Support Incident Tracker GIT4.x
contact.inc.php
Go to the documentation of this file.
00001 <?php
00002 // contact.inc.php - functions relating to contacts
00003 //
00004 // NOTE: once we move to a more OO model these functions will be merged into contact.class.php
00005 //       Moving this functions here as a short term measure (PH 2010-04-11)
00006 //
00007 // SiT (Support Incident Tracker) - Support call tracking system
00008 // Copyright (C) 2010-2011 The Support Incident Tracker Project
00009 // Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
00010 //
00011 // This software may be used and distributed according to the terms
00012 // of the GNU General Public License, incorporated herein by reference.
00013 
00014 // Prevent script from being run directly (ie. it must always be included
00015 if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME']))
00016 {
00017     exit;
00018 }
00019 
00020 
00029 function customerExistsInDB($username)
00030 {
00031     global $dbContacts;
00032     $exists = 0;
00033     $sql  = "SELECT id FROM `{$dbContacts}` WHERE username='{$username}' LIMIT 1";
00034     $result = mysql_query($sql);
00035     if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_ERROR);
00036 
00037     if (mysql_num_rows($result) > 0) $exists = 1;
00038 
00039     return $exists;
00040 }
00041 
00042 
00049 function contact_realname($id)
00050 {
00051     global $dbContacts;
00052     $sql = "SELECT forenames, surname FROM `{$dbContacts}` WHERE id='{$id}'";
00053     $result = mysql_query($sql);
00054     if (mysql_error()) trigger_error(mysql_error(), E_USER_WARNING);
00055 
00056     if (mysql_num_rows($result) == 0)
00057     {
00058         mysql_free_result($result);
00059         return ($GLOBALS['strUnknown']);
00060     }
00061     else
00062     {
00063         $contact = mysql_fetch_object($result);
00064         $realname = "{$contact->forenames} {$contact->surname}";
00065         mysql_free_result($result);
00066         return $realname;
00067     }
00068 }
00069 
00070 
00078 function contact_site($id)
00079 {
00080     global $dbContacts, $dbSites;
00081     //
00082     $sql = "SELECT s.name FROM `{$dbContacts}` AS c, `{$dbSites}` AS s WHERE c.siteid = s.id AND c.id = '{$id}'";
00083     $result = mysql_query($sql);
00084     if (mysql_error()) trigger_error(mysql_error(), E_USER_WARNING);
00085 
00086     if (mysql_num_rows($result) == 0)
00087     {
00088         mysql_free_result($result);
00089         return $GLOBALS['strUnknown'];
00090     }
00091     else
00092     {
00093         list($contactsite) = mysql_fetch_row($result);
00094         mysql_free_result($result);
00095         $contactsite = $contactsite;
00096         return $contactsite;
00097     }
00098 }
00099 
00100 
00107 function contact_siteid($id)
00108 {
00109     return db_read_column('siteid', $GLOBALS['dbContacts'], $id);
00110 }
00111 
00112 
00119 function contact_email($id)
00120 {
00121     return db_read_column('email', $GLOBALS['dbContacts'], $id);
00122 }
00123 
00124 
00131 function contact_phone($id)
00132 {
00133     return db_read_column('phone', $GLOBALS['dbContacts'], $id);
00134 }
00135 
00136 
00143 function contact_fax($id)
00144 {
00145     return db_read_column('fax', $GLOBALS['dbContacts'], $id);
00146 }
00147 
00148 
00157 function contact_feedback($id)
00158 {
00159     global $dbContactConfig;
00160     $sql = "SELECT `value` FROM `{$dbContactConfig}` WHERE contactid = $id AND config = 'feedback_enable' LIMIT 1";
00161     $result = mysql_query($sql);
00162     if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_WARNING);
00163     if (mysql_num_rows($result) == 0)
00164     {
00165         $answer = "notnull";
00166     }
00167     else
00168     {
00169         list($answer) = mysql_fetch_row($result);
00170         $answer = strtolower($answer);
00171     }
00172     return $answer;
00173 }
00174 
00175 
00182 function contact_count_incidents($id)
00183 {
00184     global $dbIncidents;
