From 9c68a315db81ff937b76c2a33c0b677dbf80b938 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 24 Mar 2024 22:54:38 +0000
Subject: [PATCH] Ticket Statuses from DB

First swing at this to share my progress, isn't ready to merge yet but would appreciate thoughts
---
 database_updates.php        |  2 +-
 portal/portal_functions.php |  2 +-
 portal/ticket.php           |  6 +++---
 portal/ticket_view_all.php  |  2 +-
 portal/tickets.php          | 12 ++++++------
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/database_updates.php b/database_updates.php
index c4b75721..8d7d2d7c 100644
--- a/database_updates.php
+++ b/database_updates.php
@@ -1691,7 +1691,7 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
 
         // Add new ticket_statuses table
         mysqli_query($mysqli, "CREATE TABLE `ticket_statuses` (
-            `ticket_status_id` INT(11) NOT NULL AUTO_INCREMENT, 
+            `ticket_status_id` INT(11) NOT NULL AUTO_INCREMENT,
             `ticket_status_name` VARCHAR(200) NOT NULL,
             `ticket_status_color` VARCHAR(200) NOT NULL,
             `ticket_status_active` TINYINT(1) NOT NULL DEFAULT '1',
diff --git a/portal/portal_functions.php b/portal/portal_functions.php
index 25f3886c..af4783ae 100644
--- a/portal/portal_functions.php
+++ b/portal/portal_functions.php
@@ -11,7 +11,7 @@ function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state)
 {
 
     // Access the global variables
-    global $mysqli, $session_contact_id, $session_contact_primary, $session_contact_is_technical_contact, $session_client_id;
+    global $mysqli, $session_contact_id, $session_contact_primary, $session_contact_is_technical_contact, $session_client_id, $config_ticket_status_id_closed;
 
     // Setup
     if ($expected_ticket_state == "Closed") {
diff --git a/portal/ticket.php b/portal/ticket.php
index cee3b2f6..84891a8b 100644
--- a/portal/ticket.php
+++ b/portal/ticket.php
@@ -32,7 +32,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
 
         $ticket_prefix = nullable_htmlentities($ticket_row['ticket_prefix']);
         $ticket_number = intval($ticket_row['ticket_number']);
-        $ticket_status = nullable_htmlentities($ticket_row['ticket_status']);
+        $ticket_status = sanitizeInput(getTicketStatusName($ticket_row['ticket_status']));
         $ticket_priority = nullable_htmlentities($ticket_row['ticket_priority']);
         $ticket_subject = nullable_htmlentities($ticket_row['ticket_subject']);
         $ticket_details = $purifier->purify($ticket_row['ticket_details']);
@@ -56,7 +56,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
                 <h4 class="mt-1">
                     Ticket <?php echo $ticket_prefix, $ticket_number ?>
                     <?php
-                    if ($ticket_status !== "Closed") { ?>
+                    if ($ticket_status !== $config_ticket_status_id_closed AND $ticket_status !== "Closed") { ?>
                         <a href="portal_post.php?close_ticket=<?php echo $ticket_id; ?>" class="btn btn-sm btn-outline-success float-right text-white confirm-link"><i class="fas fa-fw fa-check text-success"></i> Close ticket</a>
                     <?php } ?>
                 </h4>
@@ -70,7 +70,7 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
                     <br>
                     <strong>Priority:</strong> <?php echo $ticket_priority ?>
                     <br>
-                    <?php if (!empty($ticket_assigned_to) && $ticket_status !== "Closed") { ?>
+                    <?php if (!empty($ticket_assigned_to) && $ticket_status !== $config_ticket_status_id_closed && $ticket_status !== "Closed") { ?>
                         <strong>Assigned to: </strong> <?php echo $ticket_assigned_to ?>
                     <?php } ?>
                 </p>
diff --git a/portal/ticket_view_all.php b/portal/ticket_view_all.php
index 5eea42d1..f22f5c5f 100644
--- a/portal/ticket_view_all.php
+++ b/portal/ticket_view_all.php
@@ -61,7 +61,7 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
             $ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
             $ticket_number = intval($row['ticket_number']);
             $ticket_subject = nullable_htmlentities($row['ticket_subject']);
-            $ticket_status = nullable_htmlentities($row['ticket_status']);
+            $ticket_status = sanitizeInput(getTicketStatusName($row['ticket_status']));
             $ticket_contact_name = nullable_htmlentities($row['contact_name']);
 
