isStaff()) die('Access Denied');
$qs= array(); //Query string collector
if($_REQUEST['status']) { //Query string status has nothing to do with the real status used below; gets overloaded.
$qs += array('status' => $_REQUEST['status']);
}
//See if this is a search
$search=($_REQUEST['a']=='search');
$searchTerm='';
//make sure the search query is 3 chars min...defaults to no query with warning message
if($search) {
$searchTerm=$_REQUEST['query'];
if( ($_REQUEST['query'] && strlen($_REQUEST['query'])<3)
|| (!$_REQUEST['query'] && isset($_REQUEST['basic_search'])) ){ //Why do I care about this crap...
$search=false; //Instead of an error page...default back to regular query..with no search.
$errors['err']=__('Search term must be more than 3 chars');
$searchTerm='';
}
}
$showoverdue=$showanswered=false;
$staffId=0; //Nothing for now...TODO: Allow admin and manager to limit tickets to single staff level.
$showassigned= true; //show Assigned To column - defaults to true
//Get status we are actually going to use on the query...making sure it is clean!
$status=null;
switch(strtolower($_REQUEST['status'])){ //Status is overloaded
case 'open':
$status='open';
$results_type=__('Open Tickets');
break;
case 'closed':
$status='closed';
$results_type=__('Closed Tickets');
$showassigned=true; //closed by.
break;
case 'overdue':
$status='open';
$showoverdue=true;
$results_type=__('Overdue Tickets');
break;
case 'assigned':
$status='open';
$staffId=$thisstaff->getId();
$results_type=__('My Tickets');
break;
case 'answered':
$status='open';
$showanswered=true;
$results_type=__('Answered Tickets');
break;
default:
if (!$search && !isset($_REQUEST['advsid'])) {
$_REQUEST['status']=$status='open';
$results_type=__('Open Tickets');
}
}
$qwhere ='';
/*
STRICT DEPARTMENTS BASED PERMISSION!
User can also see tickets assigned to them regardless of the ticket's dept.
*/
$depts=$thisstaff->getDepts();
$qwhere =' WHERE ( '
.' ( ticket.staff_id='.db_input($thisstaff->getId())
.' AND status.state="open") ';
if(!$thisstaff->showAssignedOnly())
$qwhere.=' OR ticket.dept_id IN ('.($depts?implode(',', db_input($depts)):0).')';
if(($teams=$thisstaff->getTeams()) && count(array_filter($teams)))
$qwhere.=' OR (ticket.team_id IN ('.implode(',', db_input(array_filter($teams)))
.') AND status.state="open") ';
$qwhere .= ' )';
//STATUS to states
$states = array(
'open' => array('open'),
'closed' => array('closed'));
if($status && isset($states[$status])) {
$qwhere.=' AND status.state IN (
'.implode(',', db_input($states[$status])).' ) ';
}
if (isset($_REQUEST['uid']) && $_REQUEST['uid']) {
$qwhere .= ' AND (ticket.user_id='.db_input($_REQUEST['uid'])
.' OR collab.user_id='.db_input($_REQUEST['uid']).') ';
$qs += array('uid' => $_REQUEST['uid']);
}
//Queues: Overloaded sub-statuses - you've got to just have faith!
if($staffId && ($staffId==$thisstaff->getId())) { //My tickets
$results_type=__('Assigned Tickets');
$qwhere.=' AND ticket.staff_id='.db_input($staffId);
$showassigned=false; //My tickets...already assigned to the staff.
}elseif($showoverdue) { //overdue
$qwhere.=' AND ticket.isoverdue=1 ';
}elseif($showanswered) { ////Answered
$qwhere.=' AND ticket.isanswered=1 ';
}elseif(!strcasecmp($status, 'open') && !$search) { //Open queue (on search OPEN means all open tickets - regardless of state).
//Showing answered tickets on open queue??
if(!$cfg->showAnsweredTickets())
$qwhere.=' AND ticket.isanswered=0 ';
/* Showing assigned tickets on open queue?
Don't confuse it with show assigned To column -> F'it it's confusing - just trust me!
*/
if(!($cfg->showAssignedTickets() || $thisstaff->showAssignedTickets())) {
$qwhere.=' AND ticket.staff_id=0 '; //XXX: NOT factoring in team assignments - only staff assignments.
$showassigned=false; //Not showing Assigned To column since assigned tickets are not part of open queue
}
}
//Search?? Somebody...get me some coffee
$deep_search=false;
$order_by=$order=null;
if($search):
$qs += array('a' => $_REQUEST['a'], 't' => $_REQUEST['t']);
//query
if($searchTerm){
$qs += array('query' => $searchTerm);
$queryterm=db_real_escape($searchTerm,false); //escape the term ONLY...no quotes.
if (is_numeric($searchTerm)) {
$qwhere.=" AND ticket.`number` LIKE '$queryterm%'";
} elseif (strpos($searchTerm,'@') && Validator::is_email($searchTerm)) {
//pulling all tricks!
