Copyright (c) 2006-2010 osTicket http://www.osticket.com Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: $Id: $ **********************************************************************/ require('secure.inc.php'); if(!is_object($thisclient) || !$thisclient->isValid()) die('Zugriff verweigert!'); //Double check again. require_once(INCLUDE_DIR.'class.ticket.php'); $ticket=null; $inc='tickets.inc.php'; //Default page...show all tickets. //Check if any id is given... if(($id=$_REQUEST['id']?$_REQUEST['id']:$_POST['ticket_id']) && is_numeric($id)) { //id given fetch the ticket info and check perm. $ticket= new Ticket(Ticket::getIdByExtId((int)$id)); if(!$ticket or !$ticket->getEmail()) { $ticket=null; //clear. $errors['err']='zugriff verweigert. Falsche Ticket ID'; }elseif(strcasecmp($thisclient->getEmail(),$ticket->getEmail())){ $errors['err']='Sicherheitsverletzung. Wiederholte Versuche führen zu einer Sperre Ihres Accounts.'; $ticket=null; //clear. }else{ //Everything checked out. $inc='viewticket.inc.php'; } } //Process post...depends on $ticket object above. if($_POST && is_object($ticket) && $ticket->getId()): $errors=array(); switch(strtolower($_POST['a'])){ case 'postmessage': if(strcasecmp($thisclient->getEmail(),$ticket->getEmail())) { //double check perm again! $errors['err']='Zugriff verweigert. Falsche Ticket ID'; $inc='tickets.inc.php'; //Show the tickets. } if(!$_POST['message']) $errors['message']='Nachricht erforderlich'; //check attachment..if any is set if($_FILES['attachment']['name']) { if(!$cfg->allowOnlineAttachments()) //Something wrong with the form...user shouldn't have an option to attach $errors['attachment']='Datei [ '.$_FILES['attachment']['name'].' ] abgewiesen'; elseif(!$cfg->canUploadFileType($_FILES['attachment']['name'])) $errors['attachment']='Falscher Dateityp [ '.$_FILES['attachment']['name'].' ]'; elseif($_FILES['attachment']['size']>$cfg->getMaxFileSize()) $errors['attachment']='Datei ist zu groß. Max. '.$cfg->getMaxFileSize().' bytes erlaubt'; } if(!$errors){ //Everything checked out...do the magic. if(($msgid=$ticket->postMessage($_POST['message'],'Web'))) { if($_FILES['attachment']['name'] && $cfg->canUploadFiles() && $cfg->allowOnlineAttachments()) $ticket->uploadAttachment($_FILES['attachment'],$msgid,'M'); $msg='Nachricht erfolgreich zugestellt'; }else{ $errors['err']='Zustellung der Nachricht nicht möglich. Bitte nochmal versuchen'; } }else{ $errors['err']=$errors['err']?$errors['err']:'Fehler aufgetreten. Bitte nochmal versuchen'; } break; default: $errors['err']='Unbekannte Aktion'; } $ticket->reload(); endif; include(CLIENTINC_DIR.'header.inc.php'); include(CLIENTINC_DIR.$inc); include(CLIENTINC_DIR.'footer.inc.php'); ?>