if ($d !== false) {
$due = "'" . $d->format('Y-m-d H:i:s') . "'"; // wrap in quotes for SQL
} else {
$due = 'NULL'; // fallback if invalid
}
}
// Add the primary contact as the ticket contact if "Use primary contact" is checked
if ($use_primary_contact == 1) {
$sql = mysqli_query($mysqli, "SELECT contact_id FROM contacts WHERE contact_client_id = $client_id AND contact_primary = 1");
$row = mysqli_fetch_array($sql);
$contact = intval($row['contact_id']);
}
//Get the next Ticket Number and add 1 for the new ticket number
$ticket_number = $config_ticket_next_number;
$new_config_ticket_next_number = $config_ticket_next_number + 1;
// Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
$config_ticket_prefix = sanitizeInput($config_ticket_prefix);
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_base_url = sanitizeInput($config_base_url);
//Generate a unique URL key for clients to access
$url_key = randomString(156);
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_source = 'Agent', ticket_category = $category_id, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = '$billable', ticket_status = '$ticket_status', ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_vendor_id = $vendor_id, ticket_location_id = $location_id, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_url_key = '$url_key', ticket_due_at = $due, ticket_client_id = $client_id, ticket_invoice_id = 0, ticket_project_id = $project_id");
$ticket_id = mysqli_insert_id($mysqli);
// Add Tasks from Template if Template was selected
if($ticket_template_id) {
// Get Associated Tasks from the ticket template
$sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id");
if (mysqli_num_rows($sql_task_templates) > 0) {
while ($row = mysqli_fetch_array($sql_task_templates)) {
$task_order = intval($row['task_template_order']);
$task_name = sanitizeInput($row['task_template_name']);
$task_completion_estimate = intval($row['task_template_completion_estimate']);
mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_order = $task_order, task_completion_estimate = $task_completion_estimate, task_ticket_id = $ticket_id");
}
}
}
// Add Watchers
if (isset($_POST['watchers'])) {
foreach ($_POST['watchers'] as $watcher) {
$watcher_email = sanitizeInput($watcher);
mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$watcher_email', watcher_ticket_id = $ticket_id");
}
}
// Add Additional Assets
if (isset($_POST['additional_assets'])) {
foreach ($_POST['additional_assets'] as $additional_asset) {
$additional_asset_id = intval($additional_asset);
mysqli_query($mysqli, "INSERT INTO ticket_assets SET ticket_id = $ticket_id, asset_id = $additional_asset_id");
}
}
// E-mail client
if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
// Get contact/ticket details
$sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_category, ticket_subject, ticket_details, ticket_priority, ticket_status, ticket_created_by, ticket_assigned_to, ticket_client_id FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_category = sanitizeInput($row['ticket_category']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
$ticket_priority = sanitizeInput($row['ticket_priority']);
$ticket_status = sanitizeInput($row['ticket_status']);
$ticket_status_name = sanitizeInput(getTicketStatusName($row['ticket_status']));
$client_id = intval($row['ticket_client_id']);
$ticket_created_by = intval($row['ticket_created_by']);
$ticket_assigned_to = intval($row['ticket_assigned_to']);
// Get Company Phone Number
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
// EMAILING
$subject = "Ticket created [$ticket_prefix$ticket_number] - $ticket_subject";
$body = "##- Please type your reply above this line -## View ticket $config_ticket_prefix$ticket_number created");
redirect("ticket.php?ticket_id=$ticket_id");
}
if (isset($_POST['edit_ticket'])) {
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$contact_id = intval($_POST['contact']);
$notify = intval($_POST['contact_notify'] ?? 0);
$category_id = intval($_POST['category']);
$ticket_subject = sanitizeInput($_POST['subject']);
$billable = intval($_POST['billable'] ?? 0);
$ticket_priority = sanitizeInput($_POST['priority']);
$details = mysqli_real_escape_string($mysqli, $_POST['details']);
$vendor_ticket_number = sanitizeInput($_POST['vendor_ticket_number']);
$vendor_id = intval($_POST['vendor']);
$asset_id = intval($_POST['asset']);
$location_id = intval($_POST['location']);
$project_id = intval($_POST['project']);
// Validate/clean due field
$dueInput = $_POST['due'] ?? null;
if ($dueInput === null || trim($dueInput) === '') {
$due = 'NULL'; // prepare as SQL-safe string
} else {
$d = DateTime::createFromFormat('Y-m-d\TH:i', $dueInput); // for ##- Please type your reply above this line -## View ticket $ticket_prefix$ticket_number updated");
redirect();
}
if (isset($_POST['edit_ticket_priority'])) {
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$priority = sanitizeInput($_POST['priority']);
$client_id = intval($_POST['client_id']);
// Get ticket details before updating
$sql = mysqli_query($mysqli, "SELECT
ticket_prefix, ticket_number, ticket_priority, ticket_status_name, ticket_client_id
FROM tickets
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id"
);
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$original_priority = sanitizeInput($row['ticket_priority']);
$ticket_status = sanitizeInput($row['ticket_status_name']);
$client_id = intval($row['ticket_client_id']);
mysqli_query($mysqli, "UPDATE tickets SET ticket_priority = '$priority' WHERE ticket_id = $ticket_id");
// Update Ticket History
mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status', ticket_history_description = '$session_name changed priority from $original_priority to $priority', ticket_history_ticket_id = $ticket_id");
logAction("Ticket", "Edit", "$session_name changed priority from $original_priority to $priority for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
customAction('ticket_update', $ticket_id);
flash_alert("Priority updated from $original_priority to $priority ");
redirect();
}
if (isset($_POST['edit_ticket_contact'])) {
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$contact_id = intval($_POST['contact']);
$notify = intval($_POST['contact_notify']) ?? 0;
// Get Original contact, and ticket details
$sql = mysqli_query($mysqli, "SELECT
contact_name, ticket_prefix, ticket_number, ticket_status_name, ticket_subject, ticket_details, ticket_url_key, ticket_client_id
FROM tickets
LEFT JOIN contacts ON ticket_contact_id = contact_id
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id"
);
$row = mysqli_fetch_array($sql);
// Original contact
$original_contact_name = !empty($row['contact_name']) ? sanitizeInput($row['contact_name']) : 'No one';
// Ticket details
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_status = sanitizeInput($row['ticket_status_name']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
$url_key = sanitizeInput($row['ticket_url_key']);
$client_id = intval($row['ticket_client_id']);
// Update the contact
mysqli_query($mysqli, "UPDATE tickets SET ticket_contact_id = $contact_id WHERE ticket_id = $ticket_id");
// Get New contact details
$sql = mysqli_query($mysqli, "SELECT contact_name, contact_email FROM contacts WHERE contact_id = $contact_id");
$row = mysqli_fetch_array($sql);
$contact_name = !empty($row['contact_name']) ? sanitizeInput($row['contact_name']) : 'No one';
$contact_email = sanitizeInput($row['contact_email']);
// Notify new contact (if selected, valid & configured)
if ($notify && filter_var($contact_email, FILTER_VALIDATE_EMAIL) && !empty($config_smtp_host)) {
// Get Company Phone Number
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
// Email content
$data = []; // Queue array
$subject = "Ticket Created - [$ticket_prefix$ticket_number] - $ticket_subject";
$body = "##- Please type your reply above this line -## View ticket $original_contact_name to $contact_name ");
redirect();
}
if (isset($_POST['add_ticket_watcher'])) {
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$client_id = intval($_POST['client_id']);
$ticket_number = sanitizeInput($_POST['ticket_number']);
$watcher_emails = preg_split("/,| |;/", $_POST['watcher_email']); // Split on comma, semicolon or space, we sanitize later
$notify = intval($_POST['watcher_notify']);
// Process each watcher in list
foreach ($watcher_emails as $watcher_email) {
