create ticket works, also admins can create other people's tickets

This commit is contained in:
Quitta 2013-07-08 09:40:48 +02:00
parent 35d8d4a89a
commit a81cfa976f
7 changed files with 210 additions and 29 deletions

View file

@ -41,4 +41,17 @@ class DBLayer{
} }
} }
public function executeReturnId($query,$params){
try{
$statement = $this->PDO->prepare($query);
$this->PDO->beginTransaction();
$statement->execute($params);
$lastId =$this->PDO->lastInsertId();
$this->PDO->commit();
return $lastId;
}catch (PDOException $e) {
throw $e;
}
}
} }

View file

@ -16,7 +16,7 @@ class Ticket{
//Set ticket object //Set ticket object
public function setTicket($t,$s,$q,$t_c,$a){ public function set($t,$s,$q,$t_c,$a){
$this->title = $t; $this->title = $t;
$this->status = $s; $this->status = $s;
$this->queue = $q; $this->queue = $q;
@ -29,7 +29,7 @@ class Ticket{
$dbl = new DBLayer($this->db); $dbl = new DBLayer($this->db);
$query = "INSERT INTO ticket (Timestamp, Title, Status, Queue, Ticket_Category, Author) VALUES (now(), :title, :status, :queue, :tcat, :author)"; $query = "INSERT INTO ticket (Timestamp, Title, Status, Queue, Ticket_Category, Author) VALUES (now(), :title, :status, :queue, :tcat, :author)";
$values = Array('title' => $this->title, 'status' => $this->status, 'queue' => $this->queue, 'tcat' => $this->ticket_category, 'author' => $this->author); $values = Array('title' => $this->title, 'status' => $this->status, 'queue' => $this->queue, 'tcat' => $this->ticket_category, 'author' => $this->author);
$dbl->execute($query, $values); $this->tId = $dbl->executeReturnId($query, $values); ;
} }
//return constructed element based on TId //return constructed element based on TId
@ -56,32 +56,12 @@ class Ticket{
} }
//Getters //Getters
public function getPermission(){ public function getTId(){
return $this->permission; return $this->tId;
}
public function getExternId(){
return $this->externId;
}
public function getTUserId(){
return $this->tUserId;
} }
//setters //setters
public function setPermission($perm){ public function setTId($id){
$this->permission = $perm; $this->tId = $id;
}
public function setExternId($id){
$this->externId = $id;
}
public function setTUserId($id){
$this->tUserId = $id;
} }
} }

View file

@ -0,0 +1,68 @@
<?php
class Ticket_Content{
private $tContentId;
private $content;
public function __construct($db_data) {
$this->db = $db_data;
}
//Creates a ticket_content entry in the DB
public function create() {
$dbl = new DBLayer($this->db);
$query = "INSERT INTO ticket_content (Content) VALUES (:content)";
$values = Array('content' => $this->content);
$this->tContentId = $dbl->executeReturnId($query, $values); ;
}
//return constructed element based on TCategoryId
public static function constr_TContentId( $id, $db_data) {
$instance = new self($db_data);
$instance->setTContentId($id);
return $instance;
}
//return constructed element based on TContentId
public function load_With_TContentId( $id) {
$dbl = new DBLayer($this->db);
$statement = $dbl->execute("SELECT * FROM ticket_content WHERE TContentId=:id", array('id' => $id));
$row = $statement->fetch();
$this->tContentId = $row['TContentId'];
$this->content = $row['Content'];
}
//update private data to DB.
public function update(){
$dbl = new DBLayer($this->db);
$query = "UPDATE ticket_content SET Content = :content WHERE TContentId=:id";
$values = Array('id' => $this->tContentId, 'content' => $this->content);
$statement = $dbl->execute($query, $values);
}
//Getters
public function getContent(){
if ($this->content == ""){
$this->load_With_TContentId($this->tContentId);
}
return $this->content;
}
public function getTContentId(){
return $this->tContentId;
}
//setters
public function setContent($c){
$this->content = $c;
}
public function setTContentId($c){
$this->tContentId = $c;
}
}

