diff --git a/admin_tickets.php b/admin_tickets.php
index f5d5480f..db8f598e 100644
--- a/admin_tickets.php
+++ b/admin_tickets.php
@@ -25,12 +25,11 @@ define('AREA', 'admin');
require ("./lib/init.php");
-if(isset($_POST['id']))
-{
+if (isset($_POST['id'])) {
$id = intval($_POST['id']);
-}
-elseif(isset($_GET['id']))
-{
+
+} elseif(isset($_GET['id'])) {
+
$id = intval($_GET['id']);
// only check if this is not a category-id
@@ -39,9 +38,13 @@ elseif(isset($_GET['id']))
/*
* Check if the current user is allowed to see the current ticket.
*/
- $sql = "SELECT `id` FROM `panel_tickets` WHERE `id` = '".$id."' AND `adminid` = '".$userinfo['admindid']."'";
+ $stmt = Database::prepare("
+ SELECT `id` FROM `panel_tickets`
+ WHERE `id` = :id AND `adminid` = :adminid
+ ");
+ Database::pexecute($stmt, array('id' => $id, 'adminid' => $userinfo['adminid']));
+ $result = $stmt->fetch(PDO::FETCH_ASSOC);
- $result = $db->query_first($sql);
if ($result == null) {
// no rights to see the requested ticket
standard_error(array('ticketnotaccessible'));
@@ -50,16 +53,20 @@ elseif(isset($_GET['id']))
}
}
-if($page == 'tickets'
- && $userinfo['customers'] != '0')
-{
+if ($page == 'tickets'
+ && $userinfo['customers'] != '0'
+) {
// Let's see how many customers we have
-
- $countcustomers = $db->query_first("SELECT COUNT(`customerid`) as `countcustomers` FROM `" . TABLE_PANEL_CUSTOMERS . "` " . ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = '" . (int)$userinfo['adminid'] . "' ") . "");
+ $countcustomers_stmt = Database::prepare("
+ SELECT COUNT(`customerid`) as `countcustomers`
+ FROM `" . TABLE_PANEL_CUSTOMERS . "` " .
+ ($userinfo['customers_see_all'] ? '' : "WHERE `adminid` = :adminid")
+ );
+ Database::pexecute($countcustomers_stmt, array('adminid' => $userinfo['adminid']));
+ $countcustomers = $countcustomers_stmt->fetch(PDO::FETCH_ASSOC);
$countcustomers = (int)$countcustomers['countcustomers'];
- if($action == '')
- {
+ if ($action == '') {
$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_tickets");
$fields = array(
'status' => $lng['ticket']['status'],
@@ -72,32 +79,40 @@ if($page == 'tickets'
$paging = new paging($userinfo, $db, TABLE_PANEL_TICKETS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
$paging->sortfield = 'lastchange';
$paging->sortorder = 'desc';
- $result = $db->query('SELECT `main`.`id`, `main`.`customerid`, (SELECT COUNT(`sub`.`id`) FROM `' . TABLE_PANEL_TICKETS . '` `sub` WHERE `sub`.`answerto` = `main`.`id`) as `ticket_answers`, `main`.`lastchange`, `main`.`subject`, `main`.`status`, `main`.`lastreplier`, `main`.`priority` FROM `' . TABLE_PANEL_TICKETS . '` as `main` WHERE `main`.`answerto` = "0" AND `archived` = "0" ' . ($userinfo['customers_see_all'] ? '' : ' AND `adminid` = "' . (int)$userinfo['adminid'] . '"') . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
- $paging->setEntries($db->num_rows($result));
+ $result_stmt = Database::prepare("
+ SELECT `main`.`id`, `main`.`customerid`, (
+ SELECT COUNT(`sub`.`id`)
+ FROM `" . TABLE_PANEL_TICKETS . "` `sub`
+ WHERE `sub`.`answerto` = `main`.`id`) as `ticket_answers`,
+ `main`.`lastchange`, `main`.`subject`, `main`.`status`, `main`.`lastreplier`, `main`.`priority`
+ FROM `" . TABLE_PANEL_TICKETS . "` as `main`
+ WHERE `main`.`answerto` = '0' AND `archived` = '0' " .
+ ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") .
