Pietro_Aretino

KevinTheJedi · Apr 26, 2019

The issue is that there are no Team IDs populated in the query.

It states ... check for the right syntax to use near '))) AND A2.state' .... If you look for that part in the query it is this part (A1.staff_id = 0 AND A1.team_id IN ())) AND A2.state. As you can see there are no team_ids to match against so it fails with a syntax error. Why this occurs I have no idea as I don’t have access to your system.

I would recommend upgrading to the latest maintenance release of v1.10.6 to see if we addressed this issue already. You should upgrade regardless simply because v1.10.4 is vulnerable to SQL injection which is end game for your system, data, and database

If the issue still occurs with v1.10.6 then you should definitely do some debugging. Maybe see if they belong to a team or multiple teams, etc.

Cheers.

KevinTheJedi · Mar 22, 2019

@Pietro_Aretino

That screen means the system is not done loading yet. Please allow the system to fully load and see if it returns results. If it doesn't load after 5 minutes check your error logs for any errors.

Cheers.

KevinTheJedi · Mar 11, 2019

@Pietro_Aretino

Delete all agent related queues in the ost_queue table (ie. all the old saved searches). You can find these by looking for records with a value in the staff_id column. Delete these first and retest. If you still have issues I'd suggest deleting all non-standard queues and then you'll be fine from here on out.

NOTE: Keep track of the queue_ids of the ones you delete and go through all the ost_queue_* tables to ensure you delete the associated data like ost_queue_columns, etc. However not necessary it's still good practice to do so.

The problem is that the queues have changed dramatically and not all config formats from the old saved searches reformat properly causing query errors, etc. If you create any new Personal Queues/Saved Searches these will work fine, it's just the old ones that have been reformatted that have issues.

TLDR;

Either delete all agent related queues (ie. records with staff_id values in ost_queue) or just delete all non-standard queues and you should be good.

Standard Queues:

Open
Answered
My Tickets
Closed
Assigned
Overdue
Team Tickets
Assigned To Me
Open (yes another one)

Cheers.

ntozier · Feb 26, 2019

No worries @Pietro_Aretino I would much rather someone post (and then post their own solution) than not post at all. This way everyone else can reference the post and hopefully it will help someone. ?

KevinTheJedi · Jan 25, 2019

@Pietro_Aretino

The TicketForm does not exist...you really just need to dump the database, remove all customizations, and you'll be good. ?

Cheers.

KevinTheJedi · Dec 21, 2018

@Pietro_Aretino

@ntozier is correct. We do not log to systemd logs or anything on the OS side (would be cool though ?). Instead we log the errors/debug info to the ost_syslog table. We include the IP, dates, etc. for easier debugging. You can run a script to pull the latest entries from the table and push them to any logging system of your choosing (as long as you write the script properly and format the data from sql properly). It should be a relatively small and easy bash script (or whatever language you prefer).

Cheers.

KevinTheJedi · Oct 19, 2018

@Pietro_Aretino

Just a heads up that there will be a FREE feature soon for osTicket called Audit Logs giving you every activity of every agent/user. Should be released in 1.12.x.

Cheers.

KevinTheJedi · Oct 17, 2018

@Pietro_Aretino

Also, instead of echo-ing a bunch of times just end the PHP block, enter the JS, then open the block back up:

<?php 
if ($thisstaff->canAccessDept((int) 1)) {
?>
    <script type='text/javascript'>
        var LHCChatboxOptions = {hashchatbox:'empty',identifier:'default',status_text:'Chatbox'};
        (function() {
            var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
            po.src = '//10.2.10.108/lhc/index.php/chatbox/getstatus/(position)/bottom_right/(top)/300/(units)/pixels/(width)/300/(height)/300/(chat_height)/220';
            var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);
        })();
    </script>
<?php
}
?>

Makes for much cleaner code ??

Here is a frame of reference for what I'm talking about in the source code:
https://github.com/osTicket/osTicket/blob/develop/include/class.forms.php#L3947-L3973

Cheers.

KevinTheJedi · Oct 17, 2018

@Pietro_Aretino

I wouldn't use require_once() nor include_once() as I believe class.staff.php is already required elsewhere. If $staff object isn't working for you out of the gate then use $thisstaff (current staff).

Cheers.

KevinTheJedi · Oct 17, 2018

@Pietro_Aretino

All I have to say is please be careful using 3rd party apps/extensions and always, always, ALWAYS look at every bit of the source code to make sure it's not doing anything malicious (if you don't understand a piece of it research it until you do). You don't know what the code truly does and if it has opened holes for XSS attacks, SQL injections, etc. or even if it sends your data somewhere else. So just...please be careful.

Side Note:
Also, be careful when posting guides/tutorials on connecting 3rd party apps/extensions as you could be leading someone down a hole that opens the aforementioned attacks. Not fun lol ?

Cheers.

KevinTheJedi · Oct 17, 2018

@Pietro_Aretino

Correctamundo.

if ($staff->canAccessDept((int) 1)) {
    echo "Hey";
}

The above states:
If the $staff can access Department with ID of 1 then echo "Hey".

Cheers.

KevinTheJedi · Oct 17, 2018

@Pietro_Aretino

$staff->getDepartments(); will give you the agent's department.
staff->dept_access; will give you Department access (dept_id, role_id).
$staff->canAccessDept($dept_id); will check if the agent can access a certain Dept by ID.

Basically, just check the include/class.staff.php file for more information.

Cheers.