maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

migrate ticket-system to PDO database class, refs #1287

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2013-11-06 11:06:03 +01:00
parent 8a9ed3d9f1
commit 74bb3ccb7e
5 changed files with 329 additions and 319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

446
lib/classes/ticket/class.ticket.php
View File

@@ -20,20 +20,14 @@
* Support Tickets - Tickets-Class
*/
class ticket
{
class ticket {
/**
* Userinfo
* @var array
*/
private $userinfo = array();
/**
* Database handler
* @var db
*/
private $db = false;
/**
* Settings array
* @var settings
@@ -68,14 +62,11 @@ class ticket
* Class constructor.
*
* @param array userinfo
* @param resource database
* @param array settings
* @param int ticket id
*/
private function __construct($userinfo, $db, $settings, $tid = - 1)
{
private function __construct($userinfo, $settings, $tid = - 1) {
$this->userinfo = $userinfo;
$this->db = $db;
$this->settings = $settings;
$this->tid = $tid;
@@ -96,23 +87,22 @@ class ticket
/**
* Singleton ftw ;-)
*
* @param array userinfo
* @param array settings
* @param int ticket id
*/
static public function getInstanceOf($_usernfo, $_db, $_settings, $_tid)
{
if(!isset(self::$tickets[$_tid]))
{
self::$tickets[$_tid] = new ticket($_usernfo, $_db, $_settings, $_tid);
static public function getInstanceOf($_usernfo, $_settings, $_tid) {
if (!isset(self::$tickets[$_tid])) {
self::$tickets[$_tid] = new ticket($_usernfo, $_settings, $_tid);
}
return self::$tickets[$_tid];
}
/**
* Initialize data-array
*/
private function initData()
{
private function initData() {
$this->Set('customer', 0, true, true);
$this->Set('admin', 1, true, true);
$this->Set('subject', '', true, true);
@@ -132,12 +122,16 @@ class ticket
/**
* Read ticket data from database.
*/
private function readData()
{
if(isset($this->tid)
&& $this->tid != - 1)
{
$_ticket = $this->db->query_first('SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = "' . $this->tid . '"');
private function readData() {
if (isset($this->tid)
&& $this->tid != - 1
) {
$_ticket_stmt = Database::prepare('
SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid'
);
$_ticket = Database::pexecute_first($_ticket_stmt, array('tid' => $this->tid));
$this->Set('customer', $_ticket['customerid'], true, false);
$this->Set('admin', $_ticket['adminid'], true, false);
$this->Set('subject', $_ticket['subject'], true, false);
@@ -158,79 +152,104 @@ class ticket
/**
* Insert data to database
*/
public function Insert()
{
$this->db->query("INSERT INTO `" . TABLE_PANEL_TICKETS . "`
(`customerid`,
`adminid`,
`category`,
`priority`,
`subject`,
`message`,
`dt`,
`lastchange`,
`ip`,
`status`,
`lastreplier`,
`by`,
`answerto`)
VALUES
('" . (int)$this->Get('customer') . "',
'" . (int)$this->Get('admin') . "',
'" . (int)$this->Get('category') . "',
'" . (int)$this->Get('priority') . "',
'" . $this->db->escape($this->Get('subject')) . "',
'" . $this->db->escape($this->Get('message')) . "',
'" . (int)$this->Get('dt') . "',
'" . (int)$this->Get('lastchange') . "',
'" . $this->db->escape($this->Get('ip')) . "',
'" . (int)$this->Get('status') . "',
'" . (int)$this->Get('lastreplier') . "',
'" . (int)$this->Get('by') . "',
'" . (int)$this->Get('answerto') . "');");
$this->tid = $this->db->insert_id();
public function Insert() {
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_TICKETS . "` SET
`customerid` = :customerid,
`adminid` = :adminid,
`category` = :category,
`priority` = :priority,
