticket_id); - - flash_alert("Ticket schedule cancelled", 'error'); - - redirect(); - -} + + if ($d !== false) { + $due = "'" . $d->format('Y-m-d H:i:s') . "'"; // wrap in quotes for SQL + } else { + $due = 'NULL'; // fallback if invalid + } + } + + // Add the primary contact as the ticket contact if "Use primary contact" is checked + if ($use_primary_contact == 1) { + $sql = mysqli_query($mysqli, "SELECT contact_id FROM contacts WHERE contact_client_id = $client_id AND contact_primary = 1"); + $row = mysqli_fetch_assoc($sql); + $contact = intval($row['contact_id']); + } + + // Atomically increment and get the new ticket number + mysqli_query($mysqli, " + UPDATE settings + SET + config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number), + config_ticket_next_number = config_ticket_next_number + 1 + WHERE company_id = 1 + "); + + $ticket_number = mysqli_insert_id($mysqli); + + // Sanitize Config Vars from get_settings.php and Session Vars from check_login.php + $config_ticket_prefix = sanitizeInput($config_ticket_prefix); + $config_ticket_from_name = sanitizeInput($config_ticket_from_name); + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $config_base_url = sanitizeInput($config_base_url); + + //Generate a unique URL key for clients to access + $url_key = randomString(32); + + mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Agent', ticket_category = $category_id, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = '$billable', ticket_status = '$ticket_status', ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_vendor_id = $vendor_id, ticket_location_id = $location_id, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_url_key = '$url_key', ticket_due_at = $due, ticket_client_id = $client_id, ticket_invoice_id = 0, ticket_project_id = $project_id"); + + $ticket_id = mysqli_insert_id($mysqli); + + // Add Tasks from Template if Template was selected + if($ticket_template_id) { + // Get Associated Tasks from the ticket template + $sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id"); + + if (mysqli_num_rows($sql_task_templates) > 0) { + while ($row = mysqli_fetch_assoc($sql_task_templates)) { + $task_order = intval($row['task_template_order']); + $task_name = sanitizeInput($row['task_template_name']); + $task_completion_estimate = intval($row['task_template_completion_estimate']); + + mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_order = $task_order, task_completion_estimate = $task_completion_estimate, task_ticket_id = $ticket_id"); + } + } + } + + // Add Watchers + if (isset($_POST['watchers'])) { + foreach ($_POST['watchers'] as $watcher) { + $watcher_email = sanitizeInput($watcher); + mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$watcher_email', watcher_ticket_id = $ticket_id"); + } + } + + // Add Additional Assets + if (isset($_POST['additional_assets'])) { + foreach ($_POST['additional_assets'] as $additional_asset) { + $additional_asset_id = intval($additional_asset); + mysqli_query($mysqli, "INSERT INTO ticket_assets SET ticket_id = $ticket_id, asset_id = $additional_asset_id"); + } + } + + // E-mail client + if ((!empty($config_smtp_host) || !empty($config_smtp_provider)) && $config_ticket_client_general_notifications == 1) { + + // Get contact/ticket details + $sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_category, ticket_subject, ticket_details, ticket_priority, ticket_status, ticket_created_by, ticket_assigned_to, ticket_client_id FROM tickets + LEFT JOIN clients ON ticket_client_id = client_id + LEFT JOIN contacts ON ticket_contact_id = contact_id + WHERE ticket_id = $ticket_id"); + $row = mysqli_fetch_assoc($sql); + + $contact_name = sanitizeInput($row['contact_name']); + $contact_email = sanitizeInput($row['contact_email']); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_category = sanitizeInput($row['ticket_category']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']); + $ticket_priority = sanitizeInput($row['ticket_priority']); + $ticket_status = sanitizeInput($row['ticket_status']); + $ticket_status_name = sanitizeInput(getTicketStatusName($row['ticket_status'])); + $client_id = intval($row['ticket_client_id']); + $ticket_created_by = intval($row['ticket_created_by']); + $ticket_assigned_to = intval($row['ticket_assigned_to']); + + // Get Company Phone Number + $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); + $row = mysqli_fetch_assoc($sql); + $company_name = sanitizeInput($row['company_name']); + $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); + + // EMAILING + + $subject = "Ticket Created [$ticket_prefix$ticket_number] - $ticket_subject"; + $body = "##- Please type your reply above this line -##

Hello $contact_name,

A ticket regarding \"$ticket_subject\" has been created for you.

--------------------------------
$ticket_details--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: Open
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + + // Verify contact email is valid + if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { + + + // Email Ticket Contact + // Queue Mail + $data = []; + + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => $subject, + 'body' => $body + ]; + } + + // Also Email all the watchers + $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); + $body .= "

----------------------------------------
YOU HAVE BEEN ADDED AS A COLLABORATOR FOR THIS TICKET"; + while ($row = mysqli_fetch_assoc($sql_watchers)) { + $watcher_email = sanitizeInput($row['watcher_email']); + + // Queue Mail + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $watcher_email, + 'recipient_name' => $watcher_email, + 'subject' => $subject, + 'body' => $body + ]; + } + addToMailQueue($data); + + // END EMAILING + + } + + // Custom action/notif handler + customAction('ticket_create', $ticket_id); + + logAction("Ticket", "Create", "$session_name created ticket $config_ticket_prefix$ticket_number - $ticket_subject", $client_id, $ticket_id); + + flash_alert("Ticket $config_ticket_prefix$ticket_number created"); + + redirect("ticket.php?client_id=$client_id&ticket_id=$ticket_id"); + +} + +if (isset($_POST['edit_ticket'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_POST['ticket_id']); + $contact_id = intval($_POST['contact']); + $assigned_to = intval($_POST['assigned_to']); + $notify = intval($_POST['contact_notify'] ?? 0); + $category_id = intval($_POST['category']); + $ticket_subject = sanitizeInput($_POST['subject']); + $billable = intval($_POST['billable'] ?? 0); + $ticket_priority = sanitizeInput($_POST['priority']); + $details = mysqli_real_escape_string($mysqli, $_POST['details']); + $vendor_ticket_number = sanitizeInput($_POST['vendor_ticket_number']); + $vendor_id = intval($_POST['vendor']); + $asset_id = intval($_POST['asset']); + $location_id = intval($_POST['location']); + $project_id = intval($_POST['project']); + // Validate/clean due field + $dueInput = $_POST['due'] ?? null; + if ($dueInput === null || trim($dueInput) === '') { + $due = 'NULL'; // prepare as SQL-safe string + } else { + $d = DateTime::createFromFormat('Y-m-d\TH:i', $dueInput); // for + if ($d !== false) { + $due = "'" . $d->format('Y-m-d H:i:s') . "'"; // wrap in quotes for SQL + } else { + $due = 'NULL'; // fallback if invalid + } + } + + mysqli_query($mysqli, "UPDATE tickets SET ticket_category = $category_id, ticket_subject = '$ticket_subject', ticket_priority = '$ticket_priority', ticket_billable = $billable, ticket_details = '$details', ticket_due_at = $due, ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_contact_id = $contact_id, ticket_assigned_to = $assigned_to, ticket_vendor_id = $vendor_id, ticket_location_id = $location_id, ticket_asset_id = $asset_id, ticket_project_id = $project_id WHERE ticket_id = $ticket_id"); + + // Add Additional Assets + if (isset($_POST['additional_assets'])) { + mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id"); + foreach ($_POST['additional_assets'] as $additional_asset) { + $additional_asset_id = intval($additional_asset); + mysqli_query($mysqli, "INSERT INTO ticket_assets SET ticket_id = $ticket_id, asset_id = $additional_asset_id"); + } + } else { + // If no additional assets are provided, delete them all + // This handles cases where the assets input might be cleared or not set at all. + mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id"); + } + + // Get contact/ticket details after update for logging / email purposes + $sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_category, ticket_details, ticket_status_name, ticket_created_by, ticket_assigned_to, ticket_url_key, ticket_client_id FROM tickets + LEFT JOIN clients ON ticket_client_id = client_id + LEFT JOIN contacts ON ticket_contact_id = contact_id + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE ticket_id = $ticket_id + AND ticket_closed_at IS NULL"); + $row = mysqli_fetch_assoc($sql); + + $contact_name = sanitizeInput($row['contact_name']); + $contact_email = sanitizeInput($row['contact_email']); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_category = sanitizeInput($row['ticket_category']); + $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']); + $ticket_status = sanitizeInput($row['ticket_status_name']); + $ticket_created_by = intval($row['ticket_created_by']); + $ticket_assigned_to = intval($row['ticket_assigned_to']); + $url_key = sanitizeInput($row['ticket_url_key']); + $client_id = intval($row['ticket_client_id']); + + // Notify new contact if selected + if ($notify && (!empty($config_smtp_host) || !empty($config_smtp_provider))) { + + // Get Company Name Phone Number and Sanitize for Email Sending + $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); + $row = mysqli_fetch_assoc($sql); + $company_name = sanitizeInput($row['company_name']); + $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); + + // Email content + $data = []; // Queue array + + $subject = "Ticket Created - [$ticket_prefix$ticket_number] - $ticket_subject"; + $body = "##- Please type your reply above this line -##

Hello $contact_name,

A ticket regarding \"$ticket_subject\" has been created for you.

--------------------------------
$ticket_details--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + + + // Only add contact to email queue if email is valid + if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => $subject, + 'body' => $body + ]; + } + + addToMailQueue($data); + } + + // Custom action/notif handler + customAction('ticket_update', $ticket_id); + + logAction("Ticket", "Edit", "$session_name edited ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); + + flash_alert("Ticket $ticket_prefix$ticket_number updated"); + + redirect(); + +} + +if (isset($_POST['edit_ticket_priority'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_POST['ticket_id']); + $priority = sanitizeInput($_POST['priority']); + $client_id = intval($_POST['client_id']); + + // Get ticket details before updating + $sql = mysqli_query($mysqli, "SELECT + ticket_prefix, ticket_number, ticket_priority, ticket_status_name, ticket_client_id + FROM tickets + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE ticket_id = $ticket_id" + ); + $row = mysqli_fetch_assoc($sql); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $original_priority = sanitizeInput($row['ticket_priority']); + $ticket_status = sanitizeInput($row['ticket_status_name']); + $client_id = intval($row['ticket_client_id']); + + mysqli_query($mysqli, "UPDATE tickets SET ticket_priority = '$priority' WHERE ticket_id = $ticket_id"); + + // Update Ticket History + mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status', ticket_history_description = '$session_name changed priority from $original_priority to $priority', ticket_history_ticket_id = $ticket_id"); + + logAction("Ticket", "Edit", "$session_name changed priority from $original_priority to $priority for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); + + customAction('ticket_update', $ticket_id); + + flash_alert("Priority updated from $original_priority to $priority"); + + redirect(); + +} + +if (isset($_POST['edit_ticket_contact'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_POST['ticket_id']); + $contact_id = intval($_POST['contact']); + $notify = intval($_POST['contact_notify']) ?? 0; + + // Get Original contact, and ticket details + $sql = mysqli_query($mysqli, "SELECT + contact_name, ticket_prefix, ticket_number, ticket_status_name, ticket_subject, ticket_details, ticket_url_key, ticket_client_id + FROM tickets + LEFT JOIN contacts ON ticket_contact_id = contact_id + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE ticket_id = $ticket_id" + ); + $row = mysqli_fetch_assoc($sql); + + // Original contact + $original_contact_name = !empty($row['contact_name']) ? sanitizeInput($row['contact_name']) : 'No one'; + + // Ticket details + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_status = sanitizeInput($row['ticket_status_name']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']); + $url_key = sanitizeInput($row['ticket_url_key']); + $client_id = intval($row['ticket_client_id']); + + // Update the contact + mysqli_query($mysqli, "UPDATE tickets SET ticket_contact_id = $contact_id WHERE ticket_id = $ticket_id"); + + // Get New contact details + $sql = mysqli_query($mysqli, "SELECT contact_name, contact_email FROM contacts WHERE contact_id = $contact_id"); + $row = mysqli_fetch_assoc($sql); + + $contact_name = !empty($row['contact_name']) ? sanitizeInput($row['contact_name']) : 'No one'; + $contact_email = sanitizeInput($row['contact_email']); + + // Notify new contact (if selected, valid & configured) + if ($notify && filter_var($contact_email, FILTER_VALIDATE_EMAIL) && (!empty($config_smtp_host) || !empty($config_smtp_provider))) { + + // Get Company Phone Number + $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); + $row = mysqli_fetch_assoc($sql); + $company_name = sanitizeInput($row['company_name']); + $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); + + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $config_ticket_from_name = sanitizeInput($config_ticket_from_name); + + // Email content + $data = []; // Queue array + + $subject = "Ticket Created - [$ticket_prefix$ticket_number] - $ticket_subject"; + $body = "##- Please type your reply above this line -##

Hello $contact_name,

A ticket regarding \"$ticket_subject\" has been created for you.

--------------------------------
$ticket_details--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => $subject, + 'body' => $body + ]; + + addToMailQueue($data); + } + + // Custom action/notif handler + customAction('ticket_update', $ticket_id); + + // Update Ticket History + mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status', ticket_history_description = '$session_name changed the contact from $original_contact_name to $contact_name', ticket_history_ticket_id = $ticket_id"); + + logAction("Ticket", "Edit", "$session_name changed the contact from $original_contact_name to $contact_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); + + flash_alert("Contact changed from $original_contact_name to $contact_name"); + + redirect(); + +} + +if (isset($_POST['edit_ticket_project'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_POST['ticket_id']); + $project_id = intval($_POST['project']); + + $project_name = sanitizeInput(getFieldById('projects', $project_id, 'project_name')); + $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id')); + $ticket_prefix = sanitizeInput(getFieldById('tickets', $ticket_id, 'ticket_prefix')); + $ticket_number = sanitizeInput(getFieldById('tickets', $ticket_id, 'ticket_number')); + + mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id"); + + logAction("Ticket", "Edit", "$session_name set ticket $ticket_prefix$ticket_number project to $project_name", $client_id, $ticket_id); + + flash_alert("Project changed to $project_name for Ticket $ticket_prefix$ticket_number"); + + redirect(); + +} + +if (isset($_POST['add_ticket_watcher'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_POST['ticket_id']); + $watcher_emails = preg_split("/,| |;/", $_POST['watcher_email']); // Split on comma, semicolon or space, we sanitize later + $notify = intval($_POST['watcher_notify'] ?? 0); + + // Get contact/ticket details + $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_category, ticket_subject, ticket_details, ticket_priority, ticket_status_name, ticket_url_key, ticket_created_by, ticket_assigned_to, ticket_client_id FROM tickets + LEFT JOIN clients ON ticket_client_id = client_id + LEFT JOIN contacts ON ticket_contact_id = contact_id + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE ticket_id = $ticket_id + AND ticket_closed_at IS NULL"); + $row = mysqli_fetch_assoc($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_category = sanitizeInput($row['ticket_category']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']); + $ticket_priority = sanitizeInput($row['ticket_priority']); + $ticket_status = sanitizeInput($row['ticket_status_name']); + $url_key = sanitizeInput($row['ticket_url_key']); + $client_id = intval($row['ticket_client_id']); + $ticket_created_by = intval($row['ticket_created_by']); + $ticket_assigned_to = intval($row['ticket_assigned_to']); + + // Get Company Phone Number + $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); + $row = mysqli_fetch_assoc($sql); + $company_name = sanitizeInput($row['company_name']); + $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); + + // Process each watcher in list + foreach ($watcher_emails as $watcher_email) { + + if (filter_var($watcher_email, FILTER_VALIDATE_EMAIL)) { + + $watcher_email = sanitizeInput($watcher_email); + + mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$watcher_email', watcher_ticket_id = $ticket_id"); + + // Notify watcher + if ($notify && (!empty($config_smtp_host) || !empty($config_smtp_provider))) { + + + + // Email content + $data = []; // Queue array + + $subject = "Ticket Notification - [$ticket_prefix$ticket_number] - $ticket_subject"; + $body = "##- Please type your reply above this line -##

Hello,

You have been added as a collaborator on this ticket regarding \"$ticket_subject\".

--------------------------------
$ticket_details--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status
Guest link: https://$config_base_url/guest/guest_view_ticket.php?ticket_id=$ticket_id&url_key=$url_key

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $watcher_email, + 'recipient_name' => $watcher_email, + 'subject' => $subject, + 'body' => $body + ]; + + addToMailQueue($data); + } + + logAction("Ticket", "Edit", "$session_name added $watcher_email as a watcher for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); + } + + } + + flash_alert("Added watcher(s)"); + + redirect(); + +} + +if (isset($_GET['delete_ticket_watcher'])) { + + enforceUserPermission('module_support', 2); + + $watcher_id = intval($_GET['delete_ticket_watcher']); + + // Get ticket / watcher details for logging + $sql = mysqli_query($mysqli, "SELECT watcher_email, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id, ticket_id FROM ticket_watchers + LEFT JOIN tickets ON watcher_ticket_id = ticket_id + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE watcher_id = $watcher_id" + ); + $row = mysqli_fetch_assoc($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_status_name = sanitizeInput($row['ticket_status_name']); + $watcher_email = sanitizeInput($row['watcher_email']); + $client_id = intval($row['ticket_client_id']); + $ticket_id = intval($row['ticket_id']); + + mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_id = $watcher_id"); + + // History + mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status_name', ticket_history_description = '$session_name removed ticket $watcher_email as a watcher', ticket_history_ticket_id = $ticket_id"); + + logAction("Ticket", "Edit", "$session_name removed $watcher_email as a watcher for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); + + flash_alert("Removed ticket watcher $watcher_email", 'error'); + + redirect(); + +} + +if (isset($_GET['delete_ticket_additional_asset'])) { + + enforceUserPermission('module_support', 2); + + $asset_id = intval($_GET['delete_ticket_additional_asset']); + $ticket_id = intval($_GET['ticket_id']); + + // Get ticket / asset details for logging + $sql = mysqli_query($mysqli, "SELECT asset_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM assets + JOIN tickets ON ticket_id = $ticket_id + JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE asset_id = $asset_id" + ); + $row = mysqli_fetch_assoc($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_status_name = sanitizeInput($row['ticket_status_name']); + $asset_name = sanitizeInput($row['asset_name']); + $client_id = intval($row['ticket_client_id']); + + mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id AND asset_id = $asset_id"); + + // History + mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status_name', ticket_history_description = '$session_name removed additional asset $asset_name', ticket_history_ticket_id = $ticket_id"); + + logAction("Ticket", "Edit", "$session_name removed asset $asset_name from ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); + + flash_alert("Removed asset $asset_name from ticket.", 'error'); + + redirect(); + +} + +if (isset($_POST['edit_ticket_asset'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_POST['ticket_id']); + $asset_id = intval($_POST['asset']); + + mysqli_query($mysqli, "UPDATE tickets SET ticket_asset_id = $asset_id WHERE ticket_id = $ticket_id"); + + // Add Additional Assets + if (isset($_POST['additional_assets'])) { + mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id"); + foreach ($_POST['additional_assets'] as $additional_asset) { + $additional_asset_id = intval($additional_asset); + mysqli_query($mysqli, "INSERT INTO ticket_assets SET ticket_id = $ticket_id, asset_id = $additional_asset_id"); + } + } else { + // If no additional assets are provided, delete them all + // This handles cases where the assets input might be cleared or not set at all. + mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id"); + } + + // Get ticket / asset details for logging + $sql = mysqli_query($mysqli, "SELECT asset_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM assets + LEFT JOIN tickets ON ticket_asset_id = asset_id + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE ticket_id = $ticket_id" + ); + $row = mysqli_fetch_assoc($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_status_name = sanitizeInput($row['ticket_status_name']); + $asset_name = sanitizeInput($row['asset_name']); + $client_id = intval($row['ticket_client_id']); + + logAction("Ticket", "Edit", "$session_name changed asset to $asset_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); + + flash_alert("Ticket $ticket_prefix$ticket_number asset updated to $asset_name"); + + redirect(); + +} + +if (isset($_POST['edit_ticket_vendor'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_POST['ticket_id']); + $vendor_id = intval($_POST['vendor']); + + mysqli_query($mysqli, "UPDATE tickets SET ticket_vendor_id = $vendor_id WHERE ticket_id = $ticket_id"); + + // Get ticket / vendor details for logging + $sql = mysqli_query($mysqli, "SELECT vendor_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM vendors + LEFT JOIN tickets ON ticket_vendor_id = $vendor_id + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE ticket_id = $ticket_id" + ); + $row = mysqli_fetch_assoc($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_status_name = sanitizeInput($row['ticket_status_name']); + $vendor_name = sanitizeInput($row['vendor_name']); + $client_id = intval($row['ticket_client_id']); + + logAction("Ticket", "Edit", "$session_name set vendor to $vendor_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); + + flash_alert("Set vendor to $vendor_name for ticket $ticket_prefix$ticket_number"); + + redirect(); + +} + +if (isset($_POST['assign_ticket'])) { + + enforceUserPermission('module_support', 2); + + // POST variables + $ticket_id = intval($_POST['ticket_id']); + $assigned_to = intval($_POST['assigned_to']); + $ticket_status = intval($_POST['ticket_status']); + + // New > Open as assigned + if ($ticket_status == 1 && $assigned_to !== 0) { + $ticket_status = 2; + } + + // Allow for un-assigning tickets + if ($assigned_to == 0) { + $ticket_reply = "Ticket unassigned."; + $agent_name = "No One"; + } else { + // Get & verify assigned agent details + $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE users.user_id = $assigned_to"); + $agent_details = mysqli_fetch_assoc($agent_details_sql); + + $agent_name = sanitizeInput($agent_details['user_name']); + $agent_email = sanitizeInput($agent_details['user_email']); + $ticket_reply = "Ticket re-assigned to $agent_name."; + + if (!$agent_name) { + flash_alert("Invalid agent!", 'error'); + redirect(); + } + } + + // Get & verify ticket details + $ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_client_id, client_name FROM tickets LEFT JOIN clients ON ticket_client_id = client_id WHERE ticket_id = '$ticket_id' AND ticket_status != 5"); + $ticket_details = mysqli_fetch_assoc($ticket_details_sql); + + $ticket_prefix = sanitizeInput($ticket_details['ticket_prefix']); + $ticket_number = intval($ticket_details['ticket_number']); + $ticket_subject = sanitizeInput($ticket_details['ticket_subject']); + $client_id = intval($ticket_details['ticket_client_id']); + $client_name = sanitizeInput($ticket_details['client_name']); + + if (!$ticket_subject) { + flash_alert("Invalid ticket!", 'error'); + redirect(); + } + + if ($client_id) { + $client_uri = "&client_id=$client_id"; + } else { + $client_uri = ''; + } + + // Update ticket & insert reply + mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = $assigned_to, ticket_status = '$ticket_status' WHERE ticket_id = $ticket_id"); + + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + + logAction("Ticket", "Edit", "$session_name reassigned $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id); + + + // Notification + if ($session_user_id != $assigned_to && $assigned_to != 0) { + + // App Notification + mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = 'Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject has been assigned to you by $session_name', notification_action = '/agent/ticket.php?ticket_id=$ticket_id$client_uri', notification_client_id = $client_id, notification_user_id = $assigned_to"); + + // Email Notification + if (!empty($config_smtp_host) || !empty($config_smtp_provider)) { + + // Sanitize Config vars from get_settings.php + $config_ticket_from_name = sanitizeInput($config_ticket_from_name); + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $company_name = sanitizeInput($session_company_name); + + $subject = "$config_app_name - Ticket $ticket_prefix$ticket_number assigned to you - $ticket_subject"; + $body = "Hi $agent_name,

A ticket has been assigned to you!

