From f2643103b30c9bccebf259dc904c637f586be056 Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Wed, 6 Nov 2013 15:24:39 +0100
Subject: [PATCH] completed migration of ticket-class to PDO database class and
 bugfixing admin-tickets, refs #1287

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 admin_tickets.php                       |  17 ++-
 lib/classes/database/class.Database.php |   2 +-
 lib/classes/ticket/class.ticket.php     | 193 ++++++++++++------------
 3 files changed, 110 insertions(+), 102 deletions(-)

diff --git a/admin_tickets.php b/admin_tickets.php
index 5d7713de..92d34424 100644
--- a/admin_tickets.php
+++ b/admin_tickets.php
@@ -630,8 +630,11 @@ if ($page == 'tickets'
 				$categories[$x] = isset($_POST['category' . $x]) ? $_POST['category' . $x] : '';
 			}
 
-			// FIXME migrate to PDO
-			$query = ticket::getArchiveSearchStatement($db, $subject, $priority, $fromdate, $todate, $message, $customer, $userinfo['adminid'], $categories);
+			$archive_search = ticket::getArchiveSearchStatement($subject, $priority, $fromdate, $todate, $message, $customer, $userinfo['adminid'], $categories);
+
+			$query = $archive_search[0];
+			$archive_params = $archive_search[1];
+
 			$fields = array(
 				'lastchange' => $lng['ticket']['lastchange'],
 				'ticket_answers' => $lng['ticket']['ticket_answers'],
@@ -640,15 +643,15 @@ if ($page == 'tickets'
 				'priority' => $lng['ticket']['priority']
 			);
 			$paging = new paging($userinfo, $db, TABLE_PANEL_TICKETS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
-			// FIXME migrate (the above) to PDO
-			$result = $db->query($query . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+			$result_stmt = Database::prepare($query . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+			Database::pexecute($result_stmt, $archive_params);
 			$sortcode = $paging->getHtmlSortCode($lng);
 			$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 			$searchcode = $paging->getHtmlSearchCode($lng);
 			$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
 			$ctickets = array();
 
-			while ($row = $db->fetch_array($result)) {
+			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 				if (!isset($ctickets[$row['customerid']])
 					|| !is_array($ctickets[$row['customerid']])
 				) {
@@ -678,7 +681,7 @@ if ($page == 'tickets'
 					ksort($ticketrows);
 				}
 
-				$_cid = 0;
+				$_cid = -1;
 				foreach ($ticketrows as $ticket) {
 					if ($paging->checkDisplay($i)) {
 						$ticket['lastchange'] = date("d.m.y H:i", $ticket['lastchange']);
@@ -697,6 +700,8 @@ if ($page == 'tickets'
 								$customerid = $usr['customerid'];
 							} else {
 								$customer = $lng['ticket']['nonexistingcustomer'];
+								$customerid = 0;
+								$customerloginname = '';
 							}
 							eval("\$tickets.=\"" . getTemplate("tickets/tickets_customer") . "\";");
 						}
diff --git a/lib/classes/database/class.Database.php b/lib/classes/database/class.Database.php
index bf554058..8af62a3b 100644
--- a/lib/classes/database/class.Database.php
+++ b/lib/classes/database/class.Database.php
@@ -266,4 +266,4 @@ class Database {
 			die("We are sorry, but a MySQL - error occurred. The administrator may find more information in in the sql-error.log in the logs/ directory");
 		}
 	}
-}
\ No newline at end of file
+}
diff --git a/lib/classes/ticket/class.ticket.php b/lib/classes/ticket/class.ticket.php
index ce8fef15..ff107d15 100644
--- a/lib/classes/ticket/class.ticket.php
+++ b/lib/classes/ticket/class.ticket.php
@@ -499,9 +499,9 @@ class ticket {
 				FROM `" . TABLE_PANEL_TICKETS . "` `main`
 				WHERE `main`.`answerto` = '0' AND `main`.`archived` = '1'
 				AND `main`.`adminid` = :adminid
-				ORDER BY `main`.`lastchange` DESC LIMIT 0, :limit"
+				ORDER BY `main`.`lastchange` DESC LIMIT 0, ".(int)$_num
 			);
-			Database::pexecute($result_stmt, array('adminid' => $_admin, 'limit' => $_num));
+			Database::pexecute($result_stmt, array('adminid' => $_admin));
 
