Creation of a ticket (not the content yet though) seems to work

This commit is contained in:
Quitta 2013-07-06 22:38:57 +02:00
parent 9a89c0d90e
commit a42443054e
5 changed files with 95 additions and 13 deletions

View file

@ -16,8 +16,7 @@ class Ticket{
//Set ticket object
public function setTicket($ts,$t,$s,$q,$t_c,$a){
$this->timestamp = $ts;
public function setTicket($t,$s,$q,$t_c,$a){
$this->title = $t;
$this->status = $s;
$this->queue = $q;
@ -28,8 +27,8 @@ class Ticket{
//create ticket by writing private data to DB.
public function create(){
$dbl = new DBLayer($this->db);
$query = "INSERT INTO ticket (Timestamp, Title, Status, Queue, Ticket_Category, Author) VALUES (:timestamp, :title, :status, :queue, :tcat, :author)";
$values = Array('timestamp' => $this->timestamp, 'title' => $this->title, 'status' => $this->status, 'queue' => $this->queue, 'tcat' => $this->ticket_category, 'author' => $this->author);
$query = "INSERT INTO ticket (Timestamp, Title, Status, Queue, Ticket_Category, Author) VALUES (now(), :title, :status, :queue, :tcat, :author)";
$values = Array('title' => $this->title, 'status' => $this->status, 'queue' => $this->queue, 'tcat' => $this->ticket_category, 'author' => $this->author);
$dbl->execute($query, $values);
}

View file

@ -42,6 +42,7 @@ function change_password(){
exit;
}else{
$result['prevCurrentPass'] = filter_var($_POST["CurrentPass"], FILTER_SANITIZE_STRING);
$result['prevNewPass'] = filter_var($_POST["NewPass"], FILTER_SANITIZE_STRING);
$result['prevConfirmNewPass'] = filter_var($_POST["ConfirmNewPass"], FILTER_SANITIZE_STRING);

View file

@ -0,0 +1,51 @@
<?php
function create_ticket(){
try{
//if logged in
if(WebUsers::isLoggedIn() && isset($_SESSION['ticket_user'])){
if(isset($_POST['target_id'])){
//if target_id is the same as session id or is admin
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
global $cfg;
$category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT);
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
$content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING);
if($_POST['target_id'] == $_SESSION['id']){
$author = $_SESSION['ticket_user']->getTUserId();
}else{
$author= Ticket_User::constr_ExternId($_POST['target_id'], $cfg['db']['lib'])->getTUserId();
}
$ticket = new Ticket($cfg['db']['lib']);
$ticket->setTicket($title,0,0,$category,$author);
$ticket->create();
}else{
//ERROR: permission denied!
$_SESSION['error_code'] = "403";
header("Location: index.php?page=error");
exit;
}
}else{
//ERROR: The form was not filled in correclty
header("Location: index.php?page=settings");
exit;
}
}else{
//ERROR: user is not logged in
header("Location: index.php");
exit;
}
}catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
exit;
}
}

View file

@ -2,13 +2,44 @@
function createticket(){
//create array of category id & names
global $cfg;
$catArray = Ticket_Category::getAllCategories($cfg['db']['lib']);
$result['category'] = Array();
foreach($catArray as $catObj){
$result['category'][$catObj->getTCategoryId()] = $catObj->getName();
//if logged in
if(WebUsers::isLoggedIn()){
//in case user_id-GET param set it's value as target_id, if no user_id-param is given, use the session id.
if(isset($_GET['user_id'])){
if(($_GET['user_id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Location: index.php?page=error");
exit;
}else{
//if user_id is given, then set it as the target_id
$result['target_id'] = filter_var($_GET['user_id'], FILTER_SANITIZE_NUMBER_INT);
}
}else{
//set session_id as target_id
$result['target_id'] = $_SESSION['id'];
}
//create array of category id & names
global $cfg;
$catArray = Ticket_Category::getAllCategories($cfg['db']['lib']);
$result['category'] = Array();
foreach($catArray as $catObj){
$result['category'][$catObj->getTCategoryId()] = $catObj->getName();
}
return $result;
}else{
//ERROR: not logged in!
header("Location: index.php");
exit;
}
//print_r($result);
return $result;
}

View file

@ -42,7 +42,7 @@
</div>
</div>
<input type="hidden" name="function" value="change_info">
<input type="hidden" name="function" value="create_ticket">
<input type="hidden" name="target_id" value="{$target_id}">
<div class="control-group">
<label class="control-label"></label>