Client: $client_name
Ticket Number: $ticket_prefix$ticket_number
Subject: $ticket_subject

https://$config_base_url/agent/ticket.php?ticket_id=$ticket_id$client_uri

Thanks,
$session_name
$company_name"; + + // Email Ticket Agent + // Queue Mail + $data = [ + [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $agent_email, + 'recipient_name' => $agent_name, + 'subject' => $subject, + 'body' => $body, + ] + ]; + addToMailQueue($data); + } + } + + customAction('ticket_assign', $ticket_id); + + flash_alert("Ticket $ticket_prefix$ticket_number assigned to $agent_name"); + + redirect(); + +} + +if (isset($_GET['delete_ticket'])) { + + validateCSRFToken($_GET['csrf_token']); + + enforceUserPermission('module_support', 3); + + $ticket_id = intval($_GET['delete_ticket']); + + // Get Ticket and Client ID for logging and alert message + $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_status, ticket_closed_at, ticket_client_id FROM tickets WHERE ticket_id = $ticket_id"); + $row = mysqli_fetch_assoc($sql); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = sanitizeInput($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $ticket_status = sanitizeInput($row['ticket_status']); + $ticket_closed_at = sanitizeInput($row['ticket_closed_at']); + $client_id = intval($row['ticket_client_id']); + + if (empty($ticket_closed_at)) { + mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id"); + + // Delete all ticket replies + mysqli_query($mysqli, "DELETE FROM ticket_replies WHERE ticket_reply_ticket_id = $ticket_id"); + + // Delete all ticket views + mysqli_query($mysqli, "DELETE FROM ticket_views WHERE view_ticket_id = $ticket_id"); + + // Delete ticket watchers + mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); + + // Delete Ticket Attachements + mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id"); + removeDirectory("../uploads/tickets/$ticket_id"); + + // No Need to delete ticket assets as this is cascadely deleted via the database. + + logAction("Ticket", "Delete", "$session_name deleted $ticket_prefix$ticket_number along with all replies", $client_id); + + flash_alert("Ticket $ticket_prefix$ticket_number along with all replies deleted", 'error'); + + customAction('ticket_delete', $ticket_id); + + redirect("tickets.php"); + } + +} + +if (isset($_POST['bulk_delete_tickets'])) { + + validateCSRFToken($_POST['csrf_token']); + + enforceUserPermission('module_support', 3); + + if (isset($_POST['ticket_ids'])) { + + $count = count($_POST['ticket_ids']); + + // Cycle through array and delete each recurring scheduled ticket + foreach ($_POST['ticket_ids'] as $ticket_id) { + + $ticket_id = intval($ticket_id); + mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id"); + + // Delete all ticket replies + mysqli_query($mysqli, "DELETE FROM ticket_replies WHERE ticket_reply_ticket_id = $ticket_id"); + + // Delete all ticket views + mysqli_query($mysqli, "DELETE FROM ticket_views WHERE view_ticket_id = $ticket_id"); + + // Delete ticket watchers + mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); + + // Delete Ticket Attachements + mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id"); + removeDirectory("../uploads/tickets/$ticket_id"); + + // No Need to delete ticket assets as this is cascadely deleted via the database. + + logAction("Ticket", "Delete", "$session_name deleted ticket", 0, $ticket_id); + + } + + logAction("Ticket", "Bulk Delete", "$session_name deleted $count ticket(s)"); + + flash_alert("Deleted $count ticket(s)", 'error'); + } + + redirect(); + +} + +if (isset($_POST['bulk_assign_ticket'])) { + + enforceUserPermission('module_support', 2); + + // POST variables + $assign_to = intval($_POST['assign_to']); + + // Get a Ticket Count + $ticket_count = count($_POST['ticket_ids']); + + // Assign Tech to Selected Tickets + if (!empty($_POST['ticket_ids'])) { + foreach ($_POST['ticket_ids'] as $ticket_id) { + $ticket_id = intval($ticket_id); + + $sql = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id WHERE ticket_id = $ticket_id"); + $row = mysqli_fetch_assoc($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_status = intval($row['ticket_status']); + $ticket_name = sanitizeInput($row['ticket_name']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $client_id = intval($row['ticket_client_id']); + + if ($ticket_status == 1 && $assigned_to !== 0) { + $ticket_status = 2; + } + + // Allow for un-assigning tickets + if ($assign_to == 0) { + $ticket_reply = "Ticket unassigned, pending re-assignment."; + $agent_name = "No One"; + } else { + // Get & verify assigned agent details + $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assign_to"); + $agent_details = mysqli_fetch_assoc($agent_details_sql); + + $agent_name = sanitizeInput($agent_details['user_name']); + $agent_email = sanitizeInput($agent_details['user_email']); + $ticket_reply = "Ticket re-assigned to $agent_name."; + + if (!$agent_name) { + flash_alert("Invalid agent!", 'error'); + redirect(); + } + } + + // Update ticket & insert reply + mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = $assign_to, ticket_status = $ticket_status WHERE ticket_id = $ticket_id"); + + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + + logAction("Ticket", "Edit", "$session_name reassigned ticket $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id); + + customAction('ticket_assign', $ticket_id); + + $tickets_assigned_body .= "$ticket_prefix$ticket_number - $ticket_subject
"; + } // End For Each Ticket ID Loop + + // Notification + if ($session_user_id != $assign_to && $assign_to != 0) { + + // App Notification + mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$ticket_count Tickets have been assigned to you by $session_name', notification_action = 'tickets.php?status=Open&assigned=$assign_to', notification_client_id = $client_id, notification_user_id = $assign_to"); + + // Agent Email Notification + if (!empty($config_smtp_host) || !empty($config_smtp_provider)) { + + // Sanitize Config vars from get_settings.php + $config_ticket_from_name = sanitizeInput($config_ticket_from_name); + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $company_name = sanitizeInput($session_company_name); + + $subject = "$config_app_name - $ticket_count tickets have been assigned to you"; + $body = "Hi $agent_name,

$session_name assigned $ticket_count tickets to you!

$tickets_assigned_body
Thanks,
$session_name
$company_name"; + + // Email Ticket Agent + // Queue Mail + $data = [ + [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $agent_email, + 'recipient_name' => $agent_name, + 'subject' => $subject, + 'body' => $body, + ] + ]; + addToMailQueue($data); + } + } + } + + flash_alert("You assigned $ticket_count Tickets to $agent_name"); + + redirect(); + +} + +if (isset($_POST['bulk_edit_ticket_priority'])) { + + enforceUserPermission('module_support', 2); + + // POST variables + $priority = sanitizeInput($_POST['bulk_priority']); + + // Assign Tech to Selected Tickets + if (isset($_POST['ticket_ids'])) { + + // Get a Ticket Count + $ticket_count = count($_POST['ticket_ids']); + + foreach ($_POST['ticket_ids'] as $ticket_id) { + $ticket_id = intval($ticket_id); + + $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); + $row = mysqli_fetch_assoc($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $original_ticket_priority = sanitizeInput($row['ticket_priority']); + $client_id = intval($row['ticket_client_id']); + + // Update ticket & insert reply + mysqli_query($mysqli, "UPDATE tickets SET ticket_priority = '$priority' WHERE ticket_id = $ticket_id"); + + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$session_name updated the priority from $current_ticket_priority to $priority', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + + logAction("Ticket", "Edit", "$session_name updated the priority on ticket $ticket_prefix$ticket_number - $ticket_subject from $original_ticket_priority to $priority", $client_id, $ticket_id); + + customAction('ticket_update', $ticket_id); + } // End For Each Ticket ID Loop + + logAction("Ticket", " Bulk Edit", "$session_name updated the priority on $ticket_count"); + + flash_alert("You updated the priority for $ticket_count Tickets to $priority"); + } + + redirect(); + +} + +if (isset($_POST['bulk_edit_ticket_category'])) { + + enforceUserPermission('module_support', 2); + + // POST variables + $category_id = intval($_POST['bulk_category']); + + // Assign Tech to Selected Tickets + if (isset($_POST['ticket_ids'])) { + + // Get a Ticket Count + $ticket_count = count($_POST['ticket_ids']); + + foreach ($_POST['ticket_ids'] as $ticket_id) { + $ticket_id = intval($ticket_id); + + $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, category_name, ticket_client_id FROM tickets LEFT JOIN categories ON ticket_category = category_id WHERE ticket_id = $ticket_id"); + $row = mysqli_fetch_assoc($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $previous_ticket_category_name = sanitizeInput($row['category_name']); + $client_id = intval($row['ticket_client_id']); + + // Get Category Name + $category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name')); + + // Update ticket + mysqli_query($mysqli, "UPDATE tickets SET ticket_category = '$category_id' WHERE ticket_id = $ticket_id"); + + logAction("Ticket", "Edit", "$session_name updated the category on ticket $ticket_prefix$ticket_number - $ticket_subject from $previous_category_name to $category_name", $client_id, $ticket_id); + + customAction('ticket_update', $ticket_id); + } // End For Each Ticket ID Loop + + logAction("Ticket", " Bulk Edit", "$session_name updated the category to $category_name on $ticket_count"); + + flash_alert("Category set to $category_name for $ticket_count Tickets"); + } + + redirect(); + +} + +if (isset($_POST['bulk_merge_tickets'])) { + + enforceUserPermission('module_support', 2); + + $merge_into_ticket_number = intval($_POST['merge_into_ticket_number']); // Parent ticket *number* + $merge_comment = sanitizeInput($_POST['merge_comment']); // Merge comment + $ticket_reply_type = 'Internal'; // Default all replies to internal + + // NEW PARENT ticket details + // Get merge into ticket id (as it may differ from the number) + $sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_number = $merge_into_ticket_number"); + if (mysqli_num_rows($sql) == 0) { + flash_alert("Cannot merge into that ticket.", 'error'); + redirect(); + } + $merge_row = mysqli_fetch_assoc($sql); + $merge_into_ticket_id = intval($merge_row['ticket_id']); // Parent ticket ID + + // Update & Close the selected tickets + if (isset($_POST['ticket_ids'])) { + + $ticket_count = count($_POST['ticket_ids']); // Get a ticket count + + foreach ($_POST['ticket_ids'] as $ticket_id) { + $ticket_id = intval($ticket_id); + + if ($ticket_id !== $merge_into_ticket_id) { + + $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); + $row = mysqli_fetch_assoc($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']); + $current_ticket_priority = sanitizeInput($row['ticket_priority']); + $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']); + $client_id = intval($row['ticket_client_id']); + + // Update current ticket + if (empty($ticket_first_response_at)) { + mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id"); + } + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number bulk merged into $ticket_prefix$merge_into_ticket_number. Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '5', ticket_resolved_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli)); + + // Update new parent ticket + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was bulk merged into this ticket with comment: $merge_comment.

$ticket_subject
$ticket_details', ticket_reply_time_worked = '00:01:00', ticket_reply_type = 'Internal', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $merge_into_ticket_id"); + + logAction("Ticket", "Merged", "$session_name Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number", $client_id, $ticket_id); + + // Custom action/notif handler + customAction('ticket_merge', $ticket_id); + + } + } // End For Each Ticket ID Loop + + mysqli_query($mysqli, "UPDATE tickets SET ticket_updated_at = NOW() WHERE ticket_id = $merge_into_ticket_id"); + + flash_alert("$ticket_count tickets merged into $ticket_prefix$merge_into_ticket_number"); + + } + + redirect(); + +} + +if (isset($_POST['bulk_resolve_tickets'])) { + + enforceUserPermission('module_support', 2); + + // POST variables + $details = mysqli_escape_string($mysqli, $_POST['bulk_details']); + $ticket_reply_time_worked = sanitizeInput($_POST['time']); + $private_note = intval($_POST['bulk_private_note']); + if ($private_note == 1) { + $ticket_reply_type = 'Internal'; + } else { + $ticket_reply_type = 'Public'; + } + + // Resolve Selected Tickets + if (isset($_POST['ticket_ids'])) { + + // Intitialze the counts before the loop + $ticket_count = 0; + $skipped_count = 0; + + foreach ($_POST['ticket_ids'] as $ticket_id) { + $ticket_id = intval($ticket_id); + + // Check to make sure Tasks are complete before resolving + $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('task_id') AS num FROM tasks WHERE task_completed_at IS NULL AND task_ticket_id = $ticket_id")); + $num_of_open_tasks = $row['num']; + + if ($num_of_open_tasks == 0) { + // Count the Ticket Loop + $ticket_count++; + + $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); + $row = mysqli_fetch_assoc($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $current_ticket_priority = sanitizeInput($row['ticket_priority']); + $url_key = sanitizeInput($row['ticket_url_key']); + $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']); + $client_id = intval($row['ticket_client_id']); + + // Mark FR time if required + if (empty($ticket_first_response_at)) { + mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id"); + } + + // Update ticket & insert reply + mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 4, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id"); + + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$details', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + + logAction("Ticket", "Resolve", "$session_name resolved $ticket_prefix$ticket_number - $ticket_subject", $client_id, $ticket_id); + + customAction('ticket_resolve', $ticket_id); + + // Client notification email + if ((!empty($config_smtp_host) || !empty($config_smtp_provider)) && $config_ticket_client_general_notifications == 1 && $private_note == 0) { + + // Get Contact details + $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email FROM tickets + LEFT JOIN contacts ON ticket_contact_id = contact_id + WHERE ticket_id = $ticket_id + "); + $row = mysqli_fetch_assoc($ticket_sql); + + $contact_name = sanitizeInput($row['contact_name']); + $contact_email = sanitizeInput($row['contact_email']); + + // Sanitize Config vars from get_settings.php + $from_name = sanitizeInput($config_ticket_from_name); + $from_email = sanitizeInput($config_ticket_from_email); + $base_url = sanitizeInput($config_base_url); + + // Get Company Info + $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); + $row = mysqli_fetch_assoc($sql); + $company_name = sanitizeInput($row['company_name']); + $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); + + // EMAIL + $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)"; + $body = "##- Please type your reply above this line -##

Hello $contact_name,

Your ticket regarding \"$ticket_subject\" has been marked as solved and is pending closure.

$details

If your request/issue is resolved, you can simply ignore this email. If you need further assistance, please reply or re-open to let us know!

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Portal: https://$base_url/client/ticket.php?id=$ticket_id

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + + // Check email valid + if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { + + $data = []; + + // Email Ticket Contact + // Queue Mail + + $data[] = [ + 'from' => $from_email, + 'from_name' => $from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => $subject, + 'body' => $body + ]; + } + + // Also Email all the watchers + $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); + $body .= "

----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET"; + while ($row = mysqli_fetch_assoc($sql_watchers)) { + $watcher_email = sanitizeInput($row['watcher_email']); + + // Queue Mail + $data[] = [ + 'from' => $from_email, + 'from_name' => $from_name, + 'recipient' => $watcher_email, + 'recipient_name' => $watcher_email, + 'subject' => $subject, + 'body' => $body + ]; + } + addToMailQueue($data); + } // End Mail IF + } else { + $skipped_count++; + } // End Task Check + } // End Loop + } // End Array Empty Check + + flash_alert("Resolved $ticket_count Tickets"); + + if ($skipped_count > 0) { + flash_alert("Resolved $ticket_count Tickets $skipped_count ticket(s) could not be resolved because they have open tasks.", 'info'); + } + + redirect(); + +} + +if (isset($_POST['bulk_ticket_reply'])) { + + enforceUserPermission('module_support', 2); + + // POST variables + $ticket_reply = mysqli_escape_string($mysqli, $_POST['bulk_reply_details']); + $ticket_status = intval($_POST['bulk_status']); + $ticket_reply_time_worked = sanitizeInput($_POST['time']); + $private_note = intval($_POST['bulk_private_reply']); + if ($private_note == 1) { + $ticket_reply_type = 'Internal'; + } else { + $ticket_reply_type = 'Public'; + } + + // Loop Through Tickets and Add Reply along with Email notifications + if (isset($_POST['ticket_ids'])) { + + // Get a Ticket Count + $ticket_count = count($_POST['ticket_ids']); + + foreach ($_POST['ticket_ids'] as $ticket_id) { + $ticket_id = intval($ticket_id); + + $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); + $row = mysqli_fetch_assoc($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $current_ticket_priority = sanitizeInput($row['ticket_priority']); + $url_key = sanitizeInput($row['ticket_url_key']); + $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']); + $client_id = intval($row['ticket_client_id']); + + if ($client_id) { + $client_uri = "&client_id=$client_id"; + } else { + $client_uri = ''; + } + + // Mark FR time if required + if (empty($ticket_first_response_at)) { + mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id"); + } + + // Add reply + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + + $ticket_reply_id = mysqli_insert_id($mysqli); + + // Update Ticket Status + mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '$ticket_status' WHERE ticket_id = $ticket_id"); + + logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id); + + // Custom action/notif handler + if ($ticket_reply_type == 'Internal') { + customAction('ticket_reply_agent_internal', $ticket_id); + } else { + customAction('reply_reply_agent_public', $ticket_id); + } + + // Resolve the ticket, if set + if ($ticket_status == 4) { + mysqli_query($mysqli, "UPDATE tickets SET ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id"); + + // Logging + logAction("Ticket", "Resolved", "$session_name resolved Ticket $ticket_prefix$ticket_number", $client_id, $ticket_id); + + customAction('ticket_resolve', $ticket_id); + } + + // Get Contact Details + $sql = mysqli_query( + $mysqli, + "SELECT contact_name, contact_email, ticket_created_by, ticket_assigned_to + FROM tickets + LEFT JOIN contacts ON ticket_contact_id = contact_id + WHERE ticket_id = $ticket_id" + ); + + $row = mysqli_fetch_assoc($sql); + + $contact_name = sanitizeInput($row['contact_name']); + $contact_email = sanitizeInput($row['contact_email']); + $ticket_created_by = intval($row['ticket_created_by']); + $ticket_assigned_to = intval($row['ticket_assigned_to']); + + // Sanitize Config vars from get_settings.php + $from_name = sanitizeInput($config_ticket_from_name); + $from_email = sanitizeInput($config_ticket_from_email); + $base_url = sanitizeInput($config_base_url); + + $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); + $row = mysqli_fetch_assoc($sql); + $company_name = sanitizeInput($row['company_name']); + $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); + + // Send e-mail to client if public update & email is set up + if ($private_note == 0 && (!empty($config_smtp_host) || !empty($config_smtp_provider))) { + + $subject = "Ticket update - [$ticket_prefix$ticket_number] - $ticket_subject"; + $body = "##- Please type your reply above this line -##

Hello $contact_name,

Your ticket regarding $ticket_subject has been updated.