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 
@@ -531,133 +531,136 @@ class ticket {
 
 	/**
 	 * Returns a sql-statement to search the archive
+	 * including necessary parameter-array for PDO
 	 *
-	 * @FIXME migrate to PDO
+	 * @return array 0 = query, 1 = params-array
 	 */
-	static public function getArchiveSearchStatement($db, $subject = NULL, $priority = NULL, $fromdate = NULL, $todate = NULL, $message = NULL, $customer = - 1, $admin = 1, $categories = NULL)
+	static public function getArchiveSearchStatement($subject = null, $priority = null, $fromdate = null, $todate = null, $message = null, $customer = - 1, $admin = 1, $categories = null)
 	{
-		$query = 'SELECT `main`.*,
-                (SELECT COUNT(`sub`.`id`) FROM `' . TABLE_PANEL_TICKETS . '` `sub` 
-                 WHERE `sub`.`answerto` = `main`.`id`) as `ticket_answers` 
-              FROM `' . TABLE_PANEL_TICKETS . '` `main` 
-              WHERE `main`.`archived` = "1" AND `main`.`adminid` = "' . (int)$admin . '" ';
+		$search_params = array();
 
-		if($subject != NULL
-		&& $subject != '')
-		{
-			$query.= 'AND `main`.`subject` LIKE "' . $db->escape("%$subject%") . '" ';
+		$query = "
+			SELECT `main`.*, (
+				SELECT COUNT(`sub`.`id`) FROM `" . TABLE_PANEL_TICKETS . "` `sub`
+				WHERE `sub`.`answerto` = `main`.`id`
+			) as `ticket_answers`
+			FROM `" . TABLE_PANEL_TICKETS . "` `main`
+			WHERE `main`.`archived` = '1' AND `main`.`adminid` = :admin"
+		;
+
+		$search_params['admin'] = $admin;
+
+		if ($subject != NULL
+			&& $subject != ''
+		) {
+			$query .= " AND `main`.`subject` LIKE :subject";
+			$search_params['subject'] = "%".$subject."%";
 		}
 
-		if($priority != NULL
-		&& isset($priority[0])
-		&& $priority[0] != '')
-		{
-			if(isset($priority[1])
-			&& $priority[1] != '')
-			{
-				if(isset($priority[2])
-				&& $priority[2] != '')
-				{
-					$query.= 'AND (`main`.`priority` = "1"
-                     OR `main`.`priority` = "2" 
-                     OR `main`.`priority` = "3") ';
-				}
-				else
-				{
-					$query.= 'AND (`main`.`priority` = "1"
-                     OR `main`.`priority` = "2") ';
+		if ($priority != null
+			&& isset($priority[0])
+			&& $priority[0] != ''
+		) {
+
+			if (isset($priority[1])
+				&& $priority[1] != ''
+			) {
+
+				if (isset($priority[2])
+					&& $priority[2] != ''
+				) {
+
+					$query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '2' OR `main`.`priority` = '3')";
+
+				} else {
+
+					$query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '1')";
 				}
+
+			} elseif (isset($priority[2])
+				&& $priority[2] != ''
+			) {
+
+				$query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '3')";
+
+			} else {
+				$query .= " AND `main`.`priority` = '1'";
 			}
-			elseif(isset($priority[2])
-			&& $priority[2] != '')
-			{
-				$query.= 'AND (`main`.`priority` = "1"
-                     OR `main`.`priority` = "3") ';
+
+		} elseif($priority != null
+			&& isset($priority[1])
+			&& $priority[1] != ''
+		) {
+			if (isset($priority[2])
+				&& $priority[2] != ''
+			) {
+				$query .= " AND (`main`.`priority` = '2' OR `main`.`priority` = '3')";
+			} else {
+				$query .= " AND `main`.`priority` = '2'";
 			}
-			else
-			{
-				$query.= 'AND `main`.`priority` = "1" ';
-			}
-		}
-		elseif($priority != NULL
-		&& isset($priority[1])
-		&& $priority[1] != '')
-		{
-			if(isset($priority[2])
-			&& $priority[2] != '')
-			{
-				$query.= 'AND (`main`.`priority` = "2" OR `main`.`priority` = "3") ';
-			}
-			else
-			{
-				$query.= 'AND `main`.`priority` = "2" ';
-			}
-		}
-		elseif($priority != NULL)
-		{
-			if(isset($priority[3])
-			&& $priority[3] != '')
-			{
-				$query.= 'AND `main`.`priority` = "3" ';
+
+		} elseif($priority != null) {
+
+			if (isset($priority[3])
+				&& $priority[3] != ''
+			) {
+				$query .= " AND `main`.`priority` = '3'";
 			}
 		}
 
