diff --git a/agent/post/ticket.php b/agent/post/ticket.php
index 6aa3ac36..fdd2f45d 100644
--- a/agent/post/ticket.php
+++ b/agent/post/ticket.php
@@ -1,2651 +1,2651 @@
-
- if ($d !== false) {
- $due = "'" . $d->format('Y-m-d H:i:s') . "'"; // wrap in quotes for SQL
- } else {
- $due = 'NULL'; // fallback if invalid
- }
- }
-
- // Add the primary contact as the ticket contact if "Use primary contact" is checked
- if ($use_primary_contact == 1) {
- $sql = mysqli_query($mysqli, "SELECT contact_id FROM contacts WHERE contact_client_id = $client_id AND contact_primary = 1");
- $row = mysqli_fetch_assoc($sql);
- $contact = intval($row['contact_id']);
- }
-
- // Atomically increment and get the new ticket number
- mysqli_query($mysqli, "
- UPDATE settings
- SET
- config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
- config_ticket_next_number = config_ticket_next_number + 1
- WHERE company_id = 1
- ");
-
- $ticket_number = mysqli_insert_id($mysqli);
-
- // Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
- $config_ticket_prefix = sanitizeInput($config_ticket_prefix);
- $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
- $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
- $config_base_url = sanitizeInput($config_base_url);
-
- //Generate a unique URL key for clients to access
- $url_key = randomString(32);
-
- mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Agent', ticket_category = $category_id, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = '$billable', ticket_status = '$ticket_status', ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_vendor_id = $vendor_id, ticket_location_id = $location_id, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_url_key = '$url_key', ticket_due_at = $due, ticket_client_id = $client_id, ticket_invoice_id = 0, ticket_project_id = $project_id");
-
- $ticket_id = mysqli_insert_id($mysqli);
-
- // Add Tasks from Template if Template was selected
- if($ticket_template_id) {
- // Get Associated Tasks from the ticket template
- $sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id");
-
- if (mysqli_num_rows($sql_task_templates) > 0) {
- while ($row = mysqli_fetch_assoc($sql_task_templates)) {
- $task_order = intval($row['task_template_order']);
- $task_name = sanitizeInput($row['task_template_name']);
- $task_completion_estimate = intval($row['task_template_completion_estimate']);
-
- mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_order = $task_order, task_completion_estimate = $task_completion_estimate, task_ticket_id = $ticket_id");
- }
- }
- }
-
- // Add Watchers
- if (isset($_POST['watchers'])) {
- foreach ($_POST['watchers'] as $watcher) {
- $watcher_email = sanitizeInput($watcher);
- mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$watcher_email', watcher_ticket_id = $ticket_id");
- }
- }
-
- // Add Additional Assets
- if (isset($_POST['additional_assets'])) {
- foreach ($_POST['additional_assets'] as $additional_asset) {
- $additional_asset_id = intval($additional_asset);
- mysqli_query($mysqli, "INSERT INTO ticket_assets SET ticket_id = $ticket_id, asset_id = $additional_asset_id");
- }
- }
-
- // E-mail client
- if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
-
- // Get contact/ticket details
- $sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_category, ticket_subject, ticket_details, ticket_priority, ticket_status, ticket_created_by, ticket_assigned_to, ticket_client_id FROM tickets
- LEFT JOIN clients ON ticket_client_id = client_id
- LEFT JOIN contacts ON ticket_contact_id = contact_id
- WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_assoc($sql);
-
- $contact_name = sanitizeInput($row['contact_name']);
- $contact_email = sanitizeInput($row['contact_email']);
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_category = sanitizeInput($row['ticket_category']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
- $ticket_priority = sanitizeInput($row['ticket_priority']);
- $ticket_status = sanitizeInput($row['ticket_status']);
- $ticket_status_name = sanitizeInput(getTicketStatusName($row['ticket_status']));
- $client_id = intval($row['ticket_client_id']);
- $ticket_created_by = intval($row['ticket_created_by']);
- $ticket_assigned_to = intval($row['ticket_assigned_to']);
-
- // Get Company Phone Number
- $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
- $row = mysqli_fetch_assoc($sql);
- $company_name = sanitizeInput($row['company_name']);
- $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
-
- // EMAILING
-
- $subject = "Ticket Created [$ticket_prefix$ticket_number] - $ticket_subject";
- $body = "##- Please type your reply above this line -## View ticket $config_ticket_prefix$ticket_number created");
-
- redirect("ticket.php?client_id=$client_id&ticket_id=$ticket_id");
-
-}
-
-if (isset($_POST['edit_ticket'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_id = intval($_POST['ticket_id']);
- $contact_id = intval($_POST['contact']);
- $assigned_to = intval($_POST['assigned_to']);
- $notify = intval($_POST['contact_notify'] ?? 0);
- $category_id = intval($_POST['category']);
- $ticket_subject = sanitizeInput($_POST['subject']);
- $billable = intval($_POST['billable'] ?? 0);
- $ticket_priority = sanitizeInput($_POST['priority']);
- $details = mysqli_real_escape_string($mysqli, $_POST['details']);
- $vendor_ticket_number = sanitizeInput($_POST['vendor_ticket_number']);
- $vendor_id = intval($_POST['vendor']);
- $asset_id = intval($_POST['asset']);
- $location_id = intval($_POST['location']);
- $project_id = intval($_POST['project']);
- // Validate/clean due field
- $dueInput = $_POST['due'] ?? null;
- if ($dueInput === null || trim($dueInput) === '') {
- $due = 'NULL'; // prepare as SQL-safe string
- } else {
- $d = DateTime::createFromFormat('Y-m-d\TH:i', $dueInput); // for ##- Please type your reply above this line -## View ticket $ticket_prefix$ticket_number updated");
-
- redirect();
-
-}
-
-if (isset($_POST['edit_ticket_priority'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_id = intval($_POST['ticket_id']);
- $priority = sanitizeInput($_POST['priority']);
- $client_id = intval($_POST['client_id']);
-
- // Get ticket details before updating
- $sql = mysqli_query($mysqli, "SELECT
- ticket_prefix, ticket_number, ticket_priority, ticket_status_name, ticket_client_id
- FROM tickets
- LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
- WHERE ticket_id = $ticket_id"
- );
- $row = mysqli_fetch_assoc($sql);
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $original_priority = sanitizeInput($row['ticket_priority']);
- $ticket_status = sanitizeInput($row['ticket_status_name']);
- $client_id = intval($row['ticket_client_id']);
-
- mysqli_query($mysqli, "UPDATE tickets SET ticket_priority = '$priority' WHERE ticket_id = $ticket_id");
-
- // Update Ticket History
- mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status', ticket_history_description = '$session_name changed priority from $original_priority to $priority', ticket_history_ticket_id = $ticket_id");
-
- logAction("Ticket", "Edit", "$session_name changed priority from $original_priority to $priority for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
-
- customAction('ticket_update', $ticket_id);
-
- flash_alert("Priority updated from $original_priority to $priority ");
-
- redirect();
-
-}
-
-if (isset($_POST['edit_ticket_contact'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_id = intval($_POST['ticket_id']);
- $contact_id = intval($_POST['contact']);
- $notify = intval($_POST['contact_notify']) ?? 0;
-
- // Get Original contact, and ticket details
- $sql = mysqli_query($mysqli, "SELECT
- contact_name, ticket_prefix, ticket_number, ticket_status_name, ticket_subject, ticket_details, ticket_url_key, ticket_client_id
- FROM tickets
- LEFT JOIN contacts ON ticket_contact_id = contact_id
- LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
- WHERE ticket_id = $ticket_id"
- );
- $row = mysqli_fetch_assoc($sql);
-
- // Original contact
- $original_contact_name = !empty($row['contact_name']) ? sanitizeInput($row['contact_name']) : 'No one';
-
- // Ticket details
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_status = sanitizeInput($row['ticket_status_name']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
- $url_key = sanitizeInput($row['ticket_url_key']);
- $client_id = intval($row['ticket_client_id']);
-
- // Update the contact
- mysqli_query($mysqli, "UPDATE tickets SET ticket_contact_id = $contact_id WHERE ticket_id = $ticket_id");
-
- // Get New contact details
- $sql = mysqli_query($mysqli, "SELECT contact_name, contact_email FROM contacts WHERE contact_id = $contact_id");
- $row = mysqli_fetch_assoc($sql);
-
- $contact_name = !empty($row['contact_name']) ? sanitizeInput($row['contact_name']) : 'No one';
- $contact_email = sanitizeInput($row['contact_email']);
-
- // Notify new contact (if selected, valid & configured)
- if ($notify && filter_var($contact_email, FILTER_VALIDATE_EMAIL) && !empty($config_smtp_host)) {
-
- // Get Company Phone Number
- $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
- $row = mysqli_fetch_assoc($sql);
- $company_name = sanitizeInput($row['company_name']);
- $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
-
- $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
- $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
-
- // Email content
- $data = []; // Queue array
-
- $subject = "Ticket Created - [$ticket_prefix$ticket_number] - $ticket_subject";
- $body = "##- Please type your reply above this line -## View ticket $original_contact_name to $contact_name ");
-
- redirect();
-
-}
-
-if (isset($_POST['edit_ticket_project'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_id = intval($_POST['ticket_id']);
- $project_id = intval($_POST['project']);
-
- $project_name = sanitizeInput(getFieldById('projects', $project_id, 'project_name'));
- $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
- $ticket_prefix = sanitizeInput(getFieldById('tickets', $ticket_id, 'ticket_prefix'));
- $ticket_number = sanitizeInput(getFieldById('tickets', $ticket_id, 'ticket_number'));
-
- mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id");
-
- logAction("Ticket", "Edit", "$session_name set ticket $ticket_prefix$ticket_number project to $project_name", $client_id, $ticket_id);
-
- flash_alert("Project changed to $project_name for Ticket $ticket_prefix$ticket_number ");
-
- redirect();
-
-}
-
-if (isset($_POST['add_ticket_watcher'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_id = intval($_POST['ticket_id']);
- $watcher_emails = preg_split("/,| |;/", $_POST['watcher_email']); // Split on comma, semicolon or space, we sanitize later
- $notify = intval($_POST['watcher_notify'] ?? 0);
-
- // Get contact/ticket details
- $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_category, ticket_subject, ticket_details, ticket_priority, ticket_status_name, ticket_url_key, ticket_created_by, ticket_assigned_to, ticket_client_id FROM tickets
- LEFT JOIN clients ON ticket_client_id = client_id
- LEFT JOIN contacts ON ticket_contact_id = contact_id
- LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
- WHERE ticket_id = $ticket_id
- AND ticket_closed_at IS NULL");
- $row = mysqli_fetch_assoc($sql);
-
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_category = sanitizeInput($row['ticket_category']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
- $ticket_priority = sanitizeInput($row['ticket_priority']);
- $ticket_status = sanitizeInput($row['ticket_status_name']);
- $url_key = sanitizeInput($row['ticket_url_key']);
- $client_id = intval($row['ticket_client_id']);
- $ticket_created_by = intval($row['ticket_created_by']);
- $ticket_assigned_to = intval($row['ticket_assigned_to']);
-
- // Get Company Phone Number
- $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
- $row = mysqli_fetch_assoc($sql);
- $company_name = sanitizeInput($row['company_name']);
- $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
-
- // Process each watcher in list
- foreach ($watcher_emails as $watcher_email) {
-
- if (filter_var($watcher_email, FILTER_VALIDATE_EMAIL)) {
-
- $watcher_email = sanitizeInput($watcher_email);
-
- mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$watcher_email', watcher_ticket_id = $ticket_id");
-
- // Notify watcher
- if ($notify && !empty($config_smtp_host)) {
-
-
-
- // Email content
- $data = []; // Queue array
-
- $subject = "Ticket Notification - [$ticket_prefix$ticket_number] - $ticket_subject";
- $body = "##- Please type your reply above this line -## $watcher_email ", 'error');
-
- redirect();
-
-}
-
-if (isset($_GET['delete_ticket_additional_asset'])) {
-
- enforceUserPermission('module_support', 2);
-
- $asset_id = intval($_GET['delete_ticket_additional_asset']);
- $ticket_id = intval($_GET['ticket_id']);
-
- // Get ticket / asset details for logging
- $sql = mysqli_query($mysqli, "SELECT asset_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM assets
- JOIN tickets ON ticket_id = $ticket_id
- JOIN ticket_statuses ON ticket_status = ticket_status_id
- WHERE asset_id = $asset_id"
- );
- $row = mysqli_fetch_assoc($sql);
-
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_status_name = sanitizeInput($row['ticket_status_name']);
- $asset_name = sanitizeInput($row['asset_name']);
- $client_id = intval($row['ticket_client_id']);
-
- mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id AND asset_id = $asset_id");
-
- // History
- mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status_name', ticket_history_description = '$session_name removed additional asset $asset_name', ticket_history_ticket_id = $ticket_id");
-
- logAction("Ticket", "Edit", "$session_name removed asset $asset_name from ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
-
- flash_alert("Removed asset $asset_name from ticket.", 'error');
-
- redirect();
-
-}
-
-if (isset($_POST['edit_ticket_asset'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_id = intval($_POST['ticket_id']);
- $asset_id = intval($_POST['asset']);
-
- mysqli_query($mysqli, "UPDATE tickets SET ticket_asset_id = $asset_id WHERE ticket_id = $ticket_id");
-
- // Add Additional Assets
- if (isset($_POST['additional_assets'])) {
- mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id");
- foreach ($_POST['additional_assets'] as $additional_asset) {
- $additional_asset_id = intval($additional_asset);
- mysqli_query($mysqli, "INSERT INTO ticket_assets SET ticket_id = $ticket_id, asset_id = $additional_asset_id");
- }
- } else {
- // If no additional assets are provided, delete them all
- // This handles cases where the assets input might be cleared or not set at all.
- mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id");
- }
-
- // Get ticket / asset details for logging
- $sql = mysqli_query($mysqli, "SELECT asset_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM assets
- LEFT JOIN tickets ON ticket_asset_id = asset_id
- LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
- WHERE ticket_id = $ticket_id"
- );
- $row = mysqli_fetch_assoc($sql);
-
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_status_name = sanitizeInput($row['ticket_status_name']);
- $asset_name = sanitizeInput($row['asset_name']);
- $client_id = intval($row['ticket_client_id']);
-
- logAction("Ticket", "Edit", "$session_name changed asset to $asset_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
-
- flash_alert("Ticket $ticket_prefix$ticket_number asset updated to $asset_name ");
-
- redirect();
-
-}
-
-if (isset($_POST['edit_ticket_vendor'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_id = intval($_POST['ticket_id']);
- $vendor_id = intval($_POST['vendor']);
-
- mysqli_query($mysqli, "UPDATE tickets SET ticket_vendor_id = $vendor_id WHERE ticket_id = $ticket_id");
-
- // Get ticket / vendor details for logging
- $sql = mysqli_query($mysqli, "SELECT vendor_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM vendors
- LEFT JOIN tickets ON ticket_vendor_id = $vendor_id
- LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
- WHERE ticket_id = $ticket_id"
- );
- $row = mysqli_fetch_assoc($sql);
-
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_status_name = sanitizeInput($row['ticket_status_name']);
- $vendor_name = sanitizeInput($row['vendor_name']);
- $client_id = intval($row['ticket_client_id']);
-
- logAction("Ticket", "Edit", "$session_name set vendor to $vendor_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
-
- flash_alert("Set vendor to $vendor_name for ticket $ticket_prefix$ticket_number ");
-
- redirect();
-
-}
-
-if (isset($_POST['assign_ticket'])) {
-
- enforceUserPermission('module_support', 2);
-
- // POST variables
- $ticket_id = intval($_POST['ticket_id']);
- $assigned_to = intval($_POST['assigned_to']);
- $ticket_status = intval($_POST['ticket_status']);
-
- // New > Open as assigned
- if ($ticket_status == 1 && $assigned_to !== 0) {
- $ticket_status = 2;
- }
-
- // Allow for un-assigning tickets
- if ($assigned_to == 0) {
- $ticket_reply = "Ticket unassigned.";
- $agent_name = "No One";
- } else {
- // Get & verify assigned agent details
- $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE users.user_id = $assigned_to");
- $agent_details = mysqli_fetch_assoc($agent_details_sql);
-
- $agent_name = sanitizeInput($agent_details['user_name']);
- $agent_email = sanitizeInput($agent_details['user_email']);
- $ticket_reply = "Ticket re-assigned to $agent_name.";
-
- if (!$agent_name) {
- flash_alert("Invalid agent!", 'error');
- redirect();
- }
- }
-
- // Get & verify ticket details
- $ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_client_id, client_name FROM tickets LEFT JOIN clients ON ticket_client_id = client_id WHERE ticket_id = '$ticket_id' AND ticket_status != 5");
- $ticket_details = mysqli_fetch_assoc($ticket_details_sql);
-
- $ticket_prefix = sanitizeInput($ticket_details['ticket_prefix']);
- $ticket_number = intval($ticket_details['ticket_number']);
- $ticket_subject = sanitizeInput($ticket_details['ticket_subject']);
- $client_id = intval($ticket_details['ticket_client_id']);
- $client_name = sanitizeInput($ticket_details['client_name']);
-
- if (!$ticket_subject) {
- flash_alert("Invalid ticket!", 'error');
- redirect();
- }
-
- if ($client_id) {
- $client_uri = "&client_id=$client_id";
- } else {
- $client_uri = '';
- }
-
- // Update ticket & insert reply
- mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = $assigned_to, ticket_status = '$ticket_status' WHERE ticket_id = $ticket_id");
-
- mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
-
- logAction("Ticket", "Edit", "$session_name reassigned $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id);
-
-
- // Notification
- if ($session_user_id != $assigned_to && $assigned_to != 0) {
-
- // App Notification
- mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = 'Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject has been assigned to you by $session_name', notification_action = '/agent/ticket.php?ticket_id=$ticket_id$client_uri', notification_client_id = $client_id, notification_user_id = $assigned_to");
-
- // Email Notification
- if (!empty($config_smtp_host)) {
-
- // Sanitize Config vars from get_settings.php
- $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
- $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
- $company_name = sanitizeInput($session_company_name);
-
- $subject = "$config_app_name - Ticket $ticket_prefix$ticket_number assigned to you - $ticket_subject";
- $body = "Hi $agent_name, $ticket_prefix$ticket_number assigned to $agent_name ");
-
- redirect();
-
-}
-
-if (isset($_GET['delete_ticket'])) {
-
- validateCSRFToken($_GET['csrf_token']);
-
- enforceUserPermission('module_support', 3);
-
- $ticket_id = intval($_GET['delete_ticket']);
-
- // Get Ticket and Client ID for logging and alert message
- $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_status, ticket_closed_at, ticket_client_id FROM tickets WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_assoc($sql);
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = sanitizeInput($row['ticket_number']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $ticket_status = sanitizeInput($row['ticket_status']);
- $ticket_closed_at = sanitizeInput($row['ticket_closed_at']);
- $client_id = intval($row['ticket_client_id']);
-
- if (empty($ticket_closed_at)) {
- mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id");
-
- // Delete all ticket replies
- mysqli_query($mysqli, "DELETE FROM ticket_replies WHERE ticket_reply_ticket_id = $ticket_id");
-
- // Delete all ticket views
- mysqli_query($mysqli, "DELETE FROM ticket_views WHERE view_ticket_id = $ticket_id");
-
- // Delete ticket watchers
- mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
-
- // Delete Ticket Attachements
- mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id");
- removeDirectory("../uploads/tickets/$ticket_id");
-
- // No Need to delete ticket assets as this is cascadely deleted via the database.
-
- logAction("Ticket", "Delete", "$session_name deleted $ticket_prefix$ticket_number along with all replies", $client_id);
-
- flash_alert("Ticket $ticket_prefix$ticket_number along with all replies deleted", 'error');
-
- customAction('ticket_delete', $ticket_id);
-
- redirect("tickets.php");
- }
-
-}
-
-if (isset($_POST['bulk_delete_tickets'])) {
-
- validateCSRFToken($_POST['csrf_token']);
-
- enforceUserPermission('module_support', 3);
-
- if (isset($_POST['ticket_ids'])) {
-
- $count = count($_POST['ticket_ids']);
-
- // Cycle through array and delete each recurring scheduled ticket
- foreach ($_POST['ticket_ids'] as $ticket_id) {
-
- $ticket_id = intval($ticket_id);
- mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id");
-
- // Delete all ticket replies
- mysqli_query($mysqli, "DELETE FROM ticket_replies WHERE ticket_reply_ticket_id = $ticket_id");
-
- // Delete all ticket views
- mysqli_query($mysqli, "DELETE FROM ticket_views WHERE view_ticket_id = $ticket_id");
-
- // Delete ticket watchers
- mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
-
- // Delete Ticket Attachements
- mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id");
- removeDirectory("../uploads/tickets/$ticket_id");
-
- // No Need to delete ticket assets as this is cascadely deleted via the database.
-
- logAction("Ticket", "Delete", "$session_name deleted ticket", 0, $ticket_id);
-
- }
-
- logAction("Ticket", "Bulk Delete", "$session_name deleted $count ticket(s)");
-
- flash_alert("Deleted $count ticket(s)", 'error');
- }
-
- redirect();
-
-}
-
-if (isset($_POST['bulk_assign_ticket'])) {
-
- enforceUserPermission('module_support', 2);
-
- // POST variables
- $assign_to = intval($_POST['assign_to']);
-
- // Get a Ticket Count
- $ticket_count = count($_POST['ticket_ids']);
-
- // Assign Tech to Selected Tickets
- if (!empty($_POST['ticket_ids'])) {
- foreach ($_POST['ticket_ids'] as $ticket_id) {
- $ticket_id = intval($ticket_id);
-
- $sql = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_assoc($sql);
-
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_status = intval($row['ticket_status']);
- $ticket_name = sanitizeInput($row['ticket_name']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $client_id = intval($row['ticket_client_id']);
-
- if ($ticket_status == 1 && $assigned_to !== 0) {
- $ticket_status = 2;
- }
-
- // Allow for un-assigning tickets
- if ($assign_to == 0) {
- $ticket_reply = "Ticket unassigned, pending re-assignment.";
- $agent_name = "No One";
- } else {
- // Get & verify assigned agent details
- $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assign_to");
- $agent_details = mysqli_fetch_assoc($agent_details_sql);
-
- $agent_name = sanitizeInput($agent_details['user_name']);
- $agent_email = sanitizeInput($agent_details['user_email']);
- $ticket_reply = "Ticket re-assigned to $agent_name.";
-
- if (!$agent_name) {
- flash_alert("Invalid agent!", 'error');
- redirect();
- }
- }
-
- // Update ticket & insert reply
- mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = $assign_to, ticket_status = $ticket_status WHERE ticket_id = $ticket_id");
-
- mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
-
- logAction("Ticket", "Edit", "$session_name reassigned ticket $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id);
-
- customAction('ticket_assign', $ticket_id);
-
- $tickets_assigned_body .= "$ticket_prefix$ticket_number - $ticket_subject$ticket_count Tickets to $agent_name ");
-
- redirect();
-
-}
-
-if (isset($_POST['bulk_edit_ticket_priority'])) {
-
- enforceUserPermission('module_support', 2);
-
- // POST variables
- $priority = sanitizeInput($_POST['bulk_priority']);
-
- // Assign Tech to Selected Tickets
- if (isset($_POST['ticket_ids'])) {
-
- // Get a Ticket Count
- $ticket_count = count($_POST['ticket_ids']);
-
- foreach ($_POST['ticket_ids'] as $ticket_id) {
- $ticket_id = intval($ticket_id);
-
- $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_assoc($sql);
-
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $original_ticket_priority = sanitizeInput($row['ticket_priority']);
- $client_id = intval($row['ticket_client_id']);
-
- // Update ticket & insert reply
- mysqli_query($mysqli, "UPDATE tickets SET ticket_priority = '$priority' WHERE ticket_id = $ticket_id");
-
- mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$session_name updated the priority from $current_ticket_priority to $priority', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
-
- logAction("Ticket", "Edit", "$session_name updated the priority on ticket $ticket_prefix$ticket_number - $ticket_subject from $original_ticket_priority to $priority", $client_id, $ticket_id);
-
- customAction('ticket_update', $ticket_id);
- } // End For Each Ticket ID Loop
-
- logAction("Ticket", " Bulk Edit", "$session_name updated the priority on $ticket_count");
-
- flash_alert("You updated the priority for $ticket_count Tickets to $priority ");
- }
-
- redirect();
-
-}
-
-if (isset($_POST['bulk_edit_ticket_category'])) {
-
- enforceUserPermission('module_support', 2);
-
- // POST variables
- $category_id = intval($_POST['bulk_category']);
-
- // Assign Tech to Selected Tickets
- if (isset($_POST['ticket_ids'])) {
-
- // Get a Ticket Count
- $ticket_count = count($_POST['ticket_ids']);
-
- foreach ($_POST['ticket_ids'] as $ticket_id) {
- $ticket_id = intval($ticket_id);
-
- $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, category_name, ticket_client_id FROM tickets LEFT JOIN categories ON ticket_category = category_id WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_assoc($sql);
-
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $previous_ticket_category_name = sanitizeInput($row['category_name']);
- $client_id = intval($row['ticket_client_id']);
-
- // Get Category Name
- $category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
-
- // Update ticket
- mysqli_query($mysqli, "UPDATE tickets SET ticket_category = '$category_id' WHERE ticket_id = $ticket_id");
-
- logAction("Ticket", "Edit", "$session_name updated the category on ticket $ticket_prefix$ticket_number - $ticket_subject from $previous_category_name to $category_name", $client_id, $ticket_id);
-
- customAction('ticket_update', $ticket_id);
- } // End For Each Ticket ID Loop
-
- logAction("Ticket", " Bulk Edit", "$session_name updated the category to $category_name on $ticket_count");
-
- flash_alert("Category set to $category_name for $ticket_count Tickets");
- }
-
- redirect();
-
-}
-
-if (isset($_POST['bulk_merge_tickets'])) {
-
- enforceUserPermission('module_support', 2);
-
- $merge_into_ticket_number = intval($_POST['merge_into_ticket_number']); // Parent ticket *number*
- $merge_comment = sanitizeInput($_POST['merge_comment']); // Merge comment
- $ticket_reply_type = 'Internal'; // Default all replies to internal
-
- // NEW PARENT ticket details
- // Get merge into ticket id (as it may differ from the number)
- $sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_number = $merge_into_ticket_number");
- if (mysqli_num_rows($sql) == 0) {
- flash_alert("Cannot merge into that ticket.", 'error');
- redirect();
- }
- $merge_row = mysqli_fetch_assoc($sql);
- $merge_into_ticket_id = intval($merge_row['ticket_id']); // Parent ticket ID
-
- // Update & Close the selected tickets
- if (isset($_POST['ticket_ids'])) {
-
- $ticket_count = count($_POST['ticket_ids']); // Get a ticket count
-
- foreach ($_POST['ticket_ids'] as $ticket_id) {
- $ticket_id = intval($ticket_id);
-
- if ($ticket_id !== $merge_into_ticket_id) {
-
- $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_assoc($sql);
-
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
- $current_ticket_priority = sanitizeInput($row['ticket_priority']);
- $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
- $client_id = intval($row['ticket_client_id']);
-
- // Update current ticket
- if (empty($ticket_first_response_at)) {
- mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
- }
- mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number bulk merged into $ticket_prefix$merge_into_ticket_number . Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
- mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '5', ticket_resolved_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli));
-
