BMSVieira · halcyonyarn · Aug 29, 2022 · Aug 29, 2022 · Aug 29, 2022 · Aug 29, 2022
diff --git a/ost_wbs/classes/class.dbconnection.php b/ost_wbs/classes/class.dbconnection.php
@@ -3,17 +3,17 @@
 # DB Connection
 class DBConnection{
     function getDBConnect(){
-        
+
         $mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DBNAME) or die("Couldn't connect");
-       
+
         if ($mysqli->connect_errno)
         { 
             echo "ERROR: Cannot connect web service to database";
             echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; 
             exit();
         } 
-         return $mysqli;
+        return $mysqli;
     }
 }
 
-?>
+?>
diff --git a/ost_wbs/classes/class.helper.php b/ost_wbs/classes/class.helper.php
@@ -100,7 +100,8 @@ static function escapeParameters($parameters)
     }
 
     // Check parameters
-    static function checkRequest($parameters, $expectedParameters)
+    // Optional parameters added for flexibility in adding users etc
+    static function checkRequest($parameters, $expectedParameters, $optionalParameters=array())
     {
 
         // Error array 
@@ -111,21 +112,21 @@ static function checkRequest($parameters, $expectedParameters)
 
             // Check for empty fields
             foreach ($expectedParameters as $key => $value) {
-                if(empty($parameters["parameters"][$value])) {
-                    array_push($errors,"Empty or Incorrect fields were given.");
+                if(empty($parameters["parameters"][$value])&& !is_numeric($parameters["parameters"][$value])) {
+                    array_push($errors,"Empty or Incorrect expected fields were given. ".$key." ".$value);
                 }
             }
 
             // Check for unkown or unexpected fields
             foreach ($parameters["parameters"] as $key => $value) {
-                if (!in_array($key, $expectedParameters)) {
+                if (!in_array($key, $expectedParameters) && !in_array($key, $optionalParameters)) {
                     array_push($errors,"Unexpectec fields given.");
                 }
             }
 
             // If no errors, continue
             if(count($errors) > 0){
-                throw new Exception("Empty or Incorrect fields were given, read documentation for more info."); 
+                throw new Exception("Empty or Incorrect fields were given, read documentation for more info. ");
             } 
 
         } else {
@@ -239,4 +240,4 @@ static function remove_accents($string) {
         $string = strtr($string, $chars);
         return $string;
     }
-}
+}
diff --git a/ost_wbs/classes/class.key.php b/ost_wbs/classes/class.key.php
@@ -18,7 +18,9 @@ function OAuth($key)
         if(strlen($key) != 32) { throw new Exception("Incorrect API Format"); }
 
         // Connect Database
-        $Dbobj = new DBConnection(); 
+        // this wasn't being auto loaded? 
+        require_once 'classes/class.dbconnection.php';
+        $Dbobj = new DBConnection; 
         $mysqli = $Dbobj->getDBConnect();
 
         // Check API Key
@@ -65,4 +67,4 @@ function ippaddr()
 $apiAuth = new apiKey;
 $apiAuth->OAuth($key["apikey"]);
 
-?>
+?>
diff --git a/ost_wbs/classes/class.ticket.php b/ost_wbs/classes/class.ticket.php
@@ -194,15 +194,17 @@ public function add($parameters)
 
             // Expected parameters
             $expectedParameters = array("title", "subject", "user_id",  "priority_id", "status_id", "dept_id", "sla_id", "topic_id");
+	    // These may be useful, but should be optional, as a way to add internal only info when creating ticket from CRM
+            $optionalParameters = array("form_id", "priority_name", "internal_note","internal_note_subject");
 
             // Check if all paremeters are correct
-            Helper::checkRequest($parameters, $expectedParameters);
+            Helper::checkRequest($parameters, $expectedParameters, $optionalParameters);
 
                 // Prepare query
 
                 $last_ticket_id = Helper::get_last_id("ticket", "ticket_id");
                 $ticket_number = $last_ticket_id+1;
-                $ticker_number = "API".$ticket_number;
+                $ticker_number = "TK".$ticket_number;
 
