diff --git a/assets/default/css/theme.css b/assets/default/css/theme.css index dde40189..c6a6242d 100644 --- a/assets/default/css/theme.css +++ b/assets/default/css/theme.css @@ -495,7 +495,7 @@ body { #ticketForm div.error label, #clientLogin div.error label { color: #a00; } -#ticketForm p, #clientLogin p { +#clientLogin p { clear: both; text-align: center; } @@ -646,7 +646,7 @@ a.refresh { #ticketThread table th { text-align: left; border-bottom: 1px solid #aaa; - font-size: 11pt; + font-size: 12px; padding: 5px; } #ticketThread table td { @@ -659,7 +659,7 @@ a.refresh { background: #ddd; } #ticketThread .info { - padding: 5px; + padding: 2px; background: #f9f9f9; border-top: 1px solid #ddd; height: 16px; @@ -667,16 +667,13 @@ a.refresh { } #ticketThread .info a { display: inline-block; - margin: 5px 20px 5px 0; + margin: 5px 10px 5px 0; padding-left: 24px; height: 16px; line-height: 16px; background-position: 0 50%; background-repeat: no-repeat; } -#ticketThread .info .pdf { - background-image: url('../images/filetypes/pdf.png?1319636863'); -} #reply { margin-top: 20px; diff --git a/attachment.php b/attachment.php index 2446f2dc..819ff586 100644 --- a/attachment.php +++ b/attachment.php @@ -15,57 +15,22 @@ vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ require('secure.inc.php'); -//TODO: alert admin on any error on this file. -if(!$thisclient || !$thisclient->isClient() || !$_GET['id'] || !$_GET['ref']) die('Access Denied'); +require_once(INCLUDE_DIR.'class.attachment.php'); +//Basic checks +if(!$thisclient + || !$_GET['id'] + || !$_GET['h'] + || !($attachment=Attachment::lookup($_GET['id'])) + || !($file=$attachment->getFile())) + die('Unknown attachment!'); + +//Validate session access hash - we want to make sure the link is FRESH! and the user has access to the parent ticket!! +$vhash=md5($attachment->getFileId().session_id().$file->getHash()); +if(strcasecmp(trim($_GET['h']),$vhash) + || !($ticket=$attachment->getTicket()) + || !$ticket->checkClientAccess($thisclient)) + die('Unknown or invalid attachment'); +//Download the file.. +$file->download(); -$sql='SELECT attach_id,ref_id,ticket.ticket_id,ticketID,ticket.created,dept_id,file_name,file_key,email FROM '.TICKET_ATTACHMENT_TABLE. - ' LEFT JOIN '.TICKET_TABLE.' ticket USING(ticket_id) '. - ' WHERE attach_id='.db_input($_GET['id']); -//valid ID?? -if(!($res=db_query($sql)) || !db_num_rows($res)) die('Invalid/unknown file'); -list($id,$refid,$tid,$extid,$date,$deptID,$filename,$key,$email)=db_fetch_row($res); - -//Still paranoid...:)...check the secret session based hash and email -$hash=MD5($tid*$refid.session_id()); -if(!$_GET['ref'] || strcmp($hash,$_GET['ref']) || strcasecmp($thisclient->getEmail(),$email)) die('Access denied: Kwaheri'); - - -//see if the file actually exits. -$month=date('my',strtotime("$date")); -$file=rtrim($cfg->getUploadDir(),'/')."/$month/$key".'_'.$filename; -if(!file_exists($file)) - $file=rtrim($cfg->getUploadDir(),'/')."/$key".'_'.$filename; - -if(!file_exists($file)) die('Invalid Attachment'); - -$extension =substr($filename,-3); -switch(strtolower($extension)) -{ - case "pdf": $ctype="application/pdf"; break; - case "exe": $ctype="application/octet-stream"; break; - case "zip": $ctype="application/zip"; break; - case "doc": $ctype="application/msword"; break; - case "xls": $ctype="application/vnd.ms-excel"; break; - case "ppt": $ctype="application/vnd.ms-powerpoint"; break; - case "gif": $ctype="image/gif"; break; - case "png": $ctype="image/png"; break; - case "jpg": $ctype="image/jpg"; break; - default: $ctype="application/force-download"; -} -header("Pragma: public"); -header("Expires: 0"); -header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); -header("Cache-Control: public"); -header("Content-Type: $ctype"); -$user_agent = strtolower ($_SERVER["HTTP_USER_AGENT"]); -if ((is_integer(strpos($user_agent,"msie"))) && (is_integer(strpos($user_agent,"win")))) -{ - header( "Content-Disposition: filename=".basename($filename).";" ); -} else { - header( "Content-Disposition: attachment; filename=".basename($filename).";" ); -} -header("Content-Transfer-Encoding: binary"); -header("Content-Length: ".filesize($file)); -readfile($file); -exit(); ?> diff --git a/client.inc.php b/client.inc.php index 5461bd2f..b714e93b 100644 --- a/client.inc.php +++ b/client.inc.php @@ -51,7 +51,7 @@ //clear some vars $errors=array(); $msg=''; -$thisclient=null; +$thisclient=$nav=null; //Make sure the user is valid..before doing anything else. if($_SESSION['_client']['userID'] && $_SESSION['_client']['key']) $thisclient = new ClientSession($_SESSION['_client']['userID'],$_SESSION['_client']['key']); @@ -60,6 +60,8 @@ if($thisclient && $thisclient->getId() && $thisclient->isValid()){ $thisclient->refreshSession(); } +/* Client specific defaults */ +define('PAGE_LIMIT',DEFAULT_PAGE_LIMIT); $nav = new UserNav($thisclient, 'home'); ?> diff --git a/images/bg.gif b/images/bg.gif deleted file mode 100644 index e20f3177..00000000 Binary files a/images/bg.gif and /dev/null differ diff --git a/images/fibres.png b/images/fibres.png deleted file mode 100644 index 7ad3ac27..00000000 Binary files a/images/fibres.png and /dev/null differ diff --git a/images/home.gif b/images/home.gif deleted file mode 100644 index b25c0781..00000000 Binary files a/images/home.gif and /dev/null differ diff --git a/images/icons/attachment.gif b/images/icons/attachment.gif deleted file mode 100644 index 4400e61e..00000000 Binary files a/images/icons/attachment.gif and /dev/null differ diff --git a/images/icons/refresh.gif b/images/icons/refresh.gif deleted file mode 100644 index 8268958a..00000000 Binary files a/images/icons/refresh.gif and /dev/null differ diff --git a/images/icons/thread.gif b/images/icons/thread.gif deleted file mode 100644 index bffd6b0b..00000000 Binary files a/images/icons/thread.gif and /dev/null differ diff --git a/images/icons/ticket.gif b/images/icons/ticket.gif deleted file mode 100644 index 4304ea79..00000000 Binary files a/images/icons/ticket.gif and /dev/null differ diff --git a/images/icons/ticket_source_email.gif