- // Update new parent ticket
- mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was bulk merged into this ticket with comment: $merge_comment.$ticket_subject $ticket_count tickets merged into $ticket_prefix$merge_into_ticket_number ");
-
- }
-
- redirect();
-
-}
-
-if (isset($_POST['bulk_resolve_tickets'])) {
-
- enforceUserPermission('module_support', 2);
-
- // POST variables
- $details = mysqli_escape_string($mysqli, $_POST['bulk_details']);
- $ticket_reply_time_worked = sanitizeInput($_POST['time']);
- $private_note = intval($_POST['bulk_private_note']);
- if ($private_note == 1) {
- $ticket_reply_type = 'Internal';
- } else {
- $ticket_reply_type = 'Public';
- }
-
- // Resolve Selected Tickets
- if (isset($_POST['ticket_ids'])) {
-
- // Intitialze the counts before the loop
- $ticket_count = 0;
- $skipped_count = 0;
-
- foreach ($_POST['ticket_ids'] as $ticket_id) {
- $ticket_id = intval($ticket_id);
-
- // Check to make sure Tasks are complete before resolving
- $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('task_id') AS num FROM tasks WHERE task_completed_at IS NULL AND task_ticket_id = $ticket_id"));
- $num_of_open_tasks = $row['num'];
-
- if ($num_of_open_tasks == 0) {
- // Count the Ticket Loop
- $ticket_count++;
-
- $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_assoc($sql);
-
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $current_ticket_priority = sanitizeInput($row['ticket_priority']);
- $url_key = sanitizeInput($row['ticket_url_key']);
- $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
- $client_id = intval($row['ticket_client_id']);
-
- // Mark FR time if required
- if (empty($ticket_first_response_at)) {
- mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
- }
-
- // Update ticket & insert reply
- mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 4, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
-
- mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$details', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
-
- logAction("Ticket", "Resolve", "$session_name resolved $ticket_prefix$ticket_number - $ticket_subject", $client_id, $ticket_id);
-
- customAction('ticket_resolve', $ticket_id);
-
- // Client notification email
- if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1 && $private_note == 0) {
-
- // Get Contact details
- $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email FROM tickets
- LEFT JOIN contacts ON ticket_contact_id = contact_id
- WHERE ticket_id = $ticket_id
- ");
- $row = mysqli_fetch_assoc($ticket_sql);
-
- $contact_name = sanitizeInput($row['contact_name']);
- $contact_email = sanitizeInput($row['contact_email']);
-
- // Sanitize Config vars from get_settings.php
- $from_name = sanitizeInput($config_ticket_from_name);
- $from_email = sanitizeInput($config_ticket_from_email);
- $base_url = sanitizeInput($config_base_url);
-
- // Get Company Info
- $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
- $row = mysqli_fetch_assoc($sql);
- $company_name = sanitizeInput($row['company_name']);
- $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
-
- // EMAIL
- $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)";
- $body = "##- Please type your reply above this line -## re-open to let us know! $ticket_count Tickets");
-
- if ($skipped_count > 0) {
- flash_alert("Resolved $ticket_count Tickets $skipped_count ticket(s) could not be resolved because they have open tasks.", 'info');
- }
-
- redirect();
-
-}
-
-if (isset($_POST['bulk_ticket_reply'])) {
-
- enforceUserPermission('module_support', 2);
-
- // POST variables
- $ticket_reply = mysqli_escape_string($mysqli, $_POST['bulk_reply_details']);
- $ticket_status = intval($_POST['bulk_status']);
- $ticket_reply_time_worked = sanitizeInput($_POST['time']);
- $private_note = intval($_POST['bulk_private_reply']);
- if ($private_note == 1) {
- $ticket_reply_type = 'Internal';
- } else {
- $ticket_reply_type = 'Public';
- }
-
- // Loop Through Tickets and Add Reply along with Email notifications
- if (isset($_POST['ticket_ids'])) {
-
- // Get a Ticket Count
- $ticket_count = count($_POST['ticket_ids']);
-
- foreach ($_POST['ticket_ids'] as $ticket_id) {
- $ticket_id = intval($ticket_id);
-
- $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_assoc($sql);
-
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $current_ticket_priority = sanitizeInput($row['ticket_priority']);
- $url_key = sanitizeInput($row['ticket_url_key']);
- $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
- $client_id = intval($row['ticket_client_id']);
-
- if ($client_id) {
- $client_uri = "&client_id=$client_id";
- } else {
- $client_uri = '';
- }
-
- // Mark FR time if required
- if (empty($ticket_first_response_at)) {
- mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
- }
-
- // Add reply
- mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
-
- $ticket_reply_id = mysqli_insert_id($mysqli);
-
- // Update Ticket Status
- mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '$ticket_status' WHERE ticket_id = $ticket_id");
-
- logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id);
-
- // Custom action/notif handler
- if ($ticket_reply_type == 'Internal') {
- customAction('ticket_reply_agent_internal', $ticket_id);
- } else {
- customAction('reply_reply_agent_public', $ticket_id);
- }
-
- // Resolve the ticket, if set
- if ($ticket_status == 4) {
- mysqli_query($mysqli, "UPDATE tickets SET ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
-
- // Logging
- logAction("Ticket", "Resolved", "$session_name resolved Ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
-
- customAction('ticket_resolve', $ticket_id);
- }
-
- // Get Contact Details
- $sql = mysqli_query(
- $mysqli,
- "SELECT contact_name, contact_email, ticket_created_by, ticket_assigned_to
- FROM tickets
- LEFT JOIN contacts ON ticket_contact_id = contact_id
- WHERE ticket_id = $ticket_id"
- );
-
- $row = mysqli_fetch_assoc($sql);
-
- $contact_name = sanitizeInput($row['contact_name']);
- $contact_email = sanitizeInput($row['contact_email']);
- $ticket_created_by = intval($row['ticket_created_by']);
- $ticket_assigned_to = intval($row['ticket_assigned_to']);
-
- // Sanitize Config vars from get_settings.php
- $from_name = sanitizeInput($config_ticket_from_name);
- $from_email = sanitizeInput($config_ticket_from_email);
- $base_url = sanitizeInput($config_base_url);
-
- $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
- $row = mysqli_fetch_assoc($sql);
- $company_name = sanitizeInput($row['company_name']);
- $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
-
- // Send e-mail to client if public update & email is set up
- if ($private_note == 0 && !empty($config_smtp_host)) {
-
- $subject = "Ticket update - [$ticket_prefix$ticket_number] - $ticket_subject";
- $body = "##- Please type your reply above this line -## View ticket $ticket_count tickets");
-
- redirect();
-
-}
-
-
-// Currently not UI Frontend for this
-if (isset($_POST['bulk_add_ticket_project'])) {
-
- enforceUserPermission('module_support', 2);
-
- // POST variables
- $project_id = intval($_POST['project_id']);
-
- // Get Project Name
- $sql = mysqli_query($mysqli, "SELECT project_name FROM projects WHERE project_id = $project_id");
- $row = mysqli_fetch_assoc($sql);
- $project_name = sanitizeInput($row['project_name']);
-
- // Assign Project to Selected Tickets
- if (isset($_POST['ticket_ids'])) {
-
- // Get a Ticket Count
- $ticket_count = count($_POST['ticket_ids']);
-
- foreach ($_POST['ticket_ids'] as $ticket_id) {
- $ticket_id = intval($ticket_id);
-
- $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_assoc($sql);
-
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $current_ticket_priority = sanitizeInput($row['ticket_priority']);
- $client_id = intval($row['ticket_client_id']);
-
- // Update ticket & insert reply
- mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id");
-
- logAction("Ticket", "Reply", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $ticket_id);
-
-
- } // End For Each Ticket ID Loop
-
- flash_alert("$ticket_count Tickets added to Project $project_name ");
-
- }
-
- redirect();
-
-}
-
-if (isset($_POST['bulk_add_asset_ticket'])) {
-
- validateCSRFToken($_POST['csrf_token']);
-
- enforceUserPermission('module_support', 2);
-
- $assigned_to = intval($_POST['bulk_assigned_to']);
- if ($assigned_to == 0) {
- $ticket_status = 1;
- } else {
- $ticket_status = 2;
- }
- $subject = sanitizeInput($_POST['bulk_subject']);
- $priority = sanitizeInput($_POST['bulk_priority']);
- $category_id = intval($_POST['bulk_category']);
- $details = mysqli_real_escape_string($mysqli, $_POST['bulk_details']);
- $project_id = intval($_POST['bulk_project']);
- $use_primary_contact = intval($_POST['use_primary_contact']);
- $ticket_template_id = intval($_POST['bulk_ticket_template_id']);
- $billable = intval($_POST['bulk_billable'] ?? 0);
-
- // Check to see if adding a ticket by template
- if($ticket_template_id) {
- $sql = mysqli_query($mysqli, "SELECT * FROM ticket_templates WHERE ticket_template_id = $ticket_template_id");
- $row = mysqli_fetch_assoc($sql);
-
- // Override Template Subject
- if(empty($subject)) {
- $subject = sanitizeInput($row['ticket_template_subject']);
- }
- $details = mysqli_escape_string($mysqli, $row['ticket_template_details']);
-
- // Get Associated Tasks from the ticket template
- $sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id");
-
- }
-
- // Create ticket for each selected asset
- if (isset($_POST['asset_ids'])) {
-
- // Get a Asset Count
- $asset_count = count($_POST['asset_ids']);
-
- foreach ($_POST['asset_ids'] as $asset_id) {
- $asset_id = intval($asset_id);
-
- $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id");
- $row = mysqli_fetch_assoc($sql);
-
- $asset_name = sanitizeInput($row['asset_name']);
- $client_id = intval($row['asset_client_id']);
-
- $subject_asset_prepended = "$asset_name - $subject";
-
- // Atomically increment and get the new ticket number
- mysqli_query($mysqli, "
- UPDATE settings
- SET
- config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
- config_ticket_next_number = config_ticket_next_number + 1
- WHERE company_id = 1
- ");
-
- $ticket_number = mysqli_insert_id($mysqli);
-
- // Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
- $config_ticket_prefix = sanitizeInput($config_ticket_prefix);
- $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
- $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
- $config_base_url = sanitizeInput($config_base_url);
-
- //Generate a unique URL key for clients to access
- $url_key = randomString(32);
-
- mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject_asset_prepended', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id");
-
- $ticket_id = mysqli_insert_id($mysqli);
-
- // Add Tasks
- if (!empty($_POST['tasks'])) {
- foreach ($_POST['tasks'] as $task) {
- $task_name = sanitizeInput($task);
- // Check that task_name is not-empty (For some reason the !empty on the array doesnt work here like in watchers)
- if (!empty($task_name)) {
- mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_ticket_id = $ticket_id");
- }
- }
- }
-
- // Add Tasks from Template if Template was selected
- if($ticket_template_id) {
- if (mysqli_num_rows($sql_task_templates) > 0) {
- while ($row = mysqli_fetch_assoc($sql_task_templates)) {
- $task_order = intval($row['task_template_order']);
- $task_name = sanitizeInput($row['task_template_name']);
-
- mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_order = $task_order, task_ticket_id = $ticket_id");
- }
- }
- }
-
- // Custom action/notif handler
- customAction('ticket_create', $ticket_id);
- }
-
- logAction("Ticket", "Bulk Create", "$session_name created $asset_count tickets for $asset_count");
-
- flash_alert("You created $asset_count tickets for the selected assets");
-
- }
-
- redirect();
-
-}
-
-if (isset($_POST['add_ticket_reply'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_id = intval($_POST['ticket_id']);
- $ticket_reply = $_POST['ticket_reply']; // Reply is SQL escaped below
- $ticket_status = intval($_POST['status']);
- $client_id = intval($_POST['client_id']);
-
- // Time tracking, inputs & combine into string
- $hours = intval($_POST['hours']);
- $minutes = intval($_POST['minutes']);
- $seconds = intval($_POST['seconds']);
- $ticket_reply_time_worked = sanitizeInput(sprintf("%02d:%02d:%02d", $hours, $minutes, $seconds));
-
- // Defaults
- $send_email = 0;
- $ticket_reply_id = 0;
- if ($_POST['public_reply_type'] == 1 ){
- $ticket_reply_type = 'Public';
- } elseif ($_POST['public_reply_type'] == 2 ) {
- $ticket_reply_type = 'Public';
- $send_email = 1;
- } else {
- $ticket_reply_type = 'Internal';
- }
- // Add Signature to the end of the ticket reply if not Internal and if there is reply
- if ($ticket_reply !== '' && $ticket_reply_type !== 'Internal' && $send_email == 1) {
- $ticket_reply .= getFieldById('user_settings',$session_user_id,'user_config_signature', 'raw');
- }
-
- $ticket_reply = mysqli_escape_string($mysqli, $ticket_reply); // SQL Escape Ticket Reply
-
- // Update Ticket Status & updated at (in case status didn't change)
- mysqli_query($mysqli, "UPDATE tickets SET ticket_status = $ticket_status, ticket_updated_at = NOW() WHERE ticket_id = $ticket_id");
-
- // Resolve the ticket, if set
- if ($ticket_status == 4) {
- mysqli_query($mysqli, "UPDATE tickets SET ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
-
- logAction("Ticket", "Resolved", "$session_name resolved Ticket ticket ID $ticket_id", $client_id, $ticket_id);
- }
-
- // Process reply actions, if we have a reply to work with (e.g. we're not just editing the status)
- if (!empty($ticket_reply)) {
-
- // Add reply
- mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
-
- $ticket_reply_id = mysqli_insert_id($mysqli);
-
- // Get Ticket Details
- $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status, ticket_status_name, ticket_url_key, ticket_first_response_at, ticket_created_by, ticket_assigned_to, ticket_client_id
- FROM tickets
- LEFT JOIN clients ON ticket_client_id = client_id
- LEFT JOIN contacts ON ticket_contact_id = contact_id
- LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
- WHERE ticket_id = $ticket_id
- ");
-
- $row = mysqli_fetch_assoc($ticket_sql);
-
- $contact_name = sanitizeInput($row['contact_name']);
- $contact_email = sanitizeInput($row['contact_email']);
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $ticket_status = intval($row['ticket_status']);
- $ticket_status_name = sanitizeInput($row['ticket_status_name']);
- $url_key = sanitizeInput($row['ticket_url_key']);