                 // table - 'ticket'
                 $ticket = 'insert into '.TABLE_PREFIX.'ticket (';
@@ -243,7 +245,7 @@ public function add($parameters)
                 $ticket__cdata .= 'subject,';
                 $ticket__cdata .= 'priority) VALUES (';    
                 $ticket__cdata .= ''.$last_ticket_id.',';
-                $ticket__cdata .= '"'.utf8_decode($parameters["parameters"]["subject"]).'",';
+                $ticket__cdata .= '"'.utf8_decode($parameters["parameters"]["title"]).'",';
                 $ticket__cdata .= ''.$parameters["parameters"]["priority_id"].')';
 
                 // Send query to be executed
@@ -264,6 +266,73 @@ public function add($parameters)
                 // Get inserted thread ID
                 $last_thread_id = Helper::get_last_id("thread", "id");
 
+		//not sure if form 2 is commonly or universally a good choice, but it is the default in our installs.
+                // table - 'form_entry'
+                $form_entry = 'insert into '.TABLE_PREFIX.'form_entry (';
+                $form_entry .= 'form_id,';
+                $form_entry .= 'object_id,';
+                $form_entry .= 'object_type,';
+                $form_entry .= 'updated,';
+                $form_entry .= 'created) VALUES (';    
+                $form_entry .= '"'.$parameters["parameters"]["form_id"].'",';
+                $form_entry .= ''.$last_ticket_id.',';
+                $form_entry .= '"T",';
+                $form_entry .= 'now(),';    
+                $form_entry .= 'now())';    
+
+                // Send query to be executed
+                $this->execQuery($form_entry); 
+
+                // Get inserted thread ID and increment for form values
+                $last_form_entry= Helper::get_last_id("form_entry", "id");
+
+                // table - 'form_entry_values'
+                $form_entry_values = 'insert into '.TABLE_PREFIX.'form_entry_values (';
+                $form_entry_values .= 'entry_id,';
+                $form_entry_values .= 'field_id,';
+                $form_entry_values .= 'value,';
+		$form_entry_values .= 'value_id) VALUES';
+
+		//Not sure how config/install specific these are, but, this is an attempt to get the priority and subject
+		//so that they can be populated. Other form fields are left null. Since they are required fields, should work?
+                // table - 'form_entry'
+                $form_fields = 'select form_id, label, name, id from '.TABLE_PREFIX.'form_field where ';
+                $form_fields .= 'form_id = "'.$parameters["parameters"]["form_id"].'"';    
+
+                // Send query to be executed
+		$Dbobj = new DBConnection(); 
+                $mysqli = $Dbobj->getDBConnect();
+                $getForm = $mysqli->query($form_fields); 
+		error_log(var_dump($getForm,true));
+
+		$form_entry_value=array();
+		$fev=array();
+		// Fetch data
+		while($FormFields= $getForm->fetch_object())
+		{
+		//build the query to add subject and priority, and null for other form_field_values
+			$fev= '(';    
+			$fev.= ''.$last_form_entry.',';
+			$fev.= ''.$FormFields->id.',';
+			if($FormFields->name=='priority'){
+				$fev.= '"'.$parameters["parameters"]["priority_name"].'",';
+				$fev.= ''.$parameters["parameters"]["priority_id"].')';    
+			}elseif($FormFields->name=='subject'){
+				$fev.= '"'.utf8_decode($parameters["parameters"]["title"]).'",';
+				$fev.= 'null)';    
+			}else{
+				$fev.= 'null,';
+				$fev.= 'null)';    
+			}
+			$form_entry_value[]=$fev;    
+		}
+		$form_entry_values.=implode(", ",$form_entry_value);
+                // Send query to be executed
+                $this->execQuery($form_entry_values); 
+
+
+                // Get inserted thread ID
+                $last_thread_id = Helper::get_last_id("thread", "id");
                 // table - 'thread_entry'
                 $thread_entry = 'insert into '.TABLE_PREFIX.'thread_entry (';
                 $thread_entry .= 'format,';
@@ -296,7 +365,48 @@ public function add($parameters)
                 $thread_entry .= 'now())';
 