b/images/icons/ticket_source_email.gif deleted file mode 100644 index 6b57605d..00000000 Binary files a/images/icons/ticket_source_email.gif and /dev/null differ diff --git a/images/icons/ticket_source_other.gif b/images/icons/ticket_source_other.gif deleted file mode 100644 index 4304ea79..00000000 Binary files a/images/icons/ticket_source_other.gif and /dev/null differ diff --git a/images/icons/ticket_source_phone.gif b/images/icons/ticket_source_phone.gif deleted file mode 100644 index b9aa8ed5..00000000 Binary files a/images/icons/ticket_source_phone.gif and /dev/null differ diff --git a/images/icons/ticket_source_web.gif b/images/icons/ticket_source_web.gif deleted file mode 100644 index 1b7a5b90..00000000 Binary files a/images/icons/ticket_source_web.gif and /dev/null differ diff --git a/images/lipsum.png b/images/lipsum.png deleted file mode 100644 index feb6a95f..00000000 Binary files a/images/lipsum.png and /dev/null differ diff --git a/images/logo.png b/images/logo.png deleted file mode 100644 index 25634413..00000000 Binary files a/images/logo.png and /dev/null differ diff --git a/images/logo2.jpg b/images/logo2.jpg deleted file mode 100644 index 16bc12ed..00000000 Binary files a/images/logo2.jpg and /dev/null differ diff --git a/images/logout.gif b/images/logout.gif deleted file mode 100644 index 6dd774f0..00000000 Binary files a/images/logout.gif and /dev/null differ diff --git a/images/my_tickets.gif b/images/my_tickets.gif deleted file mode 100644 index ee2d25bb..00000000 Binary files a/images/my_tickets.gif and /dev/null differ diff --git a/images/new_ticket.gif b/images/new_ticket.gif deleted file mode 100644 index 32d9636e..00000000 Binary files a/images/new_ticket.gif and /dev/null differ diff --git a/images/new_ticket_icon.jpg b/images/new_ticket_icon.jpg deleted file mode 100644 index 855eef06..00000000 Binary files a/images/new_ticket_icon.jpg and /dev/null differ diff --git a/images/poweredby.jpg b/images/poweredby.jpg deleted file mode 100644 index c98eb7d6..00000000 Binary files a/images/poweredby.jpg and /dev/null differ diff --git a/images/rainbow.png b/images/rainbow.png deleted file mode 100644 index c08f52ed..00000000 Binary files a/images/rainbow.png and /dev/null differ diff --git a/images/refresh_btn.gif b/images/refresh_btn.gif deleted file mode 100644 index 8a33b22d..00000000 Binary files a/images/refresh_btn.gif and /dev/null differ diff --git a/images/ticket_status.gif b/images/ticket_status.gif deleted file mode 100644 index 07755499..00000000 Binary files a/images/ticket_status.gif and /dev/null differ diff --git a/images/ticket_status_icon.jpg b/images/ticket_status_icon.jpg deleted file mode 100644 index bf27b1f9..00000000 Binary files a/images/ticket_status_icon.jpg and /dev/null differ diff --git a/images/verticalbar.jpg b/images/verticalbar.jpg deleted file mode 100644 index 2678913d..00000000 Binary files a/images/verticalbar.jpg and /dev/null differ diff --git a/images/view_closed_btn.gif b/images/view_closed_btn.gif deleted file mode 100644 index 6cd8f080..00000000 Binary files a/images/view_closed_btn.gif and /dev/null differ diff --git a/images/view_open_btn.gif b/images/view_open_btn.gif deleted file mode 100644 index 8ed6be9c..00000000 Binary files a/images/view_open_btn.gif and /dev/null differ diff --git a/include/class.client.php b/include/class.client.php index f7ede15c..e1057afa 100644 --- a/include/class.client.php +++ b/include/class.client.php @@ -4,8 +4,8 @@ class.client.php Handles everything about client - The class will undergo major changes one client's accounts are used. - At the moment we will play off the email + ticket ID authentication. + NOTE: Please note that osTicket uses email address and ticket ID to authenticate the user*! + Client is modeled on the info of the ticket used to login . Peter Rotich Copyright (c) 2006-2012 osTicket @@ -19,75 +19,104 @@ class.client.php class Client { - var $id; var $fullname; var $username; - var $passwd; var $email; - - var $udata; var $ticket_id; var $ticketID; - function Client($email,$id){ + var $ht; + + + function Client($email,$id) { $this->id =0; $this->load($id,$email); } - function isClient(){ - return TRUE; - } + function load($id=0, $email='') { - function load($id,$email=''){ + if(!$id && !($id=$this->getId())) + return false; - $sql='SELECT ticket_id,ticketID,name,email FROM '.TICKET_TABLE.' WHERE ticketID='.db_input($id); - if($email){ //don't validate...using whatever is entered. + $sql='SELECT ticket_id, ticketID, name, email, phone, phone_ext ' + .' FROM '.TICKET_TABLE + .' WHERE ticketID='.db_input($id); + if($email) $sql.=' AND email='.db_input($email); - } - $res=db_query($sql); - if(!$res || !db_num_rows($res)) + + if(!($res=db_query($sql)) || !db_num_rows($res)) return NULL; - $row=db_fetch_array($res); - $this->udata=$row; - $this->id = $row['ticketID']; //placeholder - $this->ticket_id = $row['ticket_id']; - $this->ticketID = $row['ticketID']; - $this->fullname = ucfirst($row['name']); - $this->username = $row['email']; - $this->email = $row['email']; + $this->ht = db_fetch_array($res); + $this->id = $this->ht['ticketID']; //placeholder + $this->ticket_id = $this->ht['ticket_id']; + $this->ticketID = $this->ht['ticketID']; + $this->fullname = ucfirst($this->ht['name']); + $this->username = $this->ht['email']; + $this->email = $this->ht['email']; + + $this->stats = array(); return($this->id); } + function reload() { + return $this->load(); + } + + function isClient() { + return TRUE; + } - function getId(){ + function getId() { return $this->id; } - function getEmail(){ + function getEmail() { return $this->email; } - function getUserName(){ + function getUserName() { return $this->username; } - function getName(){ + function getName() { return $this->fullname; } + + function getPhone() { + return $this->ht['phone']; + } + + function getPhoneExt() { + return $this->ht['phone_ext']; + } function getTicketID() { return $this->ticketID; } + function getTicketStats() { + + if(!$this->stats['tickets']) + $this->stats['tickets'] = Ticket::getClientStats($this->getEmail()); + + return $this->stats['tickets']; + } + + function getNumTickets() { + return ($stats=$this->getTicketStats())?