Client interface and related changes

assets/default/css/theme.css

@@ -495,7 +495,7 @@ body {
 #ticketForm div.error label, #clientLogin div.error label {
   color: #a00;
 }
-#ticketForm p, #clientLogin p {
+#clientLogin p {
   clear: both;
   text-align: center;
 }
@@ -646,7 +646,7 @@ a.refresh {
 #ticketThread table th {
   text-align: left;
   border-bottom: 1px solid #aaa;
-  font-size: 11pt;
+  font-size: 12px;
   padding: 5px;
 }
 #ticketThread table td {
@@ -659,24 +659,21 @@ a.refresh {
   background: #ddd;
 }
 #ticketThread .info {
-  padding: 5px;
+  padding: 2px;
   background: #f9f9f9;
   border-top: 1px solid #ddd;
   height: 16px;
   line-height: 16px;
 }
 #ticketThread .info a {
   display: inline-block;
-  margin: 5px 20px 5px 0;
+  margin: 5px 10px 5px 0;
   padding-left: 24px;
   height: 16px;
   line-height: 16px;
   background-position: 0 50%;
   background-repeat: no-repeat;
 }
-#ticketThread .info .pdf {
-  background-image: url('../images/filetypes/pdf.png?1319636863');
-}
 
 #reply {
   margin-top: 20px;

attachment.php

@@ -15,57 +15,22 @@
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
 require('secure.inc.php');
-//TODO: alert admin on any error on this file.
-if(!$thisclient || !$thisclient->isClient() || !$_GET['id'] || !$_GET['ref']) die('Access Denied');
+require_once(INCLUDE_DIR.'class.attachment.php');
+//Basic checks
+if(!$thisclient 
+        || !$_GET['id'] 
+        || !$_GET['h']
+        || !($attachment=Attachment::lookup($_GET['id']))
+        || !($file=$attachment->getFile()))
+    die('Unknown attachment!');
+
+//Validate session access hash - we want to make sure the link is FRESH! and the user has access to the parent ticket!!
+$vhash=md5($attachment->getFileId().session_id().$file->getHash());
+if(strcasecmp(trim($_GET['h']),$vhash) 
+        || !($ticket=$attachment->getTicket()) 
+        || !$ticket->checkClientAccess($thisclient)) 
+    die('Unknown or invalid attachment');
+//Download the file..
+$file->download();
 
-$sql='SELECT attach_id,ref_id,ticket.ticket_id,ticketID,ticket.created,dept_id,file_name,file_key,email FROM '.TICKET_ATTACHMENT_TABLE.
-    ' LEFT JOIN '.TICKET_TABLE.' ticket USING(ticket_id) '.
-    ' WHERE attach_id='.db_input($_GET['id']);
-//valid ID??
-if(!($res=db_query($sql)) || !db_num_rows($res)) die('Invalid/unknown file');
-list($id,$refid,$tid,$extid,$date,$deptID,$filename,$key,$email)=db_fetch_row($res);
-
-//Still paranoid...:)...check the secret session based hash and email
-$hash=MD5($tid*$refid.session_id());
-if(!$_GET['ref'] || strcmp($hash,$_GET['ref']) || strcasecmp($thisclient->getEmail(),$email)) die('Access denied: Kwaheri');
-
-
-//see if the file actually exits.
-$month=date('my',strtotime("$date"));
-$file=rtrim($cfg->getUploadDir(),'/')."/$month/$key".'_'.$filename;
-if(!file_exists($file))
-    $file=rtrim($cfg->getUploadDir(),'/')."/$key".'_'.$filename;
-
-if(!file_exists($file)) die('Invalid Attachment');
-
-$extension =substr($filename,-3);
-switch(strtolower($extension))
-{
-  case "pdf": $ctype="application/pdf"; break;
-  case "exe": $ctype="application/octet-stream"; break;
-  case "zip": $ctype="application/zip"; break;
-  case "doc": $ctype="application/msword"; break;
-  case "xls": $ctype="application/vnd.ms-excel"; break;
-  case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
-  case "gif": $ctype="image/gif"; break;
-  case "png": $ctype="image/png"; break;
-  case "jpg": $ctype="image/jpg"; break;
-  default: $ctype="application/force-download";
-}
-header("Pragma: public");
-header("Expires: 0");
-header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
-header("Cache-Control: public"); 
-header("Content-Type: $ctype");
-$user_agent = strtolower ($_SERVER["HTTP_USER_AGENT"]);
-if ((is_integer(strpos($user_agent,"msie"))) && (is_integer(strpos($user_agent,"win")))) 
-{
-  header( "Content-Disposition: filename=".basename($filename).";" );
-} else {
-  header( "Content-Disposition: attachment; filename=".basename($filename).";" );
-}
-header("Content-Transfer-Encoding: binary");
-header("Content-Length: ".filesize($file));
-readfile($file);
-exit();
 ?>

