- Updated formatting and structure of functions in edit_contact.inc.php for better readability and consistency. - Added comments to clarify the purpose of certain code sections, especially regarding mandant handling. - Removed the deprecated phpinfo.php file to clean up the codebase.
1014 lines
41 KiB
PHP
1014 lines
41 KiB
PHP
<?php
|
|
// Display only errors (no notices, warnings, or deprecation messages)
|
|
error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR | E_COMPILE_ERROR);
|
|
ini_set('display_errors', 1);
|
|
ini_set('display_startup_errors', 1);
|
|
?>
|
|
<script src="/module/ticketcenter/js/functions.js?v=<?= filemtime(__DIR__ . "/../../js/functions.js") ?>"></script>
|
|
<link href="/layout/frontend/b2c/dist/fontawesome/css/fontawesome.css" rel="stylesheet" />
|
|
<link href="/layout/frontend/b2c/dist/fontawesome/css/brands.css" rel="stylesheet" />
|
|
<link href="/layout/frontend/b2c/dist/fontawesome/css/solid.css" rel="stylesheet" />
|
|
|
|
<script src="/layout/frontend/b2c/dist/js/fonta.js" crossorigin="anonymous"></script>
|
|
<div class="ticket_overlay" style="display:none;">
|
|
<div class="ticket_overlay_content">
|
|
<div class="ticket_overlay_content_header">
|
|
<h3>Ihr Ticket wurde erfolgreich erstellt</h3>
|
|
<div id="closeTicketOverlay"><i class="fa-solid fa-xmark"></i></div>
|
|
</div>
|
|
<div class="ticket_overlay_content_body">
|
|
<p>Vielen Dank für Ihre Informationen wir werden uns um Ihr Anliegen kümmern</p>
|
|
</div>
|
|
<div class="ticket_overlay_content_footer">
|
|
<div id="showTicket">Ticket ansehen</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<?php
|
|
|
|
// ini_set('display_errors', 1);
|
|
// ini_set('display_startup_errors', 1);
|
|
// error_reporting(E_ALL);
|
|
|
|
switch ($_GET['action']) {
|
|
case 'new':
|
|
require_once("show_ticketcenter_create_cardform.inc.php");
|
|
break;
|
|
case 'save':
|
|
save_ticket();
|
|
break;
|
|
case 'update_ticket':
|
|
update_ticket();
|
|
break;
|
|
case 'edit':
|
|
edit_ticket(decryptId(trim($_GET['id'])));
|
|
break;
|
|
case 'delete':
|
|
delete_ticket();
|
|
break;
|
|
case 'close':
|
|
close_ticket();
|
|
break;
|
|
case 'send_message':
|
|
send_message();
|
|
save_new_ticket_receiver();
|
|
save_new_due_date();
|
|
save_new_ticket_individual_state();
|
|
save_category(true);
|
|
if (isset($_POST['input_id']) && is_numeric($_POST['input_id'])) {
|
|
$encId = encryptId($_POST['input_id']);
|
|
echo "<script>window.location.href='/intranet/de/ticketcenter/?action=edit&id=" . $encId . "';</script>";
|
|
}
|
|
break;
|
|
case 'save_forward_ticket':
|
|
save_new_ticket_receiver();
|
|
save_new_due_date();
|
|
save_new_ticket_individual_state();
|
|
save_category(true);
|
|
if (isset($_POST['input_id']) && is_numeric($_POST['input_id'])) {
|
|
$insurance_claim = isset($_POST['input_insurance_case']) ? 1 : 0;
|
|
$stmt = mysqli_prepare($GLOBALS['mysql_con'], "UPDATE main_tickets SET insurance_claim = ? WHERE id = ?");
|
|
if ($stmt) {
|
|
$input_id = (int)$_POST['input_id'];
|
|
mysqli_stmt_bind_param($stmt, "ii", $insurance_claim, $input_id);
|
|
mysqli_stmt_execute($stmt);
|
|
mysqli_stmt_close($stmt);
|
|
}
|
|
}
|
|
if (isset($_POST['input_id']) && is_numeric($_POST['input_id'])) {
|
|
$encId = encryptId($_POST['input_id']);
|
|
echo "<script>window.location.href='/intranet/de/ticketcenter/?action=edit&id=" . $encId . "';</script>";
|
|
}
|
|
break;
|
|
default:
|
|
require_once("show_ticketcenter_listform.inc.php");
|
|
break;
|
|
}
|
|
|
|
function edit_ticket($_id = "")
|
|
{
|
|
if ((int) $_id > 0) {
|
|
$input_id = $_id;
|
|
}
|
|
|
|
if ($input_id <> '') {
|
|
$query = "SELECT main_tickets.*,main_tickets_category.description AS 'category_description',receiver.name as 'receiver',sender.name as 'sender',main_tickets_state.description as 'state' FROM main_tickets
|
|
LEFT JOIN main_contact AS receiver ON receiver.id = main_tickets.receiver_id
|
|
LEFT JOIN main_contact AS sender ON sender.id = main_tickets.sender_id
|
|
LEFT JOIN main_tickets_category ON main_tickets.main_ticket_category_id = main_tickets_category.id
|
|
LEFT JOIN main_tickets_state ON main_tickets.current_state = main_tickets_state.id
|
|
WHERE main_tickets.id = '" . $input_id . "'";
|
|
// $query = "SELECT * FROM main_tickets WHERE id = '".$input_id."'";
|
|
$result = @mysqli_query($GLOBALS['mysql_con'], $query);
|
|
$ticket = @mysqli_fetch_array($result);
|
|
}
|
|
$query_update = "UPDATE main_tickets_notification SET viewed = 1 WHERE main_ticket_id = '" . $input_id . "' AND main_contact_id = '" . $GLOBALS['main_contact']['id'] . "'";
|
|
@mysqli_query($GLOBALS['mysql_con'], $query_update);
|
|
require_once("show_ticketcenter_cardform.inc.php");
|
|
}
|
|
|
|
// Speichert einen neuen oder aktualisierten ticket in der Datenbank und leitet je nach Bedarf entweder zum Listenformular zurück oder schließt das Bearbeitungsformular.