View file

@ -0,0 +1,107 @@
<?php
class Ticket_Reply{
private $tReplyId;
private $ticket;
private $content;
private $author;
private $timestamp;
private $db;
//////////////////////////////////Methods/////////////////////////////////
public function __construct($db_data) {
$this->db = $db_data;
}
//Set ticket_reply object
public function set($t,$c,$a){
$this->ticket = $t;
$this->content = $c;
$this->author = $a;
}
//create ticket by writing private data to DB.
public function create(){
$dbl = new DBLayer($this->db);
$query = "INSERT INTO ticket_reply (Ticket, Content, Author, Timestamp) VALUES (:ticket, :content, :author, now())";
$values = Array('ticket' => $this->ticket, 'content' => $this->content, 'author' => $this->author);
$dbl->execute($query, $values);
}
//return constructed element based on TCategoryId
public static function constr_TReplyId( $id, $db_data) {
$instance = new self($db_data);
$instance->setTReplyId($id);
return $instance;
}
//return constructed element based on TId
public function load_With_TReplyId( $id) {
$dbl = new DBLayer($this->db);
$statement = $dbl->execute("SELECT * FROM ticket_reply WHERE TReplyId=:id", array('id' => $id));
$row = $statement->fetch();
$this->tReplyId = $row['TReplyId'];
$this->ticket = $row['Ticket'];
$this->content = $row['Content'];
$this->author = $row['Author'];
$this->timestamp = $row['Timestamp'];
}
//update private data to DB.
public function update(){
$dbl = new DBLayer($this->db);
$query = "UPDATE ticket SET Ticket = :ticket, Content = :content, Author = :author, Timestamp = :timestamp WHERE TReplyId=:id";
$values = Array('id' => $this->tReplyId, 'timestamp' => $this->timestamp, 'ticket' => $this->ticket, 'content' => $this->content, 'author' => $this->author);
$statement = $dbl->execute($query, $values);
}
//////////////////////////////////Getters/////////////////////////////////
public function getTicket(){
return $this->ticket;
}
public function getContent(){
return $this->content;
}
public function getAuthor(){
return $this->author;
}
public function getTimestamp(){
return $this->timestamp;
}
public function getTReplyId(){
return $this->tReplyId;
}
///////////////////////////////////setters////////////////////////////////
public function setTicket($t){
$this->ticket = $t;
}
public function setContent($c){
$this->content = $c;
}
public function setAuthor($a){
$this->author = $a;
}
public function setTimestamp($t){
$this->timestamp = $t;
}
public function setTReplyId($i){
$this->tReplyId = $i;
}
}

View file

@ -20,7 +20,7 @@ function change_info(){
//use current info to check for changes //use current info to check for changes
$current_info = $webUser->getInfo($_POST['target_id']); $current_info = $webUser->getInfo($_POST['target_id']);
//TODO: XSS filtering
$current_info['FirstName'] = filter_var($current_info['FirstName'], FILTER_SANITIZE_STRING); $current_info['FirstName'] = filter_var($current_info['FirstName'], FILTER_SANITIZE_STRING);
$current_info['LastName'] = filter_var($current_info['LastName'], FILTER_SANITIZE_STRING); $current_info['LastName'] = filter_var($current_info['LastName'], FILTER_SANITIZE_STRING);
$current_info['Country'] = filter_var($current_info['Country'], FILTER_SANITIZE_STRING); $current_info['Country'] = filter_var($current_info['Country'], FILTER_SANITIZE_STRING);

View file

@ -19,9 +19,22 @@ function create_ticket(){
}else{ }else{
$author= Ticket_User::constr_ExternId($_POST['target_id'], $cfg['db']['lib'])->getTUserId(); $author= Ticket_User::constr_ExternId($_POST['target_id'], $cfg['db']['lib'])->getTUserId();
} }
$ticket = new Ticket($cfg['db']['lib']); $ticket = new Ticket($cfg['db']['lib']);
$ticket->setTicket($title,0,0,$category,$author); $ticket->set($title,0,0,$category,$author);
$ticket->create(); $ticket->create();
$ticket_id = $ticket->getTId();
$ticket_content = new Ticket_Content($cfg['db']['lib']);
$ticket_content->setContent($content);
$ticket_content->create();
$content_id = $ticket_content->getTContentId();
$ticket_reply = new Ticket_Reply($cfg['db']['lib']);
$ticket_reply->set($ticket_id, $content_id, $author);
$ticket_reply->create();
}else{ }else{
//ERROR: permission denied! //ERROR: permission denied!

View file

@ -10,7 +10,7 @@
</div> </div>
<div class="box-content"> <div class="box-content">
<div class="row-fluid"> <div class="row-fluid">
<form id="changePassword" class="form-vertical" method="post" action="index.php?page=settings&id={$target_id}"> <form id="changePassword" class="form-vertical" method="post" action="index.php?page=createticket&id={$target_id}">
<legend>New ticket</legend> <legend>New ticket</legend>
<div class="control-group"> <div class="control-group">