Search ticket by TrackingID

[Noke101]

Script URL:
Version of script:
Hosting company:
URL of phpinfo.php:
URL of session_test.php:
What terms did you try when SEARCHING for a solution:

Write your message below:

Hello there,

I changed the TrackingID generation function a little, I have it formed like this: PSK-********* where "PSK-" is static, and then only numbers are generated randomly.

So, if I have a ticket with a TrackingID: PSK-123456789, I use the TrackingID search and write only the numbers "123456789" in the search, then it does not find my ticket, but it will find it if I enter the full TrackingID PSK-123456789.
With a search by name, it is not necessary to enter the entire name.

For example, the name Michael, if I enter in the search by the name "Mich", then it will find all tickets where there is "Mich", but this does not work with TrackingID, what can I do?

[Noke101]

I'll add the code, maybe I didn't change something correctly in the functions?

Code: Select all

function hesk_createID()
{
	global $hesk_settings, $hesklang, $hesk_error_buffer;

	/*** Generate tracking ID and make sure it's not a duplicate one ***/

	/* Ticket ID can be of these chars */
	$useChars = '123456789';

    /* Set tracking ID to an empty string */
	$trackingID = '';

	/* Let's avoid duplicate ticket ID's, try up to 3 times */
	for ($i=1;$i<=3;$i++)
    {
	    /* Generate raw ID */
	    $trackingID .= 'P';
	    $trackingID .= 'S';
	    $trackingID .= 'K';
	    $trackingID .= '-';
	    $trackingID .= $useChars[mt_rand(0,9)];
	    $trackingID .= $useChars[mt_rand(0,9)];
	    $trackingID .= $useChars[mt_rand(0,9)];
	    $trackingID .= $useChars[mt_rand(0,9)];
	    $trackingID .= $useChars[mt_rand(0,9)];
	    $trackingID .= $useChars[mt_rand(0,9)];

		/* Format the ID to the correct shape and check wording */
        $trackingID = hesk_formatID($trackingID);

		/* Check for duplicate IDs */
		$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid` = '".hesk_dbEscape($trackingID)."' LIMIT 1");

		if (hesk_dbNumRows($res) == 0)
		{
        	/* Everything is OK, no duplicates found */
			return $trackingID;
        }

        /* A duplicate ID has been found! Let's try again (up to 2 more) */
        $trackingID = '';
    }

    /* No valid tracking ID, try one more time with microtime() */
	$trackingID  = $useChars[mt_rand(0,9)];
	$trackingID .= $useChars[mt_rand(0,9)];
	$trackingID .= $useChars[mt_rand(0,9)];
	$trackingID .= $useChars[mt_rand(0,9)];
	$trackingID .= $useChars[mt_rand(0,9)];
	$trackingID .= substr(microtime(), -5);

	/* Format the ID to the correct shape and check wording */
	$trackingID = hesk_formatID($trackingID);

	$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid` = '".hesk_dbEscape($trackingID)."' LIMIT 1");

	/* All failed, must be a server-side problem... */
	if (hesk_dbNumRows($res) == 0)
	{
		return $trackingID;
    }

    $hesk_error_buffer['etid'] = $hesklang['e_tid'];
	return false;

} // END hesk_createID()


function hesk_formatID($id)
{

	$useChars = '123456789';

    $replace  = $useChars[mt_rand(0,9)];
    $replace .= mt_rand(1,9);
    $replace .= $useChars[mt_rand(0,9)];

    /*
    Remove 3 letter bad words from ID
    Possiblitiy: 1:27,000
    */
	$remove = array(
    'ASS',
    'CUM',
    'FAG',
    'FUK',
    'GAY',
    'SEX',
    'TIT',
    'XXX',
    );

    $id = str_replace($remove,$replace,$id);

    /*
    Remove 4 letter bad words from ID
    Possiblitiy: 1:810,000
    */
	$remove = array(
	'ANAL',
	'ANUS',
	'BUTT',
	'CAWK',
	'CLIT',
	'COCK',
	'CRAP',
	'CUNT',
	'DICK',
	'DYKE',
	'FART',
	'f***',
	'JAPS',
	'JERK',
	'JIZZ',
	'KNOB',
	'PISS',
	'POOP',
	'SHIT',
	'SLUT',
	'SUCK',
	'TURD',

    // Also, remove words that are known to trigger mod_security
	'WGET',
    );

	$replace .= mt_rand(1,9);
    $id = str_replace($remove,$replace,$id);

    /* Format the ID string into XXX-XXX-XXXX format for easier readability */
    $id = $id[0].$id[1].$id[2].$id[3].$id[4].$id[5].$id[6].$id[7].$id[8].$id[9];

    return $id;

} // END hesk_formatID()

I noticed that on the hesk demo, if you enter TrackingID not entirely, then it will not find anything either. Is there a rule somewhere that there must be a 100% match of TrackingID in search for the ticket to be found?

[Klemen]

Correct, a search by tracking ID requires a 100% match, whereas other searches are partial matches.

You will need to modify the admin/find_tickets.php file under "case 'trackid':" to search for partial matches (add % to the start and end of search query)

[Noke101]

Correct, a search by tracking ID requires a 100% match, whereas other searches are partial matches.

You will need to modify the admin/find_tickets.php file under "case 'trackid':" to search for partial matches (add % to the start and end of search query)

I did it and it works. Its OK?

Before:

Code: Select all

	case 'trackid':
		    $sql  .= " ( `trackid` = '".hesk_dbEscape($q)."' OR `merged` LIKE '%#".hesk_dbEscape($q)."#%' ) ";
		    break;

After:

Code: Select all

	case 'trackid':
		    $sql  .= "`trackid` LIKE '%".hesk_dbEscape($q)."%' ";
		    break;

[Klemen]

You should leave the "merged" part as well so you can find merged tickets.

[Noke101]

You should leave the "merged" part as well so you can find merged tickets.

Then the code should look like this?

Code: Select all

		case 'trackid':
		    $sql  .= " ( `trackid` LIKE '%".hesk_dbEscape($q)."%' OR `merged` LIKE '%".hesk_dbEscape($q)."%' ) ";
		    break;

[Klemen]

That should do it, yes.

[Noke101]

That should do it, yes.

Yes, indeed.
Thank you.