- $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
- $ticket_created_by = intval($row['ticket_created_by']);
- $ticket_assigned_to = intval($row['ticket_assigned_to']);
- $client_id = intval($row['ticket_client_id']);
-
- if ($client_id) {
- $client_uri = "&client_id=$client_id";
- } else {
- $client_uri = '';
- }
-
- // Sanitize Config vars from get_settings.php
- $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
- $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
- $config_base_url = sanitizeInput($config_base_url);
-
- $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
- $row = mysqli_fetch_assoc($sql);
- $company_name = sanitizeInput($row['company_name']);
- $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
-
- // Send e-mail to client if public update & email is set up
- if ($ticket_reply_type == 'Public' && $send_email == 1 && !empty($config_smtp_host)) {
-
- // Slightly different email subject/text depending on if this update set auto-close
-
- if ($ticket_status == 4) {
- // Resolved
- $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)";
- $body = "##- Please type your reply above this line -## re-open to let us know! View ticket ##- Please type your reply above this line -## View ticket $ticket_prefix$ticket_number has been updated with your reply and was $ticket_reply_type ");
-
- } else {
- flash_alert("Ticket updated");
- }
-
- logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id);
-
- redirect();
-
-}
-
-if (isset($_POST['edit_ticket_reply'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_reply_id = intval($_POST['ticket_reply_id']);
- $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
- $ticket_reply_type = sanitizeInput($_POST['ticket_reply_type']);
- $ticket_reply_time_worked = sanitizeInput($_POST['time']);
-
- $client_id = intval($_POST['client_id']);
-
- mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_type != 'Client'") or die(mysqli_error($mysqli));
-
- logAction("Ticket", "Reply", "$session_name edited ticket_reply", $client_id, $ticket_reply_id);
-
- flash_alert("Ticket reply updated");
-
- redirect();
-
-}
-
-if (isset($_POST['redact_ticket_reply'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_reply_id = intval($_POST['ticket_reply_id']);
- $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
-
- $client_id = intval($_POST['client_id']);
-
- mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id");
-
- logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id);
-
- flash_alert("Ticket reply redacted");
-
- redirect();
-
-}
-
-if (isset($_GET['archive_ticket_reply'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_reply_id = intval($_GET['archive_ticket_reply']);
-
- mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_archived_at = NOW() WHERE ticket_reply_id = $ticket_reply_id");
-
- logAction("Ticket Reply", "Archive", "$session_name archived ticket_reply", 0, $ticket_reply_id);
-
- flash_alert("Ticket reply archived", 'error');
-
- redirect();
-
-}
-
-if (isset($_POST['merge_ticket'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_id = intval($_POST['ticket_id']); // Child ticket ID to be closed
- $merge_into_ticket_number = intval($_POST['merge_into_ticket_number']); // Parent ticket *number*
- $merge_comment = sanitizeInput($_POST['merge_comment']); // Merge comment
- $move_replies = intval($_POST['merge_move_replies']); // Whether to move replies to the new parent ticket
- $ticket_reply_type = 'Internal'; // Default all replies to internal
-
- // Get current ticket details
- $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets WHERE ticket_id = $ticket_id");
- if (mysqli_num_rows($sql) == 0) {
- flash_alert("No ticket with that ID found.", 'error');
- redirect();
- }
- // CURRENT ticket details
- $row = mysqli_fetch_assoc($sql);
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
- $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
-
- // NEW PARENT ticket details
- // Get merge into ticket id (as it may differ from the number)
- $sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_client_id FROM tickets WHERE ticket_number = $merge_into_ticket_number");
- if (mysqli_num_rows($sql) == 0) {
- flash_alert("Cannot merge into that ticket.", 'error');
- redirect();
- }
- $merge_row = mysqli_fetch_assoc($sql);
- $merge_into_ticket_id = intval($merge_row['ticket_id']);
- $client_id = intval($merge_row['ticket_client_id']);
- if ($client_id) {
- $has_client = "&client_id=$client_id";
- } else {
- $has_client = "";
- }
- // Sanity check
- if ($ticket_number == $merge_into_ticket_number) {
- flash_alert("Cannot merge into the same ticket.", 'error');
- redirect();
- }
-
- // Move ticket replies from child > parent
- if ($move_replies) {
- mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_ticket_id = $merge_into_ticket_id WHERE ticket_reply_ticket_id = $ticket_id");
- }
-
- // Update current ticket
- if (empty($ticket_first_response_at)) {
- mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
- }
-
- mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number merged into $ticket_prefix$merge_into_ticket_number . Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
-
- mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '5', ticket_resolved_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli));
-
- //Update new parent ticket
- mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was merged into this ticket with comment: $merge_comment.$ticket_subject ##- Please type your reply above this line -## re-open to let us know! View ticket here . $config_invoice_prefix$invoice_number for this ticket.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
-
- mysqli_query($mysqli, "UPDATE tickets SET ticket_invoice_id = $invoice_id WHERE ticket_id = $ticket_id");
-
- logAction("Invoice", "Create", "$session_name created invoice $invoice_prefix$invoice_number from Ticket $ticket_prefix$ticket_number", $client_id, $invoice_id);
-
- flash_alert("Invoice $invoice_prefix$invoice_number created from ticket");
-
- redirect("invoice.php?invoice_id=$invoice_id");
-
-}
-
-if (isset($_POST['export_tickets_csv'])) {
-
- enforceUserPermission('module_support', 2);
-
- if ($_POST['client_id']) {
- $client_id = intval($_POST['client_id']);
- $client_query = "WHERE ticket_client_id = $client_id";
- $client_name = getFieldById('clients', $client_id, 'client_name');
- $file_name_prepend = "$client_name-";
- } else {
- $client_query = '';
- $client_name = '';
- $file_name_prepend = "$session_company_name-";
- }
-
- $sql = mysqli_query(
- $mysqli,
- "SELECT * FROM tickets
- LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
- $client_query ORDER BY ticket_number ASC"
- );
-
- if ($sql->num_rows > 0) {
- $delimiter = ",";
- $enclosure = '"';
- $escape = '\\'; // backslash
- $filename = sanitize_filename($file_name_prepend . "Tickets-" . date('Y-m-d_H-i-s') . ".csv");
-
- //create a file pointer
- $f = fopen('php://memory', 'w');
-
- //set column headers
- $fields = array('Ticket Number', 'Priority', 'Status', 'Subject', 'Date Opened', 'Date Resolved', 'Date Closed');
- fputcsv($f, $fields, $delimiter, $enclosure, $escape);
-
- //output each row of the data, format line as csv and write to file pointer
- while ($row = $sql->fetch_assoc()) {
- $lineData = array($config_ticket_prefix . $row['ticket_number'], $row['ticket_priority'], $row['ticket_status_name'], $row['ticket_subject'], $row['ticket_created_at'], $row['ticket_resolved_at'], $row['ticket_closed_at']);
- fputcsv($f, $lineData, $delimiter, $enclosure, $escape);
- }
-
- //move back to beginning of file
- fseek($f, 0);
-
- //set headers to download file rather than displayed
- header('Content-Type: text/csv');
- header('Content-Disposition: attachment; filename="' . $filename . '";');
-
- //output all remaining data on a file pointer
- fpassthru($f);
- }
- exit;
-
-}
-
-if (isset($_POST['edit_ticket_billable_status'])) {
-
- enforceUserPermission('module_support', 2);
- enforceUserPermission('module_sales', 2);
-
- $ticket_id = intval($_POST['ticket_id']);
- $billable_status = intval($_POST['billable_status']);
- if ($billable_status == 0 ) {
- $billable_wording = "Not";
- }
-
- // Get ticket details for logging
- $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_client_id FROM tickets WHERE ticket_id = $ticket_id");
- $row = mysqli_fetch_assoc($sql);
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $client_id = intval($row['ticket_client_id']);
-
- mysqli_query($mysqli,"UPDATE tickets SET ticket_billable = $billable_status WHERE ticket_id = $ticket_id");
-
- logAction("Ticket", "Edit", "$session_name marked ticket $ticket_prefix$ticket_number as $billable_wording Billable", $client_id, $ticket_id);
-
- flash_alert("Ticket marked $billable_wording Billable ");
-
- redirect();
-
-}
-
-if (isset($_POST['edit_ticket_schedule'])) {
-
- enforceUserPermission('module_support', 2);
-
- $ticket_id = intval($_POST['ticket_id']);
- $onsite = intval($_POST['onsite']);
- $schedule = sanitizeInput($_POST['scheduled_date_time']);
- $ticket_link = "client/ticket.php?id=$ticket_id";
- $full_ticket_url = "https://$config_base_url/client/ticket.php?id=$ticket_id";
- $ticket_link_html = "$ticket_link ";
-
- mysqli_query($mysqli,"UPDATE tickets
- SET ticket_schedule = '$schedule', ticket_onsite = $onsite
- WHERE ticket_id = $ticket_id"
- );
-
-
- // Check for other conflicting scheduled items based on 2 hr window
- //TODO make this configurable
- $start = date('Y-m-d H:i:s', strtotime($schedule) - 7200);
- $end = date('Y-m-d H:i:s', strtotime($schedule) + 7200);
- $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_schedule BETWEEN '$start' AND '$end' AND ticket_id != $ticket_id");
- if (mysqli_num_rows($sql) > 0) {
- $conflicting_tickets = [];
- while ($row = mysqli_fetch_assoc($sql)) {
- $conflicting_tickets[] = $row['ticket_id'] . " - " . $row['ticket_subject'] . " @ " . $row['ticket_schedule'];
- }
- }
- $sql = mysqli_query($mysqli, "SELECT * FROM tickets
- LEFT JOIN clients ON ticket_client_id = client_id
- LEFT JOIN contacts ON ticket_contact_id = contact_id
- LEFT JOIN locations on contact_location_id = location_id
- LEFT JOIN users ON ticket_assigned_to = user_id
- WHERE ticket_id = $ticket_id
- ");
-
- $row = mysqli_fetch_assoc($sql);
-
- $client_id = intval($row['ticket_client_id']);
- $client_name = sanitizeInput($row['client_name']);
- $ticket_details = sanitizeInput($row['ticket_details']);
- $contact_name = sanitizeInput($row['contact_name']);
- $contact_email = sanitizeInput($row['contact_email']);
- $ticket_prefix = sanitizeInput($row['ticket_prefix']);
- $ticket_number = intval($row['ticket_number']);
- $ticket_subject = sanitizeInput($row['ticket_subject']);
- $user_name = sanitizeInput($row['user_name']);
- $user_email = sanitizeInput($row['user_email']);
- $cal_subject = $ticket_number . ": " . $client_name . " - " . $ticket_subject;
- $ticket_details_truncated = substr($ticket_details, 0, 100);
- $cal_description = $ticket_details_truncated . " - " . $full_ticket_url;
- $cal_location = sanitizeInput($row["location_address"]);
- $email_datetime = date('l, F j, Y \a\t g:ia', strtotime($schedule));
-
- if ($client_id) {
- $client_uri = "&client_id=$client_id";
- } else {
- $client_uri = '';
- }
-
- // Sanitize Config Vars
- $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
- $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
- $session_company_name = sanitizeInput($session_company_name);
-
-
- /// Create iCal event
- $cal_str = createiCalStr($schedule, $cal_subject, $cal_description, $cal_location);
-
- // Notify the agent of the scheduled work
- $data[] = [
- 'from' => $config_ticket_from_email,
- 'from_name' => $config_ticket_from_name,
- 'recipient' => $user_email,
- 'recipient_name' => $user_name,
- 'subject' => "Ticket Scheduled - [$ticket_prefix$ticket_number] - $ticket_subject",
- 'body' => "Hello, " . $user_name . "$ticket_link Access your ticket here
- Ticket: $ticket_prefix$ticket_numberSubject: $ticket_subject
- This is an automated message. Please do not reply directly to this email.
-
"),
- 'cal_str' => $cal_str
- ];
-
- // Notify the watchers of the scheduled work
- $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
-
- while ($row = mysqli_fetch_assoc($sql_watchers)) {
- $watcher_email = sanitizeInput($row['watcher_email']);
- $data[] = [
- 'from' => $config_ticket_from_email,
- 'from_name' => $config_ticket_from_name,
- 'recipient' => $watcher_email,
- 'recipient_name' => $watcher_email,
- 'subject' => "Ticket Scheduled - [$ticket_prefix$ticket_number] - $ticket_subject",
- 'body' => mysqli_escape_string($mysqli, nullable_htmlentities("
- The ticket regarding $ticket_subject has been scheduled for $email_datetime.
- $ticket_link
- Ticket: $ticket_prefix$ticket_numberSubject: $ticket_subjectPortal: Access the ticket here
-
- This is an automated message. Please do not reply directly to this email.
-
")),
- 'cal_str' => $cal_str
- ];
- }
- }
-
- // Send
- $response = addToMailQueue($data);
-
- // Update ticket reply
- $ticket_reply_note = "Ticket scheduled for $email_datetime " . (boolval($onsite) ? '(onsite).' : '(remote).');
- mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
-
- logAction("Ticket", "Edit", "$session_name edited ticket schedule", $client_id, $ticket_id);
-
- customAction('ticket_schedule', $ticket_id);
-
- if (empty($conflicting_tickets)) {
- flash_alert("Ticket scheduled for $email_datetime");
- redirect();
- } else {
- $_SESSION['alert_type'] = "error";
- flash_alert("Ticket scheduled for $email_datetime. Yet there are conflicting tickets scheduled for the same time: $ticket_link Access your ticket here
- Ticket: $ticket_prefix$ticket_numberSubject: $ticket_subject
- This is an automated message. Please do not reply directly to this email.
-
"),
- 'cal_str' => $cal_str
- ];
-
- // Notify the watchers of the cancellation
- $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
- while ($row = mysqli_fetch_assoc($sql_watchers)) {
- $watcher_email = sanitizeInput($row['watcher_email']);
- $data[] = [
- 'from' => $config_ticket_from_email,
- 'from_name' => $config_ticket_from_name,
- 'recipient' => $watcher_email,
- 'recipient_name' => $watcher_email,
- 'subject' => "Ticket Schedule Cancelled - [$ticket_prefix$ticket_number] - $ticket_subject",
- 'body' => mysqli_escape_string($mysqli, nullable_htmlentities("
- Scheduled work for the ticket regarding $ticket_subject has been cancelled.
- $ticket_link
- Ticket: $ticket_prefix$ticket_numberSubject: $ticket_subjectPortal: Access the ticket here
-
- This is an automated message. Please do not reply directly to this email.