--------------------------------
$ticket_reply
--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status_name
Portal: View ticket

--
$company_name - Support
$from_email
$company_phone"; + + if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { + + $data = []; + + // Email Ticket Contact + // Queue Mail + $data[] = [ + 'from' => $from_email, + 'from_name' => $from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => $subject, + 'body' => $body + ]; + + } + + // Also Email all the watchers + $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); + $body .= "

----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET"; + while ($row = mysqli_fetch_assoc($sql_watchers)) { + $watcher_email = sanitizeInput($row['watcher_email']); + + // Queue Mail + $data[] = [ + 'from' => $from_email, + 'from_name' => $from_name, + 'recipient' => $watcher_email, + 'recipient_name' => $watcher_email, + 'subject' => $subject, + 'body' => $body + ]; + } + addToMailQueue($data); + } //End Mail IF + + // Notification for assigned ticket user + if ($session_user_id != $ticket_assigned_to && $ticket_assigned_to != 0) { + + mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name updated Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject that is assigned to you', notification_action = '/agent/ticket.php?ticket_id=$ticket_id$client_uri', notification_client_id = $client_id, notification_user_id = $ticket_assigned_to"); + } + + // Notification for user that opened the ticket + if ($session_user_id != $ticket_created_by && $ticket_created_by != 0) { + + mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name updated Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject that you opened', notification_action = '/agent/ticket.php?ticket_id=$ticket_id$client_uri', notification_client_id = $client_id, notification_user_id = $ticket_created_by"); + } + } // End Ticket Lopp + + } + + flash_alert("Updated $ticket_count tickets"); + + redirect(); + +} + + +// Currently not UI Frontend for this +if (isset($_POST['bulk_add_ticket_project'])) { + + enforceUserPermission('module_support', 2); + + // POST variables + $project_id = intval($_POST['project_id']); + + // Get Project Name + $sql = mysqli_query($mysqli, "SELECT project_name FROM projects WHERE project_id = $project_id"); + $row = mysqli_fetch_assoc($sql); + $project_name = sanitizeInput($row['project_name']); + + // Assign Project to Selected Tickets + if (isset($_POST['ticket_ids'])) { + + // Get a Ticket Count + $ticket_count = count($_POST['ticket_ids']); + + foreach ($_POST['ticket_ids'] as $ticket_id) { + $ticket_id = intval($ticket_id); + + $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); + $row = mysqli_fetch_assoc($sql); + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $current_ticket_priority = sanitizeInput($row['ticket_priority']); + $client_id = intval($row['ticket_client_id']); + + // Update ticket & insert reply + mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id"); + + logAction("Ticket", "Reply", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $ticket_id); + + + } // End For Each Ticket ID Loop + + flash_alert("$ticket_count Tickets added to Project $project_name"); + + } + + redirect(); + +} + +if (isset($_POST['bulk_add_asset_ticket'])) { + + validateCSRFToken($_POST['csrf_token']); + + enforceUserPermission('module_support', 2); + + $assigned_to = intval($_POST['bulk_assigned_to']); + if ($assigned_to == 0) { + $ticket_status = 1; + } else { + $ticket_status = 2; + } + $subject = sanitizeInput($_POST['bulk_subject']); + $priority = sanitizeInput($_POST['bulk_priority']); + $category_id = intval($_POST['bulk_category']); + $details = mysqli_real_escape_string($mysqli, $_POST['bulk_details']); + $project_id = intval($_POST['bulk_project']); + $use_primary_contact = intval($_POST['use_primary_contact']); + $ticket_template_id = intval($_POST['bulk_ticket_template_id']); + $billable = intval($_POST['bulk_billable'] ?? 0); + + // Check to see if adding a ticket by template + if($ticket_template_id) { + $sql = mysqli_query($mysqli, "SELECT * FROM ticket_templates WHERE ticket_template_id = $ticket_template_id"); + $row = mysqli_fetch_assoc($sql); + + // Override Template Subject + if(empty($subject)) { + $subject = sanitizeInput($row['ticket_template_subject']); + } + $details = mysqli_escape_string($mysqli, $row['ticket_template_details']); + + // Get Associated Tasks from the ticket template + $sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id"); + + } + + // Create ticket for each selected asset + if (isset($_POST['asset_ids'])) { + + // Get a Asset Count + $asset_count = count($_POST['asset_ids']); + + foreach ($_POST['asset_ids'] as $asset_id) { + $asset_id = intval($asset_id); + + $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id"); + $row = mysqli_fetch_assoc($sql); + + $asset_name = sanitizeInput($row['asset_name']); + $client_id = intval($row['asset_client_id']); + + $subject_asset_prepended = "$asset_name - $subject"; + + // Atomically increment and get the new ticket number + mysqli_query($mysqli, " + UPDATE settings + SET + config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number), + config_ticket_next_number = config_ticket_next_number + 1 + WHERE company_id = 1 + "); + + $ticket_number = mysqli_insert_id($mysqli); + + // Sanitize Config Vars from get_settings.php and Session Vars from check_login.php + $config_ticket_prefix = sanitizeInput($config_ticket_prefix); + $config_ticket_from_name = sanitizeInput($config_ticket_from_name); + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $config_base_url = sanitizeInput($config_base_url); + + //Generate a unique URL key for clients to access + $url_key = randomString(32); + + mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject_asset_prepended', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id"); + + $ticket_id = mysqli_insert_id($mysqli); + + // Add Tasks + if (!empty($_POST['tasks'])) { + foreach ($_POST['tasks'] as $task) { + $task_name = sanitizeInput($task); + // Check that task_name is not-empty (For some reason the !empty on the array doesnt work here like in watchers) + if (!empty($task_name)) { + mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_ticket_id = $ticket_id"); + } + } + } + + // Add Tasks from Template if Template was selected + if($ticket_template_id) { + if (mysqli_num_rows($sql_task_templates) > 0) { + while ($row = mysqli_fetch_assoc($sql_task_templates)) { + $task_order = intval($row['task_template_order']); + $task_name = sanitizeInput($row['task_template_name']); + + mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_order = $task_order, task_ticket_id = $ticket_id"); + } + } + } + + // Custom action/notif handler + customAction('ticket_create', $ticket_id); + } + + logAction("Ticket", "Bulk Create", "$session_name created $asset_count tickets for $asset_count"); + + flash_alert("You created $asset_count tickets for the selected assets"); + + } + + redirect(); + +} + +if (isset($_POST['add_ticket_reply'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_POST['ticket_id']); + $ticket_reply = $_POST['ticket_reply']; // Reply is SQL escaped below + $ticket_status = intval($_POST['status']); + $client_id = intval($_POST['client_id']); + + // Time tracking, inputs & combine into string + $hours = intval($_POST['hours']); + $minutes = intval($_POST['minutes']); + $seconds = intval($_POST['seconds']); + $ticket_reply_time_worked = sanitizeInput(sprintf("%02d:%02d:%02d", $hours, $minutes, $seconds)); + + // Defaults + $send_email = 0; + $ticket_reply_id = 0; + if ($_POST['public_reply_type'] == 1 ){ + $ticket_reply_type = 'Public'; + } elseif ($_POST['public_reply_type'] == 2 ) { + $ticket_reply_type = 'Public'; + $send_email = 1; + } else { + $ticket_reply_type = 'Internal'; + } + // Add Signature to the end of the ticket reply if not Internal and if there is reply + if ($ticket_reply !== '' && $ticket_reply_type !== 'Internal' && $send_email == 1) { + $ticket_reply .= getFieldById('user_settings',$session_user_id,'user_config_signature', 'raw'); + } + + $ticket_reply = mysqli_escape_string($mysqli, $ticket_reply); // SQL Escape Ticket Reply + + // Update Ticket Status & updated at (in case status didn't change) + mysqli_query($mysqli, "UPDATE tickets SET ticket_status = $ticket_status, ticket_updated_at = NOW() WHERE ticket_id = $ticket_id"); + + // Resolve the ticket, if set + if ($ticket_status == 4) { + mysqli_query($mysqli, "UPDATE tickets SET ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id"); + + logAction("Ticket", "Resolved", "$session_name resolved Ticket ticket ID $ticket_id", $client_id, $ticket_id); + } + + // Process reply actions, if we have a reply to work with (e.g. we're not just editing the status) + if (!empty($ticket_reply)) { + + // Add reply + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + + $ticket_reply_id = mysqli_insert_id($mysqli); + + // Get Ticket Details + $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status, ticket_status_name, ticket_url_key, ticket_first_response_at, ticket_created_by, ticket_assigned_to, ticket_client_id + FROM tickets + LEFT JOIN clients ON ticket_client_id = client_id + LEFT JOIN contacts ON ticket_contact_id = contact_id + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE ticket_id = $ticket_id + "); + + $row = mysqli_fetch_assoc($ticket_sql); + + $contact_name = sanitizeInput($row['contact_name']); + $contact_email = sanitizeInput($row['contact_email']); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $ticket_status = intval($row['ticket_status']); + $ticket_status_name = sanitizeInput($row['ticket_status_name']); + $url_key = sanitizeInput($row['ticket_url_key']); + $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']); + $ticket_created_by = intval($row['ticket_created_by']); + $ticket_assigned_to = intval($row['ticket_assigned_to']); + $client_id = intval($row['ticket_client_id']); + + if ($client_id) { + $client_uri = "&client_id=$client_id"; + } else { + $client_uri = ''; + } + + // Sanitize Config vars from get_settings.php + $config_ticket_from_name = sanitizeInput($config_ticket_from_name); + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $config_base_url = sanitizeInput($config_base_url); + + $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); + $row = mysqli_fetch_assoc($sql); + $company_name = sanitizeInput($row['company_name']); + $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); + + // Send e-mail to client if public update & email is set up + if ($ticket_reply_type == 'Public' && $send_email == 1 && (!empty($config_smtp_host) || !empty($config_smtp_provider))) { + + // Slightly different email subject/text depending on if this update set auto-close + + if ($ticket_status == 4) { + // Resolved + $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)"; + $body = "##- Please type your reply above this line -##

Hello $contact_name,

Your ticket regarding $ticket_subject has been marked as solved and is pending closure.

--------------------------------
$ticket_reply
--------------------------------

If your request/issue is resolved, you can simply ignore this email. If you need further assistance, please reply or re-open to let us know!

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status_name
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + } else { + // Anything else + $subject = "Ticket update - [$ticket_prefix$ticket_number] - $ticket_subject"; + $body = "##- Please type your reply above this line -##

Hello $contact_name,

Your ticket regarding $ticket_subject has been updated.

--------------------------------
$ticket_reply
--------------------------------

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status_name
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + } + + if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { + + $data = []; + + // Email Ticket Contact + // Queue Mail + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => $subject, + 'body' => $body + ]; + } + + // Also Email all the watchers + $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); + $body .= "

----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET"; + while ($row = mysqli_fetch_assoc($sql_watchers)) { + $watcher_email = sanitizeInput($row['watcher_email']); + + // Queue Mail + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $watcher_email, + 'recipient_name' => $watcher_email, + 'subject' => $subject, + 'body' => $body + ]; + } + addToMailQueue($data); + + } + //End Mail IF + + // Notification for assigned ticket user + if ($session_user_id != $ticket_assigned_to && $ticket_assigned_to != 0) { + mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name updated Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject that is assigned to you', notification_action = '/agent/ticket.php?ticket_id=$ticket_id$client_uri', notification_client_id = $client_id, notification_user_id = $ticket_assigned_to"); + } + + // Notification for user that opened the ticket + if ($session_user_id != $ticket_created_by && $ticket_created_by != 0) { + mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name updated Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject that you opened', notification_action = '/agent/ticket.php?ticket_id=$ticket_id$client_uri', notification_client_id = $client_id, notification_user_id = $ticket_created_by"); + } + + // Handle first response + if (empty($ticket_first_response_at) && $ticket_reply_type == 'Public') { + mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id"); + } + + // Custom action/notif handler + if ($ticket_reply_type == 'Internal') { + customAction('ticket_reply_agent_internal', $ticket_id); + } else { + customAction('reply_reply_agent_public', $ticket_id); + } + + flash_alert("Ticket $ticket_prefix$ticket_number has been updated with your reply and was $ticket_reply_type"); + + } else { + flash_alert("Ticket updated"); + } + + logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id); + + redirect(); + +} + +if (isset($_POST['edit_ticket_reply'])) { + + enforceUserPermission('module_support', 2); + + $ticket_reply_id = intval($_POST['ticket_reply_id']); + $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']); + $ticket_reply_type = sanitizeInput($_POST['ticket_reply_type']); + $ticket_reply_time_worked = sanitizeInput($_POST['time']); + + $client_id = intval($_POST['client_id']); + + mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_type != 'Client'") or die(mysqli_error($mysqli)); + + logAction("Ticket", "Reply", "$session_name edited ticket_reply", $client_id, $ticket_reply_id); + + flash_alert("Ticket reply updated"); + + redirect(); + +} + +if (isset($_POST['redact_ticket_reply'])) { + + enforceUserPermission('module_support', 2); + + $ticket_reply_id = intval($_POST['ticket_reply_id']); + $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']); + + $client_id = intval($_POST['client_id']); + + mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id"); + + logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id); + + flash_alert("Ticket reply redacted"); + + redirect(); + +} + +if (isset($_GET['archive_ticket_reply'])) { + + enforceUserPermission('module_support', 2); + + $ticket_reply_id = intval($_GET['archive_ticket_reply']); + + mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_archived_at = NOW() WHERE ticket_reply_id = $ticket_reply_id"); + + logAction("Ticket Reply", "Archive", "$session_name archived ticket_reply", 0, $ticket_reply_id); + + flash_alert("Ticket reply archived", 'error'); + + redirect(); + +} + +if (isset($_POST['merge_ticket'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_POST['ticket_id']); // Child ticket ID to be closed + $merge_into_ticket_number = intval($_POST['merge_into_ticket_number']); // Parent ticket *number* + $merge_comment = sanitizeInput($_POST['merge_comment']); // Merge comment + $move_replies = intval($_POST['merge_move_replies']); // Whether to move replies to the new parent ticket + $ticket_reply_type = 'Internal'; // Default all replies to internal + + // Get current ticket details + $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets WHERE ticket_id = $ticket_id"); + if (mysqli_num_rows($sql) == 0) { + flash_alert("No ticket with that ID found.", 'error'); + redirect(); + } + // CURRENT ticket details + $row = mysqli_fetch_assoc($sql); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']); + $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']); + + // NEW PARENT ticket details + // Get merge into ticket id (as it may differ from the number) + $sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_client_id FROM tickets WHERE ticket_number = $merge_into_ticket_number"); + if (mysqli_num_rows($sql) == 0) { + flash_alert("Cannot merge into that ticket.", 'error'); + redirect(); + } + $merge_row = mysqli_fetch_assoc($sql); + $merge_into_ticket_id = intval($merge_row['ticket_id']); + $client_id = intval($merge_row['ticket_client_id']); + if ($client_id) { + $has_client = "&client_id=$client_id"; + } else { + $has_client = ""; + } + // Sanity check + if ($ticket_number == $merge_into_ticket_number) { + flash_alert("Cannot merge into the same ticket.", 'error'); + redirect(); + } + + // Move ticket replies from child > parent + if ($move_replies) { + mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_ticket_id = $merge_into_ticket_id WHERE ticket_reply_ticket_id = $ticket_id"); + } + + // Update current ticket + if (empty($ticket_first_response_at)) { + mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id"); + } + + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number merged into $ticket_prefix$merge_into_ticket_number. Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + + mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '5', ticket_resolved_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli)); + + //Update new parent ticket + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was merged into this ticket with comment: $merge_comment.

$ticket_subject
$ticket_details', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $merge_into_ticket_id"); + + mysqli_query($mysqli, "UPDATE tickets SET ticket_updated_at = NOW() WHERE ticket_id = $merge_into_ticket_id"); + + logAction("Ticket", "Merged", "$session_name Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number"); + + customAction('ticket_merge', $ticket_id); + + flash_alert("Ticket merged into $ticket_prefix$merge_into_ticket_number"); + + redirect("ticket.php?ticket_id=$merge_into_ticket_id$has_client"); + +} + +if (isset($_POST['change_client_ticket'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_POST['ticket_id']); + $client_id = intval($_POST['new_client_id']); + $contact_id = intval($_POST['new_contact_id']); + + // Set any/all existing replies to internal + mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_type = 'Internal' WHERE ticket_reply_ticket_id = $ticket_id"); + + // Update ticket client & contact + mysqli_query($mysqli, "UPDATE tickets SET ticket_client_id = $client_id, ticket_contact_id = $contact_id WHERE ticket_id = $ticket_id LIMIT 1"); + + logAction("Ticket", "Change", "$session_name changed ticket client", $client_id, $ticket_id); + + customAction('ticket_update', $ticket_id); + + flash_alert("Ticket client updated"); + + redirect(); + +} + +if (isset($_GET['resolve_ticket'])) { + + validateCSRFToken($_GET['csrf_token']); + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_GET['resolve_ticket']); + + $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); + $row = mysqli_fetch_assoc($sql); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']); + + // Mark FR + if (empty($ticket_first_response_at)) { + mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id"); + } + + // Resolve + mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 4, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id"); + + logAction("Ticket", "Resolved", "$session_name resolved ticket $ticket_prefix$ticket_number (ID: $ticket_id)", 0, $ticket_id); + + customAction('ticket_resolve', $ticket_id); + + // Client notification email + if ((!empty($config_smtp_host) || !empty($config_smtp_provider)) && $config_ticket_client_general_notifications == 1) { + + // Get details + $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status_name, ticket_assigned_to, ticket_url_key, ticket_client_id FROM tickets + LEFT JOIN clients ON ticket_client_id = client_id + LEFT JOIN contacts ON ticket_contact_id = contact_id + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + WHERE ticket_id = $ticket_id + "); + $row = mysqli_fetch_assoc($ticket_sql); + + $contact_name = sanitizeInput($row['contact_name']); + $contact_email = sanitizeInput($row['contact_email']); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $client_id = intval($row['ticket_client_id']); + $ticket_assigned_to = intval($row['ticket_assigned_to']); + $ticket_status = sanitizeInput($row['ticket_status_name']); + $url_key = sanitizeInput($row['ticket_url_key']); + + // Sanitize Config vars from get_settings.php + $config_ticket_from_name = sanitizeInput($config_ticket_from_name); + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $config_base_url = sanitizeInput($config_base_url); + + // Get Company Info + $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); + $row = mysqli_fetch_assoc($sql); + $company_name = sanitizeInput($row['company_name']); + $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); + + // EMAIL + $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)"; + $body = "##- Please type your reply above this line -##

Hello $contact_name,

Your ticket regarding $ticket_subject has been marked as solved and is pending closure.

If your request/issue is resolved, you can simply ignore this email. If you need further assistance, please reply or re-open to let us know!

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + + // Check email valid + if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { + + $data = []; + + // Email Ticket Contact + // Queue Mail + + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => $subject, + 'body' => $body + ]; + } + + // Also Email all the watchers + $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); + $body .= "

----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET"; + while ($row = mysqli_fetch_assoc($sql_watchers)) { + $watcher_email = sanitizeInput($row['watcher_email']); + + // Queue Mail + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $watcher_email, + 'recipient_name' => $watcher_email, + 'subject' => $subject, + 'body' => $body + ]; + } + addToMailQueue($data); + } + //End Mail IF + + flash_alert("Ticket resolved"); + + redirect(); + +} + +if (isset($_GET['close_ticket'])) { + + validateCSRFToken($_GET['csrf_token']); + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_GET['close_ticket']); + + mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 5, ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli)); + + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + + logAction("Ticket", "Closed", "$session_name closed ticket ID $ticket_id", 0, $ticket_id); + + customAction('ticket_close', $ticket_id); + + // Client notification email + if ((!empty($config_smtp_host) || !empty($config_smtp_provider)) && $config_ticket_client_general_notifications == 1) { + + // Get details + $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_url_key FROM tickets + LEFT JOIN clients ON ticket_client_id = client_id + LEFT JOIN contacts ON ticket_contact_id = contact_id + WHERE ticket_id = $ticket_id + "); + $row = mysqli_fetch_assoc($ticket_sql); + + $contact_name = sanitizeInput($row['contact_name']); + $contact_email = sanitizeInput($row['contact_email']); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $url_key = sanitizeInput($row['ticket_url_key']); + + // Sanitize Config vars from get_settings.php + $config_ticket_from_name = sanitizeInput($config_ticket_from_name); + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $config_base_url = sanitizeInput($config_base_url); + + // Get Company Info + $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"); + $row = mysqli_fetch_assoc($sql); + $company_name = sanitizeInput($row['company_name']); + $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code'])); + + // EMAIL + $subject = "Ticket closed - [$ticket_prefix$ticket_number] - $ticket_subject | (do not reply)"; + $body = "Hello $contact_name,

Your ticket regarding \"$ticket_subject\" has been closed.

We hope the request/issue was resolved to your satisfaction, please provide your feedback here.
If you need further assistance, please raise a new ticket using the below details. Please do not reply to this email.

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Portal: https://$config_base_url/client/ticket.php?id=$ticket_id

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + + // Check email valid + if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) { + + $data = []; + + // Email Ticket Contact + // Queue Mail + + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => $subject, + 'body' => $body + ]; + } + + // Also Email all the watchers + $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); + $body .= "