-		if($fromdate != NULL
-		&& $fromdate > 0)
-		{
-			$query.= 'AND `main`.`lastchange` > "' . $db->escape(strtotime($fromdate)) . '" ';
+		if ($fromdate != null
+			&& $fromdate > 0
+		) {
+			$query .= " AND `main`.`lastchange` > :fromdate";
+			$search_params['fromdate'] = strtotime($fromdate);
 		}
 
-		if($todate != NULL
-		&& $todate > 0)
-		{
-			$query.= 'AND `main`.`lastchange` < "' . $db->escape(strtotime($todate)) . '" ';
+		if ($todate != null
+			&& $todate > 0
+		) {
+			$query .= " AND `main`.`lastchange` < :todate";
+			$search_params['todate'] = strtotime($todate);
 		}
 
-		if($message != NULL
-		&& $message != '')
-		{
-			$query.= 'AND `main`.`message` LIKE "' . $db->escape("%$message%") . '" ';
+		if ($message != null
+			&& $message != ''
+		) {
+			$query .= " AND `main`.`message` LIKE :message";
+			$search_params['message'] = "%".$message."%";
 		}
 
-		if($customer != - 1)
-		{
-			$query.= 'AND `main`.`customerid` = "' . (int)$customer . '" ';
+		if ($customer != - 1) {
+			$query .= " AND `main`.`customerid` = :customer";
+			$search_params['customer'] = $customer;
 		}
 
-		if($categories != NULL)
-		{
+		if ($categories != null) {
+
 			$cats = array();
-			foreach($categories as $index => $catid)
-			{
-				if ($catid != "")
-				{
+			foreach ($categories as $index => $catid) {
+				if ($catid != "") {
 					$cats[] = $catid;
 				}
 			}
 
-			if (count($cats) > 0)
-			{
-				$query.= 'AND (';
+			if (count($cats) > 0) {
+				$query .= " AND (";
 			}
 
-			foreach($cats as $catid)
-			{
-				if(isset($catid)
-				&& $catid > 0)
-				{
-					$query.= '`main`.`category` = "' . (int)$catid . '" OR ';
+			foreach ($cats as $catid) {
+				if (isset($catid) && $catid > 0) {
+					$query .= "`main`.`category` = :catid_".$catid." OR ";
+					$search_params['catid_'.$catid] = $catid;
 				}
 			}
 
-			if (count($cats) > 0)
-			{
+			if (count($cats) > 0) {
 				$query = substr($query, 0, strlen($query) - 3);
-				$query.= ') ';
+				$query .= ") ";
 			}
 		}
 
-		return $query;
+		return array('0' => $query, '1' => $search_params);
 	}
 
 	/**