Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<?php
/*********************************************************************
tickets.php
Main client/user interface.
Note that we are using external ID. The real (local) ids are hidden from user.
Peter Rotich <peter@osticket.com>
Copyright (c) 2006-2012 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require('secure.inc.php');
if(!is_object($thisclient) || !$thisclient->isValid()) die('Access denied'); //Double check again.
require_once(INCLUDE_DIR.'class.ticket.php');
$ticket=null;
$inc='tickets.inc.php'; //Default page...show all tickets.
//Check if any id is given...
if(($id=$_REQUEST['id']?$_REQUEST['id']:$_POST['ticket_id']) && is_numeric($id)) {
//id given fetch the ticket info and check perm.
$ticket= new Ticket(Ticket::getIdByExtId((int)$id));
if(!$ticket or !$ticket->getEmail()) {
$ticket=null; //clear.
$errors['err']='Access Denied. Possibly invalid ticket ID';
}elseif(strcasecmp($thisclient->getEmail(),$ticket->getEmail())){
$errors['err']='Security violation. Repeated violations will result in your account being locked.';
$ticket=null; //clear.
}else{
//Everything checked out.
$inc='viewticket.inc.php';
}
}
//Process post...depends on $ticket object above.
if($_POST && is_object($ticket) && $ticket->getId()):
$errors=array();
switch(strtolower($_POST['a'])){
case 'postmessage':
if(strcasecmp($thisclient->getEmail(),$ticket->getEmail())) { //double check perm again!
$errors['err']='Access Denied. Possibly invalid ticket ID';
$inc='tickets.inc.php'; //Show the tickets.
}
if(!$_POST['message'])
$errors['message']='Message required';
//check attachment..if any is set
if($_FILES['attachment']['name']) {
if(!$cfg->allowOnlineAttachments()) //Something wrong with the form...user shouldn't have an option to attach
$errors['attachment']='File [ '.$_FILES['attachment']['name'].' ] rejected';
elseif(!$cfg->canUploadFileType($_FILES['attachment']['name']))
$errors['attachment']='Invalid file type [ '.$_FILES['attachment']['name'].' ]';
elseif($_FILES['attachment']['size']>$cfg->getMaxFileSize())
$errors['attachment']='File is too big. Max '.$cfg->getMaxFileSize().' bytes allowed';
}
if(!$errors){
//Everything checked out...do the magic.
if(($msgid=$ticket->postMessage($_POST['message'],'Web'))) {
if($_FILES['attachment']['name'] && $cfg->canUploadFiles() && $cfg->allowOnlineAttachments())
$ticket->uploadAttachment($_FILES['attachment'],$msgid,'M');
$msg='Message Posted Successfully';
}else{
$errors['err']='Unable to post the message. Try again';
}
}else{
$errors['err']=$errors['err']?$errors['err']:'Error(s) occured. Please try again';
}
break;
default:
$errors['err']='Uknown action';
}
$ticket->reload();
endif;
include(CLIENTINC_DIR.'header.inc.php');
include(CLIENTINC_DIR.$inc);
include(CLIENTINC_DIR.'footer.inc.php');
?>