|
|
function save_ticket($close = FALSE)
|
|
{
|
|
$modified_date = new DateTime();
|
|
$inserted = FALSE;
|
|
$input_id = "";
|
|
if ($_POST["input_id"] <> '') {
|
|
$input_id = $_POST["input_id"];
|
|
|
|
} else {
|
|
$sender_id = $GLOBALS['main_contact']['id'];
|
|
// if($_POST['input_new_ticket_sender'] != ""){
|
|
// $sender_id = $_POST['input_new_ticket_sender'];
|
|
// }
|
|
$location = isset($_POST["input_location"]) ? $_POST["input_location"] : "";
|
|
$address = isset($_POST["input_address"]) ? $_POST["input_address"] : "";
|
|
$facility = isset($_POST["input_facility"]) ? $_POST["input_facility"] : "";
|
|
// last element of array $_POST["input_category"]
|
|
$category = $_POST["input_category"];
|
|
$lastCategory = end($category);
|
|
$insurance_claim = $_POST["input_insurance_case"] == "on" ? 1 : 0;
|
|
|
|
$query = "INSERT INTO main_tickets (
|
|
ticket_no,
|
|
description,
|
|
main_ticket_category_id,
|
|
service_item_no,
|
|
last_action_date,
|
|
last_opening_date,
|
|
creation_date,
|
|
individual_state,
|
|
sender_id,
|
|
cost_center,
|
|
link,
|
|
location,
|
|
address,
|
|
facility,
|
|
insurance_claim
|
|
) VALUES (
|
|
'" . $_POST["input_ticket_no"] . "',
|
|
'" . strip_tags($_POST["input_description"]) . "',
|
|
'" . $lastCategory . "',
|
|
'" . $_POST["input_service_item"] . "',
|
|
NOW(),
|
|
NOW(),
|
|
NOW(),
|
|
2,
|
|
'" . $sender_id . "',
|
|
'" . $_POST["input_cost_center"] . "',
|
|
'" . $_POST["input_link"] . "',
|
|
'" . $location . "',
|
|
'" . $address . "',
|
|
'" . $facility . "',
|
|
'" . $insurance_claim . "'
|
|
)";
|
|
$inserted = TRUE;
|
|
$message = "success";
|
|
}
|
|
|
|
|
|
mysqli_query($GLOBALS['mysql_con'], $query);
|
|
|
|
if ($inserted == TRUE) {
|
|
$input_id = mysqli_insert_id($GLOBALS['mysql_con']);
|
|
|
|
|
|
$query_insert_message = "INSERT INTO main_tickets_messages(message, content, datetime, main_tickets_id, main_contact_id, type) VALUES(
|
|
'Eröffnet von',
|
|
'',
|
|
NOW(),
|
|
'" . $input_id . "',
|
|
'" . $GLOBALS["main_contact"]['id'] . "',
|
|
'history'
|
|
)";
|
|
@mysqli_query($GLOBALS['mysql_con'], $query_insert_message);
|
|
|
|
$content = "";
|
|
$type = "message";
|
|
if (isset($_FILES['input_image']) && $_FILES['input_image']['error'] === UPLOAD_ERR_OK) {
|
|
$baseDir = realpath(__DIR__ . '/../../../../');
|
|
$uploadDir = $baseDir . '/userdata/Tickets/' . $input_id . '/';
|
|
if (!file_exists($uploadDir)) {
|
|
mkdir($uploadDir, 0777, true);
|
|
}
|
|
|
|
$allowedMimeTypes = ['image/jpeg', 'image/png'];
|
|
$fileName = basename($_FILES['input_image']['name']);
|
|
$fileTmpName = $_FILES['input_image']['tmp_name'];
|
|
$targetPath = $uploadDir . $fileName;
|
|
$fileMimeType = mime_content_type($fileTmpName);
|
|
$file = $_FILES['input_image']['name'];
|
|
|
|
if (in_array($fileMimeType, $allowedMimeTypes)) {
|
|
$type = 'image';
|
|
} else {
|
|
$type = 'file';
|
|
}
|
|
if (move_uploaded_file($fileTmpName, $targetPath)) {
|
|
$content = $file;
|
|
}
|
|
}
|
|
|
|
$query_insert_message = "INSERT INTO main_tickets_messages(message, content, datetime, main_tickets_id, main_contact_id, type) VALUES(
|
|
'" . $_POST["input_message"] . "',
|
|
'" . $content . "',
|
|
NOW(),
|
|
'" . $input_id . "',
|
|
'" . $GLOBALS['main_contact']['id'] . "',
|
|
'" . $type . "'
|
|
)";
|
|
|
|
// var_dump($query_insert_message);die();
|
|
@mysqli_query($GLOBALS['mysql_con'], $query_insert_message);
|
|
|
|
}
|
|
|
|
if ($close == TRUE) {
|
|
require_once("show_ticketcenter_listform.inc.php");
|
|
} else {
|
|
echo "
|
|
<script>
|
|
$(document).ready(function() {
|
|
// Hole die aktuelle URL
|
|
var currentUrl = window.location.href;
|
|
|
|
// Überprüfen, ob ?action= in der URL vorhanden ist
|
|
if (currentUrl.indexOf('?action=') !== -1) {
|
|
// Entferne den Teil ab ?action=, inkl. allem, was danach kommt
|
|
var newUrl = currentUrl.split('?action=')[0];
|
|
|
|
// Aktualisiere die URL ohne Neuladen der Seite
|
|
window.history.replaceState(null, null, newUrl);
|
|
|
|
// Verschiebe das Div ticket_overlay direkt nach dem body
|
|
$('.ticket_overlay').prependTo('body').css('display', 'flex');
|
|
}
|
|
|
|
// Entferne das Div ticket_overlay, wenn auf div#closeTicketOverlay oder div#showTicket geklickt wird
|
|
$('#closeTicketOverlay, #showTicket').on('click', function() {
|
|
$('.ticket_overlay').remove();
|
|
});
|
|
$('.ticket_overlay').remove();
|
|
});
|
|
</script>
|
|
";
|
|
edit_ticket($input_id);
|
|
}
|
|
}
|
|
|
|
function send_message()
|
|
{
|
|