($stats['open']+$stats['closed']):0; + } + + function getNumOpenTickets() { + return ($stats=$this->getTicketStats())?$stats['open']:0; + } + /* ------------- Static ---------------*/ function lookup($id, $email) { return ($id && is_numeric($id) && ($c=new Client($id,$email)) && $c->getId()==$id)?$c:null; } - } - ?> diff --git a/include/class.config.php b/include/class.config.php index 1e3d7745..37040ebc 100644 --- a/include/class.config.php +++ b/include/class.config.php @@ -32,17 +32,20 @@ function Config($id) { $this->load($id); } - function load($id) { + function load($id=0) { + if(!$id && !($id=$this->getId())) + return false; - $sql='SELECT * FROM '.CONFIG_TABLE.' WHERE id='.db_input($id); - if($id && ($res=db_query($sql)) && db_num_rows($res)) { - $this->config=db_fetch_array($res); - $this->id=$this->config['id']; + $sql='SELECT * FROM '.CONFIG_TABLE + .' WHERE id='.db_input($id); + if(!($res=db_query($sql)) || !db_num_rows($res)) + return false; - return true; - } + + $this->config=db_fetch_array($res); + $this->id=$this->config['id']; - return false; + return true; } //Initialize some default values. @@ -52,10 +55,13 @@ function init() { } function reload() { - if($this->load($this->id)) - $this->init(); - } + if(!$this->load($this->getId())) + return false; + + $this->init(); + return true; + } function isHelpDeskOffline() { return !$this->isSystemOnline(); @@ -75,7 +81,7 @@ function getVersion() { return '1.7 DPR'; } - function getSchemaVersion() { + function getSchemaSignature() { return $this->config['schema_signature']; } @@ -111,7 +117,7 @@ function getDayDateTimeFormat() { } function getId() { - return $this->config['id']; + return $this->id; } function getTitle() { @@ -145,6 +151,10 @@ function getGracePeriod() { function getPasswdResetPeriod() { return $this->config['passwd_reset_period']; } + + function showRelatedTickets() { + return $this->config['show_related_tickets']; + } function getClientTimeout() { return $this->getClientSessionTimeout(); diff --git a/include/class.faq.php b/include/class.faq.php index 99d6def2..7e23803d 100644 --- a/include/class.faq.php +++ b/include/class.faq.php @@ -192,7 +192,7 @@ function getAttachmentsLinks($separator=' ',$target='') { /* The h key must match validation in file.php */ $hash=$attachment['hash'].md5($attachment['id'].session_id().$attachment['hash']); if($attachment['size']) - $size=sprintf('(%s)',Format::file_size($attachment['size'])); + $size=sprintf(' (%s)',Format::file_size($attachment['size'])); $str.=sprintf('%s%s %s', $hash, $target, Format::htmlchars($attachment['name']), $size, $separator); diff --git a/include/class.file.php b/include/class.file.php index 91bd1cdd..b9bfbe1b 100644 --- a/include/class.file.php +++ b/include/class.file.php @@ -138,6 +138,7 @@ function download() { exit(); } + /* Function assumes the files types have been validated */ function upload($file) { if(!$file['name'] || !is_uploaded_file($file['tmp_name'])) diff --git a/include/class.filter.php b/include/class.filter.php index 9b9d7279..4f18e965 100644 --- a/include/class.filter.php +++ b/include/class.filter.php @@ -260,7 +260,7 @@ function apply(&$ticket, $email=null) { # Set owning department (?) if ($this->getDeptId()) $ticket['deptId']=$this->getDeptId(); # Set ticket priority (?) - if ($this->getPriorityId()) $ticket['pri']=$this->getPriorityId(); + if ($this->getPriorityId()) $ticket['priorityId']=$this->getPriorityId(); # Set SLA plan (?) if ($this->getSLAId()) $ticket['slaId']=$this->getSLAId(); # Auto-assign to (?) diff --git a/include/class.nav.php b/include/class.nav.php index 561fc963..a3b719f0 100644 --- a/include/class.nav.php +++ b/include/class.nav.php @@ -263,15 +263,24 @@ function getNavLinks(){ $navs = array(); $user = $this->user; - $navs['home']=array('desc'=>'Support Center Home','href'=>'index.php','title'=>''); + $navs['home']=array('desc'=>'Support Center Home','href'=>'index.php','title'=>''); if($cfg && $cfg->isKnowledgebaseEnabled()) $navs['kb']=array('desc'=>'Knowledgebase','href'=>'kb/index.php','title'=>''); - $navs['new']=array('desc'=>'Open New Ticket','href'=>'open.php','title'=>''); - if($user && $user->isValid()) - $navs['tickets']=array('desc'=>'My Tickets','href'=>'tickets.php','title'=>''); - else + $navs['new']=array('desc'=>'Open New Ticket','href'=>'open.php','title'=>''); + if($user && $user->isValid()) { + if($cfg && $cfg->showRelatedTickets()) { + $navs['tickets']=array('desc'=>sprintf('My Tickets (%d)',$user->getNumTickets()), + 'href'=>'tickets.php', + 'title'=>'Show all tickets'); + } else { + $navs['tickets']=array('desc'=>'View Ticket Thread', + 'href'=>sprintf('tickets.php?id=%d',$user->getTicketID()), + 'title'=>'View ticket status'); + } + } else { $navs['status']=array('desc'=>'Check Ticket Status','href'=>'view.php','title'=>''); + } $this->navs=$navs; } diff --git a/include/class.staff.php b/include/class.staff.php index bfb0b79d..99689659 100644 --- a/include/class.staff.php +++ b/include/class.staff.php @@ -37,15 +37,18 @@ function load($var=''){ if(!$var && !($var=$this->getId())) return false; - $sql='SELECT staff.*,grp.*,tz.offset as tz_offset,TIME_TO_SEC(TIMEDIFF(NOW(),IFNULL(staff.passwdreset,staff.created))) as passwd_change_sec '. - 'FROM '.STAFF_TABLE.' staff '. - 'LEFT JOIN '.GROUP_TABLE.' grp ON(grp.group_id=staff.group_id) '. - 'LEFT JOIN '.TIMEZONE_TABLE.' tz ON(tz.id=staff.timezone_id) '; + $sql='SELECT staff.*, grp.*, tz.offset as tz_offset ' + .' ,TIME_TO_SEC(TIMEDIFF(NOW(),IFNULL(staff.passwdreset,staff.created))) as passwd_change_sec ' + .' FROM '.STAFF_TABLE.' staff ' + .' LEFT JOIN '.GROUP_TABLE.' grp ON(grp.group_id=staff.group_id) ' + .' LEFT JOIN '.TIMEZONE_TABLE.' tz ON(tz.id=staff.timezone_id) '; + $sql.=sprintf('WHERE %s=%s',is_numeric($var)?'staff_id':'username',db_input($var)); if(!