require_once(INCLUDE_DIR.'class.export.php'); // For paper sizes
$ticket = $user = null; //clean start.
$redirect = false;
//LOCKDOWN...See if the id provided is actually valid and if the user has access.
if($_REQUEST['id'] || $_REQUEST['number']) {
if($_REQUEST['id'] && !($ticket=Ticket::lookup($_REQUEST['id'])))
$errors['err']=sprintf(__('%s: Unknown or invalid ID.'), __('ticket'));
elseif($_REQUEST['number'] && !($ticket=Ticket::lookup(['number' => $_REQUEST['number']])))
$errors['err']=sprintf(__('%s: Unknown or invalid number.'), __('ticket'));
elseif(!$ticket->checkStaffPerm($thisstaff)) {
$errors['err']=__('Access denied. Contact admin if you believe this is in error');
$user = User::lookup($_REQUEST['uid']);
$queue_key = sprintf('::Q:%s', ObjectModel::OBJECT_TYPE_TICKET);
$queue_name = strtolower($_GET['a'] ?: $_GET['status']); //Status is overloaded
if (!$queue_name && isset($_SESSION[$queue_key]))
$queue_name = $_SESSION[$queue_key];
// Stash current queue view
$_SESSION[$queue_key] = $queue_name;
// Set queue as status
if (@!isset($_REQUEST['advanced'])
&& @$_REQUEST['a'] != 'search'
&& !isset($_GET['status'])
&& $queue_name)
$_GET['status'] = $_REQUEST['status'] = $queue_name;
// Configure form for file uploads
'attachments' => new FileUploadField(array('id'=>'attach',
'configuration' => array('extensions'=>'')))
'attachments' => new FileUploadField(array('id'=>'attach',
'configuration' => array('extensions'=>'')))
//At this stage we know the access status. we can process the post.
if($_POST && !$errors):
if($ticket && $ticket->getId()) {
//More coffee please.
$lock = $ticket->getLock(); //Ticket lock if any
$role = $thisstaff->getRole($ticket->getDeptId());
case 'reply':
if (!$role || !$role->hasPerm(TicketModel::PERM_REPLY)) {
$errors['err'] = __('Action denied. Contact admin for access');
$vars = $_POST;
$vars['cannedattachments'] = $response_form->getField('attachments')->getClean();
$vars['response'] = ThreadEntryBody::clean($vars['response']);
$errors['response']=__('Response required');
if ($cfg->getLockTime()) {
if (!$lock) {
$errors['err'] = __('This action requires a lock. Please try again');
// Use locks to avoid double replies
elseif ($lock->getStaffId()!=$thisstaff->getId()) {
$errors['err'] = __('Action Denied. Ticket is locked by someone else!');
// Attempt to renew the lock if possible
elseif (($lock->isExpired() && !$lock->renew())
||($lock->getCode() != $_POST['lockCode'])
) {
$errors['err'] = __('Your lock has expired. Please try again');
//Make sure the email is not banned
if(!$errors['err'] && Banlist::isBanned($ticket->getEmail()))
$errors['err']=__('Email is in banlist. Must be removed to reply.');
if(!$errors && ($response=$ticket->postReply($vars, $errors, $_POST['emailreply']))) {
$msg = sprintf(__('%s: Reply posted successfully'),
sprintf(__('Ticket #%s'),
sprintf('<a href="tickets.php?id=%d"><b>%s</b></a>',
$ticket->getId(), $ticket->getNumber()))
// Clear attachment list
// Cleanup response draft for this user
'ticket.response.' . $ticket->getId(),
// Go back to the ticket listing page on reply
$ticket = null;
$redirect = 'tickets.php';
$errors['err']=sprintf('%s %s',
__('Unable to post the reply.'),
__('Correct any errors below and try again.'));
case 'postnote': /* Post Internal Note */
$vars = $_POST;
$attachments = $note_form->getField('attachments')->getClean();
$vars['cannedattachments'] = array_merge(
$vars['cannedattachments'] ?: array(), $attachments);
$vars['note'] = ThreadEntryBody::clean($vars['note']);
if ($cfg->getLockTime()) {
if (!$lock) {
$errors['err'] = __('This action requires a lock. Please try again');
// Use locks to avoid double replies
elseif ($lock->getStaffId()!=$thisstaff->getId()) {
$errors['err'] = __('Action Denied. Ticket is locked by someone else!');
elseif ($lock->getCode() != $_POST['lockCode']) {
$errors['err'] = __('Your lock has expired. Please try again');
$wasOpen = ($ticket->isOpen());
if(($note=$ticket->postNote($vars, $errors, $thisstaff))) {
$msg=__('Internal note posted successfully');
// Clear attachment list
// Remove staff's locks
if($wasOpen && $ticket->isClosed())
$ticket = null; //Going back to main listing.