----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET"; + while ($row = mysqli_fetch_assoc($sql_watchers)) { + $watcher_email = sanitizeInput($row['watcher_email']); + + // Queue Mail + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $watcher_email, + 'recipient_name' => $watcher_email, + 'subject' => $subject, + 'body' => $body + ]; + } + addToMailQueue($data); + } + //End Mail IF + + flash_alert("Ticket Closed, this cannot not be reopened but you may start another one"); + + redirect(); + +} + +if (isset($_GET['reopen_ticket'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_GET['reopen_ticket']); + + mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 2, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id"); + + logAction("Ticket", "Reopened", "$session_name reopened ticket ID $ticket_id", 0, $ticket_id); + + customAction('ticket_update', $ticket_id); + + flash_alert("Ticket re-opened"); + + redirect(); + +} + +if (isset($_POST['add_invoice_from_ticket'])) { + + enforceUserPermission('module_support', 2); + enforceUserPermission('module_sales', 2); + + $invoice_id = intval($_POST['invoice_id']); + $ticket_id = intval($_POST['ticket_id']); + $date = sanitizeInput($_POST['date']); + $category = intval($_POST['category']); + $scope = sanitizeInput($_POST['scope']); + + $sql = mysqli_query( + $mysqli, + "SELECT * FROM tickets + LEFT JOIN clients ON ticket_client_id = client_id + LEFT JOIN contacts ON ticket_contact_id = contact_id + LEFT JOIN assets ON ticket_asset_id = asset_id + LEFT JOIN locations ON ticket_location_id = location_id + WHERE ticket_id = $ticket_id" + ); + + $row = mysqli_fetch_assoc($sql); + $client_id = intval($row['client_id']); + $client_net_terms = intval($row['client_net_terms']); + if ($client_net_terms == 0) { + $client_net_terms = $config_default_net_terms; + } + + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_category = sanitizeInput($row['ticket_category']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $ticket_created_at = sanitizeInput($row['ticket_created_at']); + $ticket_updated_at = sanitizeInput($row['ticket_updated_at']); + $ticket_closed_at = sanitizeInput($row['ticket_closed_at']); + + $contact_id = intval($row['contact_id']); + $contact_name = sanitizeInput($row['contact_name']); + $contact_email = sanitizeInput($row['contact_email']); + + $asset_id = intval($row['asset_id']); + + $location_name = sanitizeInput($row['location_name']); + + if ($invoice_id == 0) { + + $invoice_prefix = sanitizeInput($config_invoice_prefix); + + // Atomically increment and get the new invoice number + mysqli_query($mysqli, " + UPDATE settings + SET + config_invoice_next_number = LAST_INSERT_ID(config_invoice_next_number), + config_invoice_next_number = config_invoice_next_number + 1 + WHERE company_id = 1 + "); + + $invoice_number = mysqli_insert_id($mysqli); + + //Generate a unique URL key for clients to access + $url_key = randomString(32); + + mysqli_query($mysqli, "INSERT INTO invoices SET invoice_prefix = '$config_invoice_prefix', invoice_number = $invoice_number, invoice_scope = '$scope', invoice_date = '$date', invoice_due = DATE_ADD('$date', INTERVAL $client_net_terms day), invoice_currency_code = '$session_company_currency', invoice_category_id = $category, invoice_status = 'Draft', invoice_url_key = '$url_key', invoice_client_id = $client_id"); + $invoice_id = mysqli_insert_id($mysqli); + } else { + $sql_invoice = mysqli_query($mysqli, "SELECT invoice_prefix, invoice_number FROM invoices WHERE invoice_id = $invoice_id"); + $row = mysqli_fetch_assoc($sql_invoice); + $invoice_prefix = sanitizeInput($row['invoice_prefix']); + $invoice_number = intval($row['invoice_number']); + } + + //Add Item + $item_name = sanitizeInput($_POST['item_name']); + $item_description = sanitizeInput($_POST['item_description']); + $qty = floatval($_POST['qty']); + $price = floatval($_POST['price']); + $tax_id = intval($_POST['tax_id']); + + $subtotal = $price * $qty; + + if ($tax_id > 0) { + $sql = mysqli_query($mysqli, "SELECT * FROM taxes WHERE tax_id = $tax_id"); + $row = mysqli_fetch_assoc($sql); + $tax_percent = floatval($row['tax_percent']); + $tax_amount = $subtotal * $tax_percent / 100; + } else { + $tax_amount = 0; + } + + $total = $subtotal + $tax_amount; + + mysqli_query($mysqli, "INSERT INTO invoice_items SET item_name = '$item_name', item_description = '$item_description', item_quantity = $qty, item_price = $price, item_subtotal = $subtotal, item_tax = $tax_amount, item_total = $total, item_order = 1, item_tax_id = $tax_id, item_invoice_id = $invoice_id"); + + //Update Invoice Balances + + $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = $invoice_id"); + $row = mysqli_fetch_assoc($sql); + + $new_invoice_amount = floatval($row['invoice_amount']) + $total; + + mysqli_query($mysqli, "UPDATE invoices SET invoice_amount = $new_invoice_amount WHERE invoice_id = $invoice_id"); + + mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Draft', history_description = 'Invoice created from Ticket $ticket_prefix$ticket_number', history_invoice_id = $invoice_id"); + + // Add internal note to ticket, and link to invoice in database + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Created invoice $config_invoice_prefix$invoice_number for this ticket.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + + mysqli_query($mysqli, "UPDATE tickets SET ticket_invoice_id = $invoice_id WHERE ticket_id = $ticket_id"); + + logAction("Invoice", "Create", "$session_name created invoice $invoice_prefix$invoice_number from Ticket $ticket_prefix$ticket_number", $client_id, $invoice_id); + + flash_alert("Invoice $invoice_prefix$invoice_number created from ticket"); + + redirect("invoice.php?invoice_id=$invoice_id"); + +} + +if (isset($_POST['export_tickets_csv'])) { + + enforceUserPermission('module_support', 2); + + if ($_POST['client_id']) { + $client_id = intval($_POST['client_id']); + $client_query = "WHERE ticket_client_id = $client_id"; + $client_name = getFieldById('clients', $client_id, 'client_name'); + $file_name_prepend = "$client_name-"; + } else { + $client_query = ''; + $client_name = ''; + $file_name_prepend = "$session_company_name-"; + } + + $sql = mysqli_query( + $mysqli, + "SELECT * FROM tickets + LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id + $client_query ORDER BY ticket_number ASC" + ); + + if ($sql->num_rows > 0) { + $delimiter = ","; + $enclosure = '"'; + $escape = '\\'; // backslash + $filename = sanitize_filename($file_name_prepend . "Tickets-" . date('Y-m-d_H-i-s') . ".csv"); + + //create a file pointer + $f = fopen('php://memory', 'w'); + + //set column headers + $fields = array('Ticket Number', 'Priority', 'Status', 'Subject', 'Date Opened', 'Date Resolved', 'Date Closed'); + fputcsv($f, $fields, $delimiter, $enclosure, $escape); + + //output each row of the data, format line as csv and write to file pointer + while ($row = $sql->fetch_assoc()) { + $lineData = array($config_ticket_prefix . $row['ticket_number'], $row['ticket_priority'], $row['ticket_status_name'], $row['ticket_subject'], $row['ticket_created_at'], $row['ticket_resolved_at'], $row['ticket_closed_at']); + fputcsv($f, $lineData, $delimiter, $enclosure, $escape); + } + + //move back to beginning of file + fseek($f, 0); + + //set headers to download file rather than displayed + header('Content-Type: text/csv'); + header('Content-Disposition: attachment; filename="' . $filename . '";'); + + //output all remaining data on a file pointer + fpassthru($f); + } + exit; + +} + +if (isset($_POST['edit_ticket_billable_status'])) { + + enforceUserPermission('module_support', 2); + enforceUserPermission('module_sales', 2); + + $ticket_id = intval($_POST['ticket_id']); + $billable_status = intval($_POST['billable_status']); + if ($billable_status == 0 ) { + $billable_wording = "Not"; + } + + // Get ticket details for logging + $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_client_id FROM tickets WHERE ticket_id = $ticket_id"); + $row = mysqli_fetch_assoc($sql); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $client_id = intval($row['ticket_client_id']); + + mysqli_query($mysqli,"UPDATE tickets SET ticket_billable = $billable_status WHERE ticket_id = $ticket_id"); + + logAction("Ticket", "Edit", "$session_name marked ticket $ticket_prefix$ticket_number as $billable_wording Billable", $client_id, $ticket_id); + + flash_alert("Ticket marked $billable_wording Billable"); + + redirect(); + +} + +if (isset($_POST['edit_ticket_schedule'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_POST['ticket_id']); + $onsite = intval($_POST['onsite']); + $schedule = sanitizeInput($_POST['scheduled_date_time']); + $ticket_link = "client/ticket.php?id=$ticket_id"; + $full_ticket_url = "https://$config_base_url/client/ticket.php?id=$ticket_id"; + $ticket_link_html = "$ticket_link"; + + mysqli_query($mysqli,"UPDATE tickets + SET ticket_schedule = '$schedule', ticket_onsite = $onsite + WHERE ticket_id = $ticket_id" + ); + + + // Check for other conflicting scheduled items based on 2 hr window + //TODO make this configurable + $start = date('Y-m-d H:i:s', strtotime($schedule) - 7200); + $end = date('Y-m-d H:i:s', strtotime($schedule) + 7200); + $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_schedule BETWEEN '$start' AND '$end' AND ticket_id != $ticket_id"); + if (mysqli_num_rows($sql) > 0) { + $conflicting_tickets = []; + while ($row = mysqli_fetch_assoc($sql)) { + $conflicting_tickets[] = $row['ticket_id'] . " - " . $row['ticket_subject'] . " @ " . $row['ticket_schedule']; + } + } + $sql = mysqli_query($mysqli, "SELECT * FROM tickets + LEFT JOIN clients ON ticket_client_id = client_id + LEFT JOIN contacts ON ticket_contact_id = contact_id + LEFT JOIN locations on contact_location_id = location_id + LEFT JOIN users ON ticket_assigned_to = user_id + WHERE ticket_id = $ticket_id + "); + + $row = mysqli_fetch_assoc($sql); + + $client_id = intval($row['ticket_client_id']); + $client_name = sanitizeInput($row['client_name']); + $ticket_details = sanitizeInput($row['ticket_details']); + $contact_name = sanitizeInput($row['contact_name']); + $contact_email = sanitizeInput($row['contact_email']); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $user_name = sanitizeInput($row['user_name']); + $user_email = sanitizeInput($row['user_email']); + $cal_subject = $ticket_number . ": " . $client_name . " - " . $ticket_subject; + $ticket_details_truncated = substr($ticket_details, 0, 100); + $cal_description = $ticket_details_truncated . " - " . $full_ticket_url; + $cal_location = sanitizeInput($row["location_address"]); + $email_datetime = date('l, F j, Y \a\t g:ia', strtotime($schedule)); + + if ($client_id) { + $client_uri = "&client_id=$client_id"; + } else { + $client_uri = ''; + } + + // Sanitize Config Vars + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $config_ticket_from_name = sanitizeInput($config_ticket_from_name); + $session_company_name = sanitizeInput($session_company_name); + + + /// Create iCal event + $cal_str = createiCalStr($schedule, $cal_subject, $cal_description, $cal_location); + + // Notify the agent of the scheduled work + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $user_email, + 'recipient_name' => $user_name, + 'subject' => "Ticket Scheduled - [$ticket_prefix$ticket_number] - $ticket_subject", + 'body' => "Hello, " . $user_name . "

The ticket regarding $ticket_subject has been scheduled for $email_datetime.

--------------------------------
$ticket_link
--------------------------------

Please do not reply to this email.

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Portal: https://$config_base_url/agent/ticket.php?ticket_id=$ticket_id$client_uri

~
$session_company_name
Support Department
$config_ticket_from_email", + 'cal_str' => $cal_str + ]; + + if ($config_ticket_client_general_notifications) { + // Notify the ticket contact of the scheduled work + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => "Ticket Scheduled - [$ticket_prefix$ticket_number] - $ticket_subject", + 'body' => mysqli_escape_string($mysqli, "
+ Hello, $contact_name +
+ Your ticket regarding $ticket_subject has been scheduled for $email_datetime. +

+ Access your ticket here +

+ Please do not reply to this email. +

+ Ticket: $ticket_prefix$ticket_number
+ Subject: $ticket_subject
+

+
+ ~
+ $session_company_name
+ Support Department
+ $config_ticket_from_email
+
+
+ This is an automated message. Please do not reply directly to this email. +
"), + 'cal_str' => $cal_str + ]; + + // Notify the watchers of the scheduled work + $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); + + while ($row = mysqli_fetch_assoc($sql_watchers)) { + $watcher_email = sanitizeInput($row['watcher_email']); + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $watcher_email, + 'recipient_name' => $watcher_email, + 'subject' => "Ticket Scheduled - [$ticket_prefix$ticket_number] - $ticket_subject", + 'body' => mysqli_escape_string($mysqli, nullable_htmlentities("
+ Hello, +
+ The ticket regarding $ticket_subject has been scheduled for $email_datetime. +

+ $ticket_link +

+ Please do not reply to this email. +

+ Ticket: $ticket_prefix$ticket_number
+ Subject: $ticket_subject
+ Portal: Access the ticket here +

+
+ ~
+ $session_company_name
+ Support Department
+ $config_ticket_from_email
+
+
+ This is an automated message. Please do not reply directly to this email. +
")), + 'cal_str' => $cal_str + ]; + } + } + + // Send + $response = addToMailQueue($data); + + // Update ticket reply + $ticket_reply_note = "Ticket scheduled for $email_datetime " . (boolval($onsite) ? '(onsite).' : '(remote).'); + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + + logAction("Ticket", "Edit", "$session_name edited ticket schedule", $client_id, $ticket_id); + + customAction('ticket_schedule', $ticket_id); + + if (empty($conflicting_tickets)) { + flash_alert("Ticket scheduled for $email_datetime"); + redirect(); + } else { + $_SESSION['alert_type'] = "error"; + flash_alert("Ticket scheduled for $email_datetime. Yet there are conflicting tickets scheduled for the same time:
" . implode(",
", $conflicting_tickets), 'error'); + redirect("calendar.php"); + } + +} + +if (isset($_GET['cancel_ticket_schedule'])) { + + enforceUserPermission('module_support', 2); + + $ticket_id = intval($_GET['cancel_ticket_schedule']); + + $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id"); + $row = mysqli_fetch_assoc($sql); + + $client_id = intval($row['ticket_client_id']); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $ticket_schedule = sanitizeInput($row['ticket_schedule']); + $ticket_cal_str = sanitizeInput($row['ticket_cal_str']); + + if ($client_id) { + $client_uri = "&client_id=$client_id"; + } else { + $client_uri = ''; + } + + mysqli_query($mysqli, "UPDATE tickets SET ticket_schedule = NULL WHERE ticket_id = $ticket_id"); + + // Sanitize Config Vars + $config_ticket_from_email = sanitizeInput($config_ticket_from_email); + $config_ticket_from_name = sanitizeInput($config_ticket_from_name); + $session_company_name = sanitizeInput($session_company_name); + + //Create iCal event + $cal_str = createiCalStrCancel($ticket_cal_str); + + //Send emails + + $sql = mysqli_query($mysqli, "SELECT * FROM tickets + LEFT JOIN clients ON ticket_client_id = client_id + LEFT JOIN contacts ON ticket_contact_id = contact_id + LEFT JOIN locations on contact_location_id = location_id + LEFT JOIN users ON ticket_assigned_to = user_id + WHERE ticket_id = $ticket_id + "); + $row = mysqli_fetch_assoc($sql); + + $client_id = intval($row['ticket_client_id']); + $client_name = sanitizeInput($row['client_name']); + $ticket_details = sanitizeInput($row['ticket_details']); + $contact_name = sanitizeInput($row['contact_name']); + $contact_email = sanitizeInput($row['contact_email']); + $ticket_prefix = sanitizeInput($row['ticket_prefix']); + $ticket_number = intval($row['ticket_number']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $user_name = sanitizeInput($row['user_name']); + $user_email = sanitizeInput($row['user_email']); + + // Notify the agent of the cancellation + $data[] = [ + // User Email + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $user_email, + 'recipient_name' => $user_name, + 'subject' => "Ticket Schedule Cancelled - [$ticket_prefix$ticket_number] - $ticket_subject", + 'body' => "Hello, " . $user_name . "

Scheduled work for the ticket regarding $ticket_subject has been cancelled.

--------------------------------
$ticket_link
--------------------------------

Please do not reply to this email.

Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Portal: https://$config_base_url/agent/ticket.php?id=$ticket_id&client_id=$client_id

~
$session_company_name
Support Department
$config_ticket_from_email", + 'cal_str' => $cal_str + ]; + + if ($config_ticket_client_general_notifications) { + // Notify the ticket contact of the cancellation + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => "Ticket Schedule Cancelled - [$ticket_prefix$ticket_number] - $ticket_subject", + 'body' => mysqli_escape_string($mysqli, "
+ Hello, $contact_name +
+ Scheduled work for your ticket regarding $ticket_subject has been cancelled. +

+ Access your ticket here +

+ Please do not reply to this email. +

+ Ticket: $ticket_prefix$ticket_number
+ Subject: $ticket_subject
+

+
+ ~
+ $session_company_name
+ Support Department
+ $config_ticket_from_email
+
+
+ This is an automated message. Please do not reply directly to this email. +
"), + 'cal_str' => $cal_str + ]; + + // Notify the watchers of the cancellation + $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id"); + while ($row = mysqli_fetch_assoc($sql_watchers)) { + $watcher_email = sanitizeInput($row['watcher_email']); + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $watcher_email, + 'recipient_name' => $watcher_email, + 'subject' => "Ticket Schedule Cancelled - [$ticket_prefix$ticket_number] - $ticket_subject", + 'body' => mysqli_escape_string($mysqli, nullable_htmlentities("
+ Hello, +
+ Scheduled work for the ticket regarding $ticket_subject has been cancelled. +

+ $ticket_link +

+ Please do not reply to this email. +

+ Ticket: $ticket_prefix$ticket_number
+ Subject: $ticket_subject
+ Portal: Access the ticket here +