if (filter_var($watcher_email, FILTER_VALIDATE_EMAIL)) {
$watcher_email = sanitizeInput($watcher_email);
mysqli_query($mysqli, "INSERT INTO ticket_watchers SET watcher_email = '$watcher_email', watcher_ticket_id = $ticket_id");
// Notify watcher
if ($notify && !empty($config_smtp_host)) {
// Get contact/ticket details
$sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_category, ticket_subject, ticket_details, ticket_priority, ticket_status_name, ticket_url_key, ticket_created_by, ticket_assigned_to, ticket_client_id FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id
AND ticket_closed_at IS NULL");
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_category = sanitizeInput($row['ticket_category']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
$ticket_priority = sanitizeInput($row['ticket_priority']);
$ticket_status = sanitizeInput($row['ticket_status_name']);
$url_key = sanitizeInput($row['ticket_url_key']);
$client_id = intval($row['ticket_client_id']);
$ticket_created_by = intval($row['ticket_created_by']);
$ticket_assigned_to = intval($row['ticket_assigned_to']);
// Get Company Phone Number
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
// Email content
$data = []; // Queue array
$subject = "Ticket Notification - [$ticket_prefix$ticket_number] - $ticket_subject";
$body = "##- Please type your reply above this line -## $watcher_email ", 'error');
redirect();
}
if (isset($_GET['delete_ticket_additional_asset'])) {
enforceUserPermission('module_support', 2);
$asset_id = intval($_GET['delete_ticket_additional_asset']);
$ticket_id = intval($_GET['ticket_id']);
// Get ticket / asset details for logging
$sql = mysqli_query($mysqli, "SELECT asset_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM assets
JOIN tickets ON ticket_id = $ticket_id
JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE asset_id = $asset_id"
);
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_status_name = sanitizeInput($row['ticket_status_name']);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['ticket_client_id']);
mysqli_query($mysqli, "DELETE FROM ticket_assets WHERE ticket_id = $ticket_id AND asset_id = $asset_id");
// History
mysqli_query($mysqli, "INSERT INTO ticket_history SET ticket_history_status = '$ticket_status_name', ticket_history_description = '$session_name removed additional asset $asset_name', ticket_history_ticket_id = $ticket_id");
logAction("Ticket", "Edit", "$session_name removed asset $asset_name from ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
flash_alert("Removed asset $asset_name from ticket.", 'error');
redirect();
}
if (isset($_POST['edit_ticket_asset'])) {
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$asset_id = intval($_POST['asset']);
mysqli_query($mysqli, "UPDATE tickets SET ticket_asset_id = $asset_id WHERE ticket_id = $ticket_id");
// Get ticket / asset details for logging
$sql = mysqli_query($mysqli, "SELECT asset_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM assets
LEFT JOIN tickets ON ticket_asset_id = $asset_id
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id"
);
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_status_name = sanitizeInput($row['ticket_status_name']);
$asset_name = sanitizeInput($row['asset_name']);
$client_id = intval($row['ticket_client_id']);
logAction("Ticket", "Edit", "$session_name changed asset to $asset_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
flash_alert("Ticket $ticket_prefix$ticket_number asset updated to $asset_name ");
redirect();
}
if (isset($_POST['edit_ticket_vendor'])) {
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$vendor_id = intval($_POST['vendor']);
mysqli_query($mysqli, "UPDATE tickets SET ticket_vendor_id = $vendor_id WHERE ticket_id = $ticket_id");
// Get ticket / vendor details for logging
$sql = mysqli_query($mysqli, "SELECT vendor_name, ticket_prefix, ticket_number, ticket_status_name, ticket_client_id FROM vendors
LEFT JOIN tickets ON ticket_vendor_id = $vendor_id
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id"
);
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_status_name = sanitizeInput($row['ticket_status_name']);
$vendor_name = sanitizeInput($row['vendor_name']);
$client_id = intval($row['ticket_client_id']);
logAction("Ticket", "Edit", "$session_name set vendor to $vendor_name for ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
flash_alert("Set vendor to $vendor_name for ticket $ticket_prefix$ticket_number ");
redirect();
}
if (isset($_POST['assign_ticket'])) {
enforceUserPermission('module_support', 2);
// POST variables
$ticket_id = intval($_POST['ticket_id']);
$assigned_to = intval($_POST['assigned_to']);
$ticket_status = intval($_POST['ticket_status']);
// New > Open as assigned
if ($ticket_status == 1 && $assigned_to !== 0) {
$ticket_status = 2;
}
// Allow for un-assigning tickets
if ($assigned_to == 0) {
$ticket_reply = "Ticket unassigned.";
$agent_name = "No One";
} else {
// Get & verify assigned agent details
$agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE users.user_id = $assigned_to");
$agent_details = mysqli_fetch_array($agent_details_sql);
$agent_name = sanitizeInput($agent_details['user_name']);
$agent_email = sanitizeInput($agent_details['user_email']);
$ticket_reply = "Ticket re-assigned to $agent_name.";
if (!$agent_name) {
flash_alert("Invalid agent!", 'error');
redirect();
}
}
// Get & verify ticket details
$ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_client_id, client_name FROM tickets LEFT JOIN clients ON ticket_client_id = client_id WHERE ticket_id = '$ticket_id' AND ticket_status != 5");
$ticket_details = mysqli_fetch_array($ticket_details_sql);
$ticket_prefix = sanitizeInput($ticket_details['ticket_prefix']);
$ticket_number = intval($ticket_details['ticket_number']);
$ticket_subject = sanitizeInput($ticket_details['ticket_subject']);
$client_id = intval($ticket_details['ticket_client_id']);
$client_name = sanitizeInput($ticket_details['client_name']);
if (!$ticket_subject) {
flash_alert("Invalid ticket!", 'error');
redirect();
}
// Update ticket & insert reply
mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = $assigned_to, ticket_status = '$ticket_status' WHERE ticket_id = $ticket_id");
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
logAction("Ticket", "Edit", "$session_name reassigned $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id);
// Notification
if ($session_user_id != $assigned_to && $assigned_to != 0) {
// App Notification
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = 'Ticket $ticket_prefix$ticket_number - Subject: $ticket_subject has been assigned to you by $session_name', notification_action = 'ticket.php?ticket_id=$ticket_id', notification_client_id = $client_id, notification_user_id = $assigned_to");
// Email Notification
if (!empty($config_smtp_host)) {
// Sanitize Config vars from get_settings.php
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$company_name = sanitizeInput($session_company_name);
$subject = "$config_app_name - Ticket $ticket_prefix$ticket_number assigned to you - $ticket_subject";
$body = "Hi $agent_name, $ticket_prefix$ticket_number assigned to $agent_name ");
redirect();
}
if (isset($_GET['delete_ticket'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 3);
$ticket_id = intval($_GET['delete_ticket']);
// Get Ticket and Client ID for logging and alert message
$sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_status, ticket_closed_at, ticket_client_id FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = sanitizeInput($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$ticket_status = sanitizeInput($row['ticket_status']);
$ticket_closed_at = sanitizeInput($row['ticket_closed_at']);
$client_id = intval($row['ticket_client_id']);
if (empty($ticket_closed_at)) {
mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id");
// Delete all ticket replies
mysqli_query($mysqli, "DELETE FROM ticket_replies WHERE ticket_reply_ticket_id = $ticket_id");
// Delete all ticket views
mysqli_query($mysqli, "DELETE FROM ticket_views WHERE view_ticket_id = $ticket_id");
// Delete ticket watchers
mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
// Delete Ticket Attachements
mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id");
removeDirectory("../uploads/tickets/$ticket_id");
// No Need to delete ticket assets as this is cascadely deleted via the database.