# XXX: What about searching for email addresses in the body of
# the thread message
$qwhere.=" AND email.address='$queryterm'";
} else {//Deep search!
//This sucks..mass scan! search anything that moves!
require_once(INCLUDE_DIR.'ajax.tickets.php');
$tickets = TicketsAjaxApi::_search(array('query'=>$queryterm));
if (count($tickets)) {
$ticket_ids = implode(',',db_input($tickets));
$qwhere .= ' AND ticket.ticket_id IN ('.$ticket_ids.')';
$order_by = 'FIELD(ticket.ticket_id, '.$ticket_ids.')';
$order = ' ';
}
else
// No hits -- there should be an empty list of results
$qwhere .= ' AND false';
}
}
endif;
if ($_REQUEST['advsid'] && isset($_SESSION['adv_'.$_REQUEST['advsid']])) {
$ticket_ids = implode(',', db_input($_SESSION['adv_'.$_REQUEST['advsid']]));
$qs += array('advsid' => $_REQUEST['advsid']);
$qwhere .= ' AND ticket.ticket_id IN ('.$ticket_ids.')';
// Thanks, http://stackoverflow.com/a/1631794
$order_by = 'FIELD(ticket.ticket_id, '.$ticket_ids.')';
$order = ' ';
}
$sortOptions=array('date'=>'effective_date','ID'=>'ticket.`number`*1',
'pri'=>'pri.priority_urgency','name'=>'user.name','subj'=>'cdata.subject',
'status'=>'status.name','assignee'=>'assigned','staff'=>'staff',
'dept'=>'dept.dept_name','org'=>'org_name');
$orderWays=array('DESC'=>'DESC','ASC'=>'ASC');
//Sorting options...
$queue = isset($_REQUEST['status'])?strtolower($_REQUEST['status']):$status;
if($_REQUEST['sort'] && $sortOptions[$_REQUEST['sort']])
$order_by =$sortOptions[$_REQUEST['sort']];
elseif($sortOptions[$_SESSION[$queue.'_tickets']['sort']]) {
$_REQUEST['sort'] = $_SESSION[$queue.'_tickets']['sort'];
$_REQUEST['order'] = $_SESSION[$queue.'_tickets']['order'];
$order_by = $sortOptions[$_SESSION[$queue.'_tickets']['sort']];
$order = $_SESSION[$queue.'_tickets']['order'];
}
if($_REQUEST['order'] && $orderWays[strtoupper($_REQUEST['order'])])
$order=$orderWays[strtoupper($_REQUEST['order'])];
//Save sort order for sticky sorting.
if($_REQUEST['sort'] && $queue) {
$_SESSION[$queue.'_tickets']['sort'] = $_REQUEST['sort'];
$_SESSION[$queue.'_tickets']['order'] = $_REQUEST['order'];
}
//Set default sort by columns.
if(!$order_by ) {
if($showanswered)
$order_by='ticket.lastresponse, ticket.created'; //No priority sorting for answered tickets.
elseif(!strcasecmp($status,'closed'))
$order_by='ticket.closed, ticket.created'; //No priority sorting for closed tickets.
elseif($showoverdue) //priority> duedate > age in ASC order.
$order_by='pri.priority_urgency ASC, ISNULL(ticket.duedate) ASC, ticket.duedate ASC, effective_date ASC, ticket.created';
else //XXX: Add due date here?? No -
$order_by='pri.priority_urgency ASC, effective_date DESC, ticket.created';
}
$order=$order?$order:'DESC';
if($order_by && strpos($order_by,',') && $order)
$order_by=preg_replace('/(? $_GET['limit']);
$qselect ='SELECT ticket.ticket_id,tlock.lock_id,ticket.`number`,ticket.dept_id,ticket.staff_id,ticket.team_id '
.' ,user.name'
.' ,email.address as email, dept.dept_name, status.state '
.' ,status.name as status,ticket.source,ticket.isoverdue,ticket.isanswered,ticket.created '
.' ,org.name as org_name ';
$qfrom=' FROM '.TICKET_TABLE.' ticket '.
' LEFT JOIN '.TICKET_STATUS_TABLE.' status ON status.id = ticket.status_id '.
' LEFT JOIN '.USER_TABLE.' user ON user.id = ticket.user_id'.
' LEFT JOIN '.USER_EMAIL_TABLE.' email ON user.id = email.user_id '.
' LEFT JOIN '.DEPT_TABLE.' dept ON ticket.dept_id=dept.dept_id '.
' LEFT JOIN '.ORGANIZATION_TABLE.' org ON user.org_id = org.id ';
if ($_REQUEST['uid'])
$qfrom.=' LEFT JOIN '.TICKET_COLLABORATOR_TABLE.' collab
ON (ticket.ticket_id = collab.ticket_id )';
$sjoin='';
if($search && $deep_search) {
$sjoin.=' LEFT JOIN '.TICKET_THREAD_TABLE.' thread ON (ticket.ticket_id=thread.ticket_id )';
}
//get ticket count based on the query so far..