+
+ ~
+ $session_company_name
+ Support Department
+ $config_ticket_from_email
+
+
+ This is an automated message. Please do not reply directly to this email. +
")), + 'cal_str' => $cal_str + ]; + } + } + + // Send email(s) + addToMailQueue($data); + + // Update ticket reply + $ticket_reply_note = "Ticket schedule cancelled."; + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id"); + + logAction("Ticket", "Edit", "$session_name cancelled ticket schedule", $client_id, $ticket_id); + + customAction('ticket_unschedule', $ticket_id); + + flash_alert("Ticket schedule cancelled", 'error'); + + redirect(); + +} diff --git a/cron/mail_queue.php b/cron/mail_queue.php index c052f55a..d5000853 100644 --- a/cron/mail_queue.php +++ b/cron/mail_queue.php @@ -1,357 +1,462 @@ -email = $email; - $this->accessToken = $accessToken; - } - public function getOauth64(): string { - $auth = "user={$this->email}\x01auth=Bearer {$this->accessToken}\x01\x01"; - return base64_encode($auth); - } -} - -/** ======================================================================= - * Load settings - * ======================================================================= */ -$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1"); -$row = mysqli_fetch_assoc($sql_settings); - -$config_enable_cron = intval($row['config_enable_cron']); - -// SMTP baseline -$config_smtp_host = $row['config_smtp_host']; -$config_smtp_username = $row['config_smtp_username']; -$config_smtp_password = $row['config_smtp_password']; -$config_smtp_port = intval($row['config_smtp_port']); -$config_smtp_encryption = $row['config_smtp_encryption']; - -// SMTP provider + shared OAuth fields -$config_smtp_provider = $row['config_smtp_provider']; // 'standard_smtp' | 'google_oauth' | 'microsoft_oauth' -$config_mail_oauth_client_id = $row['config_mail_oauth_client_id'] ?? ''; -$config_mail_oauth_client_secret = $row['config_mail_oauth_client_secret'] ?? ''; -$config_mail_oauth_tenant_id = $row['config_mail_oauth_tenant_id'] ?? ''; -$config_mail_oauth_refresh_token = $row['config_mail_oauth_refresh_token'] ?? ''; -$config_mail_oauth_access_token = $row['config_mail_oauth_access_token'] ?? ''; -$config_mail_oauth_access_token_expires_at = $row['config_mail_oauth_access_token_expires_at'] ?? ''; - -if ($config_enable_cron == 0) { - logApp("Cron-Mail-Queue", "error", "Cron Mail Queue unable to run - cron not enabled in admin settings."); - exit("Cron: is not enabled -- Quitting.."); -} - -if (empty($config_smtp_provider)) { - logApp("Cron-Mail-Queue", "info", "SMTP sending skipped: provider not configured."); - exit(0); -} - -/** ======================================================================= - * Lock file - * ======================================================================= */ -$temp_dir = sys_get_temp_dir(); -$lock_file_path = "{$temp_dir}/itflow_mail_queue_{$installation_id}.lock"; - -if (file_exists($lock_file_path)) { - $file_age = time() - filemtime($lock_file_path); - if ($file_age > 600) { - unlink($lock_file_path); - logApp("Cron-Mail-Queue", "warning", "Cron Mail Queue detected a lock file was present but was over 10 minutes old so it removed it."); - } else { - logApp("Cron-Mail-Queue", "info", "Cron Mail Queue attempted to execute but was already executing so instead it terminated."); - exit("Script is already running. Exiting."); - } -} - -file_put_contents($lock_file_path, "Locked"); - -/** ======================================================================= - * Mail sender function (defined inside this cron) - * - Handles standard SMTP and XOAUTH2 for Google/Microsoft - * - Reuses shared OAuth settings - * ======================================================================= */ -function sendQueueEmail( - string $provider, - string $host, - int $port, - string $encryption, - string $username, - string $password, - string $from_email, - string $from_name, - string $to_email, - string $to_name, - string $subject, - string $html_body, - string $ics_str, - string $oauth_client_id, - string $oauth_client_secret, - string $oauth_tenant_id, - string $oauth_refresh_token, - string $oauth_access_token, - string $oauth_access_token_expires_at -) { - // Sensible defaults for OAuth providers if fields were left blank - if ($provider === 'google_oauth') { - if (!$host) $host = 'smtp.gmail.com'; - if (!$port) $port = 587; - if (!$encryption) $encryption = 'tls'; - if (!$username) $username = $from_email; - } elseif ($provider === 'microsoft_oauth') { - if (!$host) $host = 'smtp.office365.com'; - if (!$port) $port = 587; - if (!$encryption) $encryption = 'tls'; - if (!$username) $username = $from_email; - } - - $mail = new PHPMailer(true); - $mail->CharSet = "UTF-8"; - $mail->SMTPDebug = 0; - $mail->isSMTP(); - $mail->Host = $host; - $mail->Port = $port; - - $enc = strtolower($encryption); - if ($enc === '' || $enc === 'none') { - $mail->SMTPAutoTLS = false; - $mail->SMTPSecure = false; - $mail->SMTPOptions = ['ssl' => ['verify_peer' => false, 'verify_peer_name' => false]]; - } else { - $mail->SMTPSecure = $enc; // 'tls' | 'ssl' - } - - if ($provider === 'google_oauth' || $provider === 'microsoft_oauth') { - // XOAUTH2 - $mail->SMTPAuth = true; - $mail->AuthType = 'XOAUTH2'; - $mail->Username = $username; - - // Pick/refresh access token - $accessToken = trim($oauth_access_token); - $needsRefresh = empty($accessToken); - if (!$needsRefresh && !empty($oauth_access_token_expires_at)) { - $expTs = strtotime($oauth_access_token_expires_at); - if ($expTs && $expTs <= time() + 60) $needsRefresh = true; - } - - if ($needsRefresh) { - if ($provider === 'google_oauth' && function_exists('getGoogleAccessToken')) { - $accessToken = getGoogleAccessToken($username); - } elseif ($provider === 'microsoft_oauth' && function_exists('getMicrosoftAccessToken')) { - $accessToken = getMicrosoftAccessToken($username); - } - } - - if (empty($accessToken)) { - throw new Exception("Missing OAuth access token for XOAUTH2 SMTP."); - } - - $mail->setOAuth(new StaticTokenProvider($username, $accessToken)); - } else { - // Standard SMTP (with or without auth) - $mail->SMTPAuth = !empty($username); - $mail->Username = $username ?: ''; - $mail->Password = $password ?: ''; - } - - // Recipients & content - $mail->setFrom($from_email, $from_name); - $mail->addAddress($to_email, $to_name); - $mail->isHTML(true); - $mail->Subject = $subject; - $mail->Body = $html_body; - - if (!empty($ics_str)) { - $mail->addStringAttachment($ics_str, 'Scheduled_ticket.ics', 'base64', 'text/calendar'); - } - - $mail->send(); - return true; -} - -/** ======================================================================= - * SEND: status = 0 (Queued) - * ======================================================================= */ -$sql_queue = mysqli_query($mysqli, "SELECT * FROM email_queue WHERE email_status = 0 AND email_queued_at <= NOW()"); - -if (mysqli_num_rows($sql_queue) > 0) { - while ($rowq = mysqli_fetch_assoc($sql_queue)) { - $email_id = (int)$rowq['email_id']; - $email_from = $rowq['email_from']; - $email_from_name = $rowq['email_from_name']; - $email_recipient = $rowq['email_recipient']; - $email_recipient_name = $rowq['email_recipient_name']; - $email_subject = $rowq['email_subject']; - $email_content = $rowq['email_content']; - $email_ics_str = $rowq['email_cal_str']; - - // Check sender - if (!filter_var($email_from, FILTER_VALIDATE_EMAIL)) { - $email_from_logging = sanitizeInput($rowq['email_from']); - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = 99 WHERE email_id = $email_id"); - logApp("Cron-Mail-Queue", "Error", "Failed to send email #$email_id due to invalid sender address: $email_from_logging - check configuration in settings."); - appNotify("Mail", "Failed to send email #$email_id due to invalid sender address"); - continue; - } - - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 1 WHERE email_id = $email_id"); - - // Basic recipient syntax check - if (!filter_var($email_recipient, FILTER_VALIDATE_EMAIL)) { - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = 99 WHERE email_id = $email_id"); - $email_to_logging = sanitizeInput($email_recipient); - $email_subject_logging = sanitizeInput($rowq['email_subject']); - logApp("Cron-Mail-Queue", "Error", "Failed to send email: $email_id to $email_to_logging due to invalid recipient address. Email subject was: $email_subject_logging"); - appNotify("Mail", "Failed to send email #$email_id to $email_to_logging due to invalid recipient address: Email subject was: $email_subject_logging"); - continue; - } - - // More intelligent recipient MX check (if not disabled with --no-mx-validation) - $domain = sanitizeInput(substr($email_recipient, strpos($email_recipient, '@') + 1)); - if (!in_array('--no-mx-validation', $argv) && !checkdnsrr($domain, 'MX')) { - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = 99 WHERE email_id = $email_id"); - $email_to_logging = sanitizeInput($email_recipient); - $email_subject_logging = sanitizeInput($rowq['email_subject']); - logApp("Cron-Mail-Queue", "Error", "Failed to send email: $email_id to $email_to_logging due to invalid recipient domain (no MX). Email subject was: $email_subject_logging"); - appNotify("Mail", "Failed to send email #$email_id to $email_to_logging due to invalid recipient domain (no MX): Email subject was: $email_subject_logging"); - continue; - } - - try { - sendQueueEmail( - ($config_smtp_provider ?: 'standard_smtp'), - $config_smtp_host, - (int)$config_smtp_port, - (string)$config_smtp_encryption, - (string)$config_smtp_username, - (string)$config_smtp_password, - (string)$email_from, - (string)$email_from_name, - (string)$email_recipient, - (string)$email_recipient_name, - (string)$email_subject, - (string)$email_content, - (string)$email_ics_str, - (string)$config_mail_oauth_client_id, - (string)$config_mail_oauth_client_secret, - (string)$config_mail_oauth_tenant_id, - (string)$config_mail_oauth_refresh_token, - (string)$config_mail_oauth_access_token, - (string)$config_mail_oauth_access_token_expires_at - ); - - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 3, email_sent_at = NOW(), email_attempts = 1 WHERE email_id = $email_id"); - - } catch (Exception $e) { - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_failed_at = NOW(), email_attempts = 1 WHERE email_id = $email_id"); - - $email_recipient_logging = sanitizeInput($rowq['email_recipient']); - $email_subject_logging = sanitizeInput($rowq['email_subject']); - $err = substr("Mailer Error: " . $e->getMessage(), 0, 100) . "..."; - - appNotify("Cron-Mail-Queue", "Failed to send email #$email_id to $email_recipient_logging"); - logApp("Cron-Mail-Queue", "Error", "Failed to send email: $email_id to $email_recipient_logging regarding $email_subject_logging. $err"); - } - } -} - -/** ======================================================================= - * RETRIES: status = 2 (Failed), attempts < 4, wait 30 min - * NOTE: Backoff is `email_failed_at <= NOW() - INTERVAL 30 MINUTE` - * ======================================================================= - */ -$sql_failed_queue = mysqli_query( - $mysqli, - "SELECT * FROM email_queue - WHERE email_status = 2 - AND email_attempts < 4 - AND email_failed_at <= NOW() - INTERVAL 30 MINUTE" -); - -if (mysqli_num_rows($sql_failed_queue) > 0) { - while ($rowf = mysqli_fetch_assoc($sql_failed_queue)) { - $email_id = (int)$rowf['email_id']; - $email_from = $rowf['email_from']; - $email_from_name = $rowf['email_from_name']; - $email_recipient = $rowf['email_recipient']; - $email_recipient_name = $rowf['email_recipient_name']; - $email_subject = $rowf['email_subject']; - $email_content = $rowf['email_content']; - $email_ics_str = $rowf['email_cal_str']; - $email_attempts = (int)$rowf['email_attempts'] + 1; - - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 1 WHERE email_id = $email_id"); - - if (!filter_var($email_recipient, FILTER_VALIDATE_EMAIL)) { - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = $email_attempts WHERE email_id = $email_id"); - continue; - } - - try { - sendQueueEmail( - ($config_smtp_provider ?: 'standard_smtp'), - $config_smtp_host, - (int)$config_smtp_port, - (string)$config_smtp_encryption, - (string)$config_smtp_username, - (string)$config_smtp_password, - (string)$email_from, - (string)$email_from_name, - (string)$email_recipient, - (string)$email_recipient_name, - (string)$email_subject, - (string)$email_content, - (string)$email_ics_str, - (string)$config_mail_oauth_client_id, - (string)$config_mail_oauth_client_secret, - (string)$config_mail_oauth_tenant_id, - (string)$config_mail_oauth_refresh_token, - (string)$config_mail_oauth_access_token, - (string)$config_mail_oauth_access_token_expires_at - ); - - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 3, email_sent_at = NOW(), email_attempts = $email_attempts WHERE email_id = $email_id"); - - } catch (Exception $e) { - mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_failed_at = NOW(), email_attempts = $email_attempts WHERE email_id = $email_id"); - - $email_recipient_logging = sanitizeInput($rowf['email_recipient']); - $email_subject_logging = sanitizeInput($rowf['email_subject']); - $err = substr("Mailer Error: " . $e->getMessage(), 0, 100) . "..."; - - logApp("Cron-Mail-Queue", "Error", "Failed to re-send email #$email_id to $email_recipient_logging regarding $email_subject_logging. $err"); - } - } -} - -/** ======================================================================= - * Unlock - * ======================================================================= */ -unlink($lock_file_path); +email = $email; + $this->accessToken = $accessToken; + } + public function getOauth64(): string { + $auth = "user={$this->email}\x01auth=Bearer {$this->accessToken}\x01\x01"; + return base64_encode($auth); + } +} + +/** ======================================================================= + * Load settings + * ======================================================================= */ +$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1"); +$row = mysqli_fetch_assoc($sql_settings); + +$config_enable_cron = intval($row['config_enable_cron']); + +// SMTP baseline +$config_smtp_host = $row['config_smtp_host']; +$config_smtp_username = $row['config_smtp_username']; +$config_smtp_password = $row['config_smtp_password']; +$config_smtp_port = intval($row['config_smtp_port']); +$config_smtp_encryption = $row['config_smtp_encryption']; + +// SMTP provider + shared OAuth fields +$config_smtp_provider = $row['config_smtp_provider']; // 'standard_smtp' | 'google_oauth' | 'microsoft_oauth' +$config_mail_oauth_client_id = $row['config_mail_oauth_client_id'] ?? ''; +$config_mail_oauth_client_secret = $row['config_mail_oauth_client_secret'] ?? ''; +$config_mail_oauth_tenant_id = $row['config_mail_oauth_tenant_id'] ?? ''; +$config_mail_oauth_refresh_token = $row['config_mail_oauth_refresh_token'] ?? ''; +$config_mail_oauth_access_token = $row['config_mail_oauth_access_token'] ?? ''; +$config_mail_oauth_access_token_expires_at = $row['config_mail_oauth_access_token_expires_at'] ?? ''; + +if ($config_enable_cron == 0) { + logApp("Cron-Mail-Queue", "error", "Cron Mail Queue unable to run - cron not enabled in admin settings."); + exit("Cron: is not enabled -- Quitting.."); +} + +if (empty($config_smtp_provider)) { + logApp("Cron-Mail-Queue", "info", "SMTP sending skipped: provider not configured."); + exit(0); +} + +/** ======================================================================= + * Lock file + * ======================================================================= */ +$temp_dir = sys_get_temp_dir(); +$lock_file_path = "{$temp_dir}/itflow_mail_queue_{$installation_id}.lock"; + +if (file_exists($lock_file_path)) { + $file_age = time() - filemtime($lock_file_path); + if ($file_age > 600) { + unlink($lock_file_path); + logApp("Cron-Mail-Queue", "warning", "Cron Mail Queue detected a lock file was present but was over 10 minutes old so it removed it."); + } else { + logApp("Cron-Mail-Queue", "info", "Cron Mail Queue attempted to execute but was already executing so instead it terminated."); + exit("Script is already running. Exiting."); + } +} + +file_put_contents($lock_file_path, "Locked"); + +/** ======================================================================= + * Mail OAuth helpers + sender function + * ======================================================================= */ +function tokenIsExpired(?string $expires_at): bool { + if (empty($expires_at)) { + return true; + } + + $ts = strtotime($expires_at); + + if ($ts === false) { + return true; + } + + return ($ts - 60) <= time(); +} + +function httpFormPost(string $url, array $fields): array { + $ch = curl_init($url); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields, '', '&')); + curl_setopt($ch, CURLOPT_TIMEOUT, 20); + + $raw = curl_exec($ch); + $err = curl_error($ch); + $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + + curl_close($ch); + + return [ + 'ok' => ($raw !== false && $code >= 200 && $code < 300), + 'body' => $raw, + 'code' => $code, + 'err' => $err, + ]; +} + +function persistMailOauthTokens(string $access_token, string $expires_at, ?string $refresh_token = null): void { + global $mysqli; + + $access_token_esc = mysqli_real_escape_string($mysqli, $access_token); + $expires_at_esc = mysqli_real_escape_string($mysqli, $expires_at); + + $refresh_sql = ''; + if (!empty($refresh_token)) { + $refresh_token_esc = mysqli_real_escape_string($mysqli, $refresh_token); + $refresh_sql = ", config_mail_oauth_refresh_token = '{$refresh_token_esc}'"; + } + + mysqli_query($mysqli, "UPDATE settings SET config_mail_oauth_access_token = '{$access_token_esc}', config_mail_oauth_access_token_expires_at = '{$expires_at_esc}'{$refresh_sql} WHERE company_id = 1"); +} + +function refreshMailOauthAccessToken(string $provider, string $oauth_client_id, string $oauth_client_secret, string $oauth_tenant_id, string $oauth_refresh_token): ?array { + $result = null; + $response = null; + + if (!empty($oauth_client_id) && !empty($oauth_client_secret) && !empty($oauth_refresh_token)) { + if ($provider === 'google_oauth') { + $response = httpFormPost(GOOGLE_OAUTH_TOKEN_URL, [ + 'client_id' => $oauth_client_id, + 'client_secret' => $oauth_client_secret, + 'refresh_token' => $oauth_refresh_token, + 'grant_type' => 'refresh_token', + ]); + } elseif ($provider === 'microsoft_oauth' && !empty($oauth_tenant_id)) { + $token_url = MICROSOFT_OAUTH_BASE_URL . rawurlencode($oauth_tenant_id) . "/oauth2/v2.0/token"; + $response = httpFormPost($token_url, [ + 'client_id' => $oauth_client_id, + 'client_secret' => $oauth_client_secret, + 'refresh_token' => $oauth_refresh_token, + 'grant_type' => 'refresh_token', + ]); + } + } + + if (is_array($response) && !empty($response['ok'])) { + $json = json_decode($response['body'], true); + + if (is_array($json) && !empty($json['access_token'])) { + $expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); + $result = [ + 'access_token' => $json['access_token'], + 'expires_at' => $expires_at, + 'refresh_token' => $json['refresh_token'] ?? null, + ]; + } + } + + return $result; +} + +function resolveMailOauthAccessToken(string $provider, string $oauth_client_id, string $oauth_client_secret, string $oauth_tenant_id, string $oauth_refresh_token, string $oauth_access_token, string $oauth_access_token_expires_at): ?string { + if (!empty($oauth_access_token) && !tokenIsExpired($oauth_access_token_expires_at)) { + return $oauth_access_token; + } + + $tokens = refreshMailOauthAccessToken($provider, $oauth_client_id, $oauth_client_secret, $oauth_tenant_id, $oauth_refresh_token); + + if (!is_array($tokens) || empty($tokens['access_token']) || empty($tokens['expires_at'])) { + return null; + } + + persistMailOauthTokens($tokens['access_token'], $tokens['expires_at'], $tokens['refresh_token'] ?? null); + + return $tokens['access_token']; +} + +function sendQueueEmail( + string $provider, + string $host, + int $port, + string $encryption, + string $username, + string $password, + string $from_email, + string $from_name, + string $to_email, + string $to_name, + string $subject, + string $html_body, + string $ics_str, + string $oauth_client_id, + string $oauth_client_secret, + string $oauth_tenant_id, + string $oauth_refresh_token, + string $oauth_access_token, + string $oauth_access_token_expires_at +) { + // Sensible defaults for OAuth providers if fields were left blank + if ($provider === 'google_oauth') { + if (!$host) $host = 'smtp.gmail.com'; + if (!$port) $port = 587; + if (!$encryption) $encryption = 'tls'; + if (!$username) $username = $from_email; + } elseif ($provider === 'microsoft_oauth') { + if (!$host) $host = 'smtp.office365.com'; + if (!$port) $port = 587; + if (!$encryption) $encryption = 'tls'; + if (!$username) $username = $from_email; + } + + $mail = new PHPMailer(true); + $mail->CharSet = "UTF-8"; + $mail->SMTPDebug = 0; + $mail->isSMTP(); + $mail->Host = $host; + $mail->Port = $port; + + $enc = strtolower($encryption); + if ($enc === '' || $enc === 'none') { + $mail->SMTPAutoTLS = false; + $mail->SMTPSecure = false; + $mail->SMTPOptions = ['ssl' => ['verify_peer' => false, 'verify_peer_name' => false]]; + } else { + $mail->SMTPSecure = $enc; // 'tls' | 'ssl' + } + + if ($provider === 'google_oauth' || $provider === 'microsoft_oauth') { + // XOAUTH2 + $mail->SMTPAuth = true; + $mail->AuthType = 'XOAUTH2'; + $mail->Username = $username; + + $access_token = resolveMailOauthAccessToken( + $provider, + trim($oauth_client_id), + trim($oauth_client_secret), + trim($oauth_tenant_id), + trim($oauth_refresh_token), + trim($oauth_access_token), + trim($oauth_access_token_expires_at) + ); + + if (empty($access_token)) { + throw new Exception("Missing OAuth access token for XOAUTH2 SMTP."); + } + + $mail->setOAuth(new StaticTokenProvider($username, $access_token)); + } else { + // Standard SMTP (with or without auth) + $mail->SMTPAuth = !empty($username); + $mail->Username = $username ?: ''; + $mail->Password = $password ?: ''; + } + + // Recipients & content + $mail->setFrom($from_email, $from_name); + $mail->addAddress($to_email, $to_name); + $mail->isHTML(true); + $mail->Subject = $subject; + $mail->Body = $html_body; + + if (!empty($ics_str)) { + $mail->addStringAttachment($ics_str, 'Scheduled_ticket.ics', 'base64', 'text/calendar'); + } + + $mail->send(); + return true; +} + +/** ======================================================================= + * SEND: status = 0 (Queued) + * ======================================================================= */ +$sql_queue = mysqli_query($mysqli, "SELECT * FROM email_queue WHERE email_status = 0 AND email_queued_at <= NOW()"); + +if (mysqli_num_rows($sql_queue) > 0) { + while ($rowq = mysqli_fetch_assoc($sql_queue)) { + $email_id = (int)$rowq['email_id']; + $email_from = $rowq['email_from']; + $email_from_name = $rowq['email_from_name']; + $email_recipient = $rowq['email_recipient']; + $email_recipient_name = $rowq['email_recipient_name']; + $email_subject = $rowq['email_subject']; + $email_content = $rowq['email_content']; + $email_ics_str = $rowq['email_cal_str']; + + // Check sender + if (!filter_var($email_from, FILTER_VALIDATE_EMAIL)) { + $email_from_logging = sanitizeInput($rowq['email_from']); + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = 99 WHERE email_id = $email_id"); + logApp("Cron-Mail-Queue", "Error", "Failed to send email #$email_id due to invalid sender address: $email_from_logging - check configuration in settings."); + appNotify("Mail", "Failed to send email #$email_id due to invalid sender address"); + continue; + } + + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 1 WHERE email_id = $email_id"); + + // Basic recipient syntax check + if (!filter_var($email_recipient, FILTER_VALIDATE_EMAIL)) { + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = 99 WHERE email_id = $email_id"); + $email_to_logging = sanitizeInput($email_recipient); + $email_subject_logging = sanitizeInput($rowq['email_subject']); + logApp("Cron-Mail-Queue", "Error", "Failed to send email: $email_id to $email_to_logging due to invalid recipient address. Email subject was: $email_subject_logging"); + appNotify("Mail", "Failed to send email #$email_id to $email_to_logging due to invalid recipient address: Email subject was: $email_subject_logging"); + continue; + } + + // More intelligent recipient MX check (if not disabled with --no-mx-validation) + $domain = sanitizeInput(substr($email_recipient, strpos($email_recipient, '@') + 1)); + if (!in_array('--no-mx-validation', $argv) && !checkdnsrr($domain, 'MX')) { + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = 99 WHERE email_id = $email_id"); + $email_to_logging = sanitizeInput($email_recipient); + $email_subject_logging = sanitizeInput($rowq['email_subject']); + logApp("Cron-Mail-Queue", "Error", "Failed to send email: $email_id to $email_to_logging due to invalid recipient domain (no MX). Email subject was: $email_subject_logging"); + appNotify("Mail", "Failed to send email #$email_id to $email_to_logging due to invalid recipient domain (no MX): Email subject was: $email_subject_logging"); + continue; + } + + try { + sendQueueEmail( + ($config_smtp_provider ?: 'standard_smtp'), + $config_smtp_host, + (int)$config_smtp_port, + (string)$config_smtp_encryption, + (string)$config_smtp_username, + (string)$config_smtp_password, + (string)$email_from, + (string)$email_from_name, + (string)$email_recipient, + (string)$email_recipient_name, + (string)$email_subject, + (string)$email_content, + (string)$email_ics_str, + (string)$config_mail_oauth_client_id, + (string)$config_mail_oauth_client_secret, + (string)$config_mail_oauth_tenant_id, + (string)$config_mail_oauth_refresh_token, + (string)$config_mail_oauth_access_token, + (string)$config_mail_oauth_access_token_expires_at + ); + + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 3, email_sent_at = NOW(), email_attempts = 1 WHERE email_id = $email_id"); + + } catch (Exception $e) { + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_failed_at = NOW(), email_attempts = 1 WHERE email_id = $email_id"); + + $email_recipient_logging = sanitizeInput($rowq['email_recipient']); + $email_subject_logging = sanitizeInput($rowq['email_subject']); + $err = substr("Mailer Error: " . $e->getMessage(), 0, 100) . "..."; + + appNotify("Cron-Mail-Queue", "Failed to send email #$email_id to $email_recipient_logging"); + logApp("Cron-Mail-Queue", "Error", "Failed to send email: $email_id to $email_recipient_logging regarding $email_subject_logging. $err"); + } + } +} + +/** ======================================================================= + * RETRIES: status = 2 (Failed), attempts < 4, wait 30 min + * NOTE: Backoff is `email_failed_at <= NOW() - INTERVAL 30 MINUTE` + * ======================================================================= + */ +$sql_failed_queue = mysqli_query( + $mysqli, + "SELECT * FROM email_queue + WHERE email_status = 2 + AND email_attempts < 4 + AND email_failed_at <= NOW() - INTERVAL 30 MINUTE" +); + +if (mysqli_num_rows($sql_failed_queue) > 0) { + while ($rowf = mysqli_fetch_assoc($sql_failed_queue)) { + $email_id = (int)$rowf['email_id']; + $email_from = $rowf['email_from']; + $email_from_name = $rowf['email_from_name']; + $email_recipient = $rowf['email_recipient']; + $email_recipient_name = $rowf['email_recipient_name']; + $email_subject = $rowf['email_subject']; + $email_content = $rowf['email_content']; + $email_ics_str = $rowf['email_cal_str']; + $email_attempts = (int)$rowf['email_attempts'] + 1; + + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 1 WHERE email_id = $email_id"); + + if (!filter_var($email_recipient, FILTER_VALIDATE_EMAIL)) { + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_attempts = $email_attempts WHERE email_id = $email_id"); + continue; + } + + try { + sendQueueEmail( + ($config_smtp_provider ?: 'standard_smtp'), + $config_smtp_host, + (int)$config_smtp_port, + (string)$config_smtp_encryption, + (string)$config_smtp_username, + (string)$config_smtp_password, + (string)$email_from, + (string)$email_from_name, + (string)$email_recipient, + (string)$email_recipient_name, + (string)$email_subject, + (string)$email_content, + (string)$email_ics_str, + (string)$config_mail_oauth_client_id, + (string)$config_mail_oauth_client_secret, + (string)$config_mail_oauth_tenant_id, + (string)$config_mail_oauth_refresh_token, + (string)$config_mail_oauth_access_token, + (string)$config_mail_oauth_access_token_expires_at + ); + + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 3, email_sent_at = NOW(), email_attempts = $email_attempts WHERE email_id = $email_id"); + + } catch (Exception $e) { + mysqli_query($mysqli, "UPDATE email_queue SET email_status = 2, email_failed_at = NOW(), email_attempts = $email_attempts WHERE email_id = $email_id"); + + $email_recipient_logging = sanitizeInput($rowf['email_recipient']); + $email_subject_logging = sanitizeInput($rowf['email_subject']); + $err = substr("Mailer Error: " . $e->getMessage(), 0, 100) . "..."; + + logApp("Cron-Mail-Queue", "Error", "Failed to re-send email #$email_id to $email_recipient_logging regarding $email_subject_logging. $err"); + } + } +} + +/** ======================================================================= + * Unlock + * ======================================================================= */ +unlink($lock_file_path); diff --git a/cron/ticket_email_parser.php b/cron/ticket_email_parser.php index 1905b2af..e0903ef8 100644 --- a/cron/ticket_email_parser.php +++ b/cron/ticket_email_parser.php @@ -1,914 +1,914 @@ - Ticketing > Email-to-ticket parsing. See https://docs.itflow.org/ticket_email_parse -- Quitting.."); -} - -// System temp directory & lock -$temp_dir = sys_get_temp_dir(); -$lock_file_path = "{$temp_dir}/itflow_email_parser_{$installation_id}.lock"; - -if (file_exists($lock_file_path)) { - $file_age = time() - filemtime($lock_file_path); - if ($file_age > 300) { - unlink($lock_file_path); - logApp("Cron-Email-Parser", "warning", "Cron Email Parser detected a lock file was present but was over 5 minutes old so it removed it."); - } else { - logApp("Cron-Email-Parser", "warning", "Lock file present. Cron Email Parser attempted to execute but was already executing, so instead it terminated."); - exit("Script is already running. Exiting."); - } -} -file_put_contents($lock_file_path, "Locked"); - -// Ensure lock gets removed even on fatal error -register_shutdown_function(function() use ($lock_file_path) { - if (file_exists($lock_file_path)) { - @unlink($lock_file_path); - } -}); - -// Allowed attachment extensions -$allowed_extensions = array('jpg', 'jpeg', 'gif', 'png', 'webp', 'svg', 'pdf', 'txt', 'md', 'doc', 'docx', 'csv', 'xls', 'xlsx', 'xlsm', 'zip', 'tar', 'gz'); - -/** ------------------------------------------------------------------ - * Ticket / Reply helpers (unchanged) - * ------------------------------------------------------------------ */ -function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message, $attachments, $original_message_file) { - global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_ticket_client_general_notifications, $config_ticket_new_ticket_notification_email, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $config_ticket_default_billable, $allowed_extensions; - - // Atomically increment and get the new ticket number - mysqli_query($mysqli, " - UPDATE settings - SET - config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number), - config_ticket_next_number = config_ticket_next_number + 1 - WHERE company_id = 1 - "); - - $ticket_number = mysqli_insert_id($mysqli); - - // Clean up the message - $message = trim($message); - // Remove DOCTYPE and meta tags - $message = preg_replace('/]*>/i', '', $message); - $message = preg_replace('/]*>/i', '', $message); - // Remove , , and their closing tags - $message = preg_replace('/<\/?(html|head|body)[^>]*>/i', '', $message); - // Collapse excess whitespace - $message = preg_replace('/\s+/', ' ', $message); - // Convert newlines to
- $message = nl2br($message); - // Wrap final formatted message - $message = "Email from: $contact_name <$contact_email> at $date:-