-
")),
- 'cal_str' => $cal_str
- ];
- }
- }
-
- // Send email(s)
- addToMailQueue($data);
-
- // Update ticket reply
- $ticket_reply_note = "Ticket schedule cancelled.";
- mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
-
- logAction("Ticket", "Edit", "$session_name cancelled ticket schedule", $client_id, $ticket_id);
-
- customAction('ticket_unschedule', $ticket_id);
-
- flash_alert("Ticket schedule cancelled", 'error');
-
- redirect();
-
-}
+
+ if ($d !== false) {
+ $due = "'" . $d->format('Y-m-d H:i:s') . "'"; // wrap in quotes for SQL
+ } else {
+ $due = 'NULL'; // fallback if invalid
+ }
+ }
+
+ // Add the primary contact as the ticket contact if "Use primary contact" is checked
+ if ($use_primary_contact == 1) {
+ $sql = mysqli_query($mysqli, "SELECT contact_id FROM contacts WHERE contact_client_id = $client_id AND contact_primary = 1");
+ $row = mysqli_fetch_assoc($sql);
+ $contact = intval($row['contact_id']);
+ }
+
+ // Atomically increment and get the new ticket number
+ mysqli_query($mysqli, "
+ UPDATE settings
+ SET
+ config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
+ config_ticket_next_number = config_ticket_next_number + 1
+ WHERE company_id = 1
+ ");
+
+ $ticket_number = mysqli_insert_id($mysqli);
+
+ // Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
+ $config_ticket_prefix = sanitizeInput($config_ticket_prefix);
+ $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
+ $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
+ $config_base_url = sanitizeInput($config_base_url);
+
+ //Generate a unique URL key for clients to access
+ $url_key = randomString(32);
+
+ mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Agent', ticket_category = $category_id, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = '$billable', ticket_status = '$ticket_status', ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_vendor_id = $vendor_id, ticket_location_id = $location_id, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_url_key = '$url_key', ticket_due_at = $due, ticket_client_id = $client_id, ticket_invoice_id = 0, ticket_project_id = $project_id");
+
+ $ticket_id = mysqli_insert_id($mysqli);
+
+ // Add Tasks from Template if Template was selected
+ if($ticket_template_id) {
+ // Get Associated Tasks from the ticket template
+ $sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id");
+
+ if (mysqli_num_rows($sql_task_templates) > 0) {
+ while ($row = mysqli_fetch_assoc($sql_task_templates)) {
+ $task_order = intval($row['task_template_order']);
+ $task_name = sanitizeInput($row['task_template_name']);
+ $task_completion_estimate = intval($row['task_template_completion_estimate']);
+
+ mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_order = $task_order, task_completion_estimate = $task_completion_estimate, task_ticket_id = $ticket_id");
+ }
+ }
+ }
+
+ // Add Watchers
+ if (isset($_POST['watchers'])) {
+ foreach ($_POST['watchers'] as $watcher) {
+ $watcher_email = sanitizeInput($watcher);
+ mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$watcher_email', watcher_ticket_id = $ticket_id");
+ }
+ }
+
+ // Add Additional Assets
+ if (isset($_POST['additional_assets'])) {
+ foreach ($_POST['additional_assets'] as $additional_asset) {
+ $additional_asset_id = intval($additional_asset);
+ mysqli_query($mysqli, "INSERT INTO ticket_assets SET ticket_id = $ticket_id, asset_id = $additional_asset_id");
+ }
+ }
+
+ // E-mail client
+ if ((!empty($config_smtp_host) || !empty($config_smtp_provider)) && $config_ticket_client_general_notifications == 1) {
+
+ // Get contact/ticket details
+ $sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_category, ticket_subject, ticket_details, ticket_priority, ticket_status, ticket_created_by, ticket_assigned_to, ticket_client_id FROM tickets
+ LEFT JOIN clients ON ticket_client_id = client_id
+ LEFT JOIN contacts ON ticket_contact_id = contact_id
+ WHERE ticket_id = $ticket_id");
+ $row = mysqli_fetch_assoc($sql);
+
+ $contact_name = sanitizeInput($row['contact_name']);
+ $contact_email = sanitizeInput($row['contact_email']);
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_category = sanitizeInput($row['ticket_category']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
+ $ticket_priority = sanitizeInput($row['ticket_priority']);
+ $ticket_status = sanitizeInput($row['ticket_status']);
+ $ticket_status_name = sanitizeInput(getTicketStatusName($row['ticket_status']));
+ $client_id = intval($row['ticket_client_id']);
+ $ticket_created_by = intval($row['ticket_created_by']);
+ $ticket_assigned_to = intval($row['ticket_assigned_to']);
+
+ // Get Company Phone Number
+ $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
+ $row = mysqli_fetch_assoc($sql);
+ $company_name = sanitizeInput($row['company_name']);
+ $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
+
+ // EMAILING
+
+ $subject = "Ticket Created [$ticket_prefix$ticket_number] - $ticket_subject";
+ $body = "##- Please type your reply above this line -## View ticket $config_ticket_prefix$ticket_number created");
+
+ redirect("ticket.php?client_id=$client_id&ticket_id=$ticket_id");
+
+}
+
+if (isset($_POST['edit_ticket'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_id = intval($_POST['ticket_id']);
+ $contact_id = intval($_POST['contact']);
+ $assigned_to = intval($_POST['assigned_to']);
+ $notify = intval($_POST['contact_notify'] ?? 0);
+ $category_id = intval($_POST['category']);
+ $ticket_subject = sanitizeInput($_POST['subject']);
+ $billable = intval($_POST['billable'] ?? 0);
+ $ticket_priority = sanitizeInput($_POST['priority']);
+ $details = mysqli_real_escape_string($mysqli, $_POST['details']);
+ $vendor_ticket_number = sanitizeInput($_POST['vendor_ticket_number']);
+ $vendor_id = intval($_POST['vendor']);
+ $asset_id = intval($_POST['asset']);
+ $location_id = intval($_POST['location']);
+ $project_id = intval($_POST['project']);
+ // Validate/clean due field
+ $dueInput = $_POST['due'] ?? null;
+ if ($dueInput === null || trim($dueInput) === '') {
+ $due = 'NULL'; // prepare as SQL-safe string
+ } else {
+ $d = DateTime::createFromFormat('Y-m-d\TH:i', $dueInput); // for ##- Please type your reply above this line -## View ticket $ticket_prefix$ticket_number updated");
+
+ redirect();
+
+}
+
+if (isset($_POST['edit_ticket_priority'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_id = intval($_POST['ticket_id']);
+ $priority = sanitizeInput($_POST['priority']);
+ $client_id = intval($_POST['client_id']);
+
+ // Get ticket details before updating
+ $sql = mysqli_query($mysqli, "SELECT
+ ticket_prefix, ticket_number, ticket_priority, ticket_status_name, ticket_client_id
+ FROM tickets
+ LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+ WHERE ticket_id = $ticket_id"
+ );
+ $row = mysqli_fetch_assoc($sql);
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $original_priority = sanitizeInput($row['ticket_priority']);
+ $ticket_status = sanitizeInput($row['ticket_status_name']);
+ $client_id = intval($row['ticket_client_id']);
+
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_priority = '$priority' WHERE ticket_id = $ticket_id");
+
+ // Update Ticket History
+ mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status', ticket_history_description = '$session_name changed priority from $original_priority to $priority', ticket_history_ticket_id = $ticket_id");
+
+ logAction("Ticket", "Edit", "$session_name changed priority from $original_priority to $priority for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
+
+ customAction('ticket_update', $ticket_id);
+
+ flash_alert("Priority updated from $original_priority to $priority ");
+
+ redirect();
+
+}
+
+if (isset($_POST['edit_ticket_contact'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_id = intval($_POST['ticket_id']);
+ $contact_id = intval($_POST['contact']);
+ $notify = intval($_POST['contact_notify']) ?? 0;
+
+ // Get Original contact, and ticket details
+ $sql = mysqli_query($mysqli, "SELECT
+ contact_name, ticket_prefix, ticket_number, ticket_status_name, ticket_subject, ticket_details, ticket_url_key, ticket_client_id
+ FROM tickets
+ LEFT JOIN contacts ON ticket_contact_id = contact_id
+ LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+ WHERE ticket_id = $ticket_id"
+ );
+ $row = mysqli_fetch_assoc($sql);
+
+ // Original contact
+ $original_contact_name = !empty($row['contact_name']) ? sanitizeInput($row['contact_name']) : 'No one';
+
+ // Ticket details
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_status = sanitizeInput($row['ticket_status_name']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
+ $url_key = sanitizeInput($row['ticket_url_key']);
+ $client_id = intval($row['ticket_client_id']);
+
+ // Update the contact
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_contact_id = $contact_id WHERE ticket_id = $ticket_id");
+
+ // Get New contact details
+ $sql = mysqli_query($mysqli, "SELECT contact_name, contact_email FROM contacts WHERE contact_id = $contact_id");
+ $row = mysqli_fetch_assoc($sql);
+
+ $contact_name = !empty($row['contact_name']) ? sanitizeInput($row['contact_name']) : 'No one';
+ $contact_email = sanitizeInput($row['contact_email']);
+
+ // Notify new contact (if selected, valid & configured)
+ if ($notify && filter_var($contact_email, FILTER_VALIDATE_EMAIL) && (!empty($config_smtp_host) || !empty($config_smtp_provider))) {
+
+ // Get Company Phone Number
+ $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
+ $row = mysqli_fetch_assoc($sql);
+ $company_name = sanitizeInput($row['company_name']);
+ $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
+
+ $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
+ $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
+
+ // Email content
+ $data = []; // Queue array
+
+ $subject = "Ticket Created - [$ticket_prefix$ticket_number] - $ticket_subject";
+ $body = "##- Please type your reply above this line -## View ticket $original_contact_name to $contact_name ");
+
+ redirect();
+
+}
+
+if (isset($_POST['edit_ticket_project'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_id = intval($_POST['ticket_id']);
+ $project_id = intval($_POST['project']);
+
+ $project_name = sanitizeInput(getFieldById('projects', $project_id, 'project_name'));
+ $client_id = intval(getFieldById('tickets', $ticket_id, 'ticket_client_id'));
+ $ticket_prefix = sanitizeInput(getFieldById('tickets', $ticket_id, 'ticket_prefix'));
+ $ticket_number = sanitizeInput(getFieldById('tickets', $ticket_id, 'ticket_number'));
+
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id");
+
+ logAction("Ticket", "Edit", "$session_name set ticket $ticket_prefix$ticket_number project to $project_name", $client_id, $ticket_id);
+
+ flash_alert("Project changed to $project_name for Ticket $ticket_prefix$ticket_number ");
+
+ redirect();
+
+}
+
+if (isset($_POST['add_ticket_watcher'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_id = intval($_POST['ticket_id']);
+ $watcher_emails = preg_split("/,| |;/", $_POST['watcher_email']); // Split on comma, semicolon or space, we sanitize later
+ $notify = intval($_POST['watcher_notify'] ?? 0);
+
+ // Get contact/ticket details
+ $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_category, ticket_subject, ticket_details, ticket_priority, ticket_status_name, ticket_url_key, ticket_created_by, ticket_assigned_to, ticket_client_id FROM tickets
+ LEFT JOIN clients ON ticket_client_id = client_id
+ LEFT JOIN contacts ON ticket_contact_id = contact_id
+ LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+ WHERE ticket_id = $ticket_id
+ AND ticket_closed_at IS NULL");
+ $row = mysqli_fetch_assoc($sql);
+
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_category = sanitizeInput($row['ticket_category']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
+ $ticket_priority = sanitizeInput($row['ticket_priority']);
+ $ticket_status = sanitizeInput($row['ticket_status_name']);
+ $url_key = sanitizeInput($row['ticket_url_key']);
+ $client_id = intval($row['ticket_client_id']);
+ $ticket_created_by = intval($row['ticket_created_by']);
+ $ticket_assigned_to = intval($row['ticket_assigned_to']);
+
+ // Get Company Phone Number
+ $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
+ $row = mysqli_fetch_assoc($sql);
+ $company_name = sanitizeInput($row['company_name']);
+ $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
+
+ // Process each watcher in list
+ foreach ($watcher_emails as $watcher_email) {
+
+ if (filter_var($watcher_email, FILTER_VALIDATE_EMAIL)) {
+
+ $watcher_email = sanitizeInput($watcher_email);
+
+ mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$watcher_email', watcher_ticket_id = $ticket_id");
+
+ // Notify watcher
+ if ($notify && (!empty($config_smtp_host) || !empty($config_smtp_provider))) {
+
+
+
+ // Email content
+ $data = []; // Queue array
+
+ $subject = "Ticket Notification - [$ticket_prefix$ticket_number] - $ticket_subject";
+ $body = "##- Please type your reply above this line -## $watcher_email ", 'error');
+
+ redirect();
+
+}
+
+if (isset($_GET['delete_ticket_additional_asset'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $asset_id = intval($_GET['delete_ticket_additional_asset']);
+ $ticket_id = intval($_GET['ticket_id']);
+
+ // Get ticket / asset details for logging
+ $sql = mysqli_query($mysqli, "SELECT asset_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM assets
+ JOIN tickets ON ticket_id = $ticket_id
+ JOIN ticket_statuses ON ticket_status = ticket_status_id
+ WHERE asset_id = $asset_id"
+ );
+ $row = mysqli_fetch_assoc($sql);
+
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_status_name = sanitizeInput($row['ticket_status_name']);
+ $asset_name = sanitizeInput($row['asset_name']);
+ $client_id = intval($row['ticket_client_id']);
+
+ mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id AND asset_id = $asset_id");
+
+ // History
+ mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status_name', ticket_history_description = '$session_name removed additional asset $asset_name', ticket_history_ticket_id = $ticket_id");
+
+ logAction("Ticket", "Edit", "$session_name removed asset $asset_name from ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
+
+ flash_alert("Removed asset $asset_name from ticket.", 'error');
+
+ redirect();
+
+}
+
+if (isset($_POST['edit_ticket_asset'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_id = intval($_POST['ticket_id']);
+ $asset_id = intval($_POST['asset']);
+
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_asset_id = $asset_id WHERE ticket_id = $ticket_id");
+
+ // Add Additional Assets
+ if (isset($_POST['additional_assets'])) {
+ mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id");
+ foreach ($_POST['additional_assets'] as $additional_asset) {
+ $additional_asset_id = intval($additional_asset);
+ mysqli_query($mysqli, "INSERT INTO ticket_assets SET ticket_id = $ticket_id, asset_id = $additional_asset_id");
+ }
+ } else {
+ // If no additional assets are provided, delete them all
+ // This handles cases where the assets input might be cleared or not set at all.
+ mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id");
+ }
+
+ // Get ticket / asset details for logging
+ $sql = mysqli_query($mysqli, "SELECT asset_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM assets
+ LEFT JOIN tickets ON ticket_asset_id = asset_id
+ LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+ WHERE ticket_id = $ticket_id"
+ );
+ $row = mysqli_fetch_assoc($sql);
+
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_status_name = sanitizeInput($row['ticket_status_name']);
+ $asset_name = sanitizeInput($row['asset_name']);
+ $client_id = intval($row['ticket_client_id']);
+
+ logAction("Ticket", "Edit", "$session_name changed asset to $asset_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
+
+ flash_alert("Ticket $ticket_prefix$ticket_number asset updated to $asset_name ");
+
+ redirect();
+
+}
+
+if (isset($_POST['edit_ticket_vendor'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_id = intval($_POST['ticket_id']);
+ $vendor_id = intval($_POST['vendor']);
+
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_vendor_id = $vendor_id WHERE ticket_id = $ticket_id");
+
+ // Get ticket / vendor details for logging
+ $sql = mysqli_query($mysqli, "SELECT vendor_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM vendors
+ LEFT JOIN tickets ON ticket_vendor_id = $vendor_id
+ LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+ WHERE ticket_id = $ticket_id"
+ );
+ $row = mysqli_fetch_assoc($sql);
+
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_status_name = sanitizeInput($row['ticket_status_name']);
+ $vendor_name = sanitizeInput($row['vendor_name']);
+ $client_id = intval($row['ticket_client_id']);
+
+ logAction("Ticket", "Edit", "$session_name set vendor to $vendor_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
+
+ flash_alert("Set vendor to $vendor_name for ticket $ticket_prefix$ticket_number ");
+
+ redirect();
+
+}
+
+if (isset($_POST['assign_ticket'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ // POST variables
+ $ticket_id = intval($_POST['ticket_id']);
+ $assigned_to = intval($_POST['assigned_to']);
+ $ticket_status = intval($_POST['ticket_status']);
+
+ // New > Open as assigned
+ if ($ticket_status == 1 && $assigned_to !== 0) {
+ $ticket_status = 2;
+ }
+
+ // Allow for un-assigning tickets
+ if ($assigned_to == 0) {
+ $ticket_reply = "Ticket unassigned.";
+ $agent_name = "No One";
+ } else {
+ // Get & verify assigned agent details
+ $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE users.user_id = $assigned_to");
+ $agent_details = mysqli_fetch_assoc($agent_details_sql);
+
+ $agent_name = sanitizeInput($agent_details['user_name']);
+ $agent_email = sanitizeInput($agent_details['user_email']);
+ $ticket_reply = "Ticket re-assigned to $agent_name.";
+
+ if (!$agent_name) {
+ flash_alert("Invalid agent!", 'error');
+ redirect();
+ }
+ }
+
+ // Get & verify ticket details
+ $ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_client_id, client_name FROM tickets LEFT JOIN clients ON ticket_client_id = client_id WHERE ticket_id = '$ticket_id' AND ticket_status != 5");
+ $ticket_details = mysqli_fetch_assoc($ticket_details_sql);
+
+ $ticket_prefix = sanitizeInput($ticket_details['ticket_prefix']);
+ $ticket_number = intval($ticket_details['ticket_number']);
+ $ticket_subject = sanitizeInput($ticket_details['ticket_subject']);
+ $client_id = intval($ticket_details['ticket_client_id']);
+ $client_name = sanitizeInput($ticket_details['client_name']);
+
+ if (!$ticket_subject) {
+ flash_alert("Invalid ticket!", 'error');
+ redirect();
+ }
+
+ if ($client_id) {
+ $client_uri = "&client_id=$client_id";
+ } else {
+ $client_uri = '';
+ }
+
+ // Update ticket & insert reply
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = $assigned_to, ticket_status = '$ticket_status' WHERE ticket_id = $ticket_id");
+
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
+
+ logAction("Ticket", "Edit", "$session_name reassigned $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id);
+
+
+ // Notification
+ if ($session_user_id != $assigned_to && $assigned_to != 0) {
+
+ // App Notification
+ mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = 'Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject has been assigned to you by $session_name', notification_action = '/agent/ticket.php?ticket_id=$ticket_id$client_uri', notification_client_id = $client_id, notification_user_id = $assigned_to");
+
+ // Email Notification
+ if ((!empty($config_smtp_host) || !empty($config_smtp_provider))) {
+
+ // Sanitize Config vars from get_settings.php
+ $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
+ $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
+ $company_name = sanitizeInput($session_company_name);
+
+ $subject = "$config_app_name - Ticket $ticket_prefix$ticket_number assigned to you - $ticket_subject";
+ $body = "Hi $agent_name, $ticket_prefix$ticket_number assigned to $agent_name ");
+
+ redirect();
+
+}
+
+if (isset($_GET['delete_ticket'])) {
+
+ validateCSRFToken($_GET['csrf_token']);
+
+ enforceUserPermission('module_support', 3);
+
+ $ticket_id = intval($_GET['delete_ticket']);
+
+ // Get Ticket and Client ID for logging and alert message
+ $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_status, ticket_closed_at, ticket_client_id FROM tickets WHERE ticket_id = $ticket_id");
+ $row = mysqli_fetch_assoc($sql);
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = sanitizeInput($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $ticket_status = sanitizeInput($row['ticket_status']);
+ $ticket_closed_at = sanitizeInput($row['ticket_closed_at']);
+ $client_id = intval($row['ticket_client_id']);
+
+ if (empty($ticket_closed_at)) {
+ mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id");
+
+ // Delete all ticket replies
+ mysqli_query($mysqli, "DELETE FROM ticket_replies WHERE ticket_reply_ticket_id = $ticket_id");
+
+ // Delete all ticket views
+ mysqli_query($mysqli, "DELETE FROM ticket_views WHERE view_ticket_id = $ticket_id");
+
+ // Delete ticket watchers
+ mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
+
+ // Delete Ticket Attachements
+ mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id");
+ removeDirectory("../uploads/tickets/$ticket_id");
+
+ // No Need to delete ticket assets as this is cascadely deleted via the database.
+
+ logAction("Ticket", "Delete", "$session_name deleted $ticket_prefix$ticket_number along with all replies", $client_id);
+
+ flash_alert("Ticket $ticket_prefix$ticket_number along with all replies deleted", 'error');
+
+ customAction('ticket_delete', $ticket_id);
+
+ redirect("tickets.php");
+ }
+
+}
+
+if (isset($_POST['bulk_delete_tickets'])) {
+
+ validateCSRFToken($_POST['csrf_token']);
+
+ enforceUserPermission('module_support', 3);
+
+ if (isset($_POST['ticket_ids'])) {
+
+ $count = count($_POST['ticket_ids']);
+
+ // Cycle through array and delete each recurring scheduled ticket
+ foreach ($_POST['ticket_ids'] as $ticket_id) {
+
+ $ticket_id = intval($ticket_id);
+ mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id");
+
+ // Delete all ticket replies
+ mysqli_query($mysqli, "DELETE FROM ticket_replies WHERE ticket_reply_ticket_id = $ticket_id");
+
+ // Delete all ticket views
+ mysqli_query($mysqli, "DELETE FROM ticket_views WHERE view_ticket_id = $ticket_id");
+
+ // Delete ticket watchers
+ mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
+
+ // Delete Ticket Attachements
+ mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id");
+ removeDirectory("../uploads/tickets/$ticket_id");
+
+ // No Need to delete ticket assets as this is cascadely deleted via the database.
+
+ logAction("Ticket", "Delete", "$session_name deleted ticket", 0, $ticket_id);
+
+ }
+
+ logAction("Ticket", "Bulk Delete", "$session_name deleted $count ticket(s)");
+
+ flash_alert("Deleted $count ticket(s)", 'error');
+ }
+
+ redirect();
+
+}
+
+if (isset($_POST['bulk_assign_ticket'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ // POST variables
+ $assign_to = intval($_POST['assign_to']);
+
+ // Get a Ticket Count
+ $ticket_count = count($_POST['ticket_ids']);
+
+ // Assign Tech to Selected Tickets
+ if (!empty($_POST['ticket_ids'])) {
+ foreach ($_POST['ticket_ids'] as $ticket_id) {
+ $ticket_id = intval($ticket_id);
+
+ $sql = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id WHERE ticket_id = $ticket_id");
+ $row = mysqli_fetch_assoc($sql);
+
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_status = intval($row['ticket_status']);
+ $ticket_name = sanitizeInput($row['ticket_name']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $client_id = intval($row['ticket_client_id']);
+
+ if ($ticket_status == 1 && $assigned_to !== 0) {
+ $ticket_status = 2;
+ }
+
+ // Allow for un-assigning tickets
+ if ($assign_to == 0) {
+ $ticket_reply = "Ticket unassigned, pending re-assignment.";
+ $agent_name = "No One";
+ } else {
+ // Get & verify assigned agent details
+ $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assign_to");
+ $agent_details = mysqli_fetch_assoc($agent_details_sql);
+
+ $agent_name = sanitizeInput($agent_details['user_name']);
+ $agent_email = sanitizeInput($agent_details['user_email']);
+ $ticket_reply = "Ticket re-assigned to $agent_name.";
+
+ if (!$agent_name) {
+ flash_alert("Invalid agent!", 'error');
+ redirect();
+ }
+ }
+
+ // Update ticket & insert reply
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = $assign_to, ticket_status = $ticket_status WHERE ticket_id = $ticket_id");
+
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
+
+ logAction("Ticket", "Edit", "$session_name reassigned ticket $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id);
+
+ customAction('ticket_assign', $ticket_id);
+
+ $tickets_assigned_body .= "$ticket_prefix$ticket_number - $ticket_subject$ticket_count Tickets to $agent_name ");
+
+ redirect();
+
+}
+
+if (isset($_POST['bulk_edit_ticket_priority'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ // POST variables
+ $priority = sanitizeInput($_POST['bulk_priority']);
+
+ // Assign Tech to Selected Tickets
+ if (isset($_POST['ticket_ids'])) {
+
+ // Get a Ticket Count
+ $ticket_count = count($_POST['ticket_ids']);
+
+ foreach ($_POST['ticket_ids'] as $ticket_id) {
+ $ticket_id = intval($ticket_id);
+
+ $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
+ $row = mysqli_fetch_assoc($sql);
+
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $original_ticket_priority = sanitizeInput($row['ticket_priority']);
+ $client_id = intval($row['ticket_client_id']);
+
+ // Update ticket & insert reply
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_priority = '$priority' WHERE ticket_id = $ticket_id");
+
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$session_name updated the priority from $current_ticket_priority to $priority', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
+
+ logAction("Ticket", "Edit", "$session_name updated the priority on ticket $ticket_prefix$ticket_number - $ticket_subject from $original_ticket_priority to $priority", $client_id, $ticket_id);
+
+ customAction('ticket_update', $ticket_id);
+ } // End For Each Ticket ID Loop
+
+ logAction("Ticket", " Bulk Edit", "$session_name updated the priority on $ticket_count");
+
+ flash_alert("You updated the priority for $ticket_count Tickets to $priority ");
+ }
+
+ redirect();
+
+}
+
+if (isset($_POST['bulk_edit_ticket_category'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ // POST variables
+ $category_id = intval($_POST['bulk_category']);
+
+ // Assign Tech to Selected Tickets
+ if (isset($_POST['ticket_ids'])) {
+
+ // Get a Ticket Count
+ $ticket_count = count($_POST['ticket_ids']);
+
+ foreach ($_POST['ticket_ids'] as $ticket_id) {
+ $ticket_id = intval($ticket_id);
+
+ $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, category_name, ticket_client_id FROM tickets LEFT JOIN categories ON ticket_category = category_id WHERE ticket_id = $ticket_id");
+ $row = mysqli_fetch_assoc($sql);
+
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $previous_ticket_category_name = sanitizeInput($row['category_name']);
+ $client_id = intval($row['ticket_client_id']);
+
+ // Get Category Name
+ $category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
+
+ // Update ticket
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_category = '$category_id' WHERE ticket_id = $ticket_id");
+
+ logAction("Ticket", "Edit", "$session_name updated the category on ticket $ticket_prefix$ticket_number - $ticket_subject from $previous_category_name to $category_name", $client_id, $ticket_id);
+
+ customAction('ticket_update', $ticket_id);
+ } // End For Each Ticket ID Loop
+
+ logAction("Ticket", " Bulk Edit", "$session_name updated the category to $category_name on $ticket_count");
+
+ flash_alert("Category set to $category_name for $ticket_count Tickets");
+ }
+
+ redirect();
+
+}
+
+if (isset($_POST['bulk_merge_tickets'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $merge_into_ticket_number = intval($_POST['merge_into_ticket_number']); // Parent ticket *number*
+ $merge_comment = sanitizeInput($_POST['merge_comment']); // Merge comment
+ $ticket_reply_type = 'Internal'; // Default all replies to internal
+
+ // NEW PARENT ticket details
+ // Get merge into ticket id (as it may differ from the number)
+ $sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_number = $merge_into_ticket_number");
+ if (mysqli_num_rows($sql) == 0) {
+ flash_alert("Cannot merge into that ticket.", 'error');
+ redirect();
+ }
+ $merge_row = mysqli_fetch_assoc($sql);
+ $merge_into_ticket_id = intval($merge_row['ticket_id']); // Parent ticket ID
+
+ // Update & Close the selected tickets
+ if (isset($_POST['ticket_ids'])) {
+
+ $ticket_count = count($_POST['ticket_ids']); // Get a ticket count
+
+ foreach ($_POST['ticket_ids'] as $ticket_id) {
+ $ticket_id = intval($ticket_id);
+
+ if ($ticket_id !== $merge_into_ticket_id) {
+
+ $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
+ $row = mysqli_fetch_assoc($sql);
+
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
+ $current_ticket_priority = sanitizeInput($row['ticket_priority']);
+ $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
+ $client_id = intval($row['ticket_client_id']);
+
+ // Update current ticket
+ if (empty($ticket_first_response_at)) {
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
+ }
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number bulk merged into $ticket_prefix$merge_into_ticket_number . Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '5', ticket_resolved_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli));
+
+ // Update new parent ticket