($res=db_query($sql)) || !db_num_rows($res)) return NULL; + $this->ht=db_fetch_array($res); $this->id = $this->ht['staff_id']; $this->teams =$this->ht['teams']=$this->getTeams(); diff --git a/include/class.ticket.php b/include/class.ticket.php index 2c111cec..4801f162 100644 --- a/include/class.ticket.php +++ b/include/class.ticket.php @@ -175,6 +175,18 @@ function checkStaffAccess($staff) { || $staff->getId()==$this->getStaffId()); } + function checkClientAccess($client) { + global $cfg; + + if(!is_object($client) && !($client=Client::lookup($client))) + return false; + + if(!strcasecmp($client->getEmail(),$this->getEmail())) + return true; + + return ($cfg && $cfg->showRelatedTickets() && $client->getTicketId()==$ticket->getExtId()); + } + //Getters function getId(){ return $this->id; @@ -437,8 +449,10 @@ function getLastMsgId() { function getRelatedTicketsCount(){ - $sql='SELECT count(*) FROM '.TICKET_TABLE.' WHERE email='.db_input($this->getEmail()); - return db_count($sql); + $sql='SELECT count(*) FROM '.TICKET_TABLE + .' WHERE email='.db_input($this->getEmail()); + + return db_result(db_query($sql)); } function getThreadCount() { @@ -488,7 +502,7 @@ function getMessages() { ON (msg.ticket_id=attach.ticket_id AND msg.msg_id=attach.ref_id AND ref_type="M") ' .' WHERE msg.ticket_id='.db_input($this->getId()) .' GROUP BY msg.msg_id ' - .' ORDER BY msg.created DESC '; + .' ORDER BY msg.created ASC '; $messages=array(); if(($res=db_query($sql)) && db_num_rows($res)) @@ -1193,7 +1207,9 @@ function postMessage($msg,$source='',$msgid=NULL,$headers='',$newticket=false){ $this->onMessage($autorespond); //must be called b4 sending alerts to staff. - if(!($tpl = $dept->getTemplate())) + $dept = $this->getDept(); + + if(!$dept || !($tpl = $dept->getTemplate())) $tpl= $cfg->getDefaultTemplate(); if(!($email=$cfg->getAlertEmail())) @@ -1458,10 +1474,14 @@ function getIdByExtId($extid) { - function lookup($id){ //Assuming local ID is the only lookup used! + function lookup($id) { //Assuming local ID is the only lookup used! return ($id && is_numeric($id) && ($ticket= new Ticket($id)) && $ticket->getId()==$id)?$ticket:null; } + function lookupByExtId($id) { + return self::lookup(self:: getIdByExtId($id)); + } + function genExtRandID() { global $cfg; @@ -1537,6 +1557,27 @@ function getStaffStats($staff) { return db_fetch_array(db_query($sql)); } + + /* Quick client's tickets stats + @email - valid email. + */ + function getClientStats($email) { + + if(!$email || !Validator::is_email($email)) + return null; + + $sql='SELECT count(open.ticket_id) as open, count(closed.ticket_id) as closed ' + .' FROM '.TICKET_TABLE.' ticket ' + .' LEFT JOIN '.TICKET_TABLE.' open + ON (open.ticket_id=ticket.ticket_id AND open.status=\'open\') ' + .' LEFT JOIN '.TICKET_TABLE.' closed + ON (closed.ticket_id=ticket.ticket_id AND closed.status=\'closed\')' + .' WHERE ticket.email='.db_input($email); + + return db_fetch_array(db_query($sql)); + } + + //FIXME: Refactor the code for version 1.7 function update($var,&$errors) { global $cfg,$thisstaff; @@ -1650,7 +1691,7 @@ function create($vars,&$errors, $origin, $autorespond=true, $alertstaff=true) { break; case 'staff': $fields['deptId'] = array('type'=>'int', 'required'=>1, 'error'=>'Dept. required'); - $fields['topicId'] = array('type'=>'int', 'required'=>1, 'error'=>'Topic required'); + $fields['topicId'] = array('type'=>'int', 'required'=>1, 'error'=>'Topic required'); $fields['duedate'] = array('type'=>'date', 'required'=>0, 'error'=>'Invalid date - must be MM/DD/YY'); case 'api': $fields['source'] = array('type'=>'string', 'required'=>1, 'error'=>'Indicate source'); @@ -1660,10 +1701,10 @@ function create($vars,&$errors, $origin, $autorespond=true, $alertstaff=true) { break; default: # TODO: Return error message - $errors['origin'] = 'Invalid origin given'; + $errors['err']=$errors['origin'] = 'Invalid origin given'; } - $fields['pri'] = array('type'=>'int', 'required'=>0, 'error'=>'Invalid Priority'); - $fields['phone'] = array('type'=>'phone', 'required'=>0, 'error'=>'Valid phone # required'); + $fields['priorityId'] = array('type'=>'int', 'required'=>0, 'error'=>'Invalid Priority'); + $fields['phone'] = array('type'=>'phone', 'required'=>0, 'error'=>'Valid phone # required'); if(!Validator::process($fields, $vars, $errors) && !$errors['err']) $errors['err'] ='Missing or invalid data - check the errors and try again'; @@ -1703,7 +1744,8 @@ function create($vars,&$errors, $origin, $autorespond=true, $alertstaff=true) { if (isset($vars['autorespond'])) $autorespond=$vars['autorespond']; //check ticket limits..if limit set is >0 - //TODO: Base ticket limits on SLA... XXX: move it elsewhere?? + //TODO: XXX: move it elsewhere?? Client::checkMaxOpenTickets($email,$vars) + if($vars['email'] && !$errors && $cfg->getMaxOpenTickets()>0 && strcasecmp($origin,'staff')){ $openTickets=Ticket::getOpenTicketsByEmail($vars['email']); if($openTickets>=$cfg->getMaxOpenTickets()) { @@ -1804,14 +1846,6 @@ function create($vars,&$errors, $origin, $autorespond=true, $alertstaff=true) { //post the message. $msgid=$ticket->postMessage($vars['message'],$source,$vars['mid'],$vars['header'],true); - //TODO: recover from postMessage error?? - - //Upload attachments...web based. - XXX: Assumes user uploaded attachments!! XXX: move it to client interface. - if($_FILES['attachment']['name'] && $cfg->allowOnlineAttachments() && $msgid) { - if(!$cfg->allowAttachmentsOnlogin() || ($cfg->allowAttachmentsOnlogin() && ($thisuser && $thisuser->isValid()))) { - $ticket->uploadAttachment($_FILES['attachment'],$msgid,'M'); - } - } // Configure service-level-agreement for this ticket $ticket->selectSLAId($vars['slaId']); diff --git a/include/class.topic.php b/include/class.topic.php index 59159c8c..40ab8096 100644 --- a/include/class.topic.php +++ b/include/class.topic.php @@ -135,6 +135,10 @@ function getHelpTopics($publicOnly=false) { return $topics; } + function getPublicHelpTopics() { + return self::getHelpTopics(true); + } + function getIdByName($topic){ $sql='SELECT topic_id FROM '.TOPIC_TABLE.' WHERE topic='.db_input($topic); diff --git a/include/client/header.inc.php b/include/client/header.inc.php index ad88a0c8..65966c83 100644 --- a/include/client/header.inc.php +++ b/include/client/header.inc.php @@ -21,8 +21,14 @@