$ticket_id = $_POST["ticket_id"];
|
|
$chat_message = $_POST["send_message"];
|
|
$ticket_message_sender = $GLOBALS['main_contact']['id'];
|
|
|
|
if (isset($_FILES['files']) && $_FILES['files']['error'] === UPLOAD_ERR_OK) {
|
|
$baseDir = realpath(__DIR__ . '/../../../../');
|
|
$uploadDir = $baseDir . '/userdata/Tickets/' . $ticket_id . '/';
|
|
if (!file_exists($uploadDir)) {
|
|
mkdir($uploadDir, 0777, true);
|
|
}
|
|
|
|
$allowedMimeTypes = ['image/jpeg', 'image/png'];
|
|
$fileName = basename($_FILES['files']['name']);
|
|
$fileTmpName = $_FILES['files']['tmp_name'];
|
|
$targetPath = $uploadDir . $fileName;
|
|
$fileMimeType = mime_content_type($fileTmpName);
|
|
$content = $_FILES['files']['name'];
|
|
|
|
if (in_array($fileMimeType, $allowedMimeTypes)) {
|
|
if (move_uploaded_file($fileTmpName, $targetPath)) {
|
|
$query_insert_message = "INSERT INTO main_tickets_messages(message, content, datetime, main_tickets_id, main_contact_id, type) VALUES(
|
|
'" . $chat_message . "',
|
|
'" . $content . "',
|
|
NOW(),
|
|
'" . $ticket_id . "',
|
|
'" . $ticket_message_sender . "',
|
|
'image'
|
|
)";
|
|
}
|
|
} else {
|
|
if (move_uploaded_file($fileTmpName, $targetPath)) {
|
|
$query_insert_message = "INSERT INTO main_tickets_messages(message, content, datetime, main_tickets_id, main_contact_id, type) VALUES(
|
|
'" . $chat_message . "',
|
|
'" . $content . "',
|
|
NOW(),
|
|
'" . $ticket_id . "',
|
|
'" . $ticket_message_sender . "',
|
|
'file'
|
|
)";
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
$query_insert_message = "INSERT INTO main_tickets_messages(message, content, datetime, main_tickets_id, main_contact_id, type) VALUES(
|
|
'" . $chat_message . "',
|
|
'',
|
|
NOW(),
|
|
'" . $ticket_id . "',
|
|
'" . $ticket_message_sender . "',
|
|
'message'
|
|
)";
|
|
}
|
|
|
|
@mysqli_query($GLOBALS['mysql_con'], $query_insert_message);
|
|
|
|
|
|
update_notification($ticket_id, 'message');
|
|
// edit_ticket($ticket_id);
|
|
}
|
|
|
|
function close_ticket()
|
|
{
|
|
$id = (int)$_POST['input_id'];
|
|
|
|
if ($id <= 0) {
|
|
$_SESSION['save_status'] = "Fehler: Ungültige Ticket-ID.";
|
|
require_once("show_ticketcenter_listform.inc.php");
|
|
return;
|
|
}
|
|
|
|
$result = @mysqli_query($GLOBALS['mysql_con'], "SELECT sender_id, receiver_id FROM main_tickets WHERE id = $id LIMIT 1");
|
|
$ticket = @mysqli_fetch_assoc($result);
|
|
|
|
if (!$ticket) {
|
|
$_SESSION['save_status'] = "Fehler: Ticket nicht gefunden.";
|
|
require_once("show_ticketcenter_listform.inc.php");
|
|
return;
|
|
}
|
|
|
|
$contact_id = $GLOBALS['main_contact']['id'];
|
|
$mandant_id = $GLOBALS['main_contact']['master_mandant_id'];
|
|
$can_close = $ticket['sender_id'] == $contact_id
|
|
|| get_permission_state('all_tickets', $mandant_id, $contact_id) == 1;
|
|
|
|
if (!$can_close) {
|
|
$_SESSION['save_status'] = "Fehler: Keine Berechtigung zum Schließen dieses Tickets.";
|
|
edit_ticket($id);
|
|
return;
|
|
}
|
|
|
|
@mysqli_query($GLOBALS['mysql_con'], "UPDATE main_tickets SET
|
|
last_action_date = NOW(),
|
|
current_state = '4'
|
|
WHERE id = $id LIMIT 1");
|
|
|
|
@mysqli_query($GLOBALS['mysql_con'], "INSERT INTO main_tickets_messages(message, content, datetime, main_tickets_id, main_contact_id, type) VALUES(
|
|
'Geschlossen von',
|
|
'',
|
|
NOW(),
|
|
'$id',
|
|
'" . mysqli_real_escape_string($GLOBALS['mysql_con'], $contact_id) . "',
|
|
'history'
|
|
)");
|
|
|
|
update_notification($id, 'state');
|
|
edit_ticket($id);
|
|
}
|
|
|
|
function delete_ticket()
|
|
{
|
|
// Entschlüssle die ID, bevor du die Abfrage ausführst
|
|
$id = decryptId($_POST['input_id']);
|
|
|
|
if (empty($id)) {
|
|
$message = "Error: Ticket ID is empty or invalid.";
|
|
$_SESSION['save_status'] = $message;
|
|
require_once("show_ticketcenter_listform.inc.php");
|
|
return;
|
|
}
|
|
|
|
// Baue die Abfrage mit der entschlüsselten ID zusammen
|
|
$query = "DELETE FROM main_tickets WHERE id = " . $id;
|
|
|
|
// Führe die Abfrage aus
|
|
mysqli_query($GLOBALS['mysql_con'], $query);
|
|
$message = "success";
|
|
$_SESSION['save_status'] = $message;
|
|
echo "
|
|
<script>
|
|
$(document).ready(function() {
|
|
// Setze die URL auf die gewünschte Seite
|
|
window.location.href = '/intranet/de/ticketcenter/?cue=4000';
|
|
});
|
|
</script>
|
|
";
|
|
}
|
|
|
|
function save_new_ticket_receiver()
|
|
{
|
|
// Überprüfe, ob die POST-Daten vorhanden sind
|
|
if (isset($_POST["input_id"]) && isset($_POST["input_new_ticket_receiver"])) {
|
|
// Hole die POST-Daten und bereinige sie mit mysqli_real_escape_string