00185     $count = 0;
00186 
00187     $sql = "SELECT COUNT(id) FROM `{$dbIncidents}` WHERE contact='{$id}'";
00188     $result = mysql_query($sql);
00189     if (mysql_error()) trigger_error(mysql_error(), E_USER_WARNING);
00190     else list($count) = mysql_fetch_row($result);
00191     mysql_free_result($result);
00192 
00193     return $count;
00194 }
00195 
00196 
00203 function contact_count_inventory_items($id)
00204 {
00205     global $dbInventory;
00206     $count = 0;
00207 
00208     $sql = "SELECT COUNT(id) FROM `{$dbInventory}` WHERE contactid='{$id}'";
00209     $result = mysql_query($sql);
00210     if (mysql_error()) trigger_error(mysql_error(), E_USER_WARNING);
00211     else list($count) = mysql_fetch_row($result);
00212     mysql_free_result($result);
00213 
00214     return $count;
00215 }
00216 
00217 
00224 function contact_count_open_incidents($id)
00225 {
00226     global $dbIncidents;
00227     $sql = "SELECT COUNT(id) FROM `{$dbIncidents}` WHERE contact={$id} AND status<>2";
00228     $result = mysql_query($sql);
00229     if (mysql_error()) trigger_error(mysql_error(), E_USER_WARNING);
00230 
00231     list($count) = mysql_fetch_row($result);
00232     mysql_free_result($result);
00233 
00234     return $count;
00235 }
00236 
00237 
00244 function contact_vcard($id)
00245 {
00246     global $dbContacts, $dbSites;
00247     $sql = "SELECT *, s.name AS sitename, s.address1 AS siteaddress1, s.address2 AS siteaddress2, ";
00248     $sql .= "s.city AS sitecity, s.county AS sitecounty, s.country AS sitecountry, s.postcode AS sitepostcode ";
00249     $sql .= "FROM `{$dbContacts}` AS c, `{$dbSites}` AS s ";
00250     $sql .= "WHERE c.siteid = s.id AND c.id = '{$id}' LIMIT 1";
00251     $result = mysql_query($sql);
00252     if (mysql_error()) trigger_error(mysql_error(), E_USER_WARNING);
00253     $contact = mysql_fetch_object($result);
00254     $vcard = "BEGIN:VCARD\r\n";
00255     $vcard .= "N:{$contact->surname};{$contact->forenames};{$contact->courtesytitle}\r\n";
00256     $vcard .= "FN:{$contact->forenames} {$contact->surname}\r\n";
00257     if (!empty($contact->jobtitle)) $vcard .= "TITLE:{$contact->jobtitle}\r\n";
00258     if (!empty($contact->sitename)) $vcard .= "ORG:{$contact->sitename}\r\n";
00259     if ($contact->dataprotection_phone != 'Yes') $vcard .= "TEL;TYPE=WORK:{$contact->phone}\r\n";
00260     if ($contact->dataprotection_phone != 'Yes' AND !empty($contact->fax))
00261     {
00262         $vcard .= "TEL;TYPE=WORK;TYPE=FAX:{$contact->fax}\r\n";
00263     }
00264 
00265     if ($contact->dataprotection_phone != 'Yes' AND !empty($contact->mobile))
00266     {
00267         $vcard .= "TEL;TYPE=WORK;TYPE=CELL:{$contact->mobile}\r\n";
00268     }
00269 
00270     if ($contact->dataprotection_email != 'Yes' AND !empty($contact->email))
00271     {
00272         $vcard .= "EMAIL;TYPE=INTERNET:{$contact->email}\r\n";
00273     }
00274 
00275     if ($contact->dataprotection_address != 'Yes')
00276     {
00277         if ($contact->address1 != '')
00278         {
00279             $vcard .= "ADR;WORK:{$contact->address1};{$contact->address2};{$contact->city};{$contact->county};{$contact->postcode};{$contact->country}\r\n";
00280         }
00281         else
00282         {
00283             $vcard .= "ADR;WORK:{$contact->siteaddress1};{$contact->siteaddress2};{$contact->sitecity};{$contact->sitecounty};{$contact->sitepostcode};{$contact->sitecountry}\r\n";
00284         }
00285     }
00286 
00287     if (!empty($contact->notes))
00288     {
00289         $vcard .= "NOTE:{$contact->notes}\r\n";
00290     }
00291 
00292     $vcard .= "REV:".iso_8601_date($contact->timestamp_modified)."\r\n";
00293     $vcard .= "END:VCARD\r\n";
00294     return $vcard;
00295 }
00296 
00297 
00303 function contact_drop_down($name, $id = '', $showsite = FALSE, $required = FALSE)
00304 {
00305     global $dbContacts, $dbSites;
00306     if ($showsite)
00307     {
00308         $sql  = "SELECT c.id AS contactid, s.id AS siteid, surname, forenames, ";