+ $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
+ );
+ Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid']));
+ $num_rows = Database::num_rows();
+ $paging->setEntries($num_rows);
$sortcode = $paging->getHtmlSortCode($lng);
$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
$searchcode = $paging->getHtmlSearchCode($lng);
$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
$ctickets = array();
- while($row = $db->fetch_array($result))
- {
- if(!isset($ctickets[$row['customerid']])
- || !is_array($ctickets[$row['customerid']]))
- {
+ while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+ if (!isset($ctickets[$row['customerid']])
+ || !is_array($ctickets[$row['customerid']])
+ ) {
$ctickets[$row['customerid']] = array();
}
-
$ctickets[$row['customerid']][$row['id']] = $row;
}
- if($paging->sortfield == 'customerid'
- && $paging->sortorder == 'desc')
- {
+ if ($paging->sortfield == 'customerid'
+ && $paging->sortorder == 'desc'
+ ) {
krsort($ctickets);
- }
- else
- {
+ } else {
ksort($ctickets);
}
@@ -105,30 +120,29 @@ if($page == 'tickets'
$count = 0;
$tickets_count = 0;
$tickets = '';
- foreach($ctickets as $cid => $ticketrows)
- {
+ foreach ($ctickets as $cid => $ticketrows) {
$_cid = 0;
- foreach($ticketrows as $row)
- {
- if($paging->checkDisplay($i))
- {
+ foreach ($ticketrows as $row) {
+ if ($paging->checkDisplay($i)) {
+
$row = htmlentities_array($row);
$row['lastchange'] = date("d.m.y H:i", $row['lastchange']);
- if($_cid != $row['customerid'])
- {
+ if ($_cid != $row['customerid']) {
$cid = $row['customerid'];
- $usr = $db->query_first('SELECT `customerid`, `firstname`, `name`, `company`, `loginname` FROM `' . TABLE_PANEL_CUSTOMERS . '`
- WHERE `customerid` = "' . (int)$cid . '"');
+ $usr_stmt = Database::prepare('
+ SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
+ FROM `' . TABLE_PANEL_CUSTOMERS . '`
+ WHERE `customerid` = :cid'
+ );
+ Database::pexecute($usr_stmt, array('cid' => $cid));
+ $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC);
- if(isset($usr['loginname']))
- {
+ if (isset($usr['loginname'])) {
$customer = getCorrectFullUserDetails($usr);
$customerloginname = $usr['loginname'];
$customerid = $usr['customerid'];
- }
- else
- {
+ } else {
$customer = $lng['ticket']['nonexistingcustomer'];
}
eval("\$tickets.=\"" . getTemplate("tickets/tickets_customer") . "\";");
@@ -136,33 +150,27 @@ if($page == 'tickets'
$tickets_count++;
- if($row['status'] >= 0
- && $row['status'] <= 2)
- {
+ if ($row['status'] >= 0
+ && $row['status'] <= 2
+ ) {
$reopen = 0;
- }
- else
- {
+ } else {
$reopen = 1;
}
$row['status'] = ticket::getStatusText($lng, $row['status']);
$row['priority'] = ticket::getPriorityText($lng, $row['priority']);
- if($row['lastreplier'] == '1')
- {
+ if ($row['lastreplier'] == '1') {
$row['lastreplier'] = $lng['ticket']['staff'];
$cananswer = 0;
- }
- else
- {
+ } else {
$row['lastreplier'] = $lng['ticket']['customer'];
$cananswer = 1;
}
$row['subject'] = html_entity_decode($row['subject']);
- if(strlen($row['subject']) > 20)
- {
+ if (strlen($row['subject']) > 20) {
$row['subject'] = substr($row['subject'], 0, 17) . '...';
}
@@ -171,20 +179,18 @@ if($page == 'tickets'
$_cid = $row['customerid'];
}
}
-
$i++;
}
-
eval("echo \"" . getTemplate("tickets/tickets") . "\";");
- }
- elseif($action == 'new')
- {
- if($userinfo['tickets_used'] < $userinfo['tickets']
- || $userinfo['tickets'] == '-1')
- {
- if(isset($_POST['send'])
- && $_POST['send'] == 'send')
- {
+
+ } elseif($action == 'new') {
+
+ if ($userinfo['tickets_used'] < $userinfo['tickets']
+ || $userinfo['tickets'] == '-1'
+ ) {
+ if (isset($_POST['send'])
+ && $_POST['send'] == 'send'
+ ) {
$newticket = ticket::getInstanceOf($userinfo, $db, $settings, -1);
$newticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
$newticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
@@ -192,16 +198,11 @@ if($page == 'tickets'
$newticket->Set('customer', (int)$_POST['customer'], true, false);
$newticket->Set('message', validate(htmlentities(str_replace("\r\n", "\n", $_POST['message'])), 'message', '/^[^\0]*$/'), true, false);
- if($newticket->Get('subject') == null)
- {
+ if ($newticket->Get('subject') == null) {
standard_error(array('stringisempty', 'mysubject'));
- }
- elseif($newticket->Get('message') == null)
- {
+ } elseif($newticket->Get('message') == null) {
standard_error(array('stringisempty', 'mymessage'));
- }
- else
- {
+ } else {
$now = time();
$newticket->Set('admin', $userinfo['adminid'], true, true);
$newticket->Set('dt', $now, true, true);
@@ -215,36 +216,46 @@ if($page == 'tickets'
$log->logAction(ADM_ACTION, LOG_NOTICE, "opened a new ticket for customer #" . $newticket->Get('customer') . " - '" . $newticket->Get('subject') . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
- }
- else
- {
+ } else {
$categories = '';
$where = '';
if ($userinfo['tickets_see_all'] != '1') {
- $where = 'WHERE `adminid` = "' . $userinfo['adminid'] . '"';
+ $where = 'WHERE `adminid` = :adminid';
}
- $result = $db->query_first('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` '.$where.' ORDER BY `logicalorder`, `name` ASC');
+ $result_stmt = Database::prepare('
+ SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
+ '.$where.' ORDER BY `logicalorder`, `name` ASC'
+ );
+ Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid']));
+ $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
- if(isset($result['name'])
- && $result['name'] != '')
- {
- $result2 = $db->query('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` '.$where.' ORDER BY `logicalorder`, `name` ASC');
+ if (isset($result['name'])
+ && $result['name'] != ''
+ ) {
+ $result2_stmt = Database::prepare('
+ SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
+ '.$where.' ORDER BY `logicalorder`, `name` ASC'
+ );
+ Database::pexecute($result2_stmt, array('adminid' => $userinfo['adminid']));
- while($row = $db->fetch_array($result2))
- {
+ while ($row = $result2_stmt->fetch(PDO::FETCH_ASSOC)) {
$categories.= makeoption($row['name'], $row['id']);
}
- }
- else
- {
+
+ } else {
$categories = makeoption($lng['ticket']['no_cat'], '0');
}
$customers = '';
- $result_customers = $db->query("SELECT `customerid`, `loginname`, `name`, `firstname`, `company` FROM `" . TABLE_PANEL_CUSTOMERS . "` " . ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = '" . (int)$userinfo['adminid'] . "' ") . " ORDER BY `name` ASC");
+ $result_customers_stmt = Database::prepare("
+ SELECT `customerid`, `loginname`, `name`, `firstname`, `company`
+ FROM `" . TABLE_PANEL_CUSTOMERS . "` " .
+ ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = :adminid")."
+ ORDER BY `name` ASC"
+ );
+ Database::pexecute($result_customers_stmt, array('adminid' => $userinfo['adminid']));
- while($row_customer = $db->fetch_array($result_customers))
- {
+ while ($row_customer = $result_customers_stmt->fetch(PDO::FETCH_ASSOC)) {
$customers.= makeoption(getCorrectFullUserDetails($row_customer) . ' (' . $row_customer['loginname'] . ')', $row_customer['customerid']);
}
@@ -260,29 +271,26 @@ if($page == 'tickets'
eval("echo \"" . getTemplate("tickets/tickets_new") . "\";");
}
- }
- else
- {
+
+ } else {
standard_error('nomoreticketsavailable');
}
- }
- elseif($action == 'answer'
- && $id != 0)
- {
- if(isset($_POST['send'])
- && $_POST['send'] == 'send')
- {
+
+ } elseif($action == 'answer'
+ && $id != 0
+ ) {
+ if (isset($_POST['send'])
+ && $_POST['send'] == 'send'
+ ) {
+
$replyticket = ticket::getInstanceOf($userinfo, $db, $settings, -1);
$replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
$replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
$replyticket->Set('message', validate(htmlentities(str_replace("\r\n", "\n", $_POST['message'])), 'message', '/^[^\0]*$/'), true, false);
- if($replyticket->Get('message') == null)
- {
+ if ($replyticket->Get('message') == null) {
standard_error(array('stringisempty', 'mymessage'));
- }
- else
- {
+ } else {
$now = time();
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
$replyticket->Set('customerid', $mainticket->Get('customer'), true, true);
@@ -294,9 +302,7 @@ if($page == 'tickets'
$replyticket->Insert();
// Update priority if changed
-
- if($replyticket->Get('priority') != $mainticket->Get('priority'))
- {
+ if ($replyticket->Get('priority') != $mainticket->Get('priority')) {
$mainticket->Set('priority', $replyticket->Get('priority'), true);
}
@@ -308,67 +314,72 @@ if($page == 'tickets'
$log->logAction(ADM_ACTION, LOG_NOTICE, "answered ticket '" . $mainticket->Get('subject') . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
- }
- else
- {
+
+ } else {
+
$ticket_replies = '';
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
$dt = date("d.m.Y H:i\h", $mainticket->Get('dt'));
$status = ticket::getStatusText($lng, $mainticket->Get('status'));
- if($mainticket->Get('status') >= 0
- && $mainticket->Get('status') <= 2)
- {
+ if ($mainticket->Get('status') >= 0
+ && $mainticket->Get('status') <= 2
+ ) {
$isclosed = 0;
- }
- else
- {
+ } else {
$isclosed = 1;
}
- if ($mainticket->Get('by') == '1')
- {
+ if ($mainticket->Get('by') == '1') {
$by = $lng['ticket']['staff'];
- }
- else
- {
+ } else {
$cid = $mainticket->Get('customer');
- $usr = $db->query_first('SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
- FROM `' . TABLE_PANEL_CUSTOMERS . '`
- WHERE `customerid` = "' . (int)$cid . '"'
+ $usr_stmt = Database::prepare('
+ SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
+ FROM `' . TABLE_PANEL_CUSTOMERS . '`
+ WHERE `customerid` = :cid'
);
+ Database::pexecute($usr_stmt, array('cid' => $cid));
+ $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC);
$by = '';
$by .= getCorrectFullUserDetails($usr).'';
- //$by = $lng['ticket']['customer'];
}
$subject = $mainticket->Get('subject');
$message = $mainticket->Get('message');
eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_main") . "\";");
- $result = $db->query('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
- WHERE `id`="' . (int)$mainticket->Get('category') . '"');
- $row = $db->fetch_array($result);
- $andere = $db->query('SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto`="' . (int)$id . '" ORDER BY `lastchange` ASC');
- while($row2 = $db->fetch_array($andere))
- {
+ $result_stmt = Database::prepare('
+ SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = :cid'
+ );
+ Database::pexecute($result_stmt, array('cid' => $mainticket->Get('category')));
+ $row = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
+ $andere_stmt = Database::prepare('
+ SELECT * FROM `' . TABLE_PANEL_TICKETS . '`
+ WHERE `answerto` = :id ORDER BY `lastchange` ASC'
+ );
+ Database::pexecute($andere_stmt, array('id' => $id));
+ $numrows_andere = Database::num_rows();
+
+ while ($row2 = $andere_stmt->fetch(PDO::FETCH_ASSOC)) {
+
$subticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$row2['id']);
$lastchange = date("d.m.Y H:i\h", $subticket->Get('lastchange'));
- if($subticket->Get('by') == '1')
- {
+ if ($subticket->Get('by') == '1') {
$by = $lng['ticket']['staff'];
- }
- else
- {
+ } else {
$cid = $subticket->Get('customer');
- $usr = $db->query_first('SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
+ $usr_stmt = Database::prepare('
+ SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
FROM `' . TABLE_PANEL_CUSTOMERS . '`
- WHERE `customerid` = "' . (int)$cid . '"'
+ WHERE `customerid` = :cid'
);
+ Database::pexecute($usr_stmt, array('cid' => $cid));
+ $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC);
$by = '';
$by .= getCorrectFullUserDetails($usr).'';
- //$by = $lng['ticket']['customer'];
}
$subject = $subticket->Get('subject');
@@ -380,7 +391,7 @@ if($page == 'tickets'
$priorities.= makeoption($lng['ticket']['normal'], '2', $mainticket->Get('priority'), true, true);
$priorities.= makeoption($lng['ticket']['low'], '3', $mainticket->Get('priority'), true, true);
$subject = $mainticket->Get('subject');
- $ticket_replies_count = $db->num_rows($andere) + 1;
+ $ticket_replies_count = $numrows_andere + 1;
// don't forget the main-ticket!
$ticket_reply_data = include_once dirname(__FILE__).'/lib/formfields/admin/tickets/formfield.ticket_reply.php';
@@ -391,13 +402,13 @@ if($page == 'tickets'
eval("echo \"" . getTemplate("tickets/tickets_reply") . "\";");
}
- }
- elseif($action == 'close'
- && $id != 0)
- {
- if(isset($_POST['send'])
- && $_POST['send'] == 'send')
- {
+
+ } elseif($action == 'close'
+ && $id != 0
+ ) {
+ if (isset($_POST['send'])
+ && $_POST['send'] == 'send'
+ ) {
$now = time();
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
$mainticket->Set('lastchange', $now, true, true);
@@ -406,16 +417,14 @@ if($page == 'tickets'
$mainticket->Update();
$log->logAction(ADM_ACTION, LOG_NOTICE, "closed ticket '" . $mainticket->Get('subject') . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
- }
- else
- {
+ } else {
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
}
- }
- elseif($action == 'reopen'
- && $id != 0)
- {
+
+ } elseif($action == 'reopen'
+ && $id != 0
+ ) {
$now = time();
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
$mainticket->Set('lastchange', $now, true, true);
@@ -424,13 +433,13 @@ if($page == 'tickets'
$mainticket->Update();
$log->logAction(ADM_ACTION, LOG_NOTICE, "reopened ticket '" . $mainticket->Get('subject') . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
- }
- elseif($action == 'archive'
- && $id != 0)
- {
- if(isset($_POST['send'])
- && $_POST['send'] == 'send')
- {
+
+ } elseif($action == 'archive'
+ && $id != 0
+ ) {
+ if (isset($_POST['send'])
+ && $_POST['send'] == 'send'
+ ) {
$now = time();
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
$mainticket->Set('lastchange', $now, true, true);
@@ -440,36 +449,32 @@ if($page == 'tickets'
$mainticket->Archive();
$log->logAction(ADM_ACTION, LOG_NOTICE, "archived ticket '" . $mainticket->Get('subject') . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
- }
- else
- {
+ } else {
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
ask_yesno('ticket_reallyarchive', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
}
- }
- elseif($action == 'delete'
- && $id != 0)
- {
- if(isset($_POST['send'])
- && $_POST['send'] == 'send')
- {
+
+ } elseif($action == 'delete'
+ && $id != 0
+ ) {
+ if (isset($_POST['send'])
+ && $_POST['send'] == 'send'
+ ) {
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
$log->logAction(ADM_ACTION, LOG_INFO, "deleted ticket '" . $mainticket->Get('subject') . "'");
$mainticket->Delete();
redirectTo($filename, Array('page' => $page, 's' => $s));
- }
- else
- {
+ } else {
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
ask_yesno('ticket_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
}
}
-}
-elseif($page == 'categories'
- && $userinfo['customers'] != '0')
-{
- if($action == '')
- {
+
+} elseif($page == 'categories'
+ && $userinfo['customers'] != '0'
+) {
+ if ($action == '') {
+
$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_tickets::categories");
$fields = array(
'name' => $lng['ticket']['category'],
@@ -478,22 +483,29 @@ elseif($page == 'categories'