$message
"; - - $ticket_prefix_esc = mysqli_real_escape_string($mysqli, $config_ticket_prefix); - $message_esc = mysqli_real_escape_string($mysqli, $message); - $contact_email_esc = mysqli_real_escape_string($mysqli, $contact_email); - $client_id = intval($client_id); - - $url_key = randomString(32); - - mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$ticket_prefix_esc', ticket_number = $ticket_number, ticket_source = 'Email', ticket_subject = '$subject', ticket_details = '$message_esc', ticket_priority = 'Low', ticket_status = 1, ticket_billable = $config_ticket_default_billable, ticket_created_by = 0, ticket_contact_id = $contact_id, ticket_url_key = '$url_key', ticket_client_id = $client_id"); - $id = mysqli_insert_id($mysqli); - - // Logging - logAction("Ticket", "Create", "Email parser: Client contact $contact_email_esc created ticket $ticket_prefix_esc$ticket_number ($subject) ($id)", $client_id, $id); - - mkdirMissing('../uploads/tickets/'); - $att_dir = "../uploads/tickets/" . $id . "/"; - mkdirMissing($att_dir); - - // Move original .eml into the ticket folder - rename("../uploads/tmp/{$original_message_file}", "{$att_dir}/{$original_message_file}"); - $original_message_file_esc = mysqli_real_escape_string($mysqli, $original_message_file); - mysqli_query($mysqli, "INSERT INTO ticket_attachments SET ticket_attachment_name = 'Original-parsed-email.eml', ticket_attachment_reference_name = '$original_message_file_esc', ticket_attachment_ticket_id = $id"); - - // Save non-inline attachments - foreach ($attachments as $attachment) { - $att_name = $attachment['name']; - $att_extension = strtolower(pathinfo($att_name, PATHINFO_EXTENSION)); - - if (in_array($att_extension, $allowed_extensions)) { - $att_saved_filename = md5(uniqid(rand(), true)) . '.' . $att_extension; - $att_saved_path = $att_dir . $att_saved_filename; - file_put_contents($att_saved_path, $attachment['content']); - - $ticket_attachment_name = sanitizeInput($att_name); - $ticket_attachment_reference_name = sanitizeInput($att_saved_filename); - - $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_name); - $ticket_attachment_reference_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_reference_name); - mysqli_query($mysqli, "INSERT INTO ticket_attachments SET ticket_attachment_name = '$ticket_attachment_name_esc', ticket_attachment_reference_name = '$ticket_attachment_reference_name_esc', ticket_attachment_ticket_id = $id"); - } else { - $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $att_name); - logAction("Ticket", "Edit", "Email parser: Blocked attachment $ticket_attachment_name_esc from Client contact $contact_email_esc for ticket $ticket_prefix_esc$ticket_number", $client_id, $id); - } - } - - // Guest ticket watchers - if ($client_id == 0) { - mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$contact_email_esc', watcher_ticket_id = $id"); - } - - // External email - $bad_pattern = "/do[\W_]*not[\W_]*reply|no[\W_]*reply/i"; - $data = []; - if ($config_ticket_client_general_notifications == 1 && !preg_match($bad_pattern, $contact_email)) { - $subject_email = "Ticket created - [$config_ticket_prefix$ticket_number] - $subject"; - $body = "##- Please type your reply above this line -##

Hello $contact_name,

Thank you for your email. A ticket regarding \"$subject\" has been automatically created for you.

Ticket: $config_ticket_prefix$ticket_number
Subject: $subject
Status: New
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $contact_email, - 'recipient_name' => $contact_name, - 'subject' => $subject_email, - 'body' => mysqli_real_escape_string($mysqli, $body) - ]; - } - - // Internal email - if ($config_ticket_new_ticket_notification_email) { - if ($client_id == 0) { - $client_name = "Guest"; - $client_uri = ''; - } else { - $client_sql = mysqli_query($mysqli, "SELECT client_name FROM clients WHERE client_id = $client_id"); - $client_row = mysqli_fetch_assoc($client_sql); - $client_name = sanitizeInput($client_row['client_name']); - $client_uri = "&client_id=$client_id"; - } - $email_subject = "$config_app_name - New Ticket - $client_name: $subject"; - $email_body = "Hello,

This is a notification that a new ticket has been raised in ITFlow.
Client: $client_name
Priority: Low (email parsed)
Link: https://$config_base_url/agent/ticket.php?ticket_id=$id$client_uri

--------------------------------

$subject
$message"; - - $data[] = [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $config_ticket_new_ticket_notification_email, - 'recipient_name' => $config_ticket_from_name, - 'subject' => $email_subject, - 'body' => mysqli_real_escape_string($mysqli, $email_body) - ]; - } - - addToMailQueue($data); - customAction('ticket_create', $id); - - return true; -} - -function addReply($from_email, $date, $subject, $ticket_number, $message, $attachments) { - global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $allowed_extensions; - - $ticket_reply_type = 'Client'; - // $message contains the raw HTML body from IMAP - - // 1) Remove the reply separator and everything below it (HTML-aware) - // This matches: ##- Please type your reply above this line -## and EVERYTHING after it - $message = preg_replace( - '/]*>##-\s*Please\s+type\s+your\s+reply\s+above\s+this\s+line\s*-##<\/i>.*$/is', - '', - $message - ); - - // 2) Clean up the remaining message - - // Remove DOCTYPE and meta tags - $message = preg_replace('/]*>/i', '', $message); - $message = preg_replace('/]*>/i', '', $message); - - // Remove , , and their closing tags - $message = preg_replace('/<\/?(html|head|body)[^>]*>/i', '', $message); - - // Trim leading/trailing whitespace - $message = trim($message); - - // Normalize line breaks to spaces - $message = preg_replace('/\r\n|\r|\n/', ' ', $message); - - // Convert to
for HTML display - $message = nl2br($message); - - // 3) Final wrapper - $message = "Email from: $from_email at $date:-

$message
"; - - $ticket_number_esc = intval($ticket_number); - $message_esc = mysqli_real_escape_string($mysqli, $message); - $from_email_esc = mysqli_real_escape_string($mysqli, $from_email); - - $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT ticket_id, ticket_subject, ticket_status, ticket_contact_id, ticket_client_id, contact_email, client_name - FROM tickets - LEFT JOIN contacts on tickets.ticket_contact_id = contacts.contact_id - LEFT JOIN clients on tickets.ticket_client_id = clients.client_id - WHERE ticket_number = $ticket_number_esc LIMIT 1")); - - if ($row) { - $ticket_id = intval($row['ticket_id']); - $ticket_subject = sanitizeInput($row['ticket_subject']); - $ticket_status = sanitizeInput($row['ticket_status']); - $ticket_reply_contact = intval($row['ticket_contact_id']); - $ticket_contact_email = sanitizeInput($row['contact_email']); - $client_id = intval($row['ticket_client_id']); - if ($client_id) { - $client_uri = "&client_id=$client_id"; - } else { - $client_uri = ''; - } - $client_name = sanitizeInput($row['client_name']); - - if ($ticket_status == 5) { - $config_ticket_prefix_esc = mysqli_real_escape_string($mysqli, $config_ticket_prefix); - $ticket_number_esc2 = mysqli_real_escape_string($mysqli, $ticket_number); - - appNotify("Ticket", "Email parser: $from_email attempted to re-open ticket $config_ticket_prefix_esc$ticket_number_esc2 (ID $ticket_id) - check inbox manually to see email", "/agent/ticket.php?ticket_id=$ticket_id$client_uri", $client_id); - - $email_subject = "Action required: This ticket is already closed"; - $email_body = "Hi there,

You've tried to reply to a ticket that is closed - we won't see your response.

Please raise a new ticket by sending a new e-mail to our support address below.

--
$company_name - Support
$config_ticket_from_email
$company_phone"; - - $data = [ - [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $from_email, - 'recipient_name' => $from_email, - 'subject' => $email_subject, - 'body' => mysqli_real_escape_string($mysqli, $email_body) - ] - ]; - - addToMailQueue($data); - return true; - } - - if (empty($ticket_contact_email) || $ticket_contact_email !== $from_email) { - $from_email_esc2 = mysqli_real_escape_string($mysqli, $from_email); - $row2 = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT contact_id FROM contacts WHERE contact_email = '$from_email_esc2' AND contact_client_id = $client_id LIMIT 1")); - if ($row2) { - $ticket_reply_contact = intval($row2['contact_id']); - } else { - $ticket_reply_type = 'Internal'; - $ticket_reply_contact = '0'; - $message = "WARNING: Contact email mismatch
$message"; - $message_esc = mysqli_real_escape_string($mysqli, $message); - } - } - - mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$message_esc', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '00:00:00', ticket_reply_by = $ticket_reply_contact, ticket_reply_ticket_id = $ticket_id"); - $reply_id = mysqli_insert_id($mysqli); - - $ticket_dir = "../uploads/tickets/" . $ticket_id . "/"; - mkdirMissing($ticket_dir); - - foreach ($attachments as $attachment) { - $att_name = $attachment['name']; - $att_extension = strtolower(pathinfo($att_name, PATHINFO_EXTENSION)); - - if (in_array($att_extension, $allowed_extensions)) { - $att_saved_filename = md5(uniqid(rand(), true)) . '.' . $att_extension; - $att_saved_path = $ticket_dir . $att_saved_filename; - file_put_contents($att_saved_path, $attachment['content']); - - $ticket_attachment_name = sanitizeInput($att_name); - $ticket_attachment_reference_name = sanitizeInput($att_saved_filename); - - $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_name); - $ticket_attachment_reference_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_reference_name); - mysqli_query($mysqli, "INSERT INTO ticket_attachments SET ticket_attachment_name = '$ticket_attachment_name_esc', ticket_attachment_reference_name = '$ticket_attachment_reference_name_esc', ticket_attachment_reply_id = $reply_id, ticket_attachment_ticket_id = $ticket_id"); - } else { - $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $att_name); - logAction("Ticket", "Edit", "Email parser: Blocked attachment $ticket_attachment_name_esc from Client contact $from_email_esc for ticket $config_ticket_prefix$ticket_number_esc", $client_id, $ticket_id); - } - } - - $ticket_assigned_to_sql = mysqli_query($mysqli, "SELECT ticket_assigned_to FROM tickets WHERE ticket_id = $ticket_id LIMIT 1"); - if ($ticket_assigned_to_sql) { - $row3 = mysqli_fetch_assoc($ticket_assigned_to_sql); - $ticket_assigned_to = intval($row3['ticket_assigned_to']); - - if ($ticket_assigned_to) { - $tech_sql = mysqli_query($mysqli, "SELECT user_email, user_name FROM users WHERE user_id = $ticket_assigned_to LIMIT 1"); - $tech_row = mysqli_fetch_assoc($tech_sql); - $tech_email = sanitizeInput($tech_row['user_email']); - $tech_name = sanitizeInput($tech_row['user_name']); - - $email_subject = "$config_app_name - Ticket updated - [$config_ticket_prefix$ticket_number] $ticket_subject"; - $email_body = "Hello $tech_name,

A new reply has been added to the below ticket.

Client: $client_name
Ticket: $config_ticket_prefix$ticket_number
Subject: $ticket_subject
Link: https://$config_base_url/agent/ticket.php?ticket_id=$ticket_id$client_uri