`subject` = :subject,
`message` = :message,
`dt` = :dt,
`lastchange` = :lastchange,
`ip` = :ip,
`status` = :status,
`lastreplier` = :lastreplier,
`by` = :by,
`answerto` = :answerto"
);
$ins_data = array(
'customerid' => $this->Get('customer'),
'adminid' => $this->Get('admin'),
'category' => $this->Get('category'),
'priority' => $this->Get('priority'),
'subject' => $this->Get('subject'),
'message' => $this->Get('message'),
'dt' => $this->Get('dt'),
'lastchange' => $this->Get('lastchange'),
'ip' => $this->Get('ip'),
'status' => $this->Get('status'),
'lastreplier' => $this->Get('lastreplier'),
'by' => $this->Get('by'),
'answerto' => $this->Get('answerto')
);
Database::pexecute($ins_stmt, $ins_data);
$this->tid = Database::lastInsertId();
return true;
}
/**
* Update data in database
*/
public function Update()
{
// Update "main" ticket
public function Update() {
$this->db->query('UPDATE `' . TABLE_PANEL_TICKETS . '` SET
`priority` = "' . (int)$this->Get('priority') . '",
`lastchange` = "' . (int)$this->Get('lastchange') . '",
`status` = "' . (int)$this->Get('status') . '",
`lastreplier` = "' . (int)$this->Get('lastreplier') . '"
WHERE `id` = "' . (int)$this->tid . '";');
// Update "main" ticket
$upd_stmt = Database::prepare('
UPDATE `' . TABLE_PANEL_TICKETS . '` SET
`priority` = :priority,
`lastchange` = :lastchange,
`status` = :status,
`lastreplier` = :lastreplier
WHERE `id` = :tid'
);
$upd_data = array(
'priority' => $this->Get('priority'),
'lastchange' => $this->Get('lastchange'),
'status' => $this->Get('status'),
'lastreplier' => $this->Get('lastreplier'),
'tid' => $this->tid
);
Database::pexecute($upd_stmt, $upd_data);
return true;
}
/**
* Moves a ticket to the archive
*/
public function Archive()
{
public function Archive() {
// Update "main" ticket
$this->db->query('UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `id` = "' . (int)$this->tid . '";');
$upd_stmt = Database::prepare('
UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `id` = :tid'
);
Database::pexecute($upd_stmt, array('tid' => $this->tid));
// Update "answers" to ticket
$this->db->query('UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `answerto` = "' . (int)$this->tid . '";');
$upd_stmt = Database::prepare('
UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `answerto` = :tid'
);
Database::pexecute($upd_stmt, array('tid' => $this->tid));
return true;
}
/**
* Remove ticket from database
*/
public function Delete()
{
public function Delete() {
// Delete "main" ticket
$this->db->query('DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = "' . (int)$this->tid . '";');
$del_stmt = Database::prepare('
DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid'
);
Database::pexecute($del_stmt, array('tid' => $this->tid));
// Delete "answers" to ticket"
$this->db->query('DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = "' . (int)$this->tid . '";');
$del_stmt = Database::prepare('
DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = :tid'
);
Database::pexecute($del_stmt, array('tid' => $this->tid));
return true;
}
@@ -242,12 +261,14 @@ class ticket
global $mail, $theme;
// Some checks are to be made here in the future
if($customerid != - 1)
{
if ($customerid != - 1) {
// Get e-mail message for customer
$usr = $this->db->query_first('SELECT `name`, `firstname`, `company`, `email`
FROM `' . TABLE_PANEL_CUSTOMERS . '`
WHERE `customerid` = "' . (int)$customerid . '"');
$usr_stmt = Database::prepare('
SELECT `name`, `firstname`, `company`, `email`
FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :customerid'
);
$usr = Database::pexecute_first($usr_stmt, array('customerid' => $customerid));
$replace_arr = array(
'FIRSTNAME' => $usr['firstname'],
'NAME' => $usr['name'],
@@ -255,29 +276,38 @@ class ticket
'SALUTATION' => getCorrectUserSalutation($usr),
'SUBJECT' => $this->Get('subject', true)
);
}
else
{
} else {
$replace_arr = array(
'SUBJECT' => $this->Get('subject', true)
);
}
$result = $this->db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
WHERE `adminid`=\'' . (int)$this->userinfo['adminid'] . '\'
AND `language`=\'' . $this->db->escape($this->userinfo['def_language']) . '\'
AND `templategroup`=\'mails\'
AND `varname`=\'' . $template_subject . '\'');
$tpl_seldata = array(
'adminid' => $this->userinfo['adminid'],
'lang' => $this->userinfo['def_language'],
'tplsubject' => $template_subject
);
$result_stmt = Database::prepare("
SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid`= :adminid
AND `language`= :lang
AND `templategroup`= 'mails' AND `varname`= :tplsubject"
);
$result = Database::pexecute_first($result_stmt, $tpl_seldata);
$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_subject), $replace_arr));
$result = $this->db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
WHERE `adminid`=\'' . (int)$this->userinfo['adminid'] . '\'
AND `language`=\'' . $this->db->escape($this->userinfo['def_language']) . '\'
AND `templategroup`=\'mails\'
AND `varname`=\'' . $template_body . '\'');
unset($tpl_seldata['tplsubject']);
$tpl_seldata['tplbody'] = $template_body;
$result_stmt = Database::prepare("
SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid`= :adminid
AND `language`= :lang
AND `templategroup`= 'mails' AND `varname`= :tplmailbody"
);
$result = Database::pexecute_first($result_stmt, $tpl_seldata);
$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_body), $replace_arr));
if($customerid != - 1)
{
if ($customerid != - 1) {
$_mailerror = false;
try {
$mail->SetFrom($this->settings['ticket']['noreply_email'], $this->settings['ticket']['noreply_name']);
@@ -299,13 +329,15 @@ class ticket
$rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
standard_error('errorsendingmail', $usr['email']);
}
$mail->ClearAddresses();
}
else
{
$admin = $this->db->query_first("SELECT `name`, `email` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid`='" . (int)$this->userinfo['adminid'] . "'");
} else {
$admin_stmt = Database::prepare("
SELECT `name`, `email` FROM `" . TABLE_PANEL_ADMINS . "`
WHERE `adminid` = :adminid"
);
$admin = Database::pexecute_first($admin_stmt, array('adminid' => $userinfo['adminid']));
$_mailerror = false;
try {
$mail->SetFrom($this->settings['ticket']['noreply_email'], $this->settings['ticket']['noreply_name']);
@@ -335,65 +367,77 @@ class ticket
/**
* Add a support-categories
*/
static public function addCategory($_db, $_category = null, $_admin = 1, $_order = 1)
{
if($_category != null
&& $_category != '')
{
if($_order < 1) {
static public function addCategory($_category = null, $_admin = 1, $_order = 1) {
if ($_category != null
&& $_category != ''
) {
if ($_order < 1) {
$_order = 1;
}
$_db->query('INSERT INTO `' . TABLE_PANEL_TICKET_CATS . '` SET
`name` = "' . $_db->escape($_category) . '",
`adminid` = "' . (int)$_admin . '",
`logicalorder` = "' . (int)$_order . '"');
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_TICKET_CATS . "` SET
`name` = :name,
`adminid` = :adminid,
`logicalorder` = :lo"
);