|
|
$input_id = mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST["input_id"]);
|
|
$new_receiver_id = mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST["input_new_ticket_receiver"]);
|
|
|
|
// Überprüfe, ob die IDs gültig sind (keine leeren Werte oder ungültigen Zeichen)
|
|
if (!empty($input_id) && !empty($new_receiver_id) && is_numeric($input_id) && is_numeric($new_receiver_id)) {
|
|
// Aktuellen Empfänger laden
|
|
$qryCurrent = "SELECT receiver_id FROM main_tickets WHERE id = " . (int)$input_id . " LIMIT 1";
|
|
$resCurrent = @mysqli_query($GLOBALS['mysql_con'], $qryCurrent);
|
|
$rowCurrent = $resCurrent ? @mysqli_fetch_assoc($resCurrent) : null;
|
|
$current_receiver_id = $rowCurrent ? (string)$rowCurrent['receiver_id'] : null;
|
|
// Nur wenn sich der Empfänger geändert hat, speichern und in die History schreiben
|
|
if ($current_receiver_id !== (string)$new_receiver_id) {
|
|
// Baue die Abfrage mit einem Prepared Statement
|
|
$query = "UPDATE main_tickets SET receiver_id = ? WHERE id = ?";
|
|
$stmt = mysqli_prepare($GLOBALS['mysql_con'], $query);
|
|
|
|
if ($stmt) {
|
|
// Binde die Parameter (int, int) und führe die Abfrage aus
|
|
mysqli_stmt_bind_param($stmt, "ii", $new_receiver_id, $input_id);
|
|
mysqli_stmt_execute($stmt);
|
|
|
|
// History-Eintrag nur bei Änderung
|
|
$query_insert_message = "INSERT INTO main_tickets_messages(message, content, datetime, main_tickets_id, main_contact_id, type) VALUES(
|
|
'Weitergeleitet an',
|
|
'',
|
|
NOW(),
|
|
'" . $input_id . "',
|
|
'" . $new_receiver_id . "',
|
|
'history'
|
|
)";
|
|
@mysqli_query($GLOBALS['mysql_con'], $query_insert_message);
|
|
|
|
// Benachrichtigung nur bei Änderung
|
|
update_notification($input_id, 'state', "Der Status Bearbeiter wurde Ihnen im Ticket zugeteilt");
|
|
|
|
mysqli_stmt_close($stmt);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
// edit_ticket($_POST["input_id"]);
|
|
}
|
|
|
|
function save_new_due_date() {
|
|
// Überprüfe, ob die POST-Daten vorhanden sind
|
|
if (isset($_POST["input_id"]) && isset($_POST["input_due_date"])) {
|
|
// Hole die POST-Daten und bereinige sie mit mysqli_real_escape_string
|
|
$input_id = mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST["input_id"]);
|
|
$new_due_date= mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST["input_due_date"]);
|
|
|
|
// Überprüfe, ob die Werte gültig sind
|
|
if (!empty($input_id) && $new_due_date !== '') {
|
|
// Aktuelles Fälligkeitsdatum laden
|
|
$qryCurrent = "SELECT due_date FROM main_tickets WHERE id = " . (int)$input_id . " LIMIT 1";
|
|
$resCurrent = @mysqli_query($GLOBALS['mysql_con'], $qryCurrent);
|
|
$rowCurrent = $resCurrent ? @mysqli_fetch_assoc($resCurrent) : null;
|
|
$current_due_date = $rowCurrent ? (string)$rowCurrent['due_date'] : null;
|
|
|
|
// Nur bei Änderung updaten
|
|
if ($current_due_date !== (string)$new_due_date) {
|
|
// Baue die Abfrage mit einem Prepared Statement
|
|
$query = "UPDATE main_tickets SET due_date = ? WHERE id = ?";
|
|
$stmt = mysqli_prepare($GLOBALS['mysql_con'], $query);
|
|
|
|
if ($stmt) {
|
|
mysqli_stmt_bind_param($stmt, "si", $new_due_date, $input_id);
|
|
mysqli_stmt_execute($stmt);
|
|
mysqli_stmt_close($stmt);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
// Keine History hier; nur ändern, wenn sich der Wert unterscheidet
|
|
}
|
|
|
|
function save_category($silent = false)
|
|
{
|
|
// Überprüfe, ob die POST-Daten vorhanden sind
|
|
if (isset($_POST["input_id"]) && isset($_POST["input_category"])) {
|
|
// Hole die POST-Daten und bereinige sie mit mysqli_real_escape_string
|
|
$input_id = mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST["input_id"]);
|
|
$category = $_POST["input_category"];
|
|
$lastCategory = end($category);
|
|
|
|
// Aktuelle Werte laden
|
|
$qryCurrent = "SELECT main_ticket_category_id FROM main_tickets WHERE id = " . (int)$input_id . " LIMIT 1";
|
|
$resCurrent = @mysqli_query($GLOBALS['mysql_con'], $qryCurrent);
|
|
$rowCurrent = $resCurrent ? @mysqli_fetch_assoc($resCurrent) : null;
|
|
|
|
$changed = false;
|
|
if ($rowCurrent) {
|
|
$cur_cat = (string)$rowCurrent['main_ticket_category_id'];
|
|
if ($cur_cat !== (string)$lastCategory) {
|
|
$changed = true;
|
|
}
|
|
} else {
|
|
$changed = true; // Ticket nicht gefunden -> versuche zu speichern
|
|
}
|
|
|
|
if ($changed) {
|
|
$query = "UPDATE main_tickets SET main_ticket_category_id = ? WHERE id = ?";
|
|
$stmt = mysqli_prepare($GLOBALS['mysql_con'], $query);
