isStaff()) die('Zugriff verweigert');
//Get ready for some deep shit..(I admit..this could be done better...but the shit just works... so shutup for now).
$qstr='&'; //Query string collector
if($_REQUEST['status']) { //Query string status has nothing to do with the real status used below; gets overloaded.
$qstr.='status='.urlencode($_REQUEST['status']);
}
//See if this is a search
$search=$_REQUEST['a']=='search'?true:false;
$searchTerm='';
//make sure the search query is 3 chars min...defaults to no query with warning message
if($search) {
$searchTerm=$_REQUEST['query'];
if( ($_REQUEST['query'] && strlen($_REQUEST['query'])<3)
|| (!$_REQUEST['query'] && isset($_REQUEST['basic_search'])) ){ //Why do I care about this crap...
$search=false; //Instead of an error page...default back to regular query..with no search.
$errors['err']='Suchbegriff muss mindestens 3 Zeichenlang sein';
$searchTerm='';
}
}
$showoverdue=$showanswered=false;
$staffId=0; //Nothing for now...TODO: Allow admin and manager to limit tickets to single staff level.
//Get status we are actually going to use on the query...making sure it is clean!
$status=null;
switch(strtolower($_REQUEST['status'])){ //Status is overloaded
case 'open':
$status='open';
$ger_status='offen';
break;
case 'closed':
$status='closed';
$ger_status='geschlossen';
break;
case 'overdue':
$status='open';
$ger_status='offen';
$showoverdue=true;
$results_type='Überfällige Tickets';
break;
case 'assigned':
//$status='Open'; //
$staffId=$thisuser->getId();
break;
case 'answered':
$status='open';
$ger_status='offen';
$showanswered=true;
$results_type='Beantwortete Tickets';
break;
default:
if(!$search)
$status='open';
$ger_status='offen';
}
// This sucks but we need to switch queues on the fly! depending on stats fetched on the parent.
if($stats) {
if(!$stats['open'] && (!$status || $status=='open')){
if(!$cfg->showAnsweredTickets() && $stats['answered']) {
$status='open';
$ger_status='offen';
$showanswered=true;
$results_type='Beantwortete Tickets';
}elseif(!$stats['answered']) { //no open or answered tickets (+-queue?) - show closed tickets.???
$status='closed';
$ger_status='geschlossen';
$results_type='Geschlossene Tickets';
}
}
}
$qwhere ='';
/* DEPTS
STRICT DEPARTMENTS BASED (a.k.a Categories) PERM. starts the where
if dept returns nothing...show only tickets without dept which could mean..none?
Note that dept selected on search has nothing to do with departments allowed.
User can also see tickets assigned to them regardless of the ticket's dept.
*/
$depts=$thisuser->getDepts(); //if dept returns nothing...show only tickets without dept which could mean..none...and display an error. huh?
if(!$depts or !is_array($depts) or !count($depts)){
//if dept returns nothing...show only orphaned tickets (without dept) which could mean..none...and display an error.
$qwhere =' WHERE ticket.dept_id IN ( 0 ) ';
}else if($thisuser->isadmin()){
//user allowed acess to all departments.
$qwhere =' WHERE 1'; // Brain fart...can not thing of a better way other than selecting all depts + 0 ..wasted query in my book?
}else{
//limited depts....user can access tickets assigned to them regardless of the dept.
$qwhere =' WHERE (ticket.dept_id IN ('.implode(',',$depts).') OR ticket.staff_id='.$thisuser->getId().')';
}
//STATUS
if($status){
$qwhere.=' AND status='.db_input(strtolower($status));
}
//Sub-statuses Trust me!
if($staffId && ($staffId==$thisuser->getId())) { //Staff's assigned tickets.