logAction("Ticket", "Delete", "$session_name deleted $ticket_prefix$ticket_number along with all replies", $client_id);
flash_alert("Ticket $ticket_prefix$ticket_number along with all replies deleted", 'error');
customAction('ticket_delete', $ticket_id);
redirect("tickets.php");
}
}
if (isset($_POST['bulk_delete_tickets'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['ticket_ids'])) {
$count = count($_POST['ticket_ids']);
// Cycle through array and delete each recurring scheduled ticket
foreach ($_POST['ticket_ids'] as $ticket_id) {
$ticket_id = intval($ticket_id);
mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id");
// Delete all ticket replies
mysqli_query($mysqli, "DELETE FROM ticket_replies WHERE ticket_reply_ticket_id = $ticket_id");
// Delete all ticket views
mysqli_query($mysqli, "DELETE FROM ticket_views WHERE view_ticket_id = $ticket_id");
// Delete ticket watchers
mysqli_query($mysqli, "DELETE FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
// Delete Ticket Attachements
mysqli_query($mysqli, "DELETE FROM ticket_attachments WHERE ticket_attachment_ticket_id = $ticket_id");
removeDirectory("../uploads/tickets/$ticket_id");
// No Need to delete ticket assets as this is cascadely deleted via the database.
logAction("Ticket", "Delete", "$session_name deleted ticket", 0, $ticket_id);
}
logAction("Ticket", "Bulk Delete", "$session_name deleted $count ticket(s)");
flash_alert("Deleted $count ticket(s)", 'error');
}
redirect();
}
if (isset($_POST['bulk_assign_ticket'])) {
enforceUserPermission('module_support', 2);
// POST variables
$assign_to = intval($_POST['assign_to']);
// Get a Ticket Count
$ticket_count = count($_POST['ticket_ids']);
// Assign Tech to Selected Tickets
if (!empty($_POST['ticket_ids'])) {
foreach ($_POST['ticket_ids'] as $ticket_id) {
$ticket_id = intval($ticket_id);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_status = intval($row['ticket_status']);
$ticket_name = sanitizeInput($row['ticket_name']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$client_id = intval($row['ticket_client_id']);
if ($ticket_status == 1 && $assigned_to !== 0) {
$ticket_status = 2;
}
// Allow for un-assigning tickets
if ($assign_to == 0) {
$ticket_reply = "Ticket unassigned, pending re-assignment.";
$agent_name = "No One";
} else {
// Get & verify assigned agent details
$agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assign_to");
$agent_details = mysqli_fetch_array($agent_details_sql);
$agent_name = sanitizeInput($agent_details['user_name']);
$agent_email = sanitizeInput($agent_details['user_email']);
$ticket_reply = "Ticket re-assigned to $agent_name.";
if (!$agent_name) {
flash_alert("Invalid agent!", 'error');
redirect();
}
}
// Update ticket & insert reply
mysqli_query($mysqli, "UPDATE tickets SET ticket_assigned_to = $assign_to, ticket_status = $ticket_status WHERE ticket_id = $ticket_id");
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
logAction("Ticket", "Edit", "$session_name reassigned ticket $ticket_prefix$ticket_number to $agent_name", $client_id, $ticket_id);
customAction('ticket_assign', $ticket_id);
$tickets_assigned_body .= "$ticket_prefix$ticket_number - $ticket_subject$ticket_count Tickets to $agent_name ");
redirect();
}
if (isset($_POST['bulk_edit_ticket_priority'])) {
enforceUserPermission('module_support', 2);
// POST variables
$priority = sanitizeInput($_POST['bulk_priority']);
// Assign Tech to Selected Tickets
if (isset($_POST['ticket_ids'])) {
// Get a Ticket Count
$ticket_count = count($_POST['ticket_ids']);
foreach ($_POST['ticket_ids'] as $ticket_id) {
$ticket_id = intval($ticket_id);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$original_ticket_priority = sanitizeInput($row['ticket_priority']);
$client_id = intval($row['ticket_client_id']);
// Update ticket & insert reply
mysqli_query($mysqli, "UPDATE tickets SET ticket_priority = '$priority' WHERE ticket_id = $ticket_id");
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$session_name updated the priority from $current_ticket_priority to $priority', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
logAction("Ticket", "Edit", "$session_name updated the priority on ticket $ticket_prefix$ticket_number - $ticket_subject from $original_ticket_priority to $priority", $client_id, $ticket_id);
customAction('ticket_update', $ticket_id);
} // End For Each Ticket ID Loop
logAction("Ticket", " Bulk Edit", "$session_name updated the priority on $ticket_count");
flash_alert("You updated the priority for $ticket_count Tickets to $priority ");
}
redirect();
}
if (isset($_POST['bulk_edit_ticket_category'])) {
enforceUserPermission('module_support', 2);
// POST variables
$category_id = intval($_POST['bulk_category']);
// Assign Tech to Selected Tickets
if (isset($_POST['ticket_ids'])) {
// Get a Ticket Count
$ticket_count = count($_POST['ticket_ids']);
foreach ($_POST['ticket_ids'] as $ticket_id) {
$ticket_id = intval($ticket_id);
$sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, category_name, ticket_client_id FROM tickets LEFT JOIN categories ON ticket_category = category_id WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$previous_ticket_category_name = sanitizeInput($row['category_name']);
$client_id = intval($row['ticket_client_id']);
// Get Category Name
$category_name = sanitizeInput(getFieldById('categories', $category_id, 'category_name'));
// Update ticket
mysqli_query($mysqli, "UPDATE tickets SET ticket_category = '$category_id' WHERE ticket_id = $ticket_id");
logAction("Ticket", "Edit", "$session_name updated the category on ticket $ticket_prefix$ticket_number - $ticket_subject from $previous_category_name to $category_name", $client_id, $ticket_id);
customAction('ticket_update', $ticket_id);
} // End For Each Ticket ID Loop
logAction("Ticket", " Bulk Edit", "$session_name updated the category to $category_name on $ticket_count");
flash_alert("Category set to $category_name for $ticket_count Tickets");
}
redirect();
}
if (isset($_POST['bulk_merge_tickets'])) {
enforceUserPermission('module_support', 2);
$merge_into_ticket_number = intval($_POST['merge_into_ticket_number']); // Parent ticket *number*
$merge_comment = sanitizeInput($_POST['merge_comment']); // Merge comment
$ticket_reply_type = 'Internal'; // Default all replies to internal
// NEW PARENT ticket details
// Get merge into ticket id (as it may differ from the number)
$sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_number = $merge_into_ticket_number");
if (mysqli_num_rows($sql) == 0) {
flash_alert("Cannot merge into that ticket.", 'error');
redirect();
}
$merge_row = mysqli_fetch_array($sql);
$merge_into_ticket_id = intval($merge_row['ticket_id']); // Parent ticket ID
// Update & Close the selected tickets
if (isset($_POST['ticket_ids'])) {
$ticket_count = count($_POST['ticket_ids']); // Get a ticket count
foreach ($_POST['ticket_ids'] as $ticket_id) {
$ticket_id = intval($ticket_id);