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was bulk merged into this ticket with comment: $merge_comment.$ticket_subject $ticket_count tickets merged into $ticket_prefix$merge_into_ticket_number ");
+
+ }
+
+ redirect();
+
+}
+
+if (isset($_POST['bulk_resolve_tickets'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ // POST variables
+ $details = mysqli_escape_string($mysqli, $_POST['bulk_details']);
+ $ticket_reply_time_worked = sanitizeInput($_POST['time']);
+ $private_note = intval($_POST['bulk_private_note']);
+ if ($private_note == 1) {
+ $ticket_reply_type = 'Internal';
+ } else {
+ $ticket_reply_type = 'Public';
+ }
+
+ // Resolve Selected Tickets
+ if (isset($_POST['ticket_ids'])) {
+
+ // Intitialze the counts before the loop
+ $ticket_count = 0;
+ $skipped_count = 0;
+
+ foreach ($_POST['ticket_ids'] as $ticket_id) {
+ $ticket_id = intval($ticket_id);
+
+ // Check to make sure Tasks are complete before resolving
+ $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('task_id') AS num FROM tasks WHERE task_completed_at IS NULL AND task_ticket_id = $ticket_id"));
+ $num_of_open_tasks = $row['num'];
+
+ if ($num_of_open_tasks == 0) {
+ // Count the Ticket Loop
+ $ticket_count++;
+
+ $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
+ $row = mysqli_fetch_assoc($sql);
+
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $current_ticket_priority = sanitizeInput($row['ticket_priority']);
+ $url_key = sanitizeInput($row['ticket_url_key']);
+ $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
+ $client_id = intval($row['ticket_client_id']);
+
+ // Mark FR time if required
+ if (empty($ticket_first_response_at)) {
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
+ }
+
+ // Update ticket & insert reply
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 4, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
+
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$details', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
+
+ logAction("Ticket", "Resolve", "$session_name resolved $ticket_prefix$ticket_number - $ticket_subject", $client_id, $ticket_id);
+
+ customAction('ticket_resolve', $ticket_id);
+
+ // Client notification email
+ if ((!empty($config_smtp_host) || !empty($config_smtp_provider)) && $config_ticket_client_general_notifications == 1 && $private_note == 0) {
+
+ // Get Contact details
+ $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email FROM tickets
+ LEFT JOIN contacts ON ticket_contact_id = contact_id
+ WHERE ticket_id = $ticket_id
+ ");
+ $row = mysqli_fetch_assoc($ticket_sql);
+
+ $contact_name = sanitizeInput($row['contact_name']);
+ $contact_email = sanitizeInput($row['contact_email']);
+
+ // Sanitize Config vars from get_settings.php
+ $from_name = sanitizeInput($config_ticket_from_name);
+ $from_email = sanitizeInput($config_ticket_from_email);
+ $base_url = sanitizeInput($config_base_url);
+
+ // Get Company Info
+ $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
+ $row = mysqli_fetch_assoc($sql);
+ $company_name = sanitizeInput($row['company_name']);
+ $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
+
+ // EMAIL
+ $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)";
+ $body = "##- Please type your reply above this line -## re-open to let us know! $ticket_count Tickets");
+
+ if ($skipped_count > 0) {
+ flash_alert("Resolved $ticket_count Tickets $skipped_count ticket(s) could not be resolved because they have open tasks.", 'info');
+ }
+
+ redirect();
+
+}
+
+if (isset($_POST['bulk_ticket_reply'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ // POST variables
+ $ticket_reply = mysqli_escape_string($mysqli, $_POST['bulk_reply_details']);
+ $ticket_status = intval($_POST['bulk_status']);
+ $ticket_reply_time_worked = sanitizeInput($_POST['time']);
+ $private_note = intval($_POST['bulk_private_reply']);
+ if ($private_note == 1) {
+ $ticket_reply_type = 'Internal';
+ } else {
+ $ticket_reply_type = 'Public';
+ }
+
+ // Loop Through Tickets and Add Reply along with Email notifications
+ if (isset($_POST['ticket_ids'])) {
+
+ // Get a Ticket Count
+ $ticket_count = count($_POST['ticket_ids']);
+
+ foreach ($_POST['ticket_ids'] as $ticket_id) {
+ $ticket_id = intval($ticket_id);
+
+ $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
+ $row = mysqli_fetch_assoc($sql);
+
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $current_ticket_priority = sanitizeInput($row['ticket_priority']);
+ $url_key = sanitizeInput($row['ticket_url_key']);
+ $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
+ $client_id = intval($row['ticket_client_id']);
+
+ if ($client_id) {
+ $client_uri = "&client_id=$client_id";
+ } else {
+ $client_uri = '';
+ }
+
+ // Mark FR time if required
+ if (empty($ticket_first_response_at)) {
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
+ }
+
+ // Add reply
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
+
+ $ticket_reply_id = mysqli_insert_id($mysqli);
+
+ // Update Ticket Status
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '$ticket_status' WHERE ticket_id = $ticket_id");
+
+ logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id);
+
+ // Custom action/notif handler
+ if ($ticket_reply_type == 'Internal') {
+ customAction('ticket_reply_agent_internal', $ticket_id);
+ } else {
+ customAction('reply_reply_agent_public', $ticket_id);
+ }
+
+ // Resolve the ticket, if set
+ if ($ticket_status == 4) {
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
+
+ // Logging
+ logAction("Ticket", "Resolved", "$session_name resolved Ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
+
+ customAction('ticket_resolve', $ticket_id);
+ }
+
+ // Get Contact Details
+ $sql = mysqli_query(
+ $mysqli,
+ "SELECT contact_name, contact_email, ticket_created_by, ticket_assigned_to
+ FROM tickets
+ LEFT JOIN contacts ON ticket_contact_id = contact_id
+ WHERE ticket_id = $ticket_id"
+ );
+
+ $row = mysqli_fetch_assoc($sql);
+
+ $contact_name = sanitizeInput($row['contact_name']);
+ $contact_email = sanitizeInput($row['contact_email']);
+ $ticket_created_by = intval($row['ticket_created_by']);
+ $ticket_assigned_to = intval($row['ticket_assigned_to']);
+
+ // Sanitize Config vars from get_settings.php
+ $from_name = sanitizeInput($config_ticket_from_name);
+ $from_email = sanitizeInput($config_ticket_from_email);
+ $base_url = sanitizeInput($config_base_url);
+
+ $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
+ $row = mysqli_fetch_assoc($sql);
+ $company_name = sanitizeInput($row['company_name']);
+ $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
+
+ // Send e-mail to client if public update & email is set up
+ if ($private_note == 0 && (!empty($config_smtp_host) || !empty($config_smtp_provider))) {
+
+ $subject = "Ticket update - [$ticket_prefix$ticket_number] - $ticket_subject";
+ $body = "##- Please type your reply above this line -## View ticket $ticket_count tickets");
+
+ redirect();
+
+}
+
+
+// Currently not UI Frontend for this
+if (isset($_POST['bulk_add_ticket_project'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ // POST variables
+ $project_id = intval($_POST['project_id']);
+
+ // Get Project Name
+ $sql = mysqli_query($mysqli, "SELECT project_name FROM projects WHERE project_id = $project_id");
+ $row = mysqli_fetch_assoc($sql);
+ $project_name = sanitizeInput($row['project_name']);
+
+ // Assign Project to Selected Tickets
+ if (isset($_POST['ticket_ids'])) {
+
+ // Get a Ticket Count
+ $ticket_count = count($_POST['ticket_ids']);
+
+ foreach ($_POST['ticket_ids'] as $ticket_id) {
+ $ticket_id = intval($ticket_id);
+
+ $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
+ $row = mysqli_fetch_assoc($sql);
+
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $current_ticket_priority = sanitizeInput($row['ticket_priority']);
+ $client_id = intval($row['ticket_client_id']);
+
+ // Update ticket & insert reply
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id");
+
+ logAction("Ticket", "Reply", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $ticket_id);
+
+
+ } // End For Each Ticket ID Loop
+
+ flash_alert("$ticket_count Tickets added to Project $project_name ");
+
+ }
+
+ redirect();
+
+}
+
+if (isset($_POST['bulk_add_asset_ticket'])) {
+
+ validateCSRFToken($_POST['csrf_token']);
+
+ enforceUserPermission('module_support', 2);
+
+ $assigned_to = intval($_POST['bulk_assigned_to']);
+ if ($assigned_to == 0) {
+ $ticket_status = 1;
+ } else {
+ $ticket_status = 2;
+ }
+ $subject = sanitizeInput($_POST['bulk_subject']);
+ $priority = sanitizeInput($_POST['bulk_priority']);
+ $category_id = intval($_POST['bulk_category']);
+ $details = mysqli_real_escape_string($mysqli, $_POST['bulk_details']);
+ $project_id = intval($_POST['bulk_project']);
+ $use_primary_contact = intval($_POST['use_primary_contact']);
+ $ticket_template_id = intval($_POST['bulk_ticket_template_id']);
+ $billable = intval($_POST['bulk_billable'] ?? 0);
+
+ // Check to see if adding a ticket by template
+ if($ticket_template_id) {
+ $sql = mysqli_query($mysqli, "SELECT * FROM ticket_templates WHERE ticket_template_id = $ticket_template_id");
+ $row = mysqli_fetch_assoc($sql);
+
+ // Override Template Subject
+ if(empty($subject)) {
+ $subject = sanitizeInput($row['ticket_template_subject']);
+ }
+ $details = mysqli_escape_string($mysqli, $row['ticket_template_details']);
+
+ // Get Associated Tasks from the ticket template
+ $sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id");
+
+ }
+
+ // Create ticket for each selected asset
+ if (isset($_POST['asset_ids'])) {
+
+ // Get a Asset Count
+ $asset_count = count($_POST['asset_ids']);
+
+ foreach ($_POST['asset_ids'] as $asset_id) {
+ $asset_id = intval($asset_id);
+
+ $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id");
+ $row = mysqli_fetch_assoc($sql);
+
+ $asset_name = sanitizeInput($row['asset_name']);
+ $client_id = intval($row['asset_client_id']);
+
+ $subject_asset_prepended = "$asset_name - $subject";
+
+ // Atomically increment and get the new ticket number
+ mysqli_query($mysqli, "
+ UPDATE settings
+ SET
+ config_ticket_next_number = LAST_INSERT_ID(config_ticket_next_number),
+ config_ticket_next_number = config_ticket_next_number + 1
+ WHERE company_id = 1
+ ");
+
+ $ticket_number = mysqli_insert_id($mysqli);
+
+ // Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
+ $config_ticket_prefix = sanitizeInput($config_ticket_prefix);
+ $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
+ $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
+ $config_base_url = sanitizeInput($config_base_url);
+
+ //Generate a unique URL key for clients to access
+ $url_key = randomString(32);
+
+ mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject_asset_prepended', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id");
+
+ $ticket_id = mysqli_insert_id($mysqli);
+
+ // Add Tasks
+ if (!empty($_POST['tasks'])) {
+ foreach ($_POST['tasks'] as $task) {
+ $task_name = sanitizeInput($task);
+ // Check that task_name is not-empty (For some reason the !empty on the array doesnt work here like in watchers)
+ if (!empty($task_name)) {
+ mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_ticket_id = $ticket_id");
+ }
+ }
+ }
+
+ // Add Tasks from Template if Template was selected
+ if($ticket_template_id) {
+ if (mysqli_num_rows($sql_task_templates) > 0) {
+ while ($row = mysqli_fetch_assoc($sql_task_templates)) {
+ $task_order = intval($row['task_template_order']);
+ $task_name = sanitizeInput($row['task_template_name']);
+
+ mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_order = $task_order, task_ticket_id = $ticket_id");
+ }
+ }
+ }
+
+ // Custom action/notif handler
+ customAction('ticket_create', $ticket_id);
+ }
+
+ logAction("Ticket", "Bulk Create", "$session_name created $asset_count tickets for $asset_count");
+
+ flash_alert("You created $asset_count tickets for the selected assets");
+
+ }
+
+ redirect();
+
+}
+
+if (isset($_POST['add_ticket_reply'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_id = intval($_POST['ticket_id']);
+ $ticket_reply = $_POST['ticket_reply']; // Reply is SQL escaped below
+ $ticket_status = intval($_POST['status']);
+ $client_id = intval($_POST['client_id']);
+
+ // Time tracking, inputs & combine into string
+ $hours = intval($_POST['hours']);
+ $minutes = intval($_POST['minutes']);
+ $seconds = intval($_POST['seconds']);
+ $ticket_reply_time_worked = sanitizeInput(sprintf("%02d:%02d:%02d", $hours, $minutes, $seconds));
+
+ // Defaults
+ $send_email = 0;
+ $ticket_reply_id = 0;
+ if ($_POST['public_reply_type'] == 1 ){
+ $ticket_reply_type = 'Public';
+ } elseif ($_POST['public_reply_type'] == 2 ) {
+ $ticket_reply_type = 'Public';
+ $send_email = 1;
+ } else {
+ $ticket_reply_type = 'Internal';
+ }
+ // Add Signature to the end of the ticket reply if not Internal and if there is reply
+ if ($ticket_reply !== '' && $ticket_reply_type !== 'Internal' && $send_email == 1) {
+ $ticket_reply .= getFieldById('user_settings',$session_user_id,'user_config_signature', 'raw');
+ }
+
+ $ticket_reply = mysqli_escape_string($mysqli, $ticket_reply); // SQL Escape Ticket Reply
+
+ // Update Ticket Status & updated at (in case status didn't change)
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_status = $ticket_status, ticket_updated_at = NOW() WHERE ticket_id = $ticket_id");
+
+ // Resolve the ticket, if set
+ if ($ticket_status == 4) {
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
+
+ logAction("Ticket", "Resolved", "$session_name resolved Ticket ticket ID $ticket_id", $client_id, $ticket_id);
+ }
+
+ // Process reply actions, if we have a reply to work with (e.g. we're not just editing the status)
+ if (!empty($ticket_reply)) {
+
+ // Add reply
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
+
+ $ticket_reply_id = mysqli_insert_id($mysqli);
+
+ // Get Ticket Details
+ $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status, ticket_status_name, ticket_url_key, ticket_first_response_at, ticket_created_by, ticket_assigned_to, ticket_client_id
+ FROM tickets
+ LEFT JOIN clients ON ticket_client_id = client_id
+ LEFT JOIN contacts ON ticket_contact_id = contact_id
+ LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+ WHERE ticket_id = $ticket_id
+ ");
+
+ $row = mysqli_fetch_assoc($ticket_sql);
+
+ $contact_name = sanitizeInput($row['contact_name']);
+ $contact_email = sanitizeInput($row['contact_email']);
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $ticket_status = intval($row['ticket_status']);
+ $ticket_status_name = sanitizeInput($row['ticket_status_name']);
+ $url_key = sanitizeInput($row['ticket_url_key']);
+ $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
+ $ticket_created_by = intval($row['ticket_created_by']);
+ $ticket_assigned_to = intval($row['ticket_assigned_to']);
+ $client_id = intval($row['ticket_client_id']);
+