$ins_data = array(
'name' => $_category,
'adminid' => $_admin,
'lo' => $_order
);
Database::pexecute($ins_stmt, $ins_data);
return true;
}
return false;
}
/**
* Edit a support-categories
*/
static public function editCategory($_db, $_category = null, $_id = 0, $_order = 1)
{
if($_category != null
&& $_category != ''
&& $_id != 0)
{
if($_order < 1) {
static public function editCategory($_category = null, $_id = 0, $_order = 1) {
if ($_category != null
&& $_category != ''
&& $_id != 0
) {
if ($_order < 1) {
$_order = 1;
}
$_db->query('UPDATE `' . TABLE_PANEL_TICKET_CATS . '` SET
`name` = "' . $_db->escape($_category) . '",
`logicalorder` = "' . (int)$_order . '"
WHERE `id` = "' . (int)$_id . '"');
$upd_stmt = Database::prepare("
UPDATE `' . TABLE_PANEL_TICKET_CATS . '` SET
`name` = :name,
`logicalorder` = :lo
WHERE `id` = :id"
);
Database::pexecute($upd_stmt, array('name' => $_category, 'lo' => $_order, 'id' => $_id));
return true;
}
return false;
}
/**
* Delete a support-categories
*/
static public function deleteCategory($_db, $_id = 0)
{
if($_id != 0)
{
$result = $_db->query_first('SELECT COUNT(`id`) as `numtickets` FROM `' . TABLE_PANEL_TICKETS . '`
WHERE `category` = "' . (int)$_id . '"');
static public function deleteCategory($_id = 0) {
if($result['numtickets'] == "0")
{
$_db->query('DELETE FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = "' . (int)$_id . '"');
if ($_id != 0) {
$result_stmt = Database::prepare("
SELECT COUNT(`id`) as `numtickets` FROM `" . TABLE_PANEL_TICKETS . "`
WHERE `category` = :cat"
);
$result = Database::pexecute_first($result_stmt, array('cat' => $_id));
if ($result['numtickets'] == "0") {
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id"
);
Database::pexecute($del_stmt, array('id' => $_id));
return true;
}
else
{
} else {
return false;
}
}
@@ -404,55 +448,63 @@ class ticket
/**
* Return a support-category-name
*/
static public function getCategoryName($_db, $_id = 0)
{
if($_id != 0)
{
$category = $_db->query_first('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = "' . (int)$_id . '"');
static public function getCategoryName($_id = 0) {
if ($_id != 0) {
$stmt = Database::prepare("
SELECT `name` FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id"
);
$category = Database::pexecute_first($stmt, array('id' => $_id));
return $category['name'];
}
return null;
}
/**
* get the highest order number
*
* @param object $_db database-object
* @param object $_uid admin-id (optional)
*
* @return int highest order number
*/
static public function getHighestOrderNumber($_db = null, $_uid = 0)
{
static public function getHighestOrderNumber($_uid = 0) {
$where = '';
$sel_data = array();
if ($_uid > 0) {
$where = ' WHERE `adminid` = "'.(int)$_uid.'"';
$where = " WHERE `adminid` = :adminid";
$sel_data['adminid'] = $_uid;
}
$sql = "SELECT MAX(`logicalorder`) as `highestorder` FROM `" . TABLE_PANEL_TICKET_CATS . "`".$where.";";
$result = $_db->query_first($sql);
$result_stmt = Database::prepare($sql);
$result = Database::pexecute_first($result_stmt, $sel_data);
return (isset($result['highestorder']) ? (int)$result['highestorder'] : 0);
}
/**
* returns the last x archived tickets
*/
static public function getLastArchived($_db, $_num = 10, $_admin = 1)
{
if($_num > 0)
{
static public function getLastArchived($_num = 10, $_admin = 1) {
if ($_num > 0) {
$archived = array();
$counter = 0;
$result = $_db->query('SELECT *,
(SELECT COUNT(`sub`.`id`)
FROM `' . TABLE_PANEL_TICKETS . '` `sub`