--------------------------------
$message_esc"; - - $data = [ - [ - 'from' => $config_ticket_from_email, - 'from_name' => $config_ticket_from_name, - 'recipient' => $tech_email, - 'recipient_name' => $tech_name, - 'subject' => mysqli_real_escape_string($mysqli, $email_subject), - 'body' => mysqli_real_escape_string($mysqli, $email_body) - ] - ]; - addToMailQueue($data); - } - } - - mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 2, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1"); - - logAction("Ticket", "Edit", "Email parser: Client contact $from_email_esc updated ticket $config_ticket_prefix$ticket_number_esc ($subject)", $client_id, $ticket_id); - customAction('ticket_reply_client', $ticket_id); - return true; - } else { - return false; - } -} - -/** ------------------------------------------------------------------ - * OAuth helpers + provider guard - * ------------------------------------------------------------------ */ - -// returns true if expires_at ('Y-m-d H:i:s') is in the past (or missing) -function tokenExpired(?string $expires_at): bool { - if (empty($expires_at)) return true; - $ts = strtotime($expires_at); - if ($ts === false) return true; - // refresh a little early (60s) to avoid race - return ($ts - 60) <= time(); -} - -// very small form-encoded POST helper using curl -function httpFormPost(string $url, array $fields): array { - $ch = curl_init($url); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields, '', '&')); - curl_setopt($ch, CURLOPT_TIMEOUT, 20); - $raw = curl_exec($ch); - $err = curl_error($ch); - $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - curl_close($ch); - return ['ok' => ($raw !== false && $code >= 200 && $code < 300), 'body' => $raw, 'code' => $code, 'err' => $err]; -} - -/** - * Get a valid access token for Google Workspace IMAP via refresh token if needed. - * Uses settings: config_mail_oauth_client_id / _client_secret / _refresh_token / _access_token / _access_token_expires_at - * Updates globals if refreshed (so later logging can reflect it if you want to persist). - */ -function getGoogleAccessToken(string $username): ?string { - // pull from global settings variables you already load - global $mysqli, - $config_mail_oauth_client_id, - $config_mail_oauth_client_secret, - $config_mail_oauth_refresh_token, - $config_mail_oauth_access_token, - $config_mail_oauth_access_token_expires_at; - - // If we have a not-expired token, use it - if (!empty($config_mail_oauth_access_token) && !tokenExpired($config_mail_oauth_access_token_expires_at)) { - return $config_mail_oauth_access_token; - } - - // Need to refresh? - if (empty($config_mail_oauth_client_id) || empty($config_mail_oauth_client_secret) || empty($config_mail_oauth_refresh_token)) { - // Nothing we can do - return null; - } - - $resp = httpFormPost( - 'https://oauth2.googleapis.com/token', - [ - 'client_id' => $config_mail_oauth_client_id, - 'client_secret' => $config_mail_oauth_client_secret, - 'refresh_token' => $config_mail_oauth_refresh_token, - 'grant_type' => 'refresh_token', - ] - ); - - if (!$resp['ok']) return null; - - $json = json_decode($resp['body'], true); - if (!is_array($json) || empty($json['access_token'])) return null; - - // Calculate new expiry - $expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); - - // Update in-memory globals (and persist to DB) - $config_mail_oauth_access_token = $json['access_token']; - $config_mail_oauth_access_token_expires_at = $expires_at; - - $at_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token); - $exp_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token_expires_at); - mysqli_query($mysqli, "UPDATE settings SET - config_mail_oauth_access_token = '{$at_esc}', - config_mail_oauth_access_token_expires_at = '{$exp_esc}' - WHERE company_id = 1 - "); - - return $config_mail_oauth_access_token; -} - -/** - * Get a valid access token for Microsoft 365 IMAP via refresh token if needed. - * Uses settings: config_mail_oauth_client_id / _client_secret / _tenant_id / _refresh_token / _access_token / _access_token_expires_at - */ -function getMicrosoftAccessToken(string $username): ?string { - global $mysqli, - $config_mail_oauth_client_id, - $config_mail_oauth_client_secret, - $config_mail_oauth_tenant_id, - $config_mail_oauth_refresh_token, - $config_mail_oauth_access_token, - $config_mail_oauth_access_token_expires_at; - - if (!empty($config_mail_oauth_access_token) && !tokenExpired($config_mail_oauth_access_token_expires_at)) { - return $config_mail_oauth_access_token; - } - - if (empty($config_mail_oauth_client_id) || empty($config_mail_oauth_client_secret) || empty($config_mail_oauth_refresh_token) || empty($config_mail_oauth_tenant_id)) { - return null; - } - - $url = "https://login.microsoftonline.com/".rawurlencode($config_mail_oauth_tenant_id)."/oauth2/v2.0/token"; - - $resp = httpFormPost($url, [ - 'client_id' => $config_mail_oauth_client_id, - 'client_secret' => $config_mail_oauth_client_secret, - 'refresh_token' => $config_mail_oauth_refresh_token, - 'grant_type' => 'refresh_token', - // IMAP/SMTP scopes typically included at initial consent; not needed for refresh - ]); - - if (!$resp['ok']) return null; - - $json = json_decode($resp['body'], true); - if (!is_array($json) || empty($json['access_token'])) return null; - - $expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); - - $config_mail_oauth_access_token = $json['access_token']; - $config_mail_oauth_access_token_expires_at = $expires_at; - - $at_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token); - $exp_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token_expires_at); - mysqli_query($mysqli, "UPDATE settings SET - config_mail_oauth_access_token = '{$at_esc}', - config_mail_oauth_access_token_expires_at = '{$exp_esc}' - WHERE company_id = 1 - "); - - return $config_mail_oauth_access_token; -} - -// Provider from settings (may be NULL/empty to disable IMAP polling) -$imap_provider = $config_imap_provider ?? ''; -if ($imap_provider === null) $imap_provider = ''; - -if ($imap_provider === '') { - // IMAP disabled by admin: exit cleanly - logApp("Cron-Email-Parser", "info", "IMAP polling skipped: provider not configured."); - @unlink($lock_file_path); - exit(0); -} - -/** ------------------------------------------------------------------ - * Webklex IMAP setup (supports Standard / Google OAuth / Microsoft OAuth) - * ------------------------------------------------------------------ */ -use Webklex\PHPIMAP\ClientManager; - -$validate_cert = true; - -// Defaults from settings (standard IMAP) -$host = $config_imap_host; -$port = (int)$config_imap_port; -$encr = !empty($config_imap_encryption) ? $config_imap_encryption : 'notls'; // 'ssl'|'tls'|'notls' -$user = $config_imap_username; -$pass = $config_imap_password; -$auth = null; // 'oauth' for OAuth providers - -if ($imap_provider === 'google_oauth') { - $host = 'imap.gmail.com'; - $port = 993; - $encr = 'ssl'; - $auth = 'oauth'; - $pass = getGoogleAccessToken($user); - if (empty($pass)) { - logApp("Cron-Email-Parser", "error", "Google OAuth: no usable access token (check refresh token/client credentials)."); - @unlink($lock_file_path); - exit(1); - } -} elseif ($imap_provider === 'microsoft_oauth') { - $host = 'outlook.office365.com'; - $port = 993; - $encr = 'ssl'; - $auth = 'oauth'; - $pass = getMicrosoftAccessToken($user); - if (empty($pass)) { - logApp("Cron-Email-Parser", "error", "Microsoft OAuth: no usable access token (check refresh token/client credentials/tenant)."); - @unlink($lock_file_path); - exit(1); - } -} else { - // standard_imap (username/password) - if (empty($host) || empty($port) || empty($user)) { - logApp("Cron-Email-Parser", "error", "Standard IMAP: missing host/port/username."); - @unlink($lock_file_path); - exit(1); - } -} - -$cm = new ClientManager(); - -$client = $cm->make(array_filter([ - 'host' => $host, - 'port' => $port, - 'encryption' => $encr, // 'ssl' | 'tls' | null - 'validate_cert' => (bool)$validate_cert, - 'username' => $user, // full mailbox address (OAuth uses user as principal) - 'password' => $pass, // access token when $auth === 'oauth' - 'authentication' => $auth, // 'oauth' or null - 'protocol' => 'imap', -])); - -try { - $client->connect(); -} catch (\Throwable $e) { - echo "Error connecting to IMAP server: " . $e->getMessage(); - @unlink($lock_file_path); - exit(1); -} - -$inbox = $client->getFolderByPath('INBOX'); - -$targetFolderPath = 'ITFlow'; -try { - $targetFolder = $client->getFolderByPath($targetFolderPath); -} catch (\Throwable $e) { - $client->createFolder($targetFolderPath); - $targetFolder = $client->getFolderByPath($targetFolderPath); -} - -// Fetch unseen messages -$messages = $inbox->messages()->leaveUnread()->unseen()->get(); - -// Counters -$processed_count = 0; -$unprocessed_count = 0; - -// Process messages -foreach ($messages as $message) { - $email_processed = false; - - // Save original message as .eml (getRawMessage() doesn't seem to work properly) - mkdirMissing('../uploads/tmp/'); - $original_message_file = "processed-eml-" . randomString(200) . ".eml"; - $raw_message = (string)$message->getHeader()->raw . "\r\n\r\n" . ($message->getRawBody() ?? $message->getHTMLBody() ?? $message->getTextBody()); - file_put_contents("../uploads/tmp/{$original_message_file}", $raw_message); - - // From - $fromCol = $message->getFrom(); - $fromFirst = ($fromCol && $fromCol->count()) ? $fromCol->first() : null; - $from_email = sanitizeInput($fromFirst->mail ?? 'itflow-guest@example.com'); - $from_name = sanitizeInput($fromFirst->personal ?? 'Unknown'); - - $from_domain = explode("@", $from_email); - $from_domain = sanitizeInput(end($from_domain)); - - // Subject - $subject = sanitizeInput((string)$message->getSubject() ?: 'No Subject'); - - // Date (string) - $dateAttr = $message->getDate(); // Attribute - $dateRaw = $dateAttr ? (string)$dateAttr : ''; // e.g. "Tue, 10 Sep 2025 13:22:05 +0000" - $ts = $dateRaw ? strtotime($dateRaw) : false; - $date = sanitizeInput($ts !== false ? date('Y-m-d H:i:s', $ts) : date('Y-m-d H:i:s')); - - // Body (prefer HTML) - $message_body_html = $message->getHTMLBody(); - $message_body_text = $message->getTextBody(); - $message_body_raw = $message->getRawBody(); - - if (!empty($message_body_html)) { - $message_body = $message_body_html; - } elseif (!empty($message_body_text)) { - $message_body = nl2br(htmlspecialchars($message_body_text)); - } else { - // Final fallback - $message_body = nl2br(htmlspecialchars($message_body_raw)); - } - - // Handle attachments (inline vs regular) - $attachments = []; - foreach ($message->getAttachments() as $att) { - $attrs = $att->getAttributes(); // v6.2: canonical source - $dispo = strtolower((string)($attrs['disposition'] ?? '')); - $cid = $attrs['id'] ?? null; // Content-ID - $content = $attrs['content'] ?? null; // binary - $mime = $att->getMimeType(); - $name = $att->getName() ?: 'attachment'; - - $is_inline = false; - if ($dispo === 'inline' && $cid && $content !== null) { - $cid_trim = trim($cid, '<>'); - $dataUri = "data:$mime;base64,".base64_encode($content); - $message_body = str_replace(["cid:$cid_trim", "cid:$cid"], $dataUri, $message_body); - $is_inline = true; - } - - if (!$is_inline && $content !== null) { - $attachments[] = ['name' => $name, 'content' => $content]; - } - } - - // 1. Reply to existing ticket with the number in subject - if (preg_match("/\[$config_ticket_prefix(\d+)\]/", $subject, $ticket_number_matches)) { - $ticket_number = intval($ticket_number_matches[1]); - $email_processed = addReply($from_email, $date, $subject, $ticket_number, $message_body, $attachments); - } - - // 2. Fuzzy duplicate check using a known contact/domain and similar_text subject - if (!$email_processed && strlen(trim($subject)) > 10) { - $contact_id = 0; - $client_id = 0; - - // First: check if sender is a registered contact - $from_email_esc = mysqli_real_escape_string($mysqli, $from_email); - $contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$from_email_esc' AND contact_archived_at IS NULL LIMIT 1"); - $contact_row = mysqli_fetch_assoc($contact_sql); - - if ($contact_row) { - $contact_id = intval($contact_row['contact_id']); - $client_id = intval($contact_row['contact_client_id']); - } else { - // Else: check if sender domain is registered - $from_domain_esc = mysqli_real_escape_string($mysqli, $from_domain); - $domain_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$from_domain_esc' AND domain_archived_at IS NULL LIMIT 1"); - $domain_row = mysqli_fetch_assoc($domain_sql); - - if ($domain_row && $from_domain == $domain_row['domain_name']) { - $client_id = intval($domain_row['domain_client_id']); - } - } - - // If we found either a contact or a domain, check recent tickets for a matching subject - if ($client_id) { - $recent_tickets_sql = mysqli_query($mysqli, - "SELECT ticket_id, ticket_number, ticket_subject - FROM tickets - WHERE ticket_client_id = $client_id AND ticket_resolved_at IS NULL - AND ticket_created_at >= DATE_SUB(NOW(), INTERVAL 7 DAY)" - ); - - while ($rowt = mysqli_fetch_assoc($recent_tickets_sql)) { - $ticket_number = intval($rowt['ticket_number']); - $existing_subject = $rowt['ticket_subject']; - - // Calculate similarity percentage - similar_text(strtolower($subject), strtolower($existing_subject), $percent); - - if ($percent >= 95) { - // Treat as a reply/duplicate - $email_processed = addReply($from_email, $date, $subject, $ticket_number, $message_body, $attachments); - break; - } - } - } - } - - // 3. A known, registered contact? - if (!$email_processed) { - $from_email_esc = mysqli_real_escape_string($mysqli, $from_email); - $any_contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$from_email_esc' AND contact_archived_at IS NULL LIMIT 1"); - $rowc = mysqli_fetch_assoc($any_contact_sql); - - if ($rowc) { - $contact_name = sanitizeInput($rowc['contact_name']); - $contact_id = intval($rowc['contact_id']); - $contact_email = sanitizeInput($rowc['contact_email']); - $client_id = intval($rowc['contact_client_id']); - - $email_processed = addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message_body, $attachments, $original_message_file); - } - } - - // 4. A known domain? - if (!$email_processed) { - $from_domain_esc = mysqli_real_escape_string($mysqli, $from_domain); - $domain_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$from_domain_esc' AND domain_archived_at IS NULL LIMIT 1"); - $rowd = mysqli_fetch_assoc($domain_sql); - - if ($rowd && $from_domain == $rowd['domain_name']) { - $client_id = intval($rowd['domain_client_id']); - - // Create a new contact - $contact_name = $from_name; - $contact_email = $from_email; - mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '".mysqli_real_escape_string($mysqli, $contact_name)."', contact_email = '".mysqli_real_escape_string($mysqli, $contact_email)."', contact_notes = 'Added automatically via email parsing.', contact_client_id = $client_id"); - $contact_id = mysqli_insert_id($mysqli); - - logAction("Contact", "Create", "Email parser: created contact " . mysqli_real_escape_string($mysqli, $contact_name), $client_id, $contact_id); - customAction('contact_create', $contact_id); - - $email_processed = addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message_body, $attachments, $original_message_file); - } - } - - // 5. Unknown sender allowed? - if (!$email_processed && $config_ticket_email_parse_unknown_senders) { - - $bad_from_pattern = "/daemon|postmaster|bounce|mta/i"; // Stop NDRs with bad subjects raising new tickets - if (!preg_match($bad_from_pattern, $from_email)) { - $email_processed = addTicket(0, $from_name, $from_email, 0, $date, $subject, $message_body, $attachments, $original_message_file); - - } else { - - // Probably an NDR message without a ticket ref in the subject - - $failed_recipient = null; - $diagnostic_code = null; - $status_code = null; - $original_subject = null; - $original_to = null; - - // Webklex stores DSN info in attachments, not parts - foreach ($message->getAttachments() as $attachment) { - - $ctype = strtolower($attachment->getContentType()); - $body = $attachment->getContent() ?? ''; - - // 1. Delivery status block - if (strpos($ctype, 'delivery-status') !== false) { - - if (preg_match('/Final-Recipient:\s*rfc822;\s*(.+)/i', $body, $m)) { - $failed_recipient = sanitizeInput(trim($m[1])); - } - - if (preg_match('/Diagnostic-Code:\s*(.+)/i', $body, $m)) { - $diagnostic_code = sanitizeInput(trim($m[1])); - } - - if (preg_match('/Status:\s*([0-9\.]+)/i', $body, $m)) { - $status_code = sanitizeInput(trim($m[1])); - } - } - - // 2. Original message headers - if (strpos($ctype, 'message/rfc822') !== false) { - - if (preg_match('/^To:\s*(.+)$/mi', $body, $m)) { - $original_to = sanitizeInput(trim($m[1])); - } - - if (preg_match('/^Subject:\s*(.+)$/mi', $body, $m)) { - $original_subject = sanitizeInput(trim($m[1])); - } - } - } - - // 3. Fallback: extract diagnostic from human-readable text/plain - if (!$diagnostic_code) { - $text = $message->getTextBody() ?? ''; - - // Exim puts diagnostics on an indented line - if (preg_match('/\n\s{2,}(.+)/', $text, $m)) { - $diagnostic_code = sanitizeInput(trim($m[1])); - } - } - - // Fallbacks - $failed_recipient = $failed_recipient ?: 'unknown recipient'; - $diagnostic_code = $diagnostic_code ?: 'unknown diagnostic code'; - $status_code = $status_code ?: 'unknown status code'; - $original_subject = $original_subject ?: $subject; - - appNotify( - "Ticket", - "Email parser NDR: Message to $failed_recipient bounced. Subject: $original_subject Diagnostics: $status_code / $diagnostic_code - check ITFlow folder manually to see email", - "", - 0 - ); - - // If the original subject has a ticket, add the NDR there too - if (preg_match("/\[$config_ticket_prefix(\d+)\]/", $original_subject, $ticket_number_matches)) { - - $ticket_number = intval($ticket_number_matches[1]); - - // Craft a clean bounce message - $reply_body = "Email delivery failed.\n". - "Recipient: $failed_recipient\n". - "Status: $status_code\n". - "Diagnostic: $diagnostic_code\n"; - - // No attachments - addReply( - $from_email, - $date, - $original_subject, - $ticket_number, - $reply_body, - [] - ); - - } - - $email_processed = true; - } - } - - - // Flag/move based on processing result - if ($email_processed) { - $processed_count++; // increment first so a move failure doesn't hide the success - try { - $message->setFlag('Seen'); - // Move using the Folder object (top-level "ITFlow") - $message->move($targetFolderPath); - // optional: logApp("Cron-Email-Parser", "info", "Moved message to ITFlow"); - } catch (\Throwable $e) { - // >>> Put the extra logging RIGHT HERE - $subj = (string)$message->getSubject(); - $uid = method_exists($message, 'getUid') ? $message->getUid() : 'n/a'; - $path = property_exists($targetFolder, 'path') ? $targetFolder->path : 'ITFlow'; - logApp( - "Cron-Email-Parser", - "warning", - "Move failed (subject=\"$subj\", uid=$uid) to [$path]: ".$e->getMessage() - ); - } - } else { - $unprocessed_count++; - try { - $message->setFlag('Flagged'); - $message->unsetFlag('Seen'); - } catch (\Throwable $e) { - logApp("Cron-Email-Parser", "warning", "Flag update failed: ".$e->getMessage()); - } - } - - // Cleanup temp .eml if still present (e.g., reply path) - if (isset($original_message_file)) { - $tmp_path = "../uploads/tmp/{$original_message_file}"; - if (file_exists($tmp_path)) { @unlink($tmp_path); } - } -} - -// Expunge & disconnect -try { - $client->expunge(); -} catch (\Throwable $e) { - // ignore -} -$client->disconnect(); - -// Execution timing (optional) -$script_end_time = microtime(true); -$execution_time = $script_end_time - $script_start_time; -$execution_time_formatted = number_format($execution_time, 2); - -$processed_info = "Processed: $processed_count email(s), Unprocessed: $unprocessed_count email(s)"; -// logAction("Cron-Email-Parser", "Execution", "Cron Email Parser executed in $execution_time_formatted seconds. $processed_info"); - -// Remove the lock file -unlink($lock_file_path); - -// DEBUG -echo "\nLock File Path: $lock_file_path\n"; -if (file_exists($lock_file_path)) { - echo "\nLock is present\n\n"; -} -echo "Processed Emails: $processed_count\n"; -echo "Unprocessed Emails: $unprocessed_count\n"; + Ticketing > Email-to-ticket parsing. See https://docs.itflow.org/ticket_email_parse -- Quitting.."); +} + +// System temp directory & lock +$temp_dir = sys_get_temp_dir(); +$lock_file_path = "{$temp_dir}/itflow_email_parser_{$installation_id}.lock"; + +if (file_exists($lock_file_path)) { + $file_age = time() - filemtime($lock_file_path); + if ($file_age > 300) { + unlink($lock_file_path); + logApp("Cron-Email-Parser", "warning", "Cron Email Parser detected a lock file was present but was over 5 minutes old so it removed it."); + } else { + logApp("Cron-Email-Parser", "warning", "Lock file present. Cron Email Parser attempted to execute but was already executing, so instead it terminated."); + exit("Script is already running. Exiting."); + } +} +file_put_contents($lock_file_path, "Locked"); + +// Ensure lock gets removed even on fatal error +register_shutdown_function(function() use ($lock_file_path) { + if (file_exists($lock_file_path)) { + @unlink($lock_file_path); + } +}); + +// Allowed attachment extensions +$allowed_extensions = array('jpg', 'jpeg', 'gif', 'png', 'webp', 'svg', 'pdf', 'txt', 'md', 'doc', 'docx', 'csv', 'xls', 'xlsx', 'xlsm', 'zip', 'tar', 'gz'); + +/** ------------------------------------------------------------------ + * Ticket / Reply helpers (unchanged) + * ------------------------------------------------------------------ */ +function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message, $attachments, $original_message_file) { + global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_ticket_client_general_notifications, $config_ticket_new_ticket_notification_email, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $config_ticket_default_billable, $allowed_extensions; + + // Atomically increment and get the new ticket number + mysqli_query($mysqli, " + UPDATE settings + SET + config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number), + config_ticket_next_number = config_ticket_next_number + 1 + WHERE company_id = 1 + "); + + $ticket_number = mysqli_insert_id($mysqli); + + // Clean up the message + $message = trim($message); + // Remove DOCTYPE and meta tags + $message = preg_replace('/]*>/i', '', $message); + $message = preg_replace('/]*>/i', '', $message); + // Remove , , and their closing tags + $message = preg_replace('/<\/?(html|head|body)[^>]*>/i', '', $message); + // Collapse excess whitespace + $message = preg_replace('/\s+/', ' ', $message); + // Convert newlines to
+ $message = nl2br($message); + // Wrap final formatted message + $message = "Email from: $contact_name <$contact_email> at $date:-

$message
"; + + $ticket_prefix_esc = mysqli_real_escape_string($mysqli, $config_ticket_prefix); + $message_esc = mysqli_real_escape_string($mysqli, $message); + $contact_email_esc = mysqli_real_escape_string($mysqli, $contact_email); + $client_id = intval($client_id); + + $url_key = randomString(32); + + mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$ticket_prefix_esc', ticket_number = $ticket_number, ticket_source = 'Email', ticket_subject = '$subject', ticket_details = '$message_esc', ticket_priority = 'Low', ticket_status = 1, ticket_billable = $config_ticket_default_billable, ticket_created_by = 0, ticket_contact_id = $contact_id, ticket_url_key = '$url_key', ticket_client_id = $client_id"); + $id = mysqli_insert_id($mysqli); + + // Logging + logAction("Ticket", "Create", "Email parser: Client contact $contact_email_esc created ticket $ticket_prefix_esc$ticket_number ($subject) ($id)", $client_id, $id); + + mkdirMissing('../uploads/tickets/'); + $att_dir = "../uploads/tickets/" . $id . "/"; + mkdirMissing($att_dir); + + // Move original .eml into the ticket folder + rename("../uploads/tmp/{$original_message_file}", "{$att_dir}/{$original_message_file}"); + $original_message_file_esc = mysqli_real_escape_string($mysqli, $original_message_file); + mysqli_query($mysqli, "INSERT INTO ticket_attachments SET ticket_attachment_name = 'Original-parsed-email.eml', ticket_attachment_reference_name = '$original_message_file_esc', ticket_attachment_ticket_id = $id"); + + // Save non-inline attachments + foreach ($attachments as $attachment) { + $att_name = $attachment['name']; + $att_extension = strtolower(pathinfo($att_name, PATHINFO_EXTENSION)); + + if (in_array($att_extension, $allowed_extensions)) { + $att_saved_filename = md5(uniqid(rand(), true)) . '.' . $att_extension; + $att_saved_path = $att_dir . $att_saved_filename; + file_put_contents($att_saved_path, $attachment['content']); + + $ticket_attachment_name = sanitizeInput($att_name); + $ticket_attachment_reference_name = sanitizeInput($att_saved_filename); + + $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_name); + $ticket_attachment_reference_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_reference_name); + mysqli_query($mysqli, "INSERT INTO ticket_attachments SET ticket_attachment_name = '$ticket_attachment_name_esc', ticket_attachment_reference_name = '$ticket_attachment_reference_name_esc', ticket_attachment_ticket_id = $id"); + } else { + $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $att_name); + logAction("Ticket", "Edit", "Email parser: Blocked attachment $ticket_attachment_name_esc from Client contact $contact_email_esc for ticket $ticket_prefix_esc$ticket_number", $client_id, $id); + } + } + + // Guest ticket watchers + if ($client_id == 0) { + mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$contact_email_esc', watcher_ticket_id = $id"); + } + + // External email + $bad_pattern = "/do[\W_]*not[\W_]*reply|no[\W_]*reply/i"; + $data = []; + if ($config_ticket_client_general_notifications == 1 && !preg_match($bad_pattern, $contact_email)) { + $subject_email = "Ticket created - [$config_ticket_prefix$ticket_number] - $subject"; + $body = "##- Please type your reply above this line -##

Hello $contact_name,

Thank you for your email. A ticket regarding \"$subject\" has been automatically created for you.

Ticket: $config_ticket_prefix$ticket_number
Subject: $subject
Status: New
Portal: View ticket

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $contact_email, + 'recipient_name' => $contact_name, + 'subject' => $subject_email, + 'body' => mysqli_real_escape_string($mysqli, $body) + ]; + } + + // Internal email + if ($config_ticket_new_ticket_notification_email) { + if ($client_id == 0) { + $client_name = "Guest"; + $client_uri = ''; + } else { + $client_sql = mysqli_query($mysqli, "SELECT client_name FROM clients WHERE client_id = $client_id"); + $client_row = mysqli_fetch_assoc($client_sql); + $client_name = sanitizeInput($client_row['client_name']); + $client_uri = "&client_id=$client_id"; + } + $email_subject = "$config_app_name - New Ticket - $client_name: $subject"; + $email_body = "Hello,

This is a notification that a new ticket has been raised in ITFlow.
Client: $client_name
Priority: Low (email parsed)
Link: https://$config_base_url/agent/ticket.php?ticket_id=$id$client_uri

--------------------------------

$subject
$message"; + + $data[] = [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $config_ticket_new_ticket_notification_email, + 'recipient_name' => $config_ticket_from_name, + 'subject' => $email_subject, + 'body' => mysqli_real_escape_string($mysqli, $email_body) + ]; + } + + addToMailQueue($data); + customAction('ticket_create', $id); + + return true; +} + +function addReply($from_email, $date, $subject, $ticket_number, $message, $attachments) { + global $mysqli, $config_app_name, $company_name, $company_phone, $config_ticket_prefix, $config_base_url, $config_ticket_from_name, $config_ticket_from_email, $allowed_extensions; + + $ticket_reply_type = 'Client'; + // $message contains the raw HTML body from IMAP + + // 1) Remove the reply separator and everything below it (HTML-aware) + // This matches: ##- Please type your reply above this line -## and EVERYTHING after it + $message = preg_replace( + '/]*>##-\s*Please\s+type\s+your\s+reply\s+above\s+this\s+line\s*-##<\/i>.*$/is', + '', + $message + ); + + // 2) Clean up the remaining message + + // Remove DOCTYPE and meta tags + $message = preg_replace('/]*>/i', '', $message); + $message = preg_replace('/]*>/i', '', $message); + + // Remove , , and their closing tags + $message = preg_replace('/<\/?(html|head|body)[^>]*>/i', '', $message); + + // Trim leading/trailing whitespace + $message = trim($message); + + // Normalize line breaks to spaces + $message = preg_replace('/\r\n|\r|\n/', ' ', $message); + + // Convert to
for HTML display + $message = nl2br($message); + + // 3) Final wrapper + $message = "Email from: $from_email at $date:-

$message
"; + + $ticket_number_esc = intval($ticket_number); + $message_esc = mysqli_real_escape_string($mysqli, $message); + $from_email_esc = mysqli_real_escape_string($mysqli, $from_email); + + $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT ticket_id, ticket_subject, ticket_status, ticket_contact_id, ticket_client_id, contact_email, client_name + FROM tickets + LEFT JOIN contacts on tickets.ticket_contact_id = contacts.contact_id + LEFT JOIN clients on tickets.ticket_client_id = clients.client_id + WHERE ticket_number = $ticket_number_esc LIMIT 1")); + + if ($row) { + $ticket_id = intval($row['ticket_id']); + $ticket_subject = sanitizeInput($row['ticket_subject']); + $ticket_status = sanitizeInput($row['ticket_status']); + $ticket_reply_contact = intval($row['ticket_contact_id']); + $ticket_contact_email = sanitizeInput($row['contact_email']); + $client_id = intval($row['ticket_client_id']); + if ($client_id) { + $client_uri = "&client_id=$client_id"; + } else { + $client_uri = ''; + } + $client_name = sanitizeInput($row['client_name']); + + if ($ticket_status == 5) { + $config_ticket_prefix_esc = mysqli_real_escape_string($mysqli, $config_ticket_prefix); + $ticket_number_esc2 = mysqli_real_escape_string($mysqli, $ticket_number); + + appNotify("Ticket", "Email parser: $from_email attempted to re-open ticket $config_ticket_prefix_esc$ticket_number_esc2 (ID $ticket_id) - check inbox manually to see email", "/agent/ticket.php?ticket_id=$ticket_id$client_uri", $client_id); + + $email_subject = "Action required: This ticket is already closed"; + $email_body = "Hi there,

You've tried to reply to a ticket that is closed - we won't see your response.

Please raise a new ticket by sending a new e-mail to our support address below.

--
$company_name - Support
$config_ticket_from_email
$company_phone"; + + $data = [ + [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $from_email, + 'recipient_name' => $from_email, + 'subject' => $email_subject, + 'body' => mysqli_real_escape_string($mysqli, $email_body) + ] + ]; + + addToMailQueue($data); + return true; + } + + if (empty($ticket_contact_email) || $ticket_contact_email !== $from_email) { + $from_email_esc2 = mysqli_real_escape_string($mysqli, $from_email); + $row2 = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT contact_id FROM contacts WHERE contact_email = '$from_email_esc2' AND contact_client_id = $client_id LIMIT 1")); + if ($row2) { + $ticket_reply_contact = intval($row2['contact_id']); + } else { + $ticket_reply_type = 'Internal'; + $ticket_reply_contact = '0'; + $message = "WARNING: Contact email mismatch
$message"; + $message_esc = mysqli_real_escape_string($mysqli, $message); + } + } + + mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$message_esc', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '00:00:00', ticket_reply_by = $ticket_reply_contact, ticket_reply_ticket_id = $ticket_id"); + $reply_id = mysqli_insert_id($mysqli); + + $ticket_dir = "../uploads/tickets/" . $ticket_id . "/"; + mkdirMissing($ticket_dir); + + foreach ($attachments as $attachment) { + $att_name = $attachment['name']; + $att_extension = strtolower(pathinfo($att_name, PATHINFO_EXTENSION)); + + if (in_array($att_extension, $allowed_extensions)) { + $att_saved_filename = md5(uniqid(rand(), true)) . '.' . $att_extension; + $att_saved_path = $ticket_dir . $att_saved_filename; + file_put_contents($att_saved_path, $attachment['content']); + + $ticket_attachment_name = sanitizeInput($att_name); + $ticket_attachment_reference_name = sanitizeInput($att_saved_filename); + + $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_name); + $ticket_attachment_reference_name_esc = mysqli_real_escape_string($mysqli, $ticket_attachment_reference_name); + mysqli_query($mysqli, "INSERT INTO ticket_attachments SET ticket_attachment_name = '$ticket_attachment_name_esc', ticket_attachment_reference_name = '$ticket_attachment_reference_name_esc', ticket_attachment_reply_id = $reply_id, ticket_attachment_ticket_id = $ticket_id"); + } else { + $ticket_attachment_name_esc = mysqli_real_escape_string($mysqli, $att_name); + logAction("Ticket", "Edit", "Email parser: Blocked attachment $ticket_attachment_name_esc from Client contact $from_email_esc for ticket $config_ticket_prefix$ticket_number_esc", $client_id, $ticket_id); + } + } + + $ticket_assigned_to_sql = mysqli_query($mysqli, "SELECT ticket_assigned_to FROM tickets WHERE ticket_id = $ticket_id LIMIT 1"); + if ($ticket_assigned_to_sql) { + $row3 = mysqli_fetch_assoc($ticket_assigned_to_sql); + $ticket_assigned_to = intval($row3['ticket_assigned_to']); + + if ($ticket_assigned_to) { + $tech_sql = mysqli_query($mysqli, "SELECT user_email, user_name FROM users WHERE user_id = $ticket_assigned_to LIMIT 1"); + $tech_row = mysqli_fetch_assoc($tech_sql); + $tech_email = sanitizeInput($tech_row['user_email']); + $tech_name = sanitizeInput($tech_row['user_name']); + + $email_subject = "$config_app_name - Ticket updated - [$config_ticket_prefix$ticket_number] $ticket_subject"; + $email_body = "Hello $tech_name,

A new reply has been added to the below ticket.