if ($ticket_id !== $merge_into_ticket_id) {
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
$current_ticket_priority = sanitizeInput($row['ticket_priority']);
$ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
$client_id = intval($row['ticket_client_id']);
// Update current ticket
if (empty($ticket_first_response_at)) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
}
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number bulk merged into $ticket_prefix$merge_into_ticket_number . Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '5', ticket_resolved_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli));
// Update new parent ticket
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was bulk merged into this ticket with comment: $merge_comment.$ticket_subject $ticket_count tickets merged into $ticket_prefix$merge_into_ticket_number ");
}
redirect();
}
if (isset($_POST['bulk_resolve_tickets'])) {
enforceUserPermission('module_support', 2);
// POST variables
$details = mysqli_escape_string($mysqli, $_POST['bulk_details']);
$ticket_reply_time_worked = sanitizeInput($_POST['time']);
$private_note = intval($_POST['bulk_private_note']);
if ($private_note == 1) {
$ticket_reply_type = 'Internal';
} else {
$ticket_reply_type = 'Public';
}
// Resolve Selected Tickets
if (isset($_POST['ticket_ids'])) {
// Intitialze the counts before the loop
$ticket_count = 0;
$skipped_count = 0;
foreach ($_POST['ticket_ids'] as $ticket_id) {
$ticket_id = intval($ticket_id);
// Check to make sure Tasks are complete before resolving
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT COUNT('task_id') AS num FROM tasks WHERE task_completed_at IS NULL AND task_ticket_id = $ticket_id"));
$num_of_open_tasks = $row['num'];
if ($num_of_open_tasks == 0) {
// Count the Ticket Loop
$ticket_count++;
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$current_ticket_priority = sanitizeInput($row['ticket_priority']);
$url_key = sanitizeInput($row['ticket_url_key']);
$ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
$client_id = intval($row['ticket_client_id']);
// Mark FR time if required
if (empty($ticket_first_response_at)) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
}
// Update ticket & insert reply
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 4, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$details', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
logAction("Ticket", "Resolve", "$session_name resolved $ticket_prefix$ticket_number - $ticket_subject", $client_id, $ticket_id);
customAction('ticket_resolve', $ticket_id);
// Client notification email
if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1 && $private_note == 0) {
// Get Contact details
$ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email FROM tickets
LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_id = $ticket_id
");
$row = mysqli_fetch_array($ticket_sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
// Sanitize Config vars from get_settings.php
$from_name = sanitizeInput($config_ticket_from_name);
$from_email = sanitizeInput($config_ticket_from_email);
$base_url = sanitizeInput($config_base_url);
// Get Company Info
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
// EMAIL
$subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)";
$body = "##- Please type your reply above this line -## re-open to let us know! $ticket_count Tickets");
if ($skipped_count > 0) {
flash_alert("Resolved $ticket_count Tickets $skipped_count ticket(s) could not be resolved because they have open tasks.", 'info');
}
redirect();
}
if (isset($_POST['bulk_ticket_reply'])) {
enforceUserPermission('module_support', 2);
// POST variables
$ticket_reply = mysqli_escape_string($mysqli, $_POST['bulk_reply_details']);
$ticket_status = intval($_POST['bulk_status']);
$ticket_reply_time_worked = sanitizeInput($_POST['time']);
$private_note = intval($_POST['bulk_private_reply']);
if ($private_note == 1) {
$ticket_reply_type = 'Internal';
} else {
$ticket_reply_type = 'Public';
}
// Loop Through Tickets and Add Reply along with Email notifications
if (isset($_POST['ticket_ids'])) {
// Get a Ticket Count
$ticket_count = count($_POST['ticket_ids']);
foreach ($_POST['ticket_ids'] as $ticket_id) {
$ticket_id = intval($ticket_id);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$current_ticket_priority = sanitizeInput($row['ticket_priority']);
$url_key = sanitizeInput($row['ticket_url_key']);
$ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
$client_id = intval($row['ticket_client_id']);
// Mark FR time if required
if (empty($ticket_first_response_at)) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
}
// Add reply
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
$ticket_reply_id = mysqli_insert_id($mysqli);
// Update Ticket Status
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '$ticket_status' WHERE ticket_id = $ticket_id");
logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id);
// Custom action/notif handler
if ($ticket_reply_type == 'Internal') {
customAction('ticket_reply_agent_internal', $ticket_id);
} else {
customAction('reply_reply_agent_public', $ticket_id);
}
// Resolve the ticket, if set
if ($ticket_status == 4) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
// Logging
logAction("Ticket", "Resolved", "$session_name resolved Ticket $ticket_prefix$ticket_number", $client_id, $ticket_id);
customAction('ticket_resolve', $ticket_id);
}
// Get Contact Details
$sql = mysqli_query(
$mysqli,
"SELECT contact_name, contact_email, ticket_created_by, ticket_assigned_to
FROM tickets
LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_id = $ticket_id"
);
$row = mysqli_fetch_array($sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
$ticket_created_by = intval($row['ticket_created_by']);
$ticket_assigned_to = intval($row['ticket_assigned_to']);
// Sanitize Config vars from get_settings.php
$from_name = sanitizeInput($config_ticket_from_name);
$from_email = sanitizeInput($config_ticket_from_email);
$base_url = sanitizeInput($config_base_url);
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
// Send e-mail to client if public update & email is set up
if ($private_note == 0 && !empty($config_smtp_host)) {
$subject = "Ticket update - [$ticket_prefix$ticket_number] - $ticket_subject";
$body = "##- Please type your reply above this line -## View ticket $ticket_count tickets");
redirect();
}
// Currently not UI Frontend for this
if (isset($_POST['bulk_add_ticket_project'])) {
enforceUserPermission('module_support', 2);
// POST variables
$project_id = intval($_POST['project_id']);
// Get Project Name
$sql = mysqli_query($mysqli, "SELECT project_name FROM projects WHERE project_id = $project_id");
$row = mysqli_fetch_array($sql);
$project_name = sanitizeInput($row['project_name']);
// Assign Project to Selected Tickets
if (isset($_POST['ticket_ids'])) {
// Get a Ticket Count
$ticket_count = count($_POST['ticket_ids']);
