archives/FHeD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 40 Activity

🎨 Move SQL functions to prereqs.php for easy reuse (#41)

Browse Source 
Signed-off-by: Luke Tainton <luke@tainton.uk>
This commit was merged in pull request #41.
This commit is contained in:
Luke Tainton
2020-08-09 16:32:33 +01:00
committed by GitHub
parent 1f59131dc0
commit 0079bc5152
9 changed files with 127 additions and 301 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
app/includes/prereqs.php
View File

@@ -73,3 +73,69 @@ function get_user_name($db, $user_uuid) {
}
return $usr;
}
function get_my_requests($db) {
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
return $ticket_result;
}
function get_subscribed_requests($db) {
$requests = array();
$sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid";
$sub_tickets_sql = $db->prepare($sub_tickets_stmt);
$sub_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
$sub_tickets_sql->execute();
$sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
$sub_tickets_result = $sub_tickets_sql->fetchAll();
foreach ($sub_tickets_result as $tkt) {
$stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $tkt['uuid']);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
array_push($requests, $result[0]);
}
return $requests;
}
function get_request($db, $uuid) {
$ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $uuid);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
$request = $ticket_result[0];
return $request;
}
function get_updates($db, $request) {
$updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
$updates_sql = $db->prepare($updates_stmt);
$updates_sql->bindParam(':uuid', $request['uuid']);
$updates_sql->execute();
$updates_sql->setFetchMode(PDO::FETCH_ASSOC);
$updates_result = $updates_sql->fetchAll();
return $updates_result;
}
function get_subscribers($db, $request) {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $request['uuid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
return $users_result;
}
function isAuthorised($authorised_users, $request) {
if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; }
}

29
app/public/actions/close.php
View File

@@ -1,29 +1,11 @@
<?php
$PAGE_NAME = "Close request";
require_once __DIR__ . "/../../includes/header.php";
// Get authorised subscribers
try {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $_GET['rid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to get subscribers: " . $e->getMessage());
}
$authorised_users = array();
foreach($users_result as $user) {
array_push($authorised_users, $user['user_uuid']);
}
if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
$is_authorised = true;
} else {
$is_authorised = false;
}
$request = get_request($db, $_GET['rid']);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($authorised_users, $request);
// Close request
if ($is_authorised == true) {
if($_SERVER['REQUEST_METHOD'] == 'POST') {
@@ -40,6 +22,7 @@
}
} else {
$new_ticket_alert = array("danger", "You are not authorised to close this request.");
header('Location: /view?rid=' . $request['uuid'], true);
}
?>

31
app/public/actions/update.php
View File

@@ -1,29 +1,10 @@
<?php
$PAGE_NAME = "Update request";
require_once __DIR__ . "/../../includes/header.php";
// Get authorised subscribers
try {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $_GET['rid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to get subscribers: " . $e->getMessage());
}
$authorised_users = array();
foreach($users_result as $user) {
array_push($authorised_users, $user['user_uuid']);
}
if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
$is_authorised = true;
} else {
$is_authorised = false;
}
$request = get_request($db, $_POST['rid']);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($authorised_users, $request);
// If form submitted, save to database
if($_SERVER['REQUEST_METHOD'] == 'POST') {
@@ -32,7 +13,7 @@
// Process ticket data
$stmt = "INSERT INTO ticket_updates (ticket, user, msg) VALUES (:tktuuid, :user, :msg)";
$sql = $db->prepare($stmt);
$sql->bindParam(':tktuuid', $_POST['rid']);
$sql->bindParam(':tktuuid', $request['uuid']);
$sql->bindParam(':user', $_SESSION['uuid']);
$sql->bindParam(':msg', $_POST['msg']);
$sql->execute();
@@ -41,7 +22,7 @@
}
} else {
$new_ticket_alert = array("danger", "You are not authorised to update this request.");
header('Location: /view?rid=' . $_POST['rid'], true);
header('Location: /view?rid=' . $request['uuid'], true);
}
}

33
app/public/actions/upload.php
View File

@@ -1,29 +1,10 @@
<?php
$PAGE_NAME = "Upload file to request";
require_once __DIR__ . "/../../includes/header.php";
// Get authorised subscribers
try {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $_GET['rid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to get subscribers: " . $e->getMessage());
}
$authorised_users = array();
foreach($users_result as $user) {
array_push($authorised_users, $user['user_uuid']);
}
if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
$is_authorised = true;
} else {
$is_authorised = false;
}
$request = get_request($db, $_POST['rid']);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($authorised_users, $request);
// If form submitted, save to database
if($_SERVER['REQUEST_METHOD'] == 'POST') {
@@ -39,18 +20,18 @@
$stmt = "INSERT INTO ticket_uploads (id, ticket, user, filename) VALUES (:fileuuid, :ticket, :user, :name)";
$sql = $db->prepare($stmt);
$sql->bindParam(':fileuuid', $file_uuid);
$sql->bindParam(':ticket', $_POST['rid']);
$sql->bindParam(':ticket', $request['uuid']);
$sql->bindParam(':user', $_SESSION['uuid']);
$sql->bindParam(':name', $file_name);
$sql->execute();
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to upload file: " . $e->getMessage());
}
header('Location: /view?rid=' . $_POST['rid'], true);
header('Location: /view?rid=' . $request['uuid'], true);
}
} else {
$new_ticket_alert = array("danger", "You are not authorised to update this request.");
header('Location: /view?rid=' . $_POST['rid'], true);
header('Location: /view?rid=' . $request['uuid'], true);
}
}