isValid()) { ?> - My Tickets - + if($thisclient && is_object($thisclient) && $thisclient->isValid()) { + echo $thisclient->getName().' - '; + ?> + showRelatedTickets()) {?> + My Tickets (getNumTickets(); ?>) - + Log Out diff --git a/include/client/kb-category.inc.php b/include/client/kb-category.inc.php index f166fb5b..50a51782 100644 --- a/include/client/kb-category.inc.php +++ b/include/client/kb-category.inc.php @@ -1,34 +1,31 @@ isPublic()) die('Access Denied'); - ?> -

-

Frequently Asked Questions

-
-
 
-
-
-
getName() ?>
+

getName() ?>

getDescription()); ?>

getId()) .' GROUP BY faq.faq_id'; if(($res=db_query($sql)) && db_num_rows($res)) { - echo '
+ echo ' +

Frequently Asked Questions

+
    '; while($row=db_fetch_array($res)) { + $attachments=$row['attachments']?'':''; echo sprintf(' -
  1. %s
    2. ', - $row['faq_id'],Format::htmlchars($row['question'])); +
  2. %s  %s
    3. ', + $row['faq_id'],Format::htmlchars($row['question']), $attachments); } echo '
-
'; +
+

« Go Back

'; }else { echo 'Category does not have any FAQs. Back To Index'; } diff --git a/include/client/knowledgebase.inc.php b/include/client/knowledgebase.inc.php index 0af99ba2..83484e95 100644 --- a/include/client/knowledgebase.inc.php +++ b/include/client/knowledgebase.inc.php @@ -1,5 +1,6 @@

Frequently Asked Questions

@@ -14,6 +15,7 @@ $sql='SELECT category_id, name, count(faq.category_id) as faqs ' .' FROM '.FAQ_CATEGORY_TABLE.' cat ' .' LEFT JOIN '.FAQ_TABLE.' faq USING(category_id) ' + .' WHERE cat.ispublic=1 AND faq.ispublished=1 ' .' GROUP BY cat.category_id ' .' HAVING faqs>0 ' .' ORDER BY cat.name DESC '; @@ -40,6 +42,7 @@ $sql='SELECT ht.topic_id, ht.topic, count(faq.topic_id) as faqs ' .' FROM '.TOPIC_TABLE.' ht ' .' LEFT JOIN '.FAQ_TOPIC_TABLE.' faq USING(topic_id) ' + .' WHERE ht.ispublic=1 ' .' GROUP BY ht.topic_id ' .' HAVING faqs>0 ' .' ORDER BY ht.topic DESC '; @@ -88,7 +91,7 @@ } else { //Category Listing. $sql='SELECT cat.category_id, cat.name, cat.description, cat.ispublic, count(faq.faq_id) as faqs ' .' FROM '.FAQ_CATEGORY_TABLE.' cat ' - .' LEFT JOIN '.FAQ_TABLE.' faq ON(faq.category_id=cat.category_id) ' + .' LEFT JOIN '.FAQ_TABLE.' faq ON(faq.category_id=cat.category_id AND faq.ispublished=1) ' .' WHERE cat.ispublic=1 ' .' GROUP BY cat.category_id ' .' HAVING faqs>0 ' diff --git a/include/client/open.inc.php b/include/client/open.inc.php index fd31bc9b..9c2a82b4 100644 --- a/include/client/open.inc.php +++ b/include/client/open.inc.php @@ -1,21 +1,40 @@ isValid()) { + $info=array('name'=>$thisclient->getName(), + 'email'=>$thisclient->getEmail(), + 'phone'=>$thisclient->getPhone(), + 'phone_ext'=>$thisclient->getPhoneExt()); +} -$info=($_POST && $errors)?Format::htmlchars($_POST):array(); +$info=($_POST && $errors)?Format::htmlchars($_POST):$info; ?> -

Open a New Ticket

Please fill in the form below to open a new ticket.