foreach ($_POST['ticket_ids'] as $ticket_id) {
$ticket_id = intval($ticket_id);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$current_ticket_priority = sanitizeInput($row['ticket_priority']);
$client_id = intval($row['ticket_client_id']);
// Update ticket & insert reply
mysqli_query($mysqli, "UPDATE tickets SET ticket_project_id = $project_id WHERE ticket_id = $ticket_id");
logAction("Ticket", "Reply", "$session_name added ticket $ticket_prefix$ticket_number - $ticket_subject to project $project_name", $client_id, $ticket_id);
} // End For Each Ticket ID Loop
flash_alert("$ticket_count Tickets added to Project $project_name ");
}
redirect();
}
if (isset($_POST['bulk_add_asset_ticket'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['bulk_client']);
$assigned_to = intval($_POST['bulk_assigned_to']);
if ($assigned_to == 0) {
$ticket_status = 1;
} else {
$ticket_status = 2;
}
$subject = sanitizeInput($_POST['bulk_subject']);
$priority = sanitizeInput($_POST['bulk_priority']);
$category_id = intval($_POST['bulk_category']);
$details = mysqli_real_escape_string($mysqli, $_POST['bulk_details']);
$project_id = intval($_POST['bulk_project']);
$use_primary_contact = intval($_POST['use_primary_contact']);
$ticket_template_id = intval($_POST['bulk_ticket_template_id']);
$billable = intval($_POST['bulk_billable']);
// Check to see if adding a ticket by template
if($ticket_template_id) {
$sql = mysqli_query($mysqli, "SELECT * FROM ticket_templates WHERE ticket_template_id = $ticket_template_id");
$row = mysqli_fetch_array($sql);
// Override Template Subject
if(empty($subject)) {
$subject = sanitizeInput($row['ticket_template_subject']);
}
$details = mysqli_escape_string($mysqli, $row['ticket_template_details']);
// Get Associated Tasks from the ticket template
$sql_task_templates = mysqli_query($mysqli, "SELECT * FROM task_templates WHERE task_template_ticket_template_id = $ticket_template_id");
}
// Create ticket for each selected asset
if (isset($_POST['asset_ids'])) {
// Get a Asset Count
$asset_count = count($_POST['asset_ids']);
foreach ($_POST['asset_ids'] as $asset_id) {
$asset_id = intval($asset_id);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id");
$row = mysqli_fetch_array($sql);
$asset_name = sanitizeInput($row['asset_name']);
$subject_asset_prepended = "$asset_name - $subject";
// Get the next Ticket Number and update the config
$sql_ticket_number = mysqli_query($mysqli, "SELECT config_ticket_next_number FROM settings WHERE company_id = 1");
$ticket_number_row = mysqli_fetch_array($sql_ticket_number);
$ticket_number = intval($ticket_number_row['config_ticket_next_number']);
// Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
$config_ticket_prefix = sanitizeInput($config_ticket_prefix);
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_base_url = sanitizeInput($config_base_url);
//Generate a unique URL key for clients to access
$url_key = randomString(156);
// Increment the config ticket next number
$new_config_ticket_next_number = $ticket_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_category = $category_id, ticket_subject = '$subject_asset_prepended', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_status = $ticket_status, ticket_asset_id = $asset_id, ticket_created_by = $session_user_id, ticket_assigned_to = $assigned_to, ticket_url_key = '$url_key', ticket_client_id = $client_id, ticket_project_id = $project_id");
$ticket_id = mysqli_insert_id($mysqli);
// Update the next ticket number in the database
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Add Tasks
if (!empty($_POST['tasks'])) {
foreach ($_POST['tasks'] as $task) {
$task_name = sanitizeInput($task);
// Check that task_name is not-empty (For some reason the !empty on the array doesnt work here like in watchers)
if (!empty($task_name)) {
mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_ticket_id = $ticket_id");
}
}
}
// Add Tasks from Template if Template was selected
if($ticket_template_id) {
if (mysqli_num_rows($sql_task_templates) > 0) {
while ($row = mysqli_fetch_array($sql_task_templates)) {
$task_order = intval($row['task_template_order']);
$task_name = sanitizeInput($row['task_template_name']);
mysqli_query($mysqli,"INSERT INTO tasks SET task_name = '$task_name', task_order = $task_order, task_ticket_id = $ticket_id");
}
}
}
// Custom action/notif handler
customAction('ticket_create', $ticket_id);
}
logAction("Ticket", "Bulk Create", "$session_name created $asset_count tickets for $asset_count");
flash_alert("You created $asset_count tickets for the selected assets");
}
redirect();
}
if (isset($_POST['add_ticket_reply'])) {
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
$ticket_status = intval($_POST['status']);
$client_id = intval($_POST['client_id']);
// Time tracking, inputs & combine into string
$hours = intval($_POST['hours']);
$minutes = intval($_POST['minutes']);
$seconds = intval($_POST['seconds']);
$ticket_reply_time_worked = sanitizeInput(sprintf("%02d:%02d:%02d", $hours, $minutes, $seconds));
// Defaults
$send_email = 0;
$ticket_reply_id = 0;
if ($_POST['public_reply_type'] == 1 ){
$ticket_reply_type = 'Public';
} elseif ($_POST['public_reply_type'] == 2 ) {
$ticket_reply_type = 'Public';
$send_email = 1;
} else {
$ticket_reply_type = 'Internal';
}
// Update Ticket Status & updated at (in case status didn't change)
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = $ticket_status, ticket_updated_at = NOW() WHERE ticket_id = $ticket_id");
// Resolve the ticket, if set
if ($ticket_status == 4) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
logAction("Ticket", "Resolved", "$session_name resolved Ticket ticket ID $ticket_id", $client_id, $ticket_id);
}
// Process reply actions, if we have a reply to work with (e.g. we're not just editing the status)
if (!empty($ticket_reply)) {
// Add reply
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_time_worked = '$ticket_reply_time_worked', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
$ticket_reply_id = mysqli_insert_id($mysqli);
// Get Ticket Details
$ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status, ticket_status_name, ticket_url_key, ticket_first_response_at, ticket_created_by, ticket_assigned_to, ticket_client_id
FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = $ticket_id
");
$row = mysqli_fetch_array($ticket_sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$ticket_status = intval($row['ticket_status']);
$ticket_status_name = sanitizeInput($row['ticket_status_name']);
$url_key = sanitizeInput($row['ticket_url_key']);
$ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
$ticket_created_by = intval($row['ticket_created_by']);
$ticket_assigned_to = intval($row['ticket_assigned_to']);
$client_id = intval($row['ticket_client_id']);
// Sanitize Config vars from get_settings.php
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_base_url = sanitizeInput($config_base_url);