$where = '1'; // WHERE 1 is like no 'where-clause'
if ($userinfo['tickets_see_all'] != '1') {
- $where = " `main`.`adminid` = '" . (int)$userinfo['adminid'] . "'";
+ $where = " `main`.`adminid` = :adminid";
}
$paging = new paging($userinfo, $db, TABLE_PANEL_TICKET_CATS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
- $result = $db->query("SELECT `main`.`id`, `main`.`name`, `main`.`logicalorder`, (
- SELECT COUNT(`sub`.`id`) FROM `" . TABLE_PANEL_TICKETS . "` `sub`
- WHERE `sub`.`category` = `main`.`id`
- AND `sub`.`answerto` = '0' AND `sub`.`adminid` = '" . $userinfo['adminid'] . "')
- as `ticketcount`, (
- SELECT COUNT(`sub2`.`id`) FROM `" . TABLE_PANEL_TICKETS . "` `sub2`
- WHERE `sub2`.`category` = `main`.`id`
- AND `sub2`.`answerto` = '0'
- AND (`sub2`.`status` = '0' OR `sub2`.`status` = '1' OR `sub2`.`status` = '2')
- AND `sub2`.`adminid` = '" . $userinfo['adminid'] . "'
- ) as `ticketcountnotclosed`
- FROM `" . TABLE_PANEL_TICKET_CATS . "` `main` WHERE " . $where . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
- $paging->setEntries($db->num_rows($result));
+ $result_stmt = Database::prepare("
+ SELECT `main`.`id`, `main`.`name`, `main`.`logicalorder`, (
+ SELECT COUNT(`sub`.`id`) FROM `" . TABLE_PANEL_TICKETS . "` `sub`
+ WHERE `sub`.`category` = `main`.`id`
+ AND `sub`.`answerto` = '0'
+ AND `sub`.`adminid` = :adminid
+ ) as `ticketcount`, (
+ SELECT COUNT(`sub2`.`id`) FROM `" . TABLE_PANEL_TICKETS . "` `sub2`
+ WHERE `sub2`.`category` = `main`.`id`
+ AND `sub2`.`answerto` = '0'
+ AND (`sub2`.`status` = '0' OR `sub2`.`status` = '1' OR `sub2`.`status` = '2')
+ AND `sub2`.`adminid` = :adminid
+ ) as `ticketcountnotclosed`
+ FROM `" . TABLE_PANEL_TICKET_CATS . "` `main`
+ WHERE " . $where . $paging->getSqlWhere(true) . " " .
+ $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
+ );
+ Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid']));
+ $numrows = Database::num_rows();
+ $paging->setEntries($numrows);
$sortcode = $paging->getHtmlSortCode($lng);
$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
$searchcode = $paging->getHtmlSearchCode($lng);
@@ -501,50 +513,42 @@ elseif($page == 'categories'
$i = 0;
$count = 0;
$ticketcategories = '';
- $categories_count = $db->num_rows($result);
+ $categories_count = $numrows;
- while($row = $db->fetch_array($result))
- {
- if($paging->checkDisplay($i))
- {
+ while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+
+ if ($paging->checkDisplay($i)) {
$row = htmlentities_array($row);
$closedtickets_count = ($row['ticketcount'] - $row['ticketcountnotclosed']);
eval("\$ticketcategories.=\"" . getTemplate("tickets/tickets_categories") . "\";");
$count++;
}
-
$i++;
}
-
eval("echo \"" . getTemplate("tickets/categories") . "\";");
- }
- elseif($action == 'addcategory')
- {
- if(isset($_POST['send'])
- && $_POST['send'] == 'send')
- {
+
+ } elseif($action == 'addcategory') {
+
+ if (isset($_POST['send'])
+ && $_POST['send'] == 'send'
+ ) {
+
$category = validate($_POST['category'], 'category');
$order = validate($_POST['logicalorder'], 'logicalorder');
- if($order < 1 || $order >= 1000)
- {
+ if ($order < 1 || $order >= 1000) {
// use the latest available
$order = ticket::getHighestOrderNumber($db, $userinfo['adminid']) + 1;
}
- if($category == '')
- {
+ if ($category == '') {
standard_error(array('stringisempty', 'mycategory'));
- }
- else
- {
+ } else {
ticket::addCategory($db, $category, $userinfo['adminid'], $order);
$log->logAction(ADM_ACTION, LOG_INFO, "added ticket-category '" . $category . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
- }
- else
- {
+ } else {
$order = ticket::getHighestOrderNumber($db, $userinfo['adminid']) + 1;
$category_new_data = include_once dirname(__FILE__).'/lib/formfields/admin/tickets/formfield.category_new.php';
@@ -555,36 +559,34 @@ elseif($page == 'categories'
eval("echo \"" . getTemplate("tickets/tickets_newcategory") . "\";");
}
- }
- elseif($action == 'editcategory'
- && $id != 0)
- {
- if(isset($_POST['send'])
- && $_POST['send'] == 'send')
- {
+
+ } elseif($action == 'editcategory'
+ && $id != 0
+ ) {
+ if (isset($_POST['send'])
+ && $_POST['send'] == 'send'
+ ) {
+
$category = validate($_POST['category'], 'category');