$results_type='Zugewiesene Tickets';
$qwhere.=' AND ticket.staff_id='.db_input($staffId);
}elseif($showoverdue) { //overdue
$qwhere.=' AND isoverdue=1 ';
}elseif($showanswered) { ////Answered
$qwhere.=' AND isanswered=1 ';
}elseif(!$search && !$cfg->showAnsweredTickets() && !strcasecmp($status,'open')) {
$qwhere.=' AND isanswered=0 ';
}
//Show assigned?? Admin can not be limited. Dept managers see all tickets within the dept.
if(!$cfg->showAssignedTickets() && !$thisuser->isadmin()) {
$qwhere.=' AND (ticket.staff_id=0 OR ticket.staff_id='.db_input($thisuser->getId()).' OR dept.manager_id='.db_input($thisuser->getId()).') ';
}
//Search?? Somebody...get me some coffee
$deep_search=false;
if($search):
$qstr.='&a='.urlencode($_REQUEST['a']);
$qstr.='&t='.urlencode($_REQUEST['t']);
if(isset($_REQUEST['advance_search'])){ //advance search box!
$qstr.='&advance_search=Search';
}
//query
if($searchTerm){
$qstr.='&query='.urlencode($searchTerm);
$queryterm=db_real_escape($searchTerm,false); //escape the term ONLY...no quotes.
if(is_numeric($searchTerm)){
$qwhere.=" AND ticket.ticketID LIKE '$queryterm%'";
}elseif(strpos($searchTerm,'@') && Validator::is_email($searchTerm)){ //pulling all tricks!
$qwhere.=" AND ticket.email='$queryterm'";
}else{//Deep search!
//This sucks..mass scan! search anything that moves!
$deep_search=true;
if($_REQUEST['stype'] && $_REQUEST['stype']=='FT') { //Using full text on big fields.
$qwhere.=" AND ( ticket.email LIKE '%$queryterm%'".
" OR ticket.name LIKE '%$queryterm%'".
" OR ticket.subject LIKE '%$queryterm%'".
" OR note.title LIKE '%$queryterm%'".
" OR MATCH(message.message) AGAINST('$queryterm')".
" OR MATCH(response.response) AGAINST('$queryterm')".
" OR MATCH(note.note) AGAINST('$queryterm')".
' ) ';
}else{
$qwhere.=" AND ( ticket.email LIKE '%$queryterm%'".
" OR ticket.name LIKE '%$queryterm%'".
" OR ticket.subject LIKE '%$queryterm%'".
" OR message.message LIKE '%$queryterm%'".
" OR response.response LIKE '%$queryterm%'".
" OR note.note LIKE '%$queryterm%'".
" OR note.title LIKE '%$queryterm%'".
' ) ';
}
}
}
//department
if($_REQUEST['dept'] && ($thisuser->isadmin() || in_array($_REQUEST['dept'],$thisuser->getDepts()))) {
//This is dept based search..perm taken care above..put the sucker in.
$qwhere.=' AND ticket.dept_id='.db_input($_REQUEST['dept']);
$qstr.='&dept='.urlencode($_REQUEST['dept']);
}
//dates
$startTime =($_REQUEST['startDate'] && (strlen($_REQUEST['startDate'])>=8))?strtotime($_REQUEST['startDate']):0;
$endTime =($_REQUEST['endDate'] && (strlen($_REQUEST['endDate'])>=8))?strtotime($_REQUEST['endDate']):0;
if( ($startTime && $startTime>time()) or ($startTime>$endTime && $endTime>0)){
$errors['err']='Eingegebener Zeitraum ist ungütig. Auswahl wird ignoriert.';
$startTime=$endTime=0;
}else{
//Have fun with dates.
if($startTime){
$qwhere.=' AND ticket.created>=FROM_UNIXTIME('.$startTime.')';
$qstr.='&startDate='.urlencode($_REQUEST['startDate']);
}
if($endTime){
$qwhere.=' AND ticket.created<=FROM_UNIXTIME('.$endTime.')';
$qstr.='&endDate='.urlencode($_REQUEST['endDate']);
}
}
endif;
//I admit this crap sucks...but who cares??