|
|
if ($stmt) {
|
|
mysqli_stmt_bind_param($stmt, "ii", $lastCategory, $input_id);
|
|
mysqli_stmt_execute($stmt);
|
|
mysqli_stmt_close($stmt);
|
|
}
|
|
|
|
// History-Eintrag
|
|
$query_insert_message = "INSERT INTO main_tickets_messages(message, content, datetime, main_tickets_id, main_contact_id, type) VALUES(
|
|
'Kategorie geändert',
|
|
'',
|
|
NOW(),
|
|
'" . $input_id . "',
|
|
'" . $GLOBALS["main_contact"]['id'] . "',
|
|
'history'
|
|
)";
|
|
@mysqli_query($GLOBALS['mysql_con'], $query_insert_message);
|
|
|
|
// Benachrichtigung bei Änderung
|
|
update_notification($input_id, 'state');
|
|
}
|
|
}
|
|
if (!$silent && isset($_POST['input_id'])) {
|
|
edit_ticket($_POST["input_id"]);
|
|
}
|
|
}
|
|
|
|
function save_new_ticket_individual_state($silent = false)
|
|
{
|
|
// Überprüfe, ob die POST-Daten vorhanden sind
|
|
if (isset($_POST["input_id"]) && isset($_POST["input_main_tickets_status"])) {
|
|
// Hole die POST-Daten und bereinige sie mit mysqli_real_escape_string
|
|
$input_id = mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST["input_id"]);
|
|
$input_main_tickets_status = mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST["input_main_tickets_status"]);
|
|
|
|
// Überprüfe, ob die IDs gültig sind (keine leeren Werte oder ungültigen Zeichen)
|
|
if (!empty($input_id) && !empty($input_main_tickets_status) && is_numeric($input_id) && is_numeric($input_main_tickets_status)) {
|
|
// Aktuellen Status laden
|
|
$qryCurrent = "SELECT individual_state FROM main_tickets WHERE id = " . (int)$input_id . " LIMIT 1";
|
|
$resCurrent = @mysqli_query($GLOBALS['mysql_con'], $qryCurrent);
|
|
$rowCurrent = $resCurrent ? @mysqli_fetch_assoc($resCurrent) : null;
|
|
$current_status = $rowCurrent ? (string)$rowCurrent['individual_state'] : null;
|
|
|
|
// Nur bei Änderung speichern und in die History schreiben
|
|
if ($current_status !== (string)$input_main_tickets_status) {
|
|
// Baue die Abfrage mit einem Prepared Statement
|
|
$query = "UPDATE main_tickets SET individual_state = ? WHERE id = ?";
|
|
$stmt = mysqli_prepare($GLOBALS['mysql_con'], $query);
|
|
|
|
if ($stmt) {
|
|
// Binde die Parameter (int, int) und führe die Abfrage aus
|
|
mysqli_stmt_bind_param($stmt, "ii", $input_main_tickets_status, $input_id);
|
|
mysqli_stmt_execute($stmt);
|
|
mysqli_stmt_close($stmt);
|
|
}
|
|
|
|
// Statusbeschreibung holen und History schreiben
|
|
$queryDesc = "SELECT description FROM main_tickets_status WHERE id = " . (int)$input_main_tickets_status;
|
|
$result = @mysqli_query($GLOBALS['mysql_con'], $queryDesc);
|
|
if ($row = @mysqli_fetch_array($result)) {
|
|
$status_description = $row['description'];
|
|
$query_insert_message = "INSERT INTO main_tickets_messages(message, content, datetime, main_tickets_id, main_contact_id, type) VALUES(
|
|
'Status geändert zu $status_description',
|
|
'',
|
|
NOW(),
|
|
'" . $input_id . "',
|
|
'" . $GLOBALS["main_contact"]['id'] . "',
|
|
'history'
|
|
)";
|
|
@mysqli_query($GLOBALS['mysql_con'], $query_insert_message);
|
|
}
|
|
|
|
// Benachrichtigung nur bei Änderung
|
|
update_notification($input_id, 'state');
|
|
}
|
|
}
|
|
}
|
|
if (!$silent && isset($_POST["input_id"])) {
|
|
edit_ticket($_POST["input_id"]);
|
|
}
|
|
|
|
|
|
}
|
|
|
|
function save_ticket_supplieres()
|
|
{
|
|
// Überprüfe, ob die erforderlichen POST-Daten vorhanden sind
|
|
if (isset($_POST["input_id"]) && isset($_POST["supplier_ids"])) {
|
|
// Bereinige die POST-Daten
|
|
$input_id = mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST["input_id"]);
|
|
$supplier_ids_str = mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST["supplier_ids"]);
|
|
|
|
// Überprüfe, ob die Ticket-ID gültig ist
|
|
if (!empty($input_id) && is_numeric($input_id)) {
|
|
// 1. Lösche alle bestehenden Lieferantenverknüpfungen für dieses Ticket
|
|
$deleteQuery = "DELETE FROM main_ticket_suplier WHERE main_ticket_id = ?";
|
|
$stmt = mysqli_prepare($GLOBALS['mysql_con'], $deleteQuery);
|
|
if ($stmt) {
|
|
mysqli_stmt_bind_param($stmt, "i", $input_id);
|
|
mysqli_stmt_execute($stmt);
|
|
mysqli_stmt_close($stmt);
|
|
}
|
|
|
|
// 2. Füge die neuen Lieferantenverknüpfungen ein
|
|
// Der hidden Input enthält die IDs als komma-separierten String
|
|
$supplier_ids = array_filter(explode(',', $supplier_ids_str), function ($value) {
|
|
return is_numeric($value) && !empty($value);
|
|
});
|
|
if (!empty($supplier_ids)) {
|
|
$insertQuery = "INSERT INTO main_ticket_suplier (main_ticket_id, main_ticket_suplier_id) VALUES (?, ?)";