40
app/public/existing.php
View File

@@ -4,31 +4,19 @@
require_once __DIR__ . "/../includes/header.php";
if (is_signed_in()) {
// Get user's open tickets
try {
$user_tickets_stmt = "SELECT uuid, id, title, description, status FROM tickets WHERE created_by=:uuid";
$user_tickets_sql = $db->prepare($user_tickets_stmt);
$user_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
$user_tickets_sql->execute();
$user_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
$user_tickets_result = $user_tickets_sql->fetchAll();
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
$open_requests = array();
$closed_requests = array();
// Get user's closed tickets
try {
$closed_tickets_stmt = "SELECT uuid, id, title, description, status FROM tickets WHERE created_by=:uuid AND status='closed'#";
$closed_tickets_sql = $db->prepare($user_tickets_stmt);
$closed_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
$closed_tickets_sql->execute();
$closed_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
$closed_tickets_result = $user_tickets_sql->fetchAll();
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
$requests = get_my_requests($db);
foreach($requests as $req) {
if ($req['status'] != "Closed") {
array_push($open_requests, $req);
} elseif ($req['status'] == "Closed") {
array_push($closed_requests, $req);
}
}
}
?>
@@ -53,10 +41,10 @@
</div>
<ul class="list-group list-group-flush">
<?php
if (count($user_tickets_result) == 0) {
if (count($open_requests) == 0) {
echo("<center><b>No open tickets</b></center>");
} else {
foreach($user_tickets_result as $tkt) {
foreach($open_requests as $tkt) {
?>
<li class="list-group-item">
<div class="container">
@@ -83,10 +71,10 @@
</div>
<ul class="list-group list-group-flush">
<?php
if (count($closed_tickets_result) == 0) {
if (count($closed_requests) == 0) {
echo("<center><b>No closed tickets</b></center>");
} else {
foreach($closed_tickets_result as $tkt) {
foreach($closed_requests as $tkt) {
?>
<li class="list-group-item">
<div class="container">

57
app/public/index.php
View File

@@ -3,44 +3,8 @@
require_once __DIR__ . "/../includes/header.php";
if (is_signed_in()) {
// Get user's own tickets
try {
$user_tickets_stmt = "SELECT uuid, id, title, description, status FROM tickets WHERE created_by=:uuid";
$user_tickets_sql = $db->prepare($user_tickets_stmt);
$user_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
$user_tickets_sql->execute();
$user_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
$user_tickets_result = $user_tickets_sql->fetchAll();
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
// Get tickets user has subscribed to
try {
$sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid";
$sub_tickets_sql = $db->prepare($sub_tickets_stmt);
$sub_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
$sub_tickets_sql->execute();
$sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
$sub_tickets_result = $sub_tickets_sql->fetchAll();
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
}
function get_sub_ticket($db, $ticket_uuid) {
try {
$stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $ticket_uuid);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
$tkt = $result[0];
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
return $tkt;
$requests = get_my_requests($db);
$subscriptions = get_subscribed_requests($db);
}
?>
@@ -80,10 +44,10 @@
</div>
<ul class="list-group list-group-flush">
<?php
if (count($user_tickets_result) == 0) {
if (count($requests) == 0) {
echo("<center><b>No open tickets</b></center>");
} else {
foreach($user_tickets_result as $tkt) {
foreach($requests as $tkt) {
?>
<li class="list-group-item">
<div class="container">
@@ -110,22 +74,19 @@
</div>
<ul class="list-group list-group-flush">
<?php
if (count($sub_tickets_result) == 0) {
if (count($subscriptions) == 0) {
echo("<center><b>No subscribed tickets</b></center>");
} else {
foreach($sub_tickets_result as $sub) {
$tkt = get_sub_ticket($db, $sub['ticket_uuid']);
$tkt_creator = get_user_name($db, $tkt['created_by']);
?>
foreach($subscriptions as $sub) { ?>
<li class="list-group-item">
<div class="container">
<div class="row">
<div class="col-10">
<span style="display: inline;" class="text-muted">#<?php echo sprintf("%'.05d\n", $tkt["id"]); ?> </span><span><b><?php echo($tkt['title']); ?></b></span> <span style="display: inline;" class="text-muted"><?php echo("(Creator: " . $tkt_creator . ")"); ?></span>
<p class="m-0"><?php echo($tkt['description']); ?></p>
<span style="display: inline;" class="text-muted">#<?php echo sprintf("%'.05d\n", $sub["id"]); ?> </span><span><b><?php echo($sub['title']); ?></b></span> <span style="display: inline;" class="text-muted"><?php echo("(Creator: " . get_user_name($db, $sub['created_by']) . ")"); ?></span>
<p class="m-0"><?php echo($sub['description']); ?></p>
</div>
<div class="col-2">
<a class="btn btn-success float-right" href="view?rid=<?php echo($tkt["uuid"]); ?>" role="button">Go</a>
<a class="btn btn-success float-right" href="view?rid=<?php echo($sub["uuid"]); ?>" role="button">Go</a>
</div>
</div>
</div>