$total=db_count("SELECT count(DISTINCT ticket.ticket_id) $qfrom $sjoin $qwhere");
//pagenate
$pagelimit=($_GET['limit'] && is_numeric($_GET['limit']))?$_GET['limit']:PAGE_LIMIT;
$page=($_GET['p'] && is_numeric($_GET['p']))?$_GET['p']:1;
$pageNav=new Pagenate($total,$page,$pagelimit);
$qstr = '&'.http::build_query($qs);
$qs += array('sort' => $_REQUEST['sort'], 'order' => $_REQUEST['order']);
$pageNav->setURL('tickets.php', $qs);
//ADD attachment,priorities, lock and other crap
$qselect.=' ,IF(ticket.duedate IS NULL,IF(sla.id IS NULL, NULL, DATE_ADD(ticket.created, INTERVAL sla.grace_period HOUR)), ticket.duedate) as duedate '
.' ,CAST(GREATEST(IFNULL(ticket.lastmessage, 0), IFNULL(ticket.closed, 0), IFNULL(ticket.reopened, 0), ticket.created) as datetime) as effective_date '
.' ,ticket.created as ticket_created, CONCAT_WS(" ", staff.firstname, staff.lastname) as staff, team.name as team '
.' ,IF(staff.staff_id IS NULL,team.name,CONCAT_WS(" ", staff.lastname, staff.firstname)) as assigned '
.' ,IF(ptopic.topic_pid IS NULL, topic.topic, CONCAT_WS(" / ", ptopic.topic, topic.topic)) as helptopic '
.' ,cdata.priority as priority_id, cdata.subject, pri.priority_desc, pri.priority_color';
$qfrom.=' LEFT JOIN '.TICKET_LOCK_TABLE.' tlock ON (ticket.ticket_id=tlock.ticket_id AND tlock.expire>NOW()
AND tlock.staff_id!='.db_input($thisstaff->getId()).') '
.' LEFT JOIN '.STAFF_TABLE.' staff ON (ticket.staff_id=staff.staff_id) '
.' LEFT JOIN '.TEAM_TABLE.' team ON (ticket.team_id=team.team_id) '
.' LEFT JOIN '.SLA_TABLE.' sla ON (ticket.sla_id=sla.id AND sla.isactive=1) '
.' LEFT JOIN '.TOPIC_TABLE.' topic ON (ticket.topic_id=topic.topic_id) '
.' LEFT JOIN '.TOPIC_TABLE.' ptopic ON (ptopic.topic_id=topic.topic_pid) '
.' LEFT JOIN '.TABLE_PREFIX.'ticket__cdata cdata ON (cdata.ticket_id = ticket.ticket_id) '
.' LEFT JOIN '.PRIORITY_TABLE.' pri ON (pri.priority_id = cdata.priority)';
TicketForm::ensureDynamicDataView();
$query="$qselect $qfrom $qwhere ORDER BY $order_by $order LIMIT ".$pageNav->getStart().",".$pageNav->getLimit();
//echo $query;
$hash = md5($query);
$_SESSION['search_'.$hash] = $query;
$res = db_query($query);
$showing=db_num_rows($res)? ' — '.$pageNav->showing():"";
if(!$results_type)
$results_type = sprintf(__('%s Tickets' /* %s will be a status such as 'open' */),
mb_convert_case($status, MB_CASE_TITLE));
if($search)
$results_type.= ' ('.__('Search Results').')';
$negorder=$order=='DESC'?'ASC':'DESC'; //Negate the sorting..
// Fetch the results
$results = array();
while ($row = db_fetch_array($res)) {
$results[$row['ticket_id']] = $row;
}
// Fetch attachment and thread entry counts
if ($results) {
$counts_sql = 'SELECT ticket.ticket_id,
count(DISTINCT attach.attach_id) as attachments,
count(DISTINCT thread.id) as thread_count,
count(DISTINCT collab.id) as collaborators
FROM '.TICKET_TABLE.' ticket
LEFT JOIN '.TICKET_ATTACHMENT_TABLE.' attach ON (ticket.ticket_id=attach.ticket_id) '
.' LEFT JOIN '.TICKET_THREAD_TABLE.' thread ON ( ticket.ticket_id=thread.ticket_id) '
.' LEFT JOIN '.TICKET_COLLABORATOR_TABLE.' collab
ON ( ticket.ticket_id=collab.ticket_id) '
.' WHERE ticket.ticket_id IN ('.implode(',', db_input(array_keys($results))).')
GROUP BY ticket.ticket_id';
$ids_res = db_query($counts_sql);
while ($row = db_fetch_array($ids_res)) {
$results[$row['ticket_id']] += $row;
}
}
//YOU BREAK IT YOU FIX IT.
?>