|
|
$stmt = mysqli_prepare($GLOBALS['mysql_con'], $insertQuery);
|
|
if ($stmt) {
|
|
foreach ($supplier_ids as $supplier_id) {
|
|
mysqli_stmt_bind_param($stmt, "ii", $input_id, $supplier_id);
|
|
mysqli_stmt_execute($stmt);
|
|
}
|
|
mysqli_stmt_close($stmt);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
edit_ticket($_POST["input_id"]);
|
|
}
|
|
|
|
function load_messages($ticket_id)
|
|
{
|
|
$query = "SELECT main_tickets_messages.*, main_contact.name FROM main_tickets_messages LEFT JOIN main_contact ON main_contact.id = main_tickets_messages.main_contact_id WHERE main_tickets_id = $ticket_id ORDER BY datetime";
|
|
$result = @mysqli_query($GLOBALS['mysql_con'], $query);
|
|
|
|
while ($row = @mysqli_fetch_array($result)) {
|
|
$date = new DateTime($row["datetime"]);
|
|
$formatted_date = $date->format('d.m.Y H:i');
|
|
|
|
$outbound = ($GLOBALS['main_contact']['id'] == $row["main_contact_id"]) ? "outbound" : "";
|
|
if ($row['type'] == 'history') {
|
|
echo "<p class='history'>" . $row['message'] . " " . $row['name'] . " am " . $formatted_date . " Uhr</p>";
|
|
} else {
|
|
?>
|
|
<div class="message <?= $outbound ?>">
|
|
<?php
|
|
$content = "";
|
|
switch ($row["type"]) {
|
|
case 'image':
|
|
$content = "
|
|
<a data-fslightbox='gallery_" . $row["main_tickets_id"] . "' href='/userdata/Tickets/" . $row["main_tickets_id"] . "/" . $row["content"] . "'>
|
|
<img src='/userdata/Tickets/" . $row["main_tickets_id"] . "/" . $row["content"] . "' alt='Ticket Image' />
|
|
</a>
|
|
<a class='content' href='/userdata/Tickets/" . $row["main_tickets_id"] . "/" . $row["content"] . "' download='" . $row["content"] . "'><i class='fa-solid fa-paperclip'></i>" . $row["content"] . "</a>
|
|
";
|
|
break;
|
|
case 'file':
|
|
if (preg_match('/\.pdf$/i', $row["content"] )) {
|
|
$content = "<a class='content pdf' href='/userdata/Tickets/" . $row["main_tickets_id"] . "/" . $row["content"] . "' download='" . $row["content"] . "'><i class='fa-solid fa-paperclip'></i>" . $row["content"] . "</a>";
|
|
} else {
|
|
$content = "<a class='content' href='/userdata/Tickets/" . $row["main_tickets_id"] . "/" . $row["content"] . "' download='" . $row["content"] . "'><i class='fa-solid fa-paperclip'></i>" . $row["content"] . "</a>";
|
|
}
|
|
|
|
break;
|
|
}
|
|
?>
|
|
<p class="content"><?= $row["message"] ?></p>
|
|
<p class="content"><?= $content ?></p>
|
|
<p class="date"><?= $row['name'] ?> schrieb am <?= $formatted_date ?> Uhr</p>
|
|
</div>
|
|
<?php
|
|
}
|
|
}
|
|
}
|
|
|
|
function update_ticket()
|
|
{
|
|
switch ($_POST['input_main_tickets_status']) {
|
|
case '1':
|
|
$query_update = "UPDATE main_tickets SET
|
|
last_action_date = NOW(),
|
|
receiver_id = '" . $GLOBALS["main_contact"]['id'] . "',
|
|
current_state = '3'
|
|
WHERE id = '" . $_POST['input_id'] . "' LIMIT 1";
|
|
$chat_message = "In Bearbeitung von";
|
|
break;
|
|
case '2':
|
|
$query_update = "UPDATE main_tickets SET
|
|
last_action_date = NOW(),
|
|
receiver_id = '" . $GLOBALS["main_contact"]['id'] . "',
|
|
current_state = '3'
|
|
WHERE id = '" . $_POST['input_id'] . "' LIMIT 1";
|
|
$chat_message = "In Bearbeitung von";
|
|
break;
|
|
case '3':
|
|
$query_update = "UPDATE main_tickets SET
|
|
last_action_date = NOW(),
|
|
-- receiver_id = '" . $GLOBALS["main_contact"]['id'] . "',
|
|
current_state = '4'
|
|
WHERE id = '" . $_POST['input_id'] . "' LIMIT 1";
|
|
$chat_message = "Geschlossen von";
|
|
break;
|
|
case '4':
|
|
$query_update = "UPDATE main_tickets SET
|
|
last_action_date = NOW(),
|
|
last_opening_date = NOW(),
|
|
current_state = '1'
|
|
WHERE id = '" . $_POST['input_id'] . "' LIMIT 1";
|
|
$chat_message = "Wiedereröffnet von";
|
|
break;
|
|
}
|
|
@mysqli_query($GLOBALS['mysql_con'], $query_update);
|
|
|
|
$query_insert_message = "INSERT INTO main_tickets_messages(message, content, datetime, main_tickets_id, main_contact_id, type) VALUES(
|
|
'" . $chat_message . "',
|
|
'',
|
|
NOW(),
|
|
'" . $_POST['input_id'] . "',
|
|
'" . $GLOBALS["main_contact"]['id'] . "',
|
|
'history'
|
|
)";
|
|
@mysqli_query($GLOBALS['mysql_con'], $query_insert_message);
|
|
|
|
update_notification($_POST['input_id'], 'state');
|
|
edit_ticket($_POST['input_id']);
|
|
// require_once("show_ticketcenter_listform.inc.php");
|
|
}
|
|
|
|
function update_notification($ticket_id, $type, $notif_message = "Neue Aktivität in Ihrem Ticket")
|
|
{
|
|
|
|
|
|
|
|
$query = "SELECT * FROM main_tickets WHERE id = " . $ticket_id;
|
|