57
app/public/update.php
View File

@@ -2,55 +2,10 @@
$PAGE_NAME = "Update Request";
require_once __DIR__ . "/../includes/header.php";
// Get ticket
try {
$ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $_GET['rid']);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
$request = $ticket_result[0];
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to get request: " . $e->getMessage());
}
// Get ticket updates
try {
$updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
$updates_sql = $db->prepare($updates_stmt);
$updates_sql->bindParam(':uuid', $request['uuid']);
$updates_sql->execute();
$updates_sql->setFetchMode(PDO::FETCH_ASSOC);
$updates_result = $updates_sql->fetchAll();
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to get updates: " . $e->getMessage());
}
// Get authorised subscribers
try {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $request['uuid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
} catch (PDOException $e) {
$new_ticket_alert = array("danger", "Failed to get subscribers: " . $e->getMessage());
}
$authorised_users = array();
foreach($users_result as $user) {
array_push($authorised_users, $user['user_uuid']);
}
if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
$is_authorised = true;
} else {
$is_authorised = false;
}
$request = get_request($db, $_GET['rid']);
$updates = get_updates($db, $request);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($authorised_users, $request);
?>
@@ -138,10 +93,10 @@
<div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
<ul class="list-group list-group-flush">
<?php
if (count($updates_result) == 0) {
if (count($updates) == 0) {
echo("<center><b>No updates</b></center>");
} else {
foreach($updates_result as $update) {
foreach($updates as $update) {
?>
<li class="list-group-item">
<div class="container">

59
app/public/upload.php
View File

@@ -2,55 +2,10 @@
$PAGE_NAME = "Upload file";
require_once __DIR__ . "/../includes/header.php";
// Get ticket
try {
$ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $_GET['rid']);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
$request = $ticket_result[0];
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
// Get ticket updates
try {
$updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
$updates_sql = $db->prepare($updates_stmt);
$updates_sql->bindParam(':uuid', $_GET['rid']);
$updates_sql->execute();
$updates_sql->setFetchMode(PDO::FETCH_ASSOC);
$updates_result = $updates_sql->fetchAll();
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
// Get authorised subscribers
try {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $_GET['rid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
$authorised_users = array();
foreach($users_result as $user) {
array_push($authorised_users, $user['user_uuid']);
}
if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
$is_authorised = true;
} else {
$is_authorised = false;
}
$request = get_request($db, $_GET['rid']);
$updates = get_updates($db, $request);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($authorised_users, $request);
?>
@@ -138,10 +93,10 @@
<div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
<ul class="list-group list-group-flush">
<?php
if (count($updates_result) == 0) {
if (count($updates) == 0) {
echo("<center><b>No updates</b></center>");
} else {
foreach($updates_result as $update) {
foreach($updates as $update) {
?>
<li class="list-group-item">
<div class="container">
@@ -170,7 +125,7 @@
<div class="card-header"><span class="mdi mdi-cloud-upload-outline"></span> Upload file(s)</div>
<form action="/actions/upload" method="post" enctype="multipart/form-data">
<div class="form-group">
<input type="hidden" id="rid" name="rid" value="b4b3d4cf-d64d-11ea-b64d-0019997c933f">
<input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
</div>
<div class="form-group" style="margin: 2%;">
<input type="file" class="form-control-file" id="file" name="file">

56
app/public/view.php
View File

@@ -2,54 +2,10 @@
$PAGE_NAME = "View Request";
require_once __DIR__ . "/../includes/header.php";
// Get ticket
try {
$ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $_GET['rid']);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
$request = $ticket_result[0];
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
// Get ticket updates
try {
$updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
$updates_sql = $db->prepare($updates_stmt);
$updates_sql->bindParam(':uuid', $_GET['rid']);
$updates_sql->execute();
$updates_sql->setFetchMode(PDO::FETCH_ASSOC);
$updates_result = $updates_sql->fetchAll();
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
// Get authorised subscribers
try {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $_GET['rid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
$authorised_users = array();
foreach($users_result as $user) {
array_push($authorised_users, $user['user_uuid']);
}
if (in_array($_SESSION['uuid'], $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
$is_authorised = true;
} else {
$is_authorised = false;
}
$request = get_request($db, $_GET['rid']);
$updates = get_updates($db, $request);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($authorised_users, $request);
?>
@@ -142,10 +98,10 @@
<div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
<ul class="list-group list-group-flush">
<?php
if (count($updates_result) == 0) {
if (count($updates) == 0) {
echo("<center><b>No updates</b></center>");
} else {
foreach($updates_result as $update) {
foreach($updates as $update) {
?>
<li class="list-group-item">
<div class="container">