00309         $sql .= "s.name AS sitename, s.department AS department ";
00310         $sql .= "FROM `{$dbContacts}` AS c, `{$dbSites}` AS s WHERE c.siteid = s.id AND c.active = 'true' ";
00311         $sql .= "AND s.active = 'true' ";
00312         $sql .= "ORDER BY s.name, s.department, surname ASC, forenames ASC";
00313     }
00314     else
00315     {
00316         $sql  = "SELECT c.id AS contactid, surname, forenames FROM `{$dbContacts}` AS c, `{$dbSites}` AS s ";
00317         $sql .= "WHERE c.siteid = s.id AND s.active = 'true' AND c.active = 'true' ";
00318         $sql .= "ORDER BY forenames ASC, surname ASC";
00319     }
00320 
00321     $result = mysql_query($sql);
00322     if (mysql_error()) trigger_error(mysql_error(), E_USER_WARNING);
00323 
00324     $html = "<select name='{$name}' id='{$name}'";
00325     if ($required)
00326     {
00327         $html .= " class='required' ";
00328     }
00329     $html .= ">\n";
00330     if ($id == 0)
00331     {
00332         $html .= "<option selected='selected' value='0'></option>\n";
00333     }
00334 
00335     $prevsite = 0;
00336     while ($contacts = mysql_fetch_object($result))
00337     {
00338         if ($showsite AND $prevsite != $contacts->siteid AND $prevsite != 0)
00339         {
00340             $html .= "</optgroup>\n";
00341         }
00342 
00343         if ($showsite AND $prevsite != $contacts->siteid)
00344         {
00345             $html .= "<optgroup label='{$contacts->sitename}, {$contacts->department}'>";
00346         }
00347 
00348         $realname = "{$contacts->forenames} {$contacts->surname}";
00349         $html .= "<option ";
00350         if ($contacts->contactid == $id)
00351         {
00352             $html .= "selected='selected' ";
00353         }
00354         $html .= "value='{$contacts->contactid}'>{$realname}";
00355         $html .= "</option>\n";
00356 
00357         $prevsite = $contacts->siteid;
00358     }
00359 
00360     if ($showsite)
00361     {
00362         $html.= "</optgroup>";
00363     }
00364 
00365     $html .= "</select>\n";
00366     return $html;
00367 }
00368 
00369 
00382 function contact_site_drop_down($name, $id, $siteid='', $exclude='', $showsite=TRUE, $allownone=FALSE)
00383 {
00384     global $dbContacts, $dbSites;
00385     $sql  = "SELECT c.id AS contactid, forenames, surname, siteid, s.name AS sitename ";
00386     $sql .= "FROM `{$dbContacts}` AS c, `{$dbSites}` AS s ";
00387     $sql .= "WHERE c.siteid = s.id AND c.active = 'true' AND s.active = 'true' ";
00388     if (!empty($siteid)) $sql .= "AND s.id='{$siteid}' ";
00389     if (!empty($exclude))
00390     {
00391         if (is_array($exclude))
00392         {
00393             foreach ($exclude AS $contactid)
00394             {
00395                 $sql .= "AND c.id != {$contactid} ";
00396             }
00397         }
00398         else
00399         {
00400             $sql .= "AND c.id != {$exclude} ";
00401         }
00402     }
00403     $sql .= "ORDER BY surname ASC";
00404     $result = mysql_query($sql);
00405     if (mysql_error()) trigger_error(mysql_error(), E_USER_WARNING);
00406 
00407     $html = "<select name='$name'>";
00408 
00409     if (mysql_num_rows($result) > 0)
00410     {
00411         if ($allownone) $html .= "<option value='' selected='selected'>{$GLOBALS['strNone']}</option>";
00412         while ($contacts = mysql_fetch_object($result))
00413         {
00414             $html .= "<option ";
00415             if ($contacts->contactid == $id)
00416             {
00417                 $html .= "selected='selected' ";
00418             }
00419 
00420             $html .= "value='{$contacts->contactid}'>";
00421             if ($showsite)
00422             {
00423                 $html .= htmlspecialchars("{$contacts->surname}, {$contacts->forenames} - {$contacts->sitename}");
00424             }
00425             else
00426             {
00427                 $html .= htmlspecialchars("{$contacts->surname}, {$contacts->forenames}");
