Bug fix: Log entries auditing tickets created by agents now correctly…

… log under the client
itflow-org · Sep 3, 2023 · 06c88a0 · 06c88a0
1 parent 0c4cded
commit 06c88a0
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 17 deletions.
diff --git a/post/contact.php b/post/contact.php
@@ -183,7 +183,7 @@
 
     // Redact audit logs
     $log_sql = mysqli_query($mysqli, "SELECT * FROM logs WHERE log_client_id =  $client_id");
-    while($log = mysqli_fetch_array($log_sql)) {
+    while ($log = mysqli_fetch_array($log_sql)) {
         $log_id = intval($log['log_id']);
         $description = $log['log_description'];
         $description = str_ireplace($info_to_redact, "*****", $description);
@@ -195,7 +195,7 @@
 
     // Get all tickets this contact raised
     $contact_tickets_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id = $client_id AND ticket_contact_id =  $contact_id");
-    while($ticket = mysqli_fetch_array($contact_tickets_sql)) {
+    while ($ticket = mysqli_fetch_array($contact_tickets_sql)) {
 
         $ticket_id = intval($ticket['ticket_id']);
 

diff --git a/post/ticket.php b/post/ticket.php
@@ -46,7 +46,7 @@
     if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
 
         // Get contact/ticket details
-        $sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_details FROM tickets 
+        $sql = mysqli_query($mysqli,"SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_details, ticket_client_id FROM tickets 
               LEFT JOIN clients ON ticket_client_id = client_id 
               LEFT JOIN contacts ON ticket_contact_id = contact_id
               WHERE ticket_id = $ticket_id");
@@ -61,13 +61,13 @@
         $client_id = intval($row['ticket_client_id']);
         $ticket_created_by = intval($row['ticket_created_by']);
         $ticket_assigned_to = intval($row['ticket_assigned_to']);
-        
+
         // Escaped content used for everything else except email subject and body
         $contact_name_escaped = sanitizeInput($row['contact_name']);
         $contact_email_escaped = sanitizeInput($row['contact_email']);
         $ticket_prefix_escaped = sanitizeInput($row['ticket_prefix']);
         $ticket_subject_escaped = sanitizeInput($row['ticket_subject']);
-        
+
         // Sanitize Config vars from get_settings.php
         $config_ticket_from_name_escaped = sanitizeInput($config_ticket_from_name);
         $config_ticket_from_email_escaped = sanitizeInput($config_ticket_from_email);
@@ -97,7 +97,7 @@
 
                 // Queue Mail
                 mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$watcher_email_escaped', email_recipient_name = '$contact_name_escaped', email_from = '$config_ticket_from_email_escaped', email_from_name = '$config_ticket_from_name_escaped', email_subject = '$subject_escaped', email_content = '$body_escaped'");
-            }    
+            }
         }
     }
 
@@ -130,7 +130,7 @@
 
     // Add Watchers
     if (!empty($_POST['watchers'])) {
-        
+
         // Remove all watchers first
         mysqli_query($mysqli,"DELETE FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
 
@@ -168,12 +168,12 @@
         // Get & verify assigned agent details
         $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assigned_to AND user_settings.user_role > 1");
         $agent_details = mysqli_fetch_array($agent_details_sql);
-        
+
         //Unescaped
         $agent_name = $agent_details['user_name'];
         $agent_email = $agent_details['user_email'];
         $ticket_reply = "Ticket re-assigned to $agent_name.";
-        
+
         // Escaped
         $agent_name_escaped = sanitizeInput($agent_details['user_name']);
         $agent_email_escaped = sanitizeInput($agent_details['user_email']);
@@ -190,7 +190,7 @@
     // Get & verify ticket details
     $ticket_details_sql = mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number, ticket_subject, ticket_client_id FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_status != 'Closed'");
     $ticket_details = mysqli_fetch_array($ticket_details_sql);
-    
+
     //Unescaped
     $ticket_prefix = $ticket_details['ticket_prefix'];
     $ticket_subject = $ticket_details['ticket_subject'];
@@ -216,13 +216,13 @@
     // Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Edit', log_description = '$session_name reassigned ticket $ticket_prefix_escaped$ticket_number - $ticket_subject_escaped to $agent_name_escaped', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $ticket_id");
 
-    
+
     // Notification
     if (intval($session_user_id) !== $assigned_to || $assigned_to !== 0) {
 
         // App Notification
         mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Ticket', notification = 'Ticket $ticket_prefix_escaped$ticket_number - Subject: $ticket_subject_escaped has been assigned to you by $session_name', notification_client_id = $client_id, notification_user_id = $assigned_to");
-    
+
         // Email Notification
         if (!empty($config_smtp_host)) {
 
@@ -334,13 +334,13 @@
     $client_id = intval($row['ticket_client_id']);
     $ticket_created_by = intval($row['ticket_created_by']);
     $ticket_assigned_to = intval($row['ticket_assigned_to']);
-    
+
     // Escaped content used for everything else except email subject and body
     $contact_name_escaped = sanitizeInput($row['contact_name']);
     $contact_email_escaped = sanitizeInput($row['contact_email']);
     $ticket_prefix_escaped = sanitizeInput($row['ticket_prefix']);
     $ticket_subject_escaped = sanitizeInput($row['ticket_subject']);
-    
+
     // Sanitize Config vars from get_settings.php
     $config_ticket_from_name_escaped = sanitizeInput($config_ticket_from_name);
     $config_ticket_from_email_escaped = sanitizeInput($config_ticket_from_email);
@@ -385,7 +385,7 @@
 
                 // Queue Mail
                 mysqli_query($mysqli, "INSERT INTO email_queue SET email_recipient = '$watcher_email_escaped', email_recipient_name = '$contact_name_escaped', email_from = '$config_ticket_from_email_escaped', email_from_name = '$config_ticket_from_name_escaped', email_subject = '$subject_escaped', email_content = '$body_escaped'");
-            }    
+            }
 
         }
     }
@@ -561,13 +561,13 @@
         $client_id = intval($row['ticket_client_id']);
         $ticket_created_by = intval($row['ticket_created_by']);
         $ticket_assigned_to = intval($row['ticket_assigned_to']);
-        
+
         // Escaped content used for everything else except email subject and body
         $contact_name_escaped = sanitizeInput($row['contact_name']);
         $contact_email_escaped = sanitizeInput($row['contact_email']);
         $ticket_prefix_escaped = sanitizeInput($row['ticket_prefix']);
         $ticket_subject_escaped = sanitizeInput($row['ticket_subject']);
-        
+
         // Sanitize Config vars from get_settings.php
         $config_ticket_from_name_escaped = sanitizeInput($config_ticket_from_name);
         $config_ticket_from_email_escaped = sanitizeInput($config_ticket_from_email);