$result = @mysqli_query($GLOBALS['mysql_con'], $query);
|
|
$ticket = @mysqli_fetch_array($result);
|
|
|
|
mysqli_query($GLOBALS['mysql_con'], "DELETE FROM main_tickets_notification WHERE main_ticket_id = " . $ticket_id);
|
|
|
|
$query_insert = "INSERT INTO main_tickets_notification(main_contact_id, main_ticket_id, viewed) VALUES(
|
|
'" . $ticket['sender_id'] . "',
|
|
'" . $ticket_id . "',
|
|
'0'
|
|
)";
|
|
mysqli_query($GLOBALS['mysql_con'], $query_insert);
|
|
|
|
$query_insert = "INSERT INTO main_tickets_notification(main_contact_id, main_ticket_id, viewed) VALUES(
|
|
'" . $ticket['receiver_id'] . "',
|
|
'" . $ticket_id . "',
|
|
'0'
|
|
)";
|
|
mysqli_query($GLOBALS['mysql_con'], $query_insert);
|
|
$send = FALSE;
|
|
|
|
$query_contact = "SELECT *
|
|
FROM main_contact
|
|
WHERE id IN (" . $ticket['sender_id'] . ", " . $ticket['receiver_id'] . ")
|
|
AND id != " . $GLOBALS['main_contact']['id'];
|
|
$result = @mysqli_query($GLOBALS['mysql_con'], $query_contact);
|
|
$contact = @mysqli_fetch_array($result);
|
|
|
|
if ($ticket['receiver_id'] == 0) {
|
|
$query_contact = "SELECT main_tickets.*,
|
|
main_tickets_category.main_mandant_id AS 'mandant_id',
|
|
main_mandant.mail_team AS 'mandant_email',
|
|
contact.email AS 'contact_email'
|
|
FROM main_tickets
|
|
LEFT JOIN main_tickets_category
|
|
ON main_tickets.main_ticket_category_id = main_tickets_category.id
|
|
LEFT JOIN main_mandant
|
|
ON main_mandant.id = main_tickets_category.main_mandant_id
|
|
LEFT JOIN main_contact AS contact
|
|
ON contact.id = main_tickets_category.main_contact_id
|
|
AND main_tickets_category.main_contact_id != 0
|
|
WHERE main_tickets.id = " . $ticket_id;
|
|
$result = @mysqli_query($GLOBALS['mysql_con'], $query_contact);
|
|
$mandant = @mysqli_fetch_array($result);
|
|
$contact['name'] = "Warteschlange";
|
|
$contact['email'] = $mandant['mandant_email'];
|
|
if (isset($mandant['contact_email']) && $mandant['contact_email'] != "") {
|
|
$contact['email'] = $mandant['contact_email'];
|
|
}
|
|
}
|
|
|
|
$subject = "Neue Aktivität | Ticket " . $ticket['ticket_no'];
|
|
$message = "<!DOCTYPE html> <html lang='de'> <head> <meta charset='UTF-8'> <meta name='viewport' content='width=device-width, initial-scale=1.0'> </head> <body style='margin: 0; padding: 0; background-color: #f4f4f4;'> <table role='presentation' style='width: 100%; background-color: #f4f4f4; padding: 20px;'> <tr> <td align='center'> <table role='presentation' style='max-width: 600px; background-color: #ffffff; border-radius: 8px; box-shadow: 0 2px 10px rgba(0,0,0,0.1);'> <tr> <td style='padding: 20px;'> <h1 style='text-align: center; color: #333333; font-size: 28px; margin: 0;'> " . $notif_message . "</h1> <p style='font-size: 16px; color: #555555; line-height: 1.5; margin: 20px 0;'> <strong>Ticketnr:</strong> " . $ticket['ticket_no'] . "<br> <strong>Beschreibung:</strong> " . $ticket['description'] . " </p> <div style='text-align: center; margin-top: 20px;'> <table role='presentation' style='display: inline-block;'> <tr> <td> <a href='https://" . $_SERVER['HTTP_HOST'] . "/intranet/de/ticketcenter/?action=edit&id=" . encryptId($ticket_id) . "'> Zum Ticket </a> </td> </tr> </table> </div> </td> </tr> </table> </td> </tr> </table> </body> </html>";
|
|
if ($type == 'save') {
|
|
$send = TRUE;
|
|
}
|
|
if ($type == 'message' && isset($_POST['input_send_email'])) {
|
|
$send = TRUE;
|
|
}
|
|
if ($type == 'state') {
|
|
$send = TRUE;
|
|
}
|
|
if ($send == TRUE) {
|
|
if (
|
|
mail_create(
|
|
$subject,
|
|
$message,
|
|
'info@breadcrumb-online.de',
|
|
$contact["email"],
|
|
'Ticketcenter',
|
|
$contact["name"],
|
|
FALSE,
|
|
"",
|
|
"",
|
|
"",
|
|
0,
|
|
"",
|
|
""
|
|
)
|
|
) {
|
|
|
|
mail_send();
|
|
clearstatcache();
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
|
|
function get_ticket_status($status_id) {
|
|
|
|
$query = "SELECT description FROM main_tickets_status WHERE id = $status_id";
|
|
$result = @mysqli_query($GLOBALS['mysql_con'], $query);
|
|
$status = @mysqli_fetch_array($result);
|
|
return $status['description'];
|
|
}
|
|
function get_contact($contact_id) {
|
|
$query = "SELECT name, phone_no FROM main_contact WHERE id = $contact_id";
|
|
$result = @mysqli_query($GLOBALS['mysql_con'], $query);
|
|
$contact = @mysqli_fetch_array($result);
|
|
return $contact;
|
|
}
|
|
|
|
// DEPRIKATED: Funktion wird aktuell nicht mehr verwendet.
|
|
// Sollte die Funktion wieder benötigt werden, muss sie entsprechend angepasst werden, um die neuen Datenstrukturen zu berücksichtigen.