00428             }
00429             $html .= "</option>\n";
00430         }
00431     }
00432     else
00433     {
00434         $html .= "<option value=''>{$GLOBALS['strNone']}</option>";
00435     }
00436 
00437     $html .= "</select>\n";
00438     return $html;
00439 }
00440 
00441 
00448 function contact_notify_email($contactid)
00449 {
00450     global $dbContacts;
00451     $sql = "SELECT notify_contactid FROM `{$dbContacts}` WHERE id='{$contactid}' LIMIT 1";
00452     $result = mysql_query($sql);
00453     if (mysql_error()) trigger_error(mysql_error(), E_USER_WARNING);
00454     list($notify_contactid) = mysql_fetch_row($result);
00455 
00456     $sql = "SELECT email FROM `{$dbContacts}` WHERE id='{$notify_contactid}' LIMIT 1";
00457     $result = mysql_query($sql);
00458     if (mysql_error()) trigger_error(mysql_error(), E_USER_WARNING);
00459     list($email) = mysql_fetch_row($result);
00460 
00461     return $email;
00462 }
00463 
00464 
00473 function contact_notify($contactid, $level=0)
00474 {
00475     global $dbContacts;
00476     $notify_contactid = 0;
00477     if ($level == 0)
00478     {
00479         return $contactid;
00480     }
00481     else
00482     {
00483         $sql = "SELECT notify_contactid FROM `{$dbContacts}` WHERE id='{$contactid}' LIMIT 1";
00484         $result = mysql_query($sql);
00485         if (mysql_error()) trigger_error(mysql_error(), E_USER_WARNING);
00486         list($notify_contactid) = mysql_fetch_row($result);
00487 
00488         if ($level > 0)
00489         {
00490             $newlevel = $level -1;
00491             $notify_contactid = contact_notify($notify_contactid, $newlevel);
00492 
00493         }
00494         return $notify_contactid;
00495     }
00496 }
00497 
00498 
00506 function contact_username($userid)
00507 {
00508     $userid = intval($userid);
00509     return db_read_column('username', $GLOBALS['dbContacts'], $userid);
00510 }
00511 
00512 
00519 function process_new_contact($mode = 'internal')
00520 {
00521     global $now, $CONFIG, $dbContacts, $sit;
00522     // Add new contact
00523     // External variables
00524     $siteid = clean_int($_REQUEST['siteid']);
00525     $email = strtolower(clean_dbstring($_REQUEST['email']));
00526     $dataprotection_email = mysql_real_escape_string($_REQUEST['dataprotection_email']);
00527     $dataprotection_phone = mysql_real_escape_string($_REQUEST['dataprotection_phone']);
00528     $dataprotection_address = mysql_real_escape_string($_REQUEST['dataprotection_address']);
00529     $username = cleanvar($_REQUEST['username']);
00530     $courtesytitle = cleanvar($_REQUEST['courtesytitle']);
00531     $forenames = cleanvar($_REQUEST['forenames']);
00532     $surname = cleanvar($_REQUEST['surname']);
00533     $jobtitle = cleanvar($_REQUEST['jobtitle']);
00534     $address1 = convert_string_null_safe(cleanvar($_REQUEST['address1']));
00535     $address2 = convert_string_null_safe(cleanvar($_REQUEST['address2']));
00536     $city = convert_string_null_safe(cleanvar($_REQUEST['city']));
00537     $county = convert_string_null_safe(cleanvar($_REQUEST['county']));
00538     if (!empty($address1))
00539     {
00540         $country = convert_string_null_safe(cleanvar($_REQUEST['country']));
00541     }
00542     else
00543     {
00544         $country = 'Null';
00545     }
00546     $postcode = convert_string_null_safe(cleanvar($_REQUEST['postcode']));
00547     $phone = convert_string_null_safe(cleanvar($_REQUEST['phone']));
00548     $mobile = convert_string_null_safe(cleanvar($_REQUEST['mobile']));
00549     $fax = convert_string_null_safe(cleanvar($_REQUEST['fax']));
00550     $department = convert_string_null_safe(cleanvar($_REQUEST['department']));
00551     $notes = convert_string_null_safe(cleanvar($_REQUEST['notes']));
00552     $returnpage = cleanvar($_REQUEST['return']);
00553     $_SESSION['formdata']['new_contact'] = cleanvar($_REQUEST, TRUE, FALSE, FALSE);
00554 