$order = validate($_POST['logicalorder'], 'logicalorder');
- if($order < 1 || $order >= 1000)
- {
+ if ($order < 1 || $order >= 1000) {
$order = 1;
}
- if($category == '')
- {
+ if ($category == '') {
standard_error(array('stringisempty', 'mycategory'));
- }
- else
- {
+ } else {
ticket::editCategory($db, $category, $id, $order);
$log->logAction(ADM_ACTION, LOG_INFO, "edited ticket-category '" . $category . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
- }
- else
- {
- $row = $db->query_first('SELECT * FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = "' . (int)$id . '"');
-
+ } else {
+ $row_stmt = Database::prepare('
+ SELECT * FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = :id'
+ );
+ Database::pexecute($row_stmt, array('id' => $id));
+ $row = $row_stmt->fetch(PDO::FETCH_ASSOC);
$category_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/tickets/formfield.category_edit.php';
$category_edit_form = htmlform::genHTMLForm($category_edit_data);
@@ -593,38 +595,36 @@ elseif($page == 'categories'
eval("echo \"" . getTemplate("tickets/tickets_editcategory") . "\";");
}
- }
- elseif($action == 'deletecategory'
- && $id != 0)
- {
- if(isset($_POST['send'])
- && $_POST['send'] == 'send')
- {
- if(ticket::deleteCategory($db, $id) == false)
- {
+
+ } elseif($action == 'deletecategory'
+ && $id != 0
+ ) {
+ if (isset($_POST['send'])
+ && $_POST['send'] == 'send'
+ ) {
+ if (ticket::deleteCategory($db, $id) == false) {
standard_error('categoryhastickets');
}
$log->logAction(ADM_ACTION, LOG_INFO, "deleted ticket-category #" . $id);
redirectTo($filename, Array('page' => $page, 's' => $s));
- }
- else
- {
+
+ } else {
$name = ticket::getCategoryName($db, $id);
ask_yesno('ticket_reallydeletecat', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $name);
}
}
-}
-elseif($page == 'archive'
- && $userinfo['customers'] != '0')
-{
- if($action == '')
- {
+
+} elseif($page == 'archive'
+ && $userinfo['customers'] != '0'
+) {
+ if ($action == '') {
+
$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_tickets::archive");
- if(isset($_POST['send'])
- && $_POST['send'] == 'send')
- {
+ if (isset($_POST['send'])
+ && $_POST['send'] == 'send'
+ ) {
$priority = array();
$categories = array();
$subject = validate($_POST['subject'], 'subject');
@@ -635,11 +635,15 @@ elseif($page == 'archive'
$todate = validate($_POST['todate'], 'todate');
$message = validate($_POST['message'], 'message');
$customer = validate($_POST['customer'], 'customer');
- $cat = $db->query_first('SELECT COUNT(`id`) as `ccount` FROM `' . TABLE_PANEL_TICKET_CATS . '`');
- for ($x = 0;$x < $cat['ccount'];$x++)
- {
+
+ $cat_stmt = Database::query('SELECT COUNT(`id`) as `ccount` FROM `' . TABLE_PANEL_TICKET_CATS . '`');
+ $cat = $cat_stmt->fetch(PDO::FETCH_ASSOC);
+
+ for ($x = 0;$x < $cat['ccount'];$x++) {
$categories[$x] = isset($_POST['category' . $x]) ? $_POST['category' . $x] : '';
}
+
+ // FIXME migrate to PDO
$query = ticket::getArchiveSearchStatement($db, $subject, $priority, $fromdate, $todate, $message, $customer, $userinfo['adminid'], $categories);
$fields = array(
'lastchange' => $lng['ticket']['lastchange'],
@@ -649,6 +653,7 @@ elseif($page == 'archive'
'priority' => $lng['ticket']['priority']
);
$paging = new paging($userinfo, $db, TABLE_PANEL_TICKETS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
+ // FIXME migrate (the above) to PDO
$result = $db->query($query . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
$sortcode = $paging->getHtmlSortCode($lng);
$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -656,24 +661,20 @@ elseif($page == 'archive'
$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
$ctickets = array();
- while($row = $db->fetch_array($result))
- {
- if(!isset($ctickets[$row['customerid']])
- || !is_array($ctickets[$row['customerid']]))
- {
+ while ($row = $db->fetch_array($result)) {
+ if (!isset($ctickets[$row['customerid']])
+ || !is_array($ctickets[$row['customerid']])
+ ) {
$ctickets[$row['customerid']] = array();
}
-
$ctickets[$row['customerid']][$row['id']] = $row;
}
- if($paging->sortfield == 'customerid'
- && $paging->sortorder == 'desc')
- {
+ if ($paging->sortfield == 'customerid'
+ && $paging->sortorder == 'desc'
+ ) {
krsort($ctickets);
- }
- else
- {