$sql = mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
// Send e-mail to client if public update & email is set up
if ($ticket_reply_type == 'Public' && $send_email == 1 && !empty($config_smtp_host)) {
// Slightly different email subject/text depending on if this update set auto-close
if ($ticket_status == 4) {
// Resolved
$subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)";
$body = "##- Please type your reply above this line -## re-open to let us know! View ticket ##- Please type your reply above this line -## View ticket $ticket_prefix$ticket_number has been updated with your reply and was $ticket_reply_type ");
} else {
flash_alert("Ticket updated");
}
logAction("Ticket", "Reply", "$session_name replied to ticket $ticket_prefix$ticket_number - $ticket_subject and was a $ticket_reply_type reply", $client_id, $ticket_id);
redirect();
}
if (isset($_POST['edit_ticket_reply'])) {
enforceUserPermission('module_support', 2);
$ticket_reply_id = intval($_POST['ticket_reply_id']);
$ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
$ticket_reply_type = sanitizeInput($_POST['ticket_reply_type']);
$ticket_reply_time_worked = sanitizeInput($_POST['time']);
$client_id = intval($_POST['client_id']);
mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply', ticket_reply_type = '$ticket_reply_type', ticket_reply_time_worked = '$ticket_reply_time_worked' WHERE ticket_reply_id = $ticket_reply_id AND ticket_reply_type != 'Client'") or die(mysqli_error($mysqli));
logAction("Ticket", "Reply", "$session_name edited ticket_reply", $client_id, $ticket_reply_id);
flash_alert("Ticket reply updated");
redirect();
}
if (isset($_POST['redact_ticket_reply'])) {
enforceUserPermission('module_support', 2);
$ticket_reply_id = intval($_POST['ticket_reply_id']);
$ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
$client_id = intval($_POST['client_id']);
mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply = '$ticket_reply' WHERE ticket_reply_id = $ticket_reply_id");
logAction("Ticket", "Reply", "$session_name redacted ticket_reply", $client_id, $ticket_reply_id);
flash_alert("Ticket reply redacted");
redirect();
}
if (isset($_GET['archive_ticket_reply'])) {
enforceUserPermission('module_support', 2);
$ticket_reply_id = intval($_GET['archive_ticket_reply']);
mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_archived_at = NOW() WHERE ticket_reply_id = $ticket_reply_id");
logAction("Ticket Reply", "Archive", "$session_name archived ticket_reply", 0, $ticket_reply_id);
flash_alert("Ticket reply archived", 'error');
redirect();
}
if (isset($_POST['merge_ticket'])) {
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']); // Child ticket ID to be closed
$merge_into_ticket_number = intval($_POST['merge_into_ticket_number']); // Parent ticket *number*
$merge_comment = sanitizeInput($_POST['merge_comment']); // Merge comment
$move_replies = intval($_POST['merge_move_replies']); // Whether to move replies to the new parent ticket
$ticket_reply_type = 'Internal'; // Default all replies to internal
// Get current ticket details
$sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets WHERE ticket_id = $ticket_id");
if (mysqli_num_rows($sql) == 0) {
flash_alert("No ticket with that ID found.", 'error');
redirect();
}
// CURRENT ticket details
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$ticket_details = mysqli_escape_string($mysqli, $row['ticket_details']);
$ticket_first_response_at = sanitizeInput($row['ticket_first_response_at']);
// NEW PARENT ticket details
// Get merge into ticket id (as it may differ from the number)
$sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_number = $merge_into_ticket_number");
if (mysqli_num_rows($sql) == 0) {
flash_alert("Cannot merge into that ticket.", 'error');
redirect();
}
$merge_row = mysqli_fetch_array($sql);
$merge_into_ticket_id = intval($merge_row['ticket_id']);
// Sanity check
if ($ticket_number == $merge_into_ticket_number) {
flash_alert("Cannot merge into the same ticket.", 'error');
redirect();
}
// Move ticket replies from child > parent
if ($move_replies) {
mysqli_query($mysqli, "UPDATE ticket_replies SET ticket_reply_ticket_id = $merge_into_ticket_id WHERE ticket_reply_ticket_id = $ticket_id");
}
// Update current ticket
if (empty($ticket_first_response_at)) {
mysqli_query($mysqli, "UPDATE tickets SET ticket_first_response_at = NOW() WHERE ticket_id = $ticket_id");
}
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number merged into $ticket_prefix$merge_into_ticket_number . Comment: $merge_comment', ticket_reply_time_worked = '00:01:00', ticket_reply_type = '$ticket_reply_type', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = '5', ticket_resolved_at = NOW(), ticket_closed_at = NOW(), ticket_closed_by = $session_user_id WHERE ticket_id = $ticket_id") or die(mysqli_error($mysqli));
//Update new parent ticket
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket $ticket_prefix$ticket_number was merged into this ticket with comment: $merge_comment.$ticket_subject ##- Please type your reply above this line -## re-open to let us know! View ticket here . $config_invoice_prefix$invoice_number for this ticket.', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
mysqli_query($mysqli, "UPDATE tickets SET ticket_invoice_id = $invoice_id WHERE ticket_id = $ticket_id");
logAction("Invoice", "Create", "$session_name created invoice $config_invoice_prefix$invoice_number from Ticket $ticket_prefix$ticket_number", $client_id, $invoice_id);
flash_alert("Invoice $config_invoice_prefix$invoice_number created from ticket");
redirect("invoice.php?invoice_id=$invoice_id");
}
if (isset($_POST['export_tickets_csv'])) {
enforceUserPermission('module_support', 2);
if (isset($_POST['client_id'])) {
$client_id = intval($_POST['client_id']);
$client_query = "WHERE ticket_client_id = $client_id";
} else {
$client_query = '';
}
$sql = mysqli_query(
$mysqli,
"SELECT * FROM tickets
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
$client_query ORDER BY ticket_number ASC"
);
if ($sql->num_rows > 0) {
$delimiter = ",";
$filename = "Tickets-" . date('Y-m-d') . ".csv";
//create a file pointer
$f = fopen('php://memory', 'w');
//set column headers
$fields = array('Ticket Number', 'Priority', 'Status', 'Subject', 'Date Opened', 'Date Resolved', 'Date Closed');
fputcsv($f, $fields, $delimiter);
//output each row of the data, format line as csv and write to file pointer
while ($row = $sql->fetch_assoc()) {
$lineData = array($config_ticket_prefix . $row['ticket_number'], $row['ticket_priority'], $row['ticket_status_name'], $row['ticket_subject'], $row['ticket_created_at'], $row['ticket_resolved_at'], $row['ticket_closed_at']);
fputcsv($f, $lineData, $delimiter);
}
//move back to beginning of file
fseek($f, 0);
//set headers to download file rather than displayed
header('Content-Type: text/csv');
header('Content-Disposition: attachment; filename="' . $filename . '";');
//output all remaining data on a file pointer