00555     $errors = 0;
00556     // check for blank name
00557     if ($forenames == '')
00558     {
00559         $errors++;
00560         $_SESSION['formerrors']['new_contact']['forenames'] = sprintf($GLOBALS['strFieldMustNotBeBlank'], $GLOBALS['strForenames']);
00561     }
00562     if ($surname == '')
00563     {
00564         $errors++;
00565         $_SESSION['formerrors']['new_contact']['surname'] = sprintf($GLOBALS['strFieldMustNotBeBlank'], $GLOBALS['strSurname']);
00566     }
00567     // check for blank site
00568     if ($siteid == '')
00569     {
00570         $errors++;
00571         $_SESSION['formerrors']['new_contact']['siteid'] = sprintf($GLOBALS['strFieldMustNotBeBlank'], $GLOBALS['strSite']);
00572     }
00573     // check for blank email
00574     if ($email == '' OR $email == 'none' OR $email == 'n/a')
00575     {
00576         $errors++;
00577         $_SESSION['formerrors']['new_contact']['email'] = sprintf($GLOBALS['strFieldMustNotBeBlank'], $GLOBALS['strEmail']);
00578     }
00579     if ($siteid == 0 OR $siteid == '')
00580     {
00581         $errors++;
00582         $_SESSION['formerrors']['new_contact']['siteid'] = sprintf($GLOBALS['strFieldMustNotBeBlank'], $GLOBALS['strSite']);
00583     }
00584     // Check this is not a duplicate
00585     $sql = "SELECT id FROM `{$dbContacts}` WHERE email='$email' AND LCASE(surname)=LCASE('$surname') LIMIT 1";
00586     $result = mysql_query($sql);
00587     if (mysql_num_rows($result) >= 1)
00588     {
00589         $errors++;
00590         $_SESSION['formerrors']['new_contact']['duplicate'] = $GLOBALS['strContactRecordExists'];
00591     }
00592 
00593     plugin_do('contact_new_submitted');
00594 
00595     // add contact if no errors
00596     if ($errors == 0)
00597     {
00598         if (!empty($dataprotection_email))
00599         {
00600             $dataprotection_email = 'Yes';
00601         }
00602         else
00603         {
00604             $dataprotection_email = 'No';
00605         }
00606 
00607         if (!empty($dataprotection_phone))
00608         {
00609             $dataprotection_phone = 'Yes';
00610         }
00611         else
00612         {
00613             $dataprotection_phone = 'No';
00614         }
00615 
00616         if (!empty($dataprotection_address))
00617         {
00618             $dataprotection_address = 'Yes';
00619         }
00620         else
00621         {
00622             $dataprotection_address = 'No';
00623         }
00624 
00625         // generate username and password
00626 
00627         $username = mb_strtolower(mb_substr($surname, 0, strcspn($surname, " "), 'UTF-8'));
00628         $prepassword = generate_password();
00629 
00630         $password = md5($prepassword);
00631 
00632         $sql  = "INSERT INTO `{$dbContacts}` (username, password, courtesytitle, forenames, surname, jobtitle, ";
00633         $sql .= "siteid, address1, address2, city, county, country, postcode, email, phone, mobile, fax, ";
00634         $sql .= "department, notes, dataprotection_email, dataprotection_phone, dataprotection_address, ";
00635         $sql .= "timestamp_added, timestamp_modified, created, createdby) ";
00636         $sql .= "VALUES ('{$username}', '{$password}', '{$courtesytitle}', '{$forenames}', '{$surname}', '{$jobtitle}', ";
00637         $sql .= "'{$siteid}', {$address1}, {$address2}, {$city}, {$county}, {$country}, {$postcode}, '{$email}', ";
00638         $sql .= "{$phone}, {$mobile}, {$fax}, {$department}, {$notes}, '{$dataprotection_email}', ";
00639         $sql .= "'{$dataprotection_phone}', '{$dataprotection_address}', '{$now}', '{$now}', now(), '{$sit[2]}')";
00640         $result = mysql_query($sql);
00641         if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_ERROR);
00642         if (!$result)
00643         {
00644             if ($mode == 'internal')
00645             {
00646                 html_redirect("contact_new.php", FALSE);
00647             }
00648             else
00649             {