+
+ isValid()) { + echo $thisclient->getName(); + } else { ?> +
- + + isValid()) { + echo $thisclient->getEmail(); + } else { ?> +
@@ -30,16 +49,14 @@
@@ -58,35 +75,41 @@ allowOnlineAttachments() && !$cfg->allowAttachmentsOnlogin()) - || ($cfg->allowAttachmentsOnlogin() && ($thisuser && $thisuser->isValid()))) { ?> + || ($cfg->allowAttachmentsOnlogin() && ($thisclient && $thisclient->isValid()))) { ?>
- -   + + + +  
allowPriorityChange()) { - $sql='SELECT priority_id,priority_desc FROM '.TICKET_PRIORITY_TABLE.' WHERE ispublic=1 ORDER BY priority_urgency DESC'; - if(($res=db_query($sql)) && db_num_rows($res)) {?> -
+ if($cfg->allowPriorityChange() && ($priorities=Priority::getPriorities())) { ?> +
+   -
+ +
+ } + ?> enableCaptcha() && (!$thisuser || !$thisuser->isValid())) { + if($cfg && $cfg->enableCaptcha() && (!$thisclient || !$thisclient->isValid())) { if($_POST && $errors && !$errors['captcha']) $errors['captcha']='Please re-enter the text again'; ?> @@ -101,7 +124,7 @@
-

+

diff --git a/include/client/tickets.inc.php b/include/client/tickets.inc.php new file mode 100644 index 00000000..a3602171 --- /dev/null +++ b/include/client/tickets.inc.php @@ -0,0 +1,172 @@ +isValid() || !$cfg->showRelatedTickets()) die('Access Denied'); + +$qstr='&'; //Query string collector +$status=null; +if(isset($_REQUEST['status'])) { //Query string status has nothing to do with the real status used below. + $qstr.='status='.urlencode($_REQUEST['status']); + //Status we are actually going to use on the query...making sure it is clean! + switch(strtolower($_REQUEST['status'])) { + case 'open': + case 'closed': + $status=strtolower($_REQUEST['status']); + break; + default: + $status=''; //ignore + } +} elseif($thisclient->getNumOpenTickets()) { + $status='open'; //Defaulting to open +} + +$sortOptions=array('id'=>'ticketID', 'name'=>'ticket.name', 'subject'=>'ticket.subject', + 'email'=>'ticket.email', 'status'=>'ticket.status', 'dept'=>'dept_name','date'=>'ticket.created'); +$orderWays=array('DESC'=>'DESC','ASC'=>'ASC'); +//Sorting options... +$order_by=$order=null; +$sort=($_REQUEST['sort'] && $sortOptions[strtolower($_REQUEST['sort'])])?strtolower($_REQUEST['sort']):'date'; +if($sort && $sortOptions[$sort]) + $order_by =$sortOptions[$sort]; + +$order_by=$order_by?$order_by:'ticket_created'; +if($_REQUEST['order'] && $orderWays[strtoupper($_REQUEST['order'])]) + $order=$orderWays[strtoupper($_REQUEST['order'])]; + +$order=$order?$order:'ASC'; +if($order_by && strpos($order_by,',')) + $order_by=str_replace(','," $order,",$order_by); + +$x=$sort.'_sort'; +$$x=' class="'.strtolower($order).'" '; + +$qselect='SELECT ticket.ticket_id,ticket.ticketID,ticket.dept_id,isanswered, dept.ispublic, ticket.subject, ticket.name, ticket.email '. + ',dept_name,ticket. status, ticket.source, ticket.created '; + +$qfrom='FROM '.TICKET_TABLE.' ticket ' + .' LEFT JOIN '.DEPT_TABLE.' dept ON (ticket.dept_id=dept.dept_id) '; + +$qwhere =' WHERE ticket.email='.db_input($thisclient->getEmail()); + +if($status){ + $qwhere.=' AND ticket.status='.db_input($status); +} + +$search=($_REQUEST['a']=='search' && $_REQUEST['q']); +if($search) { + $qstr.='&a='.urlencode($_REQUEST['a']).'&q='.urlencode($_REQUEST['q']); + if(is_numeric($_REQUEST['q'])) { + $qwhere.=" AND ticket.ticketID LIKE '$queryterm%'"; + } else {//Deep search! + $queryterm=db_real_escape($_REQUEST['q'],false); //escape the term ONLY...no quotes. + $qwhere.=' AND ( ' + ." ticket.subject LIKE '%$queryterm%'" + ." OR message.message LIKE '%$queryterm%'" + ." OR response.response LIKE '%$queryterm%'" + .' ) '; + $deep_search=true; + //Joins needed for search + $qfrom.=' LEFT JOIN '.TICKET_MESSAGE_TABLE.' message ON (ticket.ticket_id=message.ticket_id )' + .' LEFT JOIN '.TICKET_RESPONSE_TABLE.' response ON (ticket.ticket_id=response.ticket_id )'; + } +} + +$total=db_count('SELECT count(DISTINCT ticket.ticket_id) '.$qfrom.' '.$qwhere); +$pageNav=new Pagenate($total,$page, PAGE_LIMIT); +$pageNav->setURL('tickets.php',$qstr.'&sort='.urlencode($_REQUEST['sort']).'&order='.urlencode($_REQUEST['order'])); + +//more stuff... +$qselect.=' ,count(attach_id) as attachments '; +$qfrom.=' LEFT JOIN '.TICKET_ATTACHMENT_TABLE.' attach ON ticket.ticket_id=attach.ticket_id '; +$qgroup=' GROUP BY ticket.ticket_id'; + +$query="$qselect $qfrom $qwhere $qgroup ORDER BY $order_by $order LIMIT ".$pageNav->getStart().",".$pageNav->getLimit(); +//echo $query; +$res = db_query($query); +$showing=($res && db_num_rows($res))?$pageNav->showing():""; +$showing.=($status)?(' '.ucfirst($status).' Tickets'):' All Tickets'; +if($search) + $showing="Search Results: $showing"; + +$negorder=$order=='DESC'?'ASC':'DESC'; //Negate the sorting + +?> +

My Tickets

+
+ + + + + +
+Refresh + + + + + + + + + + + + + + '; + + $ticketID=$row['ticketID']; + if($row['isanswered'] && !strcasecmp($row['status'],'open')) { + $subject="$subject"; + $ticketID="$ticketID"; + } + $phone=Format::phone($row['phone']); + if($row['phone_ext']) + $phone.=' '.$row['phone_ext']; + ?> + + + + + + + + + '; + } + ?> + +
+ Ticket # + + Create Date + + Status + + Subject + + Department + Phone Number
+ +    + +  
Your query did not match any records
+0) { + echo '
 Page:'.$pageNav->getPageLinks().' 
'; +} +?> diff --git a/include/client/view.inc.php b/include/client/view.inc.php new file mode 100644 index 00000000..e720ed96 --- /dev/null +++ b/include/client/view.inc.php @@ -0,0 +1,157 @@ +checkClientAccess($thisclient)) die('Access Denied!'); + +$info=($_POST && $errors)?Format::htmlchars($_POST):array(); + +$dept = $ticket->getDept(); +//Making sure we don't leak out internal dept names +if(!$dept || !$dept->isPublic()) + $dept = $cfg->getDefaultDept(); + +?> + + + + + + + + +
+

