isStaff()) die('Access Denied');
$qstr='&'; //Query string collector
if($_REQUEST['status']) { //Query string status has nothing to do with the real status used below; gets overloaded.
$qstr.='status='.urlencode($_REQUEST['status']);
}
//See if this is a search
$search=($_REQUEST['a']=='search');
$searchTerm='';
//make sure the search query is 3 chars min...defaults to no query with warning message
if($search) {
$searchTerm=$_REQUEST['query'];
if( ($_REQUEST['query'] && strlen($_REQUEST['query'])<3)
|| (!$_REQUEST['query'] && isset($_REQUEST['basic_search'])) ){ //Why do I care about this crap...
$search=false; //Instead of an error page...default back to regular query..with no search.
$errors['err']='Search term must be more than 3 chars';
$searchTerm='';
}
}
$showoverdue=$showanswered=false;
$staffId=0; //Nothing for now...TODO: Allow admin and manager to limit tickets to single staff level.
$showassigned= true; //show Assigned To column - defaults to true
//Get status we are actually going to use on the query...making sure it is clean!
$status=null;
switch(strtolower($_REQUEST['status'])){ //Status is overloaded
case 'open':
$status='open';
break;
case 'closed':
$status='closed';
$showassigned=true; //closed by.
break;
case 'overdue':
$status='open';
$showoverdue=true;
$results_type='Overdue Tickets';
break;
case 'assigned':
$status='open';
$staffId=$thisstaff->getId();
$results_type='My Tickets';
break;
case 'answered':
$status='open';
$showanswered=true;
$results_type='Answered Tickets';
break;
default:
if(!$search && !isset($_REQUEST['advsid']))
$_REQUEST['status']=$status='open';
}
$qwhere ='';
/*
STRICT DEPARTMENTS BASED PERMISSION!
User can also see tickets assigned to them regardless of the ticket's dept.
*/
$depts=$thisstaff->getDepts();
$qwhere =' WHERE ( '
.' ( ticket.staff_id='.db_input($thisstaff->getId())
.' AND ticket.status="open")';
if(!$thisstaff->showAssignedOnly())
$qwhere.=' OR ticket.dept_id IN ('.($depts?implode(',', db_input($depts)):0).')';
if(($teams=$thisstaff->getTeams()) && count(array_filter($teams)))
$qwhere.=' OR (ticket.team_id IN ('.implode(',', db_input(array_filter($teams)))
.') AND ticket.status="open")';
$qwhere .= ' )';
//STATUS
if($status) {
$qwhere.=' AND ticket.status='.db_input(strtolower($status));
}
if (isset($_REQUEST['uid']) && $_REQUEST['uid']) {
$qwhere .= ' AND (ticket.user_id='.db_input($_REQUEST['uid'])
.' OR collab.user_id='.db_input($_REQUEST['uid']).') ';
$qstr .= '&uid='.urlencode($_REQUEST['uid']);
}
//Queues: Overloaded sub-statuses - you've got to just have faith!
if($staffId && ($staffId==$thisstaff->getId())) { //My tickets
$results_type='Assigned Tickets';
$qwhere.=' AND ticket.staff_id='.db_input($staffId);
$showassigned=false; //My tickets...already assigned to the staff.
}elseif($showoverdue) { //overdue
$qwhere.=' AND ticket.isoverdue=1 ';
}elseif($showanswered) { ////Answered
$qwhere.=' AND ticket.isanswered=1 ';
}elseif(!strcasecmp($status, 'open') && !$search) { //Open queue (on search OPEN means all open tickets - regardless of state).
//Showing answered tickets on open queue??
if(!$cfg->showAnsweredTickets())
$qwhere.=' AND ticket.isanswered=0 ';
/* Showing assigned tickets on open queue?
Don't confuse it with show assigned To column -> F'it it's confusing - just trust me!
*/
if(!($cfg->showAssignedTickets() || $thisstaff->showAssignedTickets())) {
$qwhere.=' AND ticket.staff_id=0 '; //XXX: NOT factoring in team assignments - only staff assignments.