+ if ($client_id) {
+ $client_uri = "&client_id=$client_id";
+ } else {
+ $client_uri = '';
+ }
+
+ // Sanitize Config vars from get_settings.php
+ $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
+ $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
+ $config_base_url = sanitizeInput($config_base_url);
+
+ $sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
+ $row = mysqli_fetch_assoc($sql);
+ $company_name = sanitizeInput($row['company_name']);
+ $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
+
+ // Send e-mail to client if public update & email is set up
+ if ($ticket_reply_type == 'Public' && $send_email == 1 && (!empty($config_smtp_host) || !empty($config_smtp_provider))) {
+
+ // Slightly different email subject/text depending on if this update set auto-close
+
+ if ($ticket_status == 4) {
+ // Resolved
+ $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)";
+ $body = "##- Please type your reply above this line -## re-open to let us know! View ticket ##- Please type your reply above this line -## View ticket $ticket_prefix$ticket_number has been updated with your reply and was $ticket_reply_type ");
+
+ } else {
+ flash_alert("Ticket updated");
+ }
+
+ logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id);
+
+ redirect();
+
+}
+
+if (isset($_POST['edit_ticket_reply'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_reply_id = intval($_POST['ticket_reply_id']);
+ $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
+ $ticket_reply_type = sanitizeInput($_POST['ticket_reply_type']);
+ $ticket_reply_time_worked = sanitizeInput($_POST['time']);
+
+ $client_id = intval($_POST['client_id']);
+
+ mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_type != 'Client'") or die(mysqli_error($mysqli));
+
+ logAction("Ticket", "Reply", "$session_name edited ticket_reply", $client_id, $ticket_reply_id);
+
+ flash_alert("Ticket reply updated");
+
+ redirect();
+
+}
+
+if (isset($_POST['redact_ticket_reply'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_reply_id = intval($_POST['ticket_reply_id']);
+ $ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
+
+ $client_id = intval($_POST['client_id']);
+
+ mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id");
+
+ logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id);
+
+ flash_alert("Ticket reply redacted");
+
+ redirect();
+
+}
+
+if (isset($_GET['archive_ticket_reply'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_reply_id = intval($_GET['archive_ticket_reply']);
+
+ mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_archived_at = NOW() WHERE ticket_reply_id = $ticket_reply_id");
+
+ logAction("Ticket Reply", "Archive", "$session_name archived ticket_reply", 0, $ticket_reply_id);
+
+ flash_alert("Ticket reply archived", 'error');
+
+ redirect();
+
+}
+
+if (isset($_POST['merge_ticket'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_id = intval($_POST['ticket_id']); // Child ticket ID to be closed
+ $merge_into_ticket_number = intval($_POST['merge_into_ticket_number']); // Parent ticket *number*
+ $merge_comment = sanitizeInput($_POST['merge_comment']); // Merge comment
+ $move_replies = intval($_POST['merge_move_replies']); // Whether to move replies to the new parent ticket
+ $ticket_reply_type = 'Internal'; // Default all replies to internal
+
+ // Get current ticket details
+ $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets WHERE ticket_id = $ticket_id");
+ if (mysqli_num_rows($sql) == 0) {
+ flash_alert("No ticket with that ID found.", 'error');
+ redirect();
+ }
+ // CURRENT ticket details
+ $row = mysqli_fetch_assoc($sql);
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
+ $ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
+
+ // NEW PARENT ticket details
+ // Get merge into ticket id (as it may differ from the number)
+ $sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_client_id FROM tickets WHERE ticket_number = $merge_into_ticket_number");
+ if (mysqli_num_rows($sql) == 0) {
+ flash_alert("Cannot merge into that ticket.", 'error');
+ redirect();
+ }
+ $merge_row = mysqli_fetch_assoc($sql);
+ $merge_into_ticket_id = intval($merge_row['ticket_id']);
+ $client_id = intval($merge_row['ticket_client_id']);
+ if ($client_id) {
+ $has_client = "&client_id=$client_id";
+ } else {
+ $has_client = "";
+ }
+ // Sanity check
+ if ($ticket_number == $merge_into_ticket_number) {
+ flash_alert("Cannot merge into the same ticket.", 'error');
+ redirect();
+ }
+
+ // Move ticket replies from child > parent
+ if ($move_replies) {
+ mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_ticket_id = $merge_into_ticket_id WHERE ticket_reply_ticket_id = $ticket_id");
+ }
+
+ // Update current ticket
+ if (empty($ticket_first_response_at)) {
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
+ }
+
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number merged into $ticket_prefix$merge_into_ticket_number . Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
+
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '5', ticket_resolved_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli));
+
+ //Update new parent ticket
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was merged into this ticket with comment: $merge_comment.$ticket_subject ##- Please type your reply above this line -## re-open to let us know! View ticket here . $config_invoice_prefix$invoice_number for this ticket.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
+
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_invoice_id = $invoice_id WHERE ticket_id = $ticket_id");
+
+ logAction("Invoice", "Create", "$session_name created invoice $invoice_prefix$invoice_number from Ticket $ticket_prefix$ticket_number", $client_id, $invoice_id);
+
+ flash_alert("Invoice $invoice_prefix$invoice_number created from ticket");
+
+ redirect("invoice.php?invoice_id=$invoice_id");
+
+}
+
+if (isset($_POST['export_tickets_csv'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ if ($_POST['client_id']) {
+ $client_id = intval($_POST['client_id']);
+ $client_query = "WHERE ticket_client_id = $client_id";
+ $client_name = getFieldById('clients', $client_id, 'client_name');
+ $file_name_prepend = "$client_name-";
+ } else {
+ $client_query = '';
+ $client_name = '';
+ $file_name_prepend = "$session_company_name-";
+ }
+
+ $sql = mysqli_query(
+ $mysqli,
+ "SELECT * FROM tickets
+ LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+ $client_query ORDER BY ticket_number ASC"
+ );
+
+ if ($sql->num_rows > 0) {
+ $delimiter = ",";
+ $enclosure = '"';
+ $escape = '\\'; // backslash
+ $filename = sanitize_filename($file_name_prepend . "Tickets-" . date('Y-m-d_H-i-s') . ".csv");
+
+ //create a file pointer
+ $f = fopen('php://memory', 'w');
+
+ //set column headers
+ $fields = array('Ticket Number', 'Priority', 'Status', 'Subject', 'Date Opened', 'Date Resolved', 'Date Closed');
+ fputcsv($f, $fields, $delimiter, $enclosure, $escape);
+
+ //output each row of the data, format line as csv and write to file pointer
+ while ($row = $sql->fetch_assoc()) {
+ $lineData = array($config_ticket_prefix . $row['ticket_number'], $row['ticket_priority'], $row['ticket_status_name'], $row['ticket_subject'], $row['ticket_created_at'], $row['ticket_resolved_at'], $row['ticket_closed_at']);
+ fputcsv($f, $lineData, $delimiter, $enclosure, $escape);
+ }
+
+ //move back to beginning of file
+ fseek($f, 0);
+
+ //set headers to download file rather than displayed
+ header('Content-Type: text/csv');
+ header('Content-Disposition: attachment; filename="' . $filename . '";');
+
+ //output all remaining data on a file pointer
+ fpassthru($f);
+ }
+ exit;
+
+}
+
+if (isset($_POST['edit_ticket_billable_status'])) {
+
+ enforceUserPermission('module_support', 2);
+ enforceUserPermission('module_sales', 2);
+
+ $ticket_id = intval($_POST['ticket_id']);
+ $billable_status = intval($_POST['billable_status']);
+ if ($billable_status == 0 ) {
+ $billable_wording = "Not";
+ }
+
+ // Get ticket details for logging
+ $sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_client_id FROM tickets WHERE ticket_id = $ticket_id");
+ $row = mysqli_fetch_assoc($sql);
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $client_id = intval($row['ticket_client_id']);
+
+ mysqli_query($mysqli,"UPDATE tickets SET ticket_billable = $billable_status WHERE ticket_id = $ticket_id");
+
+ logAction("Ticket", "Edit", "$session_name marked ticket $ticket_prefix$ticket_number as $billable_wording Billable", $client_id, $ticket_id);
+
+ flash_alert("Ticket marked $billable_wording Billable ");
+
+ redirect();
+
+}
+
+if (isset($_POST['edit_ticket_schedule'])) {
+
+ enforceUserPermission('module_support', 2);
+
+ $ticket_id = intval($_POST['ticket_id']);
+ $onsite = intval($_POST['onsite']);
+ $schedule = sanitizeInput($_POST['scheduled_date_time']);
+ $ticket_link = "client/ticket.php?id=$ticket_id";
+ $full_ticket_url = "https://$config_base_url/client/ticket.php?id=$ticket_id";
+ $ticket_link_html = "$ticket_link ";
+
+ mysqli_query($mysqli,"UPDATE tickets
+ SET ticket_schedule = '$schedule', ticket_onsite = $onsite
+ WHERE ticket_id = $ticket_id"
+ );
+
+
+ // Check for other conflicting scheduled items based on 2 hr window
+ //TODO make this configurable
+ $start = date('Y-m-d H:i:s', strtotime($schedule) - 7200);
+ $end = date('Y-m-d H:i:s', strtotime($schedule) + 7200);
+ $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_schedule BETWEEN '$start' AND '$end' AND ticket_id != $ticket_id");
+ if (mysqli_num_rows($sql) > 0) {
+ $conflicting_tickets = [];
+ while ($row = mysqli_fetch_assoc($sql)) {
+ $conflicting_tickets[] = $row['ticket_id'] . " - " . $row['ticket_subject'] . " @ " . $row['ticket_schedule'];
+ }
+ }
+ $sql = mysqli_query($mysqli, "SELECT * FROM tickets
+ LEFT JOIN clients ON ticket_client_id = client_id
+ LEFT JOIN contacts ON ticket_contact_id = contact_id
+ LEFT JOIN locations on contact_location_id = location_id
+ LEFT JOIN users ON ticket_assigned_to = user_id
+ WHERE ticket_id = $ticket_id
+ ");
+
+ $row = mysqli_fetch_assoc($sql);
+
+ $client_id = intval($row['ticket_client_id']);
+ $client_name = sanitizeInput($row['client_name']);
+ $ticket_details = sanitizeInput($row['ticket_details']);
+ $contact_name = sanitizeInput($row['contact_name']);
+ $contact_email = sanitizeInput($row['contact_email']);
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $user_name = sanitizeInput($row['user_name']);
+ $user_email = sanitizeInput($row['user_email']);
+ $cal_subject = $ticket_number . ": " . $client_name . " - " . $ticket_subject;
+ $ticket_details_truncated = substr($ticket_details, 0, 100);
+ $cal_description = $ticket_details_truncated . " - " . $full_ticket_url;
+ $cal_location = sanitizeInput($row["location_address"]);
+ $email_datetime = date('l, F j, Y \a\t g:ia', strtotime($schedule));
+
+ if ($client_id) {
+ $client_uri = "&client_id=$client_id";
+ } else {
+ $client_uri = '';
+ }
+
+ // Sanitize Config Vars
+ $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
+ $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
+ $session_company_name = sanitizeInput($session_company_name);
+
+
+ /// Create iCal event
+ $cal_str = createiCalStr($schedule, $cal_subject, $cal_description, $cal_location);
+
+ // Notify the agent of the scheduled work
+ $data[] = [
+ 'from' => $config_ticket_from_email,
+ 'from_name' => $config_ticket_from_name,
+ 'recipient' => $user_email,
+ 'recipient_name' => $user_name,
+ 'subject' => "Ticket Scheduled - [$ticket_prefix$ticket_number] - $ticket_subject",
+ 'body' => "Hello, " . $user_name . "$ticket_link Access your ticket here
+ Ticket: $ticket_prefix$ticket_numberSubject: $ticket_subject
+ This is an automated message. Please do not reply directly to this email.
+
"),
+ 'cal_str' => $cal_str
+ ];
+
+ // Notify the watchers of the scheduled work
+ $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
+
+ while ($row = mysqli_fetch_assoc($sql_watchers)) {
+ $watcher_email = sanitizeInput($row['watcher_email']);
+ $data[] = [
+ 'from' => $config_ticket_from_email,
+ 'from_name' => $config_ticket_from_name,
+ 'recipient' => $watcher_email,
+ 'recipient_name' => $watcher_email,
+ 'subject' => "Ticket Scheduled - [$ticket_prefix$ticket_number] - $ticket_subject",
+ 'body' => mysqli_escape_string($mysqli, nullable_htmlentities("
+ The ticket regarding $ticket_subject has been scheduled for $email_datetime.
+ $ticket_link
+ Ticket: $ticket_prefix$ticket_numberSubject: $ticket_subjectPortal: Access the ticket here
+
+ This is an automated message. Please do not reply directly to this email.
+
")),
+ 'cal_str' => $cal_str
+ ];
+ }
+ }
+
+ // Send
+ $response = addToMailQueue($data);
+
+ // Update ticket reply
+ $ticket_reply_note = "Ticket scheduled for $email_datetime " . (boolval($onsite) ? '(onsite).' : '(remote).');
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
+
+ logAction("Ticket", "Edit", "$session_name edited ticket schedule", $client_id, $ticket_id);
+
+ customAction('ticket_schedule', $ticket_id);
+
+ if (empty($conflicting_tickets)) {
+ flash_alert("Ticket scheduled for $email_datetime");
+ redirect();
+ } else {
+ $_SESSION['alert_type'] = "error";
+ flash_alert("Ticket scheduled for $email_datetime. Yet there are conflicting tickets scheduled for the same time: $ticket_link Access your ticket here
+ Ticket: $ticket_prefix$ticket_numberSubject: $ticket_subject
+ This is an automated message. Please do not reply directly to this email.
+
"),
+ 'cal_str' => $cal_str
+ ];
+
+ // Notify the watchers of the cancellation
+ $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
+ while ($row = mysqli_fetch_assoc($sql_watchers)) {
+ $watcher_email = sanitizeInput($row['watcher_email']);
+ $data[] = [
+ 'from' => $config_ticket_from_email,
+ 'from_name' => $config_ticket_from_name,
+ 'recipient' => $watcher_email,
+ 'recipient_name' => $watcher_email,
+ 'subject' => "Ticket Schedule Cancelled - [$ticket_prefix$ticket_number] - $ticket_subject",
+ 'body' => mysqli_escape_string($mysqli, nullable_htmlentities("
+ Scheduled work for the ticket regarding $ticket_subject has been cancelled.
+ $ticket_link
+ Ticket: $ticket_prefix$ticket_numberSubject: $ticket_subjectPortal: Access the ticket here
+
+ This is an automated message. Please do not reply directly to this email.
+
")),
+ 'cal_str' => $cal_str
+ ];
+ }
+ }
+
+ // Send email(s)
+ addToMailQueue($data);
+
+ // Update ticket reply
+ $ticket_reply_note = "Ticket schedule cancelled.";
+ mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
+
+ logAction("Ticket", "Edit", "$session_name cancelled ticket schedule", $client_id, $ticket_id);
+
+ customAction('ticket_unschedule', $ticket_id);
+
+ flash_alert("Ticket schedule cancelled", 'error');
+
+ redirect();
+
+}