WHERE `sub`.`answerto` = `main`.`id`) as `ticket_answers`
FROM `' . TABLE_PANEL_TICKETS . '` `main`
WHERE `main`.`answerto` = "0"
AND `main`.`archived` = "1" AND `main`.`adminid` = "' . (int)$_admin . '"
ORDER BY `main`.`lastchange` DESC LIMIT 0, ' . (int)$_num);
$result_stmt = Database::prepare("
SELECT *, (
SELECT COUNT(`sub`.`id`)
FROM `" . TABLE_PANEL_TICKETS . "` `sub`
WHERE `sub`.`answerto` = `main`.`id`
) as `ticket_answers`
FROM `" . TABLE_PANEL_TICKETS . "` `main`
WHERE `main`.`answerto` = '0' AND `main`.`archived` = '1'
AND `main`.`adminid` = :adminid
ORDER BY `main`.`lastchange` DESC LIMIT 0, :limit"
);
Database::pexecute($result_stmt, array('adminid' => $_admin, 'limit' => $_num));
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
while($row = $_db->fetch_array($result))
{
$archived[$counter]['id'] = $row['id'];
$archived[$counter]['customerid'] = $row['customerid'];
$archived[$counter]['adminid'] = $row['adminid'];
@@ -469,12 +521,9 @@ class ticket
$counter++;
}
if(isset($archived[0]['id']))
{
if (isset($archived[0]['id'])) {
return $archived;
}
else
{
} else {
return false;
}
}
@@ -482,6 +531,8 @@ class ticket
/**
* Returns a sql-statement to search the archive
*
* @FIXME migrate to PDO
*/
static public function getArchiveSearchStatement($db, $subject = NULL, $priority = NULL, $fromdate = NULL, $todate = NULL, $message = NULL, $customer = - 1, $admin = 1, $categories = NULL)
{
@@ -674,20 +725,20 @@ class ticket
/**
* function customerHasTickets
*
* @param object mysql-db-object
* @param int customer-id
*
* @return array/bool array of ticket-ids if customer has any, else false
*/
static public function customerHasTickets($_db = null, $_cid = 0)
{
if($_cid != 0)
{
$result = $_db->query('SELECT `id` FROM `' . TABLE_PANEL_TICKETS . '` WHERE `customerid` ="'.(int)$_cid.'"');
static public function customerHasTickets($_cid = 0) {
if ($_cid != 0) {
$result_stmt = Database::prepare("
SELECT `id` FROM `" . TABLE_PANEL_TICKETS . "` WHERE `customerid` = :cid"
);
Database::pexecute($result_stmt, array('cid' => $_cid));
$tickets = array();
while($row = $_db->fetch_array($result))
{
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$tickets[] = $row['id'];
}
@@ -700,32 +751,22 @@ class ticket
/**
* Get a data-var
*/
public function Get($_var = '', $_vartrusted = false)
{
if($_var != '')
{
if(!$_vartrusted)
{
public function Get($_var = '', $_vartrusted = false) {
if ($_var != '') {
if (!$_vartrusted) {
$_var = htmlspecialchars($_var);
}
if(isset($this->t_data[$_var]))
{
if(strtolower($_var) == 'message')
{
if (isset($this->t_data[$_var])) {
if (strtolower($_var) == 'message') {
return nl2br($this->t_data[$_var]);
}
elseif(strtolower($_var) == 'subject')
{
} elseif(strtolower($_var) == 'subject') {
return nl2br($this->t_data[$_var]);
}
else
{
} else {
return $this->t_data[$_var];
}
}
else
{
} else {
return null;
}
}
@@ -734,23 +775,22 @@ class ticket
/**
* Set a data-var
*/
public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false)
{
if($_var != ''
&& $_value != '')
{
if(!$_vartrusted)
{
public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false) {
if ($_var != ''
&& $_value != ''
) {
if (!$_vartrusted) {
$_var = $this->_purifier->purify($_var);
}
if(!$_valuetrusted)
{
if (!$_valuetrusted) {
$_value = $this->_purifier->purify($_value);
}
if(strtolower($_var) == 'message' || strtolower($_var) == 'subject')
{
if (strtolower($_var) == 'message'
|| strtolower($_var) == 'subject'
) {
$_value = $this->convertLatin1ToHtml($_value);
}