$showassigned=false; //Not showing Assigned To column since assigned tickets are not part of open queue
}
}
//Search?? Somebody...get me some coffee
$deep_search=false;
if($search):
$qstr.='&a='.urlencode($_REQUEST['a']);
$qstr.='&t='.urlencode($_REQUEST['t']);
//query
if($searchTerm){
$qstr.='&query='.urlencode($searchTerm);
$queryterm=db_real_escape($searchTerm,false); //escape the term ONLY...no quotes.
if (is_numeric($searchTerm)) {
$qwhere.=" AND ticket.`number` LIKE '$queryterm%'";
} elseif (strpos($searchTerm,'@') && Validator::is_email($searchTerm)) {
//pulling all tricks!
# XXX: What about searching for email addresses in the body of
# the thread message
$qwhere.=" AND email.address='$queryterm'";
} else {//Deep search!
//This sucks..mass scan! search anything that moves!
require_once(INCLUDE_DIR.'ajax.tickets.php');
$tickets = TicketsAjaxApi::_search(array('query'=>$queryterm));
if (count($tickets))
$qwhere .= ' AND ticket.ticket_id IN ('.
implode(',',db_input($tickets)).')';
else
// No hits -- there should be an empty list of results
$qwhere .= ' AND false';
}
}
endif;
if ($_REQUEST['advsid'] && isset($_SESSION['adv_'.$_REQUEST['advsid']])) {
$qstr.='advsid='.$_REQUEST['advsid'];
$qwhere .= ' AND ticket.ticket_id IN ('. implode(',',
db_input($_SESSION['adv_'.$_REQUEST['advsid']])).')';
}
$sortOptions=array('date'=>'effective_date','ID'=>'ticket.`number`',
'pri'=>'pri.priority_urgency','name'=>'user.name','subj'=>'cdata.subject',
'status'=>'ticket.status','assignee'=>'assigned','staff'=>'staff',
'dept'=>'dept.dept_name');
$orderWays=array('DESC'=>'DESC','ASC'=>'ASC');
//Sorting options...
$queue = isset($_REQUEST['status'])?strtolower($_REQUEST['status']):$status;
$order_by=$order=null;
if($_REQUEST['sort'] && $sortOptions[$_REQUEST['sort']])
$order_by =$sortOptions[$_REQUEST['sort']];
elseif($sortOptions[$_SESSION[$queue.'_tickets']['sort']]) {
$_REQUEST['sort'] = $_SESSION[$queue.'_tickets']['sort'];
$_REQUEST['order'] = $_SESSION[$queue.'_tickets']['order'];
$order_by = $sortOptions[$_SESSION[$queue.'_tickets']['sort']];
$order = $_SESSION[$queue.'_tickets']['order'];
}
if($_REQUEST['order'] && $orderWays[strtoupper($_REQUEST['order'])])
$order=$orderWays[strtoupper($_REQUEST['order'])];
//Save sort order for sticky sorting.
if($_REQUEST['sort'] && $queue) {
$_SESSION[$queue.'_tickets']['sort'] = $_REQUEST['sort'];
$_SESSION[$queue.'_tickets']['order'] = $_REQUEST['order'];
}
//Set default sort by columns.
if(!$order_by ) {
if($showanswered)
$order_by='ticket.lastresponse, ticket.created'; //No priority sorting for answered tickets.
elseif(!strcasecmp($status,'closed'))
$order_by='ticket.closed, ticket.created'; //No priority sorting for closed tickets.
elseif($showoverdue) //priority> duedate > age in ASC order.