fpassthru($f);
}
exit;
}
if (isset($_POST['add_recurring_ticket'])) {
enforceUserPermission('module_support', 2);
require_once 'post/user/ticket_recurring_model.php';
$start_date = sanitizeInput($_POST['start_date']);
mysqli_query($mysqli, "INSERT INTO recurring_tickets SET recurring_ticket_subject = '$subject', recurring_ticket_details = '$details', recurring_ticket_priority = '$priority', recurring_ticket_frequency = '$frequency', recurring_ticket_billable = $billable, recurring_ticket_start_date = '$start_date', recurring_ticket_next_run = '$start_date', recurring_ticket_assigned_to = $assigned_to, recurring_ticket_created_by = $session_user_id, recurring_ticket_client_id = $client_id, recurring_ticket_contact_id = $contact_id, recurring_ticket_asset_id = $asset_id, recurring_ticket_category = $category");
$recurring_ticket_id = mysqli_insert_id($mysqli);
// Add Additional Assets
if (isset($_POST['additional_assets'])) {
foreach ($_POST['additional_assets'] as $additional_asset) {
$additional_asset_id = intval($additional_asset);
mysqli_query($mysqli, "INSERT INTO recurring_ticket_assets SET recurring_ticket_id = $recurring_ticket_id, asset_id = $additional_asset_id");
}
}
logAction("Recurring Ticket", "Create", "$session_name created recurring ticket for $subject - $frequency", $client_id, $recurring_ticket_id);
flash_alert("Recurring ticket $subject - $frequency created");
redirect();
}
if (isset($_POST['edit_recurring_ticket'])) {
enforceUserPermission('module_support', 2);
require_once 'post/user/ticket_recurring_model.php';
$recurring_ticket_id = intval($_POST['recurring_ticket_id']);
$next_run_date = sanitizeInput($_POST['next_date']);
mysqli_query($mysqli, "UPDATE recurring_tickets SET recurring_ticket_subject = '$subject', recurring_ticket_details = '$details', recurring_ticket_priority = '$priority', recurring_ticket_frequency = '$frequency', recurring_ticket_billable = $billable, recurring_ticket_next_run = '$next_run_date', recurring_ticket_assigned_to = $assigned_to, recurring_ticket_asset_id = $asset_id, recurring_ticket_contact_id = $contact_id, recurring_ticket_category = $category WHERE recurring_ticket_id = $recurring_ticket_id");
// Add Additional Assets
if (isset($_POST['additional_assets'])) {
mysqli_query($mysqli, "DELETE FROM recurring_ticket_assets WHERE recurring_ticket_id = $recurring_ticket_id");
foreach ($_POST['additional_assets'] as $additional_asset) {
$additional_asset_id = intval($additional_asset);
mysqli_query($mysqli, "INSERT INTO recurring_ticket_assets SET recurring_ticket_id = $recurring_ticket_id, asset_id = $additional_asset_id");
}
}
logAction("Recurring Ticket", "Edit", "$session_name edited recurring ticket $subject", $client_id, $recurring_ticket_id);
flash_alert("Recurring ticket $subject - $frequency updated");
redirect();
}
if (isset($_GET['force_recurring_ticket'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 2);
$recurring_ticket_id = intval($_GET['force_recurring_ticket']);
$sql = mysqli_query($mysqli, "SELECT * FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id");
if (mysqli_num_rows($sql) > 0) {
$row = mysqli_fetch_array($sql);
$subject = sanitizeInput($row['recurring_ticket_subject']);
$details = mysqli_real_escape_string($mysqli, $row['recurring_ticket_details']);
$priority = sanitizeInput($row['recurring_ticket_priority']);
$frequency = sanitizeInput(strtolower($row['recurring_ticket_frequency']));
$billable = intval($row['recurring_ticket_billable']);
$old_next_recurring_date = sanitizeInput($row['recurring_ticket_next_run']);
$created_id = intval($row['recurring_ticket_created_by']);
$assigned_id = intval($row['recurring_ticket_assigned_to']);
$contact_id = intval($row['recurring_ticket_contact_id']);
$client_id = intval($row['recurring_ticket_client_id']);
$asset_id = intval($row['recurring_ticket_asset_id']);
$category = intval($row['recurring_ticket_category']);
$url_key = randomString(156);
$ticket_status = 1; // Default
if ($assigned_id > 0) {
$ticket_status = 2; // Set to open if we've auto-assigned an agent
}
// Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
$config_ticket_prefix = sanitizeInput($config_ticket_prefix);
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_base_url = sanitizeInput($config_base_url);
// Assign this new ticket the next ticket number & increment config_ticket_next_number by 1 (for the next ticket)
$ticket_number = $config_ticket_next_number;
$new_config_ticket_next_number = $config_ticket_next_number + 1;
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Raise the ticket
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = '$ticket_status', ticket_billable = $billable, ticket_url_key = '$url_key', ticket_created_by = $created_id, ticket_assigned_to = $assigned_id, ticket_contact_id = $contact_id, ticket_client_id = $client_id, ticket_asset_id = $asset_id, ticket_category = $category, ticket_recurring_ticket_id = $recurring_ticket_id");
$id = mysqli_insert_id($mysqli);
// Copy Additional Assets from Recurring ticket to new ticket
mysqli_query($mysqli, "INSERT INTO ticket_assets (ticket_id, asset_id)
SELECT $id, asset_id
FROM recurring_ticket_assets
WHERE recurring_ticket_id = $recurring_ticket_id");
// Notifications
customAction('ticket_create', $id);
// Get client/contact/ticket details
$sql = mysqli_query(
$mysqli,
"SELECT client_name, contact_name, contact_email, ticket_prefix, ticket_number, ticket_priority, ticket_subject, ticket_details FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_id = $id"
);
$row = mysqli_fetch_array($sql);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
$client_name = sanitizeInput($row['client_name']);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_priority = sanitizeInput($row['ticket_priority']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$ticket_details = mysqli_real_escape_string($mysqli, $row['ticket_details']);
$data = [];
// Notify client by email their ticket has been raised, if general notifications are turned on & there is a valid contact email
if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1 && filter_var($contact_email, FILTER_VALIDATE_EMAIL)) {
$email_subject = "Ticket created - [$ticket_prefix$ticket_number] - $ticket_subject (scheduled)";
$email_body = "##- Please type your reply above this line -## $subject - $frequency deleted", 'error');
redirect();
}
if (isset($_POST['bulk_delete_recurring_tickets'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 3);
if (isset($_POST['recurring_ticket_ids'])) {
$count = count($_POST['recurring_ticket_ids']);
// Cycle through array and delete each recurring scheduled ticket
foreach ($_POST['recurring_ticket_ids'] as $recurring_ticket_id) {
$recurring_ticket_id = intval($recurring_ticket_id);
mysqli_query($mysqli, "DELETE FROM recurring_tickets WHERE recurring_ticket_id = $recurring_ticket_id");
logAction("Recurring Ticket", "Delete", "$session_name deleted recurring ticket", 0, $recurring_ticket_id);