                 // Send query to be executed
-                return $this->execQuery($thread_entry);   
+                $thread = $this->execQuery($thread_entry);   
+
+		//From our CRM, it is useful to add an internal note via API. If this optional data is supplied, add note here.
+                if($parameters["parameters"]["internal_note"]!=""){
+                    $last_thread_id = Helper::get_last_id("thread", "id");
+                    // table - 'thread_entry'
+                    $thread_entry = 'insert into '.TABLE_PREFIX.'thread_entry (';
+                    $thread_entry .= 'format,';
+                    $thread_entry .= 'ip_address,';
+                    $thread_entry .= 'pid,';
+                    $thread_entry .= 'thread_id,';
+                    $thread_entry .= 'staff_id,';
+                    $thread_entry .= 'user_id,';                
+                    $thread_entry .= 'type,';
+                    $thread_entry .= 'poster,';
+                    $thread_entry .= 'flags,';
+                    $thread_entry .= 'source,';
+                    $thread_entry .= 'title,';
+                    $thread_entry .= 'body,';
+                    $thread_entry .= 'created,';
+                    $thread_entry .= 'updated) VALUES (';
+                    $thread_entry .= '"html",';  
+                    $thread_entry .= '0,';  
+                    $thread_entry .= '0,';
+                    $thread_entry .= ''.$last_thread_id.',';
+                    $thread_entry .= '0,';
+                    $thread_entry .= ''.$parameters["parameters"]["user_id"].',';
+                    $thread_entry .= '"N",';
+                    $thread_entry .= '"osTicket Support",';
+                    $thread_entry .= '65,';
+                    $thread_entry .= '"API",';
+                    $thread_entry .= '"'.utf8_decode($parameters["parameters"]["internal_note_subject"]).'",';
+                    $thread_entry .= '"<p>'.utf8_decode($parameters["parameters"]["internal_note"]).'</p>",';
+                    $thread_entry .= 'now(),';    
+                    $thread_entry .= 'now())';
+
+                    // Send query to be executed
+                    $internal_note = $this->execQuery($thread_entry);   
+
+                    return $internal_note;
+                }
+                return $thread;
         }
 
         public function reply($parameters)

diff --git a/ost_wbs/classes/class.user.php b/ost_wbs/classes/class.user.php
@@ -108,7 +108,9 @@ public function specific($parameters)
             {
                     array_push($result,
                         array(
-                            'user_id'=>$PrintUsers->id,
+				//this seemed to be returning "id" rather than "user_id"? Adding / changing to include both id and user_id...
+                            'user_id'=>$PrintUsers->user_id,
+                            'id'=>$PrintUsers->id,
                             'name'=>utf8_encode($PrintUsers->name),
                             'created'=>$PrintUsers->created
                       ));     
@@ -137,10 +139,18 @@ public function add($parameters)
             Helper::validRequest($validRequests);
 
             // Expected parameters
-            $expectedParameters = array("name", "email", "password", "timezone", "phone", "org_id", "default_email_id", "status");
+            $expectedParameters = array("name", "email", "org_id", "status");
+
+	    // Optional parameters are used to be able to create a user account / login for the customer.
+	    // We needed this from our CRM, to be able
+	    // to automatically create a user if one was not found. 
+            $optionalParameters = array("default_email_id", "password", "timezone", "phone");
+
+	    //this needs to be updated later, bit of a catch 22 with required fields
+            $default_email_id=0;
 
             // Check if all paremeters are correct
-            Helper::checkRequest($parameters, $expectedParameters);
+            Helper::checkRequest($parameters, $expectedParameters, $optionalParameters);
 