$sortOptions=array('date'=>'ticket.created','ID'=>'ticketID','pri'=>'priority_urgency','dept'=>'dept_name');
$orderWays=array('DESC'=>'DESC','ASC'=>'ASC');
//Sorting options...
if($_REQUEST['sort']) {
$order_by =$sortOptions[$_REQUEST['sort']];
}
if($_REQUEST['order']) {
$order=$orderWays[$_REQUEST['order']];
}
if($_GET['limit']){
$qstr.='&limit='.urlencode($_GET['limit']);
}
if(!$order_by && $showanswered) {
$order_by='ticket.lastresponse DESC, ticket.created'; //No priority sorting for answered tickets.
}elseif(!$order_by && !strcasecmp($status,'closed')){
$order_by='ticket.closed DESC, ticket.created'; //No priority sorting for closed tickets.
}
$order_by =$order_by?$order_by:'priority_urgency,effective_date DESC ,ticket.created';
$order=$order?$order:'DESC';
$pagelimit=$_GET['limit']?$_GET['limit']:$thisuser->getPageLimit();
$pagelimit=$pagelimit?$pagelimit:PAGE_LIMIT; //true default...if all fails.
$page=($_GET['p'] && is_numeric($_GET['p']))?$_GET['p']:1;
$qselect = 'SELECT DISTINCT ticket.ticket_id,lock_id,ticketID,ticket.dept_id,ticket.staff_id,subject,name,email,dept_name '.
',ticket.status,ticket.source,isoverdue,isanswered,ticket.created,pri.* ,count(attach.attach_id) as attachments ';
$qfrom=' FROM '.TICKET_TABLE.' ticket '.
' LEFT JOIN '.DEPT_TABLE.' dept ON ticket.dept_id=dept.dept_id ';
if($search && $deep_search) {
$qfrom.=' LEFT JOIN '.TICKET_MESSAGE_TABLE.' message ON (ticket.ticket_id=message.ticket_id )';
$qfrom.=' LEFT JOIN '.TICKET_RESPONSE_TABLE.' response ON (ticket.ticket_id=response.ticket_id )';
$qfrom.=' LEFT JOIN '.TICKET_NOTE_TABLE.' note ON (ticket.ticket_id=note.ticket_id )';
}
$qgroup=' GROUP BY ticket.ticket_id';
//get ticket count based on the query so far..
$total=db_count("SELECT count(DISTINCT ticket.ticket_id) $qfrom $qwhere");
//pagenate
$pageNav=new Pagenate($total,$page,$pagelimit);
$pageNav->setURL('tickets.php',$qstr.'&sort='.urlencode($_REQUEST['sort']).'&order='.urlencode($_REQUEST['order']));
//
//Ok..lets roll...create the actual query
//ADD attachment,priorities and lock crap
$qselect.=' ,count(attach.attach_id) as attachments, IF(ticket.reopened is NULL,ticket.created,ticket.reopened) as effective_date';
$qfrom.=' LEFT JOIN '.TICKET_PRIORITY_TABLE.' pri ON ticket.priority_id=pri.priority_id '.
' LEFT JOIN '.TICKET_LOCK_TABLE.' tlock ON ticket.ticket_id=tlock.ticket_id AND tlock.expire>NOW() '.
' LEFT JOIN '.TICKET_ATTACHMENT_TABLE.' attach ON ticket.ticket_id=attach.ticket_id ';
$query="$qselect $qfrom $qwhere $qgroup ORDER BY $order_by $order LIMIT ".$pageNav->getStart().",".$pageNav->getLimit();
//echo $query;
$tickets_res = db_query($query);
$showing=db_num_rows($tickets_res)?$pageNav->showing():"";
if(!$results_type) {
$results_type=($search)?'Suchergebnisse':ucfirst($ger_status).'e Tickets';
}
$negorder=$order=='DESC'?'ASC':'DESC'; //Negate the sorting..
//Permission setting we are going to reuse.
$canDelete=$canClose=false;
$canDelete=$thisuser->canDeleteTickets();
$canClose=$thisuser->canCloseTickets();
$basic_display=!isset($_REQUEST['advance_search'])?true:false;
//YOU BREAK IT YOU FIX IT.
?>
