user_is_admin) { header("HTTP/1.0 403 Forbidden"); echo "Forbidden

403 Forbidden

"; exit; } } if (!$ticket_id) { $ticket_is_new = 1; $author_notify = $_POST['author_notify'] ? 1 : 0; $row = mysql_fetch_object(mysql_query_wrapper ("select floor(rand()*80000000+10000000) as r")); $ticket_auth = $row->r; mysql_query_wrapper ("insert into tickets (ticket_auth, ticket_state_id, ticket_account_login, ticket_account_domain, ticket_author_name, ticket_author_email, ticket_author_phone, ticket_author_notify, ticket_date_created) values ($ticket_auth, 2, '$_POST[account_login]', '$_POST[account_domain]', '$_POST[author_name]', '$_POST[author_email]', '$_POST[author_phone]', '$author_notify', now())"); $ticket_id = mysql_insert_id(); if($ticket_is_new > 0) { if(check_captcha($_POST['user_code'])) { mysql_query_wrapper("update tickets set ticket_state_id='0' where ticket_id='" . $ticket_id . "'"); $passed_captcha = 1; } else { $passed_captcha = 0; } } } if ($user->user_id && !$_POST['is_really_anonymous']) $user_id_sql = "'$user->user_id'"; else $user_id_sql = "null"; $is_public = ($user->user_is_admin && !$_POST['is_public']) ? 0 : 1; if ($_POST['longtext']) mysql_query_wrapper("insert into notes (note_ticket_id, note_user_id, note_author_email, note_author_phone, note_is_public, note_date_created, note_remote_addr, note_longtext) values ($ticket_id, $user_id_sql, '$_POST[author_email]', '$_POST[author_phone]', '$is_public', now(), '$_ENV[REMOTE_ADDR]', '$_POST[longtext]')"); $returnto = (isset($passed_captcha) && $passed_captcha == 0) ? "captcha.php?ticket_id=" . $ticket_id . "&ticket_auth=" . $ticket_auth : "$ticket_id$ticket_auth"; /* admin tasks */ if ($user->user_is_admin) { /* assign the ticket to a user */ if (isset($_POST['assign'])) { mysql_query_wrapper("update tickets set ticket_assigned_to='$_POST[assign]' where ticket_id='$ticket_id'"); if (mysql_affected_rows()) $ticket_was_reassigned_to = $_POST[assign]; } /* update various ticket fields */ $post_to_mysql = array ('state' => 'ticket_state_id', 'author_email' => 'ticket_author_email', 'author_phone' => 'ticket_author_phone', 'account_login' => 'ticket_account_login', 'account_domain' => 'ticket_account_domain'); foreach ($post_to_mysql as $p => $m) if (isset($_REQUEST[$p])) mysql_query_wrapper("update tickets set $m='{$_REQUEST[$p]}' where ticket_id='$ticket_id'"); if ($_REQUEST['state'] > 0) $returnto = "list.php"; } else if (!isset($passed_captcha) || $passed_captcha) { /* re-open the ticket if a non-admin is adding a note to it */ mysql_query_wrapper("update tickets set ticket_state_id=0 where ticket_id='$ticket_id'"); } /* who wants to receive email about this change? */ $recipients = array(); $ticket_is_unassigned = 1; /* 1. perhaps the ticket submitter */ if ($is_public) { $row = mysql_fetch_object (mysql_query_wrapper ("select ticket_author_email from tickets where ticket_id='$ticket_id' and ticket_author_notify>0")); if ($row) { $ra = preg_split("/[,; ]/", $row->ticket_author_email, -1, PREG_SPLIT_NO_EMPTY); foreach ($ra as $e) { $recipients[$e] = 'author'; } } } /* 2. perhaps the user who has just been assigned this ticket */ if (isset($ticket_was_reassigned_to)) { $row = mysql_fetch_object (mysql_query_wrapper ("select user_email from users where user_id='$ticket_was_reassigned_to' and user_id<>'$user->user_id' and user_notify_assign>0")); if ($row) { $recipients[$row->user_email] = 'user'; $ticket_is_unassigned = 0; } } /* 3. perhaps the user this ticket is assigned to */ if ($_POST['longtext']) { $row = mysql_fetch_object (mysql_query_wrapper ("select user_email from tickets left join users on user_id=ticket_assigned_to where ticket_id='$ticket_id' and user_id<>'$user->user_id'")); if ($row) { $recipients[$row->user_email] = 'user'; $ticket_is_unassigned = 0; } } /* 4. perhaps users who want notifications when new tickets are submitted */ if ($ticket_is_new || ($ticket_is_unassigned && !$user->user_is_admin)) { $nq = mysql_query_wrapper ("select user_email from users where user_notify_newticket>0"); while ($row = mysql_fetch_object ($nq)) $recipients[$row->user_email] = 'user'; } if (!$user->user_is_admin && isset($passed_captcha) && !$passed_captcha) { $recipients = array(); } else if (!$user->user_is_admin && is_spam()) { $recipients = array(); } foreach ($recipients as $r => $rtype) { $message = ""; if ($rtype == 'user' && $ticket_was_reassigned_to) { $orignote = mysql_fetch_object (mysql_query_wrapper ("select note_longtext from notes where note_ticket_id='$ticket_id' order by note_id limit 1")); $message .= "Ticket assigned to you:\n\n"; $message .= trim(wordwrap (stripslashes (ereg_replace("\r","",$orignote->note_longtext)), 65)); $message .= "\n\n"; $message .= "--------------------------------------------------------\n"; $message .= "http://{$_SERVER['HTTP_HOST']}/show.php?ticket_id=$ticket_id\n\n\n"; } if ($_POST['longtext'] && ($user->user_is_admin || $rtype == 'user')) { $dashes = "--------------------------------------------------------"; if ($rtype == 'author') $message .= "The following note has been added to your ticket.\n$dashes\n\n"; else if ($rtype == 'user' && $ticket_is_new) $message .= "Ticket submitted:\n\n"; else $message .= "The following note has been added.\n$dashes\n\n"; $message .= trim(wordwrap(stripslashes(ereg_replace("\r","",$_POST['longtext'])), 65)); $message .= "\n\n"; $message .= "--------------------------------------------------------\n"; $message .= "To add further comments, see the history of this ticket,\n"; $message .= "or change your email notification settings:\n\n"; if ($rtype == 'author') $message .= "http://{$_SERVER['HTTP_HOST']}/$ticket_id$ticket_auth\n\n"; else $message .= "http://{$_SERVER['HTTP_HOST']}/show.php?ticket_id=$ticket_id\n\n"; } if ($message) { $subject = "KICS ticket #$ticket_id$ticket_auth"; mail ($r, $subject, $message, "From: help@kics.bc.ca\r\nReply-To: help@kics.bc.ca\r\nReturn-Path: "); } } if ($_REQUEST['json'] || $_REQUEST['ajax']) { header("X-JSON: { id: ".$_REQUEST['ticket_id']." }"); echo "OK"; exit; } header ("Location: $returnto"); ?>