+ Ticket #getExtId(); ?>   +   +

+
+ + + + + + + + + + + + + +
Ticket Status:getStatus()); ?>
Department:getName()); ?>
Create Date:getCreateDate()); ?>
+ 		+ + + + + + + + + + + + + +
Name:getName()); ?>
Email:getEmail()); ?>
Phone:getPhoneNumber(); ?>
+
+
+

Subject:getSubject()); ?>

+
+Ticket Thread +
+getThreadCount() && ($messages = $ticket->getMessages())) { + + foreach($messages as $message) {?> + + + + + + + + getAttachmentsLinks($message['msg_id'],'M'))) { ?> + + + + + +
+ getResponses($message['msg_id']))) { + foreach($responses as $resp) { + $staff=$cfg->hideStaffName()?'staff':Format::htmlchars($resp['staff_name']); + ?> + + + + + + getAttachmentsLinks($resp['response_id'],'R'))) {?> + + +
 - 
+ +
+
+ +
+ +
+ +
+ +
+

Post a Reply

+ + + + + + + + allowOnlineAttachments()) { ?> + + + + + +
+ + + isClosed()) { + $msg='Ticket will be reopened on message post'; + } else { + $msg='To best assist you, please be specific and detailed'; + } + ?> +
+ +
+ + +
+
+
+ +
+
+

+ + + +

+
diff --git a/include/staff/tickets.inc.php b/include/staff/tickets.inc.php index ea3a59ce..d0b27690 100644 --- a/include/staff/tickets.inc.php +++ b/include/staff/tickets.inc.php @@ -180,8 +180,8 @@ }elseif(!$order_by && !strcasecmp($status,'closed')){ $order_by='ticket.closed, ticket.created'; //No priority sorting for closed tickets. } -$order_by =$order_by?$order_by:'priority_urgency,effective_date,ticket.created'; -$order=$order?$order:'DESC'; +$order_by =$order_by?$order_by:'priority_urgency, effective_date, ticket.created'; +$order=$order?$order:'ASC'; if($order_by && strpos($order_by,',')) $order_by=str_replace(','," $order,",$order_by); @@ -351,7 +351,7 @@
- Refresh + Refresh diff --git a/index.php b/index.php index 95bdfa55..ac4fe04a 100644 --- a/index.php +++ b/index.php @@ -26,7 +26,7 @@

Open A New Ticket

- +
Please provide as much detail as possible so we can best assist you. To update a previously submitted ticket, please login.
@@ -34,7 +34,7 @@

Check Ticket Status

-
+
We provide archives and history of all your current and past support requests complete with responses.
@@ -44,9 +44,8 @@ isKnowledgebaseEnabled()){ //FIXME: provide ability to feature or select random FAQs ?? - ?> -
-Be pure to browse our Frequently Asked Questions (FAQs), before opening a ticket. +?> +

Be sure to browse our Frequently Asked Questions (FAQs), before opening a ticket.