00650                 html_redirect("newcontact.php", FALSE);
00651             }
00652         }
00653         // concatenate username with insert id to make unique
00654         $newid = mysql_insert_id();
00655         $username = $username . $newid;
00656         $sql = "UPDATE `{$dbContacts}` SET username='{$username}' WHERE id='{$newid}'";
00657         $result = mysql_query($sql);
00658         if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_ERROR);
00659 
00660         if (!$result)
00661         {
00662             if ($mode == 'internal')
00663             {
00664                 html_redirect("contact_new.php", FALSE);
00665             }
00666             else
00667             {
00668                 html_redirect("newcontact.php", FALSE);
00669             }
00670         }
00671         else
00672         {
00673             plugin_do('contact_new_saved');
00674             clear_form_data('new_contact');
00675             clear_form_errors('new_contact');
00676             $sql = "SELECT username, password FROM `{$dbContacts}` WHERE id={$newid}";
00677             $result = mysql_query($sql);
00678             if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_WARNING);
00679             else
00680             {
00681                 if ($CONFIG['portal'] AND $_POST['emaildetails'] == 'on')
00682                 {
00683                     $emaildetails = 1;
00684                 }
00685                 else
00686                 {
00687                     $emaildetails = 0;
00688                 }
00689 
00690                 if ($returnpage == 'addincident')
00691                 {
00692                     html_redirect("incident_new.php?action=findcontact&contactid={$newid}");
00693                     exit;
00694                 }
00695                 elseif ($mode == 'internal')
00696                 {
00697                     html_redirect("contact_details.php?id={$newid}");
00698                     exit;
00699                 }
00700                 else
00701                 {
00702                     html_redirect("contactdetails.php?id={$newid}");
00703                     exit;
00704                 }
00705             }
00706         }
00707 
00708     }
00709     else
00710     {
00711         if ($mode == 'internal')
00712         {
00713             html_redirect('contact_new.php', FALSE);
00714         }
00715         else
00716         {
00717             html_redirect('newcontact.php', FALSE);
00718         }
00719     }
00720 }
00721 
00722 
00730 function admin_contact_contracts($contactid, $siteid)
00731 {
00732     $sql = "SELECT DISTINCT m.id ";
00733     $sql .= "FROM `{$GLOBALS['dbMaintenance']}` AS m ";
00734     $sql .= "WHERE m.admincontact={$contactid} ";
00735     $sql .= "AND m.site={$siteid} ";
00736 
00737     $result = mysql_query($sql);
00738     if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_WARNING);
00739     if ($result)
00740     {
00741         while ($row = mysql_fetch_object($result))
00742         {
00743             $contractsarray[] = $row->id;
00744         }
00745     }
00746 
00747     return $contractsarray;
00748 }
00749 
00750 
00757 function contact_contracts($contactid, $siteid, $checkvisible = TRUE)
00758 {
00759     $sql = "SELECT DISTINCT m.id AS id
00760             FROM `{$GLOBALS['dbMaintenance']}` AS m,
00761             `{$GLOBALS['dbContacts']}` AS c,
00762             `{$GLOBALS['dbSupportContacts']}` AS sc
00763             WHERE m.site={$siteid}
00764             AND sc.maintenanceid=m.id
00765             AND sc.contactid=c.id ";
00766     if ($checkvisible)
00767     {
00768         $sql .= "AND m.var_incident_visible_contacts = 'yes'";
00769     }
00770 
00771     if ($result = mysql_query($sql))
00772     {
00773         while ($row = mysql_fetch_object($result))
00774         {
00775             $contractsarray[] = $row->id;
00776         }
00777     }
00778     return $contractsarray;
00779 }
00780 
00781 
00782 
00783 ?>