// Ticket is still open -- clear draft for the note
$redirect = 'tickets.php';
$errors['err'] = __('Unable to post internal note - missing or invalid data.');
$errors['postnote'] = sprintf('%s %s',
__('Unable to post the note.'),
__('Correct any errors below and try again.'));
if(!$ticket || !$role->hasPerm(TicketModel::PERM_EDIT))
$errors['err']=__('Permission Denied. You are not allowed to edit tickets');
$msg=__('Ticket updated successfully');
$redirect = 'tickets.php?id='.$ticket->getId();
$_REQUEST['a'] = null; //Clear edit action - going back to view.
//Check to make sure the staff STILL has access post-update (e.g dept change).
__('Unable to update %s. Correct any errors below and try again.'),
case 'process':
case 'release':
if(!$ticket->isAssigned() || !($assigned=$ticket->getAssigned())) {
$errors['err'] = __('Ticket is not assigned!');
/* 1$ is the current assignee, 2$ is the agent removing the assignment */
'Ticket released (unassigned) from %1$s by %2$s'),
$assigned, $thisstaff->getName());
$ticket->logActivity(__('Ticket unassigned'),$msg);
$errors['err'] = __('Problems releasing the ticket. Try again');
if(!$role->hasPerm(TicketModel::PERM_EDIT)) {
$errors['err'] = __('Permission Denied. You are not allowed to assign/claim tickets.');
$errors['err'] = __('Only open tickets can be assigned');
$errors['err'] = sprintf(__('Ticket is already assigned to %s'),$ticket->getAssigned());
$msg = __('Ticket is now assigned to you!');
$errors['err'] = __('Problems assigning the ticket. Try again');
$dept = $ticket->getDept();
if(!$dept || !$dept->isManager($thisstaff)) {
$errors['err']=__('Permission Denied. You are not allowed to flag tickets overdue');
$msg=sprintf(__('Ticket flagged as overdue by %s'),$thisstaff->getName());
$ticket->logActivity(__('Ticket Marked Overdue'),$msg);
$errors['err']=__('Problems marking the the ticket overdue. Try again');
case 'answered':
$dept = $ticket->getDept();
if(!$dept || !$dept->isManager($thisstaff)) {
$errors['err']=__('Permission Denied. You are not allowed to flag tickets');
$msg=sprintf(__('Ticket flagged as answered by %s'),$thisstaff->getName());
$ticket->logActivity(__('Ticket Marked Answered'),$msg);
$errors['err']=__('Problems marking the the ticket answered. Try again');
case 'unanswered':
$dept = $ticket->getDept();
if(!$dept || !$dept->isManager($thisstaff)) {
$errors['err']=__('Permission Denied. You are not allowed to flag tickets');
$msg=sprintf(__('Ticket flagged as unanswered by %s'),$thisstaff->getName());
$ticket->logActivity(__('Ticket Marked Unanswered'),$msg);
$errors['err']=__('Problems marking the ticket unanswered. Try again');
if (!$thisstaff->hasPerm(Email::PERM_BANLIST)) {
$errors['err']=__('Permission Denied. You are not allowed to ban emails');
} elseif(BanList::includes($ticket->getEmail())) {
$errors['err']=__('Email already in banlist');
} elseif(Banlist::add($ticket->getEmail(),$thisstaff->getName())) {
$msg=sprintf(__('Email %s added to banlist'),$ticket->getEmail());
$errors['err']=__('Unable to add the email to banlist');
if (!$thisstaff->hasPerm(Email::PERM_BANLIST)) {
$errors['err'] = __('Permission Denied. You are not allowed to remove emails from banlist.');
} elseif(Banlist::remove($ticket->getEmail())) {
$msg = __('Email removed from banlist');
} elseif(!BanList::includes($ticket->getEmail())) {
$warn = __('Email is not in the banlist');
$errors['err']=__('Unable to remove the email from banlist. Try again.');
if (!$role->hasPerm(TicketModel::PERM_EDIT)) {
$errors['err']=__('Permission Denied. You are not allowed to edit tickets');
} elseif (!$_POST['user_id'] || !($user=User::lookup($_POST['user_id']))) {
$errors['err'] = __('Unknown user selected');
} elseif ($ticket->changeOwner($user)) {
$msg = sprintf(__('Ticket ownership changed to %s'),
$errors['err'] = __('Unable to change ticket ownership. Try again');
$errors['err']=__('You must select action to perform');
$errors['err']=__('Unknown action');
switch($_POST['a']) {
case 'open':
!$thisstaff->hasPerm(TicketModel::PERM_CREATE, false)) {
sprintf(__('You do not have permission %s'),
__('to create tickets')),
__('Contact admin for such access'));
} else {
$vars = $_POST;
$vars['uid'] = $user? $user->getId() : 0;
$vars['cannedattachments'] = $response_form->getField('attachments')->getClean();
if(($ticket=Ticket::open($vars, $errors))) {
$msg=__('Ticket created successfully');
if (!$ticket->checkStaffPerm($thisstaff) || $ticket->isClosed())
Draft::deleteForNamespace('ticket.staff%', $thisstaff->getId());
// Drop files from the response attachments widget
} elseif(!$errors['err']) {
$errors['err']=sprintf('%s %s',
__('Unable to create the ticket.',
__('Correct any errors below and try again.'));
$thisstaff ->resetStats(); //We'll need to reflect any changes just made!