$order_by='pri.priority_urgency ASC, ISNULL(ticket.duedate) ASC, ticket.duedate ASC, effective_date ASC, ticket.created';
else //XXX: Add due date here?? No -
$order_by='pri.priority_urgency ASC, effective_date DESC, ticket.created';
}
$order=$order?$order:'DESC';
if($order_by && strpos($order_by,',') && $order)
$order_by=preg_replace('/(?setURL('tickets.php',$qstr.'&sort='.urlencode($_REQUEST['sort']).'&order='.urlencode($_REQUEST['order']));
//ADD attachment,priorities, lock and other crap
$qselect.=' ,IF(ticket.duedate IS NULL,IF(sla.id IS NULL, NULL, DATE_ADD(ticket.created, INTERVAL sla.grace_period HOUR)), ticket.duedate) as duedate '
.' ,CAST(GREATEST(IFNULL(ticket.lastmessage, 0), IFNULL(ticket.closed, 0), IFNULL(ticket.reopened, 0), ticket.created) as datetime) as effective_date '
.' ,CONCAT_WS(" ", staff.firstname, staff.lastname) as staff, team.name as team '
.' ,IF(staff.staff_id IS NULL,team.name,CONCAT_WS(" ", staff.lastname, staff.firstname)) as assigned '
.' ,IF(ptopic.topic_pid IS NULL, topic.topic, CONCAT_WS(" / ", ptopic.topic, topic.topic)) as helptopic '
.' ,cdata.priority_id, cdata.subject, pri.priority_desc, pri.priority_color';
$qfrom.=' LEFT JOIN '.TICKET_LOCK_TABLE.' tlock ON (ticket.ticket_id=tlock.ticket_id AND tlock.expire>NOW()
AND tlock.staff_id!='.db_input($thisstaff->getId()).') '
.' LEFT JOIN '.STAFF_TABLE.' staff ON (ticket.staff_id=staff.staff_id) '
.' LEFT JOIN '.TEAM_TABLE.' team ON (ticket.team_id=team.team_id) '
.' LEFT JOIN '.SLA_TABLE.' sla ON (ticket.sla_id=sla.id AND sla.isactive=1) '
.' LEFT JOIN '.TOPIC_TABLE.' topic ON (ticket.topic_id=topic.topic_id) '
.' LEFT JOIN '.TOPIC_TABLE.' ptopic ON (ptopic.topic_id=topic.topic_pid) '
.' LEFT JOIN '.TABLE_PREFIX.'ticket__cdata cdata ON (cdata.ticket_id = ticket.ticket_id) '
.' LEFT JOIN '.PRIORITY_TABLE.' pri ON (pri.priority_id = cdata.priority_id)';
TicketForm::ensureDynamicDataView();
$query="$qselect $qfrom $qwhere ORDER BY $order_by $order LIMIT ".$pageNav->getStart().",".$pageNav->getLimit();
//echo $query;
$hash = md5($query);
$_SESSION['search_'.$hash] = $query;
$res = db_query($query);
$showing=db_num_rows($res)?$pageNav->showing():"";
if(!$results_type)
$results_type = ucfirst($status).' Tickets';
if($search)
$results_type.= ' (Search Results)';
$negorder=$order=='DESC'?'ASC':'DESC'; //Negate the sorting..
// Fetch the results
$results = array();
while ($row = db_fetch_array($res)) {
$results[$row['ticket_id']] = $row;
}
// Fetch attachment and thread entry counts
if ($results) {
$counts_sql = 'SELECT ticket.ticket_id,
count(DISTINCT attach.attach_id) as attachments,
count(DISTINCT thread.id) as thread_count,
count(DISTINCT collab.id) as collaborators
FROM '.TICKET_TABLE.' ticket
LEFT JOIN '.TICKET_ATTACHMENT_TABLE.' attach ON (ticket.ticket_id=attach.ticket_id) '
.' LEFT JOIN '.TICKET_THREAD_TABLE.' thread ON ( ticket.ticket_id=thread.ticket_id) '
.' LEFT JOIN '.TICKET_COLLABORATOR_TABLE.' collab
ON ( ticket.ticket_id=collab.ticket_id) '
.' WHERE ticket.ticket_id IN ('.implode(',', db_input(array_keys($results))).')
GROUP BY ticket.ticket_id';
$ids_res = db_query($counts_sql);
while ($row = db_fetch_array($ids_res)) {
$results[$row['ticket_id']] += $row;
}
}
//YOU BREAK IT YOU FIX IT.
?>
Please Confirm
Are you sure want to close selected open tickets?
Are you sure want to reopen selected closed tickets?
Are you sure want to flag the selected tickets as overdue?
Are you sure you want to DELETE selected tickets?
Deleted tickets CANNOT be recovered, including any associated attachments.