Client: $client_name
Ticket: $config_ticket_prefix$ticket_number
Subject: $ticket_subject
Link: https://$config_base_url/agent/ticket.php?ticket_id=$ticket_id$client_uri

--------------------------------
$message_esc"; + + $data = [ + [ + 'from' => $config_ticket_from_email, + 'from_name' => $config_ticket_from_name, + 'recipient' => $tech_email, + 'recipient_name' => $tech_name, + 'subject' => mysqli_real_escape_string($mysqli, $email_subject), + 'body' => mysqli_real_escape_string($mysqli, $email_body) + ] + ]; + addToMailQueue($data); + } + } + + mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 2, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1"); + + logAction("Ticket", "Edit", "Email parser: Client contact $from_email_esc updated ticket $config_ticket_prefix$ticket_number_esc ($subject)", $client_id, $ticket_id); + customAction('ticket_reply_client', $ticket_id); + return true; + } else { + return false; + } +} + +/** ------------------------------------------------------------------ + * OAuth helpers + provider guard + * ------------------------------------------------------------------ */ + +// returns true if expires_at ('Y-m-d H:i:s') is in the past (or missing) +function tokenExpired(?string $expires_at): bool { + if (empty($expires_at)) return true; + $ts = strtotime($expires_at); + if ($ts === false) return true; + // refresh a little early (60s) to avoid race + return ($ts - 60) <= time(); +} + +// very small form-encoded POST helper using curl +function httpFormPost(string $url, array $fields): array { + $ch = curl_init($url); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields, '', '&')); + curl_setopt($ch, CURLOPT_TIMEOUT, 20); + $raw = curl_exec($ch); + $err = curl_error($ch); + $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + curl_close($ch); + return ['ok' => ($raw !== false && $code >= 200 && $code < 300), 'body' => $raw, 'code' => $code, 'err' => $err]; +} + +/** + * Get a valid access token for Google Workspace IMAP via refresh token if needed. + * Uses settings: config_mail_oauth_client_id / _client_secret / _refresh_token / _access_token / _access_token_expires_at + * Updates globals if refreshed (so later logging can reflect it if you want to persist). + */ +function getGoogleAccessToken(string $username): ?string { + // pull from global settings variables you already load + global $mysqli, + $config_mail_oauth_client_id, + $config_mail_oauth_client_secret, + $config_mail_oauth_refresh_token, + $config_mail_oauth_access_token, + $config_mail_oauth_access_token_expires_at; + + // If we have a not-expired token, use it + if (!empty($config_mail_oauth_access_token) && !tokenExpired($config_mail_oauth_access_token_expires_at)) { + return $config_mail_oauth_access_token; + } + + // Need to refresh? + if (empty($config_mail_oauth_client_id) || empty($config_mail_oauth_client_secret) || empty($config_mail_oauth_refresh_token)) { + // Nothing we can do + return null; + } + + $resp = httpFormPost( + 'https://oauth2.googleapis.com/token', + [ + 'client_id' => $config_mail_oauth_client_id, + 'client_secret' => $config_mail_oauth_client_secret, + 'refresh_token' => $config_mail_oauth_refresh_token, + 'grant_type' => 'refresh_token', + ] + ); + + if (!$resp['ok']) return null; + + $json = json_decode($resp['body'], true); + if (!is_array($json) || empty($json['access_token'])) return null; + + // Calculate new expiry + $expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); + + // Update in-memory globals (and persist to DB) + $config_mail_oauth_access_token = $json['access_token']; + $config_mail_oauth_access_token_expires_at = $expires_at; + + $at_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token); + $exp_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token_expires_at); + mysqli_query($mysqli, "UPDATE settings SET + config_mail_oauth_access_token = '{$at_esc}', + config_mail_oauth_access_token_expires_at = '{$exp_esc}' + WHERE company_id = 1 + "); + + return $config_mail_oauth_access_token; +} + +/** + * Get a valid access token for Microsoft 365 IMAP via refresh token if needed. + * Uses settings: config_mail_oauth_client_id / _client_secret / _tenant_id / _refresh_token / _access_token / _access_token_expires_at + */ +function getMicrosoftAccessToken(string $username): ?string { + global $mysqli, + $config_mail_oauth_client_id, + $config_mail_oauth_client_secret, + $config_mail_oauth_tenant_id, + $config_mail_oauth_refresh_token, + $config_mail_oauth_access_token, + $config_mail_oauth_access_token_expires_at; + + if (!empty($config_mail_oauth_access_token) && !tokenExpired($config_mail_oauth_access_token_expires_at)) { + return $config_mail_oauth_access_token; + } + + if (empty($config_mail_oauth_client_id) || empty($config_mail_oauth_client_secret) || empty($config_mail_oauth_refresh_token) || empty($config_mail_oauth_tenant_id)) { + return null; + } + + $url = "https://login.microsoftonline.com/".rawurlencode($config_mail_oauth_tenant_id)."/oauth2/v2.0/token"; + + $resp = httpFormPost($url, [ + 'client_id' => $config_mail_oauth_client_id, + 'client_secret' => $config_mail_oauth_client_secret, + 'refresh_token' => $config_mail_oauth_refresh_token, + 'grant_type' => 'refresh_token', + // IMAP/SMTP scopes typically included at initial consent; not needed for refresh + ]); + + if (!$resp['ok']) return null; + + $json = json_decode($resp['body'], true); + if (!is_array($json) || empty($json['access_token'])) return null; + + $expires_at = date('Y-m-d H:i:s', time() + (int)($json['expires_in'] ?? 3600)); + + $config_mail_oauth_access_token = $json['access_token']; + $config_mail_oauth_access_token_expires_at = $expires_at; + + $at_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token); + $exp_esc = mysqli_real_escape_string($mysqli, $config_mail_oauth_access_token_expires_at); + mysqli_query($mysqli, "UPDATE settings SET + config_mail_oauth_access_token = '{$at_esc}', + config_mail_oauth_access_token_expires_at = '{$exp_esc}' + WHERE company_id = 1 + "); + + return $config_mail_oauth_access_token; +} + +// Provider from settings (may be NULL/empty to disable IMAP polling) +$imap_provider = $config_imap_provider ?? ''; +if ($imap_provider === null) $imap_provider = ''; + +if ($imap_provider === '') { + // IMAP disabled by admin: exit cleanly + logApp("Cron-Email-Parser", "info", "IMAP polling skipped: provider not configured."); + @unlink($lock_file_path); + exit(0); +} + +/** ------------------------------------------------------------------ + * Webklex IMAP setup (supports Standard / Google OAuth / Microsoft OAuth) + * ------------------------------------------------------------------ */ +use Webklex\PHPIMAP\ClientManager; + +$validate_cert = true; + +// Defaults from settings (standard IMAP) +$host = $config_imap_host; +$port = (int)$config_imap_port; +$encr = !empty($config_imap_encryption) ? $config_imap_encryption : 'notls'; // 'ssl'|'tls'|'notls' +$user = $config_imap_username; +$pass = $config_imap_password; +$auth = null; // 'oauth' for OAuth providers + +if ($imap_provider === 'google_oauth') { + $host = 'imap.gmail.com'; + $port = 993; + $encr = 'ssl'; + $auth = 'oauth'; + $pass = getGoogleAccessToken($user); + if (empty($pass)) { + logApp("Cron-Email-Parser", "error", "Google OAuth: no usable access token (check refresh token/client credentials)."); + @unlink($lock_file_path); + exit(1); + } +} elseif ($imap_provider === 'microsoft_oauth') { + $host = 'outlook.office365.com'; + $port = 993; + $encr = 'ssl'; + $auth = 'oauth'; + $pass = getMicrosoftAccessToken($user); + if (empty($pass)) { + logApp("Cron-Email-Parser", "error", "Microsoft OAuth: no usable access token (check refresh token/client credentials/tenant)."); + @unlink($lock_file_path); + exit(1); + } +} else { + // standard_imap (username/password) + if (empty($host) || empty($port) || empty($user)) { + logApp("Cron-Email-Parser", "error", "Standard IMAP: missing host/port/username."); + @unlink($lock_file_path); + exit(1); + } +} + +$cm = new ClientManager(); + +$client = $cm->make(array_filter([ + 'host' => $host, + 'port' => $port, + 'encryption' => $encr, // 'ssl' | 'tls' | null + 'validate_cert' => (bool)$validate_cert, + 'username' => $user, // full mailbox address (OAuth uses user as principal) + 'password' => $pass, // access token when $auth === 'oauth' + 'authentication' => $auth, // 'oauth' or null + 'protocol' => 'imap', +])); + +try { + $client->connect(); +} catch (\Throwable $e) { + echo "Error connecting to IMAP server: " . $e->getMessage(); + @unlink($lock_file_path); + exit(1); +} + +$inbox = $client->getFolderByPath('INBOX'); + +$targetFolderPath = 'ITFlow'; +try { + $targetFolder = $client->getFolderByPath($targetFolderPath); +} catch (\Throwable $e) { + $client->createFolder($targetFolderPath); + $targetFolder = $client->getFolderByPath($targetFolderPath); +} + +// Fetch unseen messages +$messages = $inbox->messages()->leaveUnread()->unseen()->get(); + +// Counters +$processed_count = 0; +$unprocessed_count = 0; + +// Process messages +foreach ($messages as $message) { + $email_processed = false; + + // Save original message as .eml (getRawMessage() doesn't seem to work properly) + mkdirMissing('../uploads/tmp/'); + $original_message_file = "processed-eml-" . randomString(200) . ".eml"; + $raw_message = (string)$message->getHeader()->raw . "\r\n\r\n" . ($message->getRawBody() ?? $message->getHTMLBody() ?? $message->getTextBody()); + file_put_contents("../uploads/tmp/{$original_message_file}", $raw_message); + + // From + $fromCol = $message->getFrom(); + $fromFirst = ($fromCol && $fromCol->count()) ? $fromCol->first() : null; + $from_email = sanitizeInput($fromFirst->mail ?? 'itflow-guest@example.com'); + $from_name = sanitizeInput($fromFirst->personal ?? 'Unknown'); + + $from_domain = explode("@", $from_email); + $from_domain = sanitizeInput(end($from_domain)); + + // Subject + $subject = sanitizeInput((string)$message->getSubject() ?: 'No Subject'); + + // Date (string) + $dateAttr = $message->getDate(); // Attribute + $dateRaw = $dateAttr ? (string)$dateAttr : ''; // e.g. "Tue, 10 Sep 2025 13:22:05 +0000" + $ts = $dateRaw ? strtotime($dateRaw) : false; + $date = sanitizeInput($ts !== false ? date('Y-m-d H:i:s', $ts) : date('Y-m-d H:i:s')); + + // Body (prefer HTML) + $message_body_html = $message->getHTMLBody(); + $message_body_text = $message->getTextBody(); + $message_body_raw = $message->getRawBody(); + + if (!empty($message_body_html)) { + $message_body = $message_body_html; + } elseif (!empty($message_body_text)) { + $message_body = nl2br(htmlspecialchars($message_body_text)); + } else { + // Final fallback + $message_body = nl2br(htmlspecialchars($message_body_raw)); + } + + // Handle attachments (inline vs regular) + $attachments = []; + foreach ($message->getAttachments() as $att) { + $attrs = $att->getAttributes(); // v6.2: canonical source + $dispo = strtolower((string)($attrs['disposition'] ?? '')); + $cid = $attrs['id'] ?? null; // Content-ID + $content = $attrs['content'] ?? null; // binary + $mime = $att->getMimeType(); + $name = $att->getName() ?: 'attachment'; + + $is_inline = false; + if ($dispo === 'inline' && $cid && $content !== null) { + $cid_trim = trim($cid, '<>'); + $dataUri = "data:$mime;base64,".base64_encode($content); + $message_body = str_replace(["cid:$cid_trim", "cid:$cid"], $dataUri, $message_body); + $is_inline = true; + } + + if (!$is_inline && $content !== null) { + $attachments[] = ['name' => $name, 'content' => $content]; + } + } + + // 1. Reply to existing ticket with the number in subject + if (preg_match("/\[$config_ticket_prefix(\d+)\]/", $subject, $ticket_number_matches)) { + $ticket_number = intval($ticket_number_matches[1]); + $email_processed = addReply($from_email, $date, $subject, $ticket_number, $message_body, $attachments); + } + + // 2. Fuzzy duplicate check using a known contact/domain and similar_text subject + if (!$email_processed && strlen(trim($subject)) > 10) { + $contact_id = 0; + $client_id = 0; + + // First: check if sender is a registered contact + $from_email_esc = mysqli_real_escape_string($mysqli, $from_email); + $contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$from_email_esc' AND contact_archived_at IS NULL LIMIT 1"); + $contact_row = mysqli_fetch_assoc($contact_sql); + + if ($contact_row) { + $contact_id = intval($contact_row['contact_id']); + $client_id = intval($contact_row['contact_client_id']); + } else { + // Else: check if sender domain is registered + $from_domain_esc = mysqli_real_escape_string($mysqli, $from_domain); + $domain_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$from_domain_esc' AND domain_archived_at IS NULL LIMIT 1"); + $domain_row = mysqli_fetch_assoc($domain_sql); + + if ($domain_row && $from_domain == $domain_row['domain_name']) { + $client_id = intval($domain_row['domain_client_id']); + } + } + + // If we found either a contact or a domain, check recent tickets for a matching subject + if ($client_id) { + $recent_tickets_sql = mysqli_query($mysqli, + "SELECT ticket_id, ticket_number, ticket_subject + FROM tickets + WHERE ticket_client_id = $client_id AND ticket_resolved_at IS NULL + AND ticket_created_at >= DATE_SUB(NOW(), INTERVAL 7 DAY)" + ); + + while ($rowt = mysqli_fetch_assoc($recent_tickets_sql)) { + $ticket_number = intval($rowt['ticket_number']); + $existing_subject = $rowt['ticket_subject']; + + // Calculate similarity percentage + similar_text(strtolower($subject), strtolower($existing_subject), $percent); + + if ($percent >= 95) { + // Treat as a reply/duplicate + $email_processed = addReply($from_email, $date, $subject, $ticket_number, $message_body, $attachments); + break; + } + } + } + } + + // 3. A known, registered contact? + if (!$email_processed) { + $from_email_esc = mysqli_real_escape_string($mysqli, $from_email); + $any_contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$from_email_esc' AND contact_archived_at IS NULL LIMIT 1"); + $rowc = mysqli_fetch_assoc($any_contact_sql); + + if ($rowc) { + $contact_name = sanitizeInput($rowc['contact_name']); + $contact_id = intval($rowc['contact_id']); + $contact_email = sanitizeInput($rowc['contact_email']); + $client_id = intval($rowc['contact_client_id']); + + $email_processed = addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message_body, $attachments, $original_message_file); + } + } + + // 4. A known domain? + if (!$email_processed) { + $from_domain_esc = mysqli_real_escape_string($mysqli, $from_domain); + $domain_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$from_domain_esc' AND domain_archived_at IS NULL LIMIT 1"); + $rowd = mysqli_fetch_assoc($domain_sql); + + if ($rowd && $from_domain == $rowd['domain_name']) { + $client_id = intval($rowd['domain_client_id']); + + // Create a new contact + $contact_name = $from_name; + $contact_email = $from_email; + mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '".mysqli_real_escape_string($mysqli, $contact_name)."', contact_email = '".mysqli_real_escape_string($mysqli, $contact_email)."', contact_notes = 'Added automatically via email parsing.', contact_client_id = $client_id"); + $contact_id = mysqli_insert_id($mysqli); + + logAction("Contact", "Create", "Email parser: created contact " . mysqli_real_escape_string($mysqli, $contact_name), $client_id, $contact_id); + customAction('contact_create', $contact_id); + + $email_processed = addTicket($contact_id, $contact_name, $contact_email, $client_id, $date, $subject, $message_body, $attachments, $original_message_file); + } + } + + // 5. Unknown sender allowed? + if (!$email_processed && $config_ticket_email_parse_unknown_senders) { + + $bad_from_pattern = "/daemon|postmaster|bounce|mta/i"; // Stop NDRs with bad subjects raising new tickets + if (!preg_match($bad_from_pattern, $from_email)) { + $email_processed = addTicket(0, $from_name, $from_email, 0, $date, $subject, $message_body, $attachments, $original_message_file); + + } else { + + // Probably an NDR message without a ticket ref in the subject + + $failed_recipient = null; + $diagnostic_code = null; + $status_code = null; + $original_subject = null; + $original_to = null; + + // Webklex stores DSN info in attachments, not parts + foreach ($message->getAttachments() as $attachment) { + + $ctype = strtolower($attachment->getContentType()); + $body = $attachment->getContent() ?? ''; + + // 1. Delivery status block + if (strpos($ctype, 'delivery-status') !== false) { + + if (preg_match('/Final-Recipient:\s*rfc822;\s*(.+)/i', $body, $m)) { + $failed_recipient = sanitizeInput(trim($m[1])); + } + + if (preg_match('/Diagnostic-Code:\s*(.+)/i', $body, $m)) { + $diagnostic_code = sanitizeInput(trim($m[1])); + } + + if (preg_match('/Status:\s*([0-9\.]+)/i', $body, $m)) { + $status_code = sanitizeInput(trim($m[1])); + } + } + + // 2. Original message headers + if (strpos($ctype, 'message/rfc822') !== false) { + + if (preg_match('/^To:\s*(.+)$/mi', $body, $m)) { + $original_to = sanitizeInput(trim($m[1])); + } + + if (preg_match('/^Subject:\s*(.+)$/mi', $body, $m)) { + $original_subject = sanitizeInput(trim($m[1])); + } + } + } + + // 3. Fallback: extract diagnostic from human-readable text/plain + if (!$diagnostic_code) { + $text = $message->getTextBody() ?? ''; + + // Exim puts diagnostics on an indented line + if (preg_match('/\n\s{2,}(.+)/', $text, $m)) { + $diagnostic_code = sanitizeInput(trim($m[1])); + } + } + + // Fallbacks + $failed_recipient = $failed_recipient ?: 'unknown recipient'; + $diagnostic_code = $diagnostic_code ?: 'unknown diagnostic code'; + $status_code = $status_code ?: 'unknown status code'; + $original_subject = $original_subject ?: $subject; + + appNotify( + "Ticket", + "Email parser NDR: Message to $failed_recipient bounced. Subject: $original_subject Diagnostics: $status_code / $diagnostic_code - check ITFlow folder manually to see email", + "", + 0 + ); + + // If the original subject has a ticket, add the NDR there too + if (preg_match("/\[$config_ticket_prefix(\d+)\]/", $original_subject, $ticket_number_matches)) { + + $ticket_number = intval($ticket_number_matches[1]); + + // Craft a clean bounce message + $reply_body = "Email delivery failed.\n". + "Recipient: $failed_recipient\n". + "Status: $status_code\n". + "Diagnostic: $diagnostic_code\n"; + + // No attachments + addReply( + $from_email, + $date, + $original_subject, + $ticket_number, + $reply_body, + [] + ); + + } + + $email_processed = true; + } + } + + + // Flag/move based on processing result + if ($email_processed) { + $processed_count++; // increment first so a move failure doesn't hide the success + try { + $message->setFlag('Seen'); + // Move using the Folder object (top-level "ITFlow") + $message->move($targetFolderPath); + // optional: logApp("Cron-Email-Parser", "info", "Moved message to ITFlow"); + } catch (\Throwable $e) { + // >>> Put the extra logging RIGHT HERE + $subj = (string)$message->getSubject(); + $uid = method_exists($message, 'getUid') ? $message->getUid() : 'n/a'; + $path = (is_object($targetFolder) && property_exists($targetFolder, 'path')) ? (string)$targetFolder->path : $targetFolderPath; + logApp( + "Cron-Email-Parser", + "warning", + "Move failed (subject=\"$subj\", uid=$uid) to [$path]: ".$e->getMessage() + ); + } + } else { + $unprocessed_count++; + try { + $message->setFlag('Flagged'); + $message->unsetFlag('Seen'); + } catch (\Throwable $e) { + logApp("Cron-Email-Parser", "warning", "Flag update failed: ".$e->getMessage()); + } + } + + // Cleanup temp .eml if still present (e.g., reply path) + if (isset($original_message_file)) { + $tmp_path = "../uploads/tmp/{$original_message_file}"; + if (file_exists($tmp_path)) { @unlink($tmp_path); } + } +} + +// Expunge & disconnect +try { + $client->expunge(); +} catch (\Throwable $e) { + // ignore +} +$client->disconnect(); + +// Execution timing (optional) +$script_end_time = microtime(true); +$execution_time = $script_end_time - $script_start_time; +$execution_time_formatted = number_format($execution_time, 2); + +$processed_info = "Processed: $processed_count email(s), Unprocessed: $unprocessed_count email(s)"; +// logAction("Cron-Email-Parser", "Execution", "Cron Email Parser executed in $execution_time_formatted seconds. $processed_info"); + +// Remove the lock file +unlink($lock_file_path); + +// DEBUG +echo "\nLock File Path: $lock_file_path\n"; +if (file_exists($lock_file_path)) { + echo "\nLock is present\n\n"; +} +echo "Processed Emails: $processed_count\n"; +echo "Unprocessed Emails: $unprocessed_count\n";