+ } else {
ksort($ctickets);
}
@@ -681,42 +682,36 @@ elseif($page == 'archive'
$count = 0;
$tickets_count = 0;
$tickets = '';
- foreach($ctickets as $cid => $ticketrows)
- {
- if($paging->sortfield == 'lastchange'
- && $paging->sortorder == 'desc')
- {
+ foreach ($ctickets as $cid => $ticketrows) {
+ if ($paging->sortfield == 'lastchange'
+ && $paging->sortorder == 'desc'
+ ) {
krsort($ticketrows);
- }
- else
- {
+ } else {
ksort($ticketrows);
}
$_cid = 0;
- foreach($ticketrows as $ticket)
- {
- if($paging->checkDisplay($i))
- {
+ foreach ($ticketrows as $ticket) {
+ if ($paging->checkDisplay($i)) {
$ticket['lastchange'] = date("d.m.y H:i", $ticket['lastchange']);
-
- if($_cid != $ticket['customerid'])
- {
+ if ($_cid != $ticket['customerid']) {
$cid = $ticket['customerid'];
- $usr = $db->query_first('SELECT `customerid`, `firstname`, `name`, `company`, `loginname` FROM `' . TABLE_PANEL_CUSTOMERS . '`
- WHERE `customerid` = "' . (int)$cid . '"');
+ $usr_stmt = Database::prepare('
+ SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
+ FROM `' . TABLE_PANEL_CUSTOMERS . '`
+ WHERE `customerid` = :cid'
+ );
+ Database::pexecute($usr_stmt, array('cid' => $cid));
+ $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC);
- if(isset($usr['loginname']))
- {
+ if (isset($usr['loginname'])) {
$customer = getCorrectFullUserDetails($usr);
$customerloginname = $usr['loginname'];
$customerid = $usr['customerid'];
- }
- else
- {
+ } else {
$customer = $lng['ticket']['nonexistingcustomer'];
}
-
eval("\$tickets.=\"" . getTemplate("tickets/tickets_customer") . "\";");
}
@@ -733,17 +728,13 @@ elseif($page == 'archive'
}
$ticket['priority'] = ticket::getPriorityText($lng, $ticket['priority']);
- if($ticket['lastreplier'] == '1')
- {
+ if ($ticket['lastreplier'] == '1') {
$ticket['lastreplier'] = $lng['ticket']['staff'];
- }
- else
- {
+ } else {
$ticket['lastreplier'] = $lng['ticket']['customer'];
}
- if(strlen($ticket['subject']) > 20)
- {
+ if (strlen($ticket['subject']) > 20) {
$ticket['subject'] = substr($ticket['subject'], 0, 17) . '...';
}
$ticket = htmlentities_array($ticket);
@@ -752,39 +743,32 @@ elseif($page == 'archive'
$_cid = $ticket['customerid'];
}
}
-
$i++;
}
-
eval("echo \"" . getTemplate("tickets/archivesearch") . "\";");
- }
- else
- {
+
+ } else {
+
$archived = array();
$archived = ticket::getLastArchived($db, 6, $userinfo['adminid']);
$tickets = '';
- if($archived !== false)
- {
- foreach($archived as $id => $ticket)
- {
+ if ($archived !== false) {
+
+ foreach ($archived as $id => $ticket) {
+
$ticket['lastchange'] = date("d.m.y H:i", $ticket['lastchange']);
$ticket['priority'] = ticket::getPriorityText($lng, $ticket['priority']);
- if($ticket['lastreplier'] == '1')
- {
+ if ($ticket['lastreplier'] == '1') {
$ticket['lastreplier'] = $lng['ticket']['staff'];
- }
- else
- {
+ } else {
$ticket['lastreplier'] = $lng['ticket']['customer'];
}
- if(strlen($ticket['subject']) > 20)
- {
+ if (strlen($ticket['subject']) > 20) {
$ticket['subject'] = substr($ticket['subject'], 0, 17) . '...';
}
-
eval("\$tickets.=\"" . getTemplate("tickets/archived_tickets") . "\";");
}
}
@@ -794,28 +778,31 @@ elseif($page == 'archive'
$priorities_options.= makecheckbox('priority3', $lng['ticket']['low'], '3');
$category_options = '';
$ccount = 0;
- $result = $db->query('SELECT * FROM `' . TABLE_PANEL_TICKET_CATS . '` ORDER BY `name` ASC');
+ $result = Database::query('SELECT * FROM `' . TABLE_PANEL_TICKET_CATS . '` ORDER BY `name` ASC');
- while($row = $db->fetch_array($result))
- {
+ while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
$category_options.= makecheckbox('category' . $ccount, $row['name'], $row['id'], true);
$ccount++;
}
$customers = makeoption($lng['ticket']['nocustomer'], '-1', '-1');
- $result_customers = $db->query("SELECT `customerid`, `loginname`, `name`, `firstname`, `company` FROM `" . TABLE_PANEL_CUSTOMERS . "` " . ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = '" . (int)$userinfo['adminid'] . "' ") . " ORDER BY `name` ASC");
+ $result_customers_stmt = Database::prepare("
+ SELECT `customerid`, `loginname`, `name`, `firstname`, `company`
+ FROM `" . TABLE_PANEL_CUSTOMERS . "` " .
+ ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = :adminid")."