client.inc.php

@@ -51,7 +51,7 @@
 //clear some vars
 $errors=array();
 $msg='';
-$thisclient=null;
+$thisclient=$nav=null;
 //Make sure the user is valid..before doing anything else.
 if($_SESSION['_client']['userID'] && $_SESSION['_client']['key'])
     $thisclient = new ClientSession($_SESSION['_client']['userID'],$_SESSION['_client']['key']);
@@ -60,6 +60,8 @@
 if($thisclient && $thisclient->getId() && $thisclient->isValid()){
      $thisclient->refreshSession();
 }
+/* Client specific defaults */
+define('PAGE_LIMIT',DEFAULT_PAGE_LIMIT);
 
 $nav = new UserNav($thisclient, 'home');
 ?>

include/class.client.php

@@ -4,8 +4,8 @@ class.client.php
 
     Handles everything about client
 
-    The class will undergo major changes one client's accounts are used. 
-    At the moment we will play off the email + ticket ID authentication.
+    NOTE: Please note that osTicket uses email address and ticket ID to authenticate the user*!
+          Client is modeled on the info of the ticket used to login .
 
     Peter Rotich <[email protected]>
     Copyright (c)  2006-2012 osTicket
@@ -19,75 +19,104 @@ class.client.php
 
 class Client {
 
-
     var $id;
     var $fullname;
     var $username;
-    var $passwd;
     var $email;
 
-
-    var $udata;
     var $ticket_id;
     var $ticketID;
 
-    function Client($email,$id){
+    var $ht;
+
+
+    function Client($email,$id) {
         $this->id =0;
         $this->load($id,$email);
     }
 
-    function isClient(){
-        return TRUE;
-    }
+    function load($id=0, $email='') {
 
-    function load($id,$email=''){
+        if(!$id && !($id=$this->getId()))
+            return false;
 
-        $sql='SELECT ticket_id,ticketID,name,email FROM '.TICKET_TABLE.' WHERE ticketID='.db_input($id);
-        if($email){ //don't validate...using whatever is entered.
+        $sql='SELECT ticket_id, ticketID, name, email, phone, phone_ext '
+            .' FROM '.TICKET_TABLE
+            .' WHERE ticketID='.db_input($id);
+        if($email)
             $sql.=' AND email='.db_input($email);
-        }
-        $res=db_query($sql);
-        if(!$res || !db_num_rows($res))
+
+        if(!($res=db_query($sql)) || !db_num_rows($res))
             return NULL;
 
-        $row=db_fetch_array($res);
-        $this->udata=$row;
-        $this->id         = $row['ticketID']; //placeholder
-        $this->ticket_id  = $row['ticket_id'];
-        $this->ticketID   = $row['ticketID'];
-        $this->fullname   = ucfirst($row['name']);
-        $this->username   = $row['email'];
-        $this->email      = $row['email'];
+        $this->ht = db_fetch_array($res);
+        $this->id         = $this->ht['ticketID']; //placeholder
+        $this->ticket_id  = $this->ht['ticket_id'];
+        $this->ticketID   = $this->ht['ticketID'];
+        $this->fullname   = ucfirst($this->ht['name']);
+        $this->username   = $this->ht['email'];
+        $this->email      = $this->ht['email'];
+
+        $this->stats = array();
 
         return($this->id);
     }
 
+    function reload() {
+        return $this->load();
+    }
+
+    function isClient() {
+        return TRUE;
+    }
 
-    function getId(){
+    function getId() {
         return $this->id;
     }
 
-    function getEmail(){
+    function getEmail() {
         return $this->email;
     }
 
-    function getUserName(){
+    function getUserName() {
         return $this->username;
     }
 