diff --git a/js/osticket.js b/js/osticket.js index fd04ff48..a809e6f2 100644 --- a/js/osticket.js +++ b/js/osticket.js @@ -1,79 +1 @@ -jQuery(function($) { - var max_uploads = 5; - var current_reply_uploads = 0; - var current_note_uploads = 0; - - function parse_upload(elem) { - var new_input = elem.clone(); - var filename = elem.val(); - if(filename != '') { - var container = elem.parent().parent(); - var form_type = container.attr('id'); - elem.blur().hide(); - $('.uploads', container).append('
'); - if(form_type=='reply_form_attachments') { - current_reply_uploads++; - if(current_reply_uploads < max_uploads) { - elem.after(new_input.val('').blur()); - } - } else { - current_note_uploads++; - if(current_note_uploads < max_uploads) { - elem.after(new_input.val('').blur()); - } - } - } - } - - if($.browser.msie) { - $('.attachments').delegate('input[type=file]', 'click', function() { - var elem = $(this); - setTimeout(function() { - parse_upload(elem); - elem.blur(); - }, 0); - }); - } else { - $('.attachments').delegate('input[type=file]', 'change', function() { - var elem = $(this); - parse_upload(elem); - }); - } - - $('.uploads').delegate('.uploads input', 'click', function(e) { - e.preventDefault(); - var elem = $(this); - elem.attr('checked', 'checked'); - if(confirm("Are you sure you want to delete this attachment?")==true) { - var container = elem.parent().parent(); - var cparent = container.parent().parent(); - var form_type = cparent.attr('id'); - var filename = elem.val(); - $('input[type=file]', cparent).each(function() { - if($(this).val() == filename) { - $(this).remove(); - } - }); - container.remove(); - var new_input = $('input[type=file]:last', cparent).clone(); - var last_elem = $('input[type=file]:last', cparent); - if(form_type=='reply_form_attachments') { - current_reply_uploads--; - if(current_reply_uploads < max_uploads) { - if(last_elem.css('display')=='none') { - last_elem.after(new_input.val('').show()); - } - } - } else { - current_note_uploads--; - if(current_note_uploads < max_uploads) { - if(last_elem.css('display')=='none') { - last_elem.after(new_input.val('').show()); - } - } - } - } else { - e.preventDefault(); - } - }); -}); \ No newline at end of file +//Nothing for now... diff --git a/login.php b/login.php index 69a73c67..044d7464 100644 --- a/login.php +++ b/login.php @@ -1,6 +1,6 @@ getId() && strcasecmp($ticket->getEMail(),$email)==0){ @@ -61,7 +60,7 @@ //Redirect tickets.php session_write_close(); session_regenerate_id(); - @header("Location: tickets.php"); + @header("Location: tickets.php?id=".$ticket->getExtId()); require_once('tickets.php'); //Just incase. of header already sent error. exit; } diff --git a/open.php b/open.php index a5d86d07..11d3a0a9 100644 --- a/open.php +++ b/open.php @@ -19,22 +19,27 @@ $errors=array(); if($_POST): $_POST['deptId']=$_POST['emailId']=0; //Just Making sure we don't accept crap...only topicId is expected. - if(!$thisuser && $cfg->enableCaptcha()){ + if($thisclient) { + $_POST['name']=$thisclient->getName(); + $_POST['email']=$thisclient->getEmail(); + } elseif($cfg->enableCaptcha()) { if(!$_POST['captcha']) $errors['captcha']='Enter text shown on the image'; elseif(strcmp($_SESSION['captcha'],md5($_POST['captcha']))) $errors['captcha']='Invalid - try again!'; } - //FIXME: Allow logged in users to use diff email? - if($thisuser && strcasecmp($thisuser->getEmail(),$_POST['email'])) - $errors['email']='Email mismatch.'; - //Ticket::create...checks for errors.. if(($ticket=Ticket::create($_POST,$errors,SOURCE))){ $msg='Support ticket request created'; - if($thisclient && $thisclient->isValid()) //Logged in...simply view the newly created ticket. + //Logged in...simply view the newly created ticket. + if($thisclient && $thisclient->isValid()) { + if(!$cfg->showRelatedTickets()) + $_SESSION['_client']['key']= $ticket->getExtId(); //Resetting login Key to the current ticket! + session_write_close(); + session_regenerate_id(); @header('Location: tickets.php?id='.$ticket->getExtId()); + } //Thank the user and promise speedy resolution! $inc='thankyou.inc.php'; }else{ diff --git a/secure.inc.php b/secure.inc.php index f6664ab8..3096b350 100644 --- a/secure.inc.php +++ b/secure.inc.php @@ -13,7 +13,7 @@ vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ -if(!strcasecmp(basename($_SERVER['SCRIPT_NAME']),basename(__FILE__))) die('Kwaheri rafiki!'); +if(!strcasecmp(basename($_SERVER['SCRIPT_NAME']),basename(__FILE__))) die('Kwaheri!'); if(!file_exists('client.inc.php')) die('Fatal Error.'); require_once('client.inc.php'); //User must be logged in! diff --git a/tickets.php b/tickets.php index 072abef7..d4759ba5 100644 --- a/tickets.php +++ b/tickets.php @@ -16,59 +16,57 @@ **********************************************************************/ require('secure.inc.php'); if(!is_object($thisclient) || !$thisclient->isValid()) die('Access denied'); //Double check again. - require_once(INCLUDE_DIR.'class.ticket.php'); $ticket=null; -$inc='tickets.inc.php'; //Default page...show all tickets. -//Check if any id is given... -if(($id=$_REQUEST['id']?$_REQUEST['id']:$_POST['ticket_id']) && is_numeric($id)) { - //id given fetch the ticket info and check perm. - $ticket= new Ticket(Ticket::getIdByExtId((int)$id)); - if(!$ticket or !$ticket->getEmail()) { - $ticket=null; //clear. - $errors['err']='Access Denied. Possibly invalid ticket ID'; - }elseif(strcasecmp($thisclient->getEmail(),$ticket->getEmail())){ - $errors['err']='Security violation. Repeated violations will result in your account being locked.'; - $ticket=null; //clear. - }else{ - //Everything checked out. - $inc='viewticket.inc.php'; +if($_REQUEST['id']) { + if(!($ticket=Ticket::lookupByExtId($_REQUEST['id']))) { + $errors['err']='Unknown or invalid ticket ID.'; + }elseif(!$ticket->checkClientAccess($thisclient)) { + $errors['err']='Unknown or invalid ticket ID.'; //Using generic message on purpose! + $ticket=null; } } + //Process post...depends on $ticket object above. if($_POST && is_object($ticket) && $ticket->getId()): $errors=array(); switch(strtolower($_POST['a'])){ - case 'postmessage': - if(strcasecmp($thisclient->getEmail(),$ticket->getEmail())) { //double check perm again! + case 'reply': + if(!$ticket->checkClientAccess($thisclient)) //double check perm again! $errors['err']='Access Denied. Possibly invalid ticket ID'; - $inc='tickets.inc.php'; //Show the tickets. - } if(!$_POST['message']) $errors['message']='Message required'; + //check attachment..if any is set - if($_FILES['attachment']['name']) { - if(!$cfg->allowOnlineAttachments()) //Something wrong with the form...user shouldn't have an option to attach - $errors['attachment']='File [ '.$_FILES['attachment']['name'].' ] rejected'; - elseif(!$cfg->canUploadFileType($_FILES['attachment']['name'])) - $errors['attachment']='Invalid file type [ '.$_FILES['attachment']['name'].' ]'; - elseif($_FILES['attachment']['size']>$cfg->getMaxFileSize()) - $errors['attachment']='File is too big. Max '.$cfg->getMaxFileSize().' bytes allowed'; + $files=($cfg->allowOnlineAttachments() && $_FILES['attachments'])?Format::files($_FILES['attachments']):array(); + if($files) { + + foreach($files as $file) { + if(!$file['name']) continue; + + if(!$cfg->canUploadFileType($file['name'])) + $errors['attachment']='Invalid file type [ '.$file['name'].' ]'; + elseif($file['size']>$cfg->getMaxFileSize()) + $errors['attachment']='File '.$file['name'].'is too big. Max '.$cfg->getMaxFileSize().' bytes allowed'; + } } if(!$errors){ //Everything checked out...do the magic. if(($msgid=$ticket->postMessage($_POST['message'],'Web'))) { - if($_FILES['attachment']['name'] && $cfg->canUploadFiles() && $cfg->allowOnlineAttachments()) - $ticket->uploadAttachment($_FILES['attachment'],$msgid,'M'); - + if($files && $cfg->allowOnlineAttachments()) + $ticket->uploadAttachments($files,$msgid,'M'); + $msg='Message Posted Successfully'; - }else{ + } else { $errors['err']='Unable to post the message. Try again'; } - }else{ - $errors['err']=$errors['err']?$errors['err']:'Error(s) occured. Please try again'; + + } elseif(!$errors['err']) { + print_r($errors); + $errors['err']='Error(s) occurred. Please try again'; + } break; default: @@ -76,6 +74,15 @@ } $ticket->reload(); endif; +$nav->setActiveNav('tickets'); +if($ticket && $ticket->checkClientAccess($thisclient)) { + $inc='view.inc.php'; +} elseif($cfg->showRelatedTickets() && $thisclient->getNumTickets()) { + $inc='tickets.inc.php'; +} else { + $nav->setActiveNav('new'); + $inc='open.inc.php'; +} include(CLIENTINC_DIR.'header.inc.php'); include(CLIENTINC_DIR.$inc); include(CLIENTINC_DIR.'footer.inc.php'); diff --git a/view.php b/view.php index b8be15b0..984b04c3 100644 --- a/view.php +++ b/view.php @@ -1,4 +1,21 @@ + Copyright (c) 2006-2010 osTicket + http://www.osticket.com + + Released under the GNU General Public License WITHOUT ANY WARRANTY. + See LICENSE.TXT for details. + + vim: expandtab sw=4 ts=4 sts=4: + $Id: $ +**********************************************************************/ +require('secure.inc.php'); +if(!is_object($thisclient) || !$thisclient->isValid()) die('Access denied'); //Double check again. //We are now using tickets.php but we need to keep view.php for backward compatibility require('tickets.php'); ?>