if ($redirect) {
if ($msg)
/*... Quick stats ...*/
$stats= $thisstaff->getTicketsStats();
// Clear advanced search upon request
if (isset($_GET['clear_filter']))
$open_name = _P('queue-name',
/* This is the name of the open ticket queue */
$nav->addSubMenu(array('desc'=>$open_name.' ('.number_format($stats['open']+$stats['answered']).')',
((!$_REQUEST['status'] && !isset($_SESSION['advsearch'])) || $_REQUEST['status']=='open'));
$nav->addSubMenu(array('desc'=>$open_name.' ('.number_format($stats['open']).')',
((!$_REQUEST['status'] && !isset($_SESSION['advsearch'])) || $_REQUEST['status']=='open'));
$nav->addSubMenu(array('desc'=>__('Answered').' ('.number_format($stats['answered']).')',
'title'=>__('Answered Tickets'),
$nav->addSubMenu(array('desc'=>__('My Tickets').' ('.number_format($stats['assigned']).')',
'title'=>__('Assigned Tickets'),
if($stats['overdue']) {
$nav->addSubMenu(array('desc'=>__('Overdue').' ('.number_format($stats['overdue']).')',
'title'=>__('Stale Tickets'),
if(!$sysnotice && $stats['overdue']>10)
$sysnotice=sprintf(__('%d overdue tickets!'),$stats['overdue']);
if (isset($_SESSION['advsearch'])) {
// XXX: De-duplicate and simplify this code
$search = SavedSearch::create();
$form = $search->getFormFromSession('advsearch');
$tickets = TicketModel::objects();
$tickets = $search->mangleQuerySet($tickets, $form);
$count = $tickets->count();
$nav->addSubMenu(array('desc' => __('Search').' ('.number_format($count).')',
'title'=>__('Advanced Ticket Search'),
(!$_REQUEST['status'] || $_REQUEST['status']=='search'));
$nav->addSubMenu(array('desc' => __('Closed'),
'title'=>__('Closed Tickets'),
if ($thisstaff->hasPerm(TicketModel::PERM_CREATE, false)) {
$nav->addSubMenu(array('desc'=>__('New Ticket'),
'title'=> __('Open a New Ticket'),
'id' => 'new-ticket'),
$ost->addExtraHeader('<script type="text/javascript" src="js/ticket.js"></script>');
$ost->addExtraHeader('<script type="text/javascript" src="js/thread.js"></script>');
$ost->addExtraHeader('<meta name="tip-namespace" content="tickets.queue" />',
"$('#content').data('tipNamespace', 'tickets.queue');");
$ost->setPageTitle(sprintf(__('Ticket #%s'),$ticket->getNumber()));
$inc = '';
if ($_REQUEST['a']=='edit'
&& $ticket->checkStaffPerm($thisstaff, TicketModel::PERM_EDIT)) {
if (!$forms) $forms=DynamicFormEntry::forTicket($ticket->getId());
// Auto add new fields to the entries
foreach ($forms as $f) {
$f->filterFields(function($f) { return !$f->isStorable(); });
} elseif($_REQUEST['a'] == 'print' && !$ticket->pdfExport($_REQUEST['psize'], $_REQUEST['notes']))
$errors['err'] = __('Internal error: Unable to export the ticket to PDF for print.');
$thisstaff->hasPerm(TicketModel::PERM_CREATE, false))
elseif($_REQUEST['a'] == 'export') {
$ts = strftime('%Y%m%d');
$errors['err'] = __('Query token not found');
elseif (!Export::saveTickets($query, "tickets-$ts.csv", 'csv'))
$errors['err'] = __('Internal error: Unable to dump query results');
//Clear active submenu on search with no status
if($_REQUEST['a']=='search' && !$_REQUEST['status'])
//set refresh rate if the user has it configured
if(!$_POST && !$_REQUEST['a'] && ($min=(int)$thisstaff->getRefreshRate())) {
$js = "+function(){ var qq = setInterval(function() { if ($.refreshTicketView === undefined) return; clearInterval(qq); $.refreshTicketView({$min}*60000); }, 200); }();";
$ost->addExtraHeader('<script type="text/javascript">'.$js.'</script>',
print $response_form->getMedia();