             echo "<tr>";
diff --git a/portal/tickets.php b/portal/tickets.php
index ebd2696e..940cb358 100644
--- a/portal/tickets.php
+++ b/portal/tickets.php
@@ -13,13 +13,13 @@ require_once "inc_portal.php";
 if (!isset($_GET['status'])) {
     // If nothing is set, assume we only want to see open tickets
     $status = 'Open';
-    $ticket_status_snippet = "ticket_status != 'Closed'";
+    $ticket_status_snippet = "ticket_status != $config_ticket_status_id_closed AND ticket_status != 'Closed'";
 } elseif (isset($_GET['status']) && ($_GET['status']) == 'Open') {
     $status = 'Open';
-    $ticket_status_snippet = "ticket_status != 'Closed'";
+    $ticket_status_snippet = "ticket_status != $config_ticket_status_id_closed AND ticket_status != 'Closed'";
 } elseif (isset($_GET['status']) && ($_GET['status']) == 'Closed') {
     $status = 'Closed';
-    $ticket_status_snippet = "ticket_status = 'Closed'";
+    $ticket_status_snippet = "ticket_status = $config_ticket_status_id_closed OR ticket_status = 'Closed'";
 } else {
     $status = '%';
     $ticket_status_snippet = "ticket_status LIKE '%'";
@@ -28,12 +28,12 @@ if (!isset($_GET['status'])) {
 $contact_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts ON ticket_contact_id = contact_id WHERE $ticket_status_snippet AND ticket_contact_id = $session_contact_id AND ticket_client_id = $session_client_id ORDER BY ticket_id DESC");
 
 //Get Total tickets closed
-$sql_total_tickets_closed = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets_closed FROM tickets WHERE ticket_status = 'Closed' AND ticket_client_id = $session_client_id AND ticket_contact_id = $session_contact_id");
+$sql_total_tickets_closed = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets_closed FROM tickets WHERE ticket_status = $config_ticket_status_id_closed OR ticket_status = 'Closed' AND ticket_client_id = $session_client_id AND ticket_contact_id = $session_contact_id");
 $row = mysqli_fetch_array($sql_total_tickets_closed);
 $total_tickets_closed = intval($row['total_tickets_closed']);
 
 //Get Total tickets open
-$sql_total_tickets_open = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets_open FROM tickets WHERE ticket_status != 'Closed' AND ticket_client_id = $session_client_id AND ticket_contact_id = $session_contact_id");
+$sql_total_tickets_open = mysqli_query($mysqli, "SELECT COUNT(ticket_id) AS total_tickets_open FROM tickets WHERE ticket_status != $config_ticket_status_id_closed AND ticket_status != 'Closed' AND ticket_client_id = $session_client_id AND ticket_contact_id = $session_contact_id");
 $row = mysqli_fetch_array($sql_total_tickets_open);
 $total_tickets_open = intval($row['total_tickets_open']);
 
@@ -65,7 +65,7 @@ $total_tickets = intval($row['total_tickets']);
                 $ticket_prefix = nullable_htmlentities($row['ticket_prefix']);
                 $ticket_number = intval($row['ticket_number']);
                 $ticket_subject = nullable_htmlentities($row['ticket_subject']);
-                $ticket_status = nullable_htmlentities($row['ticket_status']);
+                $ticket_status = sanitizeInput(getTicketStatusName($row['ticket_status']));
             ?>
 
                 <tr>