+ ORDER BY `name` ASC"
+ );
+ Database::pexecute($result_customers_stmt, array('adminid' => $userinfo['adminid']));
- while($row_customer = $db->fetch_array($result_customers))
- {
+ while ($row_customer = $result_customers_stmt->fetch(PDO::FETCH_ASSOC)) {
$customers.= makeoption(getCorrectFullUserDetails($row_customer) . ' (' . $row_customer['loginname'] . ')', $row_customer['customerid']);
}
-
eval("echo \"" . getTemplate("tickets/archive") . "\";");
}
- }
- elseif($action == 'view'
- && $id != 0)
- {
+
+ } elseif($action == 'view'
+ && $id != 0
+ ) {
$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed archived-ticket #" . $id);
$ticket_replies = '';
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
@@ -831,42 +818,53 @@ elseif($page == 'archive'
else
{
$cid = $mainticket->Get('customer');
- $usr = $db->query_first('SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
- FROM `' . TABLE_PANEL_CUSTOMERS . '`
- WHERE `customerid` = "' . (int)$cid . '"'
+ $usr_stmt = Database::prepare('
+ SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
+ FROM `' . TABLE_PANEL_CUSTOMERS . '`
+ WHERE `customerid` = :cid'
);
+ Database::pexecute($usr_stmt, array('cid' => $cid));
+ $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC);
+
$by = '';
$by .= getCorrectFullUserDetails($usr).'';
- //$by = $lng['ticket']['customer'];
}
$subject = $mainticket->Get('subject');
$message = $mainticket->Get('message');
eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_main") . "\";");
- $result = $db->query('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
- WHERE `id`="' . (int)$mainticket->Get('category') . '"');
- $row = $db->fetch_array($result);
- $andere = $db->query('SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto`="' . (int)$id . '"');
- while($row2 = $db->fetch_array($andere))
- {
+ $result_stmt = Database::prepare('
+ SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = :cid'
+ );
+ Database::pexecute($result_stmt, array('cid' => $mainticket->Get('category')));
+ $row = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
+ $andere_stmt = Database::prepare('
+ SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = :id'
+ );
+ Database::pexecute($andere_stmt, array('id' => $id));
+ $numrows_andere = Database::num_rows();
+
+ while ($row2 = $andere_stmt->fetch(PDO::FETCH_ASSOC)) {
+
$subticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$row2['id']);
$lastchange = date("d.m.Y H:i\h", $subticket->Get('lastchange'));
- if($subticket->Get('by') == '1')
- {
+ if ($subticket->Get('by') == '1') {
$by = $lng['ticket']['staff'];
- }
- else
- {
+ } else {
$cid = $subticket->Get('customer');
- $usr = $db->query_first('SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
- FROM `' . TABLE_PANEL_CUSTOMERS . '`
- WHERE `customerid` = "' . (int)$cid . '"'
+ $usr_stmt = Database::prepare('
+ SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
+ FROM `' . TABLE_PANEL_CUSTOMERS . '`
+ WHERE `customerid` = :cid'
);
+ Database::pexecute($usr_stmt, array('cid' => $cid));
+ $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC);
+
$by = '';
$by .= getCorrectFullUserDetails($usr).'';
- //$by = $lng['ticket']['customer'];
}
$subject = $subticket->Get('subject');
@@ -878,24 +876,22 @@ elseif($page == 'archive'
$priorities.= makeoption($lng['ticket']['normal'], '2', htmlentities($mainticket->Get('priority')), true, true);
$priorities.= makeoption($lng['ticket']['low'], '3', htmlentities($mainticket->Get('priority')), true, true);
$subject = $mainticket->Get('subject');
- $ticket_replies_count = $db->num_rows($andere) + 1;
+ $ticket_replies_count = $numrows_andere + 1;
// don't forget the main-ticket!
eval("echo \"" . getTemplate("tickets/tickets_view") . "\";");
- }
- elseif($action == 'delete'
- && $id != 0)
- {
- if(isset($_POST['send'])
- && $_POST['send'] == 'send')
- {
+
+ } elseif($action == 'delete'
+ && $id != 0
+ ) {
+ if (isset($_POST['send'])
+ && $_POST['send'] == 'send'
+ ) {
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
$log->logAction(ADM_ACTION, LOG_INFO, "deleted archived ticket '" . $mainticket->Get('subject') . "'");
$mainticket->Delete();
redirectTo($filename, Array('page' => $page, 's' => $s));
- }
- else
- {
+ } else {
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
ask_yesno('ticket_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
}
diff --git a/admin_updates.php b/admin_updates.php
index 68a40356..f4211613 100644
--- a/admin_updates.php
+++ b/admin_updates.php
@@ -23,7 +23,7 @@ if ($page == 'overview') {
/**
* this is a dirty hack but syscp 1.4.2.1 does not
- * has any version/dbversion in the database (don't know why)
+ * have any version/dbversion in the database (don't know why)
* so we have to set them both to run a correct upgrade
*/
if (!isFroxlor()) {
@@ -31,7 +31,13 @@ if ($page == 'overview') {
|| $settings['panel']['version'] == ''
) {
$settings['panel']['version'] = '1.4.2.1';
- $db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('panel','version','".$settings['panel']['version']."')");
+ $stmt = Database::prepare("
+ INSERT INTO `" . TABLE_PANEL_SETTINGS . "` SET
+ `settinggroup` = 'panel',
+ `varname` = 'version',
+ `value` = :version"
+ );
+ Database::pexecute($stmt, array('version' => $settings['panel']['version']));
}
if (!isset($settings['system']['dbversion'])
|| $settings['system']['dbversion'] == ''
@@ -42,7 +48,10 @@ if ($page == 'overview') {
* and the svn-version has its value in the database
* -> bug #54
*/
- $result = $db->query_first("SELECT `value` FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `varname` = 'dbversion'");
+ $result_stmt = Database::query("
+ SELECT `value` FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `varname` = 'dbversion'"
+ );
+ $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if (isset($result['value'])) {
$settings['system']['dbversion'] = (int)$result['value'];
@@ -101,9 +110,6 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate('update/index') . "\";");
}
} else {
- /*
- * @TODO version-webcheck check here
- */
$success_message = $lng['update']['noupdatesavail'];
$redirect_url = 'admin_index.php?s=' . $s;
eval("echo \"" . getTemplate('update/noupdatesavail') . "\";");