}
logAction("Recurring Ticket", "Bulk Delete", "$session_name deleted $count recurring ticket(s)");
flash_alert("Deleted $count recurring ticket(s)", 'error');
}
redirect();
}
if (isset($_POST['edit_ticket_billable_status'])) {
enforceUserPermission('module_support', 2);
enforceUserPermission('module_sales', 2);
$ticket_id = intval($_POST['ticket_id']);
$billable_status = intval($_POST['billable_status']);
if ($billable_status == 0 ) {
$billable_wording = "Not";
}
// Get ticket details for logging
$sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_client_id FROM tickets WHERE ticket_id = $ticket_id");
$row = mysqli_fetch_array($sql);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$client_id = intval($row['ticket_client_id']);
mysqli_query($mysqli,"UPDATE tickets SET ticket_billable = $billable_status WHERE ticket_id = $ticket_id");
logAction("Ticket", "Edit", "$session_name marked ticket $ticket_prefix$ticket_number as $billable_wording Billable", $client_id, $ticket_id);
flash_alert("Ticket marked $billable_wording Billable ");
redirect();
}
if (isset($_POST['edit_ticket_schedule'])) {
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$onsite = intval($_POST['onsite']);
$schedule = sanitizeInput($_POST['scheduled_date_time']);
$ticket_link = "ticket.php?ticket_id=$ticket_id";
$full_ticket_url = "https://$config_base_url/client/ticket.php?ticket_id=$ticket_id";
$ticket_link_html = "$ticket_link ";
mysqli_query($mysqli,"UPDATE tickets
SET ticket_schedule = '$schedule', ticket_onsite = $onsite
WHERE ticket_id = $ticket_id"
);
// Check for other conflicting scheduled items based on 2 hr window
//TODO make this configurable
$start = date('Y-m-d H:i:s', strtotime($schedule) - 7200);
$end = date('Y-m-d H:i:s', strtotime($schedule) + 7200);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_schedule BETWEEN '$start' AND '$end' AND ticket_id != $ticket_id");
if (mysqli_num_rows($sql) > 0) {
$conflicting_tickets = [];
while ($row = mysqli_fetch_array($sql)) {
$conflicting_tickets[] = $row['ticket_id'] . " - " . $row['ticket_subject'] . " @ " . $row['ticket_schedule'];
}
}
$sql = mysqli_query($mysqli, "SELECT * FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id
LEFT JOIN locations on contact_location_id = location_id
LEFT JOIN users ON ticket_assigned_to = user_id
WHERE ticket_id = $ticket_id
");
$row = mysqli_fetch_array($sql);
$client_id = intval($row['ticket_client_id']);
$client_name = sanitizeInput($row['client_name']);
$ticket_details = sanitizeInput($row['ticket_details']);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
$ticket_prefix = sanitizeInput($row['ticket_prefix']);
$ticket_number = intval($row['ticket_number']);
$ticket_subject = sanitizeInput($row['ticket_subject']);
$user_name = sanitizeInput($row['user_name']);
$user_email = sanitizeInput($row['user_email']);
$cal_subject = $ticket_number . ": " . $client_name . " - " . $ticket_subject;
$ticket_details_truncated = substr($ticket_details, 0, 100);
$cal_description = $ticket_details_truncated . " - " . $full_ticket_url;
$cal_location = sanitizeInput($row["location_address"]);
$email_datetime = date('l, F j, Y \a\t g:ia', strtotime($schedule));
// Sanitize Config Vars
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
$session_company_name = sanitizeInput($session_company_name);
/// Create iCal event
$cal_str = createiCalStr($schedule, $cal_subject, $cal_description, $cal_location);
// Notify the agent of the scheduled work
$data[] = [
'from' => $config_ticket_from_email,
'from_name' => $config_ticket_from_name,
'recipient' => $user_email,
'recipient_name' => $user_name,
'subject' => "Ticket Scheduled - [$ticket_prefix$ticket_number] - $ticket_subject",
'body' => "Hello, " . $user_name . "$ticket_link Access your ticket here
Ticket: $ticket_prefix$ticket_numberSubject: $ticket_subject
This is an automated message. Please do not reply directly to this email.
"),
'cal_str' => $cal_str
];
// Notify the watchers of the scheduled work
$sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
while ($row = mysqli_fetch_array($sql_watchers)) {
$watcher_email = sanitizeInput($row['watcher_email']);
$data[] = [
'from' => $config_ticket_from_email,
'from_name' => $config_ticket_from_name,
'recipient' => $watcher_email,
'recipient_name' => $watcher_email,
'subject' => "Ticket Scheduled - [$ticket_prefix$ticket_number] - $ticket_subject",
'body' => mysqli_escape_string($mysqli, nullable_htmlentities("
The ticket regarding $ticket_subject has been scheduled for $email_datetime.
$ticket_link
Ticket: $ticket_prefix$ticket_numberSubject: $ticket_subjectPortal: Access the ticket here
This is an automated message. Please do not reply directly to this email.
")),
'cal_str' => $cal_str
];
}
}
// Send
$response = addToMailQueue($data);
// Update ticket reply
$ticket_reply_note = "Ticket scheduled for $email_datetime " . (boolval($onsite) ? '(onsite).' : '(remote).');
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
logAction("Ticket", "Edit", "$session_name edited ticket schedule", $client_id, $ticket_id);
customAction('ticket_schedule', $ticket_id);
if (empty($conflicting_tickets)) {
flash_alert("Ticket scheduled for $email_datetime");
redirect();
} else {
$_SESSION['alert_type'] = "error";
flash_alert("Ticket scheduled for $email_datetime. Yet there are conflicting tickets scheduled for the same time: $ticket_link Access your ticket here
Ticket: $ticket_prefix$ticket_numberSubject: $ticket_subject
This is an automated message. Please do not reply directly to this email.
"),
'cal_str' => $cal_str
];
// Notify the watchers of the cancellation
$sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
while ($row = mysqli_fetch_assoc($sql_watchers)) {
$watcher_email = sanitizeInput($row['watcher_email']);
$data[] = [
'from' => $config_ticket_from_email,
'from_name' => $config_ticket_from_name,
'recipient' => $watcher_email,
'recipient_name' => $watcher_email,
'subject' => "Ticket Schedule Cancelled - [$ticket_prefix$ticket_number] - $ticket_subject",
'body' => mysqli_escape_string($mysqli, nullable_htmlentities("
Scheduled work for the ticket regarding $ticket_subject has been cancelled.
$ticket_link
Ticket: $ticket_prefix$ticket_numberSubject: $ticket_subjectPortal: Access the ticket here
This is an automated message. Please do not reply directly to this email.
")),
'cal_str' => $cal_str
];
}
}
// Send email(s)
addToMailQueue($data);
// Update ticket reply
$ticket_reply_note = "Ticket schedule cancelled.";
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$ticket_reply_note', ticket_reply_type = 'Internal', ticket_reply_time_worked = '00:01:00', ticket_reply_by = $session_user_id, ticket_reply_ticket_id = $ticket_id");
logAction("Ticket", "Edit", "$session_name cancelled ticket schedule", $client_id, $ticket_id);
customAction('ticket_unschedule', $ticket_id);
flash_alert("Ticket schedule cancelled", 'error');
redirect();
}