|
|
|
|
function input_ticketnumber($ticket_no = "")
|
|
{
|
|
if ($ticket_no == "") {
|
|
// Aktuelles Jahr als zwei Ziffern
|
|
$current_year = date('y');
|
|
|
|
// Query, um das letzte Ticket des aktuellen Jahres zu finden
|
|
$query = "SELECT ticket_no FROM main_tickets WHERE ticket_no LIKE 'T$current_year-%' ORDER BY ticket_no DESC LIMIT 1";
|
|
$result = mysqli_query($GLOBALS['mysql_con'], $query);
|
|
|
|
// Initialisiere die Ticketnummer
|
|
$new_ticket_no = '';
|
|
|
|
// Wenn es bereits Tickets in diesem Jahr gibt
|
|
if (mysqli_num_rows($result) > 0) {
|
|
$row = mysqli_fetch_assoc($result);
|
|
$last_ticket_no = $row['ticket_no'];
|
|
|
|
// Extrahiere die Nummer nach dem Bindestrich
|
|
$last_ticket_number = (int) substr($last_ticket_no, 6);
|
|
|
|
// Erhöhe die Nummer um 1
|
|
$new_ticket_number = $last_ticket_number + 1;
|
|
|
|
// Formatiere die neue Ticketnummer mit führenden Nullen (z.B. 0002)
|
|
$new_ticket_no = 'T' . $current_year . '-' . str_pad($new_ticket_number, 5, '0', STR_PAD_LEFT);
|
|
} else {
|
|
// Falls es noch keine Tickets in diesem Jahr gibt, starte bei 0001
|
|
$new_ticket_no = 'T' . $current_year . '-00001';
|
|
}
|
|
$ticket_no = $new_ticket_no;
|
|
|
|
}
|
|
return $ticket_no;
|
|
}
|
|
|
|
function insert_main_service_items_history($ticketno, $ticket_description, $ticket_id, $service_item_id)
|
|
{
|
|
// Erstelle die Nachricht für die history_message
|
|
$history_message = "$ticketno $ticket_description wurde eröffnet.";
|
|
|
|
// Bereite das INSERT-Statement vor
|
|
$query_insert_main_service_item_history = "
|
|
INSERT INTO main_service_items_history (history_message, history_date, main_ticket_id, main_service_item_id)
|
|
VALUES ('$history_message', NOW(), '$ticket_id', '$service_item_id')
|
|
";
|
|
|
|
// Führe die Abfrage aus
|
|
@mysqli_query($GLOBALS['mysql_con'], $query_insert_main_service_item_history);
|
|
}
|
|
|
|
|
|
function make_notification($id, $category_id = null, $subcategory_id = null, $subsubcategory_id = null) {
|
|
$choised_category_id = $subsubcategory_id ?? $subcategory_id ?? $category_id;
|
|
if (!$choised_category_id) {
|
|
return;
|
|
}
|
|
|
|
$choised_contacts = getContactsByCategory($choised_category_id) ?: [];
|
|
$departments = getDepartmentsByCategory($choised_category_id);
|
|
$mandants = getMandantsByCategory($choised_category_id);
|
|
|
|
$contacts = [];
|
|
|
|
if (!empty($mandants) || !empty($departments)) {
|
|
$conditions = [];
|
|
|
|
if (!empty($mandants)) {
|
|
$conditions[] = "main_mandant_id IN (" . implode(',', $mandants) . ")";
|
|
}
|
|
|
|
if (!empty($departments)) {
|
|
$conditions[] = "main_department_id IN (" . implode(',', $departments) . ")";
|
|
}
|
|
|
|
$query = "SELECT main_contact_id FROM main_contact_department WHERE " . implode(' AND ', $conditions);
|
|
|
|
$result = mysqli_query($GLOBALS['mysql_con'], $query);
|
|
|
|
while ($row = mysqli_fetch_assoc($result)) {
|
|
$contacts[] = $row['main_contact_id'];
|
|
}
|
|
}
|
|
|
|
$contacts = array_unique(array_merge($contacts, $choised_contacts));
|
|
|
|
foreach ($contacts as $contact) {
|
|
$query = "SELECT DISTINCT main_contact.id, main_contact.name, token_contact.token as 'token' FROM main_contact LEFT JOIN token_contact ON token_contact.contact_id = main_contact.id WHERE main_contact.id = " . $contact;
|
|
$result = mysqli_query($GLOBALS['mysql_con'], $query);
|
|
|
|
if (mysqli_num_rows($result) > 0) {
|
|
while ($row = mysqli_fetch_assoc($result)) {
|
|
$token = $row['token'];
|
|
$name = $row['name'];
|
|
// var_dump($token);
|
|
// var_dump($name);
|
|
// Hier kannst du die Benachrichtigung senden
|
|
sendCustomNotification($token, $name, "Ein neues Ticket wurde erstellt!");
|
|
|
|
}
|
|
}
|
|
}
|
|
// var_dump($contacts);
|
|
}
|
|
|
|
|
|
function sendCustomNotification($token, $name, $message) {
|
|
|
|
$domain = ($_SERVER['HTTPS'] ?? 'off') === 'on' ? 'https://' : 'http://';
|
|
$domain .= $_SERVER['HTTP_HOST'];
|
|
|
|
$url = $domain . "/module/api/send_custom_notif.php";
|
|
|
|
$ch = curl_init($url);
|
|
|
|
|
|
$postData = [
|
|
'token' => $token,
|
|
'name' => $name,
|
|
'message' => $message
|
|
];
|
|
|
|
|
|
curl_setopt_array($ch, [
|
|
CURLOPT_POST => true,
|
|
CURLOPT_RETURNTRANSFER => true,
|
|
CURLOPT_HTTPHEADER => [
|
|
'Content-Type: application/x-www-form-urlencoded'
|
|
],
|
|
CURLOPT_POSTFIELDS => http_build_query($postData)
|
|
]);
|
|
|
|
|
|
$response = curl_exec($ch);
|
|
// var_dump($response);
|
|
|
|
curl_close($ch);
|
|
}
|
|
|
|
function getDepartmentsByCategory($category_id) {
|
|
$query = "SELECT main_department_id FROM main_tickets_category_department WHERE main_tickets_category_id = $category_id";
|
|
$result = mysqli_query($GLOBALS['mysql_con'], $query);
|
|
|
|
$departments = [];
|
|
while ($row = mysqli_fetch_assoc($result)) {
|
|
$departments[] = $row['main_department_id'];
|
|
}
|
|
|
|
return $departments;
|
|
}
|
|
|
|
function getMandantsByCategory($category_id) {
|
|
$query = "SELECT main_mandant_id FROM main_tickets_category_mandant WHERE main_tickets_category_id = $category_id";
|
|
$result = mysqli_query($GLOBALS['mysql_con'], $query);
|
|
|
|
$mandants = [];
|
|
while ($row = mysqli_fetch_assoc($result)) {
|
|
$mandants[] = $row['main_mandant_id'];
|
|
}
|
|
|
|
return $mandants;
|
|
}
|
|
|
|
function getContactsByCategory($category_id) {
|
|
$query = "SELECT main_contact_id FROM main_tickets_category_contact WHERE main_tickets_category_id = $category_id";
|
|
$result = mysqli_query($GLOBALS['mysql_con'], $query);
|
|
|
|
$contacts = [];
|
|
while ($row = mysqli_fetch_assoc($result)) {
|
|
$contacts[] = $row['main_contact_id'];
|
|
}
|
|
|
|
return $contacts;
|
|
}
|
|
|
|
?>
|