-    function getName(){
+    function getName() {
         return $this->fullname;
     }
+
+    function getPhone() {
+        return $this->ht['phone'];
+    }
+
+    function getPhoneExt() {
+        return $this->ht['phone_ext'];
+    }
 
     function getTicketID() {
         return $this->ticketID;
     }
 
+    function getTicketStats() {
+
+        if(!$this->stats['tickets'])
+            $this->stats['tickets'] = Ticket::getClientStats($this->getEmail());
+
+        return $this->stats['tickets'];
+    }
+
+    function getNumTickets() {
+        return ($stats=$this->getTicketStats())?($stats['open']+$stats['closed']):0;
+    }
+
+    function getNumOpenTickets() {
+        return ($stats=$this->getTicketStats())?$stats['open']:0;
+    }
+
     /* ------------- Static ---------------*/
     function lookup($id, $email) {
         return ($id && is_numeric($id) && ($c=new Client($id,$email)) && $c->getId()==$id)?$c:null;
     }
-
 }
-
 ?>

include/class.config.php

@@ -32,17 +32,20 @@ function Config($id) {
         $this->load($id);
     }
 
-    function load($id) {
+    function load($id=0) {
+        if(!$id && !($id=$this->getId()))
+            return false;
 
-        $sql='SELECT * FROM '.CONFIG_TABLE.' WHERE id='.db_input($id);
-        if($id && ($res=db_query($sql)) && db_num_rows($res)) {
-            $this->config=db_fetch_array($res);
-            $this->id=$this->config['id'];
+        $sql='SELECT * FROM '.CONFIG_TABLE
+            .' WHERE id='.db_input($id);
+        if(!($res=db_query($sql)) || !db_num_rows($res))
+            return false;
 
-            return true;
-        }
+
+        $this->config=db_fetch_array($res);
+        $this->id=$this->config['id'];
 
-        return false;
+        return true;
     }
 
     //Initialize some default values.
@@ -52,10 +55,13 @@ function init() {
     }
 
     function reload() {
-        if($this->load($this->id))
-            $this->init();
-    }
+        if(!$this->load($this->getId()))
+            return false;
+
+        $this->init();
 
+        return true;
+    }
 
     function isHelpDeskOffline() {
         return !$this->isSystemOnline();
@@ -75,7 +81,7 @@ function getVersion() {
         return '1.7 DPR';
     }
 
-    function getSchemaVersion() {
+    function getSchemaSignature() {
         return $this->config['schema_signature'];
     }
 
@@ -111,7 +117,7 @@ function getDayDateTimeFormat() {
     }
 
     function getId() {
-        return $this->config['id'];
+        return $this->id;
     }
 
     function getTitle() {
@@ -145,6 +151,10 @@ function getGracePeriod() {
     function getPasswdResetPeriod() {
         return $this->config['passwd_reset_period'];
     }
+
+    function showRelatedTickets() {
+        return $this->config['show_related_tickets'];
+    }
 
     function getClientTimeout() {
         return $this->getClientSessionTimeout();

include/class.faq.php

@@ -192,7 +192,7 @@ function getAttachmentsLinks($separator=' ',$target='') {
             /* The h key must match validation in file.php */
             $hash=$attachment['hash'].md5($attachment['id'].session_id().$attachment['hash']);
             if($attachment['size'])
-                $size=sprintf('(<i>%s</i>)',Format::file_size($attachment['size']));
+                $size=sprintf('&nbsp;<small>(<i>%s</i>)</small>',Format::file_size($attachment['size']));
 
             $str.=sprintf('<a class="Icon file" href="file.php?h=%s" target="%s">%s</a>%s&nbsp;%s',
                     $hash, $target, Format::htmlchars($attachment['name']), $size, $separator);

include/class.file.php

@@ -138,6 +138,7 @@ function download() {
         exit();
     }
 
+    /* Function assumes the files types have been validated */
     function upload($file) {
 
         if(!$file['name'] || !is_uploaded_file($file['tmp_name']))

include/class.filter.php

@@ -260,7 +260,7 @@ function apply(&$ticket, $email=null) {
         #       Set owning department (?)
         if ($this->getDeptId())     $ticket['deptId']=$this->getDeptId();
         #       Set ticket priority (?)
-        if ($this->getPriorityId()) $ticket['pri']=$this->getPriorityId();
+        if ($this->getPriorityId()) $ticket['priorityId']=$this->getPriorityId();
         #       Set SLA plan (?)
         if ($this->getSLAId())      $ticket['slaId']=$this->getSLAId();
         #       Auto-assign to (?)