                 // Escape parameters
                 $parameters['parameters'] = Helper::escapeParameters($parameters["parameters"]);
@@ -157,7 +167,7 @@ public function add($parameters)
                 $user .= 'created,';
                 $user .= 'updated) VALUES ('; 
                 $user .= ''.$parameters["parameters"]["org_id"].',';
-                $user .= ''.$parameters["parameters"]["default_email_id"].',';
+                $user .= ''.$default_email_id.',';
                 $user .= ''.$parameters["parameters"]["status"].',';
                 $user .= '"'.$parameters["parameters"]["name"].'",';                
                 $user .= 'now(),';    
@@ -190,24 +200,42 @@ public function add($parameters)
                 $user_email .= ''.$last_user_id.',';
                 $user_email .= '"'.$parameters["parameters"]["email"].'")';    
 
-                // Send query to be executed
-                $this->execQuery($user_email);    
-
-                // table - 'ost_user_account'
-                $user_account = 'insert into '.TABLE_PREFIX.'user_account (';
-                $user_account .= 'user_id,';
-                $user_account .= 'status,';
-                $user_account .= 'timezone,';
-                $user_account .= 'passwd,';
-                $user_account .= 'registered) VALUES ('; 
-                $user_account .= ''.$last_user_id.', ';
-                $user_account .= '1, ';
-                $user_account .= '"'.$parameters["parameters"]["timezone"].'", ';
-                $user_account .= '"'.$parameters["parameters"]["password"].'", ';   
-                $user_account .= 'now())';      
+                $this->execQuery($user_email); 
 
+                if(!empty($parameters["parameters"]["default_email_id"])){
+                    $default_email_id = $parameters["parameters"]["default_email_id"];
+                }else{
+                    $default_email_id = Helper::get_last_id("user_email", "id");
+                }
+
+
+                // table - 'user', this corrects the default_email_id
+                $user_update = 'update '.TABLE_PREFIX.'user set ';
+                $user_update .= 'default_email_id = "'.$default_email_id.'"';
+                $user_update .= 'where id = "'.$last_user_id.'"';
                 // Send query to be executed
-                return $this->execQuery($user_account);  
+                $user_updated=$this->execQuery($user_update);    
+
+                if(!empty($parameters["parameters"]["password"]) && !empty($parameters["parameters"]["timezone"])){
+                    // table - 'ost_user_account'
+                    // must have user encoded password
+                    $last_user_email_id = Helper::get_last_id("user_email", "id");
+                    $user_account = 'insert into '.TABLE_PREFIX.'user_account (';
+                    $user_account .= 'user_id,';
+                    $user_account .= 'status,';
+                    $user_account .= 'timezone,';
+                    $user_account .= 'passwd,';
+                    $user_account .= 'registered) VALUES ('; 
+                    $user_account .= ''.$last_user_email_id.', ';
+                    $user_account .= '1, ';
+                    $user_account .= '"'.$parameters["parameters"]["timezone"].'", ';
+                    $user_account .= '"'.$parameters["parameters"]["password"].'", ';   
+                    $user_account .= 'now())';      
+		    // Send query to be executed
+		    return $this->execQuery($user_account);  
+                }
+		return $user_updated;
+
 
         }
 
@@ -249,4 +277,4 @@ private function execQuery($string)
             }
         }        
 }
-?>
+?>
diff --git a/ost_wbs/index.php b/ost_wbs/index.php
@@ -33,13 +33,13 @@ public static function open($request)
         // Body
         $requestBody = json_decode(file_get_contents('php://input'), true);
 
-            // Request Data
-            $classe = ucfirst($requestBody['query']);
-            $method = $requestBody['condition'];
+        // Request Data
+        $classe = ucfirst($requestBody['query']);
+        $method = $requestBody['condition'];
 
-            // Sort & Parameters
-            if (isset($requestBody['sort'])) { $sort = $requestBody['sort']; } else { $sort = null; }
-            if (isset($requestBody['parameters'])) { $parameters = $requestBody['parameters']; } else { $parameters = null; }
+        // Sort & Parameters
+        if (isset($requestBody['sort'])) { $sort = $requestBody['sort']; } else { $sort = null; }
+        if (isset($requestBody['parameters'])) { $parameters = $requestBody['parameters']; } else { $parameters = null; }
 
         // Final Parameters
         $fparams = array